Pure Rust implementation of libsodium/utils

[oblique]

There is crate called memsec which is a pure Rust implementation of libsodium/utils.

Maybe we can replace libsodium entirely? I'm willing to open a PR.

[stouset]

I'm definitely interested, but it's not something I'd want to pull the trigger on without some consideration. I can't imagine it doesn't include unsafe code (e.g., to call things like mprotect), so I'd have to weigh the pros/cons of switching to a library that's newer, less battle-tested, and maintained by someone whose track record in security-sensitive systems I'm unaware of.

[oblique]

Yes it uses unsafe. In fact they are just unsafe functions without any extra abstraction. The good part is that the code is not that big, so you can evaluate it.

[stouset]

There's a bit of benefit here in that we don't have to provide any libsodium bindings, but I'm a bit on the fence as to whether or not that warrants switching to a dependency that I have audit every time there's an update. I'll give it some consideration.

[neersighted]

There is one more option now in region.rs. No more unsafe (as any manual twiddling of virtual memory APIs will be), but also more active and more readable: https://github.com/darfink/region-rs

[stouset]

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

[neersighted]

This doesn't really remove unsafe, it just kicks the can to the region-rs crate which itself uses unsafe to call operating system APIs like mprotect.

Err, I meant unsafe in general, not specifically the Rust keyword. "No additional unsafe" might have been better phrasing.

[jymchng]

memsec can be a good consideration as right now secrets does not have a #![no_std] implementation which is quite sad as I am looking at interoperating with my sosecrets-rs crate.

[stouset]

I’m happy to add no_std support.