Crates.io | hard |
lib.rs | hard |
version | 0.5.0 |
source | src |
created_at | 2021-06-25 15:17:14.86193 |
updated_at | 2022-01-07 18:26:05.184261 |
description | Security hardened buffers for Rust based on libsodium |
homepage | |
repository | https://github.com/tom25519/hard |
max_upload_size | |
id | 414861 |
size | 72,080 |
Storing sensitive data (cryptographic keys, passwords, plaintexts, etc.) can be fraught with issues. Data can be recovered from uninitialised memory, from the contents of core dumps/crash reports, or accidentally revealed via buffer overflows.
Hard attempts to provide buffer types which are hardened against these types of errors. Based on the libsodium cryptographic library, we make use of its secure memory utilities to allocate and manage the memory backing buffer types. Memory allocated using hard is placed directly at the end of a page, followed by a guard page, so any buffer overflow will immediately result in the termination of the program. A canary is placed before the allocated memory to detect modifications on free, and another guard page is placed before this. The operating system is advised not to swap the memory to disk, or include it in crash reports/core dumps. Finally, when the memory is freed, it is first securely cleared, in such a way that the compiler will not attempt to optimise away the operation.
For more information, see the docs.
If you find a vulnerability in hard, please immediately contact tom25519@pm.me
with details.
My age public key (preferred) is:
age1gglesedq4m2z9kc7urjhq3zlpc6qewcwpcna7s0lwh8k2c4e6fxqf3kdvq
My PGP public key has fingerprint 0x4712EC7C9F404B14
, and is available from
keyserver.ubuntu.com,
pgp.mit.edu, or
Github.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.