Trait secmem_alloc::zeroize::MemZeroizer [−][src]
pub trait MemZeroizer {
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize);
unsafe fn zeroize_mem_minaligned(
&self,
ptr: *mut u8,
len: usize,
align: usize
) { ... }
}Expand description
Strategy for securely erasing memory.
Security
The implementor must ensure that the zeroize instruction won’t be elided by the compiler.
Required methods
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize)
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize)
Provided methods
Zeroize the memory pointed to by ptr and of size len bytes, aligned
at least align.
This is guarantied to be not elided by the compiler.
ptr must be at least align byte aligned, see the safety section
below. The align value might be used to optimise out a branch on
alignment if align is known at compile time.
Safety
The caller must ensure that ptr is valid for writes of len bytes,
see the std::ptr documentation. In particular this function is
not atomic.
Furthermore, ptr must be at least align byte aligned, and align
must be a power of 2 (and therefore non-zero).
Performance
The align value might be used to optimise out a branch on alignment if
align is known at compile time. Using this method will at least
not degrade performance relative to Self::zeroize_mem if align is
known at compile time. Therefore it is fine to underestimate the
alignment, especially if this underestimate can be known at compile
time.