Skip to content

Make Zeroization Optional#592

Open
achimcc wants to merge 3 commits intoorion-rs:masterfrom
achimcc:feature/optionalZeroization
Open

Make Zeroization Optional#592
achimcc wants to merge 3 commits intoorion-rs:masterfrom
achimcc:feature/optionalZeroization

Conversation

@achimcc
Copy link

@achimcc achimcc commented Feb 13, 2026

This implements issue #315

Make zeroization optional via a zeroize feature flag

This PR makes the zeroize dependency optional behind a new zeroize Cargo
feature (enabled by default). This allows users who don't need automatic
memory zeroization to reduce their dependency footprint.

Changes

  • Cargo.toml: Made zeroize an optional dependency with a dedicated
    dep:zeroize feature. Added zeroize?/alloc to safe_api for heap-allocated
    types.
  • typedefs.rs: Added three helpers for conditional zeroization:
    • zeroize_wrap! macro — wraps a value in Zeroizing or returns it as-is
    • ZeroizeWrap type alias — resolves to Zeroizing or plain T
    • zeroize_call! macro — calls .zeroize() or is a no-op
  • Drop impls: Gated all impl Drop blocks behind #[cfg(feature = "zeroize")]
  • SHA2 Word trait: Replaced the hard Zeroize bound with a MaybeZeroize helper
    trait that is conditionally empty
  • Function signatures: Replaced Zeroizing in internal APIs with
    ZeroizeWrap
  • Direct .zeroize() calls: Replaced with zeroize_call!() across AEAD, KDF,
    KEM, and MAC modules

Testing

Compiles cleanly with both cargo check (default, zeroize enabled) and cargo
check --no-default-features --features safe_api (zeroize disabled).

@codecov
Copy link

codecov bot commented Feb 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.73418% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 99.13%. Comparing base (b3bb8b0) to head (6d11d4b).

Files with missing lines Patch % Lines
src/hazardous/kdf/scrypt.rs 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #592      +/-   ##
==========================================
- Coverage   99.13%   99.13%   -0.01%     
==========================================
  Files         108      108              
  Lines       19970    19972       +2     
==========================================
+ Hits        19798    19799       +1     
- Misses        172      173       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

brycx
brycx requested changes Feb 14, 2026
View reviewed changes
Copy link
Member

@brycx brycx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for taking the time to submit a PR for this @achimcc!

I have a few comments but most of it should be pretty simple fixes. I like the overall approach so far.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brycx brycx brycx requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@achimcc @brycx

Comments