4c3b3476f4
Merge pull request #675 from sdemos/master
...
added cms decryption
2017-08-09 14:20:51 -07:00
caf7b8ecbc
added cms decryption
2017-08-09 12:26:45 -07:00
16e8fbc31e
Fix EC_KEY_set_public_key_affine_coordinates
...
Previous definition incorrectly used `const` pointers but the
underpinning library definition (unfortunately) does not.
2017-08-09 13:34:08 +10:00
cfb4ea31d5
Support for EcKey creation from affine coordinates
...
Sets the public key for an EcKey based on its affine co-ordinates,
i.e. it constructs an EC_POINT object based on the supplied x and y
values and sets the public key to be this EC_POINT.
The initial usecase here is creating EcKey instances from JWK
representations as defined within RFC 7517.
2017-08-09 12:21:54 +10:00
c2164a4864
Add peer_cert_chain
2017-07-29 10:34:10 -07:00
01927c19ac
Initialize OpenSSL in DSA constructor
...
This fixes the double unlock errors that were popping up on circle
2017-07-25 21:59:52 -07:00
a02f039c0c
Fix build
2017-07-25 20:41:11 -07:00
82b1a12f35
Abort on bad unlock and safe core dumps
2017-07-25 20:35:29 -07:00
bf6dc28f0c
Release v0.9.15
2017-07-19 19:35:28 -07:00
43cacf00f5
Forbid LibreSSL 2.5.6+
2017-07-19 19:30:13 -07:00
453e641aa6
Support for LibreSSL 2.5.5
2017-07-17 20:29:35 +02:00
5e0146b10a
Test against libressl 2.6.0
2017-07-16 14:51:43 -07:00
bcd0dcafcb
Rustfmt
2017-07-15 21:46:11 -07:00
9290ed97c2
Merge pull request #657 from sfackler/rsa-pkcs1
...
Support PKCS#1 RSA public keys
2017-07-06 14:11:27 -10:00
88e277d49e
Inform cargo about which env vars we care about
2017-07-04 21:24:59 -07:00
279bffccf5
Merge pull request #641 from luser/psk
...
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-07-04 18:19:17 -10:00
51a226eb4b
Support PKCS#1 RSA public keys
...
Closes #656
2017-07-04 20:57:00 -07:00
aa5547cdab
Enable build on LibreSSL 5.6.0 development branch.
...
Without this, openssl-sys can't compile on OpenBSD-current. As far as I can
tell, the only differences with respect to LibreSSL 5.5.4 are additional exposed
functions: there do not appear to be any breaking changes. Certainly all the
test suites in the repository succeed with this commit.
2017-06-25 14:42:39 +01:00
575e682da3
Add PKey::private_key_from_der
2017-06-23 21:04:13 -07:00
223e8e3689
Release v0.9.14
2017-06-14 19:59:45 -07:00
6b50d8940d
for msvc abi builds, allow use of openssl libs from vcpkg
2017-06-07 09:56:06 -05:00
9ba96b80b1
remove unused dependencies on windows
2017-06-06 20:56:16 -05:00
98d343dd32
Fix for changes in OpenSSL 1.1.0f
2017-06-06 18:45:54 -04:00
4de58596d9
Make some changes for review comments
2017-06-02 08:20:03 -04:00
cba475b9ae
Release v0.9.13
2017-05-29 17:46:07 -07:00
16183f41f6
Expose PSK via a SslContextBuilder::set_psk_callback method
2017-05-26 14:51:04 -04:00
61c9ffddb6
Explicitly initialize OpenSSL 1.1.0
2017-05-20 16:01:53 -07:00
7d587e2c93
Rustfmt
2017-05-20 15:53:45 -07:00
4336d1d38c
Release v0.9.12
2017-05-12 11:47:46 -07:00
f2ecdbe709
Fix support for LibreSSL versions other than 2.5.0
2017-05-12 11:16:25 -07:00
67b5fd1c97
Support public key decode from DER
...
