4016edd4de
add EVP_PKEY_copy_parameters to FFI
...
copy EVP_PKEY params in PKey::clone
test that PKey::clone creates a copy
2016-04-06 19:39:50 -04:00
e0412850ec
Release v0.7.8
2016-03-18 08:54:12 -07:00
a569df29f4
Release v0.7.7
2016-03-17 09:04:23 -07:00
23fd427900
Merge pull request #353 from bluejekyll/master
...
adding functionality to directly get and set RSA public key material
2016-03-05 13:57:53 -08:00
04cbf049c0
Add SSL_get_version
2016-02-29 20:14:48 +00:00
ef95223d26
adding functionality to directly get and set RSA key material
2016-02-17 23:18:42 -08:00
1e9667ea89
Add support for SSL_CIPHER
2016-02-17 22:38:32 +00:00
3df4c479c9
Release v0.7.6
2016-02-10 09:36:00 -08:00
18e7e2455c
Merge pull request #330 from esclear/master
...
Add a interface to RSA structs
2016-01-22 19:07:38 -08:00
2ece5b1039
Release v0.7.5
2016-01-22 15:57:21 -08:00
d30d1aa277
Remove raw_pointer_derive lint.
2016-01-22 04:45:52 -08:00
74db7db560
Merge branch 'master' of https://github.com/sfackler/rust-openssl
2016-01-20 19:59:41 +00:00
6ae8298f2c
Make all ffi structs' fields public
2016-01-12 17:46:35 +00:00
c0b9a4c8ec
Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem()
2016-01-09 14:36:01 -05:00
be23ff3dce
Added PEM_read_bio_RSAPrivateKey and PEM_read_bio_RSA_PUBKEY
2016-01-05 11:23:14 -05:00
5813ca371d
Add RSA structs
2016-01-01 19:33:49 +00:00
926c8167be
Release v0.7.4
2015-12-18 22:41:46 -08:00
5fa46d428d
Release v0.7.3
2015-12-17 21:25:48 -08:00
13f7cfd9d8
Release v0.7.2
2015-12-15 19:41:57 -08:00
167008d247
Merge pull request #320 from uasi/add-variations-of-pbkdf2
...
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-15 19:30:57 -08:00
514c5ec415
Merge pull request #309 from Geal/master
...
Add support for Server Name indication (SNI) on the server's side
2015-12-15 19:22:39 -08:00
b6647cc610
Put pbkdf2_hmac_{256,512}() behind feature gate
...
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
2015-12-10 23:00:49 +09:00
e9b8627af2
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
2015-12-10 20:29:52 +09:00
91f8c542f7
Replace SslStream implementation!
2015-12-09 23:30:29 -08:00
9ee6f1c578
IT LIVES
2015-12-09 21:43:02 -08:00
4d883d488e
Custom BIO infrastructure
2015-12-08 23:02:38 -08:00
f79fd8cea9
Add BIO type definitions
2015-12-07 23:28:28 -08:00
fce7cf4d36
Release v0.7.1
2015-11-28 16:14:58 -08:00
7835ea1c90
Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers
2015-11-25 08:10:36 +01:00
dba3a0ced2
implement get/set ssl context
2015-11-24 17:11:00 +01:00
cb4263f91e
test SNI support
2015-11-24 17:11:00 +01:00
3c6c4a7b3d
Fix a leak when using `EVP_PKEY_get1_RSA`.
...
`EVP_PKEY_get1_RSA` returns a RSA structure with its reference count
increased by 1 and therefore we need to call `RSA_free` after finishing
using that value.
2015-11-18 11:36:34 +08:00
82547f53d7
Release v0.7.0
2015-11-16 21:10:50 -08:00
f36f610d07
Move HMAC_CTX_copy to sys-extras
2015-11-16 20:16:01 -08:00
a8a10e64ad
Split stuff requiring a shim out to a separate crate
2015-11-16 20:16:01 -08:00
11e3b1b563
Provide public_decrypt, private_encrypt for PKEY
2015-10-28 18:15:55 +00:00
c37767df8f
Nonblocking streams support.
