wolfcrypt-ring-compat

API-compatible replacement for the ring crate, backed by wolfCrypt instead of BoringSSL. Exports lib.name = "ring" so downstream code keeps use ring::... unchanged.

Why

ring is widely used by rustls, AWS SDKs, and other foundational Rust crates, but it is not FIPS 140-3 certifiable. wolfcrypt-ring-compat provides the same API surface with a FIPS-validatable backend:

• Drop-in replacement — exports lib.name = "ring", so downstream code keeps use ring::... unchanged. Swap the dependency via [patch.crates-io] and rebuild.
• FIPS 140-3 — wolfCrypt is FIPS 140-3 validated; this is the migration path if your project uses ring's API and needs a FIPS-certifiable backend (contact wolfSSL for the commercial FIPS license and validated source).
• Broad coverage — targets API parity with ring 0.17: AES-GCM, ChaCha20-Poly1305, ECDH (P-256, P-384, X25519), SHA-{1, 256, 384, 512}, HMAC, HKDF, PBKDF2, ECDSA, Ed25519, RSA PKCS#1 v1.5 and PSS, and SystemRandom.
• Single crypto stack — every algorithm above goes through wolfCrypt rather than a mix of pure-Rust and assembly backends.

Usage

[dependencies]
wolfcrypt-ring-compat = "1.16"

# Redirect transitive deps that ask for upstream `ring`:
[patch.crates-io]
ring = { package = "wolfcrypt-ring-compat", version = "1.16" }

use ring::aead::{LessSafeKey, UnboundKey, Aad, Nonce, AES_256_GCM};

let key_bytes = [0u8; 32];
let nonce_bytes = [0u8; 12];
let unbound = UnboundKey::new(&AES_256_GCM, &key_bytes)?;
let key = LessSafeKey::new(unbound);

let mut in_out = b"plaintext".to_vec();
key.seal_in_place_append_tag(
    Nonce::assume_unique_for_key(nonce_bytes),
    Aad::empty(),
    &mut in_out,
)?;

Do not pull in both ring and wolfcrypt-ring-compat in the same dependency tree. They export the same Rust library name (ring) and will collide at link time. Use the [patch.crates-io] snippet above to redirect any transitive ring dependency to this crate.

How it works

wolfssl-src              Compiles wolfSSL/wolfCrypt C source via the cc crate
      │
wolfcrypt-sys            bindgen FFI + cargo cfg flags per compiled algorithm
      │
wolfcrypt-rs             Typed Rust FFI wrapper
      │
wolfcrypt-ring-compat    ring-compatible API surface  ← this crate
                         lib.name = "ring"

The crate is organised module-for-module against upstream ring: aead, agreement, cipher, digest, ec, ed25519, hkdf, hmac, pbkdf2, rand, rsa, signature, plus io and error. Each module forwards to the corresponding wolfcrypt-rs API instead of BoringSSL.

fips and non-fips are mutually exclusive — enabling both produces a compile-time error. Additional build-time features (bindgen, prebuilt-nasm, asan, dev-tests-only, unstable) are documented in the crate-level rustdoc.

References

• ring — upstream crate this is API-compatible with
• wolfCrypt — cryptographic backend
• wolfcrypt-rs — typed Rust FFI wrapper used by every module in this crate
• wolfcrypt-sys — bindgen-generated FFI bindings
• wolfssl-src — wolfSSL C source build
• wolfcrypt-ring-testing — tests and benchmarks for this crate
• RFC 5116 — AEAD interface (AES-GCM, ChaCha20-Poly1305)
• RFC 8439 — ChaCha20 and Poly1305 for IETF protocols
• RFC 7748 — X25519 elliptic-curve Diffie-Hellman
• RFC 8032 — Ed25519 / EdDSA signatures
• RFC 6979 — Deterministic ECDSA
• RFC 8017 — RSA PKCS#1 v2.2 (signatures and OAEP)
• RFC 5869 — HKDF
• RFC 2104 — HMAC
• RFC 8018 — PBKDF2
• wolfSSL documentation
• workspace README

Copyright

Copyright (C) 2006-2026 wolfSSL Inc.

Portions of this crate are derived from ring, copyright Brian Smith and the ring contributors (ISC license), and from AWS-LibCrypto.

License

GPL-3.0-only OR LicenseRef-wolfSSL-commercial.

The underlying wolfSSL C library is licensed under GPL-3.0-or-later with a commercial option available from wolfSSL Inc.