Closes #629
2017-05-06 16:40:33 -07:00
7e8a0a0dad
Expose the lower level SHA functions
...
These don't allocate so they're both infallible and significantly
faster.
2017-04-14 23:03:17 -07:00
429f7c869e
Release v0.9.11
2017-04-14 16:56:21 -07:00
b21046375a
(issues-600) Avoid compiling ec2m code against no-ec2m openssl
...
This commit avoids defining code that leads to undefined references when
compiling against an openssl built with no-ec2m.
2017-04-11 15:42:05 -07:00
e6a6ebb87d
Add new EC/PKEY methods to permit deriving shared secrets.
2017-04-10 15:40:36 -04:00
7c24224394
show help message when pkg-config is missing
2017-03-29 19:25:00 +08:00
42ad50ae67
Release v0.9.10
2017-03-26 10:49:04 -07:00
c8d1698f27
Logic to support client-side session reuse
2017-03-25 19:30:01 -07:00
f82f650953
Panic if lock managed by `locking_function` is doubly unlocked
...
Trying to unlock an unlocked lock is always an error and should
be treated as such.
This is related to #597 .
2017-03-16 22:14:58 +00:00
bf63f35dfb
Release v0.9.9
2017-03-14 12:55:36 -07:00
663547a758
(maint) Recreate ability to pass in OPENSSL_LIBS variable
...
Prior to this commit in 43c951f743
2017-03-13 19:18:54 -06:00
06b10a5753
Release v0.9.8
2017-03-09 20:33:17 +11:00
81362a4e79
scrypt support
...
Closes #586
2017-02-21 21:15:52 -08:00
268288337b
Expose more error information
2017-02-19 16:05:58 -08:00
ce2cfc56a6
fix versions for sys as well
2017-02-16 19:49:14 -08:00
f8298882a4
add set_verify_cert_store() to ssl ctx
2017-02-16 19:49:14 -08:00
19f3b8a11a
Support PKCS#8 private key deserialization
...
Closes #581
2017-02-14 19:37:25 -08:00
06065ddcee
Release v0.9.7
2017-02-11 14:34:37 -08:00
980a71a008
Fix for libressl
2017-02-11 10:42:25 -08:00
f2c69ae7e9
Merge remote-tracking branch 'origin/master' into x509-builder
2017-02-11 10:13:00 -08:00
1c25336520
Merge branch 'master' into x509_req_version_subject
2017-02-11 09:11:25 -08:00
03fe3015dc
X509 signature algorithm access
2017-02-10 21:37:33 -08:00
8e5735d84c
X509 signature access
2017-02-10 19:59:11 -08:00
a1d7956f82
Add Asn1BitString
2017-02-10 19:38:51 -08:00
30a634c877
Merge branch 'master' into x509_req_version_subject
2017-02-07 20:41:27 +01:00
5e3dd07ee4
Clean up pkg-config logic
...
Now that we're letting the C compiler track down headers this is no
longer necessary.
2017-02-03 20:17:22 -08:00
4900d3fe5d
Fixed constant names from openssl/rsa.h
...
Fixed PKeyCtxRef method that didn't need to be mutable.
Added non-mutable accessors for PKeyCtxRef for Signer and Verifier.
2017-01-31 11:59:59 -08:00
302ee77d32
Adding suggestions from review.
2017-01-30 16:51:10 -08:00
20eed1e762
Simplify code, so that openssl-sys really doesn't contain anything aside
...
from bindings
2017-01-30 15:04:44 -08:00
588fd33552
Testing first version that works with signer.
2017-01-30 15:04:44 -08:00
ddc0066211
Add the necessary constants to access the pkey ctx stuff.
2017-01-30 15:04:44 -08:00
0598561f0e
Macro-expand OpenSSL headers for feature checks
...