2015-10-20 23:14:26 -07:00
214c3a60f0
Expose RSA_generate_key_ex.
2015-10-15 08:54:46 -07:00
f318a2c84c
Release v0.6.7
2015-10-14 22:25:35 -04:00
8f5b67fed4
Merge pull request #286 from jedisct1/use_certificate_chain
...
Add set_certificate_chain_file()
2015-10-13 09:26:18 -04:00
81bc1edb61
Merge pull request #284 from bheart/cfb-mode
...
AES CFB-mode feature
2015-10-12 21:18:27 -04:00
a28253ee7d
Add set_certificate_chain_file()
...
SSL_CTX_use_certificate_chain_file() is preferred over
SSL_CTX_use_certificate_file().
It allows the use of complete certificate chains instead of loading
only the first certificate in a PEM file.
2015-10-12 20:54:00 +02:00
acbcb49414
AES CFB{1,8,128} mode support
2015-10-11 20:09:36 +02:00
60ee731408
Merge pull request #277 from nixpulvis/read_public_pem
...
Add public key PEM read function.
2015-10-10 21:55:37 -04:00
677ed6ad1b
Release v0.6.6
2015-10-05 22:34:32 +01:00
0ca71a98ff
Clean up init stuff
2015-10-05 22:05:58 +01:00
6c810e7f9c
Set threadid_func on linux/osx ( fixes #281 )
2015-10-05 21:43:49 +05:30
ffa9d330fd
Add public key PEM read function.
2015-10-01 20:33:12 -04:00
28320a65a7
Add SSL::set_ecdh_auto()
...
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
2015-09-25 13:15:37 +02:00
b1b76f7913
Merge pull request #266 from jmesmon/alpn
...
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
2015-09-16 11:51:45 -07:00
6666a1818a
Add DH::from_pem() to load DH parameters from a file
2015-09-13 12:44:50 +02:00
50c5042c70
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
...
The current behavior causes a server written using rust-openssl to (if
it cannot negotiate a protocol) fallback to the first protocol it has
avaliable.
This makes it impossible to detect protocol mismatches.
This updates our selection to be more similar to how openssl's
s_server behaves: non-matching protocols are not supplied with a
fallback.
Note that some setups may actually want a fallback protocol supplied
via ALPN. To support those cases, we should consider adding a generic
callback that allows protocol selection to be entirely controlled by
the programmer.
For the purposes of having a sane default, however, not supplying a
default (and mimicing s_server's behavior) is the best choice.
2015-09-01 17:14:04 -04:00
e28b73e1f6
Merge pull request #259 from jedisct1/dh
...
Add support for DHE for forward secrecy
2015-09-01 00:10:03 -04:00
7b0b70bd13
Release v0.6.5
2015-08-31 19:10:27 -07:00
9add4e1001
Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.
...
rust-openssl didn't support forward secrecy at all.
This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.
With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::dh::DH;
let dh = DH::get_2048_256().unwrap();
ctx.set_tmp_dh(dh).unwrap();
With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::bn::BigNum;
use openssl::dh::DH;
let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
let dh = DH::from_params(p, g, q).unwrap();
ctx.set_tmp_dh(dh).unwrap();
2015-08-31 23:12:57 +02:00
dc8cba4822
Merge pull request #251 from ebarnard/evp_bytestokey
...
Expose EVP_BytesToKey
2015-08-23 13:37:55 -04:00
8067565707
Expose EVP_BytesToKey
...
This is based on work by pyrho.
Closes #88
2015-08-23 17:08:18 +07:00
4cb68efd99
Merge pull request #253 from manuels/master
...
Add get_state_string()
2015-08-19 02:31:15 -04:00
3fe3d57976
Add get_state_string()
2015-08-17 19:01:43 +02:00
769b8312d8
Merge pull request #240 from jethrogb/topic/x509_req_extension
...
