wolfSSL
diff --git a/‎wrapper/rust/wolfssl-wolfcrypt/Cargo.lock‎
Lines changed: 21 additions & 0 deletions b/‎wrapper/rust/wolfssl-wolfcrypt/Cargo.lock‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎wrapper/rust/wolfssl-wolfcrypt/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎wrapper/rust/wolfssl-wolfcrypt/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎wrapper/rust/wolfssl-wolfcrypt/src/aes.rs‎
Lines changed: 75 additions & 0 deletions b/‎wrapper/rust/wolfssl-wolfcrypt/src/aes.rs‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs‎
Lines changed: 57 additions & 0 deletions b/‎wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs‎
Lines changed: 10 additions & 6 deletions b/‎wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs‎
Lines changed: 10 additions & 6 deletions
@@ -20,6 +20,7 @@ cipher = ["dep:cipher"]
 rand_core = { version = "0.10", optional = true, default-features = false }
 aead = { version = "0.5", optional = true, default-features = false }
 cipher = { version = "0.5", optional = true, default-features = false }
+zeroize = { version = "1.3", default-features = false, features = ["derive"] }
 
 [dev-dependencies]
 aead = { version = "0.5", features = ["alloc", "dev"] }
 
@@ -27,6 +27,7 @@ Encryption Standard (AES) functionality.
 
 use crate::sys;
 use core::mem::{size_of_val, MaybeUninit};
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 #[cfg(feature = "aead")]
 use aead::{AeadCore, AeadInPlace, KeyInit, KeySizeUser};
@@ -233,10 +234,17 @@ impl CBC {
     }
 }
 #[cfg(aes_cbc)]
+impl Zeroize for CBC {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_cbc)]
 impl Drop for CBC {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -428,10 +436,17 @@ impl CCM {
     }
 }
 #[cfg(aes_ccm)]
+impl Zeroize for CCM {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_ccm)]
 impl Drop for CCM {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -506,6 +521,7 @@ fn ccm_decrypt_in_place(
 
 /// AES-128-CCM authenticated encryption (12-byte nonce, 16-byte tag).
 #[cfg(all(aes_ccm, feature = "aead"))]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct Aes128Ccm {
     key: [u8; 16],
 }
@@ -557,6 +573,7 @@ impl AeadInPlace for Aes128Ccm {
 
 /// AES-256-CCM authenticated encryption (12-byte nonce, 16-byte tag).
 #[cfg(all(aes_ccm, feature = "aead"))]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct Aes256Ccm {
     key: [u8; 32],
 }
@@ -906,10 +923,17 @@ impl CFB {
     }
 }
 #[cfg(aes_cfb)]
+impl Zeroize for CFB {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_cfb)]
 impl Drop for CFB {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -1076,10 +1100,17 @@ impl CTR {
     }
 }
 #[cfg(aes_ctr)]
+impl Zeroize for CTR {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_ctr)]
 impl Drop for CTR {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -1384,10 +1415,17 @@ impl ECB {
     }
 }
 #[cfg(aes_ecb)]
+impl Zeroize for ECB {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_ecb)]
 impl Drop for ECB {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -1579,10 +1617,17 @@ impl GCM {
     }
 }
 #[cfg(aes_gcm)]
+impl Zeroize for GCM {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_gcm)]
 impl Drop for GCM {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -1658,6 +1703,7 @@ fn gcm_decrypt_in_place(
 
 /// AES-128-GCM authenticated encryption (12-byte nonce, 16-byte tag).
 #[cfg(all(aes_gcm, feature = "aead"))]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct Aes128Gcm {
     key: [u8; 16],
 }
@@ -1709,6 +1755,7 @@ impl AeadInPlace for Aes128Gcm {
 
