Add util/mem to zero out memory on drop. (#8356)

* Add `util/mem` to zero out memory on drop.

* Remove nonsense.

* Remove `Into` impls for `Memzero`.

* Update ethereum-types and remove H256Mut.

Cargo.lock

@@ -233,7 +233,7 @@ name = "common-types"
 version = "0.1.0"
 dependencies = [
  "ethcore-bytes 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
@@ -362,7 +362,7 @@ name = "dir"
 version = "0.1.0"
 dependencies = [
  "app_dirs 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "journaldb 0.1.0",
 ]
 
@@ -434,7 +434,7 @@ version = "5.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustc-hex 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_derive 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -479,7 +479,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "crunchy 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethereum-types-serialize 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "fixed-hash 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "fixed-hash 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
  "tiny-keccak 1.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -505,7 +505,7 @@ dependencies = [
  "ethcore-miner 1.11.0",
  "ethcore-stratum 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "ethkey 0.3.0",
  "ethstore 0.2.0",
@@ -571,7 +571,7 @@ name = "ethcore-crypto"
 version = "0.1.0"
 dependencies = [
  "eth-secp256k1 0.5.7 (git+https://github.com/paritytech/rust-secp256k1)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
  "subtle 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -603,7 +603,7 @@ dependencies = [
  "ethcore-io 1.11.0",
  "ethcore-network 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
  "hashdb 0.1.1",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -661,7 +661,7 @@ dependencies = [
  "ethabi-derive 5.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethash 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "fetch 0.1.0",
  "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -685,7 +685,7 @@ dependencies = [
  "error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-crypto 0.1.0",
  "ethcore-io 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "ipnetwork 0.12.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "rlp 0.2.1",
@@ -704,7 +704,7 @@ dependencies = [
  "ethcore-io 1.11.0",
  "ethcore-logger 1.11.0",
  "ethcore-network 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "igd 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "ipnetwork 0.12.7 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -742,7 +742,7 @@ dependencies = [
  "ethcore-logger 1.11.0",
  "ethcore-miner 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "ethkey 0.3.0",
  "fetch 0.1.0",
@@ -776,7 +776,7 @@ dependencies = [
  "ethcore-logger 1.11.0",
  "ethcore-sync 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -824,7 +824,7 @@ version = "1.11.0"
 dependencies = [
  "env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-logger 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "jsonrpc-core 8.0.1 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "jsonrpc-macros 8.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "jsonrpc-tcp-server 8.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
@@ -847,7 +847,7 @@ dependencies = [
  "ethcore-network 1.11.0",
  "ethcore-network-devp2p 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "ipnetwork 0.12.7 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -870,7 +870,7 @@ dependencies = [
 name = "ethcore-transaction"
 version = "0.1.0"
 dependencies = [
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "ethkey 0.3.0",
  "evm 0.1.0",
@@ -883,13 +883,13 @@ dependencies = [
 
 [[package]]
 name = "ethereum-types"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "crunchy 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethbloom 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethereum-types-serialize 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "fixed-hash 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "fixed-hash 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustc_version 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
  "uint 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -907,7 +907,7 @@ dependencies = [
 name = "ethjson"
 version = "0.1.0"
 dependencies = [
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustc-hex 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_derive 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -921,9 +921,10 @@ dependencies = [
  "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "edit-distance 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "eth-secp256k1 0.5.7 (git+https://github.com/paritytech/rust-secp256k1)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mem 0.1.0",
  "parity-wordlist 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -952,7 +953,7 @@ version = "0.2.0"
 dependencies = [
  "dir 0.1.0",
  "ethcore-crypto 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "itertools 0.5.10 (registry+https://github.com/rust-lang/crates.io-index)",
  "libc 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -994,7 +995,7 @@ name = "evm"
 version = "0.1.0"
 dependencies = [
  "bit-set 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
  "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1013,7 +1014,7 @@ dependencies = [
  "ethcore 1.11.0",
  "ethcore-bytes 0.1.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "evm 0.1.0",
  "panic_hook 0.1.0",
@@ -1058,7 +1059,7 @@ dependencies = [
 
