Does the OpenSSL library allow/plan for an Rust reimplementation (possibly side-by-side for a while) of the C bits?
Seems that would be best practice - assuming the goal is make everything safe Rust.
In theory that's just copying the Rust bridge code and using that as the frontend API for a rewrite. So yes it's possible, you "just" need to rewrite the rust-openssl-sys library.
I think the hesitation there is that everyone has gotten it beaten into your head that writing new crypto libraries is dangerous. It's probably safer to use a library that has tons of eyes on it, but at some point we should do it.
Problem is that if this is not considered beforehand, one might create APIs which are very hard/tedious to replicate without the old/legacy implementation.
But maybe for openssl staying close to the original API is useful, then one could maybe put a C API on top and use it also outside Rust.