 /// AES-256-GCM authenticated encryption (12-byte nonce, 16-byte tag).
 #[cfg(all(aes_gcm, feature = "aead"))]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct Aes256Gcm {
     key: [u8; 32],
 }
@@ -2034,10 +2081,17 @@ impl GCMStream {
     }
 }
 #[cfg(aes_gcm_stream)]
+impl Zeroize for GCMStream {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_gcm_stream)]
 impl Drop for GCMStream {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -2215,10 +2269,17 @@ impl OFB {
     }
 }
 #[cfg(aes_ofb)]
+impl Zeroize for OFB {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_aes); }
+    }
+}
+#[cfg(aes_ofb)]
 impl Drop for OFB {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesFree(&mut self.ws_aes); }
+        self.zeroize();
     }
 }
 
@@ -2586,10 +2647,17 @@ impl XTS {
     }
 }
 #[cfg(aes_xts)]
+impl Zeroize for XTS {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }
+    }
+}
+#[cfg(aes_xts)]
 impl Drop for XTS {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }
+        self.zeroize();
     }
 }
 
@@ -2890,10 +2958,17 @@ impl XTSStream {
     }
 }
 #[cfg(aes_xts_stream)]
+impl Zeroize for XTSStream {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }
+    }
+}
+#[cfg(aes_xts_stream)]
 impl Drop for XTSStream {
     /// Safely free the wolfSSL resources.
     fn drop(&mut self) {
         unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }
+        self.zeroize();
     }
 }
 
 
@@ -27,6 +27,7 @@ functionality.
 
 use crate::sys;
 use core::mem::MaybeUninit;
+use zeroize::Zeroize;
 
 /// Context for BLAKE2b computation.
 #[cfg(blake2b)]
@@ -174,6 +175,20 @@ impl BLAKE2b {
 }
 
 
+#[cfg(blake2b)]
+impl Zeroize for BLAKE2b {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.wc_blake2b); }
+    }
+}
+
+#[cfg(blake2b)]
+impl Drop for BLAKE2b {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 /// Context for HMAC-BLAKE2b computation.
 #[cfg(blake2b_hmac)]
 pub struct BLAKE2bHmac {
@@ -311,6 +326,20 @@ impl BLAKE2bHmac {
 }
 
 
+#[cfg(blake2b_hmac)]
+impl Zeroize for BLAKE2bHmac {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.wc_blake2b); }
+    }
+}
+
+#[cfg(blake2b_hmac)]
+impl Drop for BLAKE2bHmac {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 /// Context for BLAKE2s computation.
 #[cfg(blake2s)]
 pub struct BLAKE2s {
@@ -457,6 +486,20 @@ impl BLAKE2s {
 }
 
 
+#[cfg(blake2s)]
+impl Zeroize for BLAKE2s {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.wc_blake2s); }
+    }
+}
+
+#[cfg(blake2s)]
+impl Drop for BLAKE2s {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 /// Context for HMAC-BLAKE2s computation.
 #[cfg(blake2s_hmac)]
 pub struct BLAKE2sHmac {
@@ -592,3 +635,17 @@ impl BLAKE2sHmac {
         Ok(())
     }
 }
+
+#[cfg(blake2s_hmac)]
+impl Zeroize for BLAKE2sHmac {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.wc_blake2s); }
+    }
+}
+
+#[cfg(blake2s_hmac)]
+impl Drop for BLAKE2sHmac {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
@@ -27,6 +27,7 @@ ChaCha20-Poly1305 functionality.
 
 use crate::sys;
 use core::mem::MaybeUninit;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 pub struct ChaCha20Poly1305 {
     wc_ccp: sys::ChaChaPoly_Aead,
@@ -243,14 +244,15 @@ impl ChaCha20Poly1305 {
     }
 }
 
+impl Zeroize for ChaCha20Poly1305 {
+    fn zeroize(&mut self) {
+        unsafe { crate::zeroize_raw(&mut self.wc_ccp); }
+    }
+}
+
 impl Drop for ChaCha20Poly1305 {
     fn drop(&mut self) {
-        unsafe {
-            let ptr = &mut self.wc_ccp as *mut sys::ChaChaPoly_Aead as *mut u8;
-            for i in 0..core::mem::size_of::<sys::ChaChaPoly_Aead>() {
-                core::ptr::write_volatile(ptr.add(i), 0);
-            }
-        }
+        self.zeroize();
     }
 }
 
