I wonder what motivation there was to write mozilla::pkix in (old-style) C++ — with the number of memory access bugs, why not use Rust?
-
-
Replying to @gsnedders
@gsnedders 2. Except for parts that are delegated to NSS, mozilla::pkix exclusively uses bounds-checked buffers (class Input) for all input.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ 2. Everything being compile-time checked still seems better; 3. Rust's unmangled libraries would work fine, no?2 replies 0 retweets 0 likes -
Replying to @gsnedders
@gsnedders RE 2: I'm very confident about memory safety in mozilla::pkix modulo NSS. We're only missing compiler-checked borrowed pointers.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ RE2: Yeah, quite possibly more a theoretical concern than a practical one in this case. Still, "modulo NSS" is plenty!1 reply 0 retweets 0 likes
@gsnedders Most uses of NSS can/will be removed over time. Then almost all (uint8_t*, size_t) will be replaced with mozilla::der::Input&.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.