Giter VIP home page Giter VIP logo

Comments (7)

troublescooter avatar troublescooter commented on June 6, 2024 1

While trying to see what can be done about this, I ran into a differently worded error:

291 |   impl Zeroize for Box<[u8;3]> {
    |   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ conflicting implementation for `alloc::boxed::Box<[u8; 3]>`
    |
    = note: upstream crates may add a new impl of trait `core::marker::Copy` for type `alloc::boxed::Box<[u8; 3]>` in future versions

So apparently Box could in the future implement Copy, making this not a false positive, but I haven't been able to find an issue or link with more information.
This doesn't help solve the problem, but it surprised me enough to share.

from crates.

tony-iqlusion avatar tony-iqlusion commented on June 6, 2024

The Box impls in zeroize are gated on the alloc feature in zeroize.

Are you using secrecy with --no-default-features?

from crates.

troublescooter avatar troublescooter commented on June 6, 2024

Adding this to the tests in the zeroize crate

fn impls_zeroize<Z: Zeroize>(_: &Z) {}

#[cfg(feature = "alloc")]
#[test]
fn zeroize_box() {
      let mut boxed_arr = Box::new([42u8; 3]);
      // works
      <[u8; 3] as Zeroize>::zeroize(&mut *boxed_arr);
      // works
      boxed_arr.zeroize();
      // doesn't work
      <Box<[u8; 3]> as Zeroize>::zeroize(&mut boxed_arr);
      // doesn't work
      impls_zeroize(&boxed_arr);
      assert_eq!(boxed_arr.as_ref(), &[0u8; 3]);
 }

shows that Box appears to implement Zeroize due to deref coercion.
Adding

#[cfg(feature = "alloc")]
#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
impl Zeroize for Box<[u8; 3]>
{
    fn zeroize(&mut self) {
       (**self).zeroize()
  }
}

gets the test to compile, but adding

#[cfg(feature = "alloc")]
#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
impl<Z> Zeroize for Box<Z>
where
    Z: Zeroize,
{
    fn zeroize(&mut self) {
       (**self).zeroize()
  }
}

fails with the error

   Compiling zeroize v1.1.1 (/home/c/pjts/secretbox/src/vendor/zeroize)
error[E0119]: conflicting implementations of trait `Zeroize` for type `alloc::boxed::Box<_>`:
   --> src/lib.rs:375:1
    |
237 | / impl<Z> Zeroize for Z
238 | | where
239 | |     Z: DefaultIsZeroes,
240 | | {
...   |
244 | |     }
245 | | }
    | |_- first implementation here
...
375 | / impl<Z> Zeroize for Box<Z>
376 | | where
377 | |     Z: Zeroize,
378 | | {
...   |
385 | |     }
386 | | }
    | |_^ conflicting implementation for `alloc::boxed::Box<_>`
    |
    = note: downstream crates may implement trait `DefaultIsZeroes` for type `alloc::boxed::Box<_>`

Which is a false positive, DefaultIsZeroes being a subtrait of Copy.

from crates.

tony-iqlusion avatar tony-iqlusion commented on June 6, 2024

Thanks for reporting this and the writeup. It seems there are major issues with both zeroize and secrecy.

Per the conflicting implementations error you're getting, I'm not sure how to address the Box situation in zeroize without specialization. I'll try to take a look at both of these issues in depth when I have some more spare time.

from crates.

ia0 avatar ia0 commented on June 6, 2024

Isn't the problem that SecretBox<T> should not be implemented as Secret<Box<T>> but as a custom type instead? The reason is that we want T: Zeroize not Box<T>: Zeroize.

pub struct SecretBox<T: Zeroize>(Box<T>);

from crates.

tony-iqlusion avatar tony-iqlusion commented on June 6, 2024

@ia0 yes, I've wanted to refactor it to something like that, but haven't had time

from crates.

ia0 avatar ia0 commented on June 6, 2024

Cool! Thanks for the feedback and no worries. Nothing urgent, just wanted to check my understanding.

from crates.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.