Trait secmem_alloc::zeroize::MemZeroizer
source · [−]pub trait MemZeroizer {
unsafe fn zeroize_mem_blocks<const LOG_ALIGN: u8, const LOG_MULTIPLE: u8>(
&self,
ptr: *mut u8,
len: usize
);
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize) { ... }
}Expand description
Strategy for securely erasing memory.
Security
The implementor must ensure that the zeroize instruction won’t be elided by the compiler.
Required methods
Zeroize the memory pointed to by ptr and of size len bytes.
This is guarantied to be not elided by the compiler.
Safety
The caller must ensure that ptr is valid for writes of len bytes,
see the std::ptr documentation. In particular this function is
not atomic.
Furthermore, ptr must be at least 2^LOG_ALIGN byte aligned, and
2^LOG_ALIGN must fit a usize.
Finally len must be a multiple of 2^LOG_MULTIPLE, and 2^LOG_ALIGN
must fit a usize. (If len is not a multiple of 2^LOG_MULTIPLE
then this won’t result in UB but the memory pointed to by ptr might
only be zeroized for len rounded down to a multiple 2^LOG_MULTIPLE
bytes, or the full len bytes, or anything in between, or the function
might panic.)
Provided methods
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize)
unsafe fn zeroize_mem(&self, ptr: *mut u8, len: usize)
Zeroize the memory pointed to by ptr and of size len bytes.
Shorthand for Self::zeroize_mem_blocks::<0, 0>.
This is guarantied to be not elided by the compiler.
Safety
The caller must ensure that ptr is valid for writes of len bytes,
see the std::ptr documentation. In particular this function is
not atomic.