replace use of clear on secrets with zeroize in drop logic

dalek-cryptography · Mar 4, 2019 · 60031b6 · 60031b6
1 parent 60af2c6
commit 60031b6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -24,12 +24,12 @@
 //! Note that docs will only build on nightly Rust until
 //! `feature(external_doc)` is stabilized.
 
-extern crate clear_on_drop;
-
 extern crate curve25519_dalek;
 
 extern crate rand_core;
 
+extern crate zeroize;
+
 #[cfg(test)]
 extern crate rand_os;
 

diff --git a/src/x25519.rs b/src/x25519.rs
@@ -14,15 +14,15 @@
 //! This implements x25519 key exchange as specified by Mike Hamburg
 //! and Adam Langley in [RFC7748](https://tools.ietf.org/html/rfc7748).
 
-use clear_on_drop::clear::Clear;
-
 use curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
 use curve25519_dalek::montgomery::MontgomeryPoint;
 use curve25519_dalek::scalar::Scalar;
 
 use rand_core::RngCore;
 use rand_core::CryptoRng;
 
+use zeroize::Zeroize;
+
 /// A `PublicKey` is the corresponding public key converted from
 /// an `EphemeralSecret` or a `StaticSecret` key.
 #[derive(Copy, Clone, Debug)]
@@ -50,7 +50,7 @@ pub struct EphemeralSecret(pub (crate) Scalar);
 /// Overwrite ephemeral secret key material with null bytes when it goes out of scope.
 impl Drop for EphemeralSecret {
     fn drop(&mut self) {
-        self.0.clear();
+        self.0.zeroize();
     }
 }
 
@@ -91,7 +91,7 @@ pub struct StaticSecret(pub (crate) Scalar);
 /// Overwrite static secret key material with null bytes when it goes out of scope.
 impl Drop for StaticSecret {
     fn drop(&mut self) {
-        self.0.clear();
+        self.0.zeroize();
     }
 }
 
@@ -143,7 +143,7 @@ pub struct SharedSecret(pub (crate) MontgomeryPoint);
 /// Overwrite shared secret material with null bytes when it goes out of scope.
 impl Drop for SharedSecret {
     fn drop(&mut self) {
-        self.0.clear();
+        self.0.zeroize();
     }
 }