[weinzierl]

rustls is there. It has TLS in the name, it is good and there is a C FFI wrapper.

[gspr]

Rustls still outsources cryptographic primitives. I believe the currently supported providers of those are… drumroll… AWS-LC and Ring. The latter is a fork of BoringSSL. The article describes AWS-LC and BoringSSL as "Googled and Amazoned to death; they don't care about anyone but their own use cases".

The state of things sucks :-(

[tialaramex]

The primitives aren't a problem. You can't write them in any vaguely modern high level language. And when I say "High level" I mean that the way K&R does when they describe their new C programming language as high level. The reason you can't write cryptographic primitives in a high level language is that optimising compilers love clever tricks which offer data dependent performance, across every layer of their design - but in cryptography we want constant execution time regardless of either the plaintext or keys used.

The problem with OpenSSL isn't these cryptographic primitives, that's why you will see basically the same primitives re-used in lots of different places. It's like finding out that the guy who was just arrested for murder also eats pizza. Yeah, people do that. The problem wasn't the pizza, it was the murder. OpenSSL's implementation of the AES cipher isn't broken, the problem is elsewhere.

[PunchyHamster]

The author also doesn't specify what that even means and what problems it causes

[yencabulator]

You might like https://github.com/ctz/graviola/

Also, even if rustls is using aws-lc-rs, you still get the TLS parts from the rustls project, and aws-lc-rs is just lower-level crypto. That means there's less places for Amazon to say no; they either implement an algorithm or don't.

[koakuma-chan]

there is https://github.com/RustCrypto/rustls-rustcrypto fwiw

[gspr]

It's a great effort, but it's far from usable:

> USE THIS AT YOUR OWN RISK! DO NOT USE THIS IN PRODUCTION

[LoganDark]

What? Ring is not even close to a fork of BoringSSL; it merely borrows subroutines from BoringSSL.

[gspr]

Ok, maybe not a fork outright. But the project description says: Most of the C and assembly language code in ring comes from BoringSSL.

[toast0]

That's the proper way to use OpenSSL and derivatives. Their C and assembly code for crypto primatives is good.

Protocol code and x.509 certficate handling will probably be better written in another language.

[dwedge]

A c wrapper to rust feels like we've gone full circle

[pocksuppet]

That would be amazing and really cement the proven value of Rust.

[tialaramex]

There's even a project for a deliberately OpenSSL drop-in compatible Rustls backed library. It is intended for specific projects because OpenSSL is sprawling and they don't implement most if it, but in principle if you use the same parts of OpenSSL your C likely works with this safer + faster alternative today, why not recommend it to your users.

https://github.com/rustls/rustls-openssl-compat

[koakuma-chan]

rustls doesn't have its own implementation of cryptography, you have to choose a provider like openssl or aws lc

[brianpane]

There is a rustls side project called Graviola that's building a fast crypto provider in Rust+ASM. It's taken an interesting approach: starting with an assembly library that's been formally proven correct, and then programmatically translating that into Rust with inline assembly that's easy to build with Rust tooling.

[SAI_Peregrinus]

Or rustcrypto. Rustls is a TLS layer that can wrap any cryptography layer providing the necessary primitives.