zeroize

Function zeroize_flat_type

Source
pub unsafe fn zeroize_flat_type<F: Sized>(data: *mut F)
Expand description

Zeroizes a flat type/struct. Only zeroizes the values that it owns, and it does not work on dynamically sized values or trait objects. It would be inefficient to use this function on a type that already implements ZeroizeOnDrop.

§Safety

  • The type must not contain references to outside data or dynamically sized data, such as Vec<T> or String.
  • Values stored in the type must not have Drop impls.
  • This function can invalidate the type if it is used after this function is called on it. It is advisable to call this function only in impl Drop.
  • The bit pattern of all zeroes must be valid for the data being zeroized. This may not be true for enums and pointers.

§Incompatible data types

Some data types that cannot be safely zeroized using zeroize_flat_type include, but are not limited to:

  • References: &T and &mut T
  • Non-nullable types: NonNull<T>, NonZeroU32, etc.
  • Enums with explicit non-zero tags.
  • Smart pointers and collections: Arc<T>, Box<T>, Vec<T>, HashMap<K, V>, String, etc.

§Examples

Safe usage for a struct containing strictly flat data:

use zeroize::{ZeroizeOnDrop, zeroize_flat_type};

struct DataToZeroize {
    flat_data_1: [u8; 32],
    flat_data_2: SomeMoreFlatData,
}

struct SomeMoreFlatData(u64);

impl Drop for DataToZeroize {
    fn drop(&mut self) {
        unsafe { zeroize_flat_type(self as *mut Self) }
    }
}
impl ZeroizeOnDrop for DataToZeroize {}

let mut data = DataToZeroize {
    flat_data_1: [3u8; 32],
    flat_data_2: SomeMoreFlatData(123u64)
};

// data gets zeroized when dropped