From b19316082ede842a8890f54198bcf275c2393356 Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:10:01 +0300 Subject: [PATCH 01/10] added concept of expose_mut. reference to protected --- .gitignore | 1 + src/lib.rs | 171 ++++++++++++++++++++++++++++++++++------------------- 2 files changed, 110 insertions(+), 62 deletions(-) diff --git a/.gitignore b/.gitignore index ea8c4bf..d81f12e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +/.idea diff --git a/src/lib.rs b/src/lib.rs index b155ac4..7d231da 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -9,12 +9,12 @@ use core::{ any, fmt::{self, Debug}, }; -use libc::{PROT_NONE, PROT_READ, PROT_WRITE}; -use memsec::{mlock, mprotect, munlock}; -use std::{mem, ptr::NonNull}; +use std::ops::{Deref, DerefMut}; +use std::ptr::NonNull; +use libc::{PROT_EXEC, PROT_NONE, PROT_READ, PROT_WRITE}; +use memsec::{mlock, mprotect, munlock}; use zeroize::{Zeroize, ZeroizeOnDrop}; - pub use zeroize; /// Wrapper for the inner secret. Can be exposed by [`ExposeSecret`] @@ -25,29 +25,29 @@ pub struct SecretBox { impl Zeroize for SecretBox { fn zeroize(&mut self) { - let len = mem::size_of_val(&*self.inner_secret); + self.inner_secret.as_mut().zeroize() + } +} + +impl Drop for SecretBox { + fn drop(&mut self) { + let len = size_of_val(&*self.inner_secret); let secret_ptr = self.inner_secret.as_ref() as *const S; unsafe { if !munlock(secret_ptr as *mut u8, len) { - eprintln!("Unable to munlock variable") + panic!("Unable to munlock variable") } if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_READ | PROT_WRITE, + PROT_READ | PROT_WRITE | PROT_EXEC, ) { - eprintln!("Unable to unprotect variable") + panic!("Unable to unprotect variable") } } - self.inner_secret.as_mut().zeroize() - } -} - -impl Drop for SecretBox { - fn drop(&mut self) { self.zeroize() } } @@ -63,7 +63,7 @@ impl From> for SecretBox { impl SecretBox { /// Create a secret value using a pre-boxed value. pub fn new(boxed_secret: Box) -> Self { - let len = mem::size_of_val(&*boxed_secret); + let len = size_of_val(&*boxed_secret); let secret_ptr = Box::into_raw(boxed_secret); @@ -76,7 +76,7 @@ impl SecretBox { NonNull::new(secret_ptr).expect("Unable to convert box to NonNull"), PROT_NONE, ) { - panic!("Unable to protect secret") + panic!("Unable to mprotect secret") } } @@ -93,7 +93,7 @@ impl SecretBox { /// Create a secret value using a function that can initialize the vale in-place. pub fn new_with_mut(ctr: impl FnOnce(&mut S)) -> Self { let mut secret = Self::default(); - ctr(secret.expose_secret().inner_secret_mut()); + ctr(&mut *secret.expose_secret_mut()); secret } } @@ -129,10 +129,8 @@ impl SecretBox { impl Default for SecretBox { fn default() -> Self { - Self { - inner_secret: Box::::default(), - protected: false, - } + let inner_secret = Box::::default(); + SecretBox::new(inner_secret) } } @@ -147,79 +145,111 @@ where S: CloneableSecret, { fn clone(&self) -> Self { - SecretBox { - inner_secret: self.inner_secret.clone(), - protected: false, - } + SecretBox::new(self.inner_secret.clone()) } } impl ExposeSecret for SecretBox { fn expose_secret(&mut self) -> SecretGuard<'_, S> { - SecretGuard::new(self.inner_secret.as_mut(), self.protected) + SecretGuard::new(&self.inner_secret, &mut self.protected) + } + + fn expose_secret_mut(&mut self) -> SecretGuardMut<'_, S> { + SecretGuardMut::new(&mut self.inner_secret, &mut self.protected) } } -/// Secret Guard that holds a mutable to reference to the secret +/// Secret Guard that holds a reference to the secret. pub struct SecretGuard<'a, S> +where + S: Zeroize, +{ + data: &'a S, + protected: &'a mut bool, +} + +impl Deref for SecretGuard<'_, S> +where + S: Zeroize, +{ + type Target = S; + + fn deref(&self) -> &Self::Target { + self.data + } +} + +/// Secret Guard that holds a mutable to reference to the secret. +pub struct SecretGuardMut<'a, S> where S: Zeroize, { data: &'a mut S, - protected: bool, + protected: &'a mut bool, +} + +impl Deref for SecretGuardMut<'_, S> +where + S: Zeroize, +{ + type Target = S; + + fn