min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,557 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

1300 Commits

Author SHA1 Message Date
Steven Fackler 7e035a7fd1 Merge pull request #538 from semarie/libressl 
Add LibreSSL support
 2016-12-22 11:59:19 -05:00
Sébastien Marie a70e27ae64 Add Travis build against LibreSSL 2016-12-21 09:27:21 +01:00
Sébastien Marie b3526cbd2b Add LibreSSL 2.5.0 support 2016-12-21 09:27:12 +01:00
Alex Crichton 8e01f8d250 Handle zero-length reads/writes 
This commit adds some short-circuits for zero-length reads/writes to
`SslStream`. Because OpenSSL returns 0 on error, then we could mistakenly
confuse a 0-length success as an actual error, so we avoid writing or reading 0
bytes by returning quickly with a success.
 2016-12-20 15:52:18 -08:00
Steven Fackler 791f2c8f4d Release v0.9.3 2016-12-09 21:54:06 -08:00
Steven Fackler 26cefe7d97 Switch to docs.rs for docs 2016-12-09 21:52:43 -08:00
Steven Fackler 152d788998 Fix ErrorStack display 2016-12-09 21:32:41 -08:00
0xa 5340895249 Add Blowfish tests 2016-12-09 21:31:26 +00:00
0xa 0850f605b1 Use EVP_bf_cfb64 instead of EVP_bf_cfb 2016-12-09 18:42:10 +00:00
0xa 0081665339 Add Blowfish support 2016-12-09 17:06:15 +00:00
Steven Fackler 0602712bf4 Release v0.9.2 2016-11-27 22:23:32 -08:00
Steven Fackler 146512099b Implement Clone for SslConnector and SslAcceptor 2016-11-27 21:35:35 -08:00
Steven Fackler 234f126d7d Cleanup 2016-11-27 21:00:59 -08:00
Steven Fackler 8b60d4a3c2 Return Option from group 2016-11-16 15:45:15 -08:00
Steven Fackler e58dda8990 Remove EcGroup constructors 
You also need a generator and possibly other stuff. Let's hold off on
construction until someone has a concrete requirement for them.
 2016-11-16 13:53:03 +01:00
Steven Fackler 7515510125 Test elliptic curve signatures 2016-11-15 22:06:20 +01:00
Steven Fackler ec0fa36714 Add a test for mul_generator 2016-11-15 21:24:34 +01:00
Steven Fackler b914f779e8 Turns out yet another variant of EC_POINT_mul is allowed! 2016-11-15 21:20:06 +01:00
Steven Fackler 6794a45d60 Rename ec_key to ec 2016-11-14 22:37:01 +01:00
Steven Fackler 90acfaea51 Split EcKey::mul 2016-11-14 22:08:04 +01:00
Steven Fackler e929e09216 Add EcPoint::invert 2016-11-14 22:02:47 +01:00
Steven Fackler 4c60aa005d Fix non-static EcGroup method locations 2016-11-14 19:20:08 +01:00
Steven Fackler 82eb3c4f51 Add EcKey::check_key 2016-11-13 22:10:52 +00:00
Steven Fackler 35f11d555e More functionality 2016-11-13 22:06:18 +00:00
Steven Fackler 1a52649516 More functionality 2016-11-13 20:46:01 +00:00
Steven Fackler 3d31539ba9 Public keys are not always present 2016-11-13 20:31:44 +00:00
Steven Fackler 0d0b5080e2 Rename new_by_curve_name to from_curve_name 2016-11-13 20:21:44 +00:00
Steven Fackler b2de36049a Add Some more elliptic curve functionality 2016-11-13 20:19:38 +00:00
Steven Fackler 7dbef567e6 Remove some stray manual impls 2016-11-13 18:00:42 +00:00
Steven Fackler ccef9e339d Macroise from_pem 2016-11-13 17:56:48 +00:00
Steven Fackler df9666c334 Macroise to_pem 2016-11-13 17:42:45 +00:00
Steven Fackler 48c0009418 Macroise from_der 2016-11-13 17:06:50 +00:00
Steven Fackler b0415f466c Macroise to_der 2016-11-13 16:52:19 +00:00
Steven Fackler ed9f600e28 Make password callback return a Result 2016-11-13 16:18:52 +00:00
Steven Fackler 387e78257b Support serialization of encrypted private keys 
Switch to PEM_write_bio_PKCS8PrivateKey since the other function outputs
nonstandard PEM when encrypting.
