29f62786ff
Update openssl/src/x509/store.rs
2020-03-24 17:20:54 -04:00
1e9cc8426e
Add functions for SSL{_CTX}_get_verify_mode and SSL_is_init_finished
2020-03-24 15:32:39 -05:00
41162e27ab
Add a shim for X509_STORE_get0_objects and X509_OBJECT_free
2020-03-24 12:33:54 -05:00
e268a5ac7e
Check null ptr for non-x509 X509Object
2020-03-23 10:20:30 -05:00
8cfb59b9ea
Add a way to get the certificates stored in an X509Store
2020-03-22 23:20:59 -05:00
e7d0e69c74
Fix the memory leak in `X509Builder::append_extension`.
...
Also add an alternative method that takes a `X509ExtensionRef`.
2020-02-26 16:23:46 +02:00
7801226796
Tweak interface a bit
2020-02-12 16:14:28 -08:00
eed35cefb0
Merge pull request #1229 from axos88/master
...
SslAcceptor and SslConnector: Ability to turn into SslContext
2020-02-12 19:10:01 -05:00
c81810d869
adds ability access the internal &SslContext of an SslAcceptor and SslConnector
2020-02-12 22:15:11 +01:00
16d93a9372
Allow bad style on pkey.rs
2020-02-11 14:28:53 -08:00
4898f60e52
Attach cfg[allow_deprecated] to methods w/ uninitialized functionality
...
Additionally - update usage of ONCE_INIT
2020-02-10 12:53:51 -08:00
62187377b5
Release openssl v0.10.28
2020-02-04 21:58:26 +00:00
4b1564ebc1
Fix mutability of oneshot sign/verify methods
2020-02-04 21:50:40 +00:00
972c7ae11a
Fix visibility of Signer::new_intern
2020-02-03 16:18:23 +00:00
61d5a1e38d
Release openssl v0.10.27
2020-01-29 15:40:05 -08:00
9189b67326
Add NO RENEGOTIATION option
...
SSL_OP_NO_RENEGOTIATION was added in OpenSSLv1.1.1 and backported to
v1.1.0h.
2020-01-28 04:07:38 +09:00
ad37e7e07d
Merge pull request #1160 from HyeonuPark/set-dtls-mtu
...
Add ssl::set_dtls_mtu_size(usize)
2020-01-13 12:53:23 -05:00
4d5e5e1787
add SslStreamBuilder::set_dtls_mtu_size(usize)
2019-12-29 04:17:00 +09:00
bba670dc90
Avoid false-failures if underlying network connection errors
...
In Air-Gapped or otherwise network-restricted environments,
TcpStream::connect can spuriously fail due to name resolution
failure, or just in establishing the socket itself.
In this situation, the test can't give a meaningful result, and this
failure doesn't indicate a problem in the OpenSSL stack.
Bug: https://github.com/sfackler/rust-openssl/issues/1215
2019-12-27 21:15:39 +13:00
4a05dc7894
Merge pull request #1205 from npmccallum/modernize
...
Fix warnings on newer Rust
2019-12-24 07:48:04 -08:00
fc3c0a93d5
remove deprecated Error::description, replace deprecated cause with source
2019-12-21 23:53:49 +01:00
0815ac9b5d
Merge pull request #1208 from Sach1nAgarwal/comment2
...
Fix documentation typo of "the"
2019-12-20 09:14:58 -05:00
4cec131f37
Merge pull request #1207 from Sach1nAgarwal/comment1
...
In the documentation of SslContextBuilder::set_session_id_context, we…
2019-12-20 09:14:44 -05:00
3ca6974f9e
Merge pull request #1209 from Sach1nAgarwal/comment3
...
Fix documentation typo of link
2019-12-20 09:14:28 -05:00
81cd1736d9
In the documentation of SslContextBuilder::set_cipher_list, we had given
...
link of "SSL_get_client_ciphers" rather than "SSL_CTX_set_cipher_list". In this commit,
we fix the typo.
2019-12-20 08:48:38 +05:30
7599cc5b43
In the documentation of SslContextBuilder::set_certificate, we had written
...
"lthe" rather than "the". In this commit,
we fix the typo.
2019-12-20 08:40:01 +05:30
96c49eee3c
In the documentation of SslContextBuilder::set_session_id_context, we had written
...
"be be" rather than "be". In this commit,
we fix the typo.
2019-12-20 08:32:51 +05:30
2e00fb371b
Replace try!() with ?
2019-12-17 16:09:06 +00:00
0d8561b58a
Merge pull request #1202 from traviscross/fix-chain-typo
...
Fix documentation typo of "chain"
2019-12-13 07:19:44 -05:00
ac8214dad3
Fix documentation typo of "chain"
...
In the documentation of `SslRef::verified_chain`, we had written
"certificate chani" rather than "certificate chain". In this commit,
we fix the typo.
2019-12-12 22:03:42 +00:00
2fe7462aa9
Fix link
...
Closes #1201
2019-12-12 07:25:29 -05:00
6202626629
fix a typo in the description of `Asn1Time`
2019-12-09 16:23:27 -05:00
9f4c489588
Use d2i_PKCS8_PRIV_KEY_INFO instead of *_bio
2019-12-04 02:02:33 +01:00
fc529b6c81
Pkey::private_key_from_pkcs8 free p8inf
2019-12-03 03:05:05 +01:00
a7fa260331
Support for PKCS#8 unencrypted private key deserialization
2019-12-01 03:02:01 +01:00
454cb6f9bc
Merge pull request #1192 from fengyc/master
...
Add EVP_md_null() and MessageDigest::md_null()
2019-11-23 10:17:07 -05:00
395142f7cf
Update openssl/src/hash.rs
...
Rename MessageDigest::md_null to MessageDigest::null
Co-Authored-By: Steven Fackler <sfackler@gmail.com>
2019-11-23 22:46:32 +08:00
2034331e0e
Release openssl v0.10.26
2019-11-22 15:35:03 -08:00
a5c757f164
Release openssl-sys v0.9.53
2019-11-22 15:29:03 -08:00
605003eec8
Fix up base64 docs
2019-11-22 15:22:47 -08:00
288b189de0
Add EVP_md_null() and MessageDigest::md_null()
2019-11-22 16:33:15 +08:00
18552f1f1d
Cleanup
2019-11-21 17:10:34 -08:00
b5eafedf17
Merge pull request #1191 from sfackler/fix-seal
...
Fix IV handling in envelope
2019-11-21 20:09:21 -05:00
56335d12fc
Merge pull request #1183 from adamreichold/base64
...
Expose OpenSSL interfaces for base64 coding.
2019-11-21 20:04:18 -05:00
f85d631fcf
Merge pull request #1184 from Atul9/cargo-fmt
...
Format code using 'cargo fmt'
2019-11-21 20:01:39 -05:00
ca5474683a
Fix IV handling in envelope
...
Closes #1190
2019-11-21 16:59:44 -08:00
0fb1e55a98
Allow configuration of EC groups and signature algorithms
...
Closes #1186
2019-11-16 10:54:27 -08:00
784978bad0
Format code using 'cargo fmt'
2019-11-14 21:00:53 +05:30
86db2315d4
Avoid initialization overhead for base64 coding
2019-11-14 10:09:44 +01:00
bcbebbcace
Expose EVP_{Encode,Decode}Block interfaces for base64 coding
2019-11-14 10:06:24 +01:00
34c2b69118
Merge pull request #1180 from PrismaPhonic/master
...
Added clonability for sha hash state. Useful for incremental hashing
2019-11-11 21:01:19 -05:00
5991f425fa
Added unit test to test that new cloning feature works as intended
2019-11-11 16:40:05 -08:00
8fae1115a4
Changed all sha objects to be clonable per PR review suggestion.
2019-11-11 16:31:47 -08:00
258c49a581
Add #[cfg(ossl110)]
2019-11-11 23:03:40 +01:00
6d6429237d
Add EC_GROUP_order_bits
2019-11-11 22:04:14 +01:00
22f029064a
Added clonability for sha hash state. Useful for incremental hashing
2019-11-11 11:09:49 -08:00
80e0dd03ba
Add method to create Asn1Time from time_t value
...
This is mostly just a rework of the earlier work done by @illegalprime
in his PR #673 and credit should go to him.
2019-10-13 23:10:16 +02:00
14a6a98ebf
Add diff method and comparisons to Asn1TimeRef
...
This implements a `diff` method on `Asn1TimeRef` using `ASN1_TIME_diff`
and uses this new method to implement combinations of `PartialEq` and
`PartialOrd` for `Asn1Time` and `Asn1TimeRef`.
This is mostly just a rework of the earlier work done by @illegalprime
in his PR #673 and credit should go to him.
2019-10-13 23:09:12 +02:00
b771738a3a
Fix rustc warnings
...
- Use `..=` for inclusive ranges
- Add the `dyn` keyword for trait objects
- Switch from `ONCE_INIT` to `std::sync::Once::new()`
2019-10-08 08:35:35 -04:00
bb3e0f474b
Release openssl v0.10.25
2019-10-02 17:52:36 -07:00
02c3262be8
Release openssl-sys v0.9.50
2019-10-02 17:46:57 -07:00
7ce0835b74
Implement Clone for PKey
2019-10-01 18:45:10 -07:00
79d6d1ff2b
Merge pull request #1153 from sturmsebastian/eddsa
...
Added support for Ed25519 and Ed448 signatures
2019-09-08 20:49:41 -04:00
cf9978bc0e
Ensure Signer::len has documentation
...
Applied conditional compilation to internal helpers
2019-09-08 14:45:06 +02:00
9780fd6ba2
Merge pull request #1152 from thomaswhiteway/ecdsa_sig_set0_leak
...
Free r and s on ECDSA_SIG before overwriting them in ECDSA_SIG_set0
2019-09-06 09:20:33 -04:00
106d613805
Free r and s on ECDSA_SIG before overwriting them in ECDSA_SIG_set0
2019-09-06 10:52:15 +01:00
bdede43afe
Added support for Ed25519 and Ed448 signatures
2019-08-16 11:15:04 +02:00
8b2c370b86
Release openssl-sys v0.9.49
2019-08-15 22:19:46 -04:00
dbe0672dc4
Release openssl v0.10.24
2019-07-19 07:45:32 -07:00
45c83e2772
Release openssl-sys v0.9.48
2019-07-19 07:30:11 -07:00
8d2e9e783d
Hack around an unpatched OpenSSL issue
...
Why backport fixes to your LTS version? Seems like a lot of work, I
guess!
Closes #1133
2019-07-18 22:44:02 -04:00
d598f156a7
Add AES-192 tests in CTR, CFB, and OFB modes
2019-07-07 11:07:20 +08:00
88c5bd81c7
Add AES-192 and OFB mode
2019-07-06 17:11:37 +08:00
a02a962f7d
Expose pem serialize function for DSA private key
...
Expose private_key_to_pem() & private_key_to_pem_passphrase() for DsaRef
2019-06-30 23:35:50 +08:00
850e93ee85
Don't depend on NO_SSL_MASK
2019-06-28 20:07:22 -07:00
d3104955dd
Minimize test duplication
2019-06-28 19:51:52 -07:00
1b3e0c8a15
Add mozilla v5 configurations
...
Closes #1134
2019-06-28 19:42:29 -07:00
aef0517dcf
Expose EC_POINT_dup as EcPoint::to_owned
2019-06-19 21:34:48 +02:00
e8fc907da3
Expose EC_GROUP_get_cofactor as EcGroup::cofactor
2019-06-14 16:41:47 +02:00
390d71f1e5
Expose EC_GROUP_get0_generator as EcGroup::generator
2019-06-13 03:09:45 +02:00
fab6ea4727
Conditionally compile PEM functions for CMS
...
Apparently libressl does not quite support all CMS functions (well, at
least the bindings for CMS are currently compile-time guarded), so CI
checks inside the systest fail during the verification on libressl.
This is an attempt to fix it.
2019-06-12 16:48:16 +02:00
ed966a09ac
Extend CMS unit tests (pem/der conversions)
2019-06-12 10:36:44 +02:00
69ee79d435
Fix formatting in cms `to_der` implementation
2019-06-12 10:24:53 +02:00
124c05d058
Add `CmsContentInfo` <-> PEM bindings
2019-06-12 10:23:48 +02:00
d2e48e8d1f
Add Debug impl for EcKey
2019-06-10 21:57:10 +08:00
1c3f5b5f57
Address comments
2019-06-07 19:32:36 -06:00
b9341856b1
Add AES_wrap_key and AES_unwrap_key functionality
2019-06-05 21:03:34 -06:00
e3ac3f40bf
Display for Error was incorrectly showing func instead of reason.
2019-05-30 15:06:14 -04:00
3b064fdb02
Release openssl v0.10.23
2019-05-18 12:13:39 -07:00
b6d968b378
Release openssl-sys v0.9.47
2019-05-18 12:10:57 -07:00
b39a712076
Fix handling of session callbacks
...
The session context is used for session callbacks rather than the normal
context, which breaks state lookup when the context has been swapped out
(e.g. for SNI). Since there isn't an accessor for the session context,
we just store an extra reference in the SSL's ex data.
Closes #1115
2019-05-18 10:27:40 -07:00
2e37753790
Const-correctness
2019-05-13 19:11:15 +01:00
41fea135ad
Allow passing by non-owned reference
2019-05-13 18:49:09 +01:00
628c3b338a
Add SSL_CTX_add_client_CA on OpenSSL
2019-05-13 15:08:02 +01:00
6686092edf
Release openssl v0.10.22
2019-05-08 18:46:43 -07:00
a9b9f818a1
Merge pull request #1097 from vishwin/master
...
Support LibreSSL 2.9.1
2019-05-08 18:40:18 -07:00
801a236413
Ignore SRTP tests on libressl 2.9.1
...
SRTP is broken in that release!
2019-05-08 18:19:42 -07:00
d2b169dae6
Fix doc link bugs
2019-05-03 07:32:05 -07:00
3331908a1d
Release openssl v0.10.21
2019-04-30 21:59:02 -07:00
7ad3208937
Fix output size check for stream ciphers
...
The previous output size check presumed a block cipher. Therefore, it
enforced an unnecessary extra byte in the case of stream ciphers. This
patch ensures that our size checks don't force the caller to
overallocate for stream ciphers.
2019-04-29 17:45:12 -04:00
Steven Fackler