@@ -261,6 +263,7 @@ impl Drop for ChaCha20Poly1305 {
 /// ChaCha20-Poly1305 AEAD instance holding a key for use with the
 /// `aead::KeyInit` and `aead::AeadInPlace` traits.
 #[cfg(feature = "aead")]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct ChaCha20Poly1305Aead {
     key: [u8; 32],
 }
@@ -449,6 +452,7 @@ impl XChaCha20Poly1305 {
 /// XChaCha20-Poly1305 AEAD instance holding a key for use with the
 /// `aead::KeyInit` and `aead::AeadInPlace` traits.
 #[cfg(all(xchacha20_poly1305, feature = "aead"))]
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct XChaCha20Poly1305Aead {
     key: [u8; 32],
 }
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ Encryption Standard (AES) functionality.`
`27`	`27`
`28`	`28`	`use crate::sys;`
`29`	`29`	`use core::mem::{size_of_val, MaybeUninit};`
	`30`	`+use zeroize::{Zeroize, ZeroizeOnDrop};`
`30`	`31`
`31`	`32`	`#[cfg(feature = "aead")]`
`32`	`33`	`use aead::{AeadCore, AeadInPlace, KeyInit, KeySizeUser};`
`@@ -233,10 +234,17 @@ impl CBC {`
`233`	`234`	`}`
`234`	`235`	`}`
`235`	`236`	`#[cfg(aes_cbc)]`
	`237`	`+impl Zeroize for CBC {`
	`238`	`+ fn zeroize(&mut self) {`
	`239`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`240`	`+ }`
	`241`	`+}`
	`242`	`+#[cfg(aes_cbc)]`
`236`	`243`	`impl Drop for CBC {`
`237`	`244`	`/// Safely free the wolfSSL resources.`
`238`	`245`	`fn drop(&mut self) {`
`239`	`246`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`247`	`+ self.zeroize();`
`240`	`248`	`}`
`241`	`249`	`}`
`242`	`250`
`@@ -428,10 +436,17 @@ impl CCM {`
`428`	`436`	`}`
`429`	`437`	`}`
`430`	`438`	`#[cfg(aes_ccm)]`
	`439`	`+impl Zeroize for CCM {`
	`440`	`+ fn zeroize(&mut self) {`
	`441`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`442`	`+ }`
	`443`	`+}`
	`444`	`+#[cfg(aes_ccm)]`
`431`	`445`	`impl Drop for CCM {`
`432`	`446`	`/// Safely free the wolfSSL resources.`
`433`	`447`	`fn drop(&mut self) {`
`434`	`448`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`449`	`+ self.zeroize();`
`435`	`450`	`}`
`436`	`451`	`}`
`437`	`452`
`@@ -506,6 +521,7 @@ fn ccm_decrypt_in_place(`
`506`	`521`
`507`	`522`	`/// AES-128-CCM authenticated encryption (12-byte nonce, 16-byte tag).`
`508`	`523`	`#[cfg(all(aes_ccm, feature = "aead"))]`
	`524`	`+#[derive(Zeroize, ZeroizeOnDrop)]`
`509`	`525`	`pub struct Aes128Ccm {`
`510`	`526`	`key: [u8; 16],`
`511`	`527`	`}`
`@@ -557,6 +573,7 @@ impl AeadInPlace for Aes128Ccm {`
`557`	`573`
`558`	`574`	`/// AES-256-CCM authenticated encryption (12-byte nonce, 16-byte tag).`
`559`	`575`	`#[cfg(all(aes_ccm, feature = "aead"))]`
	`576`	`+#[derive(Zeroize, ZeroizeOnDrop)]`
`560`	`577`	`pub struct Aes256Ccm {`