 2016-11-13 16:09:52 +00:00
Steven Fackler 7d411c7975 Add private_key_from_pem_passphrase 2016-11-13 15:27:39 +00:00
Steven Fackler 2a8923c050 Macro-implement private_key_to_pem 2016-11-13 15:12:50 +00:00
Steven Fackler 08e0c4ca90 Some serialization support for EcKey 2016-11-13 15:02:38 +00:00
Steven Fackler 85c1474ce6 No need to use a raw string anymore 2016-11-13 12:19:31 +00:00
Steven Fackler 64e9932ac9 Use ffdhe2048 in mozilla_intermediate 2016-11-12 17:52:58 +00:00
Steven Fackler 2f8301fc63 Be a bit more emphatic about the danger 2016-11-12 16:51:26 +00:00
Steven Fackler 6b3599d319 Add a connect method that does not perform hostname verification 
The method name is intentionally painful to type to discourage its use
 2016-11-12 16:45:18 +00:00
Steven Fackler 7cdb58bc47 Simplify test logic a bit 2016-11-12 14:42:48 +00:00
Steven Fackler 157034d995 Add a missing init 2016-11-12 14:30:53 +00:00
Steven Fackler 796d7b4deb Add constructors for various standard primes 2016-11-12 14:20:43 +00:00
Steven Fackler 96d24c8957 Add SslRef::set_{tmp_dh,tmp_ecdh,ecdh_auto} 2016-11-12 13:45:54 +00:00
Steven Fackler 2a1d7b2bcb Pick different cipher lists on 1.0.1 and 1.0.2 2016-11-12 13:36:03 +00:00
Steven Fackler 93253ba599 Adjust cipher lists to work on older versions 2016-11-12 13:09:12 +00:00
Steven Fackler 780c46e0e7 Add SslRef::set_tmp_{ec,}dh_calback 2016-11-12 12:56:58 +00:00
Steven Fackler 563754fb08 Add SslContextBuilder::set_tmp_{ec,}dh_callback 2016-11-12 12:43:44 +00:00
Steven Fackler b14d68f715 Drop bits to u32 2016-11-12 11:14:05 +00:00
Steven Fackler 9b5c62b053 Add PKey::bits 2016-11-12 11:00:15 +00:00
Steven Fackler 26a3358a2b Add basic X509_STORE access 
There's more to do here, but this enabled addition of trusted CAs from
X509 objects.

Closes #394
 2016-11-12 00:24:12 +00:00
Steven Fackler 6b7279eb52 Consistently support both PEM and DER encodings 
Closes #500
 2016-11-11 20:10:10 +00:00
Steven Fackler 15490a43e3 Add EcKey <-> PKey conversions 
Closes #499
 2016-11-11 19:17:38 +00:00
Steven Fackler 32cbed0782 PKey <-> DH conversions 
Closes #498
 2016-11-11 19:04:54 +00:00
Steven Fackler 609a09ebb9 Add PKey::dsa 
Closes #501
 2016-11-11 18:52:37 +00:00
Steven Fackler 0d2d4865e5 Release v0.9.1 2016-11-11 16:45:22 +00:00
Steven Fackler 898e7f02df Fix EOF detection 
See https://github.com/openssl/openssl/issues/1903 for details
 2016-11-11 15:10:30 +00:00
Steven Fackler a42c6e8713 Drop rustc-serialize dependency 2016-11-09 20:35:23 +00:00
Steven Fackler 7c8ae5f664 Better docs for AEAD tag 2016-11-09 18:54:29 +00:00
Steven Fackler aa7c27536a Make sure to override SslContext verify callback always 
The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
 2016-11-08 22:38:48 +00:00
Steven Fackler 913723997b Add convenience functions for AEAD encryption/decryption 2016-11-08 22:35:16 +00:00
Steven Fackler 203a02c3e6 Actually support AES GCM 
This is an AEAD cipher, so we need some extra functionality. As another
bonus, we no longer panic if provided an IV with a different length than
the cipher's default.
 2016-11-08 20:35:21 +00:00
Steven Fackler b3b7194e82 Docs 2016-11-08 19:10:56 +00:00
Steven Fackler 97872500a3 Deprecate X509Generator 2016-11-07 21:48:40 +00:00
Steven Fackler c0e02e7e51 Use X509Builder in X509Generator 2016-11-07 21:15:36 +00:00
Steven Fackler 18c5d1f771 Add init calls to new constructors 2016-11-07 20:50:57 +00:00
Steven Fackler d78acc729b Add an X509ReqBuilder 2016-11-07 20:42:43 +00:00
Steven Fackler 597d05b8f8 Add stack creation and push 2016-11-06 23:46:42 -08:00
Steven Fackler 8f7df7b205 Add SubjectAlternativeName 2016-11-06 23:19:58 -08:00
Steven Fackler d17c3355ab More extension progress 2016-11-06 22:52:53 -08:00
Steven Fackler 5f18ffa4b3 Start of extension support 2016-11-06 21:58:43 -08:00
Steven Fackler 1939e6fd78 Add conf module 2016-11-06 14:49:26 -08:00
Steven Fackler b83edbad0d Start on an X509Builder 2016-11-06 14:07:34 -08:00
Steven Fackler 1edb6f682e Support client CA advertisement 2016-11-06 12:17:14 -08:00
Steven Fackler a4e0581e4f Fix build on 1.0.1 2016-11-06 11:57:50 -08:00
Steven Fackler bcb7b3f5dc Add accessors for cert and private key 
Closes #340
 2016-11-06 10:46:38 -08:00
Steven Fackler 72ac2a0105 Release v0.9.0 2016-11-05 20:05:50 -07:00
Steven Fackler 79e2004eef Fixes 2016-11-05 19:28:17 -07:00
Steven Fackler 8ad1e5565b Remove set_rsa 
PKey is reference counted so allowing mutation is unsound
 2016-11-05 18:49:09 -07:00
