summaryrefslogtreecommitdiffstats
path: root/vendor/zeroize
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/zeroize')
-rw-r--r--vendor/zeroize/.cargo-checksum.json2
-rw-r--r--vendor/zeroize/CHANGELOG.md17
-rw-r--r--vendor/zeroize/Cargo.toml5
-rw-r--r--vendor/zeroize/README.md4
-rw-r--r--vendor/zeroize/src/aarch64.rs24
-rw-r--r--vendor/zeroize/src/lib.rs98
-rw-r--r--vendor/zeroize/src/x86.rs36
-rw-r--r--vendor/zeroize/tests/zeroize_derive.rs35
8 files changed, 122 insertions, 99 deletions
diff --git a/vendor/zeroize/.cargo-checksum.json b/vendor/zeroize/.cargo-checksum.json
index 4f4328bbd..03dabe8c2 100644
--- a/vendor/zeroize/.cargo-checksum.json
+++ b/vendor/zeroize/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"93f0b7b36489514024533b93cf62bbd7bd79334e59cf594e8be8df6bbd1dd5b7","Cargo.toml":"eacbb4937ccf5203b3ae31882dc7cd38856f328738e6aa75ccca24be777b0d51","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"0b04ee3ce0021a922f43f37a17fee09a5a1ee6d1f4e149d5bf75b72395a49c72","README.md":"d0b58a7c997147431e4c0ac252452db94d99c837ae02e30067a3b3de7446806b","src/aarch64.rs":"10ae9e8f0fd942d2e5379ad83d394d8b91fe9a4679794052e3d5f1ae4be0aeab","src/lib.rs":"16866f64ae5ac4c1d8023724839b6c6d66134337d848e453dfee55969d381149","src/x86.rs":"a6e42d07dfba710e6f44010b952e42c3f1f115ec990a35dc6104a004be1eb301","tests/zeroize.rs":"afb60596bbe60130fa18f79a6e8407e2dab71eecf6382593dd114f2111918f9d","tests/zeroize_derive.rs":"cc688a52714588b19ee38faa11e7d8a6dfa42a0d8a0a41ec2bf2a08764ed14b3"},"package":"2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"} \ No newline at end of file
+{"files":{"CHANGELOG.md":"fd8942ae6603773ebb193e031a43ae57e4b732033e366320a39cb5a637a59c58","Cargo.toml":"843d826d92b68d6039d207cabb63ec4b45aecb40e43123af11162629327aa8f0","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"0b04ee3ce0021a922f43f37a17fee09a5a1ee6d1f4e149d5bf75b72395a49c72","README.md":"6584a94c6eb56a1b62e4e0a6f92cb6e1de6dd9bb8d8fd41225603af248e0bdd7","src/aarch64.rs":"4728dbcfd74944cec0ca4fbc2826ccd681d41beaab67e68b21204b0a566442cd","src/lib.rs":"9876a2bcd946d50ef9d2f6da1e8e081280824176ced75f04e92d80fda25e23cf","src/x86.rs":"9d26c2a1fa48a8d19e22cb237a8e2f42990cbe02b21f66016d5e485f2c171fdc","tests/zeroize.rs":"afb60596bbe60130fa18f79a6e8407e2dab71eecf6382593dd114f2111918f9d","tests/zeroize_derive.rs":"8c7f7f68bcbe71a85f605b0323c62eb582a25f2be130cd589d27a336b384fd9c"},"package":"525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"} \ No newline at end of file
diff --git a/vendor/zeroize/CHANGELOG.md b/vendor/zeroize/CHANGELOG.md
index 12fded963..281e275fb 100644
--- a/vendor/zeroize/CHANGELOG.md
+++ b/vendor/zeroize/CHANGELOG.md
@@ -4,6 +4,23 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 1.7.0 (2023-11-16)
+### Changed
+- Bump MSRV to 1.60 ([#900])
+
+## 1.6.1 (2023-11-15) [YANKED]
+
+NOTE: yanked because [#900] bumped MSRV to 1.60, which vioates our MSRV policy.
