Crates.io | mbedtls |
lib.rs | mbedtls |
version | 0.13.0 |
source | src |
created_at | 2016-10-31 02:31:12.204616 |
updated_at | 2024-11-15 19:31:27.640041 |
description | Idiomatic Rust wrapper for MbedTLS, allowing you to use MbedTLS with only safe code while being able to use such great Rust features like error handling and closures. Building on MbedTLS's focus on embedded use, this crate can be used in a no_std environment. |
homepage | |
repository | https://github.com/fortanix/rust-mbedtls |
max_upload_size | |
id | 7049 |
size | 1,033,341 |
[!WARNING] The state of this repertory is changed to maintenance. We will not accept any more feature requests. Please check Change of status for details
This is an idiomatic Rust wrapper for MbedTLS, allowing you to use MbedTLS with only safe code while being able to use such great Rust features like error handling and closures.
Additionally, building on MbedTLS's focus on embedded use, this crate can be used in a no_std environment.
We discovered that mbedtls 3.4.X
is not thread safe and will not work properly with multiple threads. This problem will not be fixed in short time. And the new PSA approach does not match our needs.
So we now decided to stay on mbedtls 2.28.X
; and the state of this repertory is changed to maintenance. We will not accept any more feature requests.
Old code of mbedtls 3.X
on master
branch has been moved to branch mbedtls-3
.
Related issue: #320
Reference links:
This crate depends on the mbedtls-sys-auto crate, see below for build details.
This is a list of the Cargo features available for mbedtls. Features in
x509 Enable PKI functionality. The main code enabled by this feature is in
the x509
module.
ssl Enable ssl/tls functionality. The main code enabled by this feature is
in the ssl
module.
Note: The above features were introduced so that this crate could be used as a crypto (or PKI) only library.
bold are enabled by default.
mpi_force_c_code
feature in mbedtls-sysstd
feature is enabled,
this feature is ignored.chrono
support (e.g., implementation of conversion traits between x509::Time
and chrono
types)Unfortunately, the mbedtls-sys
crate on crates.io is claimed by another,
apparently inactive, project.
To use this crate, you will need to have clang and cmake installed, see below for details.
MbedTLS has a plethora of compile-time configuration options that significantly impact what functionality is available. To make sure Rust's view of MbedTLS matches up with what's built in C, MbedTLS must be configured using Cargo features (see next section) and built using mbedtls-sys's build script.
The mbedtls-sys crate includes the MbedTLS source code, the MbedTLS version
will have the same major.minor version as the crate. Instead of using the
provided source, you can specify the path to your own source tree using the
RUST_MBEDTLS_SYS_SOURCE
environment variable. It is not recommended to use a
custom source that is based on a different version of MbedTLS than the one
provided in the crate.
The build script will perform the following steps:
This is a list of the Cargo features available for mbedtls-sys. Features in bold are enabled by default.
mbedtls_aesni_has_support
and
mbedtls_padlock_has_support
following the MbedTLS
function signatures. On SGX, this feature is enabled
automatically.mbedtls_printf
function with the standard printf signature.calloc()
/free()
,
and strstr()
/strlen()
/strncpy()
/strncmp()
/strcmp()
/
snprintf()
, and memmove()
/memcpy()
/memcmp()
/memset()
, and
rand()
/printf()
. For printf()
, you can optionally use the
custom_printf
feature. rand()
is only needed for the selftests.
On UNIX platforms, this also enables networking, filesystems and OS
entropy.cfg(unix)
platforms, this uses
pthreads. On other platforms, you need to provide a custom
threading implementation. In a dependent crate, you must define
the functions mbedtls_mutex_init()
, mbedtls_mutex_free()
,
mbedtls_mutex_lock()
, and mbedtls_mutex_unlock()
following
the MbedTLS function signatures.cfg(unix)
platforms, this uses libc
. On
other platforms, you need to provide your own implementations of
mbedtls_platform_gmtime_r(const long long*, struct tm*)
and
mbedtls_time(long long*)
.For the complete mapping of features to config.h defines, see [mbedtls-sys/build/config.rs]. PRs adding new features are encouraged.
Instructions for updating to new MbedTLS source code releases in mbedtls-sys/
:
vendor/
and replace it with the contents of the distribution tarball.build/headers.rs
to generate the list of headers,
and update that file as appropriate.build/config.rs
vs. vendor/include/mbedtls/config.h
.Cargo.toml
version number.This Rust crate is designed for separating self-test code that needs to export Rust
functions and define C functions to be used by C mbedtls
. By separating this code,
different versions of Rust mbedtls
crates can be used within a single crate, which
helps to solve link name conflict errors.
Note: Although multiple versions of Rust mbedtls
crates can be used within a
single crate, only one mbedtls-selftest
and one mbedtls-sys-auto
crate can be
used since they are built as native libraries.
We gratefully accept bug reports and contributions from the community. By participating in this community, you agree to abide by Code of Conduct. All contributions are covered under the Developer's Certificate of Origin (DCO).
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
This project is primarily distributed under the terms of the Apache License version 2.0 and the GNU General Public License version 2, see LICENSE-APACHE and LICENSE-GPL for details.
MbedTLS is dual-licensed Apache-2.0 / GPL-2.0+, and so are the mbedtls
and
mbedtls-sys-auto
crates. However, the sources are distributed in two
different single-licensed tarballs. The authors of the mbedtls
and
mbedtls-sys-auto
crates do not warrant that the two versions of the
MbedTLS code are exactly the same. This repository includes the Apache-2.0
version. Since Apache-2.0 is compatible with GPL-3.0+ this is probably not an
issue for people whishing to use mbedtls-sys in a GPL-3.0+-licensed project,
but if you want to use it in a GPL-2.0-licensed project, you should probably
manually specify the GPL-2.0 source when building.