Steven Fackler 96a5ccfc6b Implement Pkcs12 via type_! 2016-11-05 18:46:34 -07:00
Steven Fackler 4e2ffe5b9b Re-adjust BigNum API 2016-11-05 17:35:31 -07:00
Steven Fackler 8037258913 Return a Stack in Pkcs12 2016-11-05 13:57:05 -07:00
Steven Fackler ed69d6b037 Add Stack::pop 2016-11-05 13:40:53 -07:00
Steven Fackler 52feaae59f More cleanup 2016-11-05 13:15:14 -07:00
Steven Fackler ac36d542fd Simplify destructor a bit 2016-11-05 13:10:50 -07:00
Steven Fackler 398ab2fbc4 Add a consuming iterator for Stacks 2016-11-05 13:01:54 -07:00
Steven Fackler f15c817c2d Rustfmt 2016-11-05 10:54:17 -07:00
Steven Fackler 71a114707f Remove unused dependency 2016-11-05 10:38:12 -07:00
Steven Fackler 99b41a0050 Rename accessors 2016-11-05 10:15:40 -07:00
Steven Fackler 91fd58b4c2 More buildscript tweaks 2016-11-04 21:10:49 -07:00
Steven Fackler 9198bcda3a Improve buildscript logic 2016-11-04 21:08:34 -07:00
Steven Fackler 01ae978db0 Get rid of Ref 
There's unfortunately a rustdoc bug that causes all methods implemented
for any Ref<T> to be inlined in the deref methods section :(
 2016-11-04 17:16:59 -07:00
Steven Fackler 25443d7b48 Make utility functions private 2016-11-04 12:15:05 -07:00
Steven Fackler 6fe7dd3024 Remove an enum 2016-11-03 22:45:54 -07:00
Steven Fackler 772a506294 Clean up some bignum APIs 2016-11-03 21:06:23 -07:00
Steven Fackler e87b75fa03 Rename BnCtx 2016-11-03 20:54:08 -07:00
Steven Fackler 62a9f89fce Avoid lhash weirdness 2016-11-03 20:38:51 -07:00
Steven Fackler aa0040125b Use built in DH parameters when available 
Fall back to a hardcoded PEM blob on 1.0.1, but serialized from
DH_get_2048_256.
 2016-11-01 22:50:22 -07:00
Steven Fackler 176348630a Don't clear BigNums in destructor 
Instead add a clear method.
 2016-11-01 21:59:07 -07:00
Steven Fackler 888b8b696c Fix docs 2016-11-01 21:42:39 -07:00
Steven Fackler e67733cc4e Cleanup X509StoreContext::chain 2016-11-01 19:45:38 -07:00
Steven Fackler d5a9a239f6 More minor cleanup 2016-11-01 19:36:08 -07:00
Steven Fackler c776534ad4 Clean up stack 2016-11-01 19:25:40 -07:00
Steven Fackler 79c51d5e51 Clean up stack destructor 2016-11-01 19:12:38 -07:00
Steven Fackler 77b76ed8a8 Merge pull request #506 from simias/stack 
Implemented a generic Stack API and use it to deal with StackOf(X509) and StackOf(GENERAL_NAME)
 2016-11-01 18:59:35 -07:00
Lionel Flandrin 8d0090faec Implement X509StoreContextRef::get_chain 2016-11-01 21:23:18 +01:00
Lionel Flandrin 36bf0bb387 Replace GeneralNames by the new Stack API 2016-11-01 21:23:18 +01:00
Lionel Flandrin 3bdefa987a Implement a generic Stack API to deal with OpenSSL stacks 2016-11-01 21:23:13 +01:00
Lionel Flandrin 9ea27c12b9 Add method to encode a public key as a DER blob 2016-11-01 17:34:21 +01:00
Steven Fackler 43911db26c Avoid extra allocations in Asn1Time Display impl 2016-10-31 23:09:07 -07:00
Steven Fackler dd4836cdf6 Fix 1.1.0 build 2016-10-31 23:06:27 -07:00
Steven Fackler f71395c600 Little cfg cleanup 2016-10-31 22:45:51 -07:00
Steven Fackler dc4098bdd8 Clean up x509 name entries 2016-10-31 22:43:05 -07:00
Steven Fackler ab30ad0ce7 Documentation 2016-10-31 21:00:26 -07:00
Steven Fackler 96a77cf5a8 Remove Opaque 2016-10-31 20:56:51 -07:00
Steven Fackler cd7fa9fca2 Update x509 2016-10-31 20:54:34 -07:00
Steven Fackler ff12d37aef Update ssl 2016-10-31 20:32:55 -07:00
Steven Fackler 16e398e005 Update verify 2016-10-31 20:19:59 -07:00
Steven Fackler e9d78181c3 Update Rsa 2016-10-31 20:15:12 -07:00
Steven Fackler f640613863 Update PKey 2016-10-31 20:12:55 -07:00
Steven Fackler d6579ab058 Update EcKey 2016-10-31 20:06:06 -07:00
Steven Fackler fe5fb75d45 Update Dsa 2016-10-31 20:04:55 -07:00
Steven Fackler 28f375974a Convert Dh 2016-10-31 20:02:24 -07:00
Steven Fackler 849fca4a7b Convert Asn1Time 2016-10-31 20:02:24 -07:00
Steven Fackler 3363046c34 Update bignum 2016-10-31 20:02:24 -07:00
Steven Fackler 927c3e924c Add a generic Ref type 2016-10-31 20:02:24 -07:00
Steven Fackler 006da59285 Return an SslRef 2016-10-30 22:42:32 -07:00
Steven Fackler 558124b755 Expose SSL_MODEs 2016-10-30 22:02:26 -07:00
Steven Fackler e0211dac30 Rename set_CA_file 2016-10-30 21:39:26 -07:00
Steven Fackler 5b0fc9a185 Impl Sync and Send for SslContextBuilder 2016-10-30 20:34:35 -07:00
Steven Fackler add8e4023e Rename connectors 2016-10-30 19:39:18 -07:00
Steven Fackler 997e92e052 Merge ssl option setup 
The client will ignore server-side options so we may as well stick them
all in the same spot.
