1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
/*
* __ __ _ _ _
* | \/ | ___ ___ __ _| | (_)_ __ | | __
* | |\/| |/ _ \/ __|/ _` | | | | '_ \| |/ /
* | | | | __/\__ \ (_| | |___| | | | | <
* |_| |_|\___||___/\__,_|_____|_|_| |_|_|\_\
*
* Copyright (c) 2017-2018, The MesaLink Authors.
* All rights reserved.
*
* This work is licensed under the terms of the BSD 3-Clause License.
* For a copy, see the LICENSE file.
*
*/
//! # MesaLink: A safe, secure and OpenSSL-compatible TLS library
//!
//! Mesalink is a OpenSSL-compatible TLS library written in Rust, a programming
//! language that guaranteed memory safety and thread safety.
//!
//! ## Feature highlights
//!
//! * **Memory safety**. MesaLink and its dependencies are written in
//! [Rust](https://www.rust-lang.org), a programming language that guarantees
//! memory safety. This extremely reduces attack surfaces of an TLS stack
//! exposed in the wild, leaving the remaining attack surfaces auditable and
//! restricted.
//! * **Flexibility**. MesaLink offers flexible configurations tailored to
//! various needs, for example IoT, connected home, automobiles, the cloud
//! and more.
//! * **Simplicity**. MesaLink does not support obselete or legacy TLS
//! features, in case that misconfigurations introduce vulnerabilities.
//! * **Compatibility**. MesaLink provides OpenSSL-compatible APIs. This makes
//! it a breeze to port an existing OpenSSL project.
//! * **Future proof**. MesaLink will support quantum-safe ciphersuites,
//! safe-guarding TLS connections against even quantum computers.
//!
//! MesaLink depends on two Rust crates: [rustls](https://github.com/ctz/rustls)
//! and [sct](https://github.com/ctz/sct.rs). With them, MesaLink provides the
//! following features that are considered secure for most use cases:
//!
//! * TLS 1.2 and TLS 1.3 draft 23
//! * ECDSA or RSA server authentication
//! * Forced hostname validation
//! * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.
//! * Safe and fast crypto primitives from BoringSSL
//! * AES-128-GCM, AES-256-GCM and Chacha20-Poly1305 bulk encryption
//! * Built-in Mozilla's CA root certificates
//!
#![deny(trivial_numeric_casts, unused_qualifications)]
#![forbid(anonymous_parameters, unused_import_braces, unused_results, warnings)]
#[cfg(feature = "jemalloc_allocator")]
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
// enum_to_str_derive for human-readable error numbers
#[cfg(feature = "error_strings")]
#[macro_use]
extern crate enum_to_u8_slice_derive;
use ring::rand;
use ring::rand::SecureRandom;
#[doc(hidden)]
pub(self) const MAGIC_SIZE: usize = 4;
use lazy_static::lazy_static;
lazy_static! {
#[doc(hidden)]
pub(self) static ref MAGIC: [u8; MAGIC_SIZE] = {
let mut number = [0u8; MAGIC_SIZE];
if rand::SystemRandom::new().fill(&mut number).is_ok() {
number
} else {
panic!("Getrandom error");
}
};
}
#[doc(hidden)]
pub(crate) trait MesalinkOpaquePointerType {
fn check_magic(&self) -> bool;
}
#[macro_use]
mod macros;
#[macro_use]
mod error_san;
/// The ssl module is the counterpart of the OpenSSL ssl library.
pub mod libssl;
/// The crypo module is the counterpart of the OpenSSL crypto library.
pub mod libcrypto;