9 releases (4 breaking)
|0.5.0||Jan 7, 2022|
|0.4.0||Dec 27, 2021|
|0.3.1||Dec 26, 2021|
|0.2.2||Nov 29, 2021|
|0.1.1||Jun 26, 2021|
#705 in Cryptography
28 downloads per month
Hard - Hardened Buffers for Rust
Storing sensitive data (cryptographic keys, passwords, plaintexts, etc.) can be fraught with issues. Data can be recovered from uninitialised memory, from the contents of core dumps/crash reports, or accidentally revealed via buffer overflows.
Hard attempts to provide buffer types which are hardened against these types of errors. Based on the libsodium cryptographic library, we make use of its secure memory utilities to allocate and manage the memory backing buffer types. Memory allocated using hard is placed directly at the end of a page, followed by a guard page, so any buffer overflow will immediately result in the termination of the program. A canary is placed before the allocated memory to detect modifications on free, and another guard page is placed before this. The operating system is advised not to swap the memory to disk, or include it in crash reports/core dumps. Finally, when the memory is freed, it is first securely cleared, in such a way that the compiler will not attempt to optimise away the operation.
For more information, see the docs.
If you find a vulnerability in hard, please immediately contact
My age public key (preferred) is:
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.