Closes #564
2017-01-28 20:22:18 -08:00
f5149eac5a
Add setters to new getter-functions in X509ReqRef
2017-01-27 20:55:40 +01:00
6a8f6f425f
Style changes according to review
2017-01-27 19:13:36 +01:00
557b936e27
Added X509ReqRef.subject_name and X509ReqRef.version
2017-01-26 21:05:33 +01:00
01e4667175
Make sure to not add system dirs to linkage
...
cc #447
2017-01-24 21:31:41 +01:00
591022a7fa
fix multi-version compat
2017-01-23 22:12:11 -08:00
540387d5ee
fix ptr types
2017-01-22 22:43:27 -08:00
225552b823
Merge branch 'master' of github.com:sfackler/rust-openssl
2017-01-22 22:24:45 -08:00
fbfecd63ae
add some documentation
2017-01-22 22:23:21 -08:00
52c7868bb6
add pkcs12_create and to_der funcs
2017-01-22 21:27:31 -08:00
722bdb6a4c
Merge pull request #550 from Keruspe/master
...
LibreSSL support improvements
2017-01-22 18:39:34 +00:00
54900976bb
Support EC_GROUP_set_asn1_flag
...
Closes #561
2017-01-22 10:44:59 +00:00
26e159a5f0
Support chacha20 and chacha20_poly1305
2017-01-21 11:12:02 +00:00
d353b36681
Support AES IGE
...
This is a special snowflake used only by Telegram apparently.
Closes #523
2017-01-21 09:41:13 +00:00
a1122197f8
Add categories
...
Closes #557
2017-01-20 16:35:43 +00:00
920ab0d6fb
OCSP functionality
2017-01-14 21:09:38 -08:00
9942643ab6
Release v0.9.6
2017-01-09 20:52:20 -08:00
192c08cdee
Adjust minimum pkg-config version
...
Closes #551
2017-01-07 13:13:53 -08:00
524e8e3c5a
libressl: mark unavailable flags as such
...
These flags are not available in libressl (at least for version 2.4.4 which is the last stable version)
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2017-01-05 16:15:25 +01:00
c6ea4f3e2a
Fix time type
2017-01-04 23:04:26 -08:00
404e0341d8
Provide master key access
2017-01-04 22:01:30 -08:00
5d53405597
Provide access to the session ID
2017-01-04 21:11:06 -08:00
1ffe574298
Add SSL_SESSION functions
2017-01-04 20:57:50 -08:00
336175990c
Add SSL_SESSION
2017-01-04 20:54:53 -08:00
cdf388e3f4
Release v0.9.5
2017-01-03 16:09:24 -08:00
6291407b17
Add X509::stack_from_pem
...
Implementation is a clone of SSL_CTX_use_certificate_chain_file
2017-01-03 14:56:00 -08:00
d9e3d6ea21
Improving missing OpenSSL message on Linux
2017-01-03 11:56:32 +01:00
9ff3ce4687
Use metadeps to specify pkg-config dependencies declaratively
...
This makes it easier for distribution packaging tools to generate
appropriate package dependencies.
2016-12-24 02:38:51 -08:00
762510a5fa
Release v0.9.4
2016-12-23 13:38:52 -05:00
7e035a7fd1
Merge pull request #538 from semarie/libressl
...
Add LibreSSL support
2016-12-22 11:59:19 -05:00
b3526cbd2b
Add LibreSSL 2.5.0 support
2016-12-21 09:27:12 +01:00
53c470c71a
duplicate ossl10x.rs to libressl.rs
2016-12-21 08:39:25 +01:00
3cfcf13880
Merge branch 'master' of github.com:sfackler/rust-openssl
2016-12-20 14:30:56 -08:00
b090804227
Allow OPENSSL_{LIB,INCLUDE}_DIR to override OPENSSL_DIR
2016-12-12 17:51:35 +00:00
791f2c8f4d
Release v0.9.3
2016-12-09 21:54:06 -08:00
26cefe7d97
Switch to docs.rs for docs
2016-12-09 21:52:43 -08:00
0850f605b1
Use EVP_bf_cfb64 instead of EVP_bf_cfb
2016-12-09 18:42:10 +00:00
0081665339
Add Blowfish support
2016-12-09 17:06:15 +00:00
0602712bf4
Release v0.9.2
2016-11-27 22:23:32 -08:00
e929e09216
Add EcPoint::invert
2016-11-14 22:02:47 +01:00
e9e58b27dc
Remove EC_METHOD functions
...
Some appear not to be defined anywhere and they're not used anyway
2016-11-13 22:14:10 +00:00
82eb3c4f51
Add EcKey::check_key
2016-11-13 22:10:52 +00:00
35f11d555e
More functionality
2016-11-13 22:06:18 +00:00
1a52649516
More functionality
2016-11-13 20:46:01 +00:00
b2de36049a
Add Some more elliptic curve functionality
2016-11-13 20:19:38 +00:00
48c0009418
Macroise from_der
2016-11-13 17:06:50 +00:00
b0415f466c
Macroise to_der
2016-11-13 16:52:19 +00:00
387e78257b
Support serialization of encrypted private keys
...
Switch to PEM_write_bio_PKCS8PrivateKey since the other function outputs
nonstandard PEM when encrypting.
2016-11-13 16:09:52 +00:00
08e0c4ca90
Some serialization support for EcKey
2016-11-13 15:02:38 +00:00
796d7b4deb
Add constructors for various standard primes
2016-11-12 14:20:43 +00:00
96d24c8957
Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto}
2016-11-12 13:45:54 +00:00
563754fb08
Add SslContextBuilder::set_tmp_{ec,}dh_callback
2016-11-12 12:43:44 +00:00
9b5c62b053
Add PKey::bits
2016-11-12 11:00:15 +00:00
7c9afd8c99
Fix function signature
2016-11-12 10:29:31 +00:00
26a3358a2b
Add basic X509_STORE access
...
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.
Closes #394
2016-11-12 00:24:12 +00:00
6b7279eb52
Consistently support both PEM and DER encodings
...
Closes #500
2016-11-11 20:10:10 +00:00
15490a43e3
Add EcKey <-> PKey conversions
...
Closes #499
2016-11-11 19:17:38 +00:00
32cbed0782
PKey <-> DH conversions
...
Closes #498
2016-11-11 19:04:54 +00:00
609a09ebb9
Add PKey::dsa
...
Closes #501
2016-11-11 18:52:37 +00:00
0d2d4865e5
Release v0.9.1
2016-11-11 16:45:22 +00:00
203a02c3e6
Actually support AES GCM
...
This is an AEAD cipher, so we need some extra functionality. As another
bonus, we no longer panic if provided an IV with a different length than
the cipher's default.
2016-11-08 20:35:21 +00:00
d78acc729b
Add an X509ReqBuilder
2016-11-07 20:42:43 +00:00
597d05b8f8
Add stack creation and push
2016-11-06 23:46:42 -08:00
5f18ffa4b3
Start of extension support
2016-11-06 21:58:43 -08:00
1939e6fd78
Add conf module
2016-11-06 14:49:26 -08:00
b83edbad0d
Start on an X509Builder
2016-11-06 14:07:34 -08:00
1edb6f682e
Support client CA advertisement
2016-11-06 12:17:14 -08:00
a4e0581e4f
Fix build on 1.0.1
2016-11-06 11:57:50 -08:00
bcb7b3f5dc
Add accessors for cert and private key
...
Closes #340
2016-11-06 10:46:38 -08:00
c2bf8acad8
Provide a tailored error message on Linux
...
I just ran into a case where I installed OpenSSL in a docker container but I
forgot to install pkg-config. Right now openssl-sys relies on pkg-config, so
print out a nice error about this.
