e8fc907da3
Expose EC_GROUP_get_cofactor as EcGroup::cofactor
2019-06-14 16:41:47 +02:00
390d71f1e5
Expose EC_GROUP_get0_generator as EcGroup::generator
2019-06-13 03:09:45 +02:00
fab6ea4727
Conditionally compile PEM functions for CMS
...
Apparently libressl does not quite support all CMS functions (well, at
least the bindings for CMS are currently compile-time guarded), so CI
checks inside the systest fail during the verification on libressl.
This is an attempt to fix it.
2019-06-12 16:48:16 +02:00
124c05d058
Add `CmsContentInfo` <-> PEM bindings
2019-06-12 10:23:48 +02:00
b9341856b1
Add AES_wrap_key and AES_unwrap_key functionality
2019-06-05 21:03:34 -06:00
ef86438a10
Report the vendored install location
...
Closes #1117
2019-05-31 19:08:58 -07:00
958c1811b0
Fix constness for 1.1.1c
2019-05-31 07:29:00 -07:00
b6d968b378
Release openssl-sys v0.9.47
2019-05-18 12:10:57 -07:00
628c3b338a
Add SSL_CTX_add_client_CA on OpenSSL
2019-05-13 15:08:02 +01:00
aabaf97935
Release openssl-sys v0.9.46
2019-05-08 18:44:41 -07:00
a9b9f818a1
Merge pull request #1097 from vishwin/master
...
Support LibreSSL 2.9.1
2019-05-08 18:40:18 -07:00
2f5ecb4267
Release openssl-sys v0.9.45
2019-05-03 19:52:18 -07:00
62b211990f
Revert "fix build err for taget `*-pc-windows-gnu`"
2019-05-03 18:44:53 -07:00
06577cbf9c
Switch from `rustc_version` to `autocfg`
...
This switches the `openssl-sys` crate from using `rustc_version` as a
crate to check the version of rustc to using `autocfg`. While
functionally the same this has a few advantages:
* The `autocfg` crate has fewer dependencies and compiles faster
* If the `semver` crate has the `serde` feature activated, turns out
`openssl-sys` gets compiled quite late in the dependency graph which
can push back further C compilations. This is due to the slower
compilation time of `serde` itself.
* The `autocfg` crate I believe is a bit more robust in terms of being
flexible with the output of rustc itself.
2019-05-01 08:09:40 -07:00
3331908a1d
Release openssl v0.10.21
2019-04-30 21:59:02 -07:00
dedbcc6570
Release v0.9.44
2019-04-30 21:54:53 -07:00
995f9a9533
Whitelist future LibreSSL 2.9.x versions, as 2.9.1 is the first stable release.
2019-04-26 14:35:11 -04:00
844c3c445a
fix build err for taget `*-pc-windows-gnu`
2019-04-26 15:27:16 +08:00
d79090a00a
Reconcile exdata and version functions between libraries/versions.
2019-04-24 23:15:56 -04:00
98f91769e3
Add missing any() in the {,D}TLS_method usage logic.
2019-04-24 19:29:01 -04:00
f0b8a2e467
Support LibreSSL 2.9.1
...
LibreSSL 2.9.1 added generic DTLS methods.
While here, bump CircleCI.
2019-04-24 16:08:42 -04:00
865c613de3
Fix requiret ossl version for EVP_PKEY_size
2019-04-23 12:36:42 +02:00
f40a328d43
Remove unnecessary version req and clean up param names.
2019-04-18 10:47:50 +02:00
63c7bda0c2
Add minimum ossl version.
2019-04-15 13:41:54 +02:00
08879ed512
Add EVP_Seal and EVP_Open
2019-04-15 00:54:49 +02:00
6b0583b7c4
Tell dependencies if vendored OpenSSL was used
...
The system OpenSSL knows where its certificates are. If
DEP_OPENSSL_VENDORED is not set:
- openssl-probe doesn't need to set any environment variables and can
get the paths from OpenSSL itself.
