min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
790 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

790 Commits

Author SHA1 Message Date
Steven Fackler 618b68f9c0 Merge pull request #262 from jedisct1/read_dhparams 
Add DH::from_pem() to load DH parameters from a file
 2015-09-16 01:11:58 -04:00
Frank Denis 6666a1818a Add DH::from_pem() to load DH parameters from a file 2015-09-13 12:44:50 +02:00
Steven Fackler f4bf55faa3 Merge pull request #270 from mvdnes/crypto_segv 
Check if public/private RSA key is properly loaded
 2015-09-11 11:31:15 -04:00
Mathijs van de Nes 87d5c0e429 Fix one call to RSA_size found by tests 2015-09-11 09:24:24 +02:00
Mathijs van de Nes 3be32528e5 Add tests to ensure a panic occurs instead of segv 2015-09-11 09:23:51 +02:00
Mathijs van de Nes 0eb2f0ecfa Check rsa.is_null() before passing it to RSA_size 
RSA_size will cause an segmentation fault if it is null
 2015-09-10 13:04:25 +02:00
Mathijs van de Nes 02b109bf04 Check _fromstr function for success 2015-09-10 12:58:40 +02:00
Steven Fackler d74db991ce Merge pull request #268 from alex/patch-1 
Make the docs say that load_pub/save_pub methods take DER bytes
 2015-09-09 17:26:04 -07:00
Alex Gaynor 4781a3304a Make the docs say that load_pub/save_pub methods take DER bytes 2015-09-09 19:58:45 -04:00
Steven Fackler 60c0b88eba Merge pull request #265 from alexcrichton/swap-order 
Swap order of linking ssl/crypto
 2015-09-01 13:18:34 -07:00
Alex Crichton bf16c19f31 Swap order of linking ssl/crypto 
GNU linkers will sometimes aggressively try to strip objects and archives from a
linker command line in a left-to-right fashion. When a linker hits an object
file that doesn't satisfy any unresolved symbols, it will discard the object and
not re-visit it. This means that currently if symbols are depended upon in
libssl then some of the dependencies of libssl (in libcrypto) may have already
been stripped, causing a link error.

By swapping the order of what's linked it reflects the natural flow of
dependencies and the linker should figure everything out for us.
 2015-09-01 11:24:32 -07:00
Steven Fackler e28b73e1f6 Merge pull request #259 from jedisct1/dh 
Add support for DHE for forward secrecy
 2015-09-01 00:10:03 -04:00
Steven Fackler ad47598963 Merge branch 'release' 2015-08-31 19:11:28 -07:00
Steven Fackler abde5382c9 Merge branch 'release-v0.6.5' into release 2015-08-31 19:11:10 -07:00
Steven Fackler 7b0b70bd13 Release v0.6.5 2015-08-31 19:10:27 -07:00
Frank Denis 9add4e1001 Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy. 
rust-openssl didn't support forward secrecy at all.

This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.

With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::dh::DH;
    let dh = DH::get_2048_256().unwrap();
    ctx.set_tmp_dh(dh).unwrap();

With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::bn::BigNum;
    use openssl::dh::DH;
    let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
    let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
    let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
    let dh = DH::from_params(p, g, q).unwrap();
    ctx.set_tmp_dh(dh).unwrap();
 2015-08-31 23:12:57 +02:00
Steven Fackler dc8cba4822 Merge pull request #251 from ebarnard/evp_bytestokey 
Expose EVP_BytesToKey
 2015-08-23 13:37:55 -04:00
Edward Barnard 8067565707 Expose EVP_BytesToKey 
This is based on work by pyrho.
Closes #88
 2015-08-23 17:08:18 +07:00
Steven Fackler 4cb68efd99 Merge pull request #253 from manuels/master 
Add get_state_string()
 2015-08-19 02:31:15 -04:00
Manuel Schölling 3fe3d57976 Add get_state_string() 2015-08-17 19:01:43 +02:00
Steven Fackler fa5c4cb5df Fix openssl source link in tests 2015-08-15 14:37:03 -07:00
Steven Fackler 769b8312d8 Merge pull request #240 from jethrogb/topic/x509_req_extension 
Implement certificate extensions for certificate requests
 2015-08-15 16:04:42 -04:00
Steven Fackler df32e53afa Grab errno for directstream want errors 2015-08-10 22:29:34 -04:00
Steven Fackler 69cbd14540 Handle WantWrite and WantRead errors 2015-08-08 12:25:16 -07:00
Steven Fackler a10604e15d Merge pull request #243 from manuels/master 
Fix probelms with DTLS when no packets are pending.
 2015-08-02 22:27:19 -04:00
Steven Fackler d193198ae9 Add new feature to travis tests 2015-08-02 22:25:33 -04:00
Steven Fackler 02dc3eda2f Merge pull request #242 from awelkie/master 
Added AES CTR-mode under feature flag.
 2015-08-02 22:25:09 -04:00
Steven Fackler 322c784510 Merge pull request #247 from panicbit/pub-init 
Expose ssl::init
 2015-07-26 14:06:25 -04:00
panicbit c7eded31a7 Expose ssl::init 2015-07-26 18:28:25 +02:00
Steven Fackler 87b8d8e318 Merge pull request #244 from andrew-d/andrew-save-pubkey 
Add function to write RSA public key as PEM
 2015-07-24 11:32:43 -04:00
Andrew Dunham ab7bfad225 Add function to write RSA public key as PEM 2015-07-23 22:30:07 -07:00
Steven Fackler 3fc8482d36 Make curl follow redirects 2015-07-23 21:51:06 -07:00
Manuel Schölling a43011d77c Fix probelms with DTLS when no packets are pending. 
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3.

Conflicts:
	openssl/src/ssl/mod.rs
 2015-07-18 13:00:34 +02:00
Allen Welkie b478c29151 Added AES CTR-mode under feature flag. 2015-07-15 20:45:18 -04:00
Jethro Beekman 90dd54b541 Implement certificate extensions for certificate requests 2015-07-08 13:37:35 -07:00
Steven Fackler 2e0ae7a8ca Merge pull request #239 from jethrogb/topic/x509_extension_fix 
Add missing C-string conversion, fixing recent build errors
 2015-07-08 11:23:10 -07:00
Jethro Beekman 1e4cba36e8 Add missing C-string conversion, fixing recent build errors 2015-07-08 11:05:18 -07:00
Steven Fackler 3351d5b807 Merge pull request #227 from jethrogb/topic/x509_name 
Allow setting of arbitrary X509 names
 2015-07-08 10:21:19 -07:00
Steven Fackler 0cb4368ef8 Merge pull request #221 from jethrogb/topic/ssl_options 
Several SSL option fixes
 2015-07-08 10:20:33 -07:00
Jethro Beekman e3c562d6a0 Fix/add more X509generator tests 2015-07-08 10:09:40 -07:00
Jethro Beekman 1bcbe8f4bc Add X509generator.add_names method 2015-07-08 10:09:40 -07:00
Jethro Beekman f2b0da1de7 Add public add_name method to X509Generator 2015-07-08 10:08:41 -07:00
Jethro Beekman 11bcac01ec Replace CN field by names vector 2015-07-08 10:06:52 -07:00
Steven Fackler 3229296105 Merge pull request #233 from jethrogb/topic/x509_extension 
Allow setting of arbitrary X509 extensions
 2015-07-08 03:10:40 -04:00
Steven Fackler 5f8d6a2afd Merge branch 'release' 2015-07-06 11:11:17 -07:00
Steven Fackler 114e8a5a58 Merge branch 'release-v0.6.4' into release 2015-07-06 11:09:19 -07:00
Steven Fackler cc497b4768 Release v0.6.4 2015-07-06 11:09:03 -07:00
Steven Fackler 4ab1d570bf Merge pull request #236 from servo/unpin 
Unpin the bitflags version.
 2015-07-06 11:04:59 -07:00
Ms2ger f4afe615dd Unpin the bitflags version. 
This dependency causes Servo to depend on multiple versions of the bitflags
crate.
 2015-07-06 19:47:59 +02:00
Jethro Beekman 6a725acf4d Remove #ifs for same-value shimmed SSL options. Depend on compiler optimization instead. 2015-07-01 21:49:27 -07:00