Scenario: OpenSSL in D language, pros/cons

Etienne via Digitalmars-d digitalmars-d at puremagic.com
Mon May 5 07:59:12 PDT 2014


On 2014-05-04 4:34 AM, Daniele M. wrote:
> I have read this excellent article by David A. Wheeler:
>
> http://www.dwheeler.com/essays/heartbleed.html
>
> And since D language was not there, I mentioned it to him as a possible
> good candidate due to its static typing and related features.
>
> However, now I am asking the community here: would a D implementation
> (with GC disabled) of OpenSSL have been free from Heartbleed-type
> vulnerabilities? Specifically
> http://cwe.mitre.org/data/definitions/126.html and
> http://cwe.mitre.org/data/definitions/20.html as David mentions.
>
> I find this perspective very interesting, please advise :)

I'm currently working on a TLS library using only D. I've shared the 
ASN.1 parser here: https://github.com/globecsys/asn1.d

The ASN.1 format allows me to compile the data structures to D from the 
tls.asn1 in the repo I linked to. It uses the equivalent of D template 
structures extensively with what's called an Information Object Class.

Obviously, when it's done I need a DER serializer/deserializer which I 
intend on editing MsgPackD, and then I can do a handshake (read a ASN.1 
certificate) and encrypt/decrypt AES/RSA using the certificate 
information and this cryptography library: 
https://github.com/apartridge/crypto .

I've never expected any help so I'm not sure what the licensing will be. 
I'm currently working on the generation step for the ASN.1 to D 
compiler, it's very fun to make a compiler in D.


More information about the Digitalmars-d mailing list