Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ZeroizeOnDrop on appropriate items #884

Merged
merged 1 commit into from
Jan 14, 2022
Merged

Implement ZeroizeOnDrop on appropriate items #884

merged 1 commit into from
Jan 14, 2022

Conversation

daxpedda
Copy link
Contributor

I'm assuming this is a breaking change.

@tarcieri
Copy link
Member

tarcieri commented Jan 14, 2022
edited
Loading

You'll need to bump the zeroize dependency to 1.5 in order for this to work.

That said, it shouldn't be a breaking change.

@daxpedda
Copy link
Contributor Author

I already had in Cargo.lock, I assumed you meant in Cargo.toml, done that now.

@daxpedda
Copy link
Contributor Author

daxpedda commented Jan 14, 2022
edited
Loading

If I realized that it wasn't a breaking change, I would have said something before the release. Any chance we can still get this out?

@tarcieri tarcieri merged commit e5b9920 into RustCrypto:master Jan 14, 2022
@tarcieri
Copy link
Member

Thanks!

@tarcieri
Copy link
Member

Any chance we can still get this out?

I can cut one more release of elliptic-curve v0.11 prior to landing #883

@tarcieri tarcieri mentioned this pull request Jan 15, 2022
Merged
@tarcieri
Copy link
Member

elliptic-curve v0.11.8 released in #889

@daxpedda daxpedda mentioned this pull request Jan 18, 2022
Closed
tarcieri added a commit that referenced this pull request Jan 27, 2022
@tarcieri
Revert "Implement ZeroizeOnDrop on appropriate items (#884)"
cae1cdf 
This reverts commit e5b9920.
tarcieri added a commit that referenced this pull request Jan 27, 2022
@tarcieri
elliptic-curve v0.11.10
cad4e11 
We've received a number of complaints about `zeroize` compatibility
(see RustCrypto/utils#723), which was exacerbated by #884 which bumped
the `zeroize` version within a minor version series.

I had hoped the cargo resolver would've been able to select an older
compatible version of zeroize in these cases, but I've gotten a lot of
reports that isn't happening.

This release reverts #884 in hopes of supporting a wider range of
`zeroize` versions for now. It's technically breaking in the event
anyone is actually depending on `ZeroizeOnDrop` marker traits on these
types, but it seems we've already broken things for current users and
that's the much higher impact issue.
@tarcieri tarcieri mentioned this pull request Jan 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daxpedda @tarcieri