 2016-10-30 18:49:29 -07:00
Steven Fackler bd457dba18 Move HandshakeError to submodule 2016-10-30 17:23:03 -07:00
Steven Fackler 287f6df6c6 Remove DsaParams 2016-10-30 17:04:55 -07:00
Steven Fackler 610403a562 Add RsaRef 2016-10-30 17:00:54 -07:00
Steven Fackler c3b6eff191 Add DsaRef 2016-10-30 16:44:21 -07:00
Steven Fackler f75f82e466 Rustfmt 2016-10-30 16:37:45 -07:00
Steven Fackler 7869651407 Remove out of date comment 2016-10-30 16:34:50 -07:00
Steven Fackler 9abbf6f80e Use Python's cipher list on the client side. 2016-10-30 16:29:33 -07:00
Steven Fackler d1179f1ad2 Update docs 2016-10-30 15:14:29 -07:00
Steven Fackler 52f288e090 Add a mozilla modern profile 2016-10-30 14:57:22 -07:00
Steven Fackler 7d13176cd1 Rename nwe to mozilla_intermediate 2016-10-30 14:34:05 -07:00
Steven Fackler 43b430e5b0 Pass SslMethod into constructors 2016-10-30 14:26:28 -07:00
Steven Fackler ee79db61c2 Enable single ECDH use 2016-10-30 13:41:24 -07:00
Steven Fackler 677718f8da Configure ECDH parameters in connector 2016-10-30 13:38:09 -07:00
Steven Fackler 8c58ecc2fa Implement EcKey 
cc #499
 2016-10-30 13:17:20 -07:00
Steven Fackler eb735f519a Clean up generics a bit 2016-10-30 11:05:29 -07:00
Steven Fackler 23fe1e85e9 Pull Curl's CA list for Windows tests 2016-10-29 18:17:46 -07:00
Steven Fackler 761dd780c1 Add module level docs 2016-10-29 18:04:38 -07:00
Steven Fackler c89f2c0be0 Use PKeyRef in X509Generator 2016-10-29 16:37:56 -07:00
Steven Fackler c2b38d8bb3 Move docs 2016-10-29 15:02:36 -07:00
Steven Fackler 85169e5a61 Fix reexport 2016-10-29 15:02:07 -07:00
Steven Fackler e72533c058 Docs for connectors 2016-10-29 15:00:46 -07:00
Steven Fackler 57d10ebbc3 Add PKeyRef 2016-10-29 14:19:09 -07:00
Steven Fackler 4c7a5a418e Implement client and server connectors 2016-10-29 14:02:26 -07:00
Steven Fackler 1a288da86c Make verification unconditionally exposed internally 2016-10-28 22:14:44 -07:00
Steven Fackler c0cf4ab1c2 Remove private field in ParsedPkcs12 
The function definition is fixed - nothing else is going to be coming
out of a PKCS#12 archive
 2016-10-27 20:33:38 -07:00
Steven Fackler dafb46fc51 Camel case DH 2016-10-27 20:26:18 -07:00
Steven Fackler 8604668a18 Make padding types consts 2016-10-27 19:56:52 -07:00
Steven Fackler 781417d50f Add a macro definition 2016-10-27 19:12:55 -07:00
Steven Fackler 8e129af256 Fix description 2016-10-26 22:15:41 -07:00
Steven Fackler 63b1ec1a12 Stop returning an Option from cipher description 2016-10-26 22:13:10 -07:00
Steven Fackler 2234899e59 Fix drop signature 2016-10-26 22:00:33 -07:00
Steven Fackler 548c8b5fba Remove macros module 2016-10-26 21:55:13 -07:00
Steven Fackler 654f0941e1 Don't double-allocate strings 2016-10-26 21:42:09 -07:00
Steven Fackler 4f59d57675 Move SslString to a shared location 2016-10-26 21:28:00 -07:00
Steven Fackler ebc4c56c34 Add SslMethod::from_ptr 2016-10-26 20:43:43 -07:00
Steven Fackler f4b7006771 Don't allow mutation of SslContexts 
SslContext is reference counted and the various setter methods don't
take out locks where necessary. Fix this by adding a builder for the
context.
