zerodrop

Struct ZeroDrop

Source 
pub struct ZeroDrop<T>(/* private fields */)
where
    T: Copy;
Expand description

Zeroing drop wrapper type for Copy type.

Assuming T: Copy, a ZeroDrop<T> wraps a Box<T> and zeros it when dropped. We must use Box because LLVM moves data on the stack willy nilly.

let p : *const [u8; 32];
let s = zerodrop::ZeroDrop::new_copy(&[3u8; 32]);  
p = &*s;
std::mem::drop(s);
unsafe { assert_eq!(*p,[0u8; 32]); }

We recommend abstracting usage of ZeroDrop as follows because ZeroDrop does not mlock data.

type Secret<T> = ZeroDrop<T> where T: Copy+Default;

We similarly encurage wrapping ZeroDrop yourself so as to limit where and how secret data can be used in your code, including avoiding any trait magic that seems overly subtle.

struct MySecret(pub ZeroDrop<[u8; 32]>);

Implementations§

Source§

impl<T> ZeroDrop<T>
where T: Copy,

Create a ZeroDrop<T> for a T: Copy consisting of a Box<T> that will be zeroed when dropped.

Source

pub fn new_insecure(t: T) -> ZeroDrop<T>

Insecure as t likely gets placed on the stack

Source

pub fn new_box(b: Box<T>) -> ZeroDrop<T>

Use provided Box<T>

Source

pub unsafe fn new_uninitialized() -> ZeroDrop<T>

Secure but unsafe

Source

pub fn new_copy(t: &T) -> ZeroDrop<T>

Allocate box and copy data into it from reference

Source

pub unsafe fn zero_out(&mut self)

Source

pub fn new_zeroed() -> ZeroDrop<T>

Trait Implementations§

Source§

impl<T> AsMut<T> for ZeroDrop<T>
where T: Copy,

Delegate AsMut<_> to Box

Source§

fn as_mut(&mut self) -> &mut T

Converts this type into a mutable reference of the (usually inferred) input type.
Source§

impl<T> AsRef<T> for ZeroDrop<T>
where T: Copy,

Delegate AsRef<_> to Box

Source§

fn as_ref(&self) -> &T

Converts this type into a shared reference of the (usually inferred) input type.
Source§

impl<T> Borrow<T> for ZeroDrop<T>
where T: Copy,

Delegate Borrow<_> to Box

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for ZeroDrop<T>
where T: Copy,

Delegate BorrowMut<_> to Box

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> Clone for ZeroDrop<T>
where T: Copy,

Clone the underlying Box

Source§

fn clone(&self) -> ZeroDrop<T>

Returns a duplicate of the value. Read more
Source§

fn clone_from(&mut self, source: &ZeroDrop<T>)

Performs copy-assignment from source. Read more
Source§

impl<T> Debug for ZeroDrop<T>
where T: Copy + Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T> Default for ZeroDrop<T>
where T: Copy + Default,

Source§

fn default() -> ZeroDrop<T>

Returns the “default value” for a type. Read more
Source§

impl<T> Deref for ZeroDrop<T>
where T: Copy,

Delegate Deref to Box

Source§

type Target = T

The resulting type after dereferencing.
Source§

fn deref(&self) -> &T

Dereferences the value.
Source§

impl<T> DerefMut for ZeroDrop<T>
where T: Copy,

Delegate DerefMut to Box

Source§

fn deref_mut(&mut self) -> &mut T

Mutably dereferences the value.
Source§

impl<T> Drop for ZeroDrop<T>
where T: Copy,

Zero a ZeroDrop<T> when dropped.

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

§

impl<T> Freeze for ZeroDrop<T>

§

impl<T> RefUnwindSafe for ZeroDrop<T>
where T: RefUnwindSafe,

§

impl<T> Send for ZeroDrop<T>
where T: Send,

§

impl<T> Sync for ZeroDrop<T>
where T: Sync,

§

impl<T> Unpin for ZeroDrop<T>

§

impl<T> UnwindSafe for ZeroDrop<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<P, T> Receiver for P
where P: Deref<Target = T> + ?Sized, T: ?Sized,

Source§

type Target = T

🔬This is a nightly-only experimental API. (arbitrary_self_types)
The target type on which the method may be called.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.