Orion 0.13 released - An update on some pure-Rust crypto

orion is a crypto library written in pure Rust, which tries to minimize the use of unsafe code.

It's been about four months since I last posted an update (at least on /r/rust), about orion. A decent amount of time and energy has been put into trying to improve it since then. An overview of some important updates:

  • Support added for: Poly1305, ChaCha20Poly1305, XChaCha20, XChaCha20Poly1305, BLAKE2b and SHA512.
  • Various bugfixes, including one security-related logicbug, which was a result of my inexperience.
  • The entire high-level interface was redesigned, integrating newtypes with opaque Debug and various other beneficial trait implementations.
  • Major improvements to the documentation and a wiki going over things like design, dependencies, security and testing-suite.
  • Error propagation improvements (before virtually non-existent).
  • Improvements to: performance, benchmarking, testing (generally overall and additionally with quickcheck).
  • AddressSanitizer and LeakSanitizer in CI.
  • Improvements to fuzzing with both cargo-fuzz and honggfuzz-rs.
  • 3 dependencies dropped, drastically reducing the amount of unsafe code in the dependencies.

If anybody has anything they think could be improved, don't hesitate to say so! I'm open to suggestions and greatly appreciate any and all feedback.

4 Likes

Right now there is no unsafe code at all. Is there "a plan" to change that? Otherwise I would change the text to

which has no unsafe code at all

or similar :slight_smile:

It’s true that orion itself does not use any unsafe code, some of its dependencies do however. Even if orion had no dependencies that relied on unsafe code, there would still be indirect use of it through the standard library. That would then also apply to any potential dependencies. This is why I have worded it as trying to minimize the use of it.

Although it's correct, I would not say that the usage of unsafe code in the stdlib means, that your code uses unsafe code. Yes.... but meh. Every code in Rust does in that respect.

I get where you're coming from, and I don't expect other people to do so. My point was just that, some of the different ways to word it, can quickly be interpreted as false claims. Truly using no unsafe code at all (or even none outside of stdlib) seems, at least right now, as an unreasonable goal for a library such as orion.