more robust zeroization

3 files changed, 11 insertions, 7 deletions

diff --git a/Cargo.lock b/Cargo.lock
index dbc0448..2ffed19 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1036,6 +1036,7 @@ dependencies = [
  "snafu",
  "tokio",
  "uuid",
+ "zeroize",
 ]
 
 [[package]]
@@ -1687,3 +1688,9 @@ dependencies = [
  "winapi 0.2.8",
  "winapi-build",
 ]
+
+[[package]]
+name = "zeroize"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3cbac2ed2ba24cc90f5e06485ac8c7c1e5449fe8911aef4d8877218af021a5b8"
diff --git a/Cargo.toml b/Cargo.toml
index a93bd0a..8bd73cd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,3 +27,4 @@ sha2 = "*"
 snafu = "*"
 tokio = { version = "*", features = ["full"] }
 uuid = { version = "*", features = ["v4"] }
+zeroize = "*"
diff --git a/src/locked.rs b/src/locked.rs
index 52678dc..68cea8c 100644
--- a/src/locked.rs
+++ b/src/locked.rs
@@ -1,3 +1,5 @@
+use zeroize::Zeroize;
+
 pub struct Vec {
     data: Box<arrayvec::ArrayVec<[u8; 4096]>>,
     _lock: region::LockGuard,
@@ -31,17 +33,11 @@ impl Vec {
     pub fn truncate(&mut self, len: usize) {
         self.data.truncate(len);
     }
-
-    pub fn shred(&mut self) {
-        self.data.truncate(0);
-        self.data.extend(std::iter::repeat(0));
-        self.data.truncate(0);
-    }
 }
 
 impl Drop for Vec {
     fn drop(&mut self) {
-        self.shred();
+        self.data.as_mut().zeroize();
     }
 }