THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Safe, fast, zero-panic, zero-crashing, zero-allocation parsing of untrusted inputs in Rust.
untrusted.rs is 100% Rust with no use of
unsafe. It never uses the heap.
No part of untrusted.rs's API will ever panic or cause a crash. It is
#![no_std] and so it works perfectly with both libcore- and libstd- based
projects. It does not depend on any crates other than libcore.
See the documentation at https://briansmith.org/rustdoc/untrusted/.
To use untrusted.rs in your project, add a dependency to your Cargo.toml like this:
[dependencies] untrusted = "0.2"
ring's parser for the subset of ASN.1
DER it needs to understand,
built on top of untrusted.rs. ring also uses untrusted.rs to parse ECC public
keys, RSA PKCS#1 1.5 padding, and everything else.
All of webpki's parsing of X.509 certificates (also ASN.1 DER) is done using untrusted.rs.
When contributing changes, state that you agree to license your contribution under the same terms as the existing code by putting this at the bottom of your commit message:
I agree to license my contributions to each file under the terms given at the top of each file I changed.
Currently, the biggest needs for this library are:
- Unit tests.
- More examples.
- Static analysis and fuzzing.
Online Automated Testing
Travis CI is used for Android, Linux, and Mac OS X. The tests are run for the
current release of each Rust channel (Stable, Beta, Nightly). Since
untrusted.rs only depends on libcore and it only uses 100% cross-platform code
unsafe, it should work anywhere as long as these platforms are
Please report bugs either as pull requests or as issues in the issue tracker. untrusted.rs has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.
See LICENSE.txt, an ISC-style (simplified MIT) license.