2016-11-05 22:55:25 -07:00
72ac2a0105
Release v0.9.0
2016-11-05 20:05:50 -07:00
fb9420fc91
Always dump openssl confs
2016-11-04 21:15:07 -07:00
91fd58b4c2
More buildscript tweaks
2016-11-04 21:10:49 -07:00
9198bcda3a
Improve buildscript logic
2016-11-04 21:08:34 -07:00
62a9f89fce
Avoid lhash weirdness
2016-11-03 20:38:51 -07:00
7f308aa5e1
Fix signature
2016-11-02 08:26:18 -07:00
aa0040125b
Use built in DH parameters when available
...
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
2016-11-01 22:50:22 -07:00
176348630a
Don't clear BigNums in destructor
...
Instead add a clear method.
2016-11-01 21:59:07 -07:00
343ce159ec
Fix stack signatures
2016-11-01 19:51:55 -07:00
c776534ad4
Clean up stack
2016-11-01 19:25:40 -07:00
77b76ed8a8
Merge pull request #506 from simias/stack
...
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
2016-11-01 18:59:35 -07:00
8d0090faec
Implement X509StoreContextRef::get_chain
2016-11-01 21:23:18 +01:00
3bdefa987a
Implement a generic Stack API to deal with OpenSSL stacks
2016-11-01 21:23:13 +01:00
9ea27c12b9
Add method to encode a public key as a DER blob
2016-11-01 17:34:21 +01:00
dc4098bdd8
Clean up x509 name entries
2016-10-31 22:43:05 -07:00
cd7fa9fca2
Update x509
2016-10-31 20:54:34 -07:00
16e398e005
Update verify
2016-10-31 20:19:59 -07:00
558124b755
Expose SSL_MODEs
2016-10-30 22:02:26 -07:00
677718f8da
Configure ECDH parameters in connector
2016-10-30 13:38:09 -07:00
8c58ecc2fa
Implement EcKey
...
cc #499
2016-10-30 13:17:20 -07:00
781417d50f
Add a macro definition
2016-10-27 19:12:55 -07:00
bea53bb39b
Support AES GCM
...
Closes #326
2016-10-25 20:59:33 -07:00
39279455c8
Add a shutdown method
2016-10-25 20:40:18 -07:00
04fc853ee3
Remove NIDs only defined in 1.0.2+
2016-10-23 09:16:20 -07:00
2fd201d9c3
De-enumify Nid
2016-10-22 10:08:32 -07:00
5ab037f056
Allow the X509 verify error to be read from an SslRef
2016-10-18 22:21:06 -07:00
cfd5192a7d
De-enumify X509ValidationError
...
Also make it an Error.
Closes #352 .
2016-10-18 22:10:37 -07:00
c4459c37d9
Callback cleanup
2016-10-18 21:13:13 -07:00
6609a81685
Migrate DSA sign/verify to EVP APIs
2016-10-15 15:02:02 -07:00
228b8fbc5b
Correctly bind BIO_new_mem_buf
2016-10-15 13:39:47 -07:00
bb23b33829
Fix signature of EVP_DigestVerifyFinal on 1.0.1
2016-10-15 12:24:20 -07:00
6ae472487f
Support HMAC PKeys and remove hmac module
2016-10-15 11:06:11 -07:00
b564cb5db7
Add digest signature methods
2016-10-15 09:48:34 -07:00
64b8e5e553
Merge pull request #471 from sfackler/no-comp
...
Handle OPENSSL_NO_COMP
2016-10-14 23:09:11 -07:00
ba997c590e
Prefer 1.1 when looking for Homebrew installs
2016-10-14 22:55:44 -07:00
7ac0599638
Fix test_alpn_server_select_none
...
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.
While we're in here, adjust the Display impl to match what OpenSSL
prints out.
Closes #465
2016-10-14 22:01:21 -07:00
f520aa2860
Handle OPENSSL_NO_COMP
...
Closes #459
2016-10-14 20:50:45 -07:00
d7a433bdef
Respect osslconf in systest
...
Also cfg off SSLv3_method, since it's disabled in the OpenSSL that ships
with Arch Linux. More such flags can be added on demand - it doesn't
seem worth auditing everything for them.
2016-10-14 19:16:08 -07:00
d976b8f595
Enable hostname verification on 1.0.2
2016-10-14 18:56:15 -07:00
af51b263b1
Support hostname verification
...
Closes #206
2016-10-14 17:39:31 -07:00
ae282a78e2
Remove link_name usage
2016-10-14 16:15:50 -07:00
b610e01793
Flag off dtls and mask ssl_ops
...
Also un-feature gate npn as it ships with 1.0.1
2016-10-13 19:06:53 -07:00
af3e06d3e8
Add remaining SSL_OP constants
2016-10-12 22:50:08 -07:00
43c951f743
Add support for OpenSSL 1.1.0
...
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:
* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
* Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
* Better error messages for mismatched versions.
* Better error messages for failing to find OpenSSL on a platform (more can be
done here)
* Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
crate.
* Many Cargo features have been removed as they're now enabled by default.
As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!
Closes #452
2016-10-12 22:49:55 -07:00
44ed665f02
Add RAND_status()
...
RAND_status() returns 1 if the PRNG has been seeded with enough data, 0 otherwise.
2016-10-01 13:42:13 +02:00
4cc55b65e0
Add RSA_*_PADDING constants
2016-10-01 13:39:33 +02:00
4718a88e04
Release openssl-sys v0.7.17, openssl v0.8.2
2016-08-18 12:59:22 -07:00
cd69343d67
Fix SslContext::add_extra_chain_cert
...
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
2016-08-17 19:30:57 -07:00
96b1ef829c
Add `"x509_expiry"` feature flag
...
- fix return of `ASN1_TIME_print`
- assert on null `date`
2016-08-17 01:23:54 -04:00
f9cd4bff1f
Progress on asn1 expiry
...
- Use MemBio and implement `Display` for Asn1Time
- Tweak doc for asn1 `not_before`, `not_after`
2016-08-17 01:23:54 -04:00
629f638f08
Release openssl-sys v0.7.16, openssl v0.8.1
2016-08-15 18:44:57 -07:00
912f7499cd
Initialize algorithms in init
...
Required to deserialize PKCS12 on 0.9.8, looks like
2016-08-14 12:51:33 -07:00
e5299fd7c9
Fix memory leak in general name stack
2016-08-14 11:16:53 -07:00
6b12a0cdde
PKCS #12 support
2016-08-14 11:11:26 -07:00
773a6f0735
Start on PKCS #12 support
2016-08-14 10:11:38 -07:00
2e8f19ca2f
Release openssl-sys v0.7.15, openssl v0.8.0
2016-08-11 21:00:43 -07:00
207d8e6b30
Undelete bogus extern declaration
...
Old rust-openssl versions rely on it being there
2016-08-10 22:16:58 -07:00
0cc863e857
Use new target syntax for windows stuff
2016-08-10 22:13:17 -07:00
35c79d1768
Fix build
2016-08-09 23:13:56 -07:00
67b5b4d814
Make hmac support optional and remove openssl-sys-extras
...
rust-openssl no longer requires headers for the default feature set.
2016-08-09 22:52:12 -07:00
a8224d199b
symm reform
2016-08-08 23:10:03 -07:00
522447378e
Copy over getter macros
2016-08-08 20:37:48 -07:00
bf07dd9a4e
Remove symm_internal
2016-08-08 20:26:04 -07:00
6b1016c86e
Add PKey::from_rsa
2016-08-07 22:56:44 -07:00
2a3e9a2856
Add RSA::generate
2016-08-07 22:35:37 -07:00
7855f428aa
PKey reform
...
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
2016-08-07 20:38:46 -07:00
7ca5ccf064
Hash reform
...
Closes #430
2016-08-07 16:29:36 -07:00
c47be8b14b
Move SSL_CTX_set_ecdh_auto to -sys
2016-08-04 22:52:40 -07:00
ee67ea8ea0
Mvoe SSL_CTX_add_extra_chain_cert to -sys
2016-08-04 22:46:47 -07:00
Steven Fackler