Crate openssl_provider_forge

Expand description

§`openssl_provider_forge`

Report a Bug · Request a Feature · Ask a Question

!CAUTION

§Development in Progress

This project is currently in development and not yet ready for production use.

Expect changes to occur from time to time, and at this stage, some features may be unavailable.

Table of Contents

About

Roadmap
Support
Project assistance
Contributing
Authors & contributors
Security
License
Acknowledgements

§About

openssl_provider_forge is a Rust crate which contains FFI (Foreign Function Interface) bindings for OpenSSL 3.2+, specifically for its Core and Provider API.

This is different from the rust-openssl crate, which provides OpenSSL bindings for Rust applications.

In this crate, instead, we define constants and types useful to author OpenSSL Providers written in Rust. The goal of this crate is to facilitate interactions with OpenSSL Core, without a need to actually link or depend on a specific OpenSSL binary.

Particularly these abstractions cover:

(and their dependencies).

!NOTE Note on naming conventions

The name of the repository follows Github conventions, while the name of the corresponding crate follows crates.io conventions, so the former is openssl-provider-forge-rs while the latter is openssl_provider_forge.

§Roadmap

See the open issues for a list of proposed features (and known issues).

Top Feature Requests (Add your votes using the 👍 reaction)
Top Bugs (Add your votes using the 👍 reaction)
Newest Bugs

§Support

Reach out to the maintainers at one of the following places:

GitHub issues
security@romen.dev to disclose security issues according to our security documentation.
coc@romen.dev to report violations of our Code of Conduct.
Details about the GPG keys to encrypt reports are included in our security documentation.

§Project assistance

If you want to say thank you or/and support active development:

Add a GitHub Star to the project.
Mention this project on your social media of choice.
Write interesting articles about the project, and cite us.

Together, we can make openssl_provider_forge better!

§Contributing

The GitHub repository primarily serves as a mirror, and will be updated every time a new version is released. It might not always be updated with the latest commits in between releases. However, contributions are still very welcome!

Please read our contribution guidelines, and thank you for being involved!

§Authors & contributors

The original setup of this repository is by NISEC.

For a full list of all authors and contributors, see the contributors page.

§Security

In this project, we aim to follow good security practices, but 100% security cannot be assured. This crate is provided “as is” without any warranty. Use at your own risk.

For more information and to report security issues, please refer to our security documentation.

§License

This project is licensed under the Apache License, Version 2.0 (Apache-2.0).

Copyright 2023-2025 Tampere University

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

See LICENSE for more information.

§Acknowledgements

This work has been developed within the QUBIP project (https://www.qubip.eu), funded by the European Union under the Horizon Europe framework programme grant agreement no. 101119746.

§FFI Safety (OpenSSL)

Many of the fucntions exposed by this crate dereference raw pointers received from the OpenSSL FFI. When functions dereference raw pointers they should be marked as unsafe in Rust, and instruct the caller on safety requirements.

Such functions in most cases reference this section to describe the safety requirements.

The caller of any of these functions must ensure that the raw pointers:

originate from OpenSSL,
are properly aligned, non-dangling, and readable/writable as required,
remain valid for the duration of the call,
respects OpenSSL aliasing/lifetime invariants as required.

Re-exports§

pub use operations::keymgmt;
pub use crypto;

Modules§

bindings: These are bindgen-generated FFI (Foreign Function Interface) definitions for OpenSSL 3.2+, and specifically for its Core (openssl-core.h(7ossl)) and Provider (provider(7ossl), provider-base(7ossl)) APIs.
capabilities: In OpenSSL Capabilities describe some of the services that a provider can offer. Applications can query the capabilities to discover those services.
operations: This module provides traits, macros, and helper functions to facilitate the implementation of Operations for OpenSSL Providers (see provider(7ossl) for more details).
ossl_callback
osslparams: This module contains supported data types and functionality for working with OpenSSL Parameters (see OSSL_PARAM(3ossl)).
upcalls

Macros§

capability_tls_group_as_params: Converts a type implementing TLSGroup into an OpenSSL parameter array.
capability_tls_sigalg_as_params: Converts a type implementing TLSSigAlg into an OpenSSL parameter array.
decoder_make_does_selection_fn
dispatch_table_entry: A convenience macro to quickly declare a OSSL_DISPATCH table entry
generic_non_null_fn_ptr
handleResult: Match on a Result, evaluating to the wrapped value if it is Ok or returning ERROR_RET (which must already be defined) if it is Err.

Enums§

DTLSVersion: Represents DTLS protocol versions
TLSVersion: Represents TLS protocol versions

Type Aliases§

OurError