Skip to content

Sanitization 1.2.1

Latest
Latest

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 21 Jun 17:35
v1.2.1
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
5ed3548
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

sanitization v1.2.1

Small hardening release for locked in-place fill APIs.

Added

  • In-place locked fill constructors and replacement APIs for LockedSecretBytes<N> and LockedSecretVec.
  • Capacity-based LockedSecretVec fill APIs for decoders that know a maximum output size and return the final initialized length.
  • LockedSecretVecFillError<E> for distinguishing memory-lock, fill, and length validation errors.

Hardened

  • Explicit pre-return clearing on fallible locked fill/generation error paths.
  • Pre-fill compiler fences around locked fill/generation writes.
  • Canary integrity checks before fixed-size locked replacements.
  • Release-build capacity assertions for dynamic locked and guarded storage initialization.
  • WASM compatibility backend now exposes the same fixed-size fill/replace API surface.

Validation

  • Workspace tests, clippy, docs, WASM target checks, evidence validation, leakage smoke, codegen checks, and Kani verification passed.
Assets 2
Loading
0 Join discussion