- Libraries that normally use `openssl_probe::probe()` and
`SSL_CTX_load_verify_locations` can instead use
`SSL_CTX_set_default_verify_paths`.
2019-04-03 18:01:49 +03:00
a6b6648a62
Release openssl-sys v0.9.43
2019-03-20 10:39:09 -04:00
702bc48b1c
Expose EC_GROUP_get_curve_name()
...
This gives us the ability to get the Nid from an EcGroupRef.
2019-03-19 11:10:35 -04:00
d9cb5433b1
Expose EVP_MD_type()
...
This gives us the ability to get the Nid from a MessageDigest.
2019-03-19 11:10:35 -04:00
27494508bf
Fix deprecation warning
2019-03-11 21:35:21 -07:00
a0e5b31799
X.509: add verify methods
2019-03-11 22:35:43 +01:00
546eb4d391
CMS: add encrypt, from_der
2019-03-02 00:33:52 +01:00
0dd632456f
Release openssl-sys v0.9.42
2019-03-01 12:38:18 -08:00
404b7f1790
Add session cache size accessors
2019-03-01 10:07:51 -08:00
a16482f972
Add session info accessors
2019-02-28 22:08:48 -08:00
913267e68a
Add SslCtx::{add,remove}_session
2019-02-28 19:48:10 -08:00
55fee497bb
Implement Clone for Dsa
2019-02-28 14:10:49 -05:00
953fe86b9a
Add ERR_PACK
...
Also make error functions const when targeting a new enough rustc
2019-02-27 21:50:39 -08:00
5faeeb5c61
Merge pull request #1070 from sfackler/build-script-cleanup
...
Build script cleanup
2019-02-27 21:28:45 -08:00
2474bce3db
Don't dynamically generate expando.c
2019-02-27 21:14:46 -08:00
25f750c223
Add some debugability to build script env
...
Also split finding logic out to separate files
2019-02-26 20:45:10 -08:00
297804b2d9
typo
2019-02-26 20:38:04 -08:00
ab298d0264
Fix const changes in 1.1.1b
2019-02-26 20:31:01 -08:00
4c6af10cbd
Release openssl-sys v0.9.41
2019-02-22 10:50:16 -07:00
70afbb8393
Add standard ciphername support
2019-02-22 10:33:12 -07:00
7eee39f1ec
Rustfmt
2019-02-22 10:14:15 -07:00
899fc30e9b
Change from EVP_des_ede3_cfb to EVP_des_ede3_cfb64
2019-02-18 19:35:00 +09:00
941a69a4d2
Add des_ede3_cfb symm cipher
2019-02-17 22:21:01 +09:00
34755f8a6b
ASN1_TIME_from_string_x509 was added in 1.1.1
2019-01-27 13:14:11 -08:00
691ce7ca2a
Add Asn1Time::from_str and Asn1Time::from_str_x509
...
Closes #1051
2019-01-27 13:05:03 -08:00
637228e7ee
SRP_CTX doesn't exist when OPENSSL_NO_SRP is set
...
Closes #1047
2019-01-25 09:19:14 -08:00
e56e09b6a4
Add RsaRef::check_key
2019-01-18 21:03:04 -06:00
b24ee29fa6
Release v0.9.40
2018-12-16 09:02:07 -08:00
af4488357c
Explicitly support LibreSSL 2.9.0.
2018-12-03 17:33:53 +00:00
5c7fa43d87
Add bindings to RAND_keep_random_devices_open
...
Closes #1019
2018-11-22 09:32:50 -07:00
e0e0a96cb3
Add new SHA3 EVP message digest functions in OpenSSL 1.1.1
2018-11-21 15:31:50 -05:00
3aecfe5655
Release openssl-sys v0.9.39
2018-10-18 20:11:35 -07:00
9fd7584a84
Support LibreSSL 2.8.x
...
