1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

/*
 *   __  __                 _     _       _
 *  |  \/  | ___  ___  __ _| |   (_)_ __ | | __
 *  | |\/| |/ _ \/ __|/ _` | |   | | '_ \| |/ /
 *  | |  | |  __/\__ \ (_| | |___| | | | |   <
 *  |_|  |_|\___||___/\__,_|_____|_|_| |_|_|\_\
 *
 * Copyright (c) 2017-2018, The MesaLink Authors.
 * All rights reserved.
 *
 * This work is licensed under the terms of the BSD 3-Clause License.
 * For a copy, see the LICENSE file.
 *
 */

//! # MesaLink: A safe, secure and OpenSSL-compatible TLS library
//!
//! Mesalink is a OpenSSL-compatible TLS library written in Rust, a programming
//! language that guaranteed memory safety and thread safety.
//!
//! ## Feature highlights
//!
//!  * **Memory safety**. MesaLink and its dependencies are written in
//!    [Rust](https://www.rust-lang.org), a programming language that guarantees
//!    memory safety. This extremely reduces attack surfaces of an TLS stack
//!    exposed in the wild, leaving the remaining attack surfaces auditable and
//!    restricted.
//!  * **Flexibility**. MesaLink offers flexible configurations tailored to
//!    various needs, for example IoT, connected home, automobiles, the cloud
//!    and more.
//!  * **Simplicity**. MesaLink does not support obselete or legacy TLS
//!    features, in case that misconfigurations introduce vulnerabilities.
//!  * **Compatibility**. MesaLink provides OpenSSL-compatible APIs. This makes
//!    it a breeze to port an existing OpenSSL project.
//!  * **Future proof**. MesaLink will support quantum-safe ciphersuites,
//!    safe-guarding TLS connections against even quantum computers.
//!
//! MesaLink depends on two Rust crates: [rustls](https://github.com/ctz/rustls)
//! and [sct](https://github.com/ctz/sct.rs). With them, MesaLink provides the
//! following features that are considered secure for most use cases:
//!
//! * TLS 1.2 and TLS 1.3 draft 23
//! * ECDSA or RSA server authentication
//! * Forced hostname validation
//! * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.
//! * Safe and fast crypto primitives from BoringSSL
//! * AES-128-GCM, AES-256-GCM and Chacha20-Poly1305 bulk encryption
//! * Built-in Mozilla's CA root certificates
//!

#![deny(trivial_numeric_casts, unused_qualifications)]
#![forbid(anonymous_parameters, unused_import_braces, unused_results, warnings)]

#[cfg(feature = "jemalloc_allocator")]
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;

// enum_to_str_derive for human-readable error numbers
#[cfg(feature = "error_strings")]
#[macro_use]
extern crate enum_to_u8_slice_derive;

use ring::rand;
use ring::rand::SecureRandom;

#[doc(hidden)]
pub(self) const MAGIC_SIZE: usize = 4;

use lazy_static::lazy_static;
lazy_static! {
    #[doc(hidden)]
    pub(self) static ref MAGIC: [u8; MAGIC_SIZE] = {
        let mut number = [0u8; MAGIC_SIZE];
        if rand::SystemRandom::new().fill(&mut number).is_ok() {
            number
        } else {
            panic!("Getrandom error");
        }
    };
}

#[doc(hidden)]
pub(crate) trait MesalinkOpaquePointerType {
    fn check_magic(&self) -> bool;
}

#[macro_use]
mod macros;

#[macro_use]
mod error_san;

/// The ssl module is the counterpart of the OpenSSL ssl library.
pub mod libssl;

/// The crypo module is the counterpart of the OpenSSL crypto library.
pub mod libcrypto;