+
+### Added
+- Impl `Zeroize` for `MaybeUninit` ([#900])
+
+### Removed
+- Unnecessary `cfg`s on SIMD type impls ([#930])
+
+[#900]: https://github.com/RustCrypto/utils/pull/900
+[#930]: https://github.com/RustCrypto/utils/pull/930
+
## 1.6.0 (2023-03-26)
### Added
- Impl `Zeroize` for `core::num::Wrapping` ([#818])
diff --git a/vendor/zeroize/Cargo.toml b/vendor/zeroize/Cargo.toml
index 636d96982..1cf0f0ac7 100644
--- a/vendor/zeroize/Cargo.toml
+++ b/vendor/zeroize/Cargo.toml
@@ -11,9 +11,9 @@
[package]
edition = "2021"
-rust-version = "1.56"
+rust-version = "1.60"
name = "zeroize"
-version = "1.6.0"
+version = "1.7.0"
authors = ["The RustCrypto Project Developers"]
description = """
Securely clear secrets from memory with a simple trait built on
@@ -38,7 +38,6 @@ categories = [
]
license = "Apache-2.0 OR MIT"
repository = "https://github.com/RustCrypto/utils/tree/master/zeroize"
-resolver = "1"
[package.metadata.docs.rs]
all-features = true
diff --git a/vendor/zeroize/README.md b/vendor/zeroize/README.md
index 0156ac03f..03b93abbd 100644
--- a/vendor/zeroize/README.md
+++ b/vendor/zeroize/README.md
@@ -36,7 +36,7 @@ thereof, implemented in pure Rust with no usage of FFI or assembly.
## Minimum Supported Rust Version
-Rust **1.56** or newer.
+Rust **1.60** or newer.
In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope
for this crate's SemVer guarantees), however when we do it will be accompanied by
@@ -64,7 +64,7 @@ dual licensed as above, without any additional terms or conditions.
[docs-image]: https://docs.rs/zeroize/badge.svg
[docs-link]: https://docs.rs/zeroize/
[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg
[build-image]: https://github.com/RustCrypto/utils/actions/workflows/zeroize.yml/badge.svg
[build-link]: https://github.com/RustCrypto/utils/actions/workflows/zeroize.yml
diff --git a/vendor/zeroize/src/aarch64.rs b/vendor/zeroize/src/aarch64.rs
index 956f6487f..07744d01c 100644
--- a/vendor/zeroize/src/aarch64.rs
+++ b/vendor/zeroize/src/aarch64.rs
@@ -1,20 +1,20 @@
//! [`Zeroize`] impls for ARM64 SIMD registers.
//!
//! Gated behind the `aarch64` feature: MSRV 1.59
-//! (the overall crate is MSRV 1.51)
+//! (the overall crate is MSRV 1.60)
use crate::{atomic_fence, volatile_write, Zeroize};
use core::arch::aarch64::*;
macro_rules! impl_zeroize_for_simd_register {
- ($(($type:ty, $vdupq:ident)),+) => {
+ ($($type:ty),* $(,)?) => {
$(
#[cfg_attr(docsrs, doc(cfg(target_arch = "aarch64")))]
- #[cfg_attr(docsrs, doc(cfg(target_feature = "neon")))]
impl Zeroize for $type {
+ #[inline]
fn zeroize(&mut self) {
- volatile_write(self, unsafe { $vdupq(0) });
+ volatile_write(self, unsafe { core::mem::zeroed() });
atomic_fence();
}
}
@@ -24,12 +24,12 @@ macro_rules! impl_zeroize_for_simd_register {
// TODO(tarcieri): other NEON register types?
impl_zeroize_for_simd_register! {
- (uint8x8_t, vdup_n_u8),
- (uint8x16_t, vdupq_n_u8),
- (uint16x4_t, vdup_n_u16),
- (uint16x8_t, vdupq_n_u16),
- (uint32x2_t, vdup_n_u32),
- (uint32x4_t, vdupq_n_u32),
- (uint64x1_t, vdup_n_u64),
- (uint64x2_t, vdupq_n_u64)
+ uint8x8_t,
+ uint8x16_t,
+ uint16x4_t,
+ uint16x8_t,
+ uint32x2_t,
+ uint32x4_t,
+ uint64x1_t,
+ uint64x2_t,
}
diff --git a/vendor/zeroize/src/lib.rs b/vendor/zeroize/src/lib.rs
index 4e0065788..b67b5c95d 100644
--- a/vendor/zeroize/src/lib.rs
+++ b/vendor/zeroize/src/lib.rs
@@ -30,7 +30,7 @@
//!
