diff --git a/zeroize/src/aarch64.rs b/zeroize/src/aarch64.rs index 07744d01..e4f57f8e 100644 --- a/zeroize/src/aarch64.rs +++ b/zeroize/src/aarch64.rs @@ -5,6 +5,7 @@ use crate::{atomic_fence, volatile_write, Zeroize}; +#[allow(clippy::wildcard_imports)] use core::arch::aarch64::*; macro_rules! impl_zeroize_for_simd_register { diff --git a/zeroize/src/lib.rs b/zeroize/src/lib.rs index b67b5c95..1d4ae356 100644 --- a/zeroize/src/lib.rs +++ b/zeroize/src/lib.rs @@ -26,6 +26,7 @@ //! - No FFI or inline assembly! **WASM friendly** (and tested)! //! - `#![no_std]` i.e. **embedded-friendly**! //! - No functionality besides securely zeroing memory! +//! - Support for zeroing SIMD registers on `x86`, `x86_64`, `aarch64` targets! //! - (Optional) Custom derive support for zeroing complex structures //! //! ## Minimum Supported Rust Version @@ -33,7 +34,7 @@ //! Requires Rust **1.60** or newer. //! //! In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope -//! for this crate's SemVer guarantees), however when we do it will be accompanied +//! for this crate's `SemVer` guarantees), however when we do it will be accompanied //! by a minor version bump. //! //! ## Usage @@ -41,15 +42,13 @@ //! ``` //! use zeroize::Zeroize; //! -//! fn main() { -//! // Protip: don't embed secrets in your source code. -//! // This is just an example. -//! let mut secret = b"Air shield password: 1,2,3,4,5".to_vec(); -//! // [ ... ] open the air shield here +//! // Protip: don't embed secrets in your source code. +//! // This is just an example. +//! let mut secret = b"Air shield password: 1,2,3,4,5".to_vec(); +//! // [ ... ] open the air shield here //! -//! // Now that we're done using the secret, zero it out. -//! secret.zeroize(); -//! } +//! // Now that we're done using the secret, zero it out. +//! secret.zeroize(); //! ``` //! //! The [`Zeroize`] trait is impl'd on all of Rust's core scalar types including @@ -143,16 +142,14 @@ //! ``` //! use zeroize::Zeroizing; //! -//! fn main() { -//! let mut secret = Zeroizing::new([0u8; 5]); +//! let mut secret = Zeroizing::new([0u8; 5]); //! -//! // Set the air shield password -//! // Protip (again): don't embed secrets in your source code. -//! secret.copy_from_slice(&[1, 2, 3, 4, 5]); -//! assert_eq!(secret.as_ref(), &[1, 2, 3, 4, 5]); +//! // Set the air shield password +//! // Protip (again): don't embed secrets in your source code. +//! secret.copy_from_slice(&[1, 2, 3, 4, 5]); +//! assert_eq!(secret.as_ref(), &[1, 2, 3, 4, 5]); //! -//! // The contents of `secret` will be automatically zeroized on drop -//! } +//! // The contents of `secret` will be automatically zeroized on drop //! ``` //! //! ## What guarantees does this crate provide? @@ -235,6 +232,8 @@ //! [good cryptographic hygiene]: https://github.com/veorq/cryptocoding#clean-memory-of-secret-data //! [`Ordering::SeqCst`]: core::sync::atomic::Ordering::SeqCst +#![allow(clippy::inline_always)] + #[cfg(feature = "alloc")] extern crate alloc; @@ -318,10 +317,10 @@ impl_zeroize_with_default! { u8, u16, u32, u64, u128, usize } -/// `PhantomPinned` is zero sized so provide a ZeroizeOnDrop implementation. +/// [`PhantomPinned`] is zero sized so provide a [`ZeroizeOnDrop`] implementation. impl ZeroizeOnDrop for PhantomPinned {} -/// `()` is zero sized so provide a ZeroizeOnDrop implementation. +/// `()` is zero sized so provide a [`ZeroizeOnDrop`] implementation. impl ZeroizeOnDrop for () {} macro_rules! impl_zeroize_for_non_zero { @@ -399,7 +398,7 @@ where // Ensures self is None and that the value was dropped. Without the take, the drop // of the (zeroized) value isn't called, which might lead to a leak or other - // unexpected behavior. For example, if this were Option>, the above call to + // unexpected behavior. For example, if this were `Option>`, the