ZeroizeOnDrop instead of Zeroize

RustCrypto · Nov 12, 2023 · 37e7bc5 · 37e7bc5
1 parent 9634d7c
commit 37e7bc5
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 56 deletions.
diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml
@@ -27,4 +27,4 @@ simd = []
 simd_opt = ["simd"]
 simd_asm = ["simd_opt"]
 size_opt = [] # Optimize for code size. Removes some `inline(always)`
-zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors
+zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors
diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs
@@ -9,7 +9,7 @@ macro_rules! blake2_impl {
         pub struct $name {
             h: [$vec; 2],
             t: u64,
-            #[cfg(any(feature = "reset", feature = "zeroize"))]
+            #[cfg(feature = "reset")]
             h0: [$vec; 2],
         }
 
@@ -86,7 +86,7 @@ macro_rules! blake2_impl {
                     Self::iv1() ^ $vec::new(p[4], p[5], p[6], p[7]),
                 ];
                 $name {
-                    #[cfg(any(feature = "reset", feature = "zeroize"))]
+                    #[cfg(feature = "reset")]
                     h0: h.clone(),
                     h,
                     t: 0,
@@ -244,18 +244,15 @@ macro_rules! blake2_impl {
         }
 
         #[cfg(feature = "zeroize")]
-        impl zeroize_crate::Zeroize for $name {
-            fn zeroize(&mut self) {
+        impl Drop for $name {
+            fn drop(&mut self) {
+                use zeroize_crate::Zeroize;
                 self.h.zeroize();
                 self.t.zeroize();
-
-                // Because the hasher is now in an invalid state, restore the starting state
-                // This makes Zeroize equivalent to reset *yet using a zero-write the compiler
-                // hopefully shouldn't be able to optimize out*
-                // The following lines may be optimized out if no further use occurs, which is fine
-                self.h = self.h0;
             }
         }
+        #[cfg(feature = "zeroize")]
+        impl zeroize_crate::ZeroizeOnDrop for $name {}
 
         impl fmt::Debug for $name {
             fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {

diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml
@@ -34,7 +34,7 @@ asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crat
 loongarch64_asm = []
 compress = [] # Expose compress function
 force-soft = [] # Force software implementation
-zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors
+zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors
 
 [package.metadata.docs.rs]
 all-features = true

diff --git a/sha1/src/lib.rs b/sha1/src/lib.rs
@@ -151,18 +151,15 @@ impl AlgorithmName for Sha1Core {
 }
 
 #[cfg(feature = "zeroize")]
-impl zeroize_crate::Zeroize for Sha1Core {
-    fn zeroize(&mut self) {
+impl Drop for Sha1Core {
+    fn drop(&mut self) {
+        use zeroize_crate::Zeroize;
         self.h.zeroize();
         self.block_len.zeroize();
-
-        // Because the hasher is now in an invalid state, restore the starting state
-        // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully
-        // shouldn't be able to optimize out*
-        // The following lines may be optimized out if no further use occurs, which is fine
-        self.h = Self::default().h;
     }
 }
+#[cfg(feature = "zeroize")]
+impl zeroize_crate::ZeroizeOnDrop for Sha1Core {}
 
 impl fmt::Debug for Sha1Core {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {

diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml
@@ -38,7 +38,7 @@ loongarch64_asm = []
 compress = [] # Expose compress functions
 force-soft = [] # Force software implementation
 asm-aarch64 = ["asm"] # DEPRECATED: use `asm` instead
-zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors
+zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors
 
 [package.metadata.docs.rs]
 all-features = true

diff --git a/sha2/src/core_api.rs b/sha2/src/core_api.rs
@@ -16,8 +16,6 @@ use digest::{
 /// i.e. 224 and 256 bits respectively.
 #[derive(Clone)]
 pub struct Sha256VarCore {
-    #[cfg(feature = "zeroize")]
-    output_size: usize,
     state: consts::State256,
     block_len: u64,
 }
@@ -55,12 +53,7 @@ impl VariableOutputCore for Sha256VarCore {
             _ => return Err(InvalidOutputSize),
         };
         let block_len = 0;
-        Ok(Self {
-            #[cfg(feature = "zeroize")]
-            output_size,
-            state,
-            block_len,
-        })
+        Ok(Self { state, block_len })
     }
 
     #[inline]
@@ -83,18 +76,15 @@ impl AlgorithmName for Sha256VarCore {
 }
 
 #[cfg(feature = "zeroize")]
-impl zeroize_crate::Zeroize for Sha256VarCore {
-    fn zeroize(&mut self) {
+impl Drop for Sha256VarCore {
+    fn drop(&mut self) {
+        use zeroize_crate::Zeroize;
         self.state.zeroize();
         self.block_len.zeroize();
-
-        // Because the hasher is now in an invalid state, restore the starting state
-        // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully
-        // shouldn't be able to optimize out*
-        // The following lines may be optimized out if no further use occurs, which is fine
-        self.state = Self::new(self.output_size).unwrap().state;
     }
 }
+#[cfg(feature = "zeroize")]
+impl zeroize_crate::ZeroizeOnDrop for Sha256VarCore {}
 
 impl fmt::Debug for Sha256VarCore {
     #[inline]
@@ -109,8 +99,6 @@ impl fmt::Debug for Sha256VarCore {
 /// i.e. 224, 256, 384, and 512 bits respectively.
 #[derive(Clone)]
 pub struct Sha512VarCore {
-    #[cfg(feature = "zeroize")]
-    output_size: usize,
     state: consts::State512,
     block_len: u128,
 }
@@ -150,12 +138,7 @@ impl VariableOutputCore for Sha512VarCore {
             _ => return Err(InvalidOutputSize),
         };
         let block_len = 0;
-        Ok(Self {
-            #[cfg(feature = "zeroize")]
-            output_size,
-            state,
-            block_len,
-        })
+        Ok(Self { state, block_len })
     }
 
     #[inline]
@@ -178,13 +161,15 @@ impl AlgorithmName for Sha512VarCore {
 }
 
 #[cfg(feature = "zeroize")]
-impl zeroize_crate::Zeroize for Sha512VarCore {
-    fn zeroize(&mut self) {
+impl Drop for Sha512VarCore {
+    fn drop(&mut self) {
+        use zeroize_crate::Zeroize;
         self.state.zeroize();
         self.block_len.zeroize();
-        self.state = Self::new(self.output_size).unwrap().state;
     }
 }
+#[cfg(feature = "zeroize")]
+impl zeroize_crate::ZeroizeOnDrop for Sha512VarCore {}
 
 impl fmt::Debug for Sha512VarCore {
     #[inline]

diff --git a/sha3/src/state.rs b/sha3/src/state.rs
@@ -20,17 +20,10 @@ impl Default for Sha3State {
     }
 }
 
-#[cfg(feature = "zeroize")]
-impl Zeroize for Sha3State {
-    fn zeroize(&mut self) {
-        self.state.zeroize();
-    }
-}
-
 #[cfg(feature = "zeroize")]
 impl Drop for Sha3State {
     fn drop(&mut self) {
-        self.zeroize();
+        self.state.zeroize();
     }
 }