|
236 | 236 | //! [`Ordering::SeqCst`]: core::sync::atomic::Ordering::SeqCst |
237 | 237 |
|
238 | 238 | #[cfg(feature = "alloc")] |
239 | | -#[cfg_attr(test, macro_use)] |
240 | 239 | extern crate alloc; |
241 | 240 |
|
242 | 241 | #[cfg(feature = "std")] |
@@ -774,216 +773,3 @@ pub mod __internal { |
774 | 773 | } |
775 | 774 | } |
776 | 775 | } |
777 | | - |
778 | | -#[cfg(test)] |
779 | | -mod tests { |
780 | | - use super::*; |
781 | | - |
782 | | - use core::mem::size_of; |
783 | | - |
784 | | - #[cfg(feature = "alloc")] |
785 | | - use alloc::boxed::Box; |
786 | | - |
787 | | - #[cfg(feature = "alloc")] |
788 | | - use alloc::vec::Vec; |
789 | | - |
790 | | - #[cfg(feature = "std")] |
791 | | - use std::ffi::CString; |
792 | | - |
793 | | - #[derive(Clone, Debug, PartialEq)] |
794 | | - struct ZeroizedOnDrop(u64); |
795 | | - |
796 | | - impl Drop for ZeroizedOnDrop { |
797 | | - fn drop(&mut self) { |
798 | | - self.0.zeroize(); |
799 | | - } |
800 | | - } |
801 | | - |
802 | | - #[test] |
803 | | - fn non_zero() { |
804 | | - macro_rules! non_zero_test { |
805 | | - ($($type:ty),+) => { |
806 | | - $(let mut value = <$type>::new(42).unwrap(); |
807 | | - value.zeroize(); |
808 | | - assert_eq!(value.get(), 1);)+ |
809 | | - }; |
810 | | - } |
811 | | - |
812 | | - non_zero_test!( |
813 | | - NonZeroI8, |
814 | | - NonZeroI16, |
815 | | - NonZeroI32, |
816 | | - NonZeroI64, |
817 | | - NonZeroI128, |
818 | | - NonZeroIsize, |
819 | | - NonZeroU8, |
820 | | - NonZeroU16, |
821 | | - NonZeroU32, |
822 | | - NonZeroU64, |
823 | | - NonZeroU128, |
824 | | - NonZeroUsize |
825 | | - ); |
826 | | - } |
827 | | - |
828 | | - #[test] |
829 | | - fn zeroize_byte_arrays() { |
830 | | - let mut arr = [42u8; 137]; |
831 | | - arr.zeroize(); |
832 | | - assert_eq!(arr.as_ref(), [0u8; 137].as_ref()); |
833 | | - } |
834 | | - |
835 | | - #[test] |
836 | | - fn zeroize_on_drop_byte_arrays() { |
837 | | - let mut arr = [ZeroizedOnDrop(42); 1]; |
838 | | - unsafe { core::ptr::drop_in_place(&mut arr) }; |
839 | | - assert_eq!(arr.as_ref(), [ZeroizedOnDrop(0); 1].as_ref()); |
840 | | - } |
841 | | - |
842 | | - #[test] |
843 | | - fn zeroize_maybeuninit_byte_arrays() { |
844 | | - let mut arr = [MaybeUninit::new(42u64); 64]; |
845 | | - arr.zeroize(); |
846 | | - let arr_init: [u64; 64] = unsafe { core::mem::transmute(arr) }; |
847 | | - assert_eq!(arr_init, [0u64; 64]); |
848 | | - } |
849 | | - |
850 | | - #[test] |
851 | | - fn zeroize_check_zerosize_types() { |
852 | | - // Since we assume these types have zero size, we test this holds for |
853 | | - // the current version of Rust. |
854 | | - assert_eq!(size_of::<()>(), 0); |
855 | | - assert_eq!(size_of::<PhantomPinned>(), 0); |
856 | | - assert_eq!(size_of::<PhantomData<usize>>(), 0); |
857 | | - } |
858 | | - |
859 | | - #[test] |
860 | | - fn zeroize_check_tuple() { |
861 | | - let mut tup1 = (42u8,); |
862 | | - tup1.zeroize(); |
863 | | - assert_eq!(tup1, (0u8,)); |
864 | | - |
865 | | - let mut tup2 = (42u8, 42u8); |
866 | | - tup2.zeroize(); |
867 | | - assert_eq!(tup2, (0u8, 0u8)); |
868 | | - } |
869 | | - |
870 | | - #[test] |
871 | | - fn zeroize_on_drop_check_tuple() { |
872 | | - let mut tup1 = (ZeroizedOnDrop(42),); |
873 | | - unsafe { core::ptr::drop_in_place(&mut tup1) }; |
874 | | - assert_eq!(tup1, (ZeroizedOnDrop(0),)); |
875 | | - |
876 | | - let mut tup2 = (ZeroizedOnDrop(42), ZeroizedOnDrop(42)); |
877 | | - unsafe { core::ptr::drop_in_place(&mut tup2) }; |
878 | | - assert_eq!(tup2, (ZeroizedOnDrop(0), ZeroizedOnDrop(0))); |
879 | | - } |
880 | | - |
881 | | - #[cfg(feature = "alloc")] |
882 | | - #[test] |
