Use the `zeroize` feature in several crates

Using `zeroize` here tells these crates that they should make various structures zeroize-on-drop. (This is not yet implemented in `aes` 0.8.1, but support has been merged in the repository for `aes`, so it should go out in the next release.) No corresponding feature flag is needed to enable zeroize-on-drop for `rsa` and `*25519-dalek` private keys.
2022-08-01 12:13:05 -04:00 · 2022-08-01 12:13:05 -04:00 · 514c3a8e62
parent c83ec273d0
commit 514c3a8e62
3 changed files with 5 additions and 4 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -617,6 +617,7 @@ checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e"
 dependencies = [
 "crypto-common",
 "inout",
 "zeroize",
 ]
 [[package]]
--- a/crates/tor-llcrypto/Cargo.toml
+++ b/crates/tor-llcrypto/Cargo.toml
@ -23,11 +23,11 @@ relay = []
 hsv3-client = []
 [dependencies]
-aes = { version = "0.8" }
+aes = { version = "0.8", features = ["zeroize"] }
 arrayref = "0.3"
 base64 = "0.13.0"
-cipher = { version = "0.4.3", optional = true }
+cipher = { version = "0.4.3", optional = true, features = ["zeroize"] }
-ctr = "0.9"
+ctr = { version = "0.9", features = ["zeroize"] }
 curve25519-dalek = "3.2"
 digest = "0.10.0"
 ed25519-dalek = { version = "1", features = ["batch"] }
--- a/crates/tor-proto/Cargo.toml
+++ b/crates/tor-proto/Cargo.toml
@ -23,7 +23,7 @@ tokio = ["tokio-crate", "tokio-util"]
 arrayref = "0.3"
 asynchronous-codec = "0.6.0"
 bytes = "1"
-cipher = "0.4.1"
+cipher = { version = "0.4.1", features = ["zeroize"] }
 coarsetime = "0.1.20"
 derive_builder = { version = "0.11.2", package = "derive_builder_fork_arti" }
 digest = "0.10.0"