/rust/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-webpki-0.103.3/src/lib.rs
Line | Count | Source |
1 | | // Copyright 2015 Brian Smith. |
2 | | // |
3 | | // Permission to use, copy, modify, and/or distribute this software for any |
4 | | // purpose with or without fee is hereby granted, provided that the above |
5 | | // copyright notice and this permission notice appear in all copies. |
6 | | // |
7 | | // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
8 | | // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
9 | | // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR |
10 | | // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
11 | | // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
12 | | // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
13 | | // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
14 | | |
15 | | //! webpki: Web PKI X.509 Certificate Validation. |
16 | | //! |
17 | | //! See `EndEntityCert`'s documentation for a description of the certificate |
18 | | //! processing steps necessary for a TLS connection. |
19 | | //! |
20 | | //! # Features |
21 | | //! |
22 | | //! | Feature | Description | |
23 | | //! | ------- | ----------- | |
24 | | //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. | |
25 | | //! | `std` | Enable features that require libstd. Implies `alloc`. | |
26 | | //! | `ring` | Enable use of the *ring* crate for cryptography. | |
27 | | //! | `aws-lc-rs` | Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named `aws_lc_rs`. | |
28 | | |
29 | | #![no_std] |
30 | | #![warn(elided_lifetimes_in_paths, unreachable_pub, clippy::use_self)] |
31 | | #![deny(missing_docs, clippy::as_conversions)] |
32 | | #![allow( |
33 | | clippy::len_without_is_empty, |
34 | | clippy::manual_let_else, |
35 | | clippy::new_without_default, |
36 | | clippy::single_match, |
37 | | clippy::single_match_else, |
38 | | clippy::type_complexity, |
39 | | clippy::upper_case_acronyms |
40 | | )] |
41 | | // Enable documentation for all features on docs.rs |
42 | | #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))] |
43 | | |
44 | | #[cfg(any(feature = "std", test))] |
45 | | extern crate std; |
46 | | |
47 | | #[cfg(any(test, feature = "alloc"))] |
48 | | #[cfg_attr(test, macro_use)] |
49 | | extern crate alloc; |
50 | | |
51 | | #[macro_use] |
52 | | mod der; |
53 | | |
54 | | #[cfg(feature = "aws-lc-rs")] |
55 | | mod aws_lc_rs_algs; |
56 | | mod cert; |
57 | | mod end_entity; |
58 | | mod error; |
59 | | #[cfg(feature = "ring")] |
60 | | mod ring_algs; |
61 | | mod rpk_entity; |
62 | | mod signed_data; |
63 | | mod subject_name; |
64 | | mod time; |
65 | | mod trust_anchor; |
66 | | |
67 | | mod crl; |
68 | | mod verify_cert; |
69 | | mod x509; |
70 | | |
71 | | #[cfg(test)] |
72 | | pub(crate) mod test_utils; |
73 | | |
74 | | pub use { |
75 | | cert::Cert, |
76 | | crl::{ |
77 | | BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, ExpirationPolicy, |
78 | | RevocationCheckDepth, RevocationOptions, RevocationOptionsBuilder, RevocationReason, |
79 | | UnknownStatusPolicy, |
80 | | }, |
81 | | end_entity::EndEntityCert, |
82 | | error::{DerTypeId, Error, InvalidNameContext}, |
83 | | rpk_entity::RawPublicKeyEntity, |
84 | | trust_anchor::anchor_from_trusted_cert, |
85 | | verify_cert::{KeyUsage, RequiredEkuNotFoundContext, VerifiedPath}, |
86 | | }; |
87 | | |
88 | | #[cfg(feature = "alloc")] |
89 | | pub use crl::{OwnedCertRevocationList, OwnedRevokedCert}; |
90 | | |
91 | | #[cfg(feature = "ring")] |
92 | | /// Signature verification algorithm implementations using the *ring* crypto library. |
93 | | pub mod ring { |
94 | | pub use super::ring_algs::{ |
95 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519, |
96 | | }; |
97 | | |
98 | | #[cfg(feature = "alloc")] |
99 | | pub use super::ring_algs::{ |
100 | | RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
101 | | RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
102 | | RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
103 | | RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
104 | | RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
105 | | }; |
106 | | } |
107 | | |
108 | | #[cfg(feature = "aws-lc-rs")] |
109 | | /// Signature verification algorithm implementations using the aws-lc-rs crypto library. |
110 | | pub mod aws_lc_rs { |
111 | | pub use super::aws_lc_rs_algs::{ |
112 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, |
113 | | ECDSA_P521_SHA256, ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519, |
114 | | RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
115 | | RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
116 | | RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
117 | | RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
118 | | RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
119 | | }; |
120 | | } |
121 | | |
122 | | /// An array of all the verification algorithms exported by this crate. |
123 | | /// |
124 | | /// This will be empty if the crate is built without the `ring` and `aws-lc-rs` features. |
125 | | pub static ALL_VERIFICATION_ALGS: &[&dyn pki_types::SignatureVerificationAlgorithm] = &[ |
126 | | #[cfg(feature = "ring")] |
127 | | ring::ECDSA_P256_SHA256, |
128 | | #[cfg(feature = "ring")] |
129 | | ring::ECDSA_P256_SHA384, |
130 | | #[cfg(feature = "ring")] |
131 | | ring::ECDSA_P384_SHA256, |
132 | | #[cfg(feature = "ring")] |
133 | | ring::ECDSA_P384_SHA384, |
134 | | #[cfg(feature = "ring")] |
135 | | ring::ED25519, |
136 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
137 | | ring::RSA_PKCS1_2048_8192_SHA256, |
138 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
139 | | ring::RSA_PKCS1_2048_8192_SHA384, |
140 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
141 | | ring::RSA_PKCS1_2048_8192_SHA512, |
142 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
143 | | ring::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
144 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
145 | | ring::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
146 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
147 | | ring::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
148 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
149 | | ring::RSA_PKCS1_3072_8192_SHA384, |
150 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
151 | | ring::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
152 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
153 | | ring::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
154 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
155 | | ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
156 | | #[cfg(feature = "aws-lc-rs")] |
157 | | aws_lc_rs::ECDSA_P256_SHA256, |
158 | | #[cfg(feature = "aws-lc-rs")] |
159 | | aws_lc_rs::ECDSA_P256_SHA384, |
160 | | #[cfg(feature = "aws-lc-rs")] |
161 | | aws_lc_rs::ECDSA_P384_SHA256, |
162 | | #[cfg(feature = "aws-lc-rs")] |
163 | | aws_lc_rs::ECDSA_P384_SHA384, |
164 | | #[cfg(feature = "aws-lc-rs")] |
165 | | aws_lc_rs::ECDSA_P521_SHA256, |
166 | | #[cfg(feature = "aws-lc-rs")] |
167 | | aws_lc_rs::ECDSA_P521_SHA384, |
168 | | #[cfg(feature = "aws-lc-rs")] |
169 | | aws_lc_rs::ECDSA_P521_SHA512, |
170 | | #[cfg(feature = "aws-lc-rs")] |
171 | | aws_lc_rs::ED25519, |
172 | | #[cfg(feature = "aws-lc-rs")] |
173 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA256, |
174 | | #[cfg(feature = "aws-lc-rs")] |
175 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA384, |
176 | | #[cfg(feature = "aws-lc-rs")] |
177 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA512, |
178 | | #[cfg(feature = "aws-lc-rs")] |
179 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
180 | | #[cfg(feature = "aws-lc-rs")] |
181 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
182 | | #[cfg(feature = "aws-lc-rs")] |
183 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
184 | | #[cfg(feature = "aws-lc-rs")] |
185 | | aws_lc_rs::RSA_PKCS1_3072_8192_SHA384, |
186 | | #[cfg(feature = "aws-lc-rs")] |
187 | | aws_lc_rs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
188 | | #[cfg(feature = "aws-lc-rs")] |
189 | | aws_lc_rs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
190 | | #[cfg(feature = "aws-lc-rs")] |
191 | | aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
192 | | ]; |
193 | | |
194 | 0 | fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool { |
195 | 0 | a.as_slice_less_safe() == b.as_slice_less_safe() |
196 | 0 | } |