 2016-10-25 23:12:56 -07:00
Steven Fackler bea53bb39b Support AES GCM 
Closes #326
 2016-10-25 20:59:33 -07:00
Steven Fackler 39279455c8 Add a shutdown method 2016-10-25 20:40:18 -07:00
Steven Fackler eb655bddbc Fix ordering 2016-10-25 20:01:28 -07:00
Steven Fackler 938fdd7137 Add into_error 2016-10-23 21:54:49 -07:00
Steven Fackler ca71e00878 Fix Send + Sync-ness of SslStream 2016-10-23 20:55:31 -07:00
Steven Fackler 04fc853ee3 Remove NIDs only defined in 1.0.2+ 2016-10-23 09:16:20 -07:00
Steven Fackler d39a2cedad Fix tests 2016-10-22 16:01:26 -07:00
Steven Fackler 787cad3c82 Use constants rather than constructors for Nid 2016-10-22 15:58:06 -07:00
Steven Fackler 3c50c74444 Camel case Rsa 2016-10-22 10:21:16 -07:00
Steven Fackler b619c4e885 Camel case Dsa 2016-10-22 10:16:49 -07:00
Steven Fackler 2fd201d9c3 De-enumify Nid 2016-10-22 10:08:32 -07:00
Steven Fackler ae72cbd28b Fix hasher docs 2016-10-22 09:17:41 -07:00
Steven Fackler 98b7f2f935 Flatten crypto module 2016-10-22 09:16:38 -07:00
Steven Fackler 58f6d1138a Properly propagate panics 2016-10-21 21:52:02 -07:00
Steven Fackler 9be0aab9ac Borrow compression string 2016-10-21 21:46:32 -07:00
Steven Fackler f1c68e3544 Rename SslContextOptions 2016-10-21 21:22:05 -07:00
Steven Fackler 8ec53eb0e1 Fix X509StoreContext 2016-10-21 20:59:07 -07:00
Steven Fackler 6f1a3f2834 Update BigNumRef 2016-10-21 20:26:53 -07:00
Steven Fackler 02b4385c5d Convert X509VerifyParamRef 2016-10-21 19:58:06 -07:00
Steven Fackler f0cde38929 Borrowed servername 2016-10-21 19:54:30 -07:00
Steven Fackler fcb86b8394 Convert SslCipherRef 2016-10-21 19:45:46 -07:00
Steven Fackler 2bbeddd14a Convert SslRef 2016-10-21 19:33:56 -07:00
Steven Fackler fe98a90719 Convert SslContextRef 2016-10-21 19:15:09 -07:00
Steven Fackler b7017a7eec Update Asn1TimeRef 2016-10-21 17:13:30 -07:00
Steven Fackler 23fc6c828b Convert X509Ref 2016-10-21 17:01:13 -07:00
Steven Fackler b3eb8d516c Switch X509Name over to new borrow setup 
The use of actual references enables us to be correct with respect to
mutability without needing two structs for the mutable and immutable
cases and more deref impls.
 2016-10-20 22:51:10 -07:00
Steven Fackler bd0c0c60bd Store a MidHandshakeSslStream in fatal errors 
This in particular allows the X509 verification error to be retrieved,
as well as the stream itself.
 2016-10-20 20:57:53 -07:00
Steven Fackler 8f3511c0cd Redo SslStream construction 
SslStream is now constructed via methods on Ssl. You realistically want
to create an Ssl for SNI and hostname verification so making it harder
to construct a stream directly from an SslContext is a good thing.
 2016-10-20 19:59:09 -07:00
Steven Fackler 5ab037f056 Allow the X509 verify error to be read from an SslRef 2016-10-18 22:21:06 -07:00
Steven Fackler cfd5192a7d De-enumify X509ValidationError 
Also make it an Error.

Closes #352.
 2016-10-18 22:10:37 -07:00
Steven Fackler 080050e10d Drop lifetime on GeneralNames 2016-10-18 21:52:49 -07:00
Steven Fackler c4459c37d9 Callback cleanup 2016-10-18 21:13:13 -07:00
Steven Fackler f7e6d7fce6 Don't ignore errors in NPN/ALPN logic 
Closes #479
 2016-10-18 21:12:55 -07:00
Steven Fackler 194298a057 Implement new feature setup 
The basic idea here is that there is a feature for each supported
OpenSSL version. Enabling multiple features represents support for
multiple OpenSSL versions, but it's then up to you to check which
version you link against (probably by depending on openssl-sys and
making a build script similar to what openssl does).
 2016-10-17 21:57:54 -07:00
Steven Fackler a938a001a7 Fix missing import 2016-10-16 23:26:38 -07:00
Steven Fackler b7400d56e8 Fix algorithm field 2016-10-16 23:22:00 -07:00
Steven Fackler 68954cfc51 Finish BN overhaul 2016-10-16 23:13:00 -07:00
Steven Fackler 7ec015325b Finish error overhaul 2016-10-16 21:07:17 -07:00
Steven Fackler 78daed2d58 ssl error handling cleanup 2016-10-16 20:14:04 -07:00
Steven Fackler 89a366d9f7 Finish crypto error cleanup 2016-10-16 19:24:04 -07:00
Steven Fackler 19440c2981 More error cleanup 
Also allocation free RSA
 2016-10-16 19:06:02 -07:00
Steven Fackler 73ccfe7a29 Continue error handling cleanup 
Also overhaul/clean up pkcs5 internals
 2016-10-16 16:42:56 -07:00
Steven Fackler 8f89f0bfa9 Start on error + BN refactor 2016-10-16 15:54:09 -07:00
Steven Fackler 6ea551dc82 Fix set_read_ahead signature 2016-10-15 16:53:10 -07:00
Steven Fackler 4ba5292a0a De-enumify Padding 2016-10-15 16:19:19 -07:00
Steven Fackler ee18988584 De-enumify SslMethod 2016-10-15 16:10:03 -07:00
Steven Fackler 1cecaeb62d De-enumify Cipher 2016-10-15 15:47:40 -07:00
Steven Fackler c171be551a De-enumify message digests 2016-10-15 15:23:29 -07:00
Steven Fackler 6609a81685 Migrate DSA sign/verify to EVP APIs 2016-10-15 15:02:02 -07:00
Steven Fackler 228b8fbc5b Correctly bind BIO_new_mem_buf 2016-10-15 13:39:47 -07:00
Steven Fackler 4ed81d6426 Fix EVP_DigestVerifyFinal version support 2016-10-15 13:12:37 -07:00
Steven Fackler 2ff82649b5 Add examples to crypto::sign 2016-10-15 12:50:03 -07:00
Steven Fackler ea8cbbe9dc Fix typo 2016-10-15 12:31:30 -07:00
Steven Fackler 4d567358a1 Distinguish between verification errors and "other" errors. 2016-10-15 12:31:06 -07:00
Steven Fackler bb23b33829 Fix signature of EVP_DigestVerifyFinal on 1.0.1 2016-10-15 12:24:20 -07:00
Steven Fackler 6ae472487f Support HMAC PKeys and remove hmac module 2016-10-15 11:06:11 -07:00
Steven Fackler cce1d44f28 Remove old RSA sign and verify methods 2016-10-15 10:43:19 -07:00
Steven Fackler f73313d688 Signature and verification support 2016-10-15 10:36:59 -07:00
Steven Fackler 64b8e5e553 Merge pull request #471 from sfackler/no-comp 
Handle OPENSSL_NO_COMP
 2016-10-14 23:09:11 -07:00
Steven Fackler e1d1006fad Check feature compatibility in build script 2016-10-14 23:03:44 -07:00
Steven Fackler 984b9a0cc7 Don't run test on ARM 
They're very segfaulty, but it's almost certainly due to the QEMU layer.
