Implement ZeroizeOnDrop without Drop

Author: daxpedda

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Added
+- `no_drop` item-level option to `ZeroizeOnDrop` which does not implement
+  `Drop` but instead only asserts that every field implements `ZeroizeOnDrop`.
+
 ## [1.4.0] - 2025-05-01
 
 ### Added

README.md

@@ -238,9 +238,11 @@ If the `zeroize-on-drop` feature is enabled, it implements [`ZeroizeOnDrop`]
 and can be implemented without [`Zeroize`], otherwise it only implements
 [`Drop`] and requires [`Zeroize`] to be implemented.
 
-[`ZeroizeOnDrop`] has one option:
+[`ZeroizeOnDrop`] has two options:
 - `crate`: an item-level option which specifies a path to the [`zeroize`]
   crate in case of a re-export or rename.
+- `no_drop`: an item-level option which will not implement [`Drop`] but instead
+  only assert that every field implements [`ZeroizeOnDrop`].
 
 ```rust
 #[derive_where(ZeroizeOnDrop(crate = zeroize_))]

src/attr/item.rs

@@ -386,6 +386,8 @@ pub enum DeriveTrait {
 	ZeroizeOnDrop {
 		/// [`ZeroizeOnDrop`](https://docs.rs/zeroize/latest/zeroize/trait.ZeroizeOnDrop.html) path.
 		crate_: Option<Path>,
+		/// If `Drop` should be implemented.
+		no_drop: bool,
 	},
 }
 

src/input.rs

@@ -183,11 +183,19 @@ impl<'a> Input<'a> {
 				{
 					// `Zeroize(crate = ..)` or `ZeroizeOnDrop(crate = ..)` is used.
 					if let DeriveTrait::Zeroize { crate_: Some(_) }
-					| DeriveTrait::ZeroizeOnDrop { crate_: Some(_) } = *trait_
+					| DeriveTrait::ZeroizeOnDrop {
+						crate_: Some(_), ..
+					} = *trait_
 					{
 						continue;
 					}
 
+					// `ZeroizeOnDrop(no_drop)` is used.
+					#[cfg(feature = "zeroize-on-drop")]
+					if let DeriveTrait::ZeroizeOnDrop { no_drop: true, .. } = *trait_ {
+						continue;
+					}
+
 					// `Zeroize(fqs)` is used on any field.
 					if trait_ == Trait::Zeroize && item.any_fqs() {
 						continue;

src/lib.rs

@@ -272,9 +272,11 @@
 //! and can be implemented without [`Zeroize`], otherwise it only implements
 //! [`Drop`] and requires [`Zeroize`] to be implemented.
 //!
-//! [`ZeroizeOnDrop`] has one option:
+//! [`ZeroizeOnDrop`] has two options:
 //! - `crate`: an item-level option which specifies a path to the [`zeroize`]
 //!   crate in case of a re-export or rename.
+//! - `no_drop`: an item-level option which will not implement [`Drop`] but
+//!   instead only assert that every field implements [`ZeroizeOnDrop`].
 //!
 //! ```
 //! # #[cfg(feature = "zeroize-on-drop")]
@@ -642,15 +644,7 @@ fn generate_impl(
 	let body = generate_body(derive_where, trait_, item, generics);
 
 	let ident = item.ident();
-	let path = trait_.impl_path(trait_);
-	let mut output = quote! {
-		#[automatically_derived]
-		impl #imp #path for #ident #ty
-		#where_clause
-		{
-			#body
-		}
-	};
+	let mut output = trait_.impl_item(trait_, imp, ident, ty, &where_clause, body);
 
 	if let Some((path, body)) = trait_.additional_impl(trait_) {
 		output.extend(quote! {

