faern
commented
1 year ago This is technically a breaking change. Since removing a feature is breaking the API. But the previous feature was not "usable" anyway. One might consider this and #26 bugfixes, merge them, release 0.3.1 and yank 0.3.0? Up to you.
It was not possible to activate the zeroizing feature in this crate. Because neither "zero" nor "zeroize" actually activated the implementation due to a spelling error.
Skip creating an extra feature "zero" and instead just use the one called "zeroize" by having the dependency optional. This is more idiomatic and avoids creating a set of basically duplicate features.
It should however be noted that the zeroize functionality is currently somewhat limited. Yes the
UakeandAketypes can be cleared out. But theSharedSecretproduced by the library is just a raw array withoutZeroize. I'd suggest that more long term we look into doing something similar to what I added toclassic-mceliecein https://github.com/Colfenor/classic-mceliece-rust/pull/20. This means that types containing secrets can no longer just be type definitions translating to arrays. Rather they should probably be structs owning the secret data, and clear on drop. But all of this can be done later of course.