 [[package]]
 name = "fixed-hash"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1153,7 +1154,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 name = "hardware-wallet"
 version = "1.11.0"
 dependencies = [
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "hidapi 0.3.1 (git+https://github.com/paritytech/hidapi-rs)",
  "libusb 0.3.0 (git+https://github.com/paritytech/libusb-rs)",
@@ -1169,7 +1170,7 @@ name = "hashdb"
 version = "0.1.1"
 dependencies = [
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
@@ -1317,7 +1318,7 @@ version = "0.1.0"
 dependencies = [
  "ethcore-bytes 0.1.0",
  "ethcore-logger 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "hashdb 0.1.1",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
@@ -1432,7 +1433,7 @@ name = "keccak-hash"
 version = "0.1.0"
 dependencies = [
  "cc 1.0.9 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "tempdir 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "tiny-keccak 1.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -1468,7 +1469,7 @@ name = "kvdb-rocksdb"
 version = "0.1.0"
 dependencies = [
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "interleaved-ordered 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "kvdb 0.1.0",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1576,6 +1577,10 @@ name = "matches"
 version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
+[[package]]
+name = "mem"
+version = "0.1.0"
+
 [[package]]
 name = "memchr"
 version = "2.0.1"
@@ -1617,7 +1622,7 @@ version = "0.1.1"
 dependencies = [
  "bigint 4.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "hashdb 0.1.1",
  "heapsize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
@@ -1764,7 +1769,7 @@ dependencies = [
  "ethcore 1.11.0",
  "ethcore-io 1.11.0",
  "ethcore-network-devp2p 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "kvdb-memorydb 0.1.0",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
  "lru-cache 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1938,7 +1943,7 @@ dependencies = [
  "ethcore-stratum 1.11.0",
  "ethcore-sync 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "fake-fetch 0.0.1",
  "fdlimit 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1951,6 +1956,7 @@ dependencies = [
  "kvdb 0.1.0",
  "kvdb-rocksdb 0.1.0",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mem 0.1.0",
  "migration 0.1.0",
  "node-filter 1.11.0",
  "node-health 0.1.0",
@@ -1997,7 +2003,7 @@ dependencies = [
  "env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-bytes 0.1.0",
  "ethcore-devtools 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "fetch 0.1.0",
  "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2062,7 +2068,7 @@ dependencies = [
  "ethabi-contract 5.0.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethabi-derive 5.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-bytes 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "fake-fetch 0.0.1",
  "fetch 0.1.0",
  "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2086,7 +2092,7 @@ dependencies = [
  "cid 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore 1.11.0",
  "ethcore-bytes 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "jsonrpc-core 8.0.1 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "jsonrpc-http-server 8.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "multihash 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2115,7 +2121,7 @@ dependencies = [
 name = "parity-machine"
 version = "0.1.0"
 dependencies = [
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
@@ -2145,7 +2151,7 @@ dependencies = [
  "ethcore-private-tx 1.0.0",
  "ethcore-sync 1.11.0",
  "ethcore-transaction 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "ethkey 0.3.0",
  "ethstore 0.2.0",
@@ -2284,7 +2290,7 @@ dependencies = [
  "ethcore 1.11.0",
  "ethcore-bytes 0.1.0",
  "ethcore-sync 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
  "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2329,13 +2335,14 @@ dependencies = [
  "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-crypto 0.1.0",
  "ethcore-network 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethkey 0.3.0",
  "hex 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "jsonrpc-core 8.0.1 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "jsonrpc-macros 8.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "jsonrpc-pubsub 8.0.0 (git+https://github.com/paritytech/jsonrpc.git?branch=parity-1.11)",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mem 0.1.0",
