From d4ed52e48eb52566dab91080eb25d8979fbb7d3e Mon Sep 17 00:00:00 2001
From: pennae <github@quasiparticle.net>
Date: Sun, 17 Jul 2022 09:47:33 +0200
Subject: remove zeroize dependency

this is not so much a problem as a possible source of false security for
the readers. all secret keys we handle are serialized in some form, and
those serialization buffers are *not* zeroed out after use. zeroing our
raw buffers doesn't help much in that case, using a zero-on-free
allocator would be much more helpful.
---
 src/crypto.rs | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'src/crypto.rs')

diff --git a/src/crypto.rs b/src/crypto.rs
index 049f6b0..c3417fd 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -17,16 +17,10 @@ use sha2::Sha256;
 
 const NAMESPACE: &[u8] = b"identity.mozilla.com/picl/v1/";
 
-#[derive(Clone, PartialEq, Eq, Zeroize, Serialize, Deserialize)]
+#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(try_from = "String", into = "String")]
 pub struct SecretBytes<const N: usize>(pub [u8; N]);
 
-impl<const N: usize> Drop for SecretBytes<N> {
-    fn drop(&mut self) {
-        self.zeroize();
-    }
-}
-
 #[derive(Clone, PartialEq, Eq)]
 pub struct TokenID(pub [u8; 32]);
 
@@ -123,7 +117,6 @@ mod from_hkdf {
 }
 
 use from_hkdf::from_hkdf;
-use zeroize::Zeroize;
 
 impl<const N: usize> SecretBytes<N> {
     pub fn generate() -> Self {
-- 
cgit v1.2.3