6d6429237d
Add EC_GROUP_order_bits
2019-11-11 22:04:14 +01:00
22f029064a
Added clonability for sha hash state. Useful for incremental hashing
2019-11-11 11:09:49 -08:00
80e0dd03ba
Add method to create Asn1Time from time_t value
...
This is mostly just a rework of the earlier work done by @illegalprime
in his PR #673 and credit should go to him.
2019-10-13 23:10:16 +02:00
14a6a98ebf
Add diff method and comparisons to Asn1TimeRef
...
This implements a `diff` method on `Asn1TimeRef` using `ASN1_TIME_diff`
and uses this new method to implement combinations of `PartialEq` and
`PartialOrd` for `Asn1Time` and `Asn1TimeRef`.
This is mostly just a rework of the earlier work done by @illegalprime
in his PR #673 and credit should go to him.
2019-10-13 23:09:12 +02:00
b771738a3a
Fix rustc warnings
...
- Use `..=` for inclusive ranges
- Add the `dyn` keyword for trait objects
- Switch from `ONCE_INIT` to `std::sync::Once::new()`
2019-10-08 08:35:35 -04:00
7ce0835b74
Implement Clone for PKey
2019-10-01 18:45:10 -07:00
bdede43afe
Added support for Ed25519 and Ed448 signatures
2019-08-16 11:15:04 +02:00
88c5bd81c7
Add AES-192 and OFB mode
2019-07-06 17:11:37 +08:00
aef0517dcf
Expose EC_POINT_dup as EcPoint::to_owned
2019-06-19 21:34:48 +02:00
e8fc907da3
Expose EC_GROUP_get_cofactor as EcGroup::cofactor
2019-06-14 16:41:47 +02:00
390d71f1e5
Expose EC_GROUP_get0_generator as EcGroup::generator
2019-06-13 03:09:45 +02:00
fab6ea4727
Conditionally compile PEM functions for CMS
...
Apparently libressl does not quite support all CMS functions (well, at
least the bindings for CMS are currently compile-time guarded), so CI
checks inside the systest fail during the verification on libressl.
This is an attempt to fix it.
2019-06-12 16:48:16 +02:00
124c05d058
Add `CmsContentInfo` <-> PEM bindings
2019-06-12 10:23:48 +02:00
b9341856b1
Add AES_wrap_key and AES_unwrap_key functionality
2019-06-05 21:03:34 -06:00
958c1811b0
Fix constness for 1.1.1c
2019-05-31 07:29:00 -07:00
628c3b338a
Add SSL_CTX_add_client_CA on OpenSSL
2019-05-13 15:08:02 +01:00
d79090a00a
Reconcile exdata and version functions between libraries/versions.
2019-04-24 23:15:56 -04:00
98f91769e3
Add missing any() in the {,D}TLS_method usage logic.
2019-04-24 19:29:01 -04:00
f0b8a2e467
Support LibreSSL 2.9.1
...
LibreSSL 2.9.1 added generic DTLS methods.
While here, bump CircleCI.
2019-04-24 16:08:42 -04:00
865c613de3
Fix requiret ossl version for EVP_PKEY_size
2019-04-23 12:36:42 +02:00
f40a328d43
Remove unnecessary version req and clean up param names.
2019-04-18 10:47:50 +02:00
63c7bda0c2
Add minimum ossl version.
2019-04-15 13:41:54 +02:00
08879ed512
Add EVP_Seal and EVP_Open
2019-04-15 00:54:49 +02:00
702bc48b1c
Expose EC_GROUP_get_curve_name()
...
This gives us the ability to get the Nid from an EcGroupRef.
2019-03-19 11:10:35 -04:00
d9cb5433b1
Expose EVP_MD_type()
...
This gives us the ability to get the Nid from a MessageDigest.
2019-03-19 11:10:35 -04:00
a0e5b31799
X.509: add verify methods
2019-03-11 22:35:43 +01:00
546eb4d391
CMS: add encrypt, from_der
2019-03-02 00:33:52 +01:00
404b7f1790
Add session cache size accessors
2019-03-01 10:07:51 -08:00
a16482f972
Add session info accessors
2019-02-28 22:08:48 -08:00
913267e68a
Add SslCtx::{add,remove}_session
2019-02-28 19:48:10 -08:00
55fee497bb
Implement Clone for Dsa
2019-02-28 14:10:49 -05:00
953fe86b9a
Add ERR_PACK
...
Also make error functions const when targeting a new enough rustc
2019-02-27 21:50:39 -08:00
297804b2d9
typo
2019-02-26 20:38:04 -08:00
ab298d0264
Fix const changes in 1.1.1b
2019-02-26 20:31:01 -08:00
70afbb8393
Add standard ciphername support
2019-02-22 10:33:12 -07:00
7eee39f1ec
Rustfmt
2019-02-22 10:14:15 -07:00
899fc30e9b
Change from EVP_des_ede3_cfb to EVP_des_ede3_cfb64
2019-02-18 19:35:00 +09:00
941a69a4d2
Add des_ede3_cfb symm cipher
2019-02-17 22:21:01 +09:00
34755f8a6b
ASN1_TIME_from_string_x509 was added in 1.1.1
2019-01-27 13:14:11 -08:00
691ce7ca2a
Add Asn1Time::from_str and Asn1Time::from_str_x509
...
Closes #1051
2019-01-27 13:05:03 -08:00
637228e7ee
SRP_CTX doesn't exist when OPENSSL_NO_SRP is set
...
Closes #1047
2019-01-25 09:19:14 -08:00
e56e09b6a4
Add RsaRef::check_key
2019-01-18 21:03:04 -06:00
5c7fa43d87
Add bindings to RAND_keep_random_devices_open
...
Closes #1019
2018-11-22 09:32:50 -07:00
e0e0a96cb3
Add new SHA3 EVP message digest functions in OpenSSL 1.1.1
2018-11-21 15:31:50 -05:00
dab71dbf0a
Bump dependency on openssl-src-rs
...
Brings in the first release with OpenSSL 1.1.1
2018-10-16 06:59:07 -07:00
2dd3736444
Refactor to match style and add documentation.
2018-10-02 17:25:18 -04:00
0245eee724
Merge pull request #1002 from vishwin/master
...
Support the rest of LibreSSL 2.8.x
2018-10-01 08:27:59 -07:00
b86f547dbf
Update the OCSP_cert_to_id() signature for LibreSSL 2.8.1
...
While here, restore CI for LibreSSL 2.8.0 alongside 2.8.1 to account for the function signature change.
2018-10-01 00:44:37 -04:00
18dfc9b6b2
Add support for encoding and decoding ECDSA signatures
2018-09-28 14:43:33 +02:00
22231d7547
Support the client hello callback
2018-09-15 13:29:18 -07:00
9e1a6f284b
Fix missing symbol
2018-09-12 20:56:05 -07:00
8c6bc774db
Support libressl 2.8.0
...
Closes #988
2018-09-12 20:44:22 -07:00
93a4e96255
Refactor openssl-sys
...
The old layout tried to structure itself by version but it ended up with
a lot of duplication. Instead, follow the structure of the header files.
2018-09-12 19:21:18 -07:00
bc4e47a321
Fix lookup errors with SNI callback.
...
The job of an SNI callback is typically to swap out the context
associated with an SSL depending on the domain the client is trying to
talk to. Typically, only the callbacks associated with the current
context are used, but this is not the case for the SNI callback.
If SNI is run for a second time on a connection (i.e. in a
renegotiation) and the context was replaced with one that didn't itself
register an SNI callback, the old callback would run but wouldn't be
able to find its state in the context's ex data. To work around this, we
pass the pointer to the callback data directly to the callback to make
sure it's always available. It still lives in ex data to handle the
lifetime management.
Closes #979
2018-08-31 20:23:55 -07:00
ef7721092d
SRTP cleanup
2018-08-19 18:50:11 -07:00
59c578cf04
Add methods for DTLS/SRTP key handshake
2018-08-14 16:04:33 +02:00
1396143c66
Add get_shutdown and set_shutdown
2018-08-08 13:19:55 -07:00
cb2f4c2287
X509_V_ERR_UNSPECIFIED was added in 1.0.2f
...
Closes #970
2018-08-04 10:23:35 -07:00
9eeee0930c
Add bindings for custom error definition
2018-07-10 18:54:47 -07:00
1392b006e2
Merge pull request #937 from marcoh00/iterable-x509names
...
X509NameRef: Provide an iterator over all entries
2018-07-07 20:20:45 -07:00
4994e75d2c
Add Dsa::from_(private|public)_components
...
Add 2 methods to create a DSA key pair from its raw components.
2018-06-18 18:10:02 +02:00
6440ee04ef
Merge pull request #943 from lolzballs/master
...
Add wrapper for SSL_CTX_set_psk_server_callback
2018-06-17 15:47:00 -07:00
115cb730b0
Switch to accessors in libressl where possible
...
Some accessors are mysteriously still macros so we can't make everything
opaque yet, unfortunately.
cc #909
2018-06-09 21:49:36 -07:00
f5e6d57c47
Provide an Asn1Object getter method for X509NameEntryRef
2018-06-03 15:38:46 +02:00
2afdc16fc9
Make X509NameRef provide an iterator over all X509NameEntries
2018-06-03 15:38:46 +02:00
0745d66927
Update to 1.1.1-pre7
...
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
2018-06-02 13:58:56 -07:00
b1eb1224f5
Merge remote-tracking branch 'origin/master'
2018-06-02 10:56:31 -04:00
fb1b9b4140
Add an openssl-sys binding for RSA_padding_check_PKCS1_type_2.
...
This padding check implementation is useful for certain types of RSA
decryption, notably the type performed by Yubico's PIV library.
2018-05-30 18:48:42 -07:00
3456add537
Add SslRef::verified_chain
2018-05-29 21:53:22 -07:00
b8de619fbe
Get Nid string representations
2018-05-28 12:13:40 +02:00
772e1c003f
Add some digest support
2018-05-24 21:06:11 -07:00
c0876cc8c6
Add bindings to SSL_get_finished and SSL_get_peer_finished
...
These are used for the tls-unique SCRAM channel binding mode.
2018-05-24 20:00:28 -07:00
c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors
...
TLS1.3 early data support
2018-05-22 20:42:46 -07:00
2e478fdcf4
Expose early I/O
2018-05-22 20:25:28 -07:00
4c1fdf1d81
Support ALPN on libressl
...
Closes #690
2018-05-20 12:52:49 -07:00
a6fcef01c0
Overhaul openssl cfgs
...
Also expose hostname verification on libressl
2018-05-20 12:33:02 -07:00
9df403043b
Expose X509_VERIFY_PARAM on libressl
2018-05-20 11:29:27 -07:00
862d784161
Clean up openssl-sys cfgs
2018-05-20 11:29:27 -07:00
d991566f2b
Support min/max version in LibreSSL
...
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
2018-05-19 19:57:12 -07:00
69c75a178b
Expose early keying material export
2018-05-17 13:16:41 -07:00
d5d414b16f
Expose max TLS1.3 early data accessors
2018-05-17 12:02:32 -07:00
47a68e2929
Add wrapper for SSL_CTX_set_psk_server_callback
2018-05-16 17:49:36 -04:00
1a909c8e5e
Some sys cleanup
2018-05-13 08:50:00 -07:00
53671518fd
Merge pull request #902 from ur0/CMS_sign
...
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
2018-05-13 15:53:49 +01:00
b1e5c8b1ed
Implement Clone for Rsa
...
Closes #917
2018-05-12 16:34:47 -07:00
e5d65306e7
Change SslContext callback handling
...
Use the existing infrastructure!
2018-05-12 13:19:01 +01:00
afaa2387c8
Gate away CMS_KEY_PARAM from OpenSSL 1.0.1
2018-05-10 21:41:59 +05:30
541458c1c1
Properly version-gate CMS constants
2018-05-10 21:20:32 +05:30
90898e99c9
Move CMS_* flags to the openssl-sys package
...
Also renames attributes in the bitflags struct.
2018-05-10 20:26:57 +05:30
7a1b59d605
Fix base version for min/max proto accessors
...
Closes #911
2018-05-09 20:04:43 +01:00
bc0809a17d
Flag off constants added in 1.0.2h
...
Closes #868
2018-04-30 20:52:19 -07:00
47431f66bb
Expose SslSession <-> DER conversion
2018-04-29 01:54:16 -07:00
03a4c6bd26
Reform version checking logic
...
Rather than having an infinitely growing set of things to look for, just
grab the literal version out. We also provide that to downstream crates,
and it should be used rather than the random assortment of other stuff
that's also passed down.
2018-04-26 22:45:09 -07:00
5bb89d7552
Add functions to X509Req to obtain public key and extensions
...
This allows for basic CSR signing.
2018-04-21 23:14:48 +02:00
5360f5ad04
Fix mutability issues with CMS_sign
2018-04-20 17:30:20 +05:30
8ce5dee00d
Add the CMS_sign and i2d_CMS_ContentInfo function bindings
...
This adds the CMS_sign and i2d_CMS_ContentInfo bindings in the
openssl-sys crate and Rusty wrappers in the openssl crate.
2018-04-20 17:15:04 +05:30
23ca9d2832
Add support for LibreSSL 2.7.1
...
While there, support also future LibreSSL 2.7 versions out of the
box. This fixes compiling this crate in OpenBSD -current.
2018-03-31 20:14:24 +00:00
e423da2d12
Merge pull request #858 from Ralith/stateless-api
...
Introduce SslStreamBuilder
2018-03-31 11:28:03 -07:00
bbb1cb61f6
Update to OpenSSL 1.1.1-pre3
2018-03-28 18:14:44 -07:00
c82a87a18e
Add Asn1IntegerRef::to_bn
...
Also deprecate Asn1IntegerRef since it's just asking for trouble.
2018-03-28 20:48:28 +02:00
Lukas Lihotzki