min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,521 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

716 Commits

Author SHA1 Message Date
Steven Fackler 9a3fa4d98d Fix build 2016-08-10 21:37:24 -07:00
Steven Fackler 59fe901357 Method renames 2016-08-10 21:28:17 -07:00
Steven Fackler c15642ccea Tweaks 2016-08-10 21:25:18 -07:00
Steven Fackler 5e6b8e68fd More API cleanup 2016-08-10 21:07:41 -07:00
Steven Fackler c4e7743c57 Asn1 and Bignum renames 2016-08-10 20:51:06 -07:00
Steven Fackler 35c79d1768 Fix build 2016-08-09 23:13:56 -07:00
Steven Fackler 00db0bc4b3 Test hmac features 2016-08-09 22:56:08 -07:00
Steven Fackler 67b5b4d814 Make hmac support optional and remove openssl-sys-extras 
rust-openssl no longer requires headers for the default feature set.
 2016-08-09 22:52:12 -07:00
Steven Fackler 966c5385ea Fix build 2016-08-09 22:26:18 -07:00
Steven Fackler 1ac54b06e9 Move X509_get_extensions to openssl helpers 2016-08-09 22:15:16 -07:00
Steven Fackler 0854632ff5 Make c_helpers optional 2016-08-09 22:02:49 -07:00
Steven Fackler 2f46c793e5 Remove rust_SSL_clone 2016-08-09 21:23:54 -07:00
Steven Fackler 15e8997052 Docs for Crypter::new 2016-08-08 23:31:25 -07:00
Steven Fackler b8712c5c51 Fix size check 
Decryption requires an extra byte of space
 2016-08-08 23:25:06 -07:00
Steven Fackler a8224d199b symm reform 2016-08-08 23:10:03 -07:00
Steven Fackler 522447378e Copy over getter macros 2016-08-08 20:37:48 -07:00
Steven Fackler bf07dd9a4e Remove symm_internal 2016-08-08 20:26:04 -07:00
Steven Fackler e4b97921a9 Clean up RSA and DSA accessors 2016-08-08 19:04:30 -07:00
Steven Fackler deb94a904b Fix build on 1.9 2016-08-07 22:58:20 -07:00
Steven Fackler 6b1016c86e Add PKey::from_rsa 2016-08-07 22:56:44 -07:00
Steven Fackler 6e5cd7ef47 Remove X509Generator::bitlenth 2016-08-07 22:46:14 -07:00
Steven Fackler a8f827d28c Fix example 2016-08-07 22:44:42 -07:00
Steven Fackler 1968956536 Restore disabled tests 2016-08-07 22:40:51 -07:00
Steven Fackler 2a3e9a2856 Add RSA::generate 2016-08-07 22:35:37 -07:00
Steven Fackler 25752280ae Move init to crate root 2016-08-07 22:09:19 -07:00
Steven Fackler 77ba043acf x509 cleanup 2016-08-07 21:53:05 -07:00
Steven Fackler 79602b6af4 get_error -> error 2016-08-07 21:34:58 -07:00
Steven Fackler a0a6c03d74 DH cleanup 2016-08-07 21:19:40 -07:00
Steven Fackler 4d3c6868e7 pkcs5 reform 2016-08-07 20:57:44 -07:00
Steven Fackler 7855f428aa PKey reform 
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
 2016-08-07 20:38:46 -07:00
Steven Fackler 7515272692 Fix RSA::verify 
It never returns -1 - all errors are indicated by 0
 2016-08-07 18:03:13 -07:00
Steven Fackler 6091c674c9 Fix bn tests on 32 bit 2016-08-07 17:52:13 -07:00
Steven Fackler b56908a392 Take a c_ulong directly in BN construction 
Closes #416
 2016-08-07 17:48:18 -07:00
Steven Fackler 7ca5ccf064 Hash reform 
Closes #430
 2016-08-07 16:29:36 -07:00
Steven Fackler 05089bacb3 Refactor BigNum 2016-08-07 14:33:18 -07:00
Steven Fackler 5af01a5dbd Clean up asn1time 2016-08-06 22:23:03 -07:00
Steven Fackler bc97d088b0 get_handle -> handle 2016-08-05 21:07:17 -07:00
Steven Fackler fe47e93f2f Fix pkey method safety 2016-08-05 21:04:40 -07:00
Steven Fackler b4145c6fa5 Clean up x509 2016-08-05 20:55:05 -07:00
Steven Fackler 4e911e7972 Make x509 constructors unsafe 2016-08-05 19:51:59 -07:00
Steven Fackler c47be8b14b Move SSL_CTX_set_ecdh_auto to -sys 2016-08-04 22:52:40 -07:00
Steven Fackler ee67ea8ea0 Mvoe SSL_CTX_add_extra_chain_cert to -sys 2016-08-04 22:46:47 -07:00
Steven Fackler 378b86326c Move SSL_CTX_set_tmp_dh to -sys 2016-08-04 22:43:24 -07:00
Steven Fackler 7fb7f4671d Move SSL_CTX_set_read_ahead to -sys 2016-08-04 22:40:01 -07:00
Steven Fackler 77dbab2cad Move SSL_CTX_set_tlsext_servername_callback to -sys 2016-08-04 22:37:39 -07:00
Steven Fackler c2a7c5b7f0 Move SSL_set_tlsext_host_name to -sys 2016-08-04 22:28:33 -07:00
Steven Fackler b29ea62491 Move BIO macros into -sys 2016-08-04 22:22:55 -07:00
Steven Fackler dd16f64f89 Stop once-ing init wrapper 
The underlying function already once-s itself
 2016-08-04 22:15:50 -07:00
Steven Fackler 17474520bc Support basic SSL options without C shims 2016-08-04 22:14:18 -07:00
Steven Fackler abacc8bb18 Define SSL_CTX_set_mode in openssl-sys 2016-08-02 22:14:44 -07:00
Steven Fackler c5b2ede282 Merge remote-tracking branch 'origin/breaks' 2016-08-02 20:52:07 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Tomasz Miąsko 635bdb45a8 BigNum binary operators with different lifetimes. 2016-08-01 22:23:26 +02:00
Steven Fackler 92abf49b96 Drop unused feature gate 2016-07-31 16:23:48 -07:00
Steven Fackler 2574bff52d Merge pull request #432 from alexcrichton/mid-handshake 
Add MidHandshakeSslStream
 2016-07-31 16:20:10 -07:00
Steven Fackler f1b64aa2ee Fix weird inference issue on 1.9 2016-07-31 16:04:03 -07:00
Alex Crichton 3539be3366 Add MidHandshakeSslStream 
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
 2016-07-31 16:01:06 -07:00
Steven Fackler 6f40b65d2c Build against 1.9 2016-07-31 15:55:32 -07:00
Steven Fackler e86eb68624 Fix catch_unwind feature and drop feature gate 2016-07-31 15:51:22 -07:00
Steven Fackler 5cb04db787 Fix build with dtls 2016-07-31 15:35:45 -07:00
Steven Fackler f0ffa246b8 Merge remote-tracking branch 'origin/master' into breaks 2016-07-31 15:15:47 -07:00
Steven Fackler 18c1ded8c7 Revert "Add a new trait based Nid setup" 
This reverts commit 49db4c84df.

Unclear that this is a good idea
 2016-07-31 14:41:11 -07:00
Steven Fackler df30e9e700 Merge pull request #402 from bbatha/feat/dsa-ffi 
DSA bindings
 2016-07-29 22:35:50 -07:00
Ben Batha 67d3067dbf improve error handling in rsa 2016-07-29 20:01:54 -04:00
Ben Batha a3a602be51 add low level dsa primitives 2016-07-29 19:04:37 -04:00
Steven Fackler 4eaada2c4b Merge pull request #427 from onur/save_der 
Implement save_der for X509 and X509Req
 2016-07-29 09:05:51 -07:00
Onur Aslan 7c082904fc Implement get_handle for X509Req 2016-07-29 16:30:24 +03:00
Ben Batha 39be51943d add RUST_BACKTRACE=1 to make debugging ci failures easier 2016-07-29 09:23:29 -04:00
Onur Aslan 5ed77df197 Implement save_der for X509 and X509Req 2016-07-29 12:14:49 +03:00
Shaun Taheri 722a2bd673 Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag 2016-07-24 20:55:15 +02:00
Steven Fackler 85f5b8629c Merge pull request #410 from jonas-schievink/passwd-callbacks 
Password callbacks
 2016-07-03 13:42:57 -04:00
Steven Fackler 5135fca87f Release v0.7.14 2016-07-01 18:43:39 -04:00
Steven Fackler 121169c1f5 Set auto retry 
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
 2016-07-01 18:31:47 -04:00
Jonas Schievink f24ab26936 FnMut -> FnOnce, update docs 2016-06-26 19:44:53 +02:00
Jonas Schievink 351bc569a4 Put the test behind the catch_unwind feature 
And fix an unused variable warning
 2016-06-26 18:25:54 +02:00
Jonas Schievink d176ea1c6e Add an RSA key decryption test 2016-06-26 18:25:54 +02:00
Jonas Schievink 41b78547ad Put password callbacks behind a cargo feature 2016-06-26 18:25:54 +02:00
Jonas Schievink c1b7cd2420 Make the callback take a `&mut [c_char]` 2016-06-26 18:25:54 +02:00
Jonas Schievink c399c2475d Add RSA::private_key_from_pem_cb 2016-06-26 18:25:54 +02:00
Jonas Schievink 8119f06ca5 Move into utility module 2016-06-26 18:25:54 +02:00
Jonas Schievink f0b4a032d5 Try to propagate callback panics 2016-06-26 18:25:54 +02:00
Jonas Schievink 311af7c3be Add PKey::private_key_from_pem_cb 2016-06-26 18:25:54 +02:00
Jonas Schievink f134b94729 Document BigNum 2016-06-13 16:56:48 +02:00
Corey Farwell f4f6412fcb Fix a few mutable types for `self` parameters. 2016-06-02 10:25:33 -04:00
Steven Fackler f6b612df5f Release v0.7.13 2016-05-20 15:57:57 -07:00
Steven Fackler 95051b060d Release v0.7.12 2016-05-16 23:04:03 -07:00
Steven Fackler 1b0757409d Rustfmt 2016-05-16 23:03:13 -07:00
Steven Fackler 2077449bc8 Clean up RSA signature API 2016-05-16 23:03:13 -07:00
Steven Fackler d3230874ae Merge pull request #393 from nox/bitflags 
Allow bitflags 0.7
 2016-05-15 22:11:47 -07:00
Steven Fackler 62c29b54c1 Update cert 
Now with a 10 year expriation
 2016-05-15 22:11:10 -07:00
Anthony Ramine 2c2c272e6a Allow bitflags 0.7 2016-05-15 12:27:49 +02:00
Steven Fackler dce59a63c5 Merge pull request #389 from cmsd2/master 
expose rsa from raw private key and rsa sign and verify
 2016-05-06 15:12:19 -07:00
Chris Dawes f82a1c4f75 add rsa signature tests 2016-05-05 23:41:55 +01:00
Steven Fackler 78122a9d68 Release v0.7.11 2016-05-05 13:32:27 -07:00
Chris Dawes a5ede6a851 add missing NIDs and use Nid as input to signing 2016-05-04 09:00:05 +01:00
Steven Fackler 49db4c84df Add a new trait based Nid setup 2016-05-03 21:15:39 -07:00
Steven Fackler 356d4a0420 Remove AsRaw{Fd, Socket} impls 
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
 2016-05-03 20:24:07 -07:00
Steven Fackler f1846bce78 Remove silly internal error enum 2016-05-03 20:24:07 -07:00
Steven Fackler 00f517d2cd Drop MaybeSslStream 
It should be inlined into crates that depend on it.
 2016-05-03 20:24:07 -07:00
Steven Fackler 085b2e6f03 Drop is_dtls methods on SslMethod 2016-05-03 20:24:07 -07:00
Steven Fackler f09ca6fee2 Clean up SNI APIs 2016-05-03 20:24:07 -07:00
Steven Fackler 61f65cd8d6 Move SslContext::set_verify to a closure based API 2016-05-03 20:24:07 -07:00
Steven Fackler 696b1961ce Rename getters in line with conventions 2016-05-03 20:24:07 -07:00
Steven Fackler a0549c1606 Adjust set_ssl_context API 2016-05-03 20:24:07 -07:00
Steven Fackler fa62232649 Error reform 2016-05-03 20:24:07 -07:00
Steven Fackler 58654bc491 Remove deprecated methods 2016-05-03 20:24:07 -07:00
Steven Fackler de47d158c2 Remove NonblockingSslStream 2016-05-03 20:24:07 -07:00
Chris Dawes 6f410a25b2 take enum instead of ints from openssl header file 2016-05-03 22:17:07 +01:00
Chris Dawes 6bbb21779b add constructor for private keys from bignums 2016-05-03 19:46:08 +01:00
Steven Fackler b7de627eec Update openssl version in CI 2016-05-03 08:47:28 -07:00
Steven Fackler 9b1eb6d94d Add a version of Ssl::set_verify that doesn't set a callback 2016-05-01 20:45:49 -07:00
Steven Fackler c7e68637bb Merge pull request #388 from frewsxcv/lifetimes 
Remove unnecessary explicit lifetimes.
 2016-05-01 19:20:25 -07:00
Corey Farwell 487232b52d Remove unnecessary explicit lifetime. 2016-05-01 21:28:51 -04:00
Steven Fackler 59c13aea84 Still check UTF validity in dnsname 2016-05-01 18:14:33 -07:00
Steven Fackler 2cfb25136f Document SAN APIs and tweak accessor names 2016-05-01 09:09:51 -07:00
Steven Fackler 87782b22cf Implement IntoIterator for &GeneralNames 2016-04-30 21:32:29 -07:00
Corey Farwell bf7076b785 Implement `iter` method on `GeneralNames`. 2016-05-01 00:02:10 -04:00
Steven Fackler 7b73003b67 Add X509StoreContext::error_depth 2016-04-30 09:27:50 -07:00
Steven Fackler 62a7dd10e5 Add Ssl::set_verify 
It also uses a better, closure based API than the existing callback
    methods.
 2016-04-30 08:09:12 -07:00
Steven Fackler 50024ce33b Ignore default verify paths test on windows 2016-04-29 21:40:16 -07:00
Steven Fackler 8a5d3ea015 Merge pull request #385 from mbrubeck/bitflags-0.6 
Upgrade to work with bitflags 0.5 and 0.6
 2016-04-29 21:18:03 -07:00
Steven Fackler a7bade104c Merge pull request #381 from chaaz/master 
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
 2016-04-29 21:17:17 -07:00
Steven Fackler 32722e1850 Add accessors for x509 subject alt names 2016-04-29 21:15:32 -07:00
Matt Brubeck ee12087743 Upgrade to work with bitflags 0.5 and 0.6 2016-04-29 13:19:39 -07:00
Steven Fackler caf9272c85 Start on GeneralName 2016-04-28 22:16:29 -07:00
Charlie Ozinga 5682c04469 Remove des_cfb and des_ofb, since they appear on limit platforms 2016-04-19 17:28:19 -06:00
Steven Fackler 54fc1df712 Release v0.7.10 2016-04-16 20:57:12 -07:00
Steven Fackler c60e831cc4 Add docs for set_default_verify_paths 2016-04-16 20:49:46 -07:00
Steven Fackler c2e72f6641 Add SslContext::set_default_verify_paths 2016-04-16 20:47:32 -07:00
Charlie Ozinga 2062d48dd2 Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb) 
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
 2016-04-14 03:44:43 -06:00
Steven Fackler b94ea8598c Update for nightly changes 2016-04-13 19:30:08 -07:00
Steven Fackler c48dcde568 Update lazy_static 2016-04-13 19:28:04 -07:00
Steven Fackler 9511a9bc19 Merge pull request #380 from Yoric/master 
Resolves #378 - Module version with the version information
 2016-04-13 14:45:49 -07:00
David Rajchenbach-Teller 0c48f9a0e0 Resolves #378 - Module version with the version information 2016-04-13 23:29:25 +02:00
Rico Huijbers 00282de2a5 Add ability to set session ID context on an SSL context 
This is necessary to make authentication with client certificates work
without session restarts.
 2016-04-13 21:38:23 +02:00
Kevin King fa5537de81 copy PKey using DER encode and decode 
test that fields of cloned private and public keys can be accessed
 2016-04-10 00:16:31 -04:00
Steven Fackler d143203f88 Release v0.7.9 2016-04-06 21:34:20 -07:00
Kevin King 4016edd4de add EVP_PKEY_copy_parameters to FFI 
copy EVP_PKEY params in PKey::clone

