zeroizing-alloc is a proof-of-concept crate for a Global Allocator in Rust that securely zeroizes all objects
upon deallocation, with a very low performance impact. It otherwise wraps the provided allocator and keeps its behavior.
To use this, you must define an allocator in your top-level binary or shared library. This looks like the following:
use zeroizing_alloc::ZeroAlloc;
#[global_allocator]
static ALLOC: ZeroAlloc<std::alloc::System> = ZeroAlloc(std::alloc::System);We believe this crate to be feature-complete for its intended use cases. While PRs are always welcome, please keep in mind that the effort to verify the correctness and performance of changes made may not be worthwhile when weighed against the changeset itself.
On semi-recent Apple platforms (macOS 13+, iOS/tvOS 16.1+), the default allocator in libSystem started zeroizing on free() by default..
This functionality is better optimized and more reliable than this wrapper, so it may be preferred. However, it is possible to disable the behavior
in a few ways depending on your threat model.
Made with ❤️ by the 1Password data security team.
Licensed under either of Apache License, Version 2.0 or MIT license at your option.Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.