/rust/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-webpki-0.103.9/src/lib.rs
Line | Count | Source |
1 | | // Copyright 2015 Brian Smith. |
2 | | // |
3 | | // Permission to use, copy, modify, and/or distribute this software for any |
4 | | // purpose with or without fee is hereby granted, provided that the above |
5 | | // copyright notice and this permission notice appear in all copies. |
6 | | // |
7 | | // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
8 | | // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
9 | | // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR |
10 | | // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
11 | | // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
12 | | // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
13 | | // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
14 | | |
15 | | //! webpki: Web PKI X.509 Certificate Validation. |
16 | | //! |
17 | | //! See `EndEntityCert`'s documentation for a description of the certificate |
18 | | //! processing steps necessary for a TLS connection. |
19 | | //! |
20 | | //! # Features |
21 | | //! |
22 | | //! | Feature | Description | |
23 | | //! | ------- | ----------- | |
24 | | //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. | |
25 | | //! | `std` | Enable features that require libstd. Implies `alloc`. | |
26 | | //! | `ring` | Enable use of the *ring* crate for cryptography. | |
27 | | //! | `aws-lc-rs` | Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named `aws_lc_rs`. | |
28 | | |
29 | | #![no_std] |
30 | | #![warn( |
31 | | elided_lifetimes_in_paths, |
32 | | unnameable_types, |
33 | | unreachable_pub, |
34 | | clippy::use_self |
35 | | )] |
36 | | #![deny(missing_docs, clippy::as_conversions)] |
37 | | #![allow( |
38 | | clippy::len_without_is_empty, |
39 | | clippy::manual_let_else, |
40 | | clippy::new_without_default, |
41 | | clippy::single_match, |
42 | | clippy::single_match_else, |
43 | | clippy::type_complexity, |
44 | | clippy::upper_case_acronyms |
45 | | )] |
46 | | // Enable documentation for all features on docs.rs |
47 | | #![cfg_attr(webpki_docsrs, feature(doc_cfg))] |
48 | | |
49 | | #[cfg(any(feature = "std", test))] |
50 | | extern crate std; |
51 | | |
52 | | #[cfg(any(test, feature = "alloc"))] |
53 | | #[cfg_attr(test, macro_use)] |
54 | | extern crate alloc; |
55 | | |
56 | | #[macro_use] |
57 | | mod der; |
58 | | |
59 | | #[cfg(feature = "aws-lc-rs")] |
60 | | mod aws_lc_rs_algs; |
61 | | mod cert; |
62 | | mod end_entity; |
63 | | mod error; |
64 | | #[cfg(feature = "ring")] |
65 | | mod ring_algs; |
66 | | mod rpk_entity; |
67 | | mod signed_data; |
68 | | mod subject_name; |
69 | | mod time; |
70 | | mod trust_anchor; |
71 | | |
72 | | mod crl; |
73 | | mod verify_cert; |
74 | | mod x509; |
75 | | |
76 | | #[cfg(test)] |
77 | | pub(crate) mod test_utils; |
78 | | |
79 | | pub use { |
80 | | cert::Cert, |
81 | | crl::{ |
82 | | BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, CrlsRequired, |
83 | | ExpirationPolicy, RevocationCheckDepth, RevocationOptions, RevocationOptionsBuilder, |
84 | | RevocationReason, UnknownStatusPolicy, |
85 | | }, |
86 | | der::DerIterator, |
87 | | end_entity::EndEntityCert, |
88 | | error::{ |
89 | | DerTypeId, Error, InvalidNameContext, UnsupportedSignatureAlgorithmContext, |
90 | | UnsupportedSignatureAlgorithmForPublicKeyContext, |
91 | | }, |
92 | | rpk_entity::RawPublicKeyEntity, |
93 | | trust_anchor::anchor_from_trusted_cert, |
94 | | verify_cert::{ |
95 | | ExtendedKeyUsageValidator, IntermediateIterator, KeyPurposeId, KeyPurposeIdIter, KeyUsage, |
96 | | RequiredEkuNotFoundContext, VerifiedPath, |
97 | | }, |
98 | | }; |
99 | | |
100 | | #[cfg(feature = "alloc")] |
101 | | pub use crl::{OwnedCertRevocationList, OwnedRevokedCert}; |
102 | | |
103 | | #[cfg(feature = "ring")] |
104 | | /// Signature verification algorithm implementations using the *ring* crypto library. |
105 | | pub mod ring { |
106 | | pub use super::ring_algs::{ |
107 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519, |
108 | | }; |
109 | | |
110 | | #[cfg(feature = "alloc")] |
111 | | pub use super::ring_algs::{ |
112 | | RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
113 | | RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
114 | | RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
115 | | RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
116 | | RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
117 | | }; |
118 | | } |
119 | | |
120 | | #[cfg(feature = "aws-lc-rs")] |
121 | | /// Signature verification algorithm implementations using the aws-lc-rs crypto library. |
122 | | pub mod aws_lc_rs { |
123 | | pub use super::aws_lc_rs_algs::{ |
124 | | ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P256_SHA512, ECDSA_P384_SHA256, |
125 | | ECDSA_P384_SHA384, ECDSA_P384_SHA512, ECDSA_P521_SHA256, ECDSA_P521_SHA384, |