//! ## Minimum Supported Rust Version
//!
-//! Requires Rust **1.51** or newer.
+//! Requires Rust **1.60** or newer.
//!
//! In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope
//! for this crate's SemVer guarantees), however when we do it will be accompanied
@@ -263,10 +263,7 @@ use core::{
};
#[cfg(feature = "alloc")]
-use {
- alloc::{boxed::Box, string::String, vec::Vec},
- core::slice,
-};
+use alloc::{boxed::Box, string::String, vec::Vec};
#[cfg(feature = "std")]
use std::ffi::CString;
@@ -315,18 +312,28 @@ macro_rules! impl_zeroize_with_default {
#[rustfmt::skip]
impl_zeroize_with_default! {
- bool, char,
+ PhantomPinned, (), bool, char,
f32, f64,
i8, i16, i32, i64, i128, isize,
u8, u16, u32, u64, u128, usize
}
+/// `PhantomPinned` is zero sized so provide a ZeroizeOnDrop implementation.
+impl ZeroizeOnDrop for PhantomPinned {}
+
+/// `()` is zero sized so provide a ZeroizeOnDrop implementation.
+impl ZeroizeOnDrop for () {}
+
macro_rules! impl_zeroize_for_non_zero {
($($type:ty),+) => {
$(
impl Zeroize for $type {
fn zeroize(&mut self) {
- volatile_write(self, unsafe { <$type>::new_unchecked(1) });
+ const ONE: $type = match <$type>::new(1) {
+ Some(one) => one,
+ None => unreachable!(),
+ };
+ volatile_write(self, ONE);
atomic_fence();
}
}
@@ -371,7 +378,7 @@ where
/// Impl [`ZeroizeOnDrop`] on arrays of types that impl [`ZeroizeOnDrop`].
impl<Z, const N: usize> ZeroizeOnDrop for [Z; N] where Z: ZeroizeOnDrop {}
-impl<'a, Z> Zeroize for IterMut<'a, Z>
+impl<Z> Zeroize for IterMut<'_, Z>
where
Z: Zeroize,
{
@@ -405,18 +412,18 @@ where
// The memory pointed to by `self` is valid for `mem::size_of::<Self>()` bytes.
// It is also properly aligned, because `u8` has an alignment of `1`.
unsafe {
- volatile_set(self as *mut _ as *mut u8, 0, mem::size_of::<Self>());
+ volatile_set((self as *mut Self).cast::<u8>(), 0, mem::size_of::<Self>());
}
- // Ensures self is overwritten with the default bit pattern. volatile_write can't be
+ // Ensures self is overwritten with the `None` bit pattern. volatile_write can't be
// used because Option<Z> is not copy.
//
// Safety:
//
- // self is safe to replace with the default, which the take() call above should have
+ // self is safe to replace with `None`, which the take() call above should have
// already done semantically. Any value which needed to be dropped will have been
// done so by take().
- unsafe { ptr::write_volatile(self, Option::default()) }
+ unsafe { ptr::write_volatile(self, None) }
atomic_fence();
}
@@ -424,6 +431,20 @@ where
impl<Z> ZeroizeOnDrop for Option<Z> where Z: ZeroizeOnDrop {}
+/// Impl [`Zeroize`] on [`MaybeUninit`] types.
+///
+/// This fills the memory with zeroes.
+/// Note that this ignore invariants that `Z` might have, because
+/// [`MaybeUninit`] removes all invariants.
+impl<Z> Zeroize for MaybeUninit<Z> {
+ fn zeroize(&mut self) {
+ // Safety:
+ // `MaybeUninit` is valid for any byte pattern, including zeros.
+ unsafe { ptr::write_volatile(self, MaybeUninit::zeroed()) }
+ atomic_fence();
+ }
+}
+
/// Impl [`Zeroize`] on slices of [`MaybeUninit`] types.
