Well guess I'll try making my first Zulip topic here... a place to dump info about your security-related crates
here's another one of mine: subtle-encoding: constant time hex and base64 encoders/decoders: https://github.com/iqlusioninc/crates/tree/master/subtle-encoding
this looks pretty neat https://github.com/Shnatsel/libdiffuzz
Hey! libdiffuzz author here. That thing is kind of a hack to get by without Memory Sanitizer, and will be mostly obsolete in Rust contexts once MSAN works well with Rust (but there are use cases for it elsewhere).
Also, it is a dynamic analysis tool that's only really useful when combined with a fuzzer (just like sanitizers), and does not check the program exhaustively. This is explicitly out of scope of this WG, which is more about verifying unsafe code statically or getting rid of unsafe code entirely.
As for as security-related crates, https://crates.io/crates/untrusted looks neat. I have never used it, though, so can't say if it's actually good or bad.
I like what
although I find it moderately annoying it's part of ring's public API
rather than hidden behind the scenes
I guess that gives the caller more control over allocation... still a bit obtrusive
here's a crate some of you might find interesting: https://keychain-services.rs/docs/
wrapper around the macOS Security Framework's Keychain Services
gonna try to use this for GPG and git signing
The idea being
untrusted is that you are supposed to be able to use it end-to-end without using the
as_slice_less_safe() function. That's why it's part of ring's API.
In particular, any function that takes an
untrusted::Input indicates that it is responsible for parsing and validating those untrusted inputs, so the caller doesn't have to (and in many cases, shouldn't try). This design design works well if one is using
untrusted::Input for all parsing but it works less well if one is using it only because ring requires it. For example, it worked very well in my own TLS implementation because I used
untrusted to parse TLS records and TLS handshake messages, so everything is already in
untrusted::Input form when I hand it to ring.