  "ordered-float 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "parking_lot 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2391,7 +2398,7 @@ dependencies = [
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-bytes 0.1.0",
  "ethcore-logger 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "hashdb 0.1.1",
  "keccak-hash 0.1.0",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2447,7 +2454,7 @@ name = "plain_hasher"
 version = "0.1.0"
 dependencies = [
  "crunchy 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
@@ -2546,7 +2553,7 @@ version = "0.1.0"
 dependencies = [
  "clap 2.29.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-logger 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "rustc-hex 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.37 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2714,7 +2721,7 @@ version = "0.2.1"
 dependencies = [
  "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustc-hex 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
@@ -3394,7 +3401,7 @@ name = "transaction-pool"
 version = "1.11.0"
 dependencies = [
  "error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
  "smallvec 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -3420,7 +3427,7 @@ name = "trie-standardmap"
 version = "0.1.0"
 dependencies = [
  "ethcore-bytes 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
  "rlp 0.2.1",
 ]
@@ -3430,7 +3437,7 @@ name = "triehash"
 version = "0.1.0"
 dependencies = [
  "elastic-array 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "keccak-hash 0.1.0",
  "rlp 0.2.1",
  "trie-standardmap 0.1.0",
@@ -3545,7 +3552,7 @@ name = "util-error"
 version = "0.1.0"
 dependencies = [
  "error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "kvdb 0.1.0",
  "rlp 0.2.1",
  "rustc-hex 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -3577,7 +3584,7 @@ dependencies = [
  "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "common-types 0.1.0",
  "ethcore-bytes 0.1.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethjson 0.1.0",
  "keccak-hash 0.1.0",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -3596,7 +3603,7 @@ version = "0.1.0"
 dependencies = [
  "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "ethcore-logger 1.11.0",
- "ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "libc 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
  "parity-wasm 0.27.5 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -3791,10 +3798,10 @@ dependencies = [
 "checksum ethabi-contract 5.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ca2263c24359e827348ac99aa1f2e28ba5bab0d6c0b83941fa252de8a9e9c073"
 "checksum ethabi-derive 5.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "d2bc7099baa147187aedaecd9fe04a6c0541c82bc43ff317cb6900fe2b983d74"
 "checksum ethbloom 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1a93a43ce2e9f09071449da36bfa7a1b20b950ee344b6904ff23de493b03b386"
-"checksum ethereum-types 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "53eabbad504e438e20b6559fd070d79b92cb31c02f994c7ecb05e9b2df716013"
+"checksum ethereum-types 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "3a3ae691a36ce5d25b433e63128ce5579f4a18457b6a9c849832b2c9e0fec92a"
 "checksum ethereum-types-serialize 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4ac59a21a9ce98e188f3dace9eb67a6c4a3c67ec7fbc7218cb827852679dc002"
 "checksum fdlimit 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b1ee15a7050e5580b3712877157068ea713b245b080ff302ae2ca973cfcd9baa"
-"checksum fixed-hash 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "362f32e2fbc5ed45f01a23ca074f936bb3aee4122a66e7118e8c3e965d96104c"
+"checksum fixed-hash 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b18d6fd718fb4396e7a9c93ac59ba7143501467ca7a143c145b5555a571d5576"
 "checksum flate2 0.2.20 (registry+https://github.com/rust-lang/crates.io-index)" = "e6234dd4468ae5d1e2dbb06fe2b058696fdc50a339c68a393aefbf00bc81e423"
 "checksum fnv 1.0.5 (registry+https://github.com/rust-lang/crates.io-index)" = "6cc484842f1e2884faf56f529f960cc12ad8c71ce96cc7abba0a067c98fee344"
 "checksum fuchsia-zircon 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2e9763c69ebaae630ba35f74888db465e49e259ba1bc0eda7d06f4a067615d82"