///
/// This impl can eventually be optimized using an memset intrinsic,
@@ -435,7 +456,7 @@ impl<Z> ZeroizeOnDrop for Option<Z> where Z: ZeroizeOnDrop {}
/// [`MaybeUninit`] removes all invariants.
impl<Z> Zeroize for [MaybeUninit<Z>] {
fn zeroize(&mut self) {
- let ptr = self.as_mut_ptr() as *mut MaybeUninit<u8>;
+ let ptr = self.as_mut_ptr().cast::<MaybeUninit<u8>>();
let size = self.len().checked_mul(mem::size_of::<Z>()).unwrap();
assert!(size <= isize::MAX as usize);
@@ -445,7 +466,7 @@ impl<Z> Zeroize for [MaybeUninit<Z>] {
// and it is backed by a single allocated object for at least `self.len() * size_pf::<Z>()` bytes.
// and 0 is a valid value for `MaybeUninit<Z>`
// The memory of the slice should not wrap around the address space.
- unsafe { volatile_set(ptr, MaybeUninit::new(0), size) }
+ unsafe { volatile_set(ptr, MaybeUninit::zeroed(), size) }
atomic_fence();
}
}
@@ -492,47 +513,22 @@ impl<Z> Zeroize for PhantomData<Z> {
/// [`PhantomData` is always zero sized so provide a ZeroizeOnDrop implementation.
impl<Z> ZeroizeOnDrop for PhantomData<Z> {}
-/// `PhantomPinned` is zero sized so provide a Zeroize implementation.
-impl Zeroize for PhantomPinned {
- fn zeroize(&mut self) {}
-}
-
-/// `PhantomPinned` is zero sized so provide a ZeroizeOnDrop implementation.
-impl ZeroizeOnDrop for PhantomPinned {}
-
-/// `()` is zero sized so provide a Zeroize implementation.
-impl Zeroize for () {
- fn zeroize(&mut self) {}
-}
-
-/// `()` is zero sized so provide a ZeroizeOnDrop implementation.
-impl ZeroizeOnDrop for () {}
-
-/// Generic implementation of Zeroize for tuples up to 10 parameters.
-impl<A: Zeroize> Zeroize for (A,) {
- fn zeroize(&mut self) {
- self.0.zeroize();
- }
-}
-
-/// Generic implementation of ZeroizeOnDrop for tuples up to 10 parameters.
-impl<A: ZeroizeOnDrop> ZeroizeOnDrop for (A,) {}
-
macro_rules! impl_zeroize_tuple {
( $( $type_name:ident ),+ ) => {
- impl<$($type_name: Zeroize),+> Zeroize for ($($type_name),+) {
+ impl<$($type_name: Zeroize),+> Zeroize for ($($type_name,)+) {
fn zeroize(&mut self) {
#[allow(non_snake_case)]
- let ($($type_name),+) = self;
+ let ($($type_name,)+) = self;
$($type_name.zeroize());+
}
}
- impl<$($type_name: ZeroizeOnDrop),+> ZeroizeOnDrop for ($($type_name),+) { }
+ impl<$($type_name: ZeroizeOnDrop),+> ZeroizeOnDrop for ($($type_name,)+) { }
}
}
// Generic implementations for tuples up to 10 parameters.
+impl_zeroize_tuple!(A);
impl_zeroize_tuple!(A, B);
impl_zeroize_tuple!(A, B, C);
impl_zeroize_tuple!(A, B, C, D);
@@ -561,17 +557,7 @@ where
self.clear();
// Zero the full capacity of `Vec`.
- // Safety:
- //
- // This is safe, because `Vec` never allocates more than `isize::MAX` bytes.
- // This exact use case is even mentioned in the documentation of `pointer::add`.
