openpgp: More ergonomic and robust interface to zero stacks.

  - This is only effective if the value is computed by a function that
    is never inlined.  Add a macro that takes care of that.

1 files changed, 35 insertions, 0 deletions

diff --git a/openpgp/src/macros.rs b/openpgp/src/macros.rs
index aa316480..3858618c 100644
--- a/openpgp/src/macros.rs
+++ b/openpgp/src/macros.rs
@@ -232,3 +232,38 @@ mod test_assert_send_and_sync {
     }
     assert_send_and_sync!(MyWriterWithLifetime<'_, C, W> where C, W: std::io::Write);
 }
+
+/// Zeros the stack after executing a block of code.
+///
+/// These are more convenient and more robust ways of using
+/// crypto::mem::zero_stack and crypto::mem::zero_stack_after.  You
+/// should prefer this macro over using the functions directly.
+///
+/// # Examples
+///
+/// ```ignore
+/// zero_stack!(128 bytes after running {
+///     let mut a = [0; 6];
+///     a.copy_from_slice(b"secret");
+/// })
+/// ```
+///
+/// Or, if you need to specify the type of the expression:
+///
+/// ```ignore
+/// zero_stack!(128 bytes after running || -> () {
+///     let mut a = [0; 6];
+///     a.copy_from_slice(b"secret");
+/// })
+/// ```
+#[allow(unused_macros)]
+macro_rules! zero_stack {
+    ($n:literal bytes after running || -> $t:ty $code:block) => {
+        crate::crypto::mem::zero_stack_after::<$n, _>(
+            #[inline(never)] || -> $t { $code })
+    };
+    ($n:literal bytes after running $code:block) => {
+        crate::crypto::mem::zero_stack_after::<$n, _>(
+            #[inline(never)] || $code)
+    };
+}