k256: impl Drop for ecdsa::SigningKey

[tarcieri]

Adds a Drop handler which calls zeroize() on the NonZeroScalar which the SigningKey newtype wraps.

[codecov-commenter]

Codecov Report

Merging #449 (0ceaf97) into master (daa50d5) will decrease coverage by 0.03%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #449      +/-   ##
==========================================
- Coverage   65.03%   65.00%   -0.04%     
==========================================
  Files          28       28              
  Lines        3598     3600       +2     
==========================================
  Hits         2340     2340              
- Misses       1258     1260       +2     

Impacted Files	Coverage Δ
k256/src/ecdsa/sign.rs	18.07% <0.00%> (-0.45%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update daa50d5...0ceaf97. Read the comment docs.

[ggutoski]

Yay! 🥳

Is there a reason you don't derive Zeroize for SigningKey and use #[zeroize(drop)]?

[tarcieri]

It's to avoid people accidentally using the SigningKey after it's been zeroized.

There's a bit of a tricky tradeoff here which we're aware causes some ergonomic problems. See iqlusioninc/crates#757

It would probably be good if the custom derive support could allow skipping of individual fields which are known to be self-zeroizing. Something like #[zeroize(skip)]