/rust/registry/src/index.crates.io-6f17d22bba15001f/rustls-webpki-0.102.8/src/lib.rs
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2015 Brian Smith. |
2 | | // |
3 | | // Permission to use, copy, modify, and/or distribute this software for any |
4 | | // purpose with or without fee is hereby granted, provided that the above |
5 | | // copyright notice and this permission notice appear in all copies. |
6 | | // |
7 | | // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
8 | | // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
9 | | // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR |
10 | | // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
11 | | // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
12 | | // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
13 | | // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
14 | | |
15 | | //! webpki: Web PKI X.509 Certificate Validation. |
16 | | //! |
17 | | //! See `EndEntityCert`'s documentation for a description of the certificate |
18 | | //! processing steps necessary for a TLS connection. |
19 | | //! |
20 | | //! # Features |
21 | | //! |
22 | | //! | Feature | Description | |
23 | | //! | ------- | ----------- | |
24 | | //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. | |
25 | | //! | `std` | Enable features that require libstd. Implies `alloc`. | |
26 | | //! | `ring` | Enable use of the *ring* crate for cryptography. | |
27 | | //! | `aws_lc_rs` | Enable use of the aws-lc-rs crate for cryptography. | |
28 | | |
29 | | #![no_std] |
30 | | #![warn(elided_lifetimes_in_paths, unreachable_pub, clippy::use_self)] |
31 | | #![deny(missing_docs, clippy::as_conversions)] |
32 | | #![allow( |
33 | | clippy::len_without_is_empty, |
34 | | clippy::new_without_default, |
35 | | clippy::single_match, |
36 | | clippy::single_match_else, |
37 | | clippy::type_complexity, |
38 | | clippy::upper_case_acronyms |
39 | | )] |
40 | | // Enable documentation for all features on docs.rs |
41 | | #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))] |
42 | | |
43 | | #[cfg(any(feature = "std", test))] |
44 | | extern crate std; |
45 | | |
46 | | #[cfg(any(test, feature = "alloc"))] |
47 | | #[cfg_attr(test, macro_use)] |
48 | | extern crate alloc; |
49 | | |
50 | | #[macro_use] |
51 | | mod der; |
52 | | |
53 | | #[cfg(feature = "aws_lc_rs")] |
54 | | mod aws_lc_rs_algs; |
55 | | mod cert; |
56 | | mod end_entity; |
57 | | mod error; |
58 | | #[cfg(feature = "ring")] |
59 | | mod ring_algs; |
60 | | mod rpk_entity; |
61 | | mod signed_data; |
62 | | mod subject_name; |
63 | | mod time; |
64 | | mod trust_anchor; |
65 | | |
66 | | mod crl; |
67 | | mod verify_cert; |
68 | | mod x509; |
69 | | |
70 | | #[cfg(test)] |
71 | | pub(crate) mod test_utils; |
72 | | |
73 | | pub use { |
74 | | cert::Cert, |
75 | | crl::{ |
76 | | BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, ExpirationPolicy, |
77 | | RevocationCheckDepth, RevocationOptions, RevocationOptionsBuilder, RevocationReason, |
78 | | UnknownStatusPolicy, |
79 | | }, |
80 | | end_entity::EndEntityCert, |
81 | | error::{DerTypeId, Error}, |
82 | | rpk_entity::RawPublicKeyEntity, |
83 | | signed_data::alg_id, |
84 | | trust_anchor::anchor_from_trusted_cert, |
85 | | verify_cert::KeyUsage, |
86 | | verify_cert::VerifiedPath, |
87 | | }; |
88 | | |
89 | | pub use pki_types as types; |
90 | | |
91 | | #[cfg(feature = "alloc")] |
92 | | pub use crl::{OwnedCertRevocationList, OwnedRevokedCert}; |
93 | | |
94 | | #[cfg(feature = "ring")] |
95 | | /// Signature verification algorithm implementations using the *ring* crypto library. |
96 | | pub mod ring { |
97 | | pub use super::ring_algs::{ |
98 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519, |
99 | | }; |
100 | | |
101 | | #[cfg(feature = "alloc")] |
102 | | pub use super::ring_algs::{ |
103 | | RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, |
104 | | RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
105 | | RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
106 | | }; |
107 | | } |
108 | | |
109 | | #[cfg(feature = "aws_lc_rs")] |
110 | | /// Signature verification algorithm implementations using the aws-lc-rs crypto library. |
111 | | pub mod aws_lc_rs { |
112 | | pub use super::aws_lc_rs_algs::{ |
113 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, |
114 | | ECDSA_P521_SHA256, ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519, |
115 | | RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, |
116 | | RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
117 | | RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
118 | | }; |
119 | | } |
120 | | |
121 | | /// An array of all the verification algorithms exported by this crate. |
122 | | /// |
123 | | /// This will be empty if the crate is built without the `ring` and `aws_lc_rs` features. |
124 | | pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm] = &[ |
125 | | #[cfg(feature = "ring")] |
126 | | ring::ECDSA_P256_SHA256, |
127 | | #[cfg(feature = "ring")] |
128 | | ring::ECDSA_P256_SHA384, |
129 | | #[cfg(feature = "ring")] |
130 | | ring::ECDSA_P384_SHA256, |
131 | | #[cfg(feature = "ring")] |
132 | | ring::ECDSA_P384_SHA384, |
133 | | #[cfg(feature = "ring")] |
134 | | ring::ED25519, |
135 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
136 | | ring::RSA_PKCS1_2048_8192_SHA256, |
137 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
138 | | ring::RSA_PKCS1_2048_8192_SHA384, |
139 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
140 | | ring::RSA_PKCS1_2048_8192_SHA512, |
141 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
142 | | ring::RSA_PKCS1_3072_8192_SHA384, |
143 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
144 | | ring::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
145 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
146 | | ring::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
147 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
148 | | ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
149 | | #[cfg(feature = "aws_lc_rs")] |
150 | | aws_lc_rs::ECDSA_P256_SHA256, |
151 | | #[cfg(feature = "aws_lc_rs")] |
152 | | aws_lc_rs::ECDSA_P256_SHA384, |
153 | | #[cfg(feature = "aws_lc_rs")] |
154 | | aws_lc_rs::ECDSA_P384_SHA256, |
155 | | #[cfg(feature = "aws_lc_rs")] |
156 | | aws_lc_rs::ECDSA_P384_SHA384, |
157 | | #[cfg(feature = "aws_lc_rs")] |
158 | | aws_lc_rs::ECDSA_P521_SHA256, |
159 | | #[cfg(feature = "aws_lc_rs")] |
160 | | aws_lc_rs::ECDSA_P521_SHA384, |
161 | | #[cfg(feature = "aws_lc_rs")] |
162 | | aws_lc_rs::ECDSA_P521_SHA512, |
163 | | #[cfg(feature = "aws_lc_rs")] |
164 | | aws_lc_rs::ED25519, |
165 | | #[cfg(feature = "aws_lc_rs")] |
166 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA256, |
167 | | #[cfg(feature = "aws_lc_rs")] |
168 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA384, |
169 | | #[cfg(feature = "aws_lc_rs")] |
170 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA512, |
171 | | #[cfg(feature = "aws_lc_rs")] |
172 | | aws_lc_rs::RSA_PKCS1_3072_8192_SHA384, |
173 | | #[cfg(feature = "aws_lc_rs")] |
174 | | aws_lc_rs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
175 | | #[cfg(feature = "aws_lc_rs")] |
176 | | aws_lc_rs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
177 | | #[cfg(feature = "aws_lc_rs")] |
178 | | aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
179 | | ]; |
180 | | |
181 | 0 | fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool { |
182 | 0 | a.as_slice_less_safe() == b.as_slice_less_safe() |
183 | 0 | } |