ZeroizeOnDrop usage

[fjarri]

Returning to the question raised in iqlusioninc/crates#757 - I am still not sure how to correctly do what I described there. Now that ZeroizeOnDrop exists, and a third-party SecretDataType implements it, how should I wrap SecretDataType in my type, which I also want to implement ZeroizeOnDrop? The way I currently do it

struct SecretKey { inner: SecretDataType }
impl ZeroizeOnDrop for SecretKey where SecretDataType: ZeroizeOnDrop;

The second line is a static assertion in case the situation with SecretDataType changes. The problem is that this syntax may go away in the future (rust-lang/rust#48214). If I derive ZeroizeOnDrop for SecretKey, it'll be zeroized twice, which is not ideal. Should I write a Drop impl manually for SecretKey?

[tarcieri]

All you need to do is derive(ZeroizeOnDrop). That's it.

It won't double-zeroize. Fields that impl ZeroizeOnDrop will be skipped by the owning container's derived Drop impl. Fields that impl Zeroize will be zeroized. If fields impl neither, it will cause a compile error.

cc @daxpedda

[fjarri]

It won't double-zeroize.

That's awesome, it wasn't clear from the docs.

[daxpedda]

It won't double-zeroize. Fields that impl ZeroizeOnDrop will be skipped by the owning container's derived Drop impl. Fields that impl Zeroize will be zeroized. If fields impl neither, it will cause a compile error.

👍 This is exactly how it should work indeed.