diff options
| -rw-r--r-- | openpgp/src/crypto/mod.rs | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs index fc2a0fef..e4b26810 100644 --- a/openpgp/src/crypto/mod.rs +++ b/openpgp/src/crypto/mod.rs @@ -112,19 +112,22 @@ impl fmt::Debug for SessionKey { /// Holds a password. /// -/// The password is cleared when dropped. +/// The password is encrypted in memory and only decrypted on demand. +/// See [`mem::Encrypted`] for details. +/// +/// [`mem::Encrypted`]: mem/struct.Encrypted.html #[derive(Clone, PartialEq, Eq)] -pub struct Password(mem::Protected); +pub struct Password(mem::Encrypted); impl From<Vec<u8>> for Password { fn from(v: Vec<u8>) -> Self { - Password(v.into()) + Password(mem::Encrypted::new(v.into())) } } impl From<Box<[u8]>> for Password { fn from(v: Box<[u8]>) -> Self { - Password(v.into()) + Password(mem::Encrypted::new(v.into())) } } @@ -148,16 +151,20 @@ impl From<&[u8]> for Password { impl fmt::Debug for Password { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "Password ({:?})", self.0) + if cfg!(debug_assertions) { + self.map(|p| write!(f, "Password({:?})", p)) + } else { + f.write_str("Password(<Encrypted>)") + } } } impl Password { /// Maps the given function over the password. - pub fn map<F, T>(&self, mut fun: F) -> T + pub fn map<F, T>(&self, fun: F) -> T where F: FnMut(&mem::Protected) -> T { - fun(&self.0) + self.0.map(fun) } } |