Zeroing secret keys on drop operations

Author: dr-orlovsky

secp256k1-sys/src/lib.rs

@@ -224,6 +224,12 @@ pub struct KeyPair([c_uchar; 96]);
 impl_array_newtype!(KeyPair, c_uchar, 96);
 impl_raw_debug!(KeyPair);
 
+impl Drop for KeyPair {
+    fn drop(&mut self) {
+        self.0.copy_from_slice(&[0u8; 96]);
+    }
+}
+
 impl KeyPair {
     /// Creates an "uninitialized" FFI keypair which is zeroed out
     ///

src/key.rs

@@ -32,6 +32,12 @@ pub struct SecretKey(pub(crate) [u8; constants::SECRET_KEY_SIZE]);
 impl_ptr_newtype!(SecretKey, u8);
 impl_safe_debug!(SecretKey);
 
+impl Drop for SecretKey {
+    fn drop(&mut self) {
+        self.0.copy_from_slice(&[0u8; constants::SECRET_KEY_SIZE]);
+    }
+}
+
 impl str::FromStr for SecretKey {
     type Err = Error;
     fn from_str(s: &str) -> Result<SecretKey, Error> {