digest: implement Zeroize for the buffering newtypes (#1940)

baloo · web-flow · commit f3b6f16c8bc8 · 2025-07-29T17:54:32.000+03:00
This is a fixup to #1799
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,3 +16,6 @@ members = [
 [patch.crates-io]
 digest = { path = "digest" }
 signature = { path = "signature" }
+
+# https://github.com/RustCrypto/utils/pull/1192
+block-buffer = { git = "https://github.com/RustCrypto/utils.git" }
diff --git a/digest/src/buffer_macros/fixed.rs b/digest/src/buffer_macros/fixed.rs
@@ -60,7 +60,7 @@ macro_rules! buffer_fixed {
         $crate::buffer_fixed!(
             impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty);
             BaseFixedTraits AlgorithmName Default Clone HashMarker
-            Reset FixedOutputReset SerializableState $($trait_name)*;
+            Reset FixedOutputReset SerializableState ZeroizeOnDrop $($trait_name)*;
         );
     };
 
@@ -476,5 +476,30 @@ macro_rules! buffer_fixed {
         }
 
         $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;);
-    }
+    };
+
+    // Implements `ZeroizeOnDrop`
+    (
+        impl_inner: $name:ident
+        $(< $( $lt:tt $( : $clt:tt $(+ $dlt:tt )* )? ),+ >)?
+        ($core_ty:ty);
+        ZeroizeOnDrop $($trait_name:ident)*;
+    ) => {
+        // Verify that `$core_ty` and `Buffer<$core_ty>` implement `ZeroizeOnDrop`
+        #[cfg(feature = "zeroize")]
+        const _: () = {
+            fn check_core$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$core_ty) {
+                v as &dyn $crate::zeroize::ZeroizeOnDrop;
+            }
+
+            fn check_buffer$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$crate::block_api::Buffer<$core_ty>) {
+                v as &dyn $crate::zeroize::ZeroizeOnDrop;
+            }
+        };
+
+        #[cfg(feature = "zeroize")]
+        impl$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)? $crate::zeroize::ZeroizeOnDrop for $name$(< $( $lt ),+ >)? {}
+
+        $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;);
+    };
 }
diff --git a/digest/tests/dummy_fixed.rs b/digest/tests/dummy_fixed.rs
@@ -75,6 +75,17 @@ mod block_api {
             })
         }
     }
+
+    #[cfg(feature = "zeroize")]
+    impl Drop for FixedHashCore {
+        fn drop(&mut self) {
+            use zeroize::Zeroize;
+            self.state.zeroize();
+        }
+    }
+
+    #[cfg(feature = "zeroize")]
+    impl zeroize::ZeroizeOnDrop for FixedHashCore {}
 }
 
 digest::buffer_fixed!(
@@ -99,3 +110,11 @@ digest::buffer_fixed!(
     oid: "0.1.2.3.4.5";
     impl: FixedHashTraits;
 );
+
+#[cfg(feature = "zeroize")]
+/// check for `ZeroizeOnDrop` implementations
+const _: () = {
+    const fn check_zeroize<T: zeroize::ZeroizeOnDrop>() {}
+    check_zeroize::<FixedHashWithSer>();
+    check_zeroize::<FixedHashWithOidSer>();
+};
