https://github.com/1password/zeroizing-alloc

A minimal secure heap zero-on-free implementation for Rust
https://github.com/1password/zeroizing-alloc

Last synced: 4 months ago
JSON representation

A minimal secure heap zero-on-free implementation for Rust

• Host: GitHub
• URL: https://github.com/1password/zeroizing-alloc
• Owner: 1Password
• License: apache-2.0
• Created: 2024-11-22T20:37:09.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-12-01T13:13:26.000Z (7 months ago)
• Last Synced: 2026-02-11T01:36:33.025Z (5 months ago)
• Language: Rust
• Size: 11.7 KB
• Stars: 38
• Watchers: 7
• Forks: 3
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE-APACHE

Awesome Lists containing this project

README

          
## About

[![crates.io version](https://img.shields.io/crates/v/zeroizing-alloc.svg)](https://crates.io/crates/zeroizing-alloc)

[![crates.io downloads](https://img.shields.io/crates/d/zeroizing-alloc.svg)](https://crates.io/crates/zeroizing-alloc)

`zeroizing-alloc` is a proof-of-concept crate for a [Global Allocator](https://doc.rust-lang.org/std/alloc/trait.GlobalAlloc.html) in Rust that securely zeroizes all objects

upon deallocation, with a very low performance impact. It otherwise wraps the provided allocator and keeps its behavior.

### Example

To use this, you must define an allocator in your top-level binary or shared library. This looks like the following:

```rust

use zeroizing_alloc::ZeroAlloc;

#[global_allocator]

static ALLOC: ZeroAlloc = ZeroAlloc(std::alloc::System);

```

### Contributions

We believe this crate to be feature-complete for its intended use cases. While PRs are always welcome, please keep in mind that the effort to verify the 

correctness and performance of changes made may not be worthwhile when weighed against the changeset itself.

### Research

On semi-recent Apple platforms (macOS 13+, iOS/tvOS 16.1+), the default allocator in `libSystem` [started zeroizing on free() by default.](https://mjtsai.com/blog/2022/09/20/zeroing-freed-memory/). 

This functionality is better optimized and more reliable than this wrapper, so it may be preferred. However, it is possible to [disable the behavior](https://github.com/apple-oss-distributions/libmalloc/blob/ac949e88b5b5fb90bf2e051c8a73754136ff1b43/private/malloc_private.h#L99)

in a few ways depending on your threat model.

## Credits

Made with ❤️ by the [1Password](https://1password.com/) data security team.

#### License



Licensed under either of Apache License, Version

2.0 or MIT license at your option.








Unless you explicitly state otherwise, any contribution intentionally submitted

for inclusion in this crate by you, as defined in the Apache-2.0 license, shall

be dual licensed as above, without any additional terms or conditions.