webpki/
lib.rs

Help
1// Copyright 2015 Brian Smith.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15//! webpki: Web PKI X.509 Certificate Validation.
16//!
17//! See `EndEntityCert`'s documentation for a description of the certificate
18//! processing steps necessary for a TLS connection.
19//!
20//! # Features
21//!
22//! | Feature | Description |
23//! | ------- | ----------- |
24//! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
25//! | `std` | Enable features that require libstd. Implies `alloc`. |
26
27#![cfg_attr(not(feature = "std"), no_std)]
28#![warn(unreachable_pub)]
29#![deny(warnings, missing_docs, clippy::as_conversions)]
30#![allow(
31    clippy::len_without_is_empty,
32    clippy::new_without_default,
33    clippy::single_match,
34    clippy::single_match_else,
35    clippy::type_complexity,
36    clippy::upper_case_acronyms
37)]
38// Enable documentation for all features on docs.rs
39#![cfg_attr(docsrs, feature(doc_cfg))]
40
41#[cfg(any(test, feature = "alloc"))]
42#[cfg_attr(test, macro_use)]
43extern crate alloc;
44
45#[macro_use]
46mod der;
47
48mod calendar;
49mod cert;
50mod end_entity;
51mod error;
52mod signed_data;
53mod subject_name;
54mod time;
55mod trust_anchor;
56
57mod crl;
58mod verify_cert;
59mod x509;
60
61#[allow(deprecated)]
62pub use trust_anchor::{TlsClientTrustAnchors, TlsServerTrustAnchors};
63
64#[cfg(test)]
65pub(crate) mod test_utils;
66
67pub use {
68    cert::{Cert, EndEntityOrCa},
69    crl::{BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, RevocationReason},
70    end_entity::EndEntityCert,
71    error::Error,
72    signed_data::{
73        SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256,
74        ECDSA_P384_SHA384, ED25519,
75    },
76    subject_name::{
77        AddrParseError, DnsNameRef, InvalidDnsNameError, InvalidSubjectNameError, IpAddrRef,
78        SubjectNameRef,
79    },
80    time::Time,
81    trust_anchor::TrustAnchor,
82    verify_cert::KeyUsage,
83};
84
85#[cfg(feature = "alloc")]
86pub use {
87    crl::{OwnedCertRevocationList, OwnedRevokedCert},
88    signed_data::{
89        RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
90        RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
91        RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
92    },
93    subject_name::{DnsName, IpAddr},
94};
95
96fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool {
97    a.as_slice_less_safe() == b.as_slice_less_safe()
98}
webpki/lib.rs

webpki/
lib.rs
