Do Not Use ring (or rustls)

Pay-to-Play Kills Open Source Projects

August 2, 2019
fedora fedora-security cryptography rust ring rustls

Rust is a fantastic systems language. And without a runtime, it is an exciting new language for cryptography. Further, mapping existing cryptographic libraries, such as openssl and mbedtls, into the Rust landscape requires a variety of trade-offs that would not have to be made if we had native Rust cryptography. All of this makes the desire for a native Rust crypto library very high.

Enter ring. The ring project has all appearances of a serious native Rust cryptography project. It has thousands of commits over multiple years. It has a robust test framework. What could go wrong?

The ring project is now holding pull request reviews for ransom.

I’m not joking. If you file a pull request, you will be asked for money. And it isn’t the first time.

Might I also mention that ring’s implementation doesn’t use blinding during RSA signing? Nor have they merged the latest attack mitigations for pkcs1_encode() from BoringSSL. It is easy to be fast when you’re insecure.

Then there’s the fact that they don’t do security embargoes. All disclosures are zero days. Never mind the fact that GitHub gives the ability to do all this sanely.

I’m willing to work around (and patch) some of these issues. But if I can’t contribute without a shakedown, what’s the point?

Don’t use ring.

Unfortunately, this means that rustls is now stuck. They are built on top of ring and are widely used in the Rust community. So I can’t recommend rustls until ring fixes its problems.

Don’t use rustls.

comments powered by Disqus