126 | | ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256, |
127 | | RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, RSA_PKCS1_2048_8192_SHA384, |
128 | | RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, RSA_PKCS1_2048_8192_SHA512, |
129 | | RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, RSA_PKCS1_3072_8192_SHA384, |
130 | | RSA_PSS_2048_8192_SHA256_LEGACY_KEY, RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
131 | | RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
132 | | }; |
133 | | #[cfg(all(feature = "aws-lc-rs-unstable", not(feature = "aws-lc-rs-fips")))] |
134 | | pub use super::aws_lc_rs_algs::{ML_DSA_44, ML_DSA_65, ML_DSA_87}; |
135 | | } |
136 | | |
137 | | /// An array of all the verification algorithms exported by this crate. |
138 | | /// |
139 | | /// This will be empty if the crate is built without the `ring` and `aws-lc-rs` features. |
140 | | pub static ALL_VERIFICATION_ALGS: &[&dyn pki_types::SignatureVerificationAlgorithm] = &[ |
141 | | #[cfg(feature = "ring")] |
142 | | ring::ECDSA_P256_SHA256, |
143 | | #[cfg(feature = "ring")] |
144 | | ring::ECDSA_P256_SHA384, |
145 | | #[cfg(feature = "ring")] |
146 | | ring::ECDSA_P384_SHA256, |
147 | | #[cfg(feature = "ring")] |
148 | | ring::ECDSA_P384_SHA384, |
149 | | #[cfg(feature = "ring")] |
150 | | ring::ED25519, |
151 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
152 | | ring::RSA_PKCS1_2048_8192_SHA256, |
153 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
154 | | ring::RSA_PKCS1_2048_8192_SHA384, |
155 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
156 | | ring::RSA_PKCS1_2048_8192_SHA512, |
157 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
158 | | ring::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
159 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
160 | | ring::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
161 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
162 | | ring::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
163 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
164 | | ring::RSA_PKCS1_3072_8192_SHA384, |
165 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
166 | | ring::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
167 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
168 | | ring::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
169 | | #[cfg(all(feature = "ring", feature = "alloc"))] |
170 | | ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
171 | | #[cfg(feature = "aws-lc-rs")] |
172 | | aws_lc_rs::ECDSA_P256_SHA256, |
173 | | #[cfg(feature = "aws-lc-rs")] |
174 | | aws_lc_rs::ECDSA_P256_SHA384, |
175 | | #[cfg(feature = "aws-lc-rs")] |
176 | | aws_lc_rs::ECDSA_P256_SHA512, |
177 | | #[cfg(feature = "aws-lc-rs")] |
178 | | aws_lc_rs::ECDSA_P384_SHA256, |
179 | | #[cfg(feature = "aws-lc-rs")] |
180 | | aws_lc_rs::ECDSA_P384_SHA384, |
181 | | #[cfg(feature = "aws-lc-rs")] |
182 | | aws_lc_rs::ECDSA_P384_SHA512, |
183 | | #[cfg(feature = "aws-lc-rs")] |
184 | | aws_lc_rs::ECDSA_P521_SHA256, |
185 | | #[cfg(feature = "aws-lc-rs")] |
186 | | aws_lc_rs::ECDSA_P521_SHA384, |
187 | | #[cfg(feature = "aws-lc-rs")] |
188 | | aws_lc_rs::ECDSA_P521_SHA512, |
189 | | #[cfg(feature = "aws-lc-rs")] |
190 | | aws_lc_rs::ED25519, |
191 | | #[cfg(feature = "aws-lc-rs")] |
192 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA256, |
193 | | #[cfg(feature = "aws-lc-rs")] |
194 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA384, |
195 | | #[cfg(feature = "aws-lc-rs")] |
196 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA512, |
197 | | #[cfg(feature = "aws-lc-rs")] |
198 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, |
199 | | #[cfg(feature = "aws-lc-rs")] |
200 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, |
201 | | #[cfg(feature = "aws-lc-rs")] |
202 | | aws_lc_rs::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, |
203 | | #[cfg(feature = "aws-lc-rs")] |
204 | | aws_lc_rs::RSA_PKCS1_3072_8192_SHA384, |
205 | | #[cfg(feature = "aws-lc-rs")] |
206 | | aws_lc_rs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
207 | | #[cfg(feature = "aws-lc-rs")] |
208 | | aws_lc_rs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, |
209 | | #[cfg(feature = "aws-lc-rs")] |
210 | | aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
211 | | #[cfg(all(feature = "aws-lc-rs-unstable", not(feature = "aws-lc-rs-fips")))] |
212 | | aws_lc_rs::ML_DSA_44, |
213 | | #[cfg(all(feature = "aws-lc-rs-unstable", not(feature = "aws-lc-rs-fips")))] |
214 | | aws_lc_rs::ML_DSA_65, |
215 | | #[cfg(all(feature = "aws-lc-rs-unstable", not(feature = "aws-lc-rs-fips")))] |
216 | | aws_lc_rs::ML_DSA_87, |
217 | | ]; |
218 | | |
219 | 0 | fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool { |
220 | 0 | a.as_slice_less_safe() == b.as_slice_less_safe() |
221 | 0 | } |