Cargo.toml

@@ -69,6 +69,7 @@ migration = { path = "util/migration" }
 kvdb = { path = "util/kvdb" }
 kvdb-rocksdb = { path = "util/kvdb-rocksdb" }
 journaldb = { path = "util/journaldb" }
+mem = { path = "util/mem" }
 
 parity-dapps = { path = "dapps", optional = true }
 ethcore-secretstore = { path = "secret_store", optional = true }

ethcore/src/snapshot/tests/proof_of_authority.rs

@@ -39,7 +39,7 @@ const TRANSITION_BLOCK_1: usize = 2; // block at which the contract becomes acti
 const TRANSITION_BLOCK_2: usize = 10; // block at which the second contract activates.
 
 macro_rules! secret {
-	($e: expr) => { Secret::from_slice(&$crate::hash::keccak($e)) }
+	($e: expr) => { Secret::from($crate::hash::keccak($e).0) }
 }
 
 lazy_static! {

ethcore/transaction/src/transaction.rs

@@ -141,7 +141,7 @@ impl HeapSizeOf for Transaction {
 impl From<ethjson::state::Transaction> for SignedTransaction {
 	fn from(t: ethjson::state::Transaction) -> Self {
 		let to: Option<ethjson::hash::Address> = t.to.into();
-		let secret = t.secret.map(|s| Secret::from_slice(&s.0));
+		let secret = t.secret.map(|s| Secret::from(s.0));
 		let tx = Transaction {
 			nonce: t.nonce.into(),
 			gas_price: t.gas_price.into(),

ethkey/Cargo.toml

@@ -10,6 +10,7 @@ eth-secp256k1 = { git = "https://github.com/paritytech/rust-secp256k1" }
 ethereum-types = "0.3"
 lazy_static = "1.0"
 log = "0.3"
+mem = { path = "../util/mem" }
 parity-wordlist = "1.2"
 rand = "0.4"
 rust-crypto = "0.2"

ethkey/src/extended.rs

@@ -99,7 +99,7 @@ impl ExtendedSecret {
 	pub fn derive<T>(&self, index: Derivation<T>) -> ExtendedSecret where T: Label {
 		let (derived_key, next_chain_code) = derivation::private(*self.secret, self.chain_code, index);
 
-		let derived_secret = Secret::from_slice(&*derived_key);
+		let derived_secret = Secret::from(derived_key.0);
 
 		ExtendedSecret::with_code(derived_secret, next_chain_code)
 	}
@@ -399,7 +399,7 @@ mod tests {
 
 	fn test_extended<F>(f: F, test_private: H256) where F: Fn(ExtendedSecret) -> ExtendedSecret {
 		let (private_seed, chain_code) = master_chain_basic();
-		let extended_secret = ExtendedSecret::with_code(Secret::from_slice(&*private_seed), chain_code);
+		let extended_secret = ExtendedSecret::with_code(Secret::from(private_seed.0), chain_code);
 		let derived = f(extended_secret);
 		assert_eq!(**derived.as_raw(), test_private);
 	}

ethkey/src/lib.rs

@@ -20,6 +20,7 @@ extern crate byteorder;
 extern crate crypto as rcrypto;
 extern crate edit_distance;
 extern crate ethereum_types;
+extern crate mem;
 extern crate parity_wordlist;
 extern crate rand;
 extern crate rustc_hex;

ethkey/src/secret.rs

@@ -18,18 +18,20 @@ use std::fmt;
 use std::ops::Deref;
 use std::str::FromStr;
 use rustc_hex::ToHex;
+use secp256k1::constants::{SECRET_KEY_SIZE as SECP256K1_SECRET_KEY_SIZE};
 use secp256k1::key;
 use ethereum_types::H256;
+use mem::Memzero;
 use {Error, SECP256K1};
 
 #[derive(Clone, PartialEq, Eq)]
 pub struct Secret {
-	inner: H256,
+	inner: Memzero<H256>,
 }
 
 impl ToHex for Secret {
 	fn to_hex(&self) -> String {
-		format!("{:x}", self.inner)
+		format!("{:x}", *self.inner)
 	}
 }
 
@@ -52,17 +54,19 @@ impl fmt::Display for Secret {
 }
 
 impl Secret {
-	pub fn from_slice(key: &[u8]) -> Self {
-		assert_eq!(32, key.len(), "Caller should provide 32-byte length slice");
-
+	/// Creates a `Secret` from the given slice, returning `None` if the slice length != 32.
+	pub fn from_slice(key: &[u8]) -> Option<Self> {
+		if key.len() != 32 {
+			return None
+		}
 		let mut h = H256::default();
 		h.copy_from_slice(&key[0..32]);
-		Secret { inner: h }
+		Some(Secret { inner: Memzero::from(h) })
 	}
 
 	/// Creates zero key, which is invalid for crypto operations, but valid for math operation.
 	pub fn zero() -> Self {
-		Secret { inner: Default::default() }
+		Secret { inner: Memzero::from(H256::default()) }
 	}
 
 	/// Imports and validates the key.
@@ -208,9 +212,15 @@ impl FromStr for Secret {
 	}
 }
 
+impl From<[u8; 32]> for Secret {
+	fn from(k: [u8; 32]) -> Self {
+		Secret { inner: Memzero::from(H256(k)) }
+	}
+}
+
 impl From<H256> for Secret {
 	fn from(s: H256) -> Self {
-		Secret::from_slice(&s)
+		s.0.into()
 	}
 }
 
