min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,477 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

238 Commits

Author SHA1 Message Date
Steven Fackler 67b5b4d814 Make hmac support optional and remove openssl-sys-extras 
rust-openssl no longer requires headers for the default feature set.
 2016-08-09 22:52:12 -07:00
Steven Fackler a8224d199b symm reform 2016-08-08 23:10:03 -07:00
Steven Fackler 522447378e Copy over getter macros 2016-08-08 20:37:48 -07:00
Steven Fackler bf07dd9a4e Remove symm_internal 2016-08-08 20:26:04 -07:00
Steven Fackler 6b1016c86e Add PKey::from_rsa 2016-08-07 22:56:44 -07:00
Steven Fackler 2a3e9a2856 Add RSA::generate 2016-08-07 22:35:37 -07:00
Steven Fackler 7855f428aa PKey reform 
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
 2016-08-07 20:38:46 -07:00
Steven Fackler 7ca5ccf064 Hash reform 
Closes #430
 2016-08-07 16:29:36 -07:00
Steven Fackler c47be8b14b Move SSL_CTX_set_ecdh_auto to -sys 2016-08-04 22:52:40 -07:00
Steven Fackler ee67ea8ea0 Mvoe SSL_CTX_add_extra_chain_cert to -sys 2016-08-04 22:46:47 -07:00
Steven Fackler 378b86326c Move SSL_CTX_set_tmp_dh to -sys 2016-08-04 22:43:24 -07:00
Steven Fackler 7fb7f4671d Move SSL_CTX_set_read_ahead to -sys 2016-08-04 22:40:01 -07:00
Steven Fackler 77dbab2cad Move SSL_CTX_set_tlsext_servername_callback to -sys 2016-08-04 22:37:39 -07:00
Steven Fackler c2a7c5b7f0 Move SSL_set_tlsext_host_name to -sys 2016-08-04 22:28:33 -07:00
Steven Fackler b29ea62491 Move BIO macros into -sys 2016-08-04 22:22:55 -07:00
Steven Fackler 17474520bc Support basic SSL options without C shims 2016-08-04 22:14:18 -07:00
Steven Fackler abacc8bb18 Define SSL_CTX_set_mode in openssl-sys 2016-08-02 22:14:44 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Alex Crichton 3539be3366 Add MidHandshakeSslStream 
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
 2016-07-31 16:01:06 -07:00
Steven Fackler df30e9e700 Merge pull request #402 from bbatha/feat/dsa-ffi 
DSA bindings
 2016-07-29 22:35:50 -07:00
Ben Batha a3a602be51 add low level dsa primitives 2016-07-29 19:04:37 -04:00
Onur Aslan 5ed77df197 Implement save_der for X509 and X509Req 2016-07-29 12:14:49 +03:00
Shaun Taheri 722a2bd673 Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag 2016-07-24 20:55:15 +02:00
Steven Fackler 5135fca87f Release v0.7.14 2016-07-01 18:43:39 -04:00
Steven Fackler 121169c1f5 Set auto retry 
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
 2016-07-01 18:31:47 -04:00
Steven Fackler f6b612df5f Release v0.7.13 2016-05-20 15:57:57 -07:00
Steven Fackler 95051b060d Release v0.7.12 2016-05-16 23:04:03 -07:00
Steven Fackler dce59a63c5 Merge pull request #389 from cmsd2/master 
expose rsa from raw private key and rsa sign and verify
 2016-05-06 15:12:19 -07:00
Chris Dawes f82a1c4f75 add rsa signature tests 2016-05-05 23:41:55 +01:00
Steven Fackler 78122a9d68 Release v0.7.11 2016-05-05 13:32:27 -07:00
Steven Fackler 7b73003b67 Add X509StoreContext::error_depth 2016-04-30 09:27:50 -07:00
Steven Fackler 62a7dd10e5 Add Ssl::set_verify 
It also uses a better, closure based API than the existing callback
    methods.
 2016-04-30 08:09:12 -07:00
Steven Fackler a7bade104c Merge pull request #381 from chaaz/master 
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
 2016-04-29 21:17:17 -07:00
Steven Fackler 32722e1850 Add accessors for x509 subject alt names 2016-04-29 21:15:32 -07:00
Steven Fackler caf9272c85 Start on GeneralName 2016-04-28 22:16:29 -07:00
Charlie Ozinga 5682c04469 Remove des_cfb and des_ofb, since they appear on limit platforms 2016-04-19 17:28:19 -06:00
Steven Fackler 54fc1df712 Release v0.7.10 2016-04-16 20:57:12 -07:00
Steven Fackler c2e72f6641 Add SslContext::set_default_verify_paths 2016-04-16 20:47:32 -07:00
Charlie Ozinga 2062d48dd2 Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb) 
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
 2016-04-14 03:44:43 -06:00
Steven Fackler 9511a9bc19 Merge pull request #380 from Yoric/master 
Resolves #378 - Module version with the version information
 2016-04-13 14:45:49 -07:00
David Rajchenbach-Teller 0c48f9a0e0 Resolves #378 - Module version with the version information 2016-04-13 23:29:25 +02:00
Rico Huijbers 00282de2a5 Add ability to set session ID context on an SSL context 
This is necessary to make authentication with client certificates work
without session restarts.
 2016-04-13 21:38:23 +02:00
Steven Fackler d143203f88 Release v0.7.9 2016-04-06 21:34:20 -07:00
Kevin King 4016edd4de add EVP_PKEY_copy_parameters to FFI 
copy EVP_PKEY params in PKey::clone

