RustCrypto: zeroize
[
]Securely zero memory (a.k.a. zeroize) while avoiding compiler optimizations.
This crate implements a portable approach to securely zeroing memory using techniques which guarantee they won't be "optimized away" by the compiler.
The [Zeroize trait] is the crate's primary API.
About
Zeroing memory securely is hard - compilers optimize for performance, and in doing so they love to "optimize away" unnecessary zeroing calls. There are many documented "tricks" to attempt to avoid these optimizations and ensure that a zeroing routine is performed reliably.
This crate isn't about tricks: it uses core::ptr::write_volatile and core::sync::atomic memory fences to provide easy-to-use, portable zeroing behavior which works on all of Rust's core number types and slices thereof, implemented in pure Rust with no usage of FFI or assembly.
- No insecure fallbacks!
- No dependencies!
- No FFI or inline assembly! WASM friendly (and tested)!
#![no_std]i.e. embedded-friendly!- No functionality besides securely zeroing memory!
- (Optional) Custom derive support for zeroing complex structures
Minimum Supported Rust Version
Rust 1.56 or newer.
In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.