Comments (8)
Using wasm_bindgen you could easily call a js function the problems are:
- dependencies are not supposed to call into js themselves
- you would have to supply the JS side too
from crates.
But the pro on wasm is that everything is sandboxed and belongs to the browser, so your memory is protected, but I don't know how the browser clears that memory.
from crates.
It looks like bulk memory operations (currently design phase) might be useful for this purpose: https://github.com/WebAssembly/bulk-memory-operations/blob/master/proposals/bulk-memory-operations/Overview.md
from crates.
Another approach which might work on
stable
is to directly emit the WASM necessary to perform a volatile zeroing operation. However, I have never tried that before and wouldn't really know where to start.
Does rust have any way to include things for llvm or assembly?
from crates.
so your memory is protected, but I don't know how the browser clears that memory.
My understanding of the WASM memory model in a browser context is it's TypedArray that lives in the DOM, in which case it would be very nice to ensure secrets are cleared, as otherwise they could get potentially exposed unintentionally (ala Cloudbleed / Jetleak).
Does rust have any way to include things for llvm or assembly?
LLVM intrinsics and inline ASM are only available on nightly
. But I'm already using volatile_set_memory
there.
In an ELF executable, on stable
Rust you can include assembly by first creating an object from it, then link that together with Rust code (by e.g. creating a static library and linking with it using FFI + attributes).
I know very little about Rust WASM so I have no idea what the analogous linking operation for that would be.
from crates.
Wasm is just like asm there just may be a different Syntax, but I know little about rust and asm so I can't really help there.
from crates.
FYI, I think #142 is the path forward here. I'll look into adding a wasm target to CI.
from crates.
This was fixed in #142, with CI added in #143
from crates.
Related Issues (20)
- bip32: why can't private ExtendedKey instances convert to `ExtendedPublicKeys` with `TryFrom`? HOT 2
- secrecy: how should one use `SecretBytesMut`? HOT 2
- Is it possible to get derived address from a private key generated by bip32 crate?
- Cannot clone a `SecretVec<u8>` as `u8` is not `CloneableSecret` HOT 1
- secrecy: Using the serde feature in a no-std environment
- secrecy: Add an example to deserialize a SecretString
- RUSTSEC-2021-0073: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
- zeroize 1.4.0 manifest problems HOT 3
- error: failed to download `zeroize v1.4.1` ... consider adding `cargo-features = ["resolver"]` to the manifest HOT 3
- zeroize attribute accepted on struct fields, to no effect HOT 2
- `hkd32::Error` does not implement `std::error::Error` HOT 1
- impl Default for Zeroizing (possibly guarded by DefaultIsZeroes) HOT 2
- bip32: Build breakage, possibly due to conflicting generic-array dependencies. HOT 2
- `#[zeroize(drop)]` no-op in zeroize_derive v1.1 for `enum`s HOT 2
- Please publish a patch release of zeroize_derive 1.1 that fixes #876 but keeps the MSRV constant HOT 2
- RUSTSEC-2020-0071: Potential segfault in the time crate
- Implement `Zeroize` for `NonZeroX` HOT 1
- zeroize: implement `Zeroize` for `PhantomData` HOT 3
- MSRV in bip32 README is incorrect HOT 1
- secrecy: Zeroize an serde_json::Value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crates.