We really just want to make sure things compile.
 2016-10-14 22:28:24 -07:00
Steven Fackler 7ac0599638 Fix test_alpn_server_select_none 
In OpenSSL 1.1, a failure to negotiate a protocol is a fatal error, so
fork that test. This also popped up an issue where we assumed all errors
had library, function, and reason strings which is not necessarily the
case.

While we're in here, adjust the Display impl to match what OpenSSL
prints out.

Closes #465
 2016-10-14 22:01:21 -07:00
Steven Fackler f520aa2860 Handle OPENSSL_NO_COMP 
Closes #459
 2016-10-14 20:50:45 -07:00
Steven Fackler d976b8f595 Enable hostname verification on 1.0.2 2016-10-14 18:56:15 -07:00
Steven Fackler af51b263b1 Support hostname verification 
Closes #206
 2016-10-14 17:39:31 -07:00
Steven Fackler ae282a78e2 Remove link_name usage 2016-10-14 16:15:50 -07:00
Alex Crichton 0908fddc74 Ignore DTLS tests on Windows/ARM for now 
cc #467
 2016-10-14 11:15:22 -07:00
Steven Fackler f44cff29e6 Cleanup 2016-10-13 22:34:39 -07:00
Steven Fackler 3d535f661f Use stdlib logic for udp 2016-10-13 20:15:26 -07:00
Steven Fackler a09f46266d Fix windows for real 2016-10-13 20:09:43 -07:00
Steven Fackler 5b29fc9d69 Disable npn tests on < 1.0.2 
s_client doesn't seem to support the required flag before then.
 2016-10-13 20:03:02 -07:00
Steven Fackler 140ef1b988 Fix tests on windows 2016-10-13 20:01:31 -07:00
Steven Fackler 143556078b Reenable dtls tests 2016-10-13 19:48:30 -07:00
Steven Fackler edfc50f37d Clean up features 2016-10-13 19:46:13 -07:00
Steven Fackler 1883590c61 Correct feature selection in tests 2016-10-13 19:21:12 -07:00
Steven Fackler b610e01793 Flag off dtls and mask ssl_ops 
Also un-feature gate npn as it ships with 1.0.1
 2016-10-13 19:06:53 -07:00
Alex Crichton ce4d233d38 Tweak some comments in Cargo.toml 2016-10-12 22:53:03 -07:00
Alex Crichton 715b700aff Ignore a test on OpenSSL 1.1.0 2016-10-12 22:51:47 -07:00
Steven Fackler af3e06d3e8 Add remaining SSL_OP constants 2016-10-12 22:50:08 -07:00
Alex Crichton 43c951f743 Add support for OpenSSL 1.1.0 
This commit is relatively major refactoring of the `openssl-sys` crate as well
as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0,
and lots of other various tweaks happened along the way. The major new features
are:

* OpenSSL 1.1.0 is supported
* OpenSSL 0.9.8 is no longer supported (aka all OSX users by default)
* All FFI bindings are verified with the `ctest` crate (same way as the `libc`
  crate)
* CI matrixes are vastly expanded to include 32/64 of all platforms, more
  OpenSSL version coverage, as well as ARM coverage on Linux
* The `c_helpers` module is completely removed along with the `gcc` dependency.
* The `openssl-sys` build script was completely rewritten
  * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars.
  * Better error messages for mismatched versions.
  * Better error messages for failing to find OpenSSL on a platform (more can be
    done here)
  * Probing of OpenSSL build-time configuration to inform the API of the `*-sys`
    crate.
* Many Cargo features have been removed as they're now enabled by default.

As this is a breaking change to both the `openssl` and `openssl-sys` crates this
will necessitate a major version bump of both. There's still a few more API
questions remaining but let's hash that out on a PR!

