Sanitization 1.1.0

sanitization v1.1.0

This release expands sanitization from fixed-size secret storage into a broader secret-lifecycle toolkit while keeping the default build no_std and dependency-free.

Added

• LockedSecretVec for dynamic-length secrets in native memory-locked mappings.
• SecretPool<N, SLOTS> for many fixed-size secrets under one locked allocation, reducing mlock/VirtualLock quota overhead.
• GuardedSecretVec dynamic guarded storage with optional locked backing.
• Canary integrity checks for locked, pooled, and guarded secrets.
• Optional OS-random canaries through random-canary.
• Explicit wasm-compat feature for reduced-guarantee WASM compatibility backends.
• No-std monotonic expiring secrets via caller-provided clocks.
• In-place secret transformation and derivation APIs for SecretBytes.
• ReadOnceSecret for secrets consumed and cleared on first access.
• Optional multi-pass volatile clear helpers.
• Runtime page-size handling for supported platform mappings.
• Optional SIMD/vector register scrubbing helpers.
• Optional x86_64 cache-line flush helpers.
• Optional x86_64 assembly-backed comparison path.
• Hardware-secret provider traits for enclave, HSM, TEE, and platform-keystore integrations.
• SplitSecretBytes<N, SHARES> N-of-N XOR split storage.
• Optional zeroize-interop and subtle-interop features.
• Optional serde loading support with redacted serialization.
• Sister crates:
  • sanitization-derive
  • sanitization-arrayvec
  • sanitization-bytes

Security and hardening

• Volatile clearing remains the default clear path.
• WASM memory-lock compatibility is now explicit with wasm-compat; native memory-lock expectations are not silently downgraded.
• SecretBytesMut in sanitization-bytes refuses implicit reallocation to avoid leaving old secret bytes in freed heap allocations.
• Register scrubbing now handles AVX-aware x86_64 paths with documented residual limits.
• Split-secret mask generation has stronger security documentation and debug checks for trivial generators.
• Documentation now covers remaining platform limits, WASM caveats, cache-flush side-channel scope, and serde ingestion caveats.

Verification

This release passed the project test matrix, clippy, Miri, Kani proofs, codegen checks, GitHub CI, and the final pentest review.

Sanitization 1.0.1

sanitization 1.0.1

Security patch release from pentest follow-up.

• Fixed SecretPool::try_allocate random-canary failure cleanup so slot bitmap release happens exactly once.
• Fixed native LockedSecretBytes<N> and GuardedSecretVec random-canary failure paths to avoid leaking locked/guarded mappings on CSPRNG failure.
• Clarified deterministic canary disclosure limits and documented the !Sync safety assumption for canary-failure clearing paths.

Sanitization 1.0.0

sanitization 1.0.0

Stable 1.0.0 release of the sanitization crate family.

This release promotes the RC line to stable, including dependency-free default volatile clearing, no_std secret containers, optional memory locking, guard pages, canary checks, random canaries, pooled locked secrets, WASM compatibility behavior, Kani harnesses, and optional derive macros through sanitization-derive.

Final fixes since rc.6:

• Documented the generic SecureSanitizeOnDrop bound requirement.
• Expanded derive test coverage for tuple structs, crate-path override, and drop-time sanitization.
• Fixed SecretPoolSlot::secure_clear() so canaries are reinitialized after clearing in native and WASM backends.

Publish sanitization-derive first, then sanitization.

Sanitization 1.0.0-rc.5

sanitization v1.0.0-rc.5

Release candidate with the latest pentest fixes and documentation updates.

Changes

• Reinitializes LockedSecretBytes canaries after secure_clear, so canary-checked locked secrets remain reusable after manual clearing.
• Requires random-canary when using canary-check on WASM, avoiding predictable deterministic canaries on targets without ASLR-backed mapping entropy.
• Retries Linux AArch64 runtime page-size auxv reads on EINTR.
• Makes the x86_64 assembly comparison accumulator contract explicit.
• Updates README, safety notes, and threat model around canary behavior, WASM limitations, and ASLR assumptions.

Verification

• Full local scripts/checks.sh passed.
• GitHub CI is green.
• Pentest follow-up is clean.

Sanitization 1.0.0-rc.4

sanitization v1.0.0-rc.4

Security hardening release candidate.

Changed

• Hardened equal-length comparison loops against optimizer-introduced short-circuiting.
• Added SecretBytes::expose_secret_volatile behind unsafe-wipe.
• Switched SecretVec and SecretString growth to exponential capacity growth.
• Improved documentation around abort behavior, best-effort clearing limits, LTO, and unsafe string wiping.

Verification

• Full local check script passed.
• Tag is signed: v1.0.0-rc.4.

Sanitization 1.0.0-rc.3

Full Changelog: v1.0.0-rc.2...v1.0.0-rc.3

Sanitization 1.0.0-rc.2

sanitization v1.0.0-rc.2

Small documentation release candidate update.

Changed

• Updated README install examples to use 1.0.0-rc.2.
• Removed stale unpublished/0.1 wording from the crates.io-facing README.
• Updated crate metadata and changelog to 1.0.0-rc.2.

No code behavior changed from v1.0.0-rc.1.

Sanitization 1.0.0-rc.1

sanitization v1.0.0-rc.1

Release candidate for downstream integration testing before the first stable release.

Highlights

• Dependency-free secret memory sanitization crate for Rust.
• #![no_std] by default.
• No unsafe code in default builds.
• Optional alloc, std, and explicit unsafe-wipe features.
• Safe clear-on-drop containers for common secret types.
• Dependency-free macros for struct sanitization without proc-macro dependencies.

Added

• SecretBytes<N> for fixed-size secret byte storage.
• Secret<T> generic clear-on-drop wrapper.
• SecretVec and SecretString behind the alloc feature.
• SecureSanitize trait for explicit clearing.
• secure_sanitize_struct! macro.
• secure_drop_struct! macro.
• Explicit unsafe_wipe module behind the unsafe-wipe feature.
• VolatileOnDrop<T> wrapper for opt-in volatile clearing.
• Examples for basic, alloc, macro, and unsafe-wipe usage.
• Threat model, safety notes, security policy, and CI defaults.

Security Notes

• Default builds forbid unsafe code.
• Volatile wiping is available only through the explicit unsafe-wipe feature.
• Equal-length comparisons avoid early exit.
• Heap-backed secret containers wipe allocation capacity where available.
• Secret debug output is redacted.

Validation

This release candidate passed the full local check script, including tests, doctests, feature combinations, clippy/check flows, and docs generation on Rust 1.90.

Intended Use

Use this release candidate through Git while testing integration:

  sanitization = { git = "https://github.com/valkyoth/sanitization-rust-crate", tag = "v1.0.0-rc.1" }