deref(&self) -> &Self::Target { + self.data + } +} + +impl DerefMut for SecretGuardMut<'_, S> +where + S: Zeroize, +{ + fn deref_mut(&mut self) -> &mut Self::Target { + self.data + } } impl<'a, S: Zeroize> SecretGuard<'a, S> { /// Create a new SecretGuard instance. - pub fn new(data: &'a mut S, protected: bool) -> Self { + pub fn new(data: &'a S, protected: &'a mut bool) -> Self { + Self { data, protected } + } +} + +impl<'a, S: Zeroize> SecretGuardMut<'a, S> { + /// Create a new SecretGuard instance. + pub fn new(data: &'a mut S, protected: &'a mut bool) -> Self { Self { data, protected } } - /// Get a shared reference to the inner secret - pub fn inner_secret(&mut self) -> &S { +} + +impl<'a, S: Zeroize> Drop for SecretGuard<'a, S> { + fn drop(&mut self) { let secret_ptr = self.data as *const S; - if self.protected { + if !*self.protected { unsafe { if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_READ, + PROT_NONE, ) { - panic!("Unable to protect secret_guard") + panic!("Unable to mprotect memory") } } } - self.protected = false; - self.data - } - - /// Get an exclusive reference to the inner secret - pub fn inner_secret_mut(&mut self) -> &mut S { - let secret_ptr = self.data as *const S; - - unsafe { - if !mprotect( - NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_READ | PROT_WRITE, - ) { - panic!("Unable to protect secret_guard") - } - } - self.protected = false; - self.data } } -impl<'a, S: Zeroize> Drop for SecretGuard<'a, S> { +impl<'a, S: Zeroize> Drop for SecretGuardMut<'a, S> { fn drop(&mut self) { let secret_ptr = self.data as *const S; - if !self.protected { + if !*self.protected { unsafe { if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), PROT_NONE, ) { - panic!("Unable to protect memory") + panic!("Unable to mprotect memory") } } } @@ -231,13 +261,18 @@ pub trait CloneableSecret: Clone + Zeroize {} /// Create a SecretGuard that holds a reference to the secret pub trait ExposeSecret { - /// Expose secret: this is the only method providing access to a secret. + /// Expose secret as non-mutable. fn expose_secret(&mut self) -> SecretGuard<'_, S>; + + /// Expose secret as mutable. + fn expose_secret_mut(&mut self) -> SecretGuardMut<'_, S>; } #[cfg(test)] mod tests { + use libc::PROT_EXEC; use super::*; + #[derive(Debug, Clone, Default)] struct TestSecret { data: Vec, @@ -269,7 +304,7 @@ mod tests { fn test_secret_box_drop_zeroizes() { let secret = Box::new(TestSecret::new(10)); let mut secret_box = SecretBox::new(secret); - assert!(secret_box.expose_secret().inner_secret().check_non_zero()); + assert!((& *secret_box.expose_secret()).check_non_zero()); drop(secret_box); @@ -284,17 +319,17 @@ mod tests { let secret = Box::new(TestSecret::new(10)); let mut secret_box = SecretBox::new(secret); { - let mut exposed = secret_box.expose_secret(); - exposed.inner_secret_mut().data[0] = 42; + let mut exposed = secret_box.expose_secret_mut(); + (&mut *exposed).data[0] = 42; } - assert_eq!(secret_box.expose_secret().inner_secret().data[0], 42); + assert_eq!((& *secret_box.expose_secret()).data[0], 42); } #[test] fn test_secret_box_new_with_ctr() { let mut secret_box = SecretBox::new_with_ctr(|| TestSecret::new(10)); - assert!(secret_box.expose_secret().inner_secret().check_non_zero()); + assert!((& *secret_box.expose_secret()).check_non_zero()); } #[test] @@ -303,8 +338,20 @@ mod tests { SecretBox::try_new_with_ctr(|| Ok(TestSecret::new(10))); match result { - Ok(mut secret_box) => assert!(secret_box.expose_secret().inner_secret().check_non_zero()), + Ok(mut secret_box) => assert!((& *secret_box.expose_secret()).check_non_zero()), Err(_) => panic!("Expected Ok variant"), } } + + #[test] + fn test_mprotect() { + let a = 2; + let ptr = &a as *const i32; + unsafe { + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_NONE)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_READ)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_EXEC)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_READ | PROT_WRITE | PROT_EXEC)); + } + } } From fc8befa3ea86acb9cfc166d985388cc8f5acf5c1 Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:30:17 +0300 Subject: [PATCH 02/10] Rename ci.yaml to ci.yaml --- .github/{workspaces => workflows}/ci.