Closes #452
 2016-10-12 22:49:55 -07:00
Steven Fackler c1e41349fb Rename NoPadding to None 2016-10-07 08:10:01 -07:00
Steven Fackler b6719de92e Rename EncryptionPadding to Padding 2016-10-07 08:09:02 -07:00
Andrei Oprisan 50648b7dac Removed max_size; removed all encrypt/decrypt methods except private/public encrypt/decrypt which take the padding 2016-10-07 10:01:16 +03:00
Andrei Oprisan f16cd5586f added try_ssl_size, which handles -1 as error and returns the value otherwise; added RSA private_decrypt and public encrypt 
lift_ssl_size

Added public/private encrypt/decrypt to RSA from the original commit + tests; added try_ssl_returns_size macro to check for -1 in case of SSL functions which return size
 2016-10-05 14:39:11 +03:00
Steven Fackler c5da7131f5 Make sure private component exists when signing 
Closes #457
 2016-09-29 00:09:31 +02:00
Steven Fackler 8d95383f32 Release v0.8.3 2016-09-09 09:19:24 -07:00
Steven Fackler 9a449dbd6e Fix password callback on ARM 
Closes #449
 2016-09-08 09:35:56 -07:00
Novotnik, Petr 5e08ad0085 Implement Clone for openssl::error::ErrorStack 2016-09-01 20:10:02 +02:00
Steven Fackler 4718a88e04 Release openssl-sys v0.7.17, openssl v0.8.2 2016-08-18 12:59:22 -07:00
Steven Fackler cd69343d67 Fix SslContext::add_extra_chain_cert 
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.

This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
 2016-08-17 19:30:57 -07:00
Steven Fackler 80ed1ef8ab Ignore flickering test on windows 2016-08-16 22:41:36 -07:00
David Weinstein 7a653282a9 Get rid of use Asn1TimeRef warning for some builds 2016-08-17 01:23:54 -04:00
David Weinstein 06f19cf285 Be explicit regarding Asn1TimeRef lifetimes 2016-08-17 01:23:54 -04:00
David Weinstein 90c42fc026 Fix docs 2016-08-17 01:23:54 -04:00
David Weinstein 234ce581f9 Add x509_validity feature to travis tests 
- also update docs for new x509 `not_before`, `not_after`
 2016-08-17 01:23:54 -04:00
David Weinstein 8fa4059b82 Add test for `"x509_validity"` feature 2016-08-17 01:23:54 -04:00
David Weinstein 96b1ef829c Add `"x509_expiry"` feature flag 
- fix return of `ASN1_TIME_print`
- assert on null `date`
 2016-08-17 01:23:54 -04:00
David Weinstein 32a4e2ba50 Introduce `Asn1TimeRef` 2016-08-17 01:23:54 -04:00
David Weinstein f9cd4bff1f Progress on asn1 expiry 
- Use MemBio and implement `Display` for Asn1Time

- Tweak doc for asn1 `not_before`, `not_after`
 2016-08-17 01:23:54 -04:00
David Weinstein e64d3fcfcc Fix finicky sha1 stdin format 2016-08-17 00:58:05 -04:00
David Weinstein e60c257019 Improve build script 
- try and fallback to a mirror when openssl.org is down
- check the sha1 of the downloaded tarball
 2016-08-17 00:48:56 -04:00
Steven Fackler 629f638f08 Release openssl-sys v0.7.16, openssl v0.8.1 2016-08-15 18:44:57 -07:00
Steven Fackler 88dcb1c81d Add a little comment to sketchy transmute 2016-08-15 18:41:18 -07:00
Steven Fackler e6c4135c53 Docs for pkcs12 2016-08-14 11:24:18 -07:00
Steven Fackler e5299fd7c9 Fix memory leak in general name stack 2016-08-14 11:16:53 -07:00
Steven Fackler 6b12a0cdde PKCS #12 support 2016-08-14 11:11:26 -07:00
Steven Fackler ad4a8cc140 More test fixes 2016-08-14 11:05:53 -07:00
Steven Fackler 3876332734 Fix tests 2016-08-14 10:29:55 -07:00
Steven Fackler 773a6f0735 Start on PKCS #12 support 2016-08-14 10:11:38 -07:00
Steven Fackler 5042d3d170 Mangle c helper functions 
We want to make sure that multiple openssl versions can coexist in the
same dependency tree.

Closes #438
 2016-08-13 12:05:29 -07:00
Steven Fackler 2e8f19ca2f Release openssl-sys v0.7.15, openssl v0.8.0 2016-08-11 21:00:43 -07:00
Steven Fackler 63239bf3ee Require bitflags 7 2016-08-11 20:52:43 -07:00
Steven Fackler b21805f541 Fix tests 2016-08-10 22:10:32 -07:00
Steven Fackler 0359afb99e Little tweaks 2016-08-10 22:02:36 -07:00
Steven Fackler 9a3fa4d98d Fix build 2016-08-10 21:37:24 -07:00
Steven Fackler 59fe901357 Method renames 2016-08-10 21:28:17 -07:00
Steven Fackler c15642ccea Tweaks 2016-08-10 21:25:18 -07:00
Steven Fackler 5e6b8e68fd More API cleanup 2016-08-10 21:07:41 -07:00
Steven Fackler c4e7743c57 Asn1 and Bignum renames 2016-08-10 20:51:06 -07:00
Steven Fackler 35c79d1768 Fix build 2016-08-09 23:13:56 -07:00
Steven Fackler 00db0bc4b3 Test hmac features 2016-08-09 22:56:08 -07:00
Steven Fackler 67b5b4d814 Make hmac support optional and remove openssl-sys-extras 
rust-openssl no longer requires headers for the default feature set.
