Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pure Rust implementation of libsodium/utils #89

Open
oblique opened this issue Dec 17, 2020 · 8 comments
Open

Pure Rust implementation of libsodium/utils #89

oblique opened this issue Dec 17, 2020 · 8 comments

Comments

@oblique
Copy link
Contributor

oblique commented Dec 17, 2020

There is crate called memsec which is a pure Rust implementation of libsodium/utils.

Maybe we can replace libsodium entirely? I'm willing to open a PR.

@stouset
Copy link
Owner

stouset commented Dec 18, 2020

I'm definitely interested, but it's not something I'd want to pull the trigger on without some consideration. I can't imagine it doesn't include unsafe code (e.g., to call things like mprotect), so I'd have to weigh the pros/cons of switching to a library that's newer, less battle-tested, and maintained by someone whose track record in security-sensitive systems I'm unaware of.

@oblique
Copy link
Contributor Author

oblique commented Dec 18, 2020

Yes it uses unsafe. In fact they are just unsafe functions without any extra abstraction. The good part is that the code is not that big, so you can evaluate it.

@stouset
Copy link
Owner

stouset commented Dec 19, 2020

There's a bit of benefit here in that we don't have to provide any libsodium bindings, but I'm a bit on the fence as to whether or not that warrants switching to a dependency that I have audit every time there's an update. I'll give it some consideration.

@neersighted
Copy link

There is one more option now in region.rs. No more unsafe (as any manual twiddling of virtual memory APIs will be), but also more active and more readable: https://github.com/darfink/region-rs

@stouset
Copy link
Owner

stouset commented Dec 15, 2021

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

@neersighted
Copy link

neersighted commented Jan 14, 2022

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

Err, I meant unsafe in general, not specifically the Rust keyword. "No additional unsafe" might have been better phrasing.

@jymchng
Copy link

jymchng commented Nov 28, 2023

memsec can be a good consideration as right now secrets does not have a #![no_std] implementation which is quite sad as I am looking at interoperating with my sosecrets-rs crate.

@stouset
Copy link
Owner

stouset commented Nov 28, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants