rustls/lib.rs
1//! # Rustls - a modern TLS library
2//!
3//! Rustls is a TLS library that aims to provide a good level of cryptographic security,
4//! requires no configuration to achieve that security, and provides no unsafe features or
5//! obsolete cryptography by default.
6//!
7//! Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full
8//! list of protocol features](manual::_04_features).
9//!
10//! ### Platform support
11//!
12//! While Rustls itself is platform independent, it requires the use of cryptography primitives
13//! for implementing the cryptography algorithms used in TLS. In Rustls, a
14//! [`crypto::CryptoProvider`] represents a collection of crypto primitive implementations.
15//!
16//! By providing a custom instance of the [`crypto::CryptoProvider`] struct, you
17//! can replace all cryptography dependencies of rustls. This is a route to being portable
18//! to a wider set of architectures and environments, or compliance requirements. See the
19//! [`crypto::CryptoProvider`] documentation for more details.
20//!
21//! [`crypto::CryptoProvider`]: crate::crypto::CryptoProvider
22//!
23//! ### Cryptography providers
24//!
25//! Since Rustls 0.22 it has been possible to choose the provider of the cryptographic primitives
26//! that Rustls uses. This may be appealing if you have specific platform, compliance or feature
27//! requirements.
28//!
29//! From 0.24, users must explicitly provide a crypto provider when constructing `ClientConfig` or
30//! `ServerConfig` instances. See the [`crypto::CryptoProvider`] documentation for more details.
31//!
32//! #### First-party providers
33//!
34//! The Rustls project currently maintains two cryptography providers:
35//!
36//! * [`rustls-aws-lc-rs`] - a provider that uses the [`aws-lc-rs`] crate for cryptography.
37//! While this provider can be harder to build on [some platforms][aws-lc-rs-platforms-faq], it provides excellent
38//! performance and a complete feature set (including post-quantum algorithms).
39//! * [`rustls-ring`] - a provider that uses the [`ring`] crate for cryptography. This
40//! provider is easier to build on a variety of platforms, but has a more limited feature set
41//! (for example, it does not support post-quantum algorithms).
42//!
43//! The Rustls team recommends using the [`rustls-aws-lc-rs`] crate for its complete feature set
44//! and performance. See [the aws-lc-rs FAQ][aws-lc-rs-platforms-faq] for more details of the
45//! platform/architecture support constraints in aws-lc-rs.
46//!
47//! See the documentation for [`crypto::CryptoProvider`] for details on how providers are
48//! selected.
49//!
50//! (For rustls versions prior to 0.24, both of these providers were shipped as part of the rustls
51//! crate, and Cargo features were used to select the preferred provider. The `aws-lc-rs` feature
52//! was enabled by default.)
53//!
54//! [`rustls-aws-lc-rs`]: https://crates.io/crates/rustls-aws-lc-rs
55//! [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs
56//! [aws-lc-rs-platforms-faq]: https://aws.github.io/aws-lc-rs/faq.html#can-i-run-aws-lc-rs-on-x-platform-or-architecture
57//! [`rustls-ring`]: https://crates.io/crates/rustls-ring
58//! [`ring`]: https://crates.io/crates/ring
59//!
60//! #### Third-party providers
61//!
62//! The community has also started developing third-party providers for Rustls:
63//!
64//! * [`boring-rustls-provider`] - a work-in-progress provider that uses [`boringssl`] for
65//! cryptography.
66//! * [`rustls-ccm`] - adds AES-CCM cipher suites (TLS 1.2 and 1.3) using [`RustCrypto`], for IoT/constrained-device protocols (IEEE 2030.5, Matter, RFC 7925).
67//! * [`rustls-graviola`] - a provider that uses [`graviola`] for cryptography.
68//! * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography.
69//! * [`rustls-openssl`] - a provider that uses [OpenSSL] for cryptography.
70//! * [`rustls-rustcrypto`] - an experimental provider that uses the crypto primitives
71//! from [`RustCrypto`] for cryptography.
72//! * [`rustls-symcrypt`] - a provider that uses Microsoft's [SymCrypt] library.
73//! * [`rustls-wolfcrypt-provider`] - a work-in-progress provider that uses [`wolfCrypt`] for cryptography.
74//!
75//! [`rustls-ccm`]: https://github.com/jsulmont/rustls-ccm
76//! [`rustls-graviola`]: https://crates.io/crates/rustls-graviola
77//! [`graviola`]: https://github.com/ctz/graviola
78//! [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider
79//! [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls
80//! [`rustls-openssl`]: https://github.com/tofay/rustls-openssl
81//! [OpenSSL]: https://openssl-library.org/
82//! [`rustls-symcrypt`]: https://github.com/microsoft/rustls-symcrypt
83//! [SymCrypt]: https://github.com/microsoft/SymCrypt
84//! [`boring-rustls-provider`]: https://github.com/janrueth/boring-rustls-provider
85//! [`boringssl`]: https://github.com/google/boringssl
86//! [`rustls-rustcrypto`]: https://github.com/RustCrypto/rustls-rustcrypto
87//! [`RustCrypto`]: https://github.com/RustCrypto
88//! [`rustls-wolfcrypt-provider`]: https://github.com/wolfSSL/rustls-wolfcrypt-provider
89//! [`wolfCrypt`]: https://www.wolfssl.com/products/wolfcrypt
90//!
91//! See the [Making a custom CryptoProvider] section of the documentation for more information
92//! on this topic.
93//!
94//! [Making a custom CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#making-a-custom-cryptoprovider
95//!
96//! ## Design overview
97//!
98//! Rustls is a low-level library. If your goal is to make HTTPS connections you may prefer
99//! to use a library built on top of Rustls like [hyper] or [ureq].
100//!
101//! [hyper]: https://crates.io/crates/hyper
102//! [ureq]: https://crates.io/crates/ureq
103//!
104//! ### Rustls does not take care of network IO
105//! It doesn't make or accept TCP connections, or do DNS, or read or write files.
106//!
107//! Our [examples] directory contains demos that show how to handle I/O using the
108//! `rustls_util::Stream` helper, as well as more complex asynchronous I/O using [`mio`].
109//! If you're already using Tokio for an async runtime you may prefer to use [`tokio-rustls`] instead
110//! of interacting with rustls directly.
111//!
112//! [examples]: https://github.com/rustls/rustls/tree/main/examples
113//! [`tokio-rustls`]: https://github.com/rustls/tokio-rustls
114//!
115//! ### Rustls provides encrypted pipes
116//! These are the [`ServerConnection`] and [`ClientConnection`] types. You supply raw TLS traffic
117//! on the left (via the [`TlsInputBuffer`] supplied to [`process_new_packets()`], and [`write_tls()`] methods)
118//! and then read/write the plaintext on the right:
119//!
120//! [`write_tls()`]: Connection::write_tls
121//! [`process_new_packets()`]: Connection::process_new_packets
122//!
123//! ```text
124//! TLS Plaintext
125//! === =========
126//! process_new_packets() +-----------------------+ reader() as io::Read
127//! | |
128//! +---------> ClientConnection +--------->
129//! | or |
130//! <---------+ ServerConnection <---------+
131//! | |
132//! write_tls() +-----------------------+ writer() as io::Write
133//! ```
134//!
135//! ### Rustls takes care of server certificate verification
136//! You do not need to provide anything other than a set of root certificates to trust.
137//! Certificate verification cannot be turned off or disabled in the main API.
138//!
139//! ## Getting started
140//! This is the minimum you need to do to make a TLS client connection.
141//!
142//! First we load some root certificates. These are used to authenticate the server.
143//! The simplest way is to depend on the [`webpki_roots`] crate which contains
144//! the Mozilla set of root certificates.
145//!
146//! ```rust,no_run
147//! let root_store = rustls::RootCertStore::from_iter(
148//! webpki_roots::TLS_SERVER_ROOTS
149//! .iter()
150//! .cloned(),
151//! );
152//! ```
153//!
154//! [`webpki_roots`]: https://crates.io/crates/webpki-roots
155//!
156//! Next, we make a `ClientConfig`. You're likely to make one of these per process,
157//! and use it for all connections made by that process.
158//!
159//! ```rust,no_run
160//! # let DEFAULT_PROVIDER = rustls::crypto::CryptoProvider::get_default().unwrap().clone();
161//! # let root_store: rustls::RootCertStore = panic!();
162//! let config = rustls::ClientConfig::builder(DEFAULT_PROVIDER)
163//! .with_root_certificates(root_store)
164//! .with_no_client_auth()
165//! .unwrap();
166//! ```
167//!
168//! Now we can make a connection. You need to provide the server's hostname so we
169//! know what to expect to find in the server's certificate.
170//!
171//! ```rust,no_run
172//! # use rustls;
173//! # use webpki;
174//! # use std::sync::Arc;
175//! # let DEFAULT_PROVIDER = rustls::crypto::CryptoProvider::get_default().unwrap().clone();
176//! # let root_store = rustls::RootCertStore::from_iter(
177//! # webpki_roots::TLS_SERVER_ROOTS
178//! # .iter()
179//! # .cloned(),
180//! # );
181//! # let client_config = Arc::new(rustls::ClientConfig::builder(DEFAULT_PROVIDER)
182//! # .with_root_certificates(root_store)
183//! # .with_no_client_auth()
184//! # .unwrap());
185//!
186//! let example_com = "example.com".try_into().unwrap();
187//! let mut client = client_config.connect(example_com)
188//! .build()
189//! .unwrap();
190//! ```
191//!
192//! Now you should do appropriate IO for the `client` object. If `client.wants_read()` yields
193//! true, you should call `client.process_new_packets()` with the data from the underlying connection.
194//! Likewise, if `client.wants_write()` yields true, you should call `client.write_tls()`
195//! when the underlying connection is able to send data. You should continue doing this
196//! as long as the connection is valid.
197//!
198//! Any error returned from `process_new_packets()` is fatal to the connection, and will tell you
199//! why. For example, if the server's certificate is expired `process_new_packets()` will
200//! return `Err(InvalidCertificate(Expired))`. From this point on,
201//! `process_new_packets()` will not do any new work and will return that error continually.
202//!
203//! You can extract newly received data by calling `client.reader()` (which implements the
204//! `io::Read` trait). You can send data to the peer by calling `client.writer()` (which
205//! implements `io::Write` trait). Note that `client.writer().write()` buffers data you
206//! send if the TLS connection is not yet established: this is useful for writing (say) a
207//! HTTP request, but this is buffered so avoid large amounts of data.
208//!
209//! The following code uses a fictional socket IO API for illustration, and does not handle
210//! errors.
211//!
212//! ```rust,no_run
213//! # let mut client: rustls::ClientConnection = panic!();
214//! # struct Socket { }
215//! # impl Socket {
216//! # fn ready_for_write(&self) -> bool { false }
217//! # fn ready_for_read(&self) -> bool { false }
218//! # fn wait_for_something_to_happen(&self) { }
219//! # }
220//! #
221//! # use std::io::{Read, Write, Result};
222//! # impl Read for Socket {
223//! # fn read(&mut self, buf: &mut [u8]) -> Result<usize> { panic!() }
224//! # }
225//! # impl Write for Socket {
226//! # fn write(&mut self, buf: &[u8]) -> Result<usize> { panic!() }
227//! # fn flush(&mut self) -> Result<()> { panic!() }
228//! # }
229//! #
230//! # fn connect(_address: &str, _port: u16) -> Socket {
231//! # panic!();
232//! # }
233//! use std::io;
234//! use rustls::{Connection, VecInput};
235//!
236//! client.writer().write(b"GET / HTTP/1.0\r\n\r\n").unwrap();
237//! let mut socket = connect("example.com", 443);
238//! let mut input = VecInput::default();
239//! loop {
240//! if client.wants_read() && socket.ready_for_read() {
241//! input.read(&mut socket).unwrap();
242//! client.process_new_packets(&mut input).unwrap();
243//!
244//! let mut plaintext = Vec::new();
245//! client.reader().read_to_end(&mut plaintext).unwrap();
246//! io::stdout().write(&plaintext).unwrap();
247//! }
248//!
249//! if client.wants_write() && socket.ready_for_write() {
250//! client.write_tls(&mut socket).unwrap();
251//! }
252//!
253//! socket.wait_for_something_to_happen();
254//! }
255//! ```
256//!
257//! # Examples
258//!
