pub fn load_extension(
path: &Path,
expected_checksum: Option<&str>,
) -> Result<Arc<dyn Extension>>Expand description
Load a single extension from a shared library.
§Integrity (audit F-2)
expected_checksum is the SHA-256 hex digest that the caller (e.g. the
package manager’s lockfile reader) has on record for this binary. When
Some, the binary is hashed before loading and rejected on mismatch —
this is the supply-chain integrity gate for native extensions, which
otherwise run arbitrary in-process code with no sandbox (libloading +
unsafe extern "C" entry). When None, the caller is opting out of
verification explicitly; this is reserved for locally-built extensions
the user just compiled and trusts by construction.
The hash comparison is constant-time on the hex string length via
subtle::ConstantTimeEq if the subtle dep is added; until then
eq_ignore_ascii_case is used (timing leak is negligible here since
the hash is not a secret and an attacker who can swap the binary
already controls the comparison outcome).
§Safety
The loaded library must export oxi_extension_create returning a valid
pointer to a dyn Extension. The library must have been compiled with
a compatible Rust toolchain version.