From 3ddc4814224cabe796b0451de067bf42a323972f Mon Sep 17 00:00:00 2001
From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>
Date: Mon, 14 Jun 2021 01:32:27 -0700
Subject: [PATCH] Implement secure wipe

---
 src/crypto-secret/secret.cr | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/crypto-secret/secret.cr b/src/crypto-secret/secret.cr
index 6d4614f..4d0d2af 100644
--- a/src/crypto-secret/secret.cr
+++ b/src/crypto-secret/secret.cr
@@ -1,5 +1,16 @@
 require "crypto/subtle"
 
+lib LibC
+  fun explicit_bzero(Void*, LibC::SizeT) : Int
+end
+
+struct Slice(T)
+  def wipe
+    r = LibC.explicit_bzero slice.to_unsafe, slice.bytesize
+    raise RunTimeError.from_errno("explicit_bzero") if r != 0
+  end
+end
+
 # Interface to hold sensitive information (often cryptographic keys)
 #
 # **Only for direct use by cryptographic library authors**
@@ -54,7 +65,9 @@ module Crypto::Secret
   end
 
   def wipe
-    # Todo: implement wiping.  Needs crystal support
+    readwrite do |slice|
+      slice.wipe
+    end
   end
 
   # Secret is wiped after exiting the block