Skip to content

Implement ZeroizeOnDrop for SHA 1..=2 and Blake2 #516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 10 commits into from
Closed

Implement ZeroizeOnDrop for SHA 1..=2 and Blake2 #516

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1d46e95
Implement Zeroize for SHA 1..=3 and Blake2
kayabaNerve Nov 12, 2023
2db62e9
zeroize default-features = false, correct sha2 msrv handling
kayabaNerve Nov 12, 2023
bef6591
Remove use of derive in blake2
kayabaNerve Nov 12, 2023
3352f41
sha1 msrv fix
kayabaNerve Nov 12, 2023
9634d7c
Don't enable zeroize/std on std
kayabaNerve Nov 12, 2023
37e7bc5
ZeroizeOnDrop instead of Zeroize
kayabaNerve Nov 12, 2023
23359e0
Remove zeroize feature for solely the zeroize optional dependency
kayabaNerve Nov 12, 2023
fa0973a
Tweak blake2 CI config
newpavlov Nov 13, 2023
1751748
Fix blake2 CI
newpavlov Nov 13, 2023
1f97bc4
Merge branch 'master' into zeroize
newpavlov Nov 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions blake2/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ categories = ["cryptography", "no-std"]

[dependencies]
digest = { version = "0.10.7", features = ["mac"] }
zeroize = { version = "1", default-features = false, optional = true }

[dev-dependencies]
digest = { version = "0.10.7", features = ["dev"] }
Expand Down
11 changes: 11 additions & 0 deletions blake2/src/macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,17 @@ macro_rules! blake2_impl {
}
}

#[cfg(feature = "zeroize")]
impl Drop for $name {
fn drop(&mut self) {
use zeroize::Zeroize;
self.h.zeroize();
self.t.zeroize();
}
}
#[cfg(feature = "zeroize")]
impl zeroize::ZeroizeOnDrop for $name {}

impl fmt::Debug for $name {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str(concat!(stringify!($name), " { ... }"))
Expand Down
10 changes: 10 additions & 0 deletions blake2/src/simd/simdty.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,16 @@ decl_simd! {
pub T, pub T, pub T, pub T);
}

#[cfg(feature = "zeroize")]
impl<T: zeroize::Zeroize> zeroize::Zeroize for Simd4<T> {
fn zeroize(&mut self) {
self.0.zeroize();
self.1.zeroize();
self.2.zeroize();
self.3.zeroize();
}
}

pub type u64x2 = Simd2<u64>;

pub type u32x4 = Simd4<u32>;
Expand Down
1 change: 1 addition & 0 deletions sha1/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ categories = ["cryptography", "no-std"]
[dependencies]
digest = "0.10.7"
cfg-if = "1.0"
zeroize = { version = "1", default-features = false, optional = true }

[target.'cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))'.dependencies]
cpufeatures = "0.2"
Expand Down
11 changes: 11 additions & 0 deletions sha1/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,17 @@ impl AlgorithmName for Sha1Core {
}
}

#[cfg(feature = "zeroize")]
impl Drop for Sha1Core {
fn drop(&mut self) {
use zeroize::Zeroize;
self.h.zeroize();
self.block_len.zeroize();
}
}
#[cfg(feature = "zeroize")]
impl zeroize::ZeroizeOnDrop for Sha1Core {}

impl fmt::Debug for Sha1Core {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str("Sha1Core { ... }")
Expand Down
1 change: 1 addition & 0 deletions sha2/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ categories = ["cryptography", "no-std"]
[dependencies]
digest = "0.10.7"
cfg-if = "1.0"
zeroize = { version = "1", default-features = false, optional = true }

[target.'cfg(any(target_arch = "aarch64", target_arch = "x86_64", target_arch = "x86"))'.dependencies]
cpufeatures = "0.2"
Expand Down
22 changes: 22 additions & 0 deletions sha2/src/core_api.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,17 @@ impl AlgorithmName for Sha256VarCore {
}
}

#[cfg(feature = "zeroize")]
impl Drop for Sha256VarCore {
fn drop(&mut self) {
use zeroize::Zeroize;
self.state.zeroize();
self.block_len.zeroize();
}
}
#[cfg(feature = "zeroize")]
impl zeroize::ZeroizeOnDrop for Sha256VarCore {}

impl fmt::Debug for Sha256VarCore {
#[inline]
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
Expand Down Expand Up @@ -149,6 +160,17 @@ impl AlgorithmName for Sha512VarCore {
}
}

#[cfg(feature = "zeroize")]
impl Drop for Sha512VarCore {
fn drop(&mut self) {
use zeroize::Zeroize;
self.state.zeroize();
self.block_len.zeroize();
}
}
#[cfg(feature = "zeroize")]
impl zeroize::ZeroizeOnDrop for Sha512VarCore {}

impl fmt::Debug for Sha512VarCore {
#[inline]
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
Expand Down