Merge pull request #318 from rozbb/upgrade-hpke

Upgrade hpke dependency

crates/bonsaidb-local/Cargo.toml

@@ -70,7 +70,7 @@ futures = { version = "0.3.19", optional = true }
 chacha20poly1305 = { version = "0.10", optional = true }
 zeroize = { version = "1", optional = true }
 lockedbox = { version = "0.1.1", optional = true }
-hpke = { version = "0.10", default-features = false, features = [
+hpke = { version = "0.12", default-features = false, features = [
     "p256",
 ], optional = true }
 generic-array = { version = "0.14", features = ["serde"], optional = true }

crates/bonsaidb-local/src/hpke_util.rs

@@ -3,6 +3,7 @@ use hpke::kem::{DhP256HkdfSha256, Kem as KemTrait};
 use hpke::{Deserializable, Serializable};
 use serde::de::Error;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use zeroize::Zeroize;
 
 // Helpful aliases for the HPKE types we use in vault encryption
 
@@ -29,17 +30,21 @@ macro_rules! impl_serde {
                 val: &$t,
                 serializer: S,
             ) -> Result<S::Ok, S::Error> {
-                let arr = val.to_bytes();
-                arr.serialize(serializer)
+                let mut arr = val.to_bytes();
+                let ret = arr.serialize(serializer);
+                arr.zeroize();
+                ret
             }
 
             pub(crate) fn deserialize<'de, D: Deserializer<'de>>(
                 deserializer: D,
             ) -> Result<$t, D::Error> {
-                let arr = GenericArray::<u8, <$t as Serializable>::OutputSize>::deserialize(
+                let mut arr = GenericArray::<u8, <$t as Serializable>::OutputSize>::deserialize(
                     deserializer,
                 )?;
-                <$t>::from_bytes(&arr).map_err(D::Error::custom)
+                let ret = <$t>::from_bytes(&arr).map_err(D::Error::custom);
+                arr.zeroize();
+                ret
             }
         }
     };