- // This is safe because MaybeUninit ignores all invariants,
- // so we can create a slice of MaybeUninit<Z> using the full capacity of the Vec
- let uninit_slice = unsafe {
- slice::from_raw_parts_mut(self.as_mut_ptr() as *mut MaybeUninit<Z>, self.capacity())
- };
-
- uninit_slice.zeroize();
+ self.spare_capacity_mut().zeroize();
}
}
@@ -621,11 +607,11 @@ impl Zeroize for CString {
// contain a trailing zero byte
let this = mem::take(self);
- // - CString::into_bytes calls ::into_vec which takes ownership of the heap pointer
+ // - CString::into_bytes_with_nul calls ::into_vec which takes ownership of the heap pointer
// as a Vec<u8>
// - Calling .zeroize() on the resulting vector clears out the bytes
// From: https://github.com/RustCrypto/utils/pull/759#issuecomment-1087976570
- let mut buf = this.into_bytes();
+ let mut buf = this.into_bytes_with_nul();
buf.zeroize();
// expect() should never fail, because zeroize() truncates the Vec
diff --git a/vendor/zeroize/src/x86.rs b/vendor/zeroize/src/x86.rs
index a66cf36cc..5e4bfcb32 100644
--- a/vendor/zeroize/src/x86.rs
+++ b/vendor/zeroize/src/x86.rs
@@ -9,32 +9,18 @@ use core::arch::x86::*;
use core::arch::x86_64::*;
macro_rules! impl_zeroize_for_simd_register {
- ($type:ty, $feature:expr, $zero_value:ident) => {
- #[cfg_attr(docsrs, doc(cfg(target_arch = "x86")))] // also `x86_64`
- #[cfg_attr(docsrs, doc(cfg(target_feature = $feature)))]
- impl Zeroize for $type {
- fn zeroize(&mut self) {
- volatile_write(self, unsafe { $zero_value() });
- atomic_fence();
+ ($($type:ty),* $(,)?) => {
+ $(
+ #[cfg_attr(docsrs, doc(cfg(any(target_arch = "x86", target_arch = "x86_64"))))]
+ impl Zeroize for $type {
+ #[inline]
+ fn zeroize(&mut self) {
+ volatile_write(self, unsafe { core::mem::zeroed() });
+ atomic_fence();
+ }
}
- }
+ )*
};
}
-#[cfg(target_feature = "sse")]
-impl_zeroize_for_simd_register!(__m128, "sse", _mm_setzero_ps);
-
-#[cfg(target_feature = "sse2")]
-impl_zeroize_for_simd_register!(__m128d, "sse2", _mm_setzero_pd);
-
-#[cfg(target_feature = "sse2")]
-impl_zeroize_for_simd_register!(__m128i, "sse2", _mm_setzero_si128);
-
-#[cfg(target_feature = "avx")]
-impl_zeroize_for_simd_register!(__m256, "avx", _mm256_setzero_ps);
-
-#[cfg(target_feature = "avx")]
-impl_zeroize_for_simd_register!(__m256d, "avx", _mm256_setzero_pd);
-
-#[cfg(target_feature = "avx")]
-impl_zeroize_for_simd_register!(__m256i, "avx", _mm256_setzero_si256);
+impl_zeroize_for_simd_register!(__m128, __m128d, __m128i, __m256, __m256d, __m256i);
diff --git a/vendor/zeroize/tests/zeroize_derive.rs b/vendor/zeroize/tests/zeroize_derive.rs
index 96c10c325..c561ba615 100644
--- a/vendor/zeroize/tests/zeroize_derive.rs
+++ b/vendor/zeroize/tests/zeroize_derive.rs
@@ -325,3 +325,38 @@ fn derive_zeroize_on_drop_generic() {
#[derive(ZeroizeOnDrop)]
struct Z<T: Zeroize>(Vec<T>);
}
+
+#[test]
+fn derive_zeroize_unused_param() {
+ #[derive(Zeroize)]
+ struct Z<T> {
+ arr: [u32; 5],
+ #[zeroize(skip)]
+ skipped: T,
+ }
+}
+
+#[test]
+// Issue #878
+fn derive_zeroize_with_marker() {
+ #[derive(ZeroizeOnDrop, Zeroize)]
+ struct Test<A: Marker> {
+ #[zeroize(skip)]
+ field: Option<A>,
+ }
+
+ trait Secret: ZeroizeOnDrop + Zeroize {}
+
+ impl<A: Marker> Secret for Test<A> {}
+
+ trait Marker {}
+}
+
+#[test]
+// Issue #878
+fn derive_zeroize_used_param() {
+ #[derive(Zeroize)]
+ struct Z<T> {
+ used: T,
+ }
+}