@@ -222,7 +232,9 @@ impl From<&'static str> for Secret {
 
 impl From<key::SecretKey> for Secret {
 	fn from(key: key::SecretKey) -> Self {
-		Self::from_slice(&key[0..32])
+		let mut a = [0; SECP256K1_SECRET_KEY_SIZE];
+		a.copy_from_slice(&key[0 .. SECP256K1_SECRET_KEY_SIZE]);
+		a.into()
 	}
 }
 

rpc/src/v1/tests/mocked/eth.rs

@@ -329,7 +329,7 @@ fn rpc_eth_submit_hashrate() {
 fn rpc_eth_sign() {
 	let tester = EthTester::default();
 
-	let account = tester.accounts_provider.insert_account(Secret::from_slice(&[69u8; 32]), "abcd").unwrap();
+	let account = tester.accounts_provider.insert_account(Secret::from([69u8; 32]), "abcd").unwrap();
 	tester.accounts_provider.unlock_account_permanently(account, "abcd".into()).unwrap();
 	let _message = "0cc175b9c0f1b6a831c399e26977266192eb5ffee6ae2fec3ad71c777531578f".from_hex().unwrap();
 

rpc/src/v1/tests/mocked/signing.rs

@@ -211,7 +211,7 @@ fn should_sign_if_account_is_unlocked() {
 	// given
 	let tester = eth_signing();
 	let data = vec![5u8];
-	let acc = tester.accounts.insert_account(Secret::from_slice(&[69u8; 32]), "test").unwrap();
+	let acc = tester.accounts.insert_account(Secret::from([69u8; 32]), "test").unwrap();
 	tester.accounts.unlock_account_permanently(acc, "test".into()).unwrap();
 
 	// when

secret_store/src/key_server.rs

@@ -443,8 +443,8 @@ pub mod tests {
 			let message_hash = H256::from(42);
 			let combined_signature = key_servers[0].sign_message_schnorr(&server_key_id, &signature.into(), message_hash.clone()).unwrap();
 			let combined_signature = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &combined_signature).unwrap();
-			let signature_c = Secret::from_slice(&combined_signature[..32]);
-			let signature_s = Secret::from_slice(&combined_signature[32..]);
+			let signature_c = Secret::from_slice(&combined_signature[..32]).unwrap();
+			let signature_s = Secret::from_slice(&combined_signature[32..]).unwrap();
 
 			// check signature
 			assert_eq!(math::verify_schnorr_signature(&server_public, &(signature_c, signature_s), &message_hash), Ok(true));
@@ -492,8 +492,8 @@ pub mod tests {
 		let message_hash = H256::from(42);
 		let combined_signature = key_servers[0].sign_message_schnorr(&server_key_id, &signature.into(), message_hash.clone()).unwrap();
 		let combined_signature = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &combined_signature).unwrap();
-		let signature_c = Secret::from_slice(&combined_signature[..32]);
-		let signature_s = Secret::from_slice(&combined_signature[32..]);
+		let signature_c = Secret::from_slice(&combined_signature[..32]).unwrap();
+		let signature_s = Secret::from_slice(&combined_signature[32..]).unwrap();
 
 		// check signature
 		assert_eq!(math::verify_schnorr_signature(&server_public, &(signature_c, signature_s), &message_hash), Ok(true));

