Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For crypto types, derive ZeroizeOnDrop #1328

Open
jhand2 opened this issue Feb 9, 2024 · 1 comment
Open

For crypto types, derive ZeroizeOnDrop #1328

jhand2 opened this issue Feb 9, 2024 · 1 comment
Labels
ROM 1.next

Comments

@jhand2
Copy link
Collaborator

jhand2 commented Feb 9, 2024

In many places we derive Zeroize for crypto types to satisfy FIPS zeroization requirements. This requires us to manually call .zeroize() on many different values. To prevent forgetting to do this, we should instead derive ZeroizeOnDrop, which will automatically drop types we allocate on the stack.
@sree-revoori1
Copy link
Contributor

The issue is some of the crypto types derive Copy, and we can't derive both ZeroizeOnDrop and Copy since ZeroizeOnDrop uses Drop. So I think we can only do this for types that don't derive Copy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ROM 1.next
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhand2 @sree-revoori1