Closes #1009
2018-10-18 08:49:24 -07:00
c482f6d8dc
Release openssl-sys v0.9.38
2018-10-16 13:15:26 -07:00
dab71dbf0a
Bump dependency on openssl-src-rs
...
Brings in the first release with OpenSSL 1.1.1
2018-10-16 06:59:07 -07:00
d3bb880866
Release openssl-sys 0.9.37
2018-10-14 16:09:17 -07:00
2dd3736444
Refactor to match style and add documentation.
2018-10-02 17:25:18 -04:00
0245eee724
Merge pull request #1002 from vishwin/master
...
Support the rest of LibreSSL 2.8.x
2018-10-01 08:27:59 -07:00
b86f547dbf
Update the OCSP_cert_to_id() signature for LibreSSL 2.8.1
...
While here, restore CI for LibreSSL 2.8.0 alongside 2.8.1 to account for the function signature change.
2018-10-01 00:44:37 -04:00
18dfc9b6b2
Add support for encoding and decoding ECDSA signatures
2018-09-28 14:43:33 +02:00
72a60af503
Only whitelist LibreSSL 2.8.0 and 2.8.1
...
ABI is not declared stable for anything past 2.8.1 yet.
2018-09-27 01:48:44 -04:00
b6971883be
Support the rest of LibreSSL 2.8.x
...
LibreSSL 2.8.1 released, so update the check for all versions in the series, not just 2.8.0.
2018-09-27 01:19:39 -04:00
22231d7547
Support the client hello callback
2018-09-15 13:29:18 -07:00
8f94c13a3e
Release openssl-sys 0.9.36
2018-09-13 19:17:48 -07:00
9e1a6f284b
Fix missing symbol
2018-09-12 20:56:05 -07:00
8c6bc774db
Support libressl 2.8.0
...
Closes #988
2018-09-12 20:44:22 -07:00
93a4e96255
Refactor openssl-sys
...
The old layout tried to structure itself by version but it ended up with
a lot of duplication. Instead, follow the structure of the header files.
2018-09-12 19:21:18 -07:00
bc4e47a321
Fix lookup errors with SNI callback.
...
The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.
If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.
Closes #979
2018-08-31 20:23:55 -07:00
ef7721092d
SRTP cleanup
2018-08-19 18:50:11 -07:00
59c578cf04
Add methods for DTLS/SRTP key handshake
2018-08-14 16:04:33 +02:00
1396143c66
Add get_shutdown and set_shutdown
2018-08-08 13:19:55 -07:00
cb2f4c2287
X509_V_ERR_UNSPECIFIED was added in 1.0.2f
...
Closes #970
2018-08-04 10:23:35 -07:00
0c92bba84a
Release openssl-sys 0.9.35
2018-08-04 10:11:10 -07:00
71ee9439ca
Support builds of OpenSSL from vendored source (take 2)
...
This is a revival of #684 to see if I can help push it across the finish line!
Closes #580
2018-07-30 15:15:24 -07:00
9eeee0930c
Add bindings for custom error definition
2018-07-10 18:54:47 -07:00
1392b006e2
Merge pull request #937 from marcoh00/iterable-x509names
...
X509NameRef: Provide an iterator over all entries
2018-07-07 20:20:45 -07:00
76cad11b64
Link all needed system libraries on Windows, when building statically
2018-06-29 19:35:16 +01:00
4994e75d2c
Add Dsa::from_(private|public)_components
...
Add 2 methods to create a DSA key pair from its raw components.
2018-06-18 18:10:02 +02:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
115cb730b0
Switch to accessors in libressl where possible
...
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.
cc #909
2018-06-09 21:49:36 -07:00
9bf748befb
Link to gdi32 on windows
...
