diff options
Diffstat (limited to 'vendor/zeroize')
-rw-r--r-- | vendor/zeroize/.cargo-checksum.json | 2 | ||||
-rw-r--r-- | vendor/zeroize/CHANGELOG.md | 17 | ||||
-rw-r--r-- | vendor/zeroize/Cargo.toml | 5 | ||||
-rw-r--r-- | vendor/zeroize/README.md | 4 | ||||
-rw-r--r-- | vendor/zeroize/src/aarch64.rs | 24 | ||||
-rw-r--r-- | vendor/zeroize/src/lib.rs | 98 | ||||
-rw-r--r-- | vendor/zeroize/src/x86.rs | 36 | ||||
-rw-r--r-- | vendor/zeroize/tests/zeroize_derive.rs | 35 |
8 files changed, 122 insertions, 99 deletions
diff --git a/vendor/zeroize/.cargo-checksum.json b/vendor/zeroize/.cargo-checksum.json index 4f4328bbd..03dabe8c2 100644 --- a/vendor/zeroize/.cargo-checksum.json +++ b/vendor/zeroize/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"93f0b7b36489514024533b93cf62bbd7bd79334e59cf594e8be8df6bbd1dd5b7","Cargo.toml":"eacbb4937ccf5203b3ae31882dc7cd38856f328738e6aa75ccca24be777b0d51","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"0b04ee3ce0021a922f43f37a17fee09a5a1ee6d1f4e149d5bf75b72395a49c72","README.md":"d0b58a7c997147431e4c0ac252452db94d99c837ae02e30067a3b3de7446806b","src/aarch64.rs":"10ae9e8f0fd942d2e5379ad83d394d8b91fe9a4679794052e3d5f1ae4be0aeab","src/lib.rs":"16866f64ae5ac4c1d8023724839b6c6d66134337d848e453dfee55969d381149","src/x86.rs":"a6e42d07dfba710e6f44010b952e42c3f1f115ec990a35dc6104a004be1eb301","tests/zeroize.rs":"afb60596bbe60130fa18f79a6e8407e2dab71eecf6382593dd114f2111918f9d","tests/zeroize_derive.rs":"cc688a52714588b19ee38faa11e7d8a6dfa42a0d8a0a41ec2bf2a08764ed14b3"},"package":"2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"}
\ No newline at end of file +{"files":{"CHANGELOG.md":"fd8942ae6603773ebb193e031a43ae57e4b732033e366320a39cb5a637a59c58","Cargo.toml":"843d826d92b68d6039d207cabb63ec4b45aecb40e43123af11162629327aa8f0","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"0b04ee3ce0021a922f43f37a17fee09a5a1ee6d1f4e149d5bf75b72395a49c72","README.md":"6584a94c6eb56a1b62e4e0a6f92cb6e1de6dd9bb8d8fd41225603af248e0bdd7","src/aarch64.rs":"4728dbcfd74944cec0ca4fbc2826ccd681d41beaab67e68b21204b0a566442cd","src/lib.rs":"9876a2bcd946d50ef9d2f6da1e8e081280824176ced75f04e92d80fda25e23cf","src/x86.rs":"9d26c2a1fa48a8d19e22cb237a8e2f42990cbe02b21f66016d5e485f2c171fdc","tests/zeroize.rs":"afb60596bbe60130fa18f79a6e8407e2dab71eecf6382593dd114f2111918f9d","tests/zeroize_derive.rs":"8c7f7f68bcbe71a85f605b0323c62eb582a25f2be130cd589d27a336b384fd9c"},"package":"525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"}
\ No newline at end of file diff --git a/vendor/zeroize/CHANGELOG.md b/vendor/zeroize/CHANGELOG.md index 12fded963..281e275fb 100644 --- a/vendor/zeroize/CHANGELOG.md +++ b/vendor/zeroize/CHANGELOG.md @@ -4,6 +4,23 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 1.7.0 (2023-11-16) +### Changed +- Bump MSRV to 1.60 ([#900]) + +## 1.6.1 (2023-11-15) [YANKED] + +NOTE: yanked because [#900] bumped MSRV to 1.60, which vioates our MSRV policy. + +### Added +- Impl `Zeroize` for `MaybeUninit` ([#900]) + +### Removed +- Unnecessary `cfg`s on SIMD type impls ([#930]) + +[#900]: https://github.com/RustCrypto/utils/pull/900 +[#930]: https://github.com/RustCrypto/utils/pull/930 + ## 1.6.0 (2023-03-26) ### Added - Impl `Zeroize` for `core::num::Wrapping` ([#818]) diff --git a/vendor/zeroize/Cargo.toml b/vendor/zeroize/Cargo.toml index 636d96982..1cf0f0ac7 100644 --- a/vendor/zeroize/Cargo.toml +++ b/vendor/zeroize/Cargo.toml @@ -11,9 +11,9 @@ [package] edition = "2021" -rust-version = "1.56" +rust-version = "1.60" name = "zeroize" -version = "1.6.0" +version = "1.7.0" authors = ["The RustCrypto Project Developers"] description = """ Securely clear secrets from memory with a simple trait built on @@ -38,7 +38,6 @@ categories = [ ] license = "Apache-2.0 OR MIT" repository = "https://github.com/RustCrypto/utils/tree/master/zeroize" -resolver = "1" [package.metadata.docs.rs] all-features = true diff --git a/vendor/zeroize/README.md b/vendor/zeroize/README.md index 0156ac03f..03b93abbd 100644 --- a/vendor/zeroize/README.md +++ b/vendor/zeroize/README.md @@ -36,7 +36,7 @@ thereof, implemented in pure Rust with no usage of FFI or assembly. ## Minimum Supported Rust Version -Rust **1.56** or newer. +Rust **1.60** or newer. In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by @@ -64,7 +64,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/zeroize/badge.svg [docs-link]: https://docs.rs/zeroize/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg [build-image]: https://github.com/RustCrypto/utils/actions/workflows/zeroize.yml/badge.svg [build-link]: https://github.com/RustCrypto/utils/actions/workflows/zeroize.yml diff --git a/vendor/zeroize/src/aarch64.rs b/vendor/zeroize/src/aarch64.rs index 956f6487f..07744d01c 100644 --- a/vendor/zeroize/src/aarch64.rs +++ b/vendor/zeroize/src/aarch64.rs @@ -1,20 +1,20 @@ //! [`Zeroize`] impls for ARM64 SIMD registers. //! //! Gated behind the `aarch64` feature: MSRV 1.59 -//! (the overall crate is MSRV 1.51) +//! (the overall crate is MSRV 1.60) use crate::{atomic_fence, volatile_write, Zeroize}; use core::arch::aarch64::*; macro_rules! impl_zeroize_for_simd_register { - ($(($type:ty, $vdupq:ident)),+) => { + ($($type:ty),* $(,)?) => { $( #[cfg_attr(docsrs, doc(cfg(target_arch = "aarch64")))] - #[cfg_attr(docsrs, doc(cfg(target_feature = "neon")))] impl Zeroize for $type { + #[inline] fn zeroize(&mut self) { - volatile_write(self, unsafe { $vdupq(0) }); + volatile_write(self, unsafe { core::mem::zeroed() }); atomic_fence(); } } @@ -24,12 +24,12 @@ macro_rules! impl_zeroize_for_simd_register { // TODO(tarcieri): other NEON register types? impl_zeroize_for_simd_register! { - (uint8x8_t, vdup_n_u8), - (uint8x16_t, vdupq_n_u8), - (uint16x4_t, vdup_n_u16), - (uint16x8_t, vdupq_n_u16), - (uint32x2_t, vdup_n_u32), - (uint32x4_t, vdupq_n_u32), - (uint64x1_t, vdup_n_u64), - (uint64x2_t, vdupq_n_u64) + uint8x8_t, + uint8x16_t, + uint16x4_t, + uint16x8_t, + uint32x2_t, + uint32x4_t, + uint64x1_t, + uint64x2_t, } diff --git a/vendor/zeroize/src/lib.rs b/vendor/zeroize/src/lib.rs index 4e0065788..b67b5c95d 100644 --- a/vendor/zeroize/src/lib.rs +++ b/vendor/zeroize/src/lib.rs @@ -30,7 +30,7 @@ //! //! ## Minimum Supported Rust Version //! -//! Requires Rust **1.51** or newer. +//! Requires Rust **1.60** or newer. //! //! In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope //! for this crate's SemVer guarantees), however when we do it will be accompanied @@ -263,10 +263,7 @@ use core::{ }; #[cfg(feature = "alloc")] -use { - alloc::{boxed::Box, string::String, vec::Vec}, - core::slice, -}; +use alloc::{boxed::Box, string::String, vec::Vec}; #[cfg(feature = "std")] use std::ffi::CString; @@ -315,18 +312,28 @@ macro_rules! impl_zeroize_with_default { #[rustfmt::skip] impl_zeroize_with_default! { - bool, char, + PhantomPinned, (), bool, char, f32, f64, i8, i16, i32, i64, i128, isize, u8, u16, u32, u64, u128, usize } +/// `PhantomPinned` is zero sized so provide a ZeroizeOnDrop implementation. +impl ZeroizeOnDrop for PhantomPinned {} + +/// `()` is zero sized so provide a ZeroizeOnDrop implementation. +impl ZeroizeOnDrop for () {} + macro_rules! impl_zeroize_for_non_zero { ($($type:ty),+) => { $( impl Zeroize for $type { fn zeroize(&mut self) { - volatile_write(self, unsafe { <$type>::new_unchecked(1) }); + const ONE: $type = match <$type>::new(1) { + Some(one) => one, + None => unreachable!(), + }; + volatile_write(self, ONE); atomic_fence(); } } @@ -371,7 +378,7 @@ where /// Impl [`ZeroizeOnDrop`] on arrays of types that impl [`ZeroizeOnDrop`]. impl<Z, const N: usize> ZeroizeOnDrop for [Z; N] where Z: ZeroizeOnDrop {} -impl<'a, Z> Zeroize for IterMut<'a, Z> +impl<Z> Zeroize for IterMut<'_, Z> where Z: Zeroize, { @@ -405,18 +412,18 @@ where // The memory pointed to by `self` is valid for `mem::size_of::<Self>()` bytes. // It is also properly aligned, because `u8` has an alignment of `1`. unsafe { - volatile_set(self as *mut _ as *mut u8, 0, mem::size_of::<Self>()); + volatile_set((self as *mut Self).cast::<u8>(), 0, mem::size_of::<Self>()); } - // Ensures self is overwritten with the default bit pattern. volatile_write can't be + // Ensures self is overwritten with the `None` bit pattern. volatile_write can't be // used because Option<Z> is not copy. // // Safety: // - // self is safe to replace with the default, which the take() call above should have + // self is safe to replace with `None`, which the take() call above should have // already done semantically. Any value which needed to be dropped will have been // done so by take(). - unsafe { ptr::write_volatile(self, Option::default()) } + unsafe { ptr::write_volatile(self, None) } atomic_fence(); } @@ -424,6 +431,20 @@ where impl<Z> ZeroizeOnDrop for Option<Z> where Z: ZeroizeOnDrop {} +/// Impl [`Zeroize`] on [`MaybeUninit`] types. +/// +/// This fills the memory with zeroes. +/// Note that this ignore invariants that `Z` might have, because +/// [`MaybeUninit`] removes all invariants. +impl<Z> Zeroize for MaybeUninit<Z> { + fn zeroize(&mut self) { + // Safety: + // `MaybeUninit` is valid for any byte pattern, including zeros. + unsafe { ptr::write_volatile(self, MaybeUninit::zeroed()) } + atomic_fence(); + } +} + /// Impl [`Zeroize`] on slices of [`MaybeUninit`] types. /// /// This impl can eventually be optimized using an memset intrinsic, @@ -435,7 +456,7 @@ impl<Z> ZeroizeOnDrop for Option<Z> where Z: ZeroizeOnDrop {} /// [`MaybeUninit`] removes all invariants. impl<Z> Zeroize for [MaybeUninit<Z>] { fn zeroize(&mut self) { - let ptr = self.as_mut_ptr() as *mut MaybeUninit<u8>; + let ptr = self.as_mut_ptr().cast::<MaybeUninit<u8>>(); let size = self.len().checked_mul(mem::size_of::<Z>()).unwrap(); assert!(size <= isize::MAX as usize); @@ -445,7 +466,7 @@ impl<Z> Zeroize for [MaybeUninit<Z>] { // and it is backed by a single allocated object for at least `self.len() * size_pf::<Z>()` bytes. // and 0 is a valid value for `MaybeUninit<Z>` // The memory of the slice should not wrap around the address space. - unsafe { volatile_set(ptr, MaybeUninit::new(0), size) } + unsafe { volatile_set(ptr, MaybeUninit::zeroed(), size) } atomic_fence(); } } @@ -492,47 +513,22 @@ impl<Z> Zeroize for PhantomData<Z> { /// [`PhantomData` is always zero sized so provide a ZeroizeOnDrop implementation. impl<Z> ZeroizeOnDrop for PhantomData<Z> {} -/// `PhantomPinned` is zero sized so provide a Zeroize implementation. -impl Zeroize for PhantomPinned { - fn zeroize(&mut self) {} -} - -/// `PhantomPinned` is zero sized so provide a ZeroizeOnDrop implementation. -impl ZeroizeOnDrop for PhantomPinned {} - -/// `()` is zero sized so provide a Zeroize implementation. -impl Zeroize for () { - fn zeroize(&mut self) {} -} - -/// `()` is zero sized so provide a ZeroizeOnDrop implementation. -impl ZeroizeOnDrop for () {} - -/// Generic implementation of Zeroize for tuples up to 10 parameters. -impl<A: Zeroize> Zeroize for (A,) { - fn zeroize(&mut self) { - self.0.zeroize(); - } -} - -/// Generic implementation of ZeroizeOnDrop for tuples up to 10 parameters. -impl<A: ZeroizeOnDrop> ZeroizeOnDrop for (A,) {} - macro_rules! impl_zeroize_tuple { ( $( $type_name:ident ),+ ) => { - impl<$($type_name: Zeroize),+> Zeroize for ($($type_name),+) { + impl<$($type_name: Zeroize),+> Zeroize for ($($type_name,)+) { fn zeroize(&mut self) { #[allow(non_snake_case)] - let ($($type_name),+) = self; + let ($($type_name,)+) = self; $($type_name.zeroize());+ } } - impl<$($type_name: ZeroizeOnDrop),+> ZeroizeOnDrop for ($($type_name),+) { } + impl<$($type_name: ZeroizeOnDrop),+> ZeroizeOnDrop for ($($type_name,)+) { } } } // Generic implementations for tuples up to 10 parameters. +impl_zeroize_tuple!(A); impl_zeroize_tuple!(A, B); impl_zeroize_tuple!(A, B, C); impl_zeroize_tuple!(A, B, C, D); @@ -561,17 +557,7 @@ where self.clear(); // Zero the full capacity of `Vec`. - // Safety: - // - // This is safe, because `Vec` never allocates more than `isize::MAX` bytes. - // This exact use case is even mentioned in the documentation of `pointer::add`. - // This is safe because MaybeUninit ignores all invariants, - // so we can create a slice of MaybeUninit<Z> using the full capacity of the Vec - let uninit_slice = unsafe { - slice::from_raw_parts_mut(self.as_mut_ptr() as *mut MaybeUninit<Z>, self.capacity()) - }; - - uninit_slice.zeroize(); + self.spare_capacity_mut().zeroize(); } } @@ -621,11 +607,11 @@ impl Zeroize for CString { // contain a trailing zero byte let this = mem::take(self); - // - CString::into_bytes calls ::into_vec which takes ownership of the heap pointer + // - CString::into_bytes_with_nul calls ::into_vec which takes ownership of the heap pointer // as a Vec<u8> // - Calling .zeroize() on the resulting vector clears out the bytes // From: https://github.com/RustCrypto/utils/pull/759#issuecomment-1087976570 - let mut buf = this.into_bytes(); + let mut buf = this.into_bytes_with_nul(); buf.zeroize(); // expect() should never fail, because zeroize() truncates the Vec diff --git a/vendor/zeroize/src/x86.rs b/vendor/zeroize/src/x86.rs index a66cf36cc..5e4bfcb32 100644 --- a/vendor/zeroize/src/x86.rs +++ b/vendor/zeroize/src/x86.rs @@ -9,32 +9,18 @@ use core::arch::x86::*; use core::arch::x86_64::*; macro_rules! impl_zeroize_for_simd_register { - ($type:ty, $feature:expr, $zero_value:ident) => { - #[cfg_attr(docsrs, doc(cfg(target_arch = "x86")))] // also `x86_64` - #[cfg_attr(docsrs, doc(cfg(target_feature = $feature)))] - impl Zeroize for $type { - fn zeroize(&mut self) { - volatile_write(self, unsafe { $zero_value() }); - atomic_fence(); + ($($type:ty),* $(,)?) => { + $( + #[cfg_attr(docsrs, doc(cfg(any(target_arch = "x86", target_arch = "x86_64"))))] + impl Zeroize for $type { + #[inline] + fn zeroize(&mut self) { + volatile_write(self, unsafe { core::mem::zeroed() }); + atomic_fence(); + } } - } + )* }; } -#[cfg(target_feature = "sse")] -impl_zeroize_for_simd_register!(__m128, "sse", _mm_setzero_ps); - -#[cfg(target_feature = "sse2")] -impl_zeroize_for_simd_register!(__m128d, "sse2", _mm_setzero_pd); - -#[cfg(target_feature = "sse2")] -impl_zeroize_for_simd_register!(__m128i, "sse2", _mm_setzero_si128); - -#[cfg(target_feature = "avx")] -impl_zeroize_for_simd_register!(__m256, "avx", _mm256_setzero_ps); - -#[cfg(target_feature = "avx")] -impl_zeroize_for_simd_register!(__m256d, "avx", _mm256_setzero_pd); - -#[cfg(target_feature = "avx")] -impl_zeroize_for_simd_register!(__m256i, "avx", _mm256_setzero_si256); +impl_zeroize_for_simd_register!(__m128, __m128d, __m128i, __m256, __m256d, __m256i); diff --git a/vendor/zeroize/tests/zeroize_derive.rs b/vendor/zeroize/tests/zeroize_derive.rs index 96c10c325..c561ba615 100644 --- a/vendor/zeroize/tests/zeroize_derive.rs +++ b/vendor/zeroize/tests/zeroize_derive.rs @@ -325,3 +325,38 @@ fn derive_zeroize_on_drop_generic() { #[derive(ZeroizeOnDrop)] struct Z<T: Zeroize>(Vec<T>); } + +#[test] +fn derive_zeroize_unused_param() { + #[derive(Zeroize)] + struct Z<T> { + arr: [u32; 5], + #[zeroize(skip)] + skipped: T, + } +} + +#[test] +// Issue #878 +fn derive_zeroize_with_marker() { + #[derive(ZeroizeOnDrop, Zeroize)] + struct Test<A: Marker> { + #[zeroize(skip)] + field: Option<A>, + } + + trait Secret: ZeroizeOnDrop + Zeroize {} + + impl<A: Marker> Secret for Test<A> {} + + trait Marker {} +} + +#[test] +// Issue #878 +fn derive_zeroize_used_param() { + #[derive(Zeroize)] + struct Z<T> { + used: T, + } +} |