compiling to wasm fails due to clear_on_drop without no_cc ? #281
Comments
|
@warner re: Barring any unforeseen circumstances, the next release of |
|
Cool, thanks, that sounds like the best solution. I'll wait for that update. |
|
As cargo features are additive then it might help if you add clear_on_drop as your own dependency with the no_cc feature. I suppose clear_on_drop might be violating feature additivity by using no_cc this way, but hey yet another problem with clear_on_drop. |
|
Oh, thank you! That at least gets me a quick workaround I can use to move forward with testing. |
|
@warner The issue with |
`zeroize` is WASM-friendly as it has no dependencies on C compilers. Instead uses Rust's own volatile write semantics and compiler fences to ensure zeroization is not elided by the compiler.
`zeroize` is WASM-friendly as it has no dependencies on C compilers. Instead uses Rust's own volatile write semantics and compiler fences to ensure zeroization is not elided by the compiler.
`zeroize` is WASM-friendly as it has no dependencies on C compilers. Instead uses Rust's own volatile write semantics and compiler fences to ensure zeroization is not elided by the compiler.
`zeroize` is WASM-friendly as it has no dependencies on C compilers. Instead uses Rust's own volatile write semantics and compiler fences to ensure zeroization is not elided by the compiler.
`zeroize` is WASM-friendly as it has no dependencies on C compilers. Instead uses Rust's own volatile write semantics and compiler fences to ensure zeroization is not elided by the compiler.
Switch from `clear_on_drop` to `zeroize` (fixes #281)
I'm experimenting with using magic-wormhole.rs in a browser context, for which I'm compiling it to WASM (https://github.com/warner/magic-wormhole.rs/issues/2). This is my first attempt at doing anything with WASM, so please tell me if I'm missing something obvious, but I'm seeing the
wasm-pack buildfail becauseclear_on_dropis trying to compile a C file, and I guess that doesn't work when the target is WASM. The dependency chain ismagic-wormhole->spake2->curve25519-dalek->clear_on_drop.It looks like
clear_on_drophas a feature (no_cc) that would disable the C compilation, which might allow this to work. But there's no way formagic-wormholeto askcurve25519-dalekto askclear_on_dropto use that feature.So I think what I'm asking for is some
curve25519-dalekfeature that would then modify itsclear_on_dropdependency's features to avoid this C compile. Then I could add a similar feature tospake2that affects its dependency uponcurve25519-dalek, and then again withmagic-wormholeaffecting its dependency uponspake2to pass the request along.Does that make sense? It sounds like a lot of work spread over many crates, and I have to imagine that every "feature" added to a Cargo.toml is a long-lived maintenance burden, so I don't really want to make a high-cost feature request for a fringe use case. And clear-on-drop is obviously the right thing to be doing, I don't want to see it become harder to achieve that security property. Is there a better way that people deal with this cross-crate feature handling?
For magic-wormhole's own clear-the-old-secrets purposes, I'm considering the
zeroizecrate, which I think is pure-Rust. But I don't really know what the tradeoffs are; I have to imagineclear_on_dropis more reliable or more thorough when it can use lower-level tools.The text was updated successfully, but these errors were encountered: