openpgp: don't print SessionKey and Password

Disables Debug for SessionKey and Password in release mode.

1 files changed, 25 insertions, 2 deletions

diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs
index edfe98bf..bc1e2723 100644
--- a/openpgp/src/crypto/mod.rs
+++ b/openpgp/src/crypto/mod.rs
@@ -2,6 +2,8 @@
 
 use std::io::Read;
 use std::ops::Deref;
+use std::fmt;
+
 use memsec;
 use nettle::Hash;
 use nettle::random::Yarrow;
@@ -19,7 +21,7 @@ pub(crate) mod symmetric;
 /// Holds a session key.
 ///
 /// The session key is cleared when dropped.
-#[derive(Debug, Clone, PartialEq, Eq)]
+#[derive(Clone, PartialEq, Eq)]
 pub struct SessionKey(Box<[u8]>);
 
 impl SessionKey {
@@ -59,10 +61,20 @@ impl Drop for SessionKey {
     }
 }
 
+impl fmt::Debug for SessionKey {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        if cfg!(debug) {
+            write!(f, "SessionKey ({:?})", self.0)
+        } else {
+            f.write_str("SessionKey ( <Redacted> )")
+        }
+    }
+}
+
 /// Holds a password.
 ///
 /// The password is cleared when dropped.
-#[derive(Debug, Clone, PartialEq, Eq)]
+#[derive(Clone, PartialEq, Eq)]
 pub struct Password(Box<[u8]>);
 
 impl Deref for Password {
@@ -105,6 +117,17 @@ impl Drop for Password {
     }
 }
 
+impl fmt::Debug for Password {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        if cfg!(debug) {
+            write!(f, "Password ({:?})", self.0)
+        } else {
+            f.write_str("Password ( <Redacted> )")
+        }
+    }
+}
+
+
 /// Hash the specified file.
 ///
 /// This is useful when verifying detached signatures.