test that PKey::clone creates a copy
 2016-04-06 19:39:50 -04:00
Joe Wilm c4b7b85d99 Add safe wrapper BioMethod for ffi::BIO_METHOD 
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
 2016-04-04 16:08:38 -07:00
Steven Fackler 02f114faae Cleanup 2016-03-27 13:37:00 -07:00
Steven Fackler c4187638a8 Update for nightly changes 2016-03-27 13:29:24 -07:00
Leon Anavi 6d4bfaa490 Cast correctly c_char raw pointers (fixes build on ARM #363) 
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 2016-03-22 00:16:56 +02:00
Steven Fackler e0412850ec Release v0.7.8 2016-03-18 08:54:12 -07:00
Ms2ger 6d043b3700 Allow Rust to infer the type of the argument to SSL_CIPHER_description. 
This allows the code to compile on Android, where an unsigned char is
expected.
 2016-03-18 15:44:47 +01:00
Steven Fackler ade90bf004 Clean up BIO name 2016-03-17 22:27:16 -07:00
Steven Fackler a9a18cf337 Simplify panic safety logic for new nightly 2016-03-17 22:23:51 -07:00
Steven Fackler a569df29f4 Release v0.7.7 2016-03-17 09:04:23 -07:00
Alex Crichton 3467cf343f Fix nightly warnings about zero-sized fn pointers 2016-03-11 12:57:56 -08:00
Steven Fackler 23fd427900 Merge pull request #353 from bluejekyll/master 
adding functionality to directly get and set RSA public key material
 2016-03-05 13:57:53 -08:00
Benjamin Fry 3e5b65b7fa making from_raw() unsafe 2016-03-05 13:43:14 -08:00
Steven Fackler 2fe3e48487 Stop testing sslv2 feature on Travis 
OpenSSL removed support for this entirely in the most recent release.
 2016-03-01 11:05:41 -08:00
Steven Fackler 90ce50730b Update source URL for new OpenSSL release 2016-03-01 10:02:34 -08:00
Steven Fackler 1f5800fe2c Merge pull request #356 from erikjohnston/conninfo 
Add support for SSL_CIPHER
 2016-03-01 09:20:36 -08:00
Erik Johnston 80ac6e54ac Make SSLCipher.bits() return a struct. 2016-02-29 21:23:34 +00:00
Erik Johnston 04cbf049c0 Add SSL_get_version 2016-02-29 20:14:48 +00:00
Benjamin Fry 3fb2c48c98 added public key material to the constructor 2016-02-28 22:05:19 -08:00
Kalita Alexey b37bbba78f Bump bitflags to 0.4 2016-02-28 08:28:25 +04:00
Benjamin Fry 6ebe581308 review fixes, keep raw RSA initiallization private 2016-02-23 20:49:21 -08:00
Benjamin Fry ef95223d26 adding functionality to directly get and set RSA key material 2016-02-17 23:18:42 -08:00
Erik Johnston 1e9667ea89 Add support for SSL_CIPHER 2016-02-17 22:38:32 +00:00
Steven Fackler 3df4c479c9 Release v0.7.6 2016-02-10 09:36:00 -08:00
Steven Fackler 643a4a58c9 More deprecated function cleanup 2016-02-08 23:20:19 -08:00
Steven Fackler e3e4aa4472 Stop using deprecated method 2016-02-08 23:12:54 -08:00
Joe Wilm fe0f8ea1d8 Rename Nid uid/UID to prevent breakage 2016-02-02 14:32:57 -08:00
Joe Wilm 4940ca7e92 Fix Nid::UID value 
Nid::UID (userId) previously held the value of Nid::uid
(uniqueIdentifier).
 2016-02-02 09:25:52 -08:00
Steven Fackler 627f394d59 Revert "Revert "impl Clone for PKey and X509 by using their 'references' member"" 2016-01-31 20:38:36 +00:00
Steven Fackler 4e58fd10de Fix PKey RSA constructors 
`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.