Implement certificate extensions for certificate requests
2015-08-15 16:04:42 -04:00
a10604e15d
Merge pull request #243 from manuels/master
...
Fix probelms with DTLS when no packets are pending.
2015-08-02 22:27:19 -04:00
02dc3eda2f
Merge pull request #242 from awelkie/master
...
Added AES CTR-mode under feature flag.
2015-08-02 22:25:09 -04:00
ab7bfad225
Add function to write RSA public key as PEM
2015-07-23 22:30:07 -07:00
a43011d77c
Fix probelms with DTLS when no packets are pending.
...
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3
2015-07-18 13:00:34 +02:00
b478c29151
Added AES CTR-mode under feature flag.
2015-07-15 20:45:18 -04:00
90dd54b541
Implement certificate extensions for certificate requests
2015-07-08 13:37:35 -07:00
0cb4368ef8
Merge pull request #221 from jethrogb/topic/ssl_options
...
Several SSL option fixes
2015-07-08 10:20:33 -07:00
3229296105
Merge pull request #233 from jethrogb/topic/x509_extension
...
Allow setting of arbitrary X509 extensions
2015-07-08 03:10:40 -04:00
cc497b4768
Release v0.6.4
2015-07-06 11:09:03 -07:00
aeefa364b7
Decouple C SSL Option bit flags from Rust version
...
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
2015-07-01 21:49:11 -07:00
b46574b635
Add arbitrary X509 extensions by OID string
2015-07-01 00:18:45 -07:00
01e01e3747
ssl: support ALPN
...
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
2015-06-29 10:58:45 -04:00
0cff370f1d
Reduce SslStream constructor duplication
2015-06-27 21:40:00 -07:00
9d0acfe615
Fix set_hostname
...
It was previously failing to null terminate the hostname string (was
anyone actually using this?). Also move the macro expansion to the C
shim.
2015-06-27 19:37:45 -07:00
cb7248d8cb
Import shim'd HMAC stuff with the original name
2015-06-27 15:23:19 -07:00
d0b769c93c
Move macro replicas into C shim
2015-06-27 15:11:11 -07:00
524c1e63aa
Release v0.6.3
2015-06-25 23:22:04 -07:00
c8d23f37a4
Fix EOF handling in retry wrapper
2015-06-25 22:47:53 -07:00
c1232f3035
Implement limited X509_REQ functionality
2015-05-28 00:22:14 -07:00
d723481f77
Fix doc root
2015-05-13 16:31:27 -07:00
8a9aa0c657
Merge pull request #210 from manuels/pending
...
Add SslStream.pending()
2015-05-05 22:57:14 -04:00
fb2822d5c7
Merge pull request #201 from manuels/pkey_cmp
...
Add comparison for PKeys
2015-05-04 10:19:13 -07:00
c8fae312ad
Add SslStream.pending()
2015-04-30 20:00:30 +02:00
c55d410829
Fixes for Native Client.
2015-04-18 23:03:11 -05:00
123d400277
Add comparison for PKeys
2015-04-16 17:14:21 +02:00
7db00b97ba
Add X509::public_key()
2015-04-15 22:59:07 +02:00
912cacf4bc
Fix rebase errors
2015-04-06 12:26:10 +02:00
dbef985e32
Move connected_socket to its own crate and fix SSL_CTX_set_read_ahead()
2015-04-06 12:23:11 +02:00
664600eadf
Add DTLSv1 and DTLSv1.2 support
2015-04-06 12:22:50 +02:00
5408b641dd
Add connect() support for UDP sockets
2015-04-06 12:14:36 +02:00
b6c5c113f5
Add SslContext::add_extra_chain_cert()
2015-04-03 14:34:24 +02:00
632d8398cf
Add ability to load private keys from files and use raw keys and certificates for SslContext
2015-04-03 14:34:24 +02:00
b42202b858
Change SslVerifyMode to bitflags and add SSL_VERIFY_FAIL_IF_NO_PEER_CERT
...
