chore: Use the ZeroizeOnDrop trait instead of the deprecated drop call

src/cipher/key.rs

@@ -19,16 +19,15 @@ use aes::{
 };
 use hkdf::Hkdf;
 use sha2::Sha256;
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use super::Aes256CbcEnc;
 
 type Aes256Key = GenericArray<u8, <Aes256 as KeySizeUser>::KeySize>;
 type Aes256Iv = GenericArray<u8, <Aes256CbcEnc as IvSizeUser>::IvSize>;
 type HmacSha256Key = [u8; 32];
 
-#[derive(Zeroize)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop)]
 struct ExpandedKeys(Box<[u8; 80]>);
 
 impl ExpandedKeys {
@@ -59,8 +58,7 @@ impl ExpandedKeys {
     }
 }
 
-#[derive(Zeroize)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub(super) struct CipherKeys {
     aes_key: Box<[u8; 32]>,
     aes_iv: Box<[u8; 16]>,

src/lib.rs

@@ -179,7 +179,7 @@
 //! instead call the `.pickle()` method to obtain a special serializable struct.
 //! This struct *does* implement `Serialize` and can therefore be serialized
 //! into any format supported by `serde`. To get back to the original struct
-//! from such as serializeable struct, just call `.unpickle()`.
+//! from such as serializable struct, just call `.unpickle()`.
 //!
 //! ```rust
 //! use anyhow::Result;

src/megolm/group_session.rs

@@ -156,7 +156,7 @@ impl GroupSession {
 #[cfg(feature = "libolm-compat")]
 mod libolm_compat {
     use matrix_pickle::Decode;
-    use zeroize::Zeroize;
+    use zeroize::{Zeroize, ZeroizeOnDrop};
 
     use super::GroupSession;
     use crate::{
@@ -165,8 +165,7 @@ mod libolm_compat {
         Ed25519Keypair,
     };
 
-    #[derive(Zeroize, Decode)]
-    #[zeroize(drop)]
+    #[derive(Zeroize, ZeroizeOnDrop, Decode)]
     pub(super) struct Pickle {
         version: u32,
         ratchet: LibolmRatchetPickle,

src/megolm/inbound_group_session.rs

@@ -382,16 +382,15 @@ impl InboundGroupSession {
 #[cfg(feature = "libolm-compat")]
 mod libolm_compat {
     use matrix_pickle::Decode;
-    use zeroize::Zeroize;
+    use zeroize::{Zeroize, ZeroizeOnDrop};
 
     use super::InboundGroupSession;
     use crate::{
         megolm::{libolm::LibolmRatchetPickle, SessionConfig},
         Ed25519PublicKey,
     };
 
-    #[derive(Zeroize, Decode)]
-    #[zeroize(drop)]
+    #[derive(Zeroize, ZeroizeOnDrop, Decode)]
     pub(super) struct Pickle {
         version: u32,
         initial_ratchet: LibolmRatchetPickle,

src/megolm/mod.rs

@@ -37,12 +37,11 @@ fn default_config() -> SessionConfig {
 #[cfg(feature = "libolm-compat")]
 mod libolm {
     use matrix_pickle::Decode;
-    use zeroize::Zeroize;
+    use zeroize::{Zeroize, ZeroizeOnDrop};
 
     use super::ratchet::Ratchet;
 
-    #[derive(Zeroize, Decode)]
-    #[zeroize(drop)]
+    #[derive(Zeroize, ZeroizeOnDrop, Decode)]
     pub(crate) struct LibolmRatchetPickle {
         #[secret]
         ratchet: Box<[u8; 128]>,

src/megolm/ratchet.rs

@@ -19,13 +19,12 @@ use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use sha2::{digest::CtOutput, Sha256};
 use subtle::{Choice, ConstantTimeEq};
 use thiserror::Error;
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 const ADVANCEMENT_SEEDS: [&[u8; 1]; Ratchet::RATCHET_PART_COUNT] =
     [b"\x00", b"\x01", b"\x02", b"\x03"];
 
-#[derive(Serialize, Deserialize, Zeroize, Clone)]
-#[zeroize(drop)]
+#[derive(Clone, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub(super) struct Ratchet {
     inner: RatchetBytes,
     counter: u32,
@@ -42,8 +41,7 @@ impl ConstantTimeEq for Ratchet {
     }
 }
 
-#[derive(Zeroize, Clone)]
-#[zeroize(drop)]
+#[derive(Clone, Zeroize, ZeroizeOnDrop)]
 struct RatchetBytes(Box<[u8; Ratchet::RATCHET_LENGTH]>);
 
 impl RatchetBytes {

src/olm/account/mod.rs

@@ -478,7 +478,7 @@ impl From<AccountPickle> for Account {
 #[cfg(feature = "libolm-compat")]
 mod libolm {
     use matrix_pickle::{Decode, DecodeError, Encode, EncodeError};
-    use zeroize::Zeroize;
+    use zeroize::{Zeroize, ZeroizeOnDrop};
 
     use super::{
         fallback_keys::{FallbackKey, FallbackKeys},
@@ -491,8 +491,7 @@ mod libolm {
         Curve25519PublicKey, Ed25519Keypair, KeyId,
     };
 
-    #[derive(Debug, Zeroize, Encode, Decode)]
-    #[zeroize(drop)]
+    #[derive(Debug, Encode, Decode, Zeroize, ZeroizeOnDrop)]
     struct OneTimeKey {
         key_id: u32,
         published: bool,
@@ -510,8 +509,7 @@ mod libolm {
         }
     }
 
