Secure memset in pure stable Rust?


#1

When dealing with keys and other sensitive information you often want to be sure what zeroing will not be optimized by compiler. Is there a way to do it reliably in pure stable Rust without relying on C bindings?


#2

use std::ptr::write_volatile,or use memsec :smiley:


#3

Thank you! write_volatile and memsec is that I need. But I need a no_std capability, but it looks like it can be easily added to your crate. Small question: that practical implications of using write_volatile vs. memset_s or in case of memzero vs. explicit_bzero and RtlSecureZeroMemory? Have you tried to compare resulting assembler?

Also about memcmp, are you sure it’s guaranteed to be constant time? I thought only reliable way to do it is to write asm directly.


#4

You can use it in no_std, as long as you don’t use alloc.
I have not compared them, because I only Linux.
memcmp references libsodium/utils.