2 releases
0.1.1 | Nov 29, 2021 |
---|---|
0.1.0 | Jun 4, 2021 |
#396 in Memory management
14KB
89 lines
sodium-alloc
Rust Allocator
type that allocates memory using Sodium's secure
memory utilities.
Requires nightly Rust, as the Allocator
API is not yet stable.
This library implements SodiumAllocator
, an Allocator
which uses the
sodium_malloc
and corresponding sodium_free
functions to manage memory. When managing
sensitive data in memory, there are a number of steps we can take to help harden
our software against revealing these secrets.
Sodium's sodium_malloc
implementation introduces many of these hardening steps
to the memory management process: Allocated memory is placed at the end of a
page boundary, immediately followed by a guard page (a region of memory which is
marked as inaccessible, any attempt to access it will result in termination of
the program). A canary is placed before the allocated memory, any modifications
to which are detected on free, again resulting in program termination, and a
guard page is placed before this.
sodium_mlock
is
used to instruct the operating system not to swap the memory to disk, or to
include it in core dumps.
When memory is freed with SodiumAllocator
, the sodium_free
function is
called, which will securely zero the memory before marking it as free. This
means that for types allocated with SodiumAllocator
, there is no need to
implement Zeroize
or a similar Drop
implementation to zero the memory when
no longer in use: It will automatically be zeroed when freed.
This library is not suitable for use as a general-purpose allocator or global allocator: The overhead of this API is much greater than Rust's standard allocator, and the implementation is more likely to encounter errors. It is intended for use when allocating sensitive data types only, for example, a key or password which needs to be stored in memory.
Security/Vulnerability Disclosures
If you find a vulnerability in sodium-alloc, please immediately contact
tom25519@pm.me
with details.
My age public key (preferred) is:
age1gglesedq4m2z9kc7urjhq3zlpc6qewcwpcna7s0lwh8k2c4e6fxqf3kdvq
My PGP public key has fingerprint 0x4712EC7C9F404B14
, and is available from
keyserver.ubuntu.com,
pgp.mit.edu, or
Github.
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~2–3.5MB
~27K SLoC