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{workspaces => workflows}/ci.yaml (100%) diff --git a/.github/workspaces/ci.yaml b/.github/workflows/ci.yaml similarity index 100% rename from .github/workspaces/ci.yaml rename to .github/workflows/ci.yaml From 4a75c13d6d19924ba9e480c2c7a681b0a3c9d594 Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:35:09 +0300 Subject: [PATCH 03/10] Update ci.yaml --- .github/workflows/ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3dd422f..50f13c0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,6 @@ jobs: strategy: matrix: runner: [ubuntu-latest, macos-latest, windows-latest] - fail-fast: false steps: - uses: actions/checkout@v4 From 36ebf1d585776453ab614b7bbaa656c1b0c78479 Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:38:16 +0300 Subject: [PATCH 04/10] clippy --- src/lib.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 7d231da..49eca3b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -304,7 +304,7 @@ mod tests { fn test_secret_box_drop_zeroizes() { let secret = Box::new(TestSecret::new(10)); let mut secret_box = SecretBox::new(secret); - assert!((& *secret_box.expose_secret()).check_non_zero()); + assert!((*secret_box.expose_secret()).check_non_zero()); drop(secret_box); @@ -320,16 +320,16 @@ mod tests { let mut secret_box = SecretBox::new(secret); { let mut exposed = secret_box.expose_secret_mut(); - (&mut *exposed).data[0] = 42; + (*exposed).data[0] = 42; } - assert_eq!((& *secret_box.expose_secret()).data[0], 42); + assert_eq!((*secret_box.expose_secret()).data[0], 42); } #[test] fn test_secret_box_new_with_ctr() { let mut secret_box = SecretBox::new_with_ctr(|| TestSecret::new(10)); - assert!((& *secret_box.expose_secret()).check_non_zero()); + assert!((*secret_box.expose_secret()).check_non_zero()); } #[test] @@ -338,7 +338,7 @@ mod tests { SecretBox::try_new_with_ctr(|| Ok(TestSecret::new(10))); match result { - Ok(mut secret_box) => assert!((& *secret_box.expose_secret()).check_non_zero()), + Ok(mut secret_box) => assert!((*secret_box.expose_secret()).check_non_zero()), Err(_) => panic!("Expected Ok variant"), } } From 99ab6a7e302e6c85ed2fcd3b7d68410e4ca7015d Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:39:53 +0300 Subject: [PATCH 05/10] Update ci.yaml --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 50f13c0..99c801c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -18,7 +18,8 @@ jobs: runs-on: ${{ matrix.runner }} strategy: matrix: - runner: [ubuntu-latest, macos-latest, windows-latest] + # runner: [ubuntu-latest, macos-latest, windows-latest] + runner: [macos-latest, windows-latest] steps: - uses: actions/checkout@v4 From bdf08cfedfe5843e6b9287fc977c6b209700b1e5 Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:45:50 +0300 Subject: [PATCH 06/10] Update ci.yaml --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 99c801c..9f2bb0c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,7 @@ jobs: strategy: matrix: # runner: [ubuntu-latest, macos-latest, windows-latest] - runner: [macos-latest, windows-latest] + runner: [windows-latest] steps: - uses: actions/checkout@v4 From d6037a0e8ce9d1f4114896f2e4cea827844d415c Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:49:58 +0300 Subject: [PATCH 07/10] windows guard --- Cargo.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index cb68692..60a8761 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,8 @@ version = "0.1.0" edition = "2021" [dependencies] -libc = "0.2.158" memsec = "0.7.0" zeroize = "1.8.1" + +[target.'cfg(unix)'.dependencies] +libc = "0.2.158" From afa62fb438edd5ee2bad1ea64c9edf2169eaf6fe Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Sun, 8 Sep 2024 17:57:12 +0300 Subject: [PATCH 08/10] use common const for mprotect flags --- src/lib.rs | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 49eca3b..942e77b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -11,9 +11,7 @@ use core::{ }; use std::ops::{Deref, DerefMut}; use std::ptr::NonNull; - -use libc::{PROT_EXEC, PROT_NONE, PROT_READ, PROT_WRITE}; -use memsec::{mlock, mprotect, munlock}; +use memsec::{mlock, mprotect, munlock, Prot}; use zeroize::{Zeroize, ZeroizeOnDrop}; pub use zeroize; @@ -42,7 +40,7 @@ impl Drop for SecretBox { if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_READ | PROT_WRITE | PROT_EXEC, + Prot::ReadWriteExec, ) { panic!