[jaas]

The Rustls TLS implementation and certificate verification are all safe Rust.

The underlying cryptography is still a mix of C and asm, that's the best option we have now particularly if we want support for things that make it deployable, like FIPS. We are looking for ways to improve the safety of the underlying crypto in the future.

[pizlonator]

Is it just a perf issue, or something else?

[jaas]

I assume you're asking why the underlying crypto still needs to be written in asm. There are two primary reasons:

1. Performance

2. Defense against side channel attacks (e.g. constant time operations)

[woodruffw]

And one political reason: the existing implementation is FIPS, and FIPS validation is a gigantic pain in the rear :-)

[pizlonator]

Has anyone in this space considered adding type annotations to assembly?

It’s totally possible and it’s a thing compilers for memory safe languages sometimes have to do internally.

It wouldn’t take a lot of language engineering to make it nice. You’d end up being able to take that asm code more or less as is and annotate it with just a type proof so that Rust/Go/Fil-C can call into that shit without worrying about it blowing up your rules.

[pizlonator]

Ah, thanks, makes sense