jedisct1/prio-wasi.diff

## prio-wasi.diff
diff --git a/Cargo.toml b/Cargo.toml
index 5f580b6..984b476 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,7 +35,7 @@ rayon = { version = "1.7.0", optional = true }

 # dependencies required if feature "prio2" is enabled
 aes-gcm = { version = "^0.10", optional = true }
-ring = { version = "0.16.20", optional = true }
+ring = { package = "ring-wasi", version = "0.16.25", optional = true }

 [dev-dependencies]
 assert_matches = "1.5.0"
diff --git a/src/encrypt.rs b/src/encrypt.rs
index e69134d..d1ea5bf 100644
--- a/src/encrypt.rs
+++ b/src/encrypt.rs
@@ -90,12 +90,13 @@ pub fn encrypt_share(share: &[u8], key: &PublicKey) -> Result<Vec<u8>, EncryptEr
         .compute_public_key()
         .map_err(|_| EncryptError::KeyAgreement)?;

-    let symmetric_key_bytes = agreement::agree_ephemeral(
-        ephemeral_priv,
-        &peer_public,
-        EncryptError::KeyAgreement,
-        |material| Ok(x963_kdf(material, ephemeral_pub.as_ref())),
-    )?;
+    let symmetric_key_bytes: Result<_, EncryptError> =
+        agreement::agree_ephemeral(ephemeral_priv, &peer_public, |material| {
+            Ok(x963_kdf(material, ephemeral_pub.as_ref()))
+        })
+        .map_err(|_| EncryptError::KeyAgreement)?;
+
+    let symmetric_key_bytes = symmetric_key_bytes?;

     let in_out = share.to_owned();
     let encrypted = encrypt_aes_gcm(
@@ -132,12 +133,12 @@ pub fn decrypt_share(share: &[u8], key: &PrivateKey) -> Result<Vec<u8>, EncryptE
     let private_key = agreement::EphemeralPrivateKey::generate(&agreement::ECDH_P256, &fake_rng)
         .map_err(|_| EncryptError::KeyAgreement)?;

-    let symmetric_key_bytes = agreement::agree_ephemeral(
-        private_key,
-        &ephemeral_pub,
-        EncryptError::KeyAgreement,
-        |material| Ok(x963_kdf(material, empheral_pub_bytes)),
-    )?;
+    let symmetric_key_bytes: Result<_, EncryptError> =
+        agreement::agree_ephemeral(private_key, &ephemeral_pub, |material| {
+            Ok(x963_kdf(material, empheral_pub_bytes))
+        })
+        .map_err(|_| EncryptError::KeyAgreement)?;
+    let symmetric_key_bytes = symmetric_key_bytes?;

     // in_out is the AES-GCM ciphertext+tag, wihtout the ephemeral EC pubkey
     let in_out = share[PUBLICKEY_LENGTH..].to_owned();
	diff --git a/Cargo.toml b/Cargo.toml
	index 5f580b6..984b476 100644
	--- a/Cargo.toml
	+++ b/Cargo.toml
	@@ -35,7 +35,7 @@ rayon = { version = "1.7.0", optional = true }

	# dependencies required if feature "prio2" is enabled
	aes-gcm = { version = "^0.10", optional = true }
	-ring = { version = "0.16.20", optional = true }
	+ring = { package = "ring-wasi", version = "0.16.25", optional = true }

	[dev-dependencies]
	assert_matches = "1.5.0"
	diff --git a/src/encrypt.rs b/src/encrypt.rs
	index e69134d..d1ea5bf 100644
	--- a/src/encrypt.rs
	+++ b/src/encrypt.rs
	@@ -90,12 +90,13 @@ pub fn encrypt_share(share: &[u8], key: &PublicKey) -> Result<Vec<u8>, EncryptEr
	.compute_public_key()
	.map_err(\|_\| EncryptError::KeyAgreement)?;

	- let symmetric_key_bytes = agreement::agree_ephemeral(
	- ephemeral_priv,
	- &peer_public,
	- EncryptError::KeyAgreement,
	- \|material\| Ok(x963_kdf(material, ephemeral_pub.as_ref())),
	- )?;
	+ let symmetric_key_bytes: Result<_, EncryptError> =
	+ agreement::agree_ephemeral(ephemeral_priv, &peer_public, \|material\| {
	+ Ok(x963_kdf(material, ephemeral_pub.as_ref()))
	+ })
	+ .map_err(\|_\| EncryptError::KeyAgreement)?;
	+
	+ let symmetric_key_bytes = symmetric_key_bytes?;

	let in_out = share.to_owned();
	let encrypted = encrypt_aes_gcm(
	@@ -132,12 +133,12 @@ pub fn decrypt_share(share: &[u8], key: &PrivateKey) -> Result<Vec<u8>, EncryptE
	let private_key = agreement::EphemeralPrivateKey::generate(&agreement::ECDH_P256, &fake_rng)
	.map_err(\|_\| EncryptError::KeyAgreement)?;

	- let symmetric_key_bytes = agreement::agree_ephemeral(
	- private_key,
	- &ephemeral_pub,
	- EncryptError::KeyAgreement,
	- \|material\| Ok(x963_kdf(material, empheral_pub_bytes)),
	- )?;
	+ let symmetric_key_bytes: Result<_, EncryptError> =
	+ agreement::agree_ephemeral(private_key, &ephemeral_pub, \|material\| {
	+ Ok(x963_kdf(material, empheral_pub_bytes))
	+ })
	+ .map_err(\|_\| EncryptError::KeyAgreement)?;
	+ let symmetric_key_bytes = symmetric_key_bytes?;

	// in_out is the AES-GCM ciphertext+tag, wihtout the ephemeral EC pubkey
	let in_out = share[PUBLICKEY_LENGTH..].to_owned();