`561`	`578`	`key: [u8; 32],`
`562`	`579`	`}`
`@@ -906,10 +923,17 @@ impl CFB {`
`906`	`923`	`}`
`907`	`924`	`}`
`908`	`925`	`#[cfg(aes_cfb)]`
	`926`	`+impl Zeroize for CFB {`
	`927`	`+ fn zeroize(&mut self) {`
	`928`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`929`	`+ }`
	`930`	`+}`
	`931`	`+#[cfg(aes_cfb)]`
`909`	`932`	`impl Drop for CFB {`
`910`	`933`	`/// Safely free the wolfSSL resources.`
`911`	`934`	`fn drop(&mut self) {`
`912`	`935`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`936`	`+ self.zeroize();`
`913`	`937`	`}`
`914`	`938`	`}`
`915`	`939`
`@@ -1076,10 +1100,17 @@ impl CTR {`
`1076`	`1100`	`}`
`1077`	`1101`	`}`
`1078`	`1102`	`#[cfg(aes_ctr)]`
	`1103`	`+impl Zeroize for CTR {`
	`1104`	`+ fn zeroize(&mut self) {`
	`1105`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`1106`	`+ }`
	`1107`	`+}`
	`1108`	`+#[cfg(aes_ctr)]`
`1079`	`1109`	`impl Drop for CTR {`
`1080`	`1110`	`/// Safely free the wolfSSL resources.`
`1081`	`1111`	`fn drop(&mut self) {`
`1082`	`1112`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`1113`	`+ self.zeroize();`
`1083`	`1114`	`}`
`1084`	`1115`	`}`
`1085`	`1116`
`@@ -1384,10 +1415,17 @@ impl ECB {`
`1384`	`1415`	`}`
`1385`	`1416`	`}`
`1386`	`1417`	`#[cfg(aes_ecb)]`
	`1418`	`+impl Zeroize for ECB {`
	`1419`	`+ fn zeroize(&mut self) {`
	`1420`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`1421`	`+ }`
	`1422`	`+}`
	`1423`	`+#[cfg(aes_ecb)]`
`1387`	`1424`	`impl Drop for ECB {`
`1388`	`1425`	`/// Safely free the wolfSSL resources.`
`1389`	`1426`	`fn drop(&mut self) {`
`1390`	`1427`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`1428`	`+ self.zeroize();`
`1391`	`1429`	`}`
`1392`	`1430`	`}`
`1393`	`1431`
`@@ -1579,10 +1617,17 @@ impl GCM {`
`1579`	`1617`	`}`
`1580`	`1618`	`}`
`1581`	`1619`	`#[cfg(aes_gcm)]`
	`1620`	`+impl Zeroize for GCM {`
	`1621`	`+ fn zeroize(&mut self) {`
	`1622`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`1623`	`+ }`
	`1624`	`+}`
	`1625`	`+#[cfg(aes_gcm)]`
`1582`	`1626`	`impl Drop for GCM {`
`1583`	`1627`	`/// Safely free the wolfSSL resources.`
`1584`	`1628`	`fn drop(&mut self) {`
`1585`	`1629`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`1630`	`+ self.zeroize();`
`1586`	`1631`	`}`
`1587`	`1632`	`}`
`1588`	`1633`
`@@ -1658,6 +1703,7 @@ fn gcm_decrypt_in_place(`
`1658`	`1703`
`1659`	`1704`	`/// AES-128-GCM authenticated encryption (12-byte nonce, 16-byte tag).`
`1660`	`1705`	`#[cfg(all(aes_gcm, feature = "aead"))]`
	`1706`	`+#[derive(Zeroize, ZeroizeOnDrop)]`
`1661`	`1707`	`pub struct Aes128Gcm {`
`1662`	`1708`	`key: [u8; 16],`
`1663`	`1709`	`}`
`@@ -1709,6 +1755,7 @@ impl AeadInPlace for Aes128Gcm {`