secret_store/src/key_server_cluster/client_sessions/decryption_session.rs

@@ -1272,7 +1272,7 @@ mod tests {
 		use crypto::DEFAULT_MAC;
 		use crypto::ecies::decrypt;
 		let decrypt_shadows: Vec<_> = decrypted_secret.decrypt_shadows.unwrap().into_iter()
-			.map(|c| Secret::from_slice(&decrypt(key_pair.secret(), &DEFAULT_MAC, &c).unwrap()))
+			.map(|c| Secret::from_slice(&decrypt(key_pair.secret(), &DEFAULT_MAC, &c).unwrap()).unwrap())
 			.collect();
 		let decrypted_secret = math::decrypt_with_shadow_coefficients(decrypted_secret.decrypted_secret, decrypted_secret.common_point.unwrap(), decrypt_shadows).unwrap();
 		assert_eq!(decrypted_secret, SECRET_PLAIN.into());
@@ -1418,7 +1418,7 @@ mod tests {
 		let result = sessions[0].decrypted_secret().unwrap().unwrap();
 		assert_eq!(3, sessions.iter().skip(1).filter(|s| s.decrypted_secret() == Some(Ok(result.clone()))).count());
 		let decrypt_shadows: Vec<_> = result.decrypt_shadows.unwrap().into_iter()
-			.map(|c| Secret::from_slice(&decrypt(key_pair.secret(), &DEFAULT_MAC, &c).unwrap()))
+			.map(|c| Secret::from_slice(&decrypt(key_pair.secret(), &DEFAULT_MAC, &c).unwrap()).unwrap())
 			.collect();
 		let decrypted_secret = math::decrypt_with_shadow_coefficients(result.decrypted_secret, result.common_point.unwrap(), decrypt_shadows).unwrap();
 		assert_eq!(decrypted_secret, SECRET_PLAIN.into());

secret_store/src/key_server_cluster/math.rs

@@ -37,7 +37,7 @@ pub fn zero_scalar() -> Secret {
 pub fn to_scalar(hash: H256) -> Result<Secret, Error> {
 	let scalar: U256 = hash.into();
 	let scalar: H256 = (scalar % math::curve_order()).into();
-	let scalar = Secret::from_slice(&*scalar);
+	let scalar = Secret::from(scalar.0);
 	scalar.check_validity()?;
 	Ok(scalar)
 }
@@ -697,7 +697,7 @@ pub mod tests {
 		// === required to generate shares of inv(x) mod r with out revealing
 		// === any information about x or inv(x).
 		// === https://www.researchgate.net/publication/280531698_Robust_Threshold_Elliptic_Curve_Digital_Signature
-	
+
 		// generate shared random secret e for given t
 		let n = artifacts.id_numbers.len();
 		assert!(t * 2 + 1 <= n);

util/mem/Cargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "mem"
+version = "0.1.0"
+authors = ["Parity Technologies <admin@parity.io>"]
+
+[dependencies]

util/mem/src/lib.rs

@@ -0,0 +1,57 @@
+// Copyright 2018 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+use std::ops::{Deref, DerefMut};
+use std::ptr;
+
+/// Wrapper to zero out memory when dropped.
+#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
+pub struct Memzero<T: AsMut<[u8]>> {
+	mem: T,
+}
+
+impl<T: AsMut<[u8]>> From<T> for Memzero<T> {
+	fn from(mem: T) -> Memzero<T> {
+		Memzero { mem }
+	}
+}
+
+impl<T: AsMut<[u8]>> Drop for Memzero<T> {
+	fn drop(&mut self) {
+		let n = self.mem.as_mut().len();
+		let p = self.mem.as_mut().as_mut_ptr();
+		for i in 0..n {
+			unsafe {
+				ptr::write_volatile(p.offset(i as isize), 0)
+			}
+		}
+	}
+}
+
+impl<T: AsMut<[u8]>> Deref for Memzero<T> {
+	type Target = T;
+
+	fn deref(&self) -> &Self::Target {
+		&self.mem
+	}
+}
+
+impl<T: AsMut<[u8]>> DerefMut for Memzero<T> {
+	fn deref_mut(&mut self) -> &mut Self::Target {
+		&mut self.mem
+	}
+}
+

whisper/Cargo.toml

@@ -13,6 +13,7 @@ ethcore-crypto = { path = "../ethcore/crypto" }
 ethkey = { path = "../ethkey" }
 hex = "0.2"
 log = "0.3"
+mem = { path = "../util/mem" }
 ordered-float = "0.5"
 parking_lot = "0.5"
 rand = "0.4"

whisper/src/lib.rs

@@ -23,6 +23,7 @@ extern crate ethcore_network as network;
 extern crate ethereum_types;
 extern crate ethkey;
 extern crate hex;
+extern crate mem;
 extern crate ordered_float;
 extern crate parking_lot;
 extern crate rand;

whisper/src/rpc/crypto.rs

@@ -19,6 +19,7 @@
 use crypto;
 use ethereum_types::H256;
 use ethkey::{self, Public, Secret};
+use mem::Memzero;
 use ring::aead::{self, AES_256_GCM, SealingKey, OpeningKey};
 