883 | | - fn zeroize_vec() { |
884 | | - let mut vec = vec![42; 3]; |
885 | | - vec.zeroize(); |
886 | | - assert!(vec.is_empty()); |
887 | | - } |
888 | | - |
889 | | - #[cfg(feature = "alloc")] |
890 | | - #[test] |
891 | | - fn zeroize_vec_entire_capacity() { |
892 | | - #[derive(Clone)] |
893 | | - struct PanicOnNonZeroDrop(u64); |
894 | | - |
895 | | - impl Zeroize for PanicOnNonZeroDrop { |
896 | | - fn zeroize(&mut self) { |
897 | | - self.0 = 0; |
898 | | - } |
899 | | - } |
900 | | - |
901 | | - impl Drop for PanicOnNonZeroDrop { |
902 | | - fn drop(&mut self) { |
903 | | - if self.0 != 0 { |
904 | | - panic!("dropped non-zeroized data"); |
905 | | - } |
906 | | - } |
907 | | - } |
908 | | - |
909 | | - // Ensure that the entire capacity of the vec is zeroized and that no unitinialized data |
910 | | - // is ever interpreted as initialized |
911 | | - let mut vec = vec![PanicOnNonZeroDrop(42); 2]; |
912 | | - |
913 | | - unsafe { |
914 | | - vec.set_len(1); |
915 | | - } |
916 | | - |
917 | | - vec.zeroize(); |
918 | | - |
919 | | - unsafe { |
920 | | - vec.set_len(2); |
921 | | - } |
922 | | - |
923 | | - drop(vec); |
924 | | - } |
925 | | - |
926 | | - #[cfg(feature = "alloc")] |
927 | | - #[test] |
928 | | - fn zeroize_string() { |
929 | | - let mut string = String::from("Hello, world!"); |
930 | | - string.zeroize(); |
931 | | - assert!(string.is_empty()); |
932 | | - } |
933 | | - |
934 | | - #[cfg(feature = "alloc")] |
935 | | - #[test] |
936 | | - fn zeroize_string_entire_capacity() { |
937 | | - let mut string = String::from("Hello, world!"); |
938 | | - string.truncate(5); |
939 | | - |
940 | | - string.zeroize(); |
941 | | - |
942 | | - // convert the string to a vec to easily access the unused capacity |
943 | | - let mut as_vec = string.into_bytes(); |
944 | | - unsafe { as_vec.set_len(as_vec.capacity()) }; |
945 | | - |
946 | | - assert!(as_vec.iter().all(|byte| *byte == 0)); |
947 | | - } |
948 | | - |
949 | | - #[cfg(feature = "std")] |
950 | | - #[test] |
951 | | - fn zeroize_c_string() { |
952 | | - let mut cstring = CString::new("Hello, world!").expect("CString::new failed"); |
953 | | - let orig_len = cstring.as_bytes().len(); |
954 | | - let orig_ptr = cstring.as_bytes().as_ptr(); |
955 | | - cstring.zeroize(); |
956 | | - // This doesn't quite test that the original memory has been cleared, but only that |
957 | | - // cstring now owns an empty buffer |
958 | | - assert!(cstring.as_bytes().is_empty()); |
959 | | - for i in 0..orig_len { |
960 | | - unsafe { |
961 | | - // Using a simple deref, only one iteration of the loop is performed |
962 | | - // presumably because after zeroize, the internal buffer has a length of one/ |
963 | | - // `read_volatile` seems to "fix" this |
964 | | - // Note that this is very likely UB |
965 | | - assert_eq!(orig_ptr.add(i).read_volatile(), 0); |
966 | | - } |
967 | | - } |
968 | | - } |
969 | | - |
970 | | - #[cfg(feature = "alloc")] |
971 | | - #[test] |
972 | | - fn zeroize_box() { |
973 | | - let mut boxed_arr = Box::new([42u8; 3]); |
974 | | - boxed_arr.zeroize(); |
975 | | - assert_eq!(boxed_arr.as_ref(), &[0u8; 3]); |
976 | | - } |
977 | | - |
978 | | - #[cfg(feature = "alloc")] |
979 | | - #[test] |
980 | | - fn asref() { |
981 | | - let mut buffer: Zeroizing<Vec<u8>> = Default::default(); |
982 | | - let _asmut: &mut [u8] = buffer.as_mut(); |
983 | | - let _asref: &[u8] = buffer.as_ref(); |
984 | | - |
985 | | - let mut buffer: Zeroizing<Box<[u8]>> = Default::default(); |
986 | | - let _asmut: &mut [u8] = buffer.as_mut(); |
987 | | - let _asref: &[u8] = buffer.as_ref(); |
988 | | - } |
989 | | -} |
0 commit comments