diff --git a/Cargo.lock b/Cargo.lock index 8294b8bbb..a0be023b6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -76,8 +76,7 @@ checksum = "4a859067dcb257cb2ae028cb821399b55140b76fb8b2a360e052fe109019db43" [[package]] name = "block-buffer" version = "0.11.0-rc.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a229bfd78e4827c91b9b95784f69492c1b77c1ab75a45a8a037b139215086f94" +source = "git+https://github.com/RustCrypto/utils.git#6fd0e8ddc827d7e7d9242e130f8944fc9ca328cf" dependencies = [ "hybrid-array", "zeroize", diff --git a/Cargo.toml b/Cargo.toml index f89b4edce..91b4f49f2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,3 +16,6 @@ members = [ [patch.crates-io] digest = { path = "digest" } signature = { path = "signature" } + +# https://github.com/RustCrypto/utils/pull/1192 +block-buffer = { git = "https://github.com/RustCrypto/utils.git" } diff --git a/digest/src/buffer_macros/fixed.rs b/digest/src/buffer_macros/fixed.rs index 716fda60c..f1e73b641 100644 --- a/digest/src/buffer_macros/fixed.rs +++ b/digest/src/buffer_macros/fixed.rs @@ -60,7 +60,7 @@ macro_rules! buffer_fixed { $crate::buffer_fixed!( impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); BaseFixedTraits AlgorithmName Default Clone HashMarker - Reset FixedOutputReset SerializableState $($trait_name)*; + Reset FixedOutputReset SerializableState ZeroizeOnDrop $($trait_name)*; ); }; @@ -476,5 +476,30 @@ macro_rules! buffer_fixed { } $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;); - } + }; + + // Implements `ZeroizeOnDrop` + ( + impl_inner: $name:ident + $(< $( $lt:tt $( : $clt:tt $(+ $dlt:tt )* )? ),+ >)? + ($core_ty:ty); + ZeroizeOnDrop $($trait_name:ident)*; + ) => { + // Verify that `$core_ty` and `Buffer<$core_ty>` implement `ZeroizeOnDrop` + #[cfg(feature = "zeroize")] + const _: () = { + fn check_core$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$core_ty) { + v as &dyn $crate::zeroize::ZeroizeOnDrop; + } + + fn check_buffer$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$crate::block_api::Buffer<$core_ty>) { + v as &dyn $crate::zeroize::ZeroizeOnDrop; + } + }; + + #[cfg(feature = "zeroize")] + impl$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)? $crate::zeroize::ZeroizeOnDrop for $name$(< $( $lt ),+ >)? {} + + $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;); + }; } diff --git a/digest/tests/dummy_fixed.rs b/digest/tests/dummy_fixed.rs index cbec6aced..cce734f59 100644 --- a/digest/tests/dummy_fixed.rs +++ b/digest/tests/dummy_fixed.rs @@ -75,6 +75,17 @@ mod block_api { }) } } + + #[cfg(feature = "zeroize")] + impl Drop for FixedHashCore { + fn drop(&mut self) { + use zeroize::Zeroize; + self.state.zeroize(); + } + } + + #[cfg(feature = "zeroize")] + impl zeroize::ZeroizeOnDrop for FixedHashCore {} } digest::buffer_fixed!( @@ -99,3 +110,11 @@ digest::buffer_fixed!( oid: "0.1.2.3.4.5"; impl: FixedHashTraits; ); + +#[cfg(feature = "zeroize")] +/// check for `ZeroizeOnDrop` implementations +const _: () = { + const fn check_zeroize() {} + check_zeroize::(); + check_zeroize::(); +};