Audit Status

[drahnr]

Since this is one of the more widespread used rsa crates, it would be great if this could be audited by a third party. Are there currently any plans to do so?

[tarcieri]

I don't think anyone is planning an audit. If anyone would like to pay for one, that'd be great.

[zicklag]

According to the README for the pgp crate, rsa actually has gotten a review. If this is true then we could take that note out of the README about the lack of an audit and replace it with this statement, which would be nice. :)

rPGP and its RSA dependency got a first independent security review mid 2019.

[tarcieri]

Interesting! No one told us about it! 😉

We will soon publish the full review report.

It'd be great to know who performed the audit and have a published copy of the report so we can include it in the README.md. We've done something similar for the RustCrypto/AEAD crates:

https://github.com/RustCrypto/AEADs/tree/master/aes-gcm#security-notes

[r10s]

the RSA audit was performed by Include Security and was granted by the Open Technology Fund while supporting Delta Chat developments.

not sure if there is already a copy of the report published somewhere, but it is planned iirc :) cc @hpk42

[drahnr]

@r10s @hpk42 is there an ETA of the mentioned report?

[hpk42]

The report is already on the Delta Chat page: https://delta.chat/assets/1907-otf-deltachat-rpgp-rustrsa-gb-reportv1.pdf but we didn't get around to write a blog post about it yet, i.e. detailing what is already fixed (all the high-risk ones for sure, also the medium risk IIRC).

…

On Fri, Oct 09, 2020 at 06:11 -0700, Bernhard Schuster wrote: @r10s @hpk42 is there an ETA of the mentioned report? -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #60 (comment)

[joshbenaron]

Hey,
Has there been anymore progress/confirmation on the above issues? Have any low risk issues been fixed?

Also, is this crate still maintained?

[tarcieri]

I believe this might be it:

https://delta.chat/assets/1907-otf-deltachat-rpgp-rustrsa-gb-reportv1.pdf

[tarcieri]

The following warning is still in README.md:

⚠️ WARNING: This crate has been audited by a 3rd party, but a full blog post with the results and the updates made since the audit has not been officially released yet. See #60 for more information.

Has this information been made publicly available via a first-party site yet? (i.e. hosted by someone directly involved in the audit)

The report I linked in the previous post seems to have been uploaded to a chat service, so it'd be nice to link to something official instead.

[andrewbaxter]

In case the report disappears, it looks like there was 1 finding with this RSA library:

• key sizes are not bounded, so if a user can pass in an arbitrarily large key it could cause memory/cpu to be consumed for a very long time and lead to DOS (very rough summary)

[tarcieri]

Key sizes are now bounded unless the user explicitly opts out of that. See e.g.:

https://docs.rs/rsa/0.7.2/rsa/struct.RsaPublicKey.html#method.new

(as well as new_with_max_size and new_unchecked)