("Unable to unprotect variable") } @@ -74,7 +72,7 @@ impl SecretBox { if !mprotect( NonNull::new(secret_ptr).expect("Unable to convert box to NonNull"), - PROT_NONE, + Prot::NoAccess, ) { panic!("Unable to mprotect secret") } @@ -230,7 +228,7 @@ impl<'a, S: Zeroize> Drop for SecretGuard<'a, S> { unsafe { if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_NONE, + Prot::NoAccess, ) { panic!("Unable to mprotect memory") } @@ -247,7 +245,7 @@ impl<'a, S: Zeroize> Drop for SecretGuardMut<'a, S> { unsafe { if !mprotect( NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - PROT_NONE, + Prot::NoAccess, ) { panic!("Unable to mprotect memory") } @@ -270,7 +268,6 @@ pub trait ExposeSecret { #[cfg(test)] mod tests { - use libc::PROT_EXEC; use super::*; #[derive(Debug, Clone, Default)] @@ -348,10 +345,14 @@ mod tests { let a = 2; let ptr = &a as *const i32; unsafe { - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_NONE)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_READ)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_EXEC)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), PROT_READ | PROT_WRITE | PROT_EXEC)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::NoAccess)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadOnly)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::WriteOnly)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadWrite)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadExec)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::WriteExec)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::Execute)); + assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadWriteExec)); } } } From 0adafeeb7bb9c1eb472f686969e7eaffa2d89ea9 Mon Sep 17 00:00:00 2001 From: Eyob Date: Sun, 8 Sep 2024 21:38:29 +0300 Subject: [PATCH 09/10] Remove mprotect --- src/lib.rs | 96 +++++++----------------------------------------------- 1 file changed, 12 insertions(+), 84 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 942e77b..f80f702 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,5 @@ //! This is a fork of the [secrets](https://github.com/stouset/secrets) crate. -//! This crate adds `mlock` and `mprotect` to lock the secret's page in memory -//! and read only when exposed +//! This crate adds `mlock` to lock the secret's page in memory #![cfg_attr(docsrs, feature(doc_auto_cfg))] #![warn(missing_docs, rust_2018_idioms, unused_qualifications)] @@ -9,16 +8,14 @@ use core::{ any, fmt::{self, Debug}, }; +use memsec::{mlock, munlock}; use std::ops::{Deref, DerefMut}; -use std::ptr::NonNull; -use memsec::{mlock, mprotect, munlock, Prot}; -use zeroize::{Zeroize, ZeroizeOnDrop}; pub use zeroize; +use zeroize::{Zeroize, ZeroizeOnDrop}; /// Wrapper for the inner secret. Can be exposed by [`ExposeSecret`] pub struct SecretBox { inner_secret: Box, - protected: bool, } impl Zeroize for SecretBox { @@ -29,7 +26,7 @@ impl Zeroize for SecretBox { impl Drop for SecretBox { fn drop(&mut self) { - let len = size_of_val(&*self.inner_secret); + let len = std::mem::size_of_val(&*self.inner_secret); let secret_ptr = self.inner_secret.as_ref() as *const S; @@ -37,13 +34,6 @@ impl Drop for SecretBox { if !munlock(secret_ptr as *mut u8, len) { panic!("Unable to munlock variable") } - - if !mprotect( - NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - Prot::ReadWriteExec, - ) { - panic!