min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,475 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

1267 Commits

Author SHA1 Message Date
Steven Fackler 4c1891cc10
Merge pull request #950 from WanzenBug/master 
Add access to private/public components of DSA key pairs.
 2018-06-23 23:53:09 -04:00
Moritz Wanzenböck 339d09fbf3 Simplify DSA from private components 2018-06-23 18:16:32 +02:00
Stefan Tatschner 321c076ab3
Fix build with openssl 1.1.1 and no-psk 
I used this as build flags for openssl 1.1.1:

```
/usr/bin/perl ./Configure linux-x86_64 no-shared no-zlib no-psk no-srp no-weak-ssl-ciphers no-idea
```

rust-openssl crashed with this error:

```
   Compiling openssl v0.10.10                                                                                                                                                                                      
error[E0433]: failed to resolve. Use of undeclared type or module `CStr`                                                                                                                                           
   --> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:386:16                                                                                                    
    |                                                                                                                                                                                                              
386 |     let line = CStr::from_ptr(line).to_bytes();                                                                                                                                                              
    |                ^^^^ Use of undeclared type or module `CStr`                                                                                                                                                  
                                                                                                                                                                                                                   
error[E0412]: cannot find type `c_char` in this scope                                                                                                                                                              
   --> /home/stefan/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.10/src/ssl/callbacks.rs:377:75                                                                                                    
    |                                                                                                                                                                                                              
377 | pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)                                                                                                                            
    |                                                                           ^^^^^^ did you mean `c_uchar`?                                                                                                     
help: possible candidates are found in other modules, you can import them into scope                                                                                                                               
    |                                                                                                                                                                                                              
1   | use libc::c_char;                                                                                                                                                                                            
    |                                                                                                                                                                                                              
1   | use std::os::raw::c_char;                                                                                                                                                                                    
    |                                                                                                                                                                                                              
                                                                                                                                                                                                                   
error: aborting due to 2 previous errors                                                                                                                                                                           
                                                                                                                                                                                                                   
Some errors occurred: E0412, E0433.                                                                                                                                                                                
For more information about an error, try `rustc --explain E0412`.                                                                                                                                                  
error: Could not compile `openssl`.                                                                                                                                                                                
warning: build failed, waiting for other jobs to finish... 
```

this patch fixes the problem
 2018-06-21 22:19:29 +02:00
Moritz Wanzenböck c624427e31 Fix fallback implementation of DSA utility methods 2018-06-18 20:32:34 +02:00
Moritz Wanzenböck 0390aba73b Add tests for DSA key pairs 2018-06-18 18:12:34 +02:00
Moritz Wanzenböck 4994e75d2c Add Dsa::from_(private|public)_components 
Add 2 methods to create a DSA key pair from its raw components.
 2018-06-18 18:10:02 +02:00
Moritz Wanzenböck 52c942f4b3 Add methods to access private and public part of DSA keys 2018-06-18 11:39:15 +02:00
Steven Fackler 6440ee04ef
Merge pull request #943 from lolzballs/master 
Add wrapper for SSL_CTX_set_psk_server_callback
 2018-06-17 15:47:00 -07:00
Benjamin Cheng bf86580bec
Disable TLSv1.3 for psk_ciphers test 2018-06-17 17:00:22 -04:00
Steven Fackler 115cb730b0 Switch to accessors in libressl where possible 
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.

cc #909
 2018-06-09 21:49:36 -07:00
Steven Fackler 6834b97ff4 Release openssl v0.10.10 2018-06-06 13:37:25 -07:00
Steven Fackler d82a49bee2 Release openssl-sys 0.9.33 2018-06-06 13:36:24 -07:00
Steven Fackler cdc90c7e9d Add SslRef::set_alpn_protos 2018-06-04 20:19:27 -07:00
Marco Huenseler 14b5439347 Rename X509NameRef::all_entries and refactor end-of-iterator checks 2018-06-03 15:38:46 +02:00
Marco Huenseler f5e6d57c47 Provide an Asn1Object getter method for X509NameEntryRef 2018-06-03 15:38:46 +02:00
Marco Huenseler 2afdc16fc9 Make X509NameRef provide an iterator over all X509NameEntries 2018-06-03 15:38:46 +02:00
Steven Fackler 0745d66927 Update to 1.1.1-pre7 
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.

TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
 2018-06-02 13:58:56 -07:00
Benjamin Cheng 88c61d252f
Ensure psk test callbacks are called 2018-06-02 15:50:24 -04:00
Benjamin Cheng 285884c925
push PSK callback errors onto ErrorStack 2018-06-02 15:49:59 -04:00
Benjamin Cheng bcc4ca0285
Change psk test cipher to PSK-AES128-CBC-SHA 
Hopefully it works on CI servers now
 2018-06-02 13:59:04 -04:00
Benjamin Cheng b1c77a7ea5
Use is_null() 2018-06-02 13:49:42 -04:00
Benjamin Cheng 5d8a44612d
add test for psk; deprecated set_psk_callback 2018-06-02 13:47:52 -04:00
Benjamin Cheng b1eb1224f5
Merge remote-tracking branch 'origin/master' 2018-06-02 10:56:31 -04:00
Steven Fackler 83767b861e Release openssl v0.10.9 2018-06-01 20:59:26 -07:00
Steven Fackler 52f581ffc9 Release openssl-sys v0.9.32 2018-06-01 20:57:09 -07:00
Steven Fackler a3a2605115 fix build on older rustc 2018-06-01 20:47:46 -07:00
Steven Fackler 10b2a34529 Adjust Nid signature algorithm APIs 2018-06-01 20:36:19 -07:00
Steven Fackler c2145384a9 Fix types 2018-06-01 20:07:13 -07:00
Steven Fackler 15cb335e66 Fix use-after-free in cms 
Closes #941
 2018-06-01 19:38:52 -07:00
Steven Fackler 3456add537 Add SslRef::verified_chain 2018-05-29 21:53:22 -07:00
Marco Huenseler 2977f6ed30 rewrite Nid::{long_name,short_name} to return Results instead of Options 2018-05-28 12:15:05 +02:00
Marco Huenseler b8de619fbe Get Nid string representations 2018-05-28 12:13:40 +02:00
Steven Fackler a774c0c5f2 Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating 2018-05-24 21:07:36 -07:00
Steven Fackler 772e1c003f Add some digest support 2018-05-24 21:06:11 -07:00
Steven Fackler 3cd33cdd8b Don't panic on bogus servernames 
Also add a second version of the method to avoid filtering out non-utf8
names.

Closes #930
 2018-05-24 20:22:15 -07:00
Steven Fackler c0876cc8c6 Add bindings to SSL_get_finished and SSL_get_peer_finished 
These are used for the tls-unique SCRAM channel binding mode.
 2018-05-24 20:00:28 -07:00
Steven Fackler c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors 
TLS1.3 early data support
 2018-05-22 20:42:46 -07:00
Benjamin Saunders 2e478fdcf4 Expose early I/O 2018-05-22 20:25:28 -07:00
Steven Fackler b187eb0ee3 Release openssl v0.10.8 2018-05-20 21:03:16 -07:00
Steven Fackler 25df3c8b51 Release openssl-sys 0.9.31 2018-05-20 21:02:12 -07:00
Steven Fackler 7a7f98a32c
Revert "Move proto version accessors to SslContextRef" 2018-05-20 20:55:20 -07:00
Steven Fackler b976b5fd52 Move proto version accessors to SslContextRef 
Add a Derf impl for SslContextBuilder so existing use still works.
 2018-05-20 20:47:00 -07:00
Steven Fackler f0347fbce8 Improve error Display impls 2018-05-20 19:37:19 -07:00
Steven Fackler 3ab1cc7a8f Make Stack Sync + Send 2018-05-20 15:24:38 -07:00
Steven Fackler 4c1fdf1d81 Support ALPN on libressl 
Closes #690
 2018-05-20 12:52:49 -07:00
Steven Fackler a6fcef01c0 Overhaul openssl cfgs 
Also expose hostname verification on libressl
 2018-05-20 12:33:02 -07:00
Steven Fackler d991566f2b Support min/max version in LibreSSL 
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
 2018-05-19 19:57:12 -07:00
Benjamin Saunders 69c75a178b Expose early keying material export 2018-05-17 13:16:41 -07:00
Benjamin Saunders d5d414b16f Expose max TLS1.3 early data accessors 2018-05-17 12:02:32 -07:00
Benjamin Cheng 47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback 2018-05-16 17:49:36 -04:00
Steven Fackler 53671518fd
Merge pull request #902 from ur0/CMS_sign 
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
 2018-05-13 15:53:49 +01:00
Steven Fackler b1e5c8b1ed Implement Clone for Rsa 
Closes #917
 2018-05-12 16:34:47 -07:00
Steven Fackler ff2c7ffefd Merge Ssl impl blocks 2018-05-12 16:50:50 +01:00
Steven Fackler c25b6f3e26 Clean up SSL callbacks 
Also add an Arc to avoid a weird use after free edge case if a callback
changes a callback.
 2018-05-12 15:02:53 +01:00
Steven Fackler 5cfbe7ac6a Disable tests that talk to Google on LibreSSL 2.5.0 
They're flickering, and I'm assuming it's just because that version is
so old.
 2018-05-12 13:59:22 +01:00
Steven Fackler e5d65306e7 Change SslContext callback handling 
Use the existing infrastructure!
 2018-05-12 13:19:01 +01:00
Umang Raghuvanshi afaa2387c8 Gate away CMS_KEY_PARAM from OpenSSL 1.0.1 2018-05-10 21:41:59 +05:30
Umang Raghuvanshi 541458c1c1 Properly version-gate CMS constants 2018-05-10 21:20:32 +05:30
Umang Raghuvanshi 90898e99c9 Move CMS_* flags to the openssl-sys package 
Also renames attributes in the bitflags struct.
 2018-05-10 20:26:57 +05:30
Steven Fackler 7a1b59d605 Fix base version for min/max proto accessors 
Closes #911
 2018-05-09 20:04:43 +01:00
Steven Fackler 42cbd0111b Release openssl v0.10.7 2018-04-30 20:41:23 -07:00
Steven Fackler 25e3f66e3e Release openssl-sys v0.9.30 2018-04-30 20:40:29 -07:00
Benjamin Saunders 47431f66bb Expose SslSession <-> DER conversion 2018-04-29 01:54:16 -07:00
Steven Fackler aa619c81c0 Some misc cleanup 2018-04-27 15:41:12 -07:00
Umang Raghuvanshi 043ad63a52 Use bitflags for CMS options 2018-04-26 09:15:29 +05:30
Steven Fackler 24ece94e99 Remove Rsa::build 
It could be a bit confusing since it only works for private keys.
 2018-04-25 19:55:35 -07:00
Steven Fackler 261463542f
Merge pull request #901 from eoger/rsa-from-builder 
Add RsaPrivateKeyBuilder
 2018-04-25 14:51:02 -07:00
Edouard Oger 9a83e3350b Add RsaPrivateKeyBuilder 
Fixes #837
 2018-04-25 11:18:57 -04:00
Umang Raghuvanshi 13caf731a2 Implement CR suggestions 
* Don't do un-necessary heap pointer gymnastics
* Use the to_der! macro instead of a manually written impl
* Allow optional arguments for CMS_sign
 2018-04-22 10:57:09 +05:30
René Richter 5bb89d7552 Add functions to X509Req to obtain public key and extensions 
This allows for basic CSR signing.
 2018-04-21 23:14:48 +02:00
Umang Raghuvanshi 8ce5dee00d Add the CMS_sign and i2d_CMS_ContentInfo function bindings 
This adds the CMS_sign and i2d_CMS_ContentInfo bindings in the
openssl-sys crate and Rusty wrappers in the openssl crate.
 2018-04-20 17:15:04 +05:30
Rohit Aggarwal 973a3fede1 Document that encrypt/decrypt use padding 2018-04-16 14:45:56 +01:00
Steven Fackler cab98be606 Release openssl v0.10.6 2018-04-05 11:12:06 -07:00
Steven Fackler 78d91428b5 Release openssl-sys 0.9.28 2018-04-05 11:09:36 -07:00
Bastian Köcher 75bf48368d Return `PKey<Private>` from `private_key_from_der` 2018-04-04 14:58:52 +02:00
Steven Fackler e423da2d12
Merge pull request #858 from Ralith/stateless-api 
Introduce SslStreamBuilder
 2018-03-31 11:28:03 -07:00
Steven Fackler 5c317d5a35 Remove unneeded build keys 2018-03-30 11:32:57 +02:00
Steven Fackler a14b7cc276 Don't enable features for docs anymore 2018-03-29 22:41:40 +02:00
Steven Fackler ac950b28aa Fix a flag name 2018-03-29 10:26:43 +02:00
Steven Fackler 1bbe1b6a8f Clean up a couple of holdovers from old features 2018-03-29 10:20:18 +02:00
Benjamin Saunders f99c101559 Add test for stateless connection 2018-03-28 18:14:48 -07:00
Benjamin Saunders 99fdb2bd0b Introduce SslStreamBuilder 2018-03-28 18:14:48 -07:00
Benjamin Saunders bbb1cb61f6 Update to OpenSSL 1.1.1-pre3 2018-03-28 18:14:44 -07:00
Steven Fackler c82a87a18e Add Asn1IntegerRef::to_bn 
Also deprecate Asn1IntegerRef since it's just asking for trouble.
 2018-03-28 20:48:28 +02:00
Steven Fackler 7890672725 Add X509Ref::serial_number 2018-03-28 20:41:28 +02:00
Steven Fackler d49e496940 Remove a last couple features 2018-03-19 20:41:08 +00:00
Steven Fackler 063186b62e
Merge pull request #856 from Flakebi/master 
Make it possible to use cmac
 2018-03-19 13:22:51 -07:00
Flakebi 0860115156
Make it possible to use cmac 
This adds Signer::new_without_digest to create Signers which don't have
a digest (like cmac, which is based on aes).
As openssl supports cmac since version 1.1.0, the functions are behind
the ossl110 feature.
This allows building CMAC/OMAC1 and the EAX AEAD on top of this library.
 2018-03-19 21:02:46 +01:00
Steven Fackler 7c33346960 Remove version-specific features 
Closes #852
 2018-03-19 00:41:33 -07:00
Steven Fackler cf658e4c5c
Merge pull request #875 from Ralith/hash-extras 
Expose cipher digests and digest sizes
 2018-03-16 22:00:59 -07:00
Benjamin Saunders 09b1fe9a0d Expose additional cipher and digest accessors 2018-03-16 20:33:23 -07:00
Steven Fackler 66a2ad76b7
Merge pull request #874 from rohit-lshift/priv-key-from-num 
Added a function to create a EcKey<Private> from its parts
 2018-03-13 21:50:17 -07:00
Rohit Aggarwal e3a657d22b Change function name to be similar to RSA one 2018-03-13 08:57:35 +00:00
Steven Fackler 9452c01672
Merge pull request #864 from mlen/aes-ccm-bindings 
Implement AES-{128,256}-CCM bindings
 2018-03-11 16:30:37 -07:00
Steven Fackler 170adae336
Merge pull request #873 from sfackler/tweaks 
Add a Sync + Send bound to the custom ext type
 2018-03-11 16:10:54 -07:00
Steven Fackler 7edecbd3a8
Merge pull request #872 from sfackler/tweaks 
Some ECDSA fixes/tweaks
 2018-03-11 15:37:28 -07:00
Steven Fackler 9f5ef88880 Add a Sync + Send bound to the custom ext type 
It's stored inside of the Ssl, so this is probably tecnically
necessarly?
 2018-03-11 15:36:47 -07:00
Steven Fackler d0329473bd
Merge branch 'master' into custom-extensions 2018-03-11 15:27:28 -07:00
Steven Fackler c9ef7f3cd5 Some ECDSA fixes/tweaks 2018-03-11 15:23:23 -07:00
Steven Fackler 1b830c3fb7
Merge pull request #863 from rohit-lshift/master 
Exposed some of ECDSA functions
 2018-03-11 15:08:16 -07:00