1 // Copyright 2015 Brian Smith.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 
15 //! webpki: Web PKI X.509 Certificate Validation.
16 //!
17 //! See `EndEntityCert`'s documentation for a description of the certificate
18 //! processing steps necessary for a TLS connection.
19 //!
20 //! # Features
21 //!
22 //! | Feature | Description |
23 //! | ------- | ----------- |
24 //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
25 //! | `std` | Enable features that require libstd. Implies `alloc`. |
26 
27 #![cfg_attr(not(feature = "std"), no_std)]
28 #![allow(
29     clippy::doc_markdown,
30     clippy::if_not_else,
31     clippy::inline_always,
32     clippy::items_after_statements,
33     clippy::missing_errors_doc,
34     clippy::module_name_repetitions,
35     clippy::single_match,
36     clippy::single_match_else
37 )]
38 #![deny(clippy::as_conversions)]
39 
40 #[cfg(any(test, feature = "alloc"))]
41 #[cfg_attr(test, macro_use)]
42 extern crate alloc;
43 
44 mod budget;
45 
46 #[macro_use]
47 mod der;
48 
49 mod calendar;
50 mod cert;
51 mod end_entity;
52 mod error;
53 mod name;
54 mod signed_data;
55 mod time;
56 mod trust_anchor;
57 
58 mod verify_cert;
59 
60 pub use {
61     end_entity::EndEntityCert,
62     error::{Error, ErrorExt},
63     name::{DnsNameRef, InvalidDnsNameError},
64     signed_data::{
65         SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256,
66         ECDSA_P384_SHA384, ED25519,
67     },
68     time::Time,
69     trust_anchor::{TlsClientTrustAnchors, TlsServerTrustAnchors, TrustAnchor},
70 };
71 
72 #[cfg(feature = "alloc")]
73 pub use {
74     name::DnsName,
75     signed_data::{
76         RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
77         RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
78         RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
79     },
80 };
81 
82 #[cfg(feature = "alloc")]
83 #[allow(unknown_lints, clippy::upper_case_acronyms)]
84 #[deprecated(note = "Use DnsName")]
85 pub type DNSName = DnsName;
86 
87 #[deprecated(note = "use DnsNameRef")]
88 #[allow(unknown_lints, clippy::upper_case_acronyms)]
89 pub type DNSNameRef<'a> = DnsNameRef<'a>;
90 
91 #[deprecated(note = "use TlsServerTrustAnchors")]
92 #[allow(unknown_lints, clippy::upper_case_acronyms)]
93 pub type TLSServerTrustAnchors<'a> = TlsServerTrustAnchors<'a>;
94 
95 #[deprecated(note = "use TlsClientTrustAnchors")]
96 #[allow(unknown_lints, clippy::upper_case_acronyms)]
97 pub type TLSClientTrustAnchors<'a> = TlsClientTrustAnchors<'a>;
98 
99 // We don't operate on secret data so a convenient comparison function is warranted.
100 #[must_use]
equal(a: untrusted::Input, b: untrusted::Input) -> bool101 fn equal(a: untrusted::Input, b: untrusted::Input) -> bool {
102     a.as_slice_less_safe() == b.as_slice_less_safe()
103 }
104