test that PKey::clone creates a copy
 2016-04-06 19:39:50 -04:00
Steven Fackler e0412850ec Release v0.7.8 2016-03-18 08:54:12 -07:00
Steven Fackler a569df29f4 Release v0.7.7 2016-03-17 09:04:23 -07:00
Steven Fackler 23fd427900 Merge pull request #353 from bluejekyll/master 
adding functionality to directly get and set RSA public key material
 2016-03-05 13:57:53 -08:00
Erik Johnston 04cbf049c0 Add SSL_get_version 2016-02-29 20:14:48 +00:00
Benjamin Fry ef95223d26 adding functionality to directly get and set RSA key material 2016-02-17 23:18:42 -08:00
Erik Johnston 1e9667ea89 Add support for SSL_CIPHER 2016-02-17 22:38:32 +00:00
Steven Fackler 3df4c479c9 Release v0.7.6 2016-02-10 09:36:00 -08:00
Steven Fackler 18e7e2455c Merge pull request #330 from esclear/master 
Add a interface to RSA structs
 2016-01-22 19:07:38 -08:00
Steven Fackler 2ece5b1039 Release v0.7.5 2016-01-22 15:57:21 -08:00
Jimmy Cuadra d30d1aa277 Remove raw_pointer_derive lint. 2016-01-22 04:45:52 -08:00
Daniel Albert 74db7db560 Merge branch 'master' of https://github.com/sfackler/rust-openssl 2016-01-20 19:59:41 +00:00
Daniel Albert 6ae8298f2c Make all ffi structs' fields public 2016-01-12 17:46:35 +00:00
Cyberunner23 c0b9a4c8ec Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem() 2016-01-09 14:36:01 -05:00
Cyberunner23 be23ff3dce Added PEM_read_bio_RSAPrivateKey and PEM_read_bio_RSA_PUBKEY 2016-01-05 11:23:14 -05:00
Daniel Albert 5813ca371d Add RSA structs 2016-01-01 19:33:49 +00:00
Steven Fackler 926c8167be Release v0.7.4 2015-12-18 22:41:46 -08:00
Steven Fackler 5fa46d428d Release v0.7.3 2015-12-17 21:25:48 -08:00
Steven Fackler 13f7cfd9d8 Release v0.7.2 2015-12-15 19:41:57 -08:00
Steven Fackler 167008d247 Merge pull request #320 from uasi/add-variations-of-pbkdf2 
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
 2015-12-15 19:30:57 -08:00
Steven Fackler 514c5ec415 Merge pull request #309 from Geal/master 
Add support for Server Name indication (SNI) on the server's side
 2015-12-15 19:22:39 -08:00
Tomoki Aonuma b6647cc610 Put pbkdf2_hmac_{256,512}() behind feature gate 
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
 2015-12-10 23:00:49 +09:00
Tomoki Aonuma e9b8627af2 Add PBKDF2-HMAC-SHA256 and -SHA512 functions 2015-12-10 20:29:52 +09:00
Steven Fackler 91f8c542f7 Replace SslStream implementation! 2015-12-09 23:30:29 -08:00
Steven Fackler 9ee6f1c578 IT LIVES 2015-12-09 21:43:02 -08:00
Steven Fackler 4d883d488e Custom BIO infrastructure 2015-12-08 23:02:38 -08:00
Steven Fackler f79fd8cea9 Add BIO type definitions 2015-12-07 23:28:28 -08:00
Steven Fackler fce7cf4d36 Release v0.7.1 2015-11-28 16:14:58 -08:00
Geoffroy Couprie 7835ea1c90 Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers 2015-11-25 08:10:36 +01:00
Geoffroy Couprie dba3a0ced2 implement get/set ssl context 2015-11-24 17:11:00 +01:00
Geoffroy Couprie cb4263f91e test SNI support 2015-11-24 17:11:00 +01:00
Overmind JIANG 3c6c4a7b3d Fix a leak when using `EVP_PKEY_get1_RSA`. 
`EVP_PKEY_get1_RSA` returns a RSA structure with its reference count
increased by 1 and therefore we need to call `RSA_free` after finishing
using that value.
 2015-11-18 11:36:34 +08:00
Steven Fackler 82547f53d7 Release v0.7.0 2015-11-16 21:10:50 -08:00
Steven Fackler f36f610d07 Move HMAC_CTX_copy to sys-extras 2015-11-16 20:16:01 -08:00
Steven Fackler a8a10e64ad Split stuff requiring a shim out to a separate crate 2015-11-16 20:16:01 -08:00
Thom May 11e3b1b563 Provide public_decrypt, private_encrypt for PKEY 2015-10-28 18:15:55 +00:00
Jamie Turner c37767df8f Nonblocking streams support. 2015-10-20 23:14:26 -07:00
Jimmy Cuadra 214c3a60f0 Expose RSA_generate_key_ex. 2015-10-15 08:54:46 -07:00
Steven Fackler f318a2c84c Release v0.6.7 2015-10-14 22:25:35 -04:00
Steven Fackler 8f5b67fed4 Merge pull request #286 from jedisct1/use_certificate_chain 
Add set_certificate_chain_file()
 2015-10-13 09:26:18 -04:00
Steven Fackler 81bc1edb61 Merge pull request #284 from bheart/cfb-mode 
AES CFB-mode feature
 2015-10-12 21:18:27 -04:00
Frank Denis a28253ee7d Add set_certificate_chain_file() 
SSL_CTX_use_certificate_chain_file() is preferred over
SSL_CTX_use_certificate_file().

