Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
secrecy/zeroize: Upgrade to
bytes v0.5
- Removes the `bytes-preview` feature from `zeroize` - Upgrades `secrecy` to use `bytes` v0.5 Now that `bytes` v0.5 is out, I've opened a PR to upstream the `Zeroize` impl for `BytesMut`: tokio-rs/bytes#335 Unfortunately it's no-longer possible to impl `Zeroize` for `Bytes` as of `bytes` v0.5, as the `try_mut` method was dropped in this PR: tokio-rs/bytes#298 I have brought this up on the first PR. In the meantime, this vendors the previous `BytesMut` impl of `Zeroize` into `secrecy`'s `SecretBytesMut` type, and drops `SecretBytes` as it's no-longer possible to implement.
- Loading branch information
1 parent
0c1a2fe
commit bedfdef
Showing
7 changed files
with
30 additions
and
116 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,78 +1,60 @@ | ||
| //! Optional `Secret` wrapper type for the `bytes::BytesMut` crate. | ||
|
|
||
| use super::{CloneableSecret, DebugSecret, ExposeSecret, Secret}; | ||
| use bytes_crate::{Bytes, BytesMut}; | ||
| use super::ExposeSecret; | ||
| use bytes::BytesMut; | ||
| use core::fmt; | ||
| use zeroize::Zeroize; | ||
|
|
||
| #[cfg(feature = "serde")] | ||
| #[cfg(feature = "bytes-serde")] | ||
| use serde::de::{Deserialize, Deserializer}; | ||
|
|
||
| /// Instance of `Bytes` protected by a type that impls the `ExposeSecret` | ||
| /// Instance of `BytesMut` protected by a type that impls the `ExposeSecret` | ||
| /// trait like `Secret<T>`. | ||
| /// | ||
| /// Because of the nature of how the `Bytes` type works, it needs some special | ||
| /// care in order to have a proper zeroizing drop handler. | ||
| #[derive(Clone)] | ||
| pub struct SecretBytes(Option<Bytes>); | ||
| pub struct SecretBytesMut(BytesMut); | ||
|
|
||
| impl SecretBytes { | ||
| /// Wrap bytes in `SecretBytes` | ||
| pub fn new(bytes: impl Into<Bytes>) -> SecretBytes { | ||
| SecretBytes(Some(bytes.into())) | ||
| impl SecretBytesMut { | ||
| /// Wrap bytes in `SecretBytesMut` | ||
| pub fn new(bytes: impl Into<BytesMut>) -> SecretBytesMut { | ||
| SecretBytesMut(bytes.into()) | ||
| } | ||
| } | ||
|
|
||
| impl ExposeSecret<Bytes> for SecretBytes { | ||
| fn expose_secret(&self) -> &Bytes { | ||
| self.0.as_ref().unwrap() | ||
| impl ExposeSecret<BytesMut> for SecretBytesMut { | ||
| fn expose_secret(&self) -> &BytesMut { | ||
| &self.0 | ||
| } | ||
| } | ||
|
|
||
| impl fmt::Debug for SecretBytes { | ||
| impl fmt::Debug for SecretBytesMut { | ||
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
| write!(f, "SecretBytes(...)") | ||
| write!(f, "SecretBytesMut([REDACTED])") | ||
| } | ||
| } | ||
|
|
||
| impl From<Bytes> for SecretBytes { | ||
| fn from(bytes: Bytes) -> SecretBytes { | ||
| SecretBytes::new(bytes) | ||
| impl From<BytesMut> for SecretBytesMut { | ||
| fn from(bytes: BytesMut) -> SecretBytesMut { | ||
| SecretBytesMut::new(bytes) | ||
| } | ||
| } | ||
|
|
||
| impl From<BytesMut> for SecretBytes { | ||
| fn from(bytes: BytesMut) -> SecretBytes { | ||
| SecretBytes::new(bytes) | ||
| } | ||
| } | ||
|
|
||
| impl Drop for SecretBytes { | ||
| impl Drop for SecretBytesMut { | ||
| fn drop(&mut self) { | ||
| // To zero the contents of `Bytes`, we have to take ownership of it | ||
| // and then attempt to convert it to a `BytesMut`. If that succeeds, | ||
| // we are holding the last reference to the inner byte buffer, which | ||
| // indicates its lifetime has ended and it's ready to be zeroed. | ||
| if let Some(bytes) = self.0.take() { | ||
| if let Ok(mut bytes_mut) = bytes.try_mut() { | ||
| bytes_mut.zeroize(); | ||
| } | ||
| } | ||
| self.0.resize(self.0.capacity(), 0); | ||
| self.0.as_mut().zeroize(); | ||
| debug_assert!(self.0.as_ref().iter().all(|b| *b == 0)); | ||
| } | ||
| } | ||
|
|
||
| #[cfg(feature = "serde")] | ||
| impl<'de> Deserialize<'de> for SecretBytes { | ||
| #[cfg(feature = "bytes-serde")] | ||
| impl<'de> Deserialize<'de> for SecretBytesMut { | ||
| fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> | ||
| where | ||
| D: Deserializer<'de>, | ||
| { | ||
| Bytes::deserialize(deserializer).map(SecretBytes::new) | ||
| BytesMut::deserialize(deserializer).map(SecretBytesMut::new) | ||
| } | ||
| } | ||
|
|
||
| /// Alias for `Secret<BytesMut>` | ||
| pub type SecretBytesMut = Secret<BytesMut>; | ||
|
|
||
| impl DebugSecret for BytesMut {} | ||
| impl CloneableSecret for BytesMut {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters