|
1 | 1 | #![no_std] |
2 | 2 | #![cfg_attr(docsrs, feature(doc_cfg))] |
| 3 | +#![doc = include_str!("../README.md")] |
3 | 4 | #![doc( |
4 | 5 | html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", |
5 | 6 | html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" |
6 | 7 | )] |
7 | | -#![allow(clippy::undocumented_unsafe_blocks)] // TODO(tarcieri): document all unsafe blocks |
| 8 | +#![allow(clippy::undocumented_unsafe_blocks, reason = "TODO")] |
8 | 9 |
|
9 | | -//! Securely zero memory with a simple trait ([`Zeroize`]) built on stable Rust |
10 | | -//! primitives which guarantee the operation will not be "optimized away". |
11 | | -//! |
12 | | -//! ## About |
13 | | -//! |
14 | | -//! [Zeroing memory securely is hard] - compilers optimize for performance, and |
15 | | -//! in doing so they love to "optimize away" unnecessary zeroing calls. There are |
16 | | -//! many documented "tricks" to attempt to avoid these optimizations and ensure |
17 | | -//! that a zeroing routine is performed reliably. |
18 | | -//! |
19 | | -//! This crate isn't about tricks: it uses [`core::ptr::write_volatile`] |
20 | | -//! and [`core::sync::atomic`] memory fences to provide easy-to-use, portable |
21 | | -//! zeroing behavior which works on all of Rust's core number types and slices |
22 | | -//! thereof, implemented in pure Rust with no usage of FFI or assembly. |
23 | | -//! |
24 | | -//! - No insecure fallbacks! |
25 | | -//! - No dependencies! |
26 | | -//! - No FFI or inline assembly! **WASM friendly** (and tested)! |
27 | | -//! - `#![no_std]` i.e. **embedded-friendly**! |
28 | | -//! - No functionality besides securely zeroing memory! |
29 | | -//! - (Optional) Custom derive support for zeroing complex structures |
30 | | -//! |
31 | | -//! ## Minimum Supported Rust Version |
32 | | -//! |
33 | | -//! Requires Rust **1.85** or newer. |
34 | | -//! |
35 | | -//! In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's |
36 | | -//! semantic versioning guarantees). |
37 | | -//! |
38 | | -//! ## Usage |
39 | | -//! |
40 | | -//! ``` |
41 | | -//! use zeroize::Zeroize; |
42 | | -//! |
43 | | -//! // Protip: don't embed secrets in your source code. |
44 | | -//! // This is just an example. |
45 | | -//! let mut secret = b"Air shield password: 1,2,3,4,5".to_vec(); |
46 | | -//! // [ ... ] open the air shield here |
47 | | -//! |
48 | | -//! // Now that we're done using the secret, zero it out. |
49 | | -//! secret.zeroize(); |
50 | | -//! ``` |
| 10 | +//! ## Supported types |
51 | 11 | //! |
52 | 12 | //! The [`Zeroize`] trait is impl'd on all of Rust's core scalar types including |
53 | 13 | //! integers, floats, `bool`, and `char`. |
@@ -628,7 +588,7 @@ impl Zeroize for CString { |
628 | 588 | /// `Zeroizing` is a wrapper for any `Z: Zeroize` type which implements a |
629 | 589 | /// `Drop` handler which zeroizes dropped values. |
630 | 590 | /// |
631 | | -/// Zeroizing<T> is defined with `repr(transparent)`, which means it is |
| 591 | +/// `Zeroizing<T>` is defined with `repr(transparent)`, which means it is |
632 | 592 | /// guaranteed to have the same physical representation as the underlying type. |
633 | 593 | #[derive(Debug, Default, Eq, PartialEq)] |
634 | 594 | #[repr(transparent)] |
|
0 commit comments