Third-Party Audit of Rustls

栏目: IT技术 · 发布时间: 4年前

内容简介:In May and June 2020, Cure53 completed an audit ofFirst off, though, Dirkjan Ochtman (of theThe

Third-party audit of rustls

In May and June 2020, Cure53 completed an audit of ring , webpki , and rustls . Their report ( PDF ) fully describes the audit, and makes for interesting reading.

First off, though, Dirkjan Ochtman (of the Quinn project) deserves a great deal of thanks for ultimately making this happen. We first discussed the possibility of an audit like this at RustFest Paris 2018. He worked with great determination for almost two years to secure a sponsor. Thanks Dirkjan!

The Cloud Native Computing Foundation (a part of the Linux Foundation) funded this audit, at the request of Buoyant who use rustls in the data plane of linkerd . So further thanks are due to Chris Aniszczyk of the Linux Foundation, and Oliver Gould of Buoyant for their support of these projects.

Finally, thanks to the staff at Cure53 for being a pleasure to work with.

Highlights

Some choice quotes:

“[..] the team of auditors considered the general code quality really good and can attest to a solid impression left consistently by all scope items”

“Both from a design point of view as from an implementation perspective the entire scope can be considered of exceptionally high standard .”

“The developer’s intent to provide a high-quality TLS implementation is very clear and this goal can be considered as achieved successfully .”

“Minor recommendations here and there are always possible for any project, but this does not change the fact that there is really not much to improve at rustls. Cure53 had the rare pleasure of being incredibly impressed with the presented software .”

Findings

There were two informational and two minor-severity findings. See the report for the full details. The discussion below reflects my opinion on these issues.

TLS-01-001 - Formally Verified Cryptography Recommendations (info)

This finding suggests ring uses formally verified cryptography implementations from the EverCrypt project. It’s hard to argue against formal verification of foundational cryptography code. It’s worth noting here that ring does already use a formally verified curve25519 implementation (from the fiat-crypto project).

TLS-01-002 - Unchecked usage of unwrap (info)

This finding relates to instances of unwrap() that were free of panics, but where it was too hard to reason that this was the case. The reasoning spanned several different modules, which itself is a readability and maintenance hazard. The code in question has been improved as a result.

TLS-01-003 - Support for Non-Contiguous Subnet Masks (low)

This finding relates to certificate name constraints expressed as a space of IP addresses as specified in RFC5280 . The RFC doesn’t specify any constraints on network masks, but it does seem sensible to disallow sparse masks.

TLS-01-004 - Data Truncation in DER Encoding Implementation (low)

This finding rightly points out a function in rustls that produces incorrect output when applied to an X.501 Name that is larger than 64KB. While that’s an exceedingly unlikely case, and the bug does not cause unsafe operation (but perhaps connection failure), the function has been corrected to produce valid output for all inputs.

Conclusion

As with other forms of software testing, ultimately a third-party audit can only show the presence of defects but not their absence. With that said, the positive feedback in the report and the low severity of these findings are certainly encouraging.


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

刷屏

刷屏

[美] 凯文•阿洛卡 / 侯奕茜、何语涵 / 中信出版社 / 2018-10-1 / 68.00

1. YouTube流行趋势经理,解密如何打造爆款视频 在视频时代,制造互动,才能创造潮流 用户不再是被动的观众,而是主动的传播者 2. 《刷屏》以行内人视角解读: 病毒视频 粉丝经济 网红产业 平台如何为内容创作者赋能 3. 你是否常常被病毒视频刷屏?你是否觉得很多网红火爆到“无法用常理解释”? 视频时代已经到来,我们每天观看网络......一起来看看 《刷屏》 这本书的介绍吧!

URL 编码/解码
URL 编码/解码

URL 编码/解码

XML、JSON 在线转换
XML、JSON 在线转换

在线XML、JSON转换工具

RGB HSV 转换
RGB HSV 转换

RGB HSV 互转工具