Revert "chore: circumvent unused clippy lint in a struct with #[zeoize(skip)]"

SimonThormeyer · SimonThormeyer · commit eca5ecf32ebd · 2025-11-26T11:48:27.000+01:00
This reverts commit 31310de.
diff --git a/crypto/src/mls/credential/mod.rs b/crypto/src/mls/credential/mod.rs
@@ -312,7 +312,7 @@ mod tests {
         let new_pki_kp = PkiKeypair::rand_unchecked(case.signature_scheme());
 
         let eve_key = CertificatePrivateKey {
-            value: new_pki_kp.signing_key_bytes().into(),
+            value: new_pki_kp.signing_key_bytes(),
             signature_scheme: case.ciphersuite().signature_algorithm(),
         };
         let cb = CertificateBundle {
diff --git a/crypto/src/mls/credential/x509.rs b/crypto/src/mls/credential/x509.rs
@@ -10,17 +10,19 @@ use openmls_x509_credential::CertificateKeyPair;
 use wire_e2e_identity::prelude::{HashAlgorithm, WireIdentityReader};
 #[cfg(test)]
 use x509_cert::der::Encode;
-use zeroize::Zeroizing;
+use zeroize::Zeroize;
 
 use super::{Error, Result};
 #[cfg(test)]
 use crate::test_utils::x509::X509Certificate;
 use crate::{ClientId, Credential, CredentialType, MlsError, RecursiveError, e2e_identity::id::WireQualifiedClientId};
 
-#[derive(core_crypto_macros::Debug, Clone)]
+#[derive(core_crypto_macros::Debug, Clone, Zeroize)]
+#[zeroize(drop)]
 pub struct CertificatePrivateKey {
     #[sensitive]
-    pub(crate) value: Zeroizing<Vec<u8>>,
+    pub(crate) value: Vec<u8>,
+    #[zeroize(skip)]
     pub(crate) signature_scheme: SignatureScheme,
 }
 
@@ -208,7 +210,7 @@ impl CertificateBundle {
         Self {
             certificate_chain: vec![cert.certificate.to_der().unwrap(), issuer.certificate.to_der().unwrap()],
             private_key: CertificatePrivateKey {
-                value: cert.pki_keypair.signing_key_bytes().into(),
+                value: cert.pki_keypair.signing_key_bytes(),
                 signature_scheme: cert.signature_scheme,
             },
         }
diff --git a/crypto/src/test_utils/mod.rs b/crypto/src/test_utils/mod.rs
@@ -207,7 +207,7 @@ impl SessionContext {
                     certificate_chain: vec![cert_der],
                     private_key: crate::mls::credential::x509::CertificatePrivateKey {
                         signature_scheme,
-                        value: actor_cert.pki_keypair.signing_key_bytes().into(),
+                        value: actor_cert.pki_keypair.signing_key_bytes(),
                     },
                 }
             }
diff --git a/crypto/src/transaction_context/e2e_identity/mod.rs b/crypto/src/transaction_context/e2e_identity/mod.rs
@@ -89,7 +89,7 @@ impl TransactionContext {
         let crl_new_distribution_points = self.extract_dp_on_init(&certificate_chain[..]).await?;
 
         let private_key = CertificatePrivateKey {
-            value: sk.into(),
+            value: sk,
             signature_scheme: cs.signature_algorithm(),
         };
 
diff --git a/crypto/src/transaction_context/e2e_identity/rotate.rs b/crypto/src/transaction_context/e2e_identity/rotate.rs
@@ -155,7 +155,7 @@ impl TransactionContext {
             .map_err(RecursiveError::e2e_identity("getting certificate response"))?;
 
         let private_key = CertificatePrivateKey {
-            value: sk.into(),
+            value: sk,
             signature_scheme,
         };
 

Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,7 @@ impl SessionContext {`
`207`	`207`	`certificate_chain: vec![cert_der],`
`208`	`208`	`private_key: crate::mls::credential::x509::CertificatePrivateKey {`
`209`	`209`	`signature_scheme,`
`210`		`- value: actor_cert.pki_keypair.signing_key_bytes().into(),`
	`210`	`+ value: actor_cert.pki_keypair.signing_key_bytes(),`
`211`	`211`	`},`
`212`	`212`	`}`
`213`	`213`	`}`