zeroize 0.5.1

Securely zero memory with using a simple trait built on stable Rust primitives which guarantee they will not be 'optimized away' by leveraging LLVM's volatile write semantics and memory fences. No weird tricks, no insecure fallbacks, no dependencies, no std, just a trait implemented for all of Rust's core scalar types and slices/iterators thereof for securely zeroing memory.

zeroize.rs 🄌 

Crate Docs MIT/Apache 2.0 Licensed Build Status

Securely zero memory while avoiding compiler optimizations.

This crate provides a safe, portable access to cross-platform intrinsics for securely zeroing memory which are specifically documented as guaranteeing they won't be "optimized away".

The Zeroize trait is the crate's primary (and only) API.

Documentation

About

Zeroing memory securely is hard - compilers optimize for performance, and in doing so they love to "optimize away" unnecessary zeroing calls. There are many documented "tricks" to attempt to avoid these optimizations and ensure that a zeroing routine is performed reliably.

This crate isn't about tricks: it uses core::ptr::write_volatile and core::sync::atomic memory fences to provide easy-to-use, portable zeroing behavior which works on all of Rust's core number types and slices thereof, implemented in pure Rust with no usage of FFI or assembly.

  • No insecure fallbacks!
  • No dependencies!
  • No FFI or inline assembly!
  • #![no_std] i.e. embedded-friendly!
  • No functionality besides securely zeroing memory!

Requirements

  • Rust 1.31+

License

zeroize is distributed under the terms of either the MIT license or the Apache License (Version 2.0), at your option.

See LICENSE (Apache License, Version 2.0) file in the iqlusioninc/crates toplevel directory of this repository or LICENSE-MIT for details.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.