It allows the use of complete certificate chains instead of loading
only the first certificate in a PEM file.
 2015-10-12 20:54:00 +02:00
Will Tange acbcb49414 AES CFB{1,8,128} mode support 2015-10-11 20:09:36 +02:00
Steven Fackler 60ee731408 Merge pull request #277 from nixpulvis/read_public_pem 
Add public key PEM read function.
 2015-10-10 21:55:37 -04:00
Steven Fackler 677ed6ad1b Release v0.6.6 2015-10-05 22:34:32 +01:00
Steven Fackler 0ca71a98ff Clean up init stuff 2015-10-05 22:05:58 +01:00
Manish Goregaokar 6c810e7f9c Set threadid_func on linux/osx (fixes #281) 2015-10-05 21:43:49 +05:30
Nathan Lilienthal ffa9d330fd Add public key PEM read function. 2015-10-01 20:33:12 -04:00
Frank Denis 28320a65a7 Add SSL::set_ecdh_auto() 
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
 2015-09-25 13:15:37 +02:00
Steven Fackler b1b76f7913 Merge pull request #266 from jmesmon/alpn 
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
 2015-09-16 11:51:45 -07:00
Frank Denis 6666a1818a Add DH::from_pem() to load DH parameters from a file 2015-09-13 12:44:50 +02:00
Cody P Schafer 50c5042c70 ssl/npn+alpn: adjust protocol selection to fail if no protocols match 
The current behavior causes a server written using rust-openssl to (if
it cannot negotiate a protocol) fallback to the first protocol it has
avaliable.

This makes it impossible to detect protocol mismatches.

This updates our selection to be more similar to how openssl's
s_server behaves: non-matching protocols are not supplied with a
fallback.

Note that some setups may actually want a fallback protocol supplied
via ALPN. To support those cases, we should consider adding a generic
callback that allows protocol selection to be entirely controlled by
the programmer.

For the purposes of having a sane default, however, not supplying a
default (and mimicing s_server's behavior) is the best choice.
 2015-09-01 17:14:04 -04:00
Steven Fackler e28b73e1f6 Merge pull request #259 from jedisct1/dh 
Add support for DHE for forward secrecy
 2015-09-01 00:10:03 -04:00
Steven Fackler 7b0b70bd13 Release v0.6.5 2015-08-31 19:10:27 -07:00
Frank Denis 9add4e1001 Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy. 
rust-openssl didn't support forward secrecy at all.

This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.

With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::dh::DH;
    let dh = DH::get_2048_256().unwrap();
    ctx.set_tmp_dh(dh).unwrap();

With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::bn::BigNum;
    use openssl::dh::DH;
    let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
    let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
    let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
    let dh = DH::from_params(p, g, q).unwrap();
    ctx.set_tmp_dh(dh).unwrap();
 2015-08-31 23:12:57 +02:00
Steven Fackler dc8cba4822 Merge pull request #251 from ebarnard/evp_bytestokey 
Expose EVP_BytesToKey
 2015-08-23 13:37:55 -04:00
Edward Barnard 8067565707 Expose EVP_BytesToKey 
This is based on work by pyrho.
Closes #88
 2015-08-23 17:08:18 +07:00