[RustCrypto]: zeroize

Securely zero memory (a.k.a. [zeroize]) while avoiding compiler optimizations.

This crate implements a portable approach to securely zeroing memory using techniques which guarantee they won't be "optimized away" by the compiler.

The [Zeroize trait] is the crate's primary API.

[Documentation]

About

[Zeroing memory securely is hard] - compilers optimize for performance, and in doing so they love to "optimize away" unnecessary zeroing calls. There are many documented "tricks" to attempt to avoid these optimizations and ensure that a zeroing routine is performed reliably.

This crate isn't about tricks: it uses [core::ptr::write_volatile] and [core::sync::atomic] memory fences to provide easy-to-use, portable zeroing behavior which works on all of Rust's core number types and slices thereof, implemented in pure Rust with no usage of FFI or assembly.

• No insecure fallbacks!
• No dependencies!
• No FFI or inline assembly! WASM friendly (and tested)!
• #![no_std] i.e. embedded-friendly!
• No functionality besides securely zeroing memory!
• (Optional) Custom derive support for zeroing complex structures

Minimum Supported Rust Version

Rust 1.56 or newer.

In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.

License

Licensed under either of:

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.