Struct SecretBuf 

pub struct SecretBuf { /* private fields */ }

A heap buffer that is securely zeroed via OPENSSL_cleanse on drop.

Use to hold key material, passwords, and other sensitive byte sequences. The zeroing is performed by OpenSSL’s OPENSSL_cleanse, which is the FIPS-approved memory-clearing function and is not eliminated by the compiler’s dead-store optimiser.

Example

use native_ossl::util::SecretBuf;

let mut key = SecretBuf::with_len(32);
native_ossl::rand::Rand::fill(key.as_mut_slice()).unwrap();
// key bytes are securely erased when `key` is dropped.

Implementations

impl SecretBuf

pub fn new(data: Vec<u8>) -> Self

Wrap an existing allocation. Takes ownership; the buffer will be securely zeroed when the SecretBuf is dropped.

pub fn with_len(len: usize) -> Self

Allocate a zero-initialised buffer of len bytes.

pub fn from_slice(data: &[u8]) -> Self

Copy data into a new secure buffer.

pub fn len(&self) -> usize

Number of bytes in the buffer.

pub fn is_empty(&self) -> bool

true if the buffer holds no bytes.

pub fn as_mut_slice(&mut self) -> &mut [u8]

Expose the buffer as a mutable byte slice.

Useful for writing derived key material directly into the buffer.

Trait Implementations

impl AsRef<[u8]> for SecretBuf

fn as_ref(&self) -> &[u8]

Converts this type into a shared reference of the (usually inferred) input type.

impl Drop for SecretBuf

fn drop(&mut self)

Executes the destructor for this type.

impl Send for SecretBuf

impl Sync for SecretBuf