Allow VaultWarden to use something other than ring/BoringSSL?

Hi, I’ve been working to integrate rust-lang into the OpenWrt build system. One of the test projects I build to validate an arch target is Vaultwarden. Someone had asked for it and it looked to be a stable and maintained project!

This isn’t so much as a request for help (unless I missed/overlooked something) as much as a head’s up. I found that BigEndian archs can’t run vaultwarden due to the inclusion of the ring crate. The ring crate uses BoringSSL which doesn’t support BigEndian archs.(ring/base.h at main · briansmith/ring · GitHub)

Unless I missed a way to have vaultwarden use something other than ring, there really isn’t anything actionable, I just figured I’d let someone here know what I found after I dug into it :slight_smile:

Seems to build fine for various arm archs (aarch64, armv7, armv6, etc) and mipsel should be fine although I’ve not tested it yet.

Thx for the hard work!

Using something else then ring is not that easy since ring is used by jsonwebtoken but also by rocket, which is one of the main library of Vaultwarden.

I’m not sure if a current master/main branch of ring could work if that made some changes to support your platform. But, I’m not sure from the top of my head that a newer version will work correctly with the other dependants.

So, even if we would remove our dependency to ring it self within our code, it is still there via other crates.

1 Like

nod Again, I don’t think this is actually actionable by the vaultwarden team. It’s more of a “Hey, just letting you know it doesn’t work for BE SOCs and here’s why” :slight_smile: I didn’t see anything in the documentation about not using ring, but I figured I’d ask.

If nothing else, gives you all an idea if someone shows up with a mips/mips64/etc BE platform.

This isn’t really even a ring crate issue, as the underlying cause is BoringSSL not returning the same values LE vs BE. So, it’s a BoringSSL issue and ring just happens to use it, which (as you pointed out) is used by several crates in vaultwarden. Ah well. Once I get things finalized, at least some/most OpenWrt devices will be able to use vaultwarden if they choose to.

1 Like