 /// Length of AES key
@@ -36,7 +37,7 @@ enum AesEncode {
 }
 
 enum EncryptionInner {
-	AES([u8; AES_KEY_LEN], [u8; AES_NONCE_LEN], AesEncode),
+	AES(Memzero<[u8; AES_KEY_LEN]>, [u8; AES_NONCE_LEN], AesEncode),
 	ECIES(Public),
 }
 
@@ -58,7 +59,7 @@ impl EncryptionInstance {
 	///
 	/// If generating nonces with a secure RNG, limit uses such that
 	/// the chance of collision is negligible.
-	pub fn aes(key: [u8; AES_KEY_LEN], nonce: [u8; AES_NONCE_LEN]) -> Self {
+	pub fn aes(key: Memzero<[u8; AES_KEY_LEN]>, nonce: [u8; AES_NONCE_LEN]) -> Self {
 		EncryptionInstance(EncryptionInner::AES(key, nonce, AesEncode::AppendedNonce))
 	}
 
@@ -66,7 +67,7 @@ impl EncryptionInstance {
 	///
 	/// Key reuse here is extremely dangerous. It should be randomly generated
 	/// with a secure RNG.
-	pub fn broadcast(key: [u8; AES_KEY_LEN], topics: Vec<H256>) -> Self {
+	pub fn broadcast(key: Memzero<[u8; AES_KEY_LEN]>, topics: Vec<H256>) -> Self {
 		EncryptionInstance(EncryptionInner::AES(key, BROADCAST_IV, AesEncode::OnTopics(topics)))
 	}
 
@@ -74,7 +75,7 @@ impl EncryptionInstance {
 	pub fn encrypt(self, plain: &[u8]) -> Vec<u8> {
 		match self.0 {
 			EncryptionInner::AES(key, nonce, encode) => {
-				let sealing_key = SealingKey::new(&AES_256_GCM, &key)
+				let sealing_key = SealingKey::new(&AES_256_GCM, &*key)
 					.expect("key is of correct len; qed");
 
 				let encrypt_plain = move |buf: &mut Vec<u8>| {
@@ -106,12 +107,10 @@ impl EncryptionInstance {
 					}
 					AesEncode::OnTopics(topics) => {
 						let mut buf = Vec::new();
-						let key = H256(key);
-
-						for topic in topics {
-							buf.extend(&*(topic ^ key));
+						for mut t in topics {
+							xor(&mut t.0, &key);
+							buf.extend(&t.0);
 						}
-
 						encrypt_plain(&mut buf);
 						buf
 					}
@@ -125,8 +124,15 @@ impl EncryptionInstance {
 	}
 }
 
+#[inline]
+fn xor(a: &mut [u8; 32], b: &[u8; 32]) {
+	for i in 0 .. 32 {
+		a[i] ^= b[i]
+	}
+}
+
 enum AesExtract {
-	AppendedNonce([u8; AES_KEY_LEN]), // extract appended nonce.
+	AppendedNonce(Memzero<[u8; AES_KEY_LEN]>), // extract appended nonce.
 	OnTopics(usize, usize, H256), // number of topics, index we know, topic we know.
 }
 
@@ -147,7 +153,7 @@ impl DecryptionInstance {
 	}
 
 	/// 256-bit AES GCM decryption with appended nonce.
-	pub fn aes(key: [u8; AES_KEY_LEN]) -> Self {
+	pub fn aes(key: Memzero<[u8; AES_KEY_LEN]>) -> Self {
 		DecryptionInstance(DecryptionInner::AES(AesExtract::AppendedNonce(key)))
 	}
 
@@ -164,13 +170,13 @@ impl DecryptionInstance {
 		match self.0 {
 			DecryptionInner::AES(extract) => {
 				let decrypt = |
-					key: [u8; AES_KEY_LEN],
+					key: Memzero<[u8; AES_KEY_LEN]>,
 					nonce: [u8; AES_NONCE_LEN],
 					ciphertext: &[u8]
 				| {
 					if ciphertext.len() < AES_256_GCM.tag_len() { return None }
 