src/test/zeroize.rs

@@ -302,3 +302,47 @@ fn enum_skip_drop() -> Result<()> {
 		},
 	)
 }
+
+#[test]
+#[cfg(feature = "zeroize-on-drop")]
+fn no_drop() -> Result<()> {
+	test_derive(
+		quote! {
+			#[derive_where(ZeroizeOnDrop(no_drop); T)]
+			struct Test<T, U>(T, std::marker::PhantomData<U>);
+		},
+		quote! {
+			const _: () = {
+				trait DeriveWhereAssertZeroizeOnDrop {
+					fn assert(&mut self);
+				}
+
+				impl<T, U> DeriveWhereAssertZeroizeOnDrop for Test <T, U>
+				where T: ::zeroize::ZeroizeOnDrop
+				{
+					fn assert(&mut self) {
+						trait AssertZeroizeOnDrop {
+							fn __derive_where_zeroize_on_drop(&mut self);
+						}
+
+						impl<T: ::zeroize::ZeroizeOnDrop + ?::core::marker::Sized> AssertZeroizeOnDrop for T {
+							fn __derive_where_zeroize_on_drop(&mut self) {}
+						}
+
+						match self {
+							Test (ref mut __field_0, ref mut __field_1) => {
+								__field_0.__derive_where_zeroize_on_drop();
+								__field_1.__derive_where_zeroize_on_drop();
+							}
+						}
+					}
+				}
+			};
+
+			#[automatically_derived]
+			impl<T, U> ::zeroize::ZeroizeOnDrop for Test<T, U>
+			where T: ::zeroize::ZeroizeOnDrop
+			{ }
+		},
+	)
+}

src/trait_.rs

@@ -15,8 +15,14 @@ mod zeroize;
 #[cfg(feature = "zeroize")]
 mod zeroize_on_drop;
 
+use std::borrow::Cow;
+
 use proc_macro2::{Span, TokenStream};
-use syn::{punctuated::Punctuated, spanned::Spanned, Meta, Path, Result, Token, TypeParamBound};
+use quote::quote;
+use syn::{
+	punctuated::Punctuated, spanned::Spanned, Ident, ImplGenerics, Meta, Path, Result, Token,
+	TypeGenerics, TypeParamBound, WhereClause,
+};
 
 use crate::{Data, DeriveTrait, DeriveWhere, Error, Item, SplitGenerics};
 
@@ -127,8 +133,17 @@ impl TraitImpl for Trait {
 		self.implementation().additional_impl(trait_)
 	}
 
-	fn impl_path(&self, trait_: &DeriveTrait) -> Path {
-		self.implementation().impl_path(trait_)
+	fn impl_item(
+		&self,
+		trait_: &DeriveTrait,
+		imp: &ImplGenerics<'_>,
+		ident: &Ident,
+		ty: &TypeGenerics<'_>,
+		where_clause: &Option<Cow<'_, WhereClause>>,
+		body: TokenStream,
+	) -> TokenStream {
+		self.implementation()
+			.impl_item(trait_, imp, ident, ty, where_clause, body)
 	}
 
 	fn build_signature(
@@ -189,8 +204,25 @@ pub trait TraitImpl {
 
 	/// Trait to implement. Only used for [`ZeroizeOnDrop`](https://docs.rs/zeroize/latest/zeroize/trait.ZeroizeOnDrop.html)
 	/// because it implements [`Drop`] and not itself.
-	fn impl_path(&self, trait_: &DeriveTrait) -> Path {
-		trait_.path()
+	fn impl_item(
+		&self,
+		trait_: &DeriveTrait,
+		imp: &ImplGenerics<'_>,
+		ident: &Ident,
+		ty: &TypeGenerics<'_>,
+		where_clause: &Option<Cow<'_, WhereClause>>,
+		body: TokenStream,
+	) -> TokenStream {
+		let path = trait_.path();
+
+		quote! {
+			#[automatically_derived]
+			impl #imp #path for #ident #ty
+			#where_clause
+			{
+				#body
+			}
+		}
 	}
 
 	/// Build method signature for this [`Trait`].