SslVerifyMode was changed to bitflags to allow for bitwise operations
like (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT).
2015-04-03 14:34:24 +02:00
293f1ce5b1
Fixup for beta
...
Add derive(Clone) and don't negate unsigned numbers
2015-04-02 18:14:51 -07:00
24b876521b
rustup: changes to io::Error
2015-04-02 11:12:18 -07:00
5a80cc8aae
Update to rust master
2015-03-25 10:51:28 -07:00
f09cfdfdd5
openssl-sys: Add TLS extension constants
2015-03-23 08:14:47 +01:00
b96bbf6961
openssl-sys: Add NPN functions and constants
2015-03-23 08:14:47 +01:00
2560ccb330
Remove usage of unstable features in openssl-sys
2015-03-16 11:05:29 -07:00
a65b03c89e
Fix warnings
2015-03-10 19:38:44 -07:00
8b8736fb46
Merge pull request #172 from reaperhulk/add-ssl-ctx-set-get-options
...
add support for SSL_CTX_set_options and SSL_CTX_get_options
2015-03-07 08:43:30 -08:00
1c9b8a029b
Cut down on unstable features in openssl-sys
...
* Move from `old_path` to `path` (leveraging the `fs` feature as well)
* Move from `StaticMutex` to `Mutex<()>` as they're dynamically initialized
2015-03-04 14:14:05 -08:00
1b4a2eef0e
Switch to cargo liblibc
2015-02-24 21:47:30 -08:00
8940bd767b
add support for SSL_CTX_clear_options and use bitflags
2015-02-23 19:39:23 -06:00
06ba41ad47
add support for SSL_CTX_set_options and SSL_CTX_get_options
...
fixes #168
2015-02-22 15:45:00 -06:00
6bfc4d986b
Fix warnings
2015-02-19 09:13:22 -08:00
bb2fe87d03
Fix debuginfo ICE for now
2015-02-19 07:39:40 -08:00
2fa1571e2e
Remove deprecated functions from openssl-sys
2015-02-13 23:31:00 -08:00
6ef819f971
Fix builds against 0.9.x OpenSSL
...
Namely builds on OSX
2015-02-08 23:31:46 -08:00
ec65b0c67b
Move docs to this repo and auto build
2015-02-07 21:30:05 -08:00
d06f226b3f
Fix deprecation warnings in openssl-sys
2015-02-05 21:04:18 -08:00
2bcd67f568
Declare the use of unstable libstd APIs
2015-02-01 14:56:07 +02:00
eb7b7bf847
Change Hasher and HMAC APIs closer to std::hash model
...
- Implement Clone and std::io::Writer.
- Reduce the API to write() and finish(). Contrary to std::hash, finish() resets the hasher immediately.
- Add hmac::hmac() convenience fn.
- Replace hash::evpmd() with HashType methods.
- Add assertions as a crude check for failed calls into openssl.
- Add examples and some tests.
[breaking-change]
2015-01-28 21:51:12 +02:00
cb0898df37
Bring ffi definitions closer to the originals
...
Add missing return types and fix imprecise type translations.
Repair the fallout in the openssl crate.
2015-01-21 21:56:56 +02:00
c49816055a
Fix ffi: `BN_hex2bn` and `BN_dec2bn` shall take `*const c_char` as parameter
...
`c_char` is not `i8` on all platforms
2015-01-12 20:44:59 +00:00
9dfeea6ca9
Update to rust master
2015-01-09 08:12:39 -08:00
fde7fbd03b
Merge remote-tracking branch 'upstream/master'
2015-01-03 19:31:14 -05:00
2f24d8e771
Fix deprecation warnings
2015-01-03 08:31:57 -08:00
2e2fde4b1a
Added BN_add_word, BN_sub_word, BN_mul_word, BN_div_word.
...
Removed BIGNUM_PTR struct.
