zeroize 0.4.2

Securely zero memory while avoiding compiler optimizations: cross-platform secure intrinsics for zeroing memory, using FFI to invoke OS intrinsics on stable Rust (with support for Linux, Windows, macOS/iOS, FreeBSD, OpenBSD, NetBSD, DragonflyBSD), or the unstable 'volatile_set_memory()` intrinsic on nightly. No insecure fallbacks, no dependencies, no std, no functionality besides securely zeroing memory.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! Support for building `explicit_bzero.c` backport for Linux w\ glibc < 2.25.

#[cfg(any(feature = "linux-backport", feature = "windows"))]
extern crate cc;
#[cfg(any(feature = "linux-backport", feature = "windows"))]
extern crate semver;

fn main() {
    #[cfg(all(feature = "linux-backport", target_os = "linux"))]
    linux::build_explicit_bzero_backport();

    #[cfg(all(feature = "windows", target_os = "windows"))]
    windows::build_explicit_bzero_shim();
}

/// Support for building the `explicit_bzero.c` backport.
/// Only used when the `linux-backport` cargo feature is enabled and the
/// installed glibc version is < 2.25 or musl-libc version is < 1.1.20.
#[cfg(all(feature = "linux-backport", target_os = "linux"))]
mod linux {
    use super::cc;
    use super::semver::Version;
    use std::process::Command;

    /// First version of glibc to support `explicit_bzero()`
    const GLIBC_WITH_EXPLICIT_BZERO: &str = "2.25.0";

    /// First version of musl-libc to support `explicit_bzero()`
    const MUSL_WITH_EXPLICIT_BZERO: &str = "1.1.20";

    struct LddVersion {
        /// Whether version command was successful.
        success: bool,

        /// Standard output of the version command.
        stdout: String,

        /// Standard error of the version command,
        stderr: String,
    }

    enum StdLibrary {
        /// GNU C standard library
        GNU(Version),

        /// Musl C standard library
        Musl(Version),

        /// Unsupported standard library
        Unsupported,
    }

    impl StdLibrary {
        /// Build backports if necessary
        fn should_build_explicit_bzero(&self) -> Option<bool> {
            match self {
                StdLibrary::GNU(ver) => {
                    Some(ver < &Version::parse(GLIBC_WITH_EXPLICIT_BZERO).unwrap())
                }
                StdLibrary::Musl(ver) => {
                    Some(ver < &Version::parse(MUSL_WITH_EXPLICIT_BZERO).unwrap())
                }
                StdLibrary::Unsupported => None,
            }
        }
    }

    impl LddVersion {
        /// Initialize LddVersion with the version command output
        fn new() -> Self {
            let output = Command::new("/usr/bin/ldd")
                .arg("--version")
                .output()
                .unwrap();

            Self {
                success: output.status.success(),
                stdout: String::from_utf8(output.stdout).unwrap(),
                stderr: String::from_utf8(output.stderr).unwrap(),
            }
        }

        /// Resolve the version of the installed C standard library
        fn resolve(&self) -> StdLibrary {
            let stdout = self.stdout.to_ascii_lowercase();
            let stderr = self.stderr.to_ascii_lowercase();

            // Check if this is GNU C standard library
            for glibc_str in &["glibc", "gnu libc"] {
                if stdout.find(glibc_str).is_some() || stderr.find(glibc_str).is_some() {
                    return self.get_glibc_version();
                }
            }

            // Check if this is musl-libc
            if stdout.find("musl").is_some() || stderr.find("musl").is_some() {
                return self.get_musl_version();
            }

            StdLibrary::Unsupported
        }

        /// Get the version of the GNU C standard library
        fn get_glibc_version(&self) -> StdLibrary {
            if !self.success {
                panic!(
                    "/usr/bin/ldd --version exited with error: {:?}",
                    self.stderr
                );
            }

            let info = self.stdout.split('\n').next().unwrap();
            let version =
                Version::parse(&(info.split(' ').last().unwrap().to_owned() + ".0")).unwrap();

            StdLibrary::GNU(version)
        }

        /// Get the version of the Musl C standard library
        fn get_musl_version(&self) -> StdLibrary {
            let info = self.stderr.split('\n').collect::<Vec<&str>>()[1];
            let version = Version::parse(info.split(' ').collect::<Vec<&str>>()[1]).unwrap();

            StdLibrary::Musl(version)
        }
    }

    /// Build `src/os/linux/explicit_bzero_backport.c` using the `cc` crate
    pub fn build_explicit_bzero_backport() {
        let ldd_version = LddVersion::new();
        let stdlib = ldd_version.resolve();

        match stdlib.should_build_explicit_bzero() {
            Some(should_build) => if should_build {
                cc::Build::new()
                    .file("src/os/linux/explicit_bzero_backport.c")
                    .compile("explicit_bzero");
            },
            None => panic!("unsupported standard library"),
        }
    }
}

/// Support for `SecureZeroMemory` (a macro found in `winnt.h`) is implemented
/// as a shim for the `explicit_bzero()` API.
#[cfg(all(feature = "windows", target_os = "windows"))]
mod windows {
    use super::cc;

    /// Build `src/os/windows/explicit_bzero_shim.c` using the `cc` crate
    pub fn build_explicit_bzero_shim() {
        cc::Build::new()
            .file("src/os/windows/explicit_bzero_shim.c")
            .compile("explicit_bzero");
    }
}