From d4ed52e48eb52566dab91080eb25d8979fbb7d3e Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 17 Jul 2022 09:47:33 +0200 Subject: remove zeroize dependency this is not so much a problem as a possible source of false security for the readers. all secret keys we handle are serialized in some form, and those serialization buffers are *not* zeroed out after use. zeroing our raw buffers doesn't help much in that case, using a zero-on-free allocator would be much more helpful. --- src/crypto.rs | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'src') diff --git a/src/crypto.rs b/src/crypto.rs index 049f6b0..c3417fd 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -17,16 +17,10 @@ use sha2::Sha256; const NAMESPACE: &[u8] = b"identity.mozilla.com/picl/v1/"; -#[derive(Clone, PartialEq, Eq, Zeroize, Serialize, Deserialize)] +#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)] #[serde(try_from = "String", into = "String")] pub struct SecretBytes(pub [u8; N]); -impl Drop for SecretBytes { - fn drop(&mut self) { - self.zeroize(); - } -} - #[derive(Clone, PartialEq, Eq)] pub struct TokenID(pub [u8; 32]); @@ -123,7 +117,6 @@ mod from_hkdf { } use from_hkdf::from_hkdf; -use zeroize::Zeroize; impl SecretBytes { pub fn generate() -> Self { -- cgit v1.2.3