From 514c3a8e620ea235f3af68ec6b137b0f0e3d9863 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 1 Aug 2022 12:13:05 -0400 Subject: [PATCH] Use the `zeroize` feature in several crates Using `zeroize` here tells these crates that they should make various structures zeroize-on-drop. (This is not yet implemented in `aes` 0.8.1, but support has been merged in the repository for `aes`, so it should go out in the next release.) No corresponding feature flag is needed to enable zeroize-on-drop for `rsa` and `*25519-dalek` private keys. --- Cargo.lock | 1 + crates/tor-llcrypto/Cargo.toml | 6 +++--- crates/tor-proto/Cargo.toml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be8ed583e..eb46bdf81 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -617,6 +617,7 @@ checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" dependencies = [ "crypto-common", "inout", + "zeroize", ] [[package]] diff --git a/crates/tor-llcrypto/Cargo.toml b/crates/tor-llcrypto/Cargo.toml index ba92103da..4880a3793 100644 --- a/crates/tor-llcrypto/Cargo.toml +++ b/crates/tor-llcrypto/Cargo.toml @@ -23,11 +23,11 @@ relay = [] hsv3-client = [] [dependencies] -aes = { version = "0.8" } +aes = { version = "0.8", features = ["zeroize"] } arrayref = "0.3" base64 = "0.13.0" -cipher = { version = "0.4.3", optional = true } -ctr = "0.9" +cipher = { version = "0.4.3", optional = true, features = ["zeroize"] } +ctr = { version = "0.9", features = ["zeroize"] } curve25519-dalek = "3.2" digest = "0.10.0" ed25519-dalek = { version = "1", features = ["batch"] } diff --git a/crates/tor-proto/Cargo.toml b/crates/tor-proto/Cargo.toml index 388dd1520..dae54a80b 100644 --- a/crates/tor-proto/Cargo.toml +++ b/crates/tor-proto/Cargo.toml @@ -23,7 +23,7 @@ tokio = ["tokio-crate", "tokio-util"] arrayref = "0.3" asynchronous-codec = "0.6.0" bytes = "1" -cipher = "0.4.1" +cipher = { version = "0.4.1", features = ["zeroize"] } coarsetime = "0.1.20" derive_builder = { version = "0.11.2", package = "derive_builder_fork_arti" } digest = "0.10.0"