moved to zeroize_stack

Author: nstilt1

Cargo.lock

@@ -14,7 +14,8 @@ members = [
     "opaque-debug",
     "wycheproof2blb",
     "zeroize",
-    "zeroize_derive"
+    "zeroize_derive",
+    "zeroize_stack"
 ]
 exclude = ["aarch64-dit"]
 

Cargo.toml

@@ -19,14 +19,12 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-psm = { version = "0.1.26", optional = true }
 serde = { version = "1.0", default-features = false, optional = true }
 zeroize_derive = { version = "1.4", path = "../zeroize_derive", optional = true }
 
 [features]
 default = ["alloc"]
 alloc = []
-stack_sanitization = ["psm"]
 std = ["alloc"]
 
 aarch64 = [] # NOTE: vestigial no-op feature; AArch64 support is always enabled now

zeroize/Cargo.toml

@@ -250,15 +250,6 @@ mod aarch64;
 #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
 mod x86;
 
-#[cfg(feature = "stack_sanitization")]
-mod stack_sanitization;
-
-#[cfg(feature = "stack_sanitization")]
-pub use stack_sanitization::secure_crypto_call_heap;
-
-#[cfg(all(feature = "stack_sanitization", feature = "alloc"))]
-pub use stack_sanitization::create_aligned_vec;
-
 use core::{
     marker::{PhantomData, PhantomPinned},
     mem::{MaybeUninit, size_of},

zeroize/src/lib.rs

@@ -1,9 +1,9 @@
 [package]
-name = "stack_sanitizer"
+name = "zeroize_stack"
 version = "0.1.0"
 description = """
-Securely sanitize the stack with a simple function built on
-the Portable Stack Manipulation (psm) crate.
+Securely zeroize the stack with a simple function built on
+the Portable Stack Manipulation (psm) crate and zeroize crate.
 """
 authors = ["The RustCrypto Project Developers"]
 license = "Apache-2.0 OR MIT"
@@ -16,7 +16,7 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-psm = { version = "0.1.26", optional = true }
+psm = "0.1.26"
 zeroize = { version = "1.0" }
 
 [features]

zeroize/src/stack_sanitization.rs

@@ -1,4 +1,4 @@
-# [RustCrypto]: stack_sanitizer
+# [RustCrypto]: zeroize_stack
 
 [![Crate][crate-image]][crate-link]
 [![Docs][docs-image]][docs-link]
@@ -21,9 +21,9 @@ as make extra copies of data on the stack that cannot be easily zeroed. That's
 what this crate is for.
 
 This crate isn't about tricks: it uses [psm::on_stack] to run a function on 
-a portable stack, and then uses [zeroize] to zero the stack. `psm` implements
-all of the assembly for several different architectures, whereas the [zeroize]
-segment was implemented in pure Rust.
+a portable stack, and then uses [zeroize] to zero that stack. `psm` implements
+all of the assembly for several different architectures, and the [zeroize]
+portion of the task was implemented in pure Rust.
 
 - `#![no_std]` i.e. **embedded-friendly**! (`alloc` is required)
 - No functionality besides securely zeroing the a function's stack usage!

zeroize/tests/stack_sanitization.rs

@@ -1,4 +1,4 @@
-//! # stack_bleach
+//! # zeroize_stack
 //!
 //! A crate for sanitizing stack memory after sensitive operations—sometimes referred to as _Stack Bleaching_.
 //!
@@ -47,9 +47,9 @@ extern crate alloc;
 
 use alloc::{vec, vec::Vec};
 
-/// Executes a function/closure and clears the function's stack frames by using
+/// Executes a function/closure and clears the function's stack by using
 /// preallocated space on the heap as the function's stack, and then zeroing
-/// that allocated data once the code has ran.
+/// that allocated space once the code has ran.
 ///
 /// This function does not clear the CPU registers.
 ///
@@ -58,7 +58,7 @@ use alloc::{vec, vec::Vec};
 /// * `stack_size_kb` - how large the stack will be. `psm` recommends at least
 /// `4 KB` of stack size, but the total size cannot overflow an `isize`. Also,
 /// some architectures might consume more memory in the stack, such as SPARC.
-/// * `crypto_fn` - the code to run while on separate stack.
+/// * `crypto_fn` - the code to run while on the separate stack.
 ///
 /// # Safety
 ///

stack_sanitizer/Cargo.toml renamed to zeroize_stack/Cargo.toml

@@ -1,8 +1,9 @@
 //! Stack sanitization integration tests
 
 mod stack_sanitization_tests {
-    use stack_sanitizer::exec_on_sanitized_stack;
+    use zeroize_stack::exec_on_sanitized_stack;
 
+    #[inline(never)]
     fn dummy_fn() -> (*const u8, u64) {
         let temporary_data = 42;
         let ptr = temporary_data as *const u8;
@@ -13,7 +14,8 @@ mod stack_sanitization_tests {
     fn stack_sanitization_v2() {
         let result = unsafe { exec_on_sanitized_stack(4, || dummy_fn()) };
         assert_eq!(result.1, 12345);
-        // results in segmentation fault
+        // results in segmentation fault, which is somewhat normal... just wanted
+        // to try it
         // assert_eq!(unsafe {*result.0}, 42);
     }
 }