@@ -232,7 +232,6 @@ macro_rules! impl_vl_bytes_generic {
232232/// Use this struct if bytes are encoded.
233233/// This is faster than the generic version.
234234#[ cfg_attr( feature = "serde" , derive( SerdeSerialize , SerdeDeserialize ) ) ]
235- #[ cfg_attr( feature = "std" , derive( Zeroize ) ) ]
236235#[ derive( Clone , PartialEq , Eq , Hash , Ord , PartialOrd ) ]
237236pub struct VLBytes {
238237 #[ cfg_attr( feature = "serde" , serde( serialize_with = "serde_bytes::serialize" ) ) ]
@@ -260,6 +259,13 @@ impl VLBytes {
260259
261260impl_vl_bytes_generic ! ( VLBytes ) ;
262261
262+ #[ cfg( feature = "std" ) ]
263+ impl Zeroize for VLBytes {
264+ fn zeroize ( & mut self ) {
265+ self . vec . zeroize ( ) ;
266+ }
267+ }
268+
263269impl From < VLBytes > for Vec < u8 > {
264270 fn from ( b : VLBytes ) -> Self {
265271 b. vec
@@ -578,7 +584,7 @@ mod secret_bytes {
578584/// behaves just like [`VLBytes`], except that it doesn't allow conversion into
579585/// a [`Vec<u8>`].
580586#[ cfg_attr( feature = "serde" , derive( SerdeSerialize , SerdeDeserialize ) ) ]
581- #[ derive( Clone , PartialEq , Eq , Hash , Ord , PartialOrd , Zeroize , ZeroizeOnDrop ) ]
587+ #[ derive( Clone , PartialEq , Eq , Hash , Ord , PartialOrd ) ]
582588 pub struct SecretVLBytes ( VLBytes ) ;
583589
584590 impl SecretVLBytes {
@@ -599,6 +605,20 @@ mod secret_bytes {
599605
600606 impl_vl_bytes_generic ! ( SecretVLBytes ) ;
601607
608+ impl Zeroize for SecretVLBytes {
609+ fn zeroize ( & mut self ) {
610+ self . 0 . zeroize ( ) ;
611+ }
612+ }
613+
614+ impl Drop for SecretVLBytes {
615+ fn drop ( & mut self ) {
616+ self . zeroize ( ) ;
617+ }
618+ }
619+
620+ impl ZeroizeOnDrop for SecretVLBytes { }
621+
602622 impl Size for SecretVLBytes {
603623 fn tls_serialized_len ( & self ) -> usize {
604624 self . 0 . tls_serialized_len ( )
0 commit comments