`1709`	`1755`
`1710`	`1756`	`/// AES-256-GCM authenticated encryption (12-byte nonce, 16-byte tag).`
`1711`	`1757`	`#[cfg(all(aes_gcm, feature = "aead"))]`
	`1758`	`+#[derive(Zeroize, ZeroizeOnDrop)]`
`1712`	`1759`	`pub struct Aes256Gcm {`
`1713`	`1760`	`key: [u8; 32],`
`1714`	`1761`	`}`
`@@ -2034,10 +2081,17 @@ impl GCMStream {`
`2034`	`2081`	`}`
`2035`	`2082`	`}`
`2036`	`2083`	`#[cfg(aes_gcm_stream)]`
	`2084`	`+impl Zeroize for GCMStream {`
	`2085`	`+ fn zeroize(&mut self) {`
	`2086`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`2087`	`+ }`
	`2088`	`+}`
	`2089`	`+#[cfg(aes_gcm_stream)]`
`2037`	`2090`	`impl Drop for GCMStream {`
`2038`	`2091`	`/// Safely free the wolfSSL resources.`
`2039`	`2092`	`fn drop(&mut self) {`
`2040`	`2093`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`2094`	`+ self.zeroize();`
`2041`	`2095`	`}`
`2042`	`2096`	`}`
`2043`	`2097`
`@@ -2215,10 +2269,17 @@ impl OFB {`
`2215`	`2269`	`}`
`2216`	`2270`	`}`
`2217`	`2271`	`#[cfg(aes_ofb)]`
	`2272`	`+impl Zeroize for OFB {`
	`2273`	`+ fn zeroize(&mut self) {`
	`2274`	`+ unsafe { crate::zeroize_raw(&mut self.ws_aes); }`
	`2275`	`+ }`
	`2276`	`+}`
	`2277`	`+#[cfg(aes_ofb)]`
`2218`	`2278`	`impl Drop for OFB {`
`2219`	`2279`	`/// Safely free the wolfSSL resources.`
`2220`	`2280`	`fn drop(&mut self) {`
`2221`	`2281`	`unsafe { sys::wc_AesFree(&mut self.ws_aes); }`
	`2282`	`+ self.zeroize();`
`2222`	`2283`	`}`
`2223`	`2284`	`}`
`2224`	`2285`
`@@ -2586,10 +2647,17 @@ impl XTS {`
`2586`	`2647`	`}`
`2587`	`2648`	`}`
`2588`	`2649`	`#[cfg(aes_xts)]`
	`2650`	`+impl Zeroize for XTS {`
	`2651`	`+ fn zeroize(&mut self) {`
	`2652`	`+ unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }`
	`2653`	`+ }`
	`2654`	`+}`
	`2655`	`+#[cfg(aes_xts)]`
`2589`	`2656`	`impl Drop for XTS {`
`2590`	`2657`	`/// Safely free the wolfSSL resources.`
`2591`	`2658`	`fn drop(&mut self) {`
`2592`	`2659`	`unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }`
	`2660`	`+ self.zeroize();`
`2593`	`2661`	`}`
`2594`	`2662`	`}`
`2595`	`2663`
`@@ -2890,10 +2958,17 @@ impl XTSStream {`
`2890`	`2958`	`}`
`2891`	`2959`	`}`
`2892`	`2960`	`#[cfg(aes_xts_stream)]`
	`2961`	`+impl Zeroize for XTSStream {`
	`2962`	`+ fn zeroize(&mut self) {`
	`2963`	`+ unsafe { crate::zeroize_raw(&mut self.ws_xtsaes); }`
	`2964`	`+ }`
	`2965`	`+}`
	`2966`	`+#[cfg(aes_xts_stream)]`
`2893`	`2967`	`impl Drop for XTSStream {`
`2894`	`2968`	`/// Safely free the wolfSSL resources.`
`2895`	`2969`	`fn drop(&mut self) {`
`2896`	`2970`	`unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); }`
	`2971`	`+ self.zeroize();`
`2897`	`2972`	`}`
`2898`	`2973`	`}`
`2899`	`2974`