Closes #935
2018-06-09 09:35:01 -07:00
d82a49bee2
Release openssl-sys 0.9.33
2018-06-06 13:36:24 -07:00
f5e6d57c47
Provide an Asn1Object getter method for X509NameEntryRef
2018-06-03 15:38:46 +02:00
2afdc16fc9
Make X509NameRef provide an iterator over all X509NameEntries
2018-06-03 15:38:46 +02:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
b1eb1224f5
Merge remote-tracking branch 'origin/master'
2018-06-02 10:56:31 -04:00
24f4bdb533
Merge pull request #940 from CmdrMoozy/rsa_padding
...
Add an openssl-sys binding for RSA_padding_check_PKCS1_type_2.
2018-06-01 21:16:10 -07:00
52f581ffc9
Release openssl-sys v0.9.32
2018-06-01 20:57:09 -07:00
fb1b9b4140
Add an openssl-sys binding for RSA_padding_check_PKCS1_type_2.
...
This padding check implementation is useful for certain types of RSA
decryption, notably the type performed by Yubico's PIV library.
2018-05-30 18:48:42 -07:00
3456add537
Add SslRef::verified_chain
2018-05-29 21:53:22 -07:00
b8de619fbe
Get Nid string representations
2018-05-28 12:13:40 +02:00
772e1c003f
Add some digest support
2018-05-24 21:06:11 -07:00
c0876cc8c6
Add bindings to SSL_get_finished and SSL_get_peer_finished
...
These are used for the tls-unique SCRAM channel binding mode.
2018-05-24 20:00:28 -07:00
c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors
...
TLS1.3 early data support
2018-05-22 20:42:46 -07:00
2e478fdcf4
Expose early I/O
2018-05-22 20:25:28 -07:00
25df3c8b51
Release openssl-sys 0.9.31
2018-05-20 21:02:12 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
9df403043b
Expose X509_VERIFY_PARAM on libressl
2018-05-20 11:29:27 -07:00
862d784161
Clean up openssl-sys cfgs
2018-05-20 11:29:27 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
e037c0fcb8
Find path prefix to OpenSSL installed by Homebrew.
2018-05-19 03:13:07 +09:00
69c75a178b
Expose early keying material export
2018-05-17 13:16:41 -07:00
d5d414b16f
Expose max TLS1.3 early data accessors
2018-05-17 12:02:32 -07:00
47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback
2018-05-16 17:49:36 -04:00
1a909c8e5e
Some sys cleanup
2018-05-13 08:50:00 -07:00
53671518fd
Merge pull request #902 from ur0/CMS_sign
...
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
2018-05-13 15:53:49 +01:00
b1e5c8b1ed
Implement Clone for Rsa
...
Closes #917
2018-05-12 16:34:47 -07:00
e5d65306e7
Change SslContext callback handling
...
Use the existing infrastructure!
2018-05-12 13:19:01 +01:00
afaa2387c8
Gate away CMS_KEY_PARAM from OpenSSL 1.0.1
2018-05-10 21:41:59 +05:30
541458c1c1
Properly version-gate CMS constants
2018-05-10 21:20:32 +05:30
90898e99c9
Move CMS_* flags to the openssl-sys package
...
Also renames attributes in the bitflags struct.
2018-05-10 20:26:57 +05:30
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
bc0809a17d
Flag off constants added in 1.0.2h
...
Closes #868
2018-04-30 20:52:19 -07:00
25e3f66e3e
Release openssl-sys v0.9.30
2018-04-30 20:40:29 -07:00
47431f66bb
Expose SslSession <-> DER conversion
2018-04-29 01:54:16 -07:00
aa619c81c0
Some misc cleanup
2018-04-27 15:41:12 -07:00
03a4c6bd26
Reform version checking logic
...
Rather than having an infinitely growing set of things to look for, just
grab the literal version out. We also provide that to downstream crates,
and it should be used rather than the random assortment of other stuff
that's also passed down.
2018-04-26 22:45:09 -07:00
5bb89d7552
Add functions to X509Req to obtain public key and extensions
...
This allows for basic CSR signing.