("Unable to unprotect variable") - } } self.zeroize() @@ -61,7 +51,7 @@ impl From> for SecretBox { impl SecretBox { /// Create a secret value using a pre-boxed value. pub fn new(boxed_secret: Box) -> Self { - let len = size_of_val(&*boxed_secret); + let len = std::mem::size_of_val(&*boxed_secret); let secret_ptr = Box::into_raw(boxed_secret); @@ -69,21 +59,11 @@ impl SecretBox { if !mlock(secret_ptr as *mut u8, len) { panic!("Unable to mlock variable ") } - - if !mprotect( - NonNull::new(secret_ptr).expect("Unable to convert box to NonNull"), - Prot::NoAccess, - ) { - panic!("Unable to mprotect secret") - } } let inner_secret = unsafe { Box::from_raw(secret_ptr) }; - Self { - inner_secret, - protected: true, - } + Self { inner_secret } } } @@ -149,11 +129,11 @@ where impl ExposeSecret for SecretBox { fn expose_secret(&mut self) -> SecretGuard<'_, S> { - SecretGuard::new(&self.inner_secret, &mut self.protected) + SecretGuard::new(&self.inner_secret) } fn expose_secret_mut(&mut self) -> SecretGuardMut<'_, S> { - SecretGuardMut::new(&mut self.inner_secret, &mut self.protected) + SecretGuardMut::new(&mut self.inner_secret) } } @@ -163,7 +143,6 @@ where S: Zeroize, { data: &'a S, - protected: &'a mut bool, } impl Deref for SecretGuard<'_, S> @@ -183,7 +162,6 @@ where S: Zeroize, { data: &'a mut S, - protected: &'a mut bool, } impl Deref for SecretGuardMut<'_, S> @@ -208,49 +186,15 @@ where impl<'a, S: Zeroize> SecretGuard<'a, S> { /// Create a new SecretGuard instance. - pub fn new(data: &'a S, protected: &'a mut bool) -> Self { - Self { data, protected } + pub fn new(data: &'a S) -> Self { + Self { data } } } impl<'a, S: Zeroize> SecretGuardMut<'a, S> { /// Create a new SecretGuard instance. - pub fn new(data: &'a mut S, protected: &'a mut bool) -> Self { - Self { data, protected } - } -} - -impl<'a, S: Zeroize> Drop for SecretGuard<'a, S> { - fn drop(&mut self) { - let secret_ptr = self.data as *const S; - - if !*self.protected { - unsafe { - if !mprotect( - NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - Prot::NoAccess, - ) { - panic!("Unable to mprotect memory") - } - } - } - } -} - -impl<'a, S: Zeroize> Drop for SecretGuardMut<'a, S> { - fn drop(&mut self) { - let secret_ptr = self.data as *const S; - - if !*self.protected { - unsafe { - if !mprotect( - NonNull::new(secret_ptr as *mut S).expect("Unable to convert ptr to NonNull"), - Prot::NoAccess, - ) { - panic!("Unable to mprotect memory") - } - } - } + pub fn new(data: &'a mut S) -> Self { + Self { data } } } @@ -339,20 +283,4 @@ mod tests { Err(_) => panic!("Expected Ok variant"), } } - - #[test] - fn test_mprotect() { - let a = 2; - let ptr = &a as *const i32; - unsafe { - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::NoAccess)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadOnly)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::WriteOnly)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadWrite)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadExec)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::WriteExec)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::Execute)); - assert!(mprotect(NonNull::new(ptr as *mut i32).unwrap(), Prot::ReadWriteExec)); - } - } } From ee1a8427b0c828783f42a645c9e853ddb562da1c Mon Sep 17 00:00:00 2001 From: Eyob Date: Sun, 8 Sep 2024 21:48:35 +0300 Subject: [PATCH 10/10] Remove unnecessary qualifications --- src/lib.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index f80f702..b7feff4 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,6 +10,7 @@ use core::{ }; use memsec::{mlock, munlock}; use std::ops::{Deref, DerefMut}; +use std::mem::size_of_val; pub use zeroize; use zeroize::{Zeroize, ZeroizeOnDrop}; @@ -26,7 +27,7 @@ impl Zeroize for SecretBox { impl Drop for SecretBox { fn drop(&mut self) { - let len = std::mem::size_of_val(&*self.inner_secret); + let len = size_of_val(&*self.inner_secret); let secret_ptr = self.inner_secret.as_ref() as *const S; @@ -51,7 +52,7 @@ impl From> for SecretBox { impl SecretBox { /// Create a secret value using a pre-boxed value. pub fn new(boxed_secret: Box) -> Self { - let len = std::mem::size_of_val(&*boxed_secret); + let len = size_of_val(&*boxed_secret); let secret_ptr = Box::into_raw(boxed_secret);