#buffer #libsodium #memory #sodium


Security hardened buffers for Rust based on libsodium

9 releases (4 breaking)

0.5.0 Jan 7, 2022
0.4.0 Dec 27, 2021
0.3.1 Dec 26, 2021
0.2.2 Nov 29, 2021
0.1.1 Jun 26, 2021

#705 in Cryptography

28 downloads per month


634 lines

Hard - Hardened Buffers for Rust

crates.io docs.rs

Storing sensitive data (cryptographic keys, passwords, plaintexts, etc.) can be fraught with issues. Data can be recovered from uninitialised memory, from the contents of core dumps/crash reports, or accidentally revealed via buffer overflows.

Hard attempts to provide buffer types which are hardened against these types of errors. Based on the libsodium cryptographic library, we make use of its secure memory utilities to allocate and manage the memory backing buffer types. Memory allocated using hard is placed directly at the end of a page, followed by a guard page, so any buffer overflow will immediately result in the termination of the program. A canary is placed before the allocated memory to detect modifications on free, and another guard page is placed before this. The operating system is advised not to swap the memory to disk, or include it in crash reports/core dumps. Finally, when the memory is freed, it is first securely cleared, in such a way that the compiler will not attempt to optimise away the operation.

For more information, see the docs.

Security/Vulnerability Disclosures

If you find a vulnerability in hard, please immediately contact tom25519@pm.me with details.

My age public key (preferred) is:


My PGP public key has fingerprint 0x4712EC7C9F404B14, and is available from keyserver.ubuntu.com, pgp.mit.edu, or Github.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~35K SLoC