2015-01-02 18:47:29 -05:00
077846fdb1
Merge remote-tracking branch 'upstream/master'
2015-01-02 15:43:02 -05:00
ef8b8f7ead
Merge pull request #134 from DiamondLovesYou/master
...
OpenSSL-sys: Cfg off target_os instead off feature.
2015-01-02 11:13:11 -05:00
afffffc730
Array syntax fallout
2015-01-02 13:51:26 +02:00
8a7e7b67d8
OpenSSL-sys: Cfg off target_os instead off feature.
...
It seems cargo doesn't provide --cfg entries for dep crates after all.
2015-01-02 03:37:35 -06:00
dfdd4c0e4f
Change to use updated Mutex API in latest Rust master.
2014-12-30 16:39:49 -08:00
fa32bc950b
Added Copy impl.
2014-12-23 15:50:29 -05:00
156fc65eb0
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
openssl-sys/src/lib.rs
2014-12-23 15:14:27 -05:00
e2fa62e2ae
Replaced now removed NativeMutex with StaticMutex, and fixed Neg
...
implementation for BigNum.
2014-12-21 08:52:12 -05:00
38682821ad
Added BigNum::{from_dec_str,from_hex_str}, BN_dec2bn, and BN_hex2bn.
2014-12-14 10:02:18 -05:00
c1e225563d
Clean up Copy impls a bit
2014-12-11 09:04:27 -08:00
c922090075
Update to nightly: explicit Copy trait
2014-12-11 13:44:37 +02:00
fb1c815274
Merge remote-tracking branch 'upstream/master'
2014-12-10 22:09:20 -05:00
33f3c966ac
Added mod_word.
2014-12-10 22:08:32 -05:00
6d2f8d67f2
Add the openssl function prototype 'HMAC_CTX_cleanup'.
2014-12-10 22:25:32 +01:00
0dff5268de
Add a feature to openssl-sys to cause it to build a local copy of libressl for
...
use instead of whatever pkg-config says (which in the case of crosses, is almost
certainly incorrect). This is for PNaCl.
2014-12-09 00:04:06 -06:00
08d1f2e629
Drop execute bit on file
2014-11-28 14:04:33 -08:00
5fafe4fc60
Hasher: static contract checking, context reuse
...
- Store EVP_MD_CTX in a separate struct.
- Add with_context() constructor that uses an existing context.
- Switch to EVP_Digest(Init|Final)_ex for efficient context reuse.
- Make update() borrow &mut self.
- Make finalize() consume self. Add finalize_reuse() that also returns the
context which can be passed to from_context() constructor for reuse.
These changes let the type system prevent illegal calls to update() and
finalize().
2014-11-26 21:38:06 +02:00
762331eb2b
Sync is now part of the standard library
2014-11-26 16:04:10 +01:00
c6696eb029
sys: add SSL_get_peer_certificate()
2014-11-24 15:40:48 -05:00
9951cb2bda
sys: add some methods for dealing with x509 certs
2014-11-24 15:38:25 -05:00
381a9b6e51
sys (and bn): make CRYPTO_free() take a *mut c_void insead of a *const c_char
...
CRYPTO_free() ends up being used for a variety of types of data, not just
c_char. And it essentially takes full ownership of the type, making
*mut appropriate.
With this change it also more closely (exactly) matches the C defintion:
void CRYPTO_free(void *ptr);
2014-11-24 15:38:04 -05:00
0cc749d3fc
Runtime fallout
2014-11-21 11:57:48 +02:00
b9e3ed50ad
Baseline server support
...
Allows calling SSL_accept() instead of SSL_connect() when creating an
SslStream.
2014-11-19 15:23:31 -05:00
5258ce6ece
Move AES XTS support to a feature
2014-11-16 14:01:24 -08:00
287d402042
Add XTS-AES mode
2014-11-14 12:22:34 -08:00
b60d140d3d
New build system
2014-11-13 15:17:00 +02:00
Kevin King