Also make RSA a pointer and actually free it.
 2016-01-30 13:12:06 -08:00
Steven Fackler 8ab4b54541 Revert "impl Clone for PKey and X509 by using their 'references' member" 2016-01-28 23:37:27 -08:00
Steven Fackler 274715fad0 Merge pull request #343 from jimmycuadra/ordered-extensions 
Preserve X.509 extension insertion order
 2016-01-28 22:37:48 -08:00
Steven Fackler 87f94c832f Bump openssl version to test with 2016-01-28 22:21:10 -08:00
Jimmy Cuadra 5e0830286e Preserve X.509 extension insertion order. 
Ensures that extensions that are order-dependent are inserted in the
same order when calling out to OpenSSL during certificate signing.

Fixes #327.
 2016-01-28 20:02:44 -08:00
Steven Fackler 7610804c9d Remove unwraps from rsa accessors 2016-01-22 19:10:22 -08:00
Steven Fackler 18e7e2455c Merge pull request #330 from esclear/master 
Add a interface to RSA structs
 2016-01-22 19:07:38 -08:00
Steven Fackler d25858cb57 Exclude test directory from package 2016-01-22 16:34:31 -08:00
Steven Fackler 2ece5b1039 Release v0.7.5 2016-01-22 15:57:21 -08:00
Steven Fackler b7d3357f37 Fix connect and accept error reporting 
We were previously trying to create an error twice so the second
wouldn't be correct.
 2016-01-22 15:34:31 -08:00
Daniel Albert 3ee2bf9310 Fix up RSA integration 2016-01-20 20:29:06 +00:00
Daniel Albert 74db7db560 Merge branch 'master' of https://github.com/sfackler/rust-openssl 2016-01-20 19:59:41 +00:00
Steven Fackler 95a83c477c Merge pull request #334 from jmesmon/ssl-context 
ssl: fix refcounting of SslContext when set_ssl_context is used
 2016-01-19 20:04:44 -08:00
Cody P Schafer 36a667be49 x509: impl Clone using references & CRYPTO_add() 2016-01-19 22:04:51 -05:00
Cody P Schafer 3c51f159a7 crypto/pkey: impl Clone for PKey using openssl's ref counting 2016-01-19 22:04:51 -05:00
Cody P Schafer d1825c7a86 openssl/ssl/context: test that we are refcounting correctly 
Not a perfect test, on failure it _might_ exit with this output:

Process didn't exit successfully:
`/home/cody/g/rust-openssl/openssl/target/debug/openssl-8e712036e3aac4fe`
(signal: 11)

But unclear if we can do any better.
 2016-01-18 16:40:14 -05:00
Cody P Schafer dacde211c3 ssl: fix refcounting of SslContext when set_ssl_context is used 
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.

Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.

Fixes #333
 2016-01-18 15:37:13 -05:00
Daniel Albert 1f45723b39 Fix incorrect unsafe declaration 2016-01-12 20:57:01 +00:00
Daniel Albert 7e8df9febd Adhere to rust conventions 2016-01-12 18:15:07 +00:00
Steven Fackler 86e2f81f43 Fix should_panic check 2016-01-11 23:45:12 -08:00
Steven Fackler 1865dd7374 Test nightly on travis 2016-01-11 22:38:06 -08:00
Steven Fackler fd6454f625 Add stream panic propagation behind a nightly feature gate 2016-01-11 22:36:58 -08:00
Daniel Albert 1238405637 Make the BigNum generation from a native pointer unsafe 2016-01-09 22:09:38 +00:00
Steven Fackler b32a50797c Merge pull request #328 from Cyberunner23/PemRSA 
Add support for RSA PEM files.
 2016-01-09 13:08:00 -08:00
Cyberunner23 c0b9a4c8ec Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem() 2016-01-09 14:36:01 -05:00
Will Tange 89e88727ff Mark PKey as `Send` and `Sync` 
Provided that the locking function is set, the underlying `ffi::EVP_KEY`
type should be safe to use across threads.
 2016-01-07 06:33:25 +01:00
Cyberunner23 1d3277fbee Added private_rsa_key_from_pem and public_rsa_key_from_pem. 2016-01-05 13:22:56 -05:00
Daniel Albert 578fac7e80 Add public interface to access BigNums from RSA keys 2016-01-01 19:46:03 +00:00
Daniel Albert 5e5d24ee25 Implement the possibility to create BigNums from their ffi counterpart 2016-01-01 19:36:29 +00:00
Daniel Albert 5813ca371d Add RSA structs 2016-01-01 19:33:49 +00:00
Steven Fackler 926c8167be Release v0.7.4 2015-12-18 22:41:46 -08:00
Steven Fackler 11129aa521 Rustfmt 2015-12-18 22:34:30 -08:00
Steven Fackler a31acdbb93 Fix deprecation location 2015-12-18 22:21:23 -08:00
Steven Fackler e85b49d375 Work around the worst of clone bogusness 
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.

cc #325
 2015-12-18 21:20:47 -08:00
Steven Fackler 5fa46d428d Release v0.7.3 2015-12-17 21:25:48 -08:00
Steven Fackler e077ed0b4d Disable cross compilation for now 2015-12-17 21:13:44 -08:00
Steven Fackler 053c924d5a Fix nonblocking behavior 
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite

Closes #323
 2015-12-17 16:54:11 -08:00
Steven Fackler ccab187f5a Travis fixes 2015-12-16 23:51:19 -08:00
Steven Fackler 2cf65fc68d Stop using manifest-path for now 
Some ssl tests depend on the working directory being openssl
 2015-12-16 23:39:29 -08:00
Steven Fackler e7744874f4 Try cross compiling 2015-12-16 23:25:19 -08:00
Steven Fackler 2531ac9a45 Test overhaul + add an arm cross compile build 
The ARM build doesn't do anything yet
 2015-12-16 22:52:30 -08:00
Ondrej Perutka 02d2230a76 Fix regression of c_char type mismatches on ARM 2015-12-16 11:11:14 +01:00
Steven Fackler 157e6aa961 Rustfmt 2015-12-15 21:51:20 -08:00
Steven Fackler edfb318e0b Fix bounds on ssl_read and ssl_write 2015-12-15 20:06:07 -08:00
Steven Fackler 13f7cfd9d8 Release v0.7.2 2015-12-15 19:41:57 -08:00
Steven Fackler 6d559bf1da Cleanup SNI stuff 2015-12-15 19:39:24 -08:00
Steven Fackler 3a0e64dca5 Cleanup 2015-12-15 19:33:36 -08:00
Steven Fackler 167008d247 Merge pull request #320 from uasi/add-variations-of-pbkdf2 
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
 2015-12-15 19:30:57 -08:00
Steven Fackler 514c5ec415 Merge pull request #309 from Geal/master 
Add support for Server Name indication (SNI) on the server's side
 2015-12-15 19:22:39 -08:00
Steven Fackler f2fae1f83f Document unused variant 
No reason to hide it
 2015-12-14 23:44:28 -08:00
Steven Fackler b8c8b770e3 Yet more AsRawSocket fixes 2015-12-12 18:01:21 -08:00
Steven Fackler ddedda1d03 More AsRawSocket fixes 2015-12-12 16:47:03 -08:00
Steven Fackler 63a45ac622 Fix AsRawSocket impls 2015-12-12 16:33:58 -08:00
Steven Fackler d6ce9afdf3 Have NonblockingSslStream delegate to SslStream 2015-12-12 15:46:17 -08:00
Steven Fackler 1df131ff81 Build out a new error type 2015-12-12 15:01:16 -08:00
Steven Fackler aa37dba0bc Make error handling more reliable 2015-12-10 21:58:22 -08:00
Tomoki Aonuma b6647cc610 Put pbkdf2_hmac_{256,512}() behind feature gate 
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
 2015-12-10 23:00:49 +09:00
Tomoki Aonuma e9b8627af2 Add PBKDF2-HMAC-SHA256 and -SHA512 functions 2015-12-10 20:29:52 +09:00
Steven Fackler 91f8c542f7 Replace SslStream implementation! 2015-12-09 23:30:29 -08:00
Steven Fackler 8f56897043 Implement read and write 2015-12-09 22:02:02 -08:00
Steven Fackler 9ee6f1c578 IT LIVES 2015-12-09 21:43:02 -08:00
Steven Fackler 4d883d488e Custom BIO infrastructure 2015-12-08 23:02:38 -08:00
Steven Fackler 8cc69267fd Bump openssl version for travis 2015-12-07 19:03:29 -08:00
Geoffroy Couprie 6850c810d3 Increment SSL_CTX's reference count in Ssl::get_ssl_context() 
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
 2015-12-03 12:26:55 +01:00
Ondrej Perutka f54af75eb7 Cast correctly c_char raw pointers (fixes build on ARM #314) 2015-11-30 21:06:54 +01:00
Steven Fackler fce7cf4d36 Release v0.7.1 2015-11-28 16:14:58 -08:00