2018-04-21 23:14:48 +02:00
5360f5ad04
Fix mutability issues with CMS_sign
2018-04-20 17:30:20 +05:30
8ce5dee00d
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
...
This adds the CMS_sign and i2d_CMS_ContentInfo bindings in the
openssl-sys crate and Rusty wrappers in the openssl crate.
2018-04-20 17:15:04 +05:30
bbaec65b73
Include information about development packages
...
Building the crate on a system without the development packages of openssl installed fails.
Issue #649 suggests to install those packages, which resolves the problem.
2018-04-12 08:42:29 +10:00
78d91428b5
Release openssl-sys 0.9.28
2018-04-05 11:09:36 -07:00
01855a4f64
Combine LibreSSL 2.7.x versions into one
2018-04-03 09:26:50 +00:00
03c6bcc159
Add LibreSSL 2.7.2
2018-04-02 13:48:26 +00:00
23ca9d2832
Add support for LibreSSL 2.7.1
...
While there, support also future LibreSSL 2.7 versions out of the
box. This fixes compiling this crate in OpenBSD -current.
2018-03-31 20:14:24 +00:00
e423da2d12
Merge pull request #858 from Ralith/stateless-api
...
Introduce SslStreamBuilder
2018-03-31 11:28:03 -07:00
5c317d5a35
Remove unneeded build keys
2018-03-30 11:32:57 +02:00
bbb1cb61f6
Update to OpenSSL 1.1.1-pre3
2018-03-28 18:14:44 -07:00
c82a87a18e
Add Asn1IntegerRef::to_bn
...
Also deprecate Asn1IntegerRef since it's just asking for trouble.
2018-03-28 20:48:28 +02:00
f0614f4acd
Support LibreSSL 2.7.0
...
Closes #883
Closes #805
2018-03-22 20:22:07 +00:00
063186b62e
Merge pull request #856 from Flakebi/master
...
Make it possible to use cmac
2018-03-19 13:22:51 -07:00
0860115156
Make it possible to use cmac
...
This adds Signer::new_without_digest to create Signers which don't have
a digest (like cmac, which is based on aes).
As openssl supports cmac since version 1.1.0, the functions are behind
the ossl110 feature.
This allows building CMAC/OMAC1 and the EAX AEAD on top of this library.
2018-03-19 21:02:46 +01:00
09b1fe9a0d
Expose additional cipher and digest accessors
2018-03-16 20:33:23 -07:00
9452c01672
Merge pull request #864 from mlen/aes-ccm-bindings
...
Implement AES-{128,256}-CCM bindings
2018-03-11 16:30:37 -07:00
d0329473bd
Merge branch 'master' into custom-extensions
2018-03-11 15:27:28 -07:00
1b830c3fb7
Merge pull request #863 from rohit-lshift/master
...
Exposed some of ECDSA functions
2018-03-11 15:08:16 -07:00
00359a1a55
Merge pull request #861 from bkchr/verify_certificate
...
Implements `X509_verify_cert`
2018-03-11 13:37:21 -07:00
dcbb45cc9d
Implement AES-{128,256}-CCM bindings
2018-03-08 17:24:55 +01:00
d4de2a408f
Use examples listed in OpenSSL docs for testing
2018-03-08 16:12:35 +00:00
55ffc9b2e4
Add support LibreSSL and remove OpenSSL binding which we aren't using
2018-03-08 11:54:19 +00:00
2d6cd9eb16
Exposed some of ECDSA functions
2018-03-08 09:44:05 +00:00
724dd6f830
Adds more functions to `Verifier`/`Signer` for RSA keys
2018-03-07 20:43:28 +01:00
84a5ce7607
Adds RSA PKCS1 PSS padding
2018-03-07 20:43:12 +01:00
9a8a1c752b
Adds `PKeyRef::get_id` to get the OID of a key
2018-03-07 18:42:13 +01:00
Mike Belopuhov