259//! You can find several client and server examples of varying complexity in the [examples]
260//! directory, including [`tlsserver-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs)
261//! and [`tlsclient-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsclient-mio.rs)
262//! \- full worked examples using [`mio`].
263//!
264//! [`mio`]: https://docs.rs/mio/latest/mio/
265//!
266//! # Manual
267//!
268//! The [rustls manual](crate::manual) explains design decisions and includes how-to guidance.
269//!
270//! # Crate features
271//! Here's a list of what features are exposed by the rustls crate and what
272//! they mean.
273//!
274//! - `std` (enabled by default): enable the high-level (buffered) Connection API and other functionality
275//! which relies on the `std` library.
276//!
277//! - `log` (enabled by default): make the rustls crate depend on the `log` crate.
278//! rustls outputs interesting protocol-level messages at `trace!` and `debug!` level,
279//! and protocol-level errors at `warn!` and `error!` level. The log messages do not
280//! contain secret key data, and so are safe to archive without affecting session security.
281//!
282//! - `webpki` (enabled by default): make the rustls crate depend on the `rustls-webpki` crate, which
283//! is used by default to provide built-in certificate verification. Without this feature, users must
284//! provide certificate verification themselves.
285//!
286//! - `brotli`: uses the `brotli` crate for RFC8879 certificate compression support.
287//!
288//! - `zlib`: uses the `zlib-rs` crate for RFC8879 certificate compression support.
289//!
290//! [x25519mlkem768-manual]: manual::_05_defaults#about-the-post-quantum-secure-key-exchange-x25519mlkem768
291
292// Require docs for public APIs, deny unsafe code, etc.
293#![warn(missing_docs, clippy::exhaustive_enums, clippy::exhaustive_structs)]
294#![forbid(unsafe_code, unused_must_use)]
295#![cfg_attr(not(any(bench, coverage_nightly)), forbid(unstable_features))]
296// Enable documentation for all features on docs.rs
297#![cfg_attr(rustls_docsrs, feature(doc_cfg))]
298// Enable coverage() attr for nightly coverage builds, see
299// <https://github.com/rust-lang/rust/issues/84605>
300// (`coverage_nightly` is a cfg set by `cargo-llvm-cov`)
301#![cfg_attr(coverage_nightly, feature(coverage_attribute))]
302#![cfg_attr(bench, feature(test))]
303#![no_std]
304
305extern crate alloc;
306// This `extern crate` plus the `#![no_std]` attribute changes the default prelude from
307// `std::prelude` to `core::prelude`. That forces one to _explicitly_ import (`use`) everything that
308// is in `std::prelude` but not in `core::prelude`. This helps maintain no-std support as even
309// developers that are not interested in, or aware of, no-std support and / or that never run
310// `cargo build --no-default-features` locally will get errors when they rely on `std::prelude` API.
311extern crate std;
312
313#[cfg(doc)]
314use crate::crypto::CryptoProvider;
315
316// Import `test` sysroot crate for `Bencher` definitions.
317#[cfg(bench)]
318#[allow(unused_extern_crates)]
319extern crate test;
320
321// log for logging (optional).
322#[cfg(feature = "log")]
323#[expect(clippy::single_component_path_imports)]
324use log;
325
326#[cfg(not(feature = "log"))]
327mod log {
328 macro_rules! trace ( ($($tt:tt)*) => { crate::log::_used!($($tt)*) } );
329 macro_rules! debug ( ($($tt:tt)*) => { crate::log::_used!($($tt)*) } );
330 macro_rules! error ( ($($tt:tt)*) => { crate::log::_used!($($tt)*) } );
331 macro_rules! _warn ( ($($tt:tt)*) => { crate::log::_used!($($tt)*) } );
332 macro_rules! _used ( ($($tt:tt)*) => { { let _ = format_args!($($tt)*); } } );
333 pub(crate) use _used;
334 pub(crate) use _warn as warn;
335 pub(crate) use debug;
336 pub(crate) use error;
337 pub(crate) use trace;
338}
339
340/// This internal `sync` module aliases the `Arc` implementation to allow downstream forks
341/// of rustls targeting architectures without atomic pointers to replace the implementation
342/// with another implementation such as `portable_atomic_util::Arc` in one central location.