Geoffroy Couprie 7835ea1c90 Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers 2015-11-25 08:10:36 +01:00
Geoffroy Couprie e486944320 fix memory management 2015-11-25 07:51:22 +01:00
Geoffroy Couprie 667e3f44b9 Avoid freeing the SSL object when Ssl is dropped 2015-11-24 17:15:52 +01:00
Geoffroy Couprie dba3a0ced2 implement get/set ssl context 2015-11-24 17:11:00 +01:00
Geoffroy Couprie cb4263f91e test SNI support 2015-11-24 17:11:00 +01:00
Steven Fackler 6bb3d8f1b5 Implement try_clone for MaybeSslStream 
Closes #308
 2015-11-20 21:33:36 -08:00
Alex Gaynor 38b3b4a11e Fixed a typo in a comment. 2015-11-19 19:52:26 -05:00
Overmind JIANG 3c6c4a7b3d Fix a leak when using `EVP_PKEY_get1_RSA`. 
`EVP_PKEY_get1_RSA` returns a RSA structure with its reference count
increased by 1 and therefore we need to call `RSA_free` after finishing
using that value.
 2015-11-18 11:36:34 +08:00
Steven Fackler 82547f53d7 Release v0.7.0 2015-11-16 21:10:50 -08:00
Steven Fackler 1bc96a5b3d Remove deprecated X509 methods 2015-11-16 20:56:02 -08:00
Steven Fackler f36f610d07 Move HMAC_CTX_copy to sys-extras 2015-11-16 20:16:01 -08:00
Steven Fackler a8a10e64ad Split stuff requiring a shim out to a separate crate 2015-11-16 20:16:01 -08:00
Steven Fackler 8139fadbff Bump ws2_32-sys version 2015-11-16 20:16:01 -08:00
Steven Fackler 309b6d9f46 Switch to libc 0.2 2015-11-16 20:16:01 -08:00
Steven Fackler 03e4908c13 Move SSL methods to Ssl object, add getter 2015-11-16 20:16:01 -08:00
Steven Fackler fae44250f6 Fix feature gated sslv3 2015-11-16 20:16:01 -08:00
Steven Fackler be2cbabdb7 Revert "Revert "Merge pull request #280 from ltratt/libressl_build"" 
This reverts commit ae3d0e36d7.
 2015-11-16 20:16:01 -08:00
Steven Fackler b0cb0f7c40 Revert "Use AsRef for backwards compatibility with passing IV as Vec" 
This reverts commit d2d20a8377.
 2015-11-16 20:16:01 -08:00
Steven Fackler 65e1d08dd3 Merge pull request #300 from thommay/pkey_private_encrypt 
Provide public_decrypt, private_encrypt for PKEY
 2015-11-16 23:16:04 -05:00
Steven Fackler 776852ff2b Travis without sudo 2015-11-08 23:16:42 -08:00
Thom May 11e3b1b563 Provide public_decrypt, private_encrypt for PKEY 2015-10-28 18:15:55 +00:00
Steven Fackler 1e7ff1d8a8 Better debug impls 2015-10-26 21:43:52 -07:00
Alex Crichton c895b9f09f Get nonblocking tests working on OSX/Windows 2015-10-22 08:45:29 -07:00
Jamie Turner c37767df8f Nonblocking streams support. 2015-10-20 23:14:26 -07:00
Steven Fackler f318a2c84c Release v0.6.7 2015-10-14 22:25:35 -04:00
Steven Fackler ae3d0e36d7 Revert "Merge pull request #280 from ltratt/libressl_build" 
This reverts commit aad933e507, reversing
changes made to 60ee731408.
 2015-10-14 21:51:32 -04:00
Steven Fackler 8f5b67fed4 Merge pull request #286 from jedisct1/use_certificate_chain 
Add set_certificate_chain_file()
 2015-10-13 09:26:18 -04:00
Steven Fackler 81bc1edb61 Merge pull request #284 from bheart/cfb-mode 
AES CFB-mode feature
 2015-10-12 21:18:27 -04:00
Frank Denis a28253ee7d Add set_certificate_chain_file() 
SSL_CTX_use_certificate_chain_file() is preferred over
SSL_CTX_use_certificate_file().

It allows the use of complete certificate chains instead of loading
only the first certificate in a PEM file.
 2015-10-12 20:54:00 +02:00
Will Tange acbcb49414 AES CFB{1,8,128} mode support 2015-10-11 20:09:36 +02:00
Steven Fackler aad933e507 Merge pull request #280 from ltratt/libressl_build 
Fix build on LibreSSL.
 2015-10-10 21:56:20 -04:00
Steven Fackler 60ee731408 Merge pull request #277 from nixpulvis/read_public_pem 
Add public key PEM read function.
 2015-10-10 21:55:37 -04:00
Steven Fackler 677ed6ad1b Release v0.6.6 2015-10-05 22:34:32 +01:00
Laurence Tratt d7342a09a7 Fix build on LibreSSL. 
LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time
feature.

It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL
header says it is amongst "Obsolete flags kept for compatibility. No sane code
should use them."
 2015-10-03 17:25:38 +00:59
John Downey df93e5e90b Update documentation about SSLv23 
In OpenSSL world, the SSLv23 option is a poorly name method that will
negotiate what version of TLS or SSL to use. It starts with the best
version the library supports and then precedes to keep trying all the
way down to SSL 2.0.
 2015-10-02 16:22:11 -05:00
Nathan Lilienthal ffa9d330fd Add public key PEM read function. 2015-10-01 20:33:12 -04:00
Frank Denis ccc6d07da3 Add an ecdh_auto description 2015-09-25 15:23:52 +02:00
Frank Denis 28320a65a7 Add SSL::set_ecdh_auto() 
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
 2015-09-25 13:15:37 +02:00
Alex Crichton a91b6bf3bd Enable testing on Windows via AppVeyor 
This abolishes the test.sh script which spawns a bunch of `openssl` instances to
instead run/manage the binary in-process (providing more isolation to boot). The
tests have been updated accordingly and the `connected_socket` dependency was
also dropped in favor of `net2` as it the former doesn't work on Windows.
 2015-09-22 17:37:21 -07:00
Steven Fackler b1b76f7913 Merge pull request #266 from jmesmon/alpn 
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
 2015-09-16 11:51:45 -07:00
Cody P Schafer 4c28eb706e ssl/alpn: test mismatch between protocols resulting in None 2015-09-16 13:35:12 -04:00
Steven Fackler 1c3f04138f Merge pull request #261 from jedisct1/try_ssl_null 
Use try_ssl_null!() when relevant
 2015-09-16 01:13:24 -04:00
Frank Denis 6a2b4402e9 Use try_ssl_null!() when relevant 2015-09-13 12:45:05 +02:00
Frank Denis 6666a1818a Add DH::from_pem() to load DH parameters from a file 2015-09-13 12:44:50 +02:00
Steven Fackler f4bf55faa3 Merge pull request #270 from mvdnes/crypto_segv 
Check if public/private RSA key is properly loaded
 2015-09-11 11:31:15 -04:00
Mathijs van de Nes 87d5c0e429 Fix one call to RSA_size found by tests 2015-09-11 09:24:24 +02:00
Mathijs van de Nes 3be32528e5 Add tests to ensure a panic occurs instead of segv 2015-09-11 09:23:51 +02:00
Mathijs van de Nes 0eb2f0ecfa Check rsa.is_null() before passing it to RSA_size 
RSA_size will cause an segmentation fault if it is null
 2015-09-10 13:04:25 +02:00
Mathijs van de Nes 02b109bf04 Check _fromstr function for success 2015-09-10 12:58:40 +02:00
Alex Gaynor 4781a3304a Make the docs say that load_pub/save_pub methods take DER bytes 2015-09-09 19:58:45 -04:00
Cody P Schafer 50c5042c70 ssl/npn+alpn: adjust protocol selection to fail if no protocols match 
The current behavior causes a server written using rust-openssl to (if
it cannot negotiate a protocol) fallback to the first protocol it has
avaliable.

This makes it impossible to detect protocol mismatches.

This updates our selection to be more similar to how openssl's
s_server behaves: non-matching protocols are not supplied with a
fallback.

Note that some setups may actually want a fallback protocol supplied
via ALPN. To support those cases, we should consider adding a generic
callback that allows protocol selection to be entirely controlled by
the programmer.

For the purposes of having a sane default, however, not supplying a
default (and mimicing s_server's behavior) is the best choice.
 2015-09-01 17:14:04 -04:00
Cody P Schafer 164f3f0873 openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPN 2015-09-01 17:13:39 -04:00
Steven Fackler e28b73e1f6 Merge pull request #259 from jedisct1/dh 
Add support for DHE for forward secrecy
 2015-09-01 00:10:03 -04:00
Steven Fackler 7b0b70bd13 Release v0.6.5 2015-08-31 19:10:27 -07:00
Frank Denis 9add4e1001 Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy. 
rust-openssl didn't support forward secrecy at all.

This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.

With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::dh::DH;
    let dh = DH::get_2048_256().unwrap();
    ctx.set_tmp_dh(dh).unwrap();

With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::bn::BigNum;
    use openssl::dh::DH;
    let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
    let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
    let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
    let dh = DH::from_params(p, g, q).unwrap();
    ctx.set_tmp_dh(dh).unwrap();
 2015-08-31 23:12:57 +02:00
Steven Fackler dc8cba4822 Merge pull request #251 from ebarnard/evp_bytestokey 
Expose EVP_BytesToKey
 2015-08-23 13:37:55 -04:00
Edward Barnard 8067565707 Expose EVP_BytesToKey 
This is based on work by pyrho.
Closes #88
 2015-08-23 17:08:18 +07:00
Steven Fackler 4cb68efd99 Merge pull request #253 from manuels/master 
Add get_state_string()
 2015-08-19 02:31:15 -04:00
Manuel Schölling 3fe3d57976 Add get_state_string() 2015-08-17 19:01:43 +02:00
Steven Fackler fa5c4cb5df Fix openssl source link in tests 2015-08-15 14:37:03 -07:00
Steven Fackler 769b8312d8 Merge pull request #240 from jethrogb/topic/x509_req_extension 
Implement certificate extensions for certificate requests
 2015-08-15 16:04:42 -04:00
Steven Fackler df32e53afa Grab errno for directstream want errors 2015-08-10 22:29:34 -04:00
Steven Fackler 69cbd14540 Handle WantWrite and WantRead errors 2015-08-08 12:25:16 -07:00
Steven Fackler a10604e15d Merge pull request #243 from manuels/master 
Fix probelms with DTLS when no packets are pending.
 2015-08-02 22:27:19 -04:00
Steven Fackler 02dc3eda2f Merge pull request #242 from awelkie/master 
Added AES CTR-mode under feature flag.
 2015-08-02 22:25:09 -04:00
panicbit c7eded31a7 Expose ssl::init 2015-07-26 18:28:25 +02:00
Andrew Dunham ab7bfad225 Add function to write RSA public key as PEM 2015-07-23 22:30:07 -07:00
Steven Fackler 3fc8482d36 Make curl follow redirects 2015-07-23 21:51:06 -07:00