-    #[derive(Debug, Zeroize)]
-    #[zeroize(drop)]
+    #[derive(Debug, Zeroize, ZeroizeOnDrop)]
     struct FallbackKeysArray {
         fallback_key: Option<OneTimeKey>,
         previous_fallback_key: Option<OneTimeKey>,
@@ -559,8 +557,7 @@ mod libolm {
         }
     }
 
-    #[derive(Zeroize, Encode, Decode)]
-    #[zeroize(drop)]
+    #[derive(Encode, Decode, Zeroize, ZeroizeOnDrop)]
     pub(super) struct Pickle {
         version: u32,
         ed25519_keypair: LibolmEd25519Keypair,

src/olm/session/chain_key.rs

@@ -15,7 +15,7 @@
 use hmac::{Hmac, Mac};
 use serde::{Deserialize, Serialize};
 use sha2::{digest::CtOutput, Sha256};
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use super::{
     message_key::{MessageKey, RemoteMessageKey},
@@ -48,15 +48,13 @@ fn advance(key: &[u8; 32]) -> CtOutput<Hmac<Sha256>> {
     mac.finalize()
 }
 
-#[derive(Clone, Zeroize, Serialize, Deserialize)]
-#[zeroize(drop)]
+#[derive(Clone, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub(super) struct ChainKey {
     key: Box<[u8; 32]>,
     index: u64,
 }
 
-#[derive(Clone, Zeroize, Serialize, Deserialize)]
-#[zeroize(drop)]
+#[derive(Clone, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub(super) struct RemoteChainKey {
     key: Box<[u8; 32]>,
     index: u64,

src/olm/session/mod.rs

@@ -336,7 +336,7 @@ impl Session {
 #[cfg(feature = "libolm-compat")]
 mod libolm_compat {
     use matrix_pickle::Decode;
-    use zeroize::Zeroize;
+    use zeroize::{Zeroize, ZeroizeOnDrop};
 
     use super::{
         chain_key::{ChainKey, RemoteChainKey},
@@ -353,8 +353,7 @@ mod libolm_compat {
         Curve25519PublicKey,
     };
 
-    #[derive(Debug, Decode, Zeroize)]
-    #[zeroize(drop)]
+    #[derive(Debug, Decode, Zeroize, ZeroizeOnDrop)]
     struct SenderChain {
         public_ratchet_key: [u8; 32],
         #[secret]
@@ -363,8 +362,7 @@ mod libolm_compat {
         chain_key_index: u32,
     }
 
-    #[derive(Debug, Decode, Zeroize)]
-    #[zeroize(drop)]
+    #[derive(Debug, Decode, Zeroize, ZeroizeOnDrop)]
     struct ReceivingChain {
         public_ratchet_key: [u8; 32],
         #[secret]
@@ -384,8 +382,7 @@ mod libolm_compat {
         }
     }
 
-    #[derive(Debug, Decode, Zeroize)]
-    #[zeroize(drop)]
+    #[derive(Debug, Decode, Zeroize, ZeroizeOnDrop)]
     struct MessageKey {
         ratchet_key: [u8; 32],
         #[secret]

src/olm/session/root_key.rs

@@ -15,7 +15,7 @@
 use hkdf::Hkdf;
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use super::{
     chain_key::{ChainKey, RemoteChainKey},
@@ -34,9 +34,8 @@ const ADVANCEMENT_SEED: &[u8; 11] = b"OLM_RATCHET";
 ///
 /// This struct holds the root key corresponding to chains where we are the
 /// sender. See also [`RemoteRootKey`].
-#[derive(Serialize, Deserialize, Clone, Zeroize)]
+#[derive(Clone, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 #[serde(transparent)]
-#[zeroize(drop)]
 pub(crate) struct RootKey {
     pub key: Box<[u8; 32]>,
 }
@@ -45,8 +44,7 @@ pub(crate) struct RootKey {
 ///
 /// See [`RootKey`] for information on root keys. This struct holds the root key
 /// corresponding to chains where the other side is the sender.
-#[derive(Serialize, Deserialize, Clone, Zeroize)]
-#[zeroize(drop)]
+#[derive(Clone, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub(crate) struct RemoteRootKey {
     pub key: Box<[u8; 32]>,
 }

src/olm/shared_secret.rs

@@ -34,16 +34,14 @@
 use hkdf::Hkdf;
 use sha2::Sha256;
 use x25519_dalek::{ReusableSecret, SharedSecret};
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::{types::Curve25519SecretKey as StaticSecret, Curve25519PublicKey as PublicKey};
 
-#[derive(Zeroize)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct Shared3DHSecret(Box<[u8; 96]>);
 
-#[derive(Zeroize)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct RemoteShared3DHSecret(Box<[u8; 96]>);
 
 fn expand(shared_secret: &[u8; 96]) -> (Box<[u8; 32]>, Box<[u8; 32]>) {

src/utilities/libolm_compat.rs

@@ -15,7 +15,7 @@
 use std::io::Cursor;
 
 use matrix_pickle::{Decode, Encode};
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use super::{base64_decode, base64_encode};
 use crate::{cipher::Cipher, LibolmPickleError};
@@ -78,8 +78,7 @@ where
     Ok(base64_encode(encrypted))
 }
 
-#[derive(Zeroize, Encode, Decode)]
-#[zeroize(drop)]
+#[derive(Encode, Decode, Zeroize, ZeroizeOnDrop)]
 pub(crate) struct LibolmEd25519Keypair {
     pub public_key: [u8; 32],
     #[secret]