343mod sync {
344 #[expect(clippy::disallowed_types)]
345 pub(crate) type Arc<T> = alloc::sync::Arc<T>;
346}
347
348#[expect(unnameable_types)]
349#[macro_use]
350mod msgs;
351mod common_state;
352pub mod compress;
353mod conn;
354/// Crypto provider interface.
355pub mod crypto;
356pub mod error;
357mod hash_hs;
358mod limited_cache;
359mod tls12;
360mod tls13;
361mod vecbuf;
362mod verify;
363mod x509;
364#[macro_use]
365mod check;
366mod bs_debug;
367mod builder;
368pub mod enums;
369mod key_log;
370mod suites;
371mod versions;
372#[cfg(feature = "webpki")]
373mod webpki;
374
375/// Internal classes that are used in integration tests.
376/// The contents of this section DO NOT form part of the stable interface.
377#[doc(hidden)]
378pub mod internal {
379 pub use crate::msgs::fuzzing;
380}
381
382// The public interface is:
383pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier};
384pub use crate::common_state::{CommonState, ConnectionOutputs, HandshakeKind};
385pub use crate::conn::{
386 Connection, IoState, KeyingMaterialExporter, Reader, SideData, SliceInput, TlsInputBuffer,
387 VecInput, Writer, kernel,
388};
389/// Types related to "split" mode.
390///
391/// See [`split::SplitConnection`] for more information.
392pub mod split {
393 pub use crate::conn::split::{
394 FlushSender, ReceiveTraffic, ReceiveTrafficState, ReceivedApplicationData, SendTraffic,
395 SplitConnection,
396 };
397}
398pub use crate::error::Error;
399pub use crate::key_log::{KeyLog, NoKeyLog};
400pub use crate::suites::{
401 CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite,
402};
403pub use crate::ticketer::TicketRotator;
404pub use crate::tls12::Tls12CipherSuite;
405pub use crate::tls13::Tls13CipherSuite;
406pub use crate::verify::{DigitallySignedStruct, DistinguishedName, SignerPublicKey};
407pub use crate::versions::{ALL_VERSIONS, DEFAULT_VERSIONS, SupportedProtocolVersion};
408#[cfg(feature = "webpki")]
409pub use crate::webpki::RootCertStore;
410
411/// Items for use in a client.
412pub mod client;
413pub use client::{ClientConfig, ClientConnection};
414
415/// Items for use in a server.
416pub mod server;
417pub use server::{ServerConfig, ServerConnection};
418
419/// All defined protocol versions appear in this module.
420///
421/// ALL_VERSIONS is provided as an array of all of these values.
422pub mod version {
423 pub use crate::versions::{
424 TLS12, TLS12_VERSION, TLS13, TLS13_VERSION, Tls12Version, Tls13Version,
425 };
426}
427
428/// Re-exports the contents of the [rustls-pki-types](https://docs.rs/rustls-pki-types) crate for easy access
429pub mod pki_types {
430 #[doc(no_inline)]
431 pub use pki_types::*;
432}
433
434/// APIs for implementing QUIC TLS
435pub mod quic;
436
437/// APIs for implementing TLS tickets
438pub mod ticketer;
439
440/// This is the rustls manual.
441pub mod manual;
442
443pub mod time_provider;
444
445/// APIs abstracting over locking primitives.
446pub mod lock;
447
448mod hash_map {
449 pub(crate) use std::collections::HashMap;
450 pub(crate) use std::collections::hash_map::Entry;
451}
452
453mod sealed {
454 #[expect(unnameable_types)]
455 pub trait Sealed {}
456}
457
458mod core_hash_polyfill {
459 use core::hash::Hasher;
460
461 /// Working around `core::hash::Hasher` not being dyn-compatible
462 pub(super) struct DynHasher<'a>(pub(crate) &'a mut dyn Hasher);
463
464 impl Hasher for DynHasher<'_> {
465 fn finish(&self) -> u64 {
466 self.0.finish()
467 }
468
469 fn write(&mut self, bytes: &[u8]) {
470 self.0.write(bytes)
471 }
472 }
473}
474
475pub(crate) use core_hash_polyfill::DynHasher;