Make zeroize optional (dalek-cryptography#263)

Defaults to on
pinkforest · Jan 9, 2023 · 4f6b4b2 · 4f6b4b2
1 parent 6ee4d1d
commit 4f6b4b2
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,15 +24,15 @@ rustdoc-args = ["--cfg", "docsrs"]
 features = ["nightly", "batch", "pkcs8"]
 
 [dependencies]
-curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["digest", "rand_core", "zeroize"] }
+curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["digest", "rand_core"] }
 ed25519 = { version = "=2.0.0-rc.0", default-features = false }
 merlin = { version = "3", default-features = false, optional = true }
 rand = { version = "0.8", default-features = false, optional = true }
 rand_core = { version = "0.6.4", default-features = false, optional = true }
 serde = { version = "1.0", default-features = false, optional = true }
 serde_bytes = { version = "0.11", optional = true }
 sha2 = { version = "0.10", default-features = false }
-zeroize = { version = "1.5", default-features = false }
+zeroize = { version = "1.5", default-features = false, optional = true }
 
 [dev-dependencies]
 hex = "0.4"
@@ -50,8 +50,8 @@ name = "ed25519_benchmarks"
 harness = false
 
 [features]
-default = ["std", "rand"]
-alloc = ["curve25519-dalek/alloc", "ed25519/alloc", "rand?/alloc", "serde?/alloc", "zeroize/alloc"]
+default = ["std", "rand", "zeroize"]
+alloc = ["curve25519-dalek/alloc", "ed25519/alloc", "rand?/alloc", "serde?/alloc", "zeroize?/alloc"]
 std = ["alloc", "ed25519/std", "rand?/std", "serde?/std", "sha2/std"]
 
 asm = ["sha2/asm"]
@@ -64,6 +64,7 @@ pkcs8 = ["ed25519/pkcs8"]
 pem = ["alloc", "ed25519/pem", "pkcs8"]
 rand = ["dep:rand", "dep:rand_core"]
 serde = ["dep:serde", "serde_bytes", "ed25519/serde"]
+zeroize = ["dep:zeroize", "curve25519-dalek/zeroize"]
 
 [patch.crates-io.curve25519-dalek]
 git = "https://github.com/dalek-cryptography/curve25519-dalek.git"
diff --git a/src/signing.rs b/src/signing.rs
@@ -32,6 +32,7 @@ use curve25519_dalek::scalar::Scalar;
 
 use ed25519::signature::{KeypairRef, Signer, Verifier};
 
+#[cfg(feature = "zeroize")]
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::constants::*;
@@ -505,12 +506,14 @@ impl TryFrom<&[u8]> for SigningKey {
     }
 }
 
+#[cfg(feature = "zeroize")]
 impl Drop for SigningKey {
     fn drop(&mut self) {
         self.secret_key.zeroize();
     }
 }
 
+#[cfg(feature = "zeroize")]
 impl ZeroizeOnDrop for SigningKey {}
 
 #[cfg(feature = "pkcs8")]
@@ -643,6 +646,7 @@ pub(crate) struct ExpandedSecretKey {
     pub(crate) nonce: [u8; 32],
 }
 
+#[cfg(feature = "zeroize")]
 impl Drop for ExpandedSecretKey {
     fn drop(&mut self) {
         self.key.zeroize();