above call to // zeroize would not free the allocated memory, but the the `take` call will. self.take(); } @@ -440,7 +439,7 @@ impl Zeroize for MaybeUninit { fn zeroize(&mut self) { // Safety: // `MaybeUninit` is valid for any byte pattern, including zeros. - unsafe { ptr::write_volatile(self, MaybeUninit::zeroed()) } + unsafe { ptr::write_volatile(self, Self::zeroed()) } atomic_fence(); } } @@ -458,12 +457,12 @@ impl Zeroize for [MaybeUninit] { fn zeroize(&mut self) { let ptr = self.as_mut_ptr().cast::>(); let size = self.len().checked_mul(mem::size_of::()).unwrap(); - assert!(size <= isize::MAX as usize); + assert!(isize::try_from(size).is_ok()); // Safety: // // This is safe, because every valid pointer is well aligned for u8 - // and it is backed by a single allocated object for at least `self.len() * size_pf::()` bytes. + // and it is backed by a single allocated object for at least `self.len() * size_of::()` bytes. // and 0 is a valid value for `MaybeUninit` // The memory of the slice should not wrap around the address space. unsafe { volatile_set(ptr, MaybeUninit::zeroed(), size) } @@ -484,7 +483,7 @@ where Z: DefaultIsZeroes, { fn zeroize(&mut self) { - assert!(self.len() <= isize::MAX as usize); + assert!(isize::try_from(self.len()).is_ok()); // Safety: // @@ -510,7 +509,7 @@ impl Zeroize for PhantomData { fn zeroize(&mut self) {} } -/// [`PhantomData` is always zero sized so provide a ZeroizeOnDrop implementation. +/// [`PhantomData`] is always zero sized so provide a [`ZeroizeOnDrop`] implementation. impl ZeroizeOnDrop for PhantomData {} macro_rules! impl_zeroize_tuple { @@ -622,8 +621,8 @@ impl Zeroize for CString { } } -/// `Zeroizing` is a a wrapper for any `Z: Zeroize` type which implements a -/// `Drop` handler which zeroizes dropped values. +/// [`Zeroizing`] is a a wrapper for any `Z: Zeroize` type which implements a +/// [`Drop`] handler which zeroizes dropped values. #[derive(Debug, Default, Eq, PartialEq)] pub struct Zeroizing(Z); @@ -631,9 +630,10 @@ impl Zeroizing where Z: Zeroize, { - /// Move value inside a `Zeroizing` wrapper which ensures it will be + /// Move value inside a [`Zeroizing`] wrapper which ensures it will be /// zeroized when it's dropped. #[inline(always)] + #[allow(clippy::missing_const_for_fn)] pub fn new(value: Z) -> Self { Self(value) } @@ -657,8 +657,8 @@ where Z: Zeroize, { #[inline(always)] - fn from(value: Z) -> Zeroizing { - Zeroizing(value) + fn from(value: Z) -> Self { + Self(value) } } @@ -722,7 +722,7 @@ where Z: Zeroize, { fn drop(&mut self) { - self.0.zeroize() + self.0.zeroize(); } } @@ -765,7 +765,9 @@ fn atomic_fence() { /// Perform a volatile write to the destination #[inline(always)] fn volatile_write(dst: &mut T, src: T) { - unsafe { ptr::write_volatile(dst, src) } + unsafe { + ptr::write_volatile(dst, src); + } } /// Perform a volatile `memset` operation which fills a slice with a value @@ -798,7 +800,7 @@ unsafe fn volatile_set(dst: *mut T, src: T, count: usize) { /// Internal module used as support for `AssertZeroizeOnDrop`. #[doc(hidden)] pub mod __internal { - use super::*; + use super::{Zeroize, ZeroizeOnDrop}; /// Auto-deref workaround for deriving `ZeroizeOnDrop`. pub trait AssertZeroizeOnDrop { @@ -816,7 +818,7 @@ pub mod __internal { impl AssertZeroize for T { fn zeroize_or_on_drop(&mut self) { - self.zeroize() + self.zeroize(); } } } diff --git a/zeroize/src/x86.rs b/zeroize/src/x86.rs index 5e4bfcb3..b5f10b4d 100644 --- a/zeroize/src/x86.rs +++ b/zeroize/src/x86.rs @@ -3,9 +3,11 @@ use crate::{atomic_fence, volatile_write, Zeroize}; #[cfg(target_arch = "x86")] +#[allow(clippy::wildcard_imports)] use core::arch::x86::*; #[cfg(target_arch = "x86_64")] +#[allow(clippy::wildcard_imports)] use core::arch::x86_64::*; macro_rules! impl_zeroize_for_simd_register {