-					let opening_key = OpeningKey::new(&AES_256_GCM, &key)
+					let opening_key = OpeningKey::new(&AES_256_GCM, &*key)
 						.expect("key length is valid for mode; qed");
 
 					let mut buf = ciphertext.to_vec();
@@ -205,7 +211,7 @@ impl DecryptionInstance {
 						let mut salted_topic = H256::new();
 						salted_topic.copy_from_slice(&ciphertext[(known_index * 32)..][..32]);
 
-						let key = (salted_topic ^ known_topic).0;
+						let key = Memzero::from((salted_topic ^ known_topic).0);
 
 						let offset = num_topics * 32;
 						decrypt(key, BROADCAST_IV, &ciphertext[offset..])
@@ -264,9 +270,9 @@ mod tests {
 
 		let mut rng = OsRng::new().unwrap();
 		let mut test_message = move |message: &[u8]| {
-			let key = rng.gen();
+			let key = Memzero::from(rng.gen::<[u8; 32]>());
 
-			let instance = EncryptionInstance::aes(key, rng.gen());
+			let instance = EncryptionInstance::aes(key.clone(), rng.gen());
 			let ciphertext = instance.encrypt(message);
 
 			if !message.is_empty() {
@@ -294,7 +300,7 @@ mod tests {
 			let all_topics = (0..5).map(|_| rng.gen()).collect::<Vec<_>>();
 			let known_idx = 2;
 			let known_topic = all_topics[2];
-			let key = rng.gen();
+			let key = Memzero::from(rng.gen::<[u8; 32]>());
 
 			let instance = EncryptionInstance::broadcast(key, all_topics);
 			let ciphertext = instance.encrypt(message);

whisper/src/rpc/key_store.rs

@@ -23,6 +23,7 @@ use std::collections::HashMap;
 
 use ethereum_types::H256;
 use ethkey::{KeyPair, Public, Secret};
+use mem::Memzero;
 use rand::{Rng, OsRng};
 use ring::error::Unspecified;
 
@@ -35,7 +36,7 @@ pub enum Key {
 	/// and signing.
 	Asymmetric(KeyPair),
 	/// AES-256 GCM mode. Suitable for encryption, decryption, but not signing.
-	Symmetric([u8; AES_KEY_LEN]),
+	Symmetric(Memzero<[u8; AES_KEY_LEN]>),
 }
 
 impl Key {
@@ -49,7 +50,7 @@ impl Key {
 
 	/// Generate a random symmetric key with the given cryptographic RNG.
 	pub fn new_symmetric(rng: &mut OsRng) -> Self {
-		Key::Symmetric(rng.gen())
+		Key::Symmetric(Memzero::from(rng.gen::<[u8; 32]>()))
 	}
 
 	/// From secret asymmetric key. Fails if secret is invalid.
@@ -61,7 +62,7 @@ impl Key {
 
 	/// From raw symmetric key.
 	pub fn from_raw_symmetric(key: [u8; AES_KEY_LEN]) -> Self {
-		Key::Symmetric(key)
+		Key::Symmetric(Memzero::from(key))
 	}
 
 	/// Get a handle to the public key if this is an asymmetric key.
@@ -177,7 +178,7 @@ mod tests {
 
 	#[test]
 	fn rejects_invalid_secret() {
-		let bad_secret = ::ethkey::Secret::from_slice(&[0xff; 32]);
+		let bad_secret = ::ethkey::Secret::from([0xff; 32]);
 		assert!(Key::from_secret(bad_secret).is_err());
 	}
 

whisper/src/rpc/mod.rs

@@ -28,6 +28,7 @@ use jsonrpc_pubsub::{Session, PubSubMetadata, SubscriptionId};
 use jsonrpc_macros::pubsub;
 
 use ethereum_types::H256;
+use mem::Memzero;
 use parking_lot::RwLock;
 
 use self::filter::Filter;
@@ -286,7 +287,7 @@ impl<P: PoolHandle + 'static, M: Send + Sync + 'static> Whisper for WhisperClien
 				let mut rng = OsRng::new()
 					.map_err(|_| whisper_error("unable to acquire secure randomness"))?;
 
-				let key = rng.gen();
+				let key = Memzero::from(rng.gen::<[u8; 32]>());
 				if req.topics.is_empty() {
 					return Err(whisper_error("must supply at least one topic for broadcast message"));
 				}