 2016-08-09 22:52:12 -07:00
Steven Fackler 966c5385ea Fix build 2016-08-09 22:26:18 -07:00
Steven Fackler 1ac54b06e9 Move X509_get_extensions to openssl helpers 2016-08-09 22:15:16 -07:00
Steven Fackler 0854632ff5 Make c_helpers optional 2016-08-09 22:02:49 -07:00
Steven Fackler 2f46c793e5 Remove rust_SSL_clone 2016-08-09 21:23:54 -07:00
Steven Fackler 15e8997052 Docs for Crypter::new 2016-08-08 23:31:25 -07:00
Steven Fackler b8712c5c51 Fix size check 
Decryption requires an extra byte of space
 2016-08-08 23:25:06 -07:00
Steven Fackler a8224d199b symm reform 2016-08-08 23:10:03 -07:00
Steven Fackler 522447378e Copy over getter macros 2016-08-08 20:37:48 -07:00
Steven Fackler bf07dd9a4e Remove symm_internal 2016-08-08 20:26:04 -07:00
Steven Fackler e4b97921a9 Clean up RSA and DSA accessors 2016-08-08 19:04:30 -07:00
Steven Fackler deb94a904b Fix build on 1.9 2016-08-07 22:58:20 -07:00
Steven Fackler 6b1016c86e Add PKey::from_rsa 2016-08-07 22:56:44 -07:00
Steven Fackler 6e5cd7ef47 Remove X509Generator::bitlenth 2016-08-07 22:46:14 -07:00
Steven Fackler a8f827d28c Fix example 2016-08-07 22:44:42 -07:00
Steven Fackler 1968956536 Restore disabled tests 2016-08-07 22:40:51 -07:00
Steven Fackler 2a3e9a2856 Add RSA::generate 2016-08-07 22:35:37 -07:00
Steven Fackler 25752280ae Move init to crate root 2016-08-07 22:09:19 -07:00
Steven Fackler 77ba043acf x509 cleanup 2016-08-07 21:53:05 -07:00
Steven Fackler 79602b6af4 get_error -> error 2016-08-07 21:34:58 -07:00
Steven Fackler a0a6c03d74 DH cleanup 2016-08-07 21:19:40 -07:00
Steven Fackler 4d3c6868e7 pkcs5 reform 2016-08-07 20:57:44 -07:00
Steven Fackler 7855f428aa PKey reform 
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
 2016-08-07 20:38:46 -07:00
Steven Fackler 7515272692 Fix RSA::verify 
It never returns -1 - all errors are indicated by 0
 2016-08-07 18:03:13 -07:00
Steven Fackler 6091c674c9 Fix bn tests on 32 bit 2016-08-07 17:52:13 -07:00
Steven Fackler b56908a392 Take a c_ulong directly in BN construction 
Closes #416
 2016-08-07 17:48:18 -07:00
Steven Fackler 7ca5ccf064 Hash reform 
Closes #430
 2016-08-07 16:29:36 -07:00
Steven Fackler 05089bacb3 Refactor BigNum 2016-08-07 14:33:18 -07:00
Steven Fackler 5af01a5dbd Clean up asn1time 2016-08-06 22:23:03 -07:00
Steven Fackler bc97d088b0 get_handle -> handle 2016-08-05 21:07:17 -07:00
Steven Fackler fe47e93f2f Fix pkey method safety 2016-08-05 21:04:40 -07:00
Steven Fackler b4145c6fa5 Clean up x509 2016-08-05 20:55:05 -07:00
Steven Fackler 4e911e7972 Make x509 constructors unsafe 2016-08-05 19:51:59 -07:00
Steven Fackler c47be8b14b Move SSL_CTX_set_ecdh_auto to -sys 2016-08-04 22:52:40 -07:00
Steven Fackler ee67ea8ea0 Mvoe SSL_CTX_add_extra_chain_cert to -sys 2016-08-04 22:46:47 -07:00
Steven Fackler 378b86326c Move SSL_CTX_set_tmp_dh to -sys 2016-08-04 22:43:24 -07:00
Steven Fackler 7fb7f4671d Move SSL_CTX_set_read_ahead to -sys 2016-08-04 22:40:01 -07:00
Steven Fackler 77dbab2cad Move SSL_CTX_set_tlsext_servername_callback to -sys 2016-08-04 22:37:39 -07:00
Steven Fackler c2a7c5b7f0 Move SSL_set_tlsext_host_name to -sys 2016-08-04 22:28:33 -07:00
Steven Fackler b29ea62491 Move BIO macros into -sys 2016-08-04 22:22:55 -07:00
Steven Fackler dd16f64f89 Stop once-ing init wrapper 
The underlying function already once-s itself
 2016-08-04 22:15:50 -07:00
Steven Fackler 17474520bc Support basic SSL options without C shims 2016-08-04 22:14:18 -07:00
Steven Fackler abacc8bb18 Define SSL_CTX_set_mode in openssl-sys 2016-08-02 22:14:44 -07:00
Steven Fackler c5b2ede282 Merge remote-tracking branch 'origin/breaks' 2016-08-02 20:52:07 -07:00
Steven Fackler 08e27f31ed Restructure PEM input/output methods 
Dealing with byte buffers directly avoids error handling weirdness and
we were loading it all into memory before anyway.
 2016-08-02 20:49:28 -07:00
Tomasz Miąsko 635bdb45a8 BigNum binary operators with different lifetimes. 2016-08-01 22:23:26 +02:00
Steven Fackler 92abf49b96 Drop unused feature gate 2016-07-31 16:23:48 -07:00
Steven Fackler 2574bff52d Merge pull request #432 from alexcrichton/mid-handshake 
Add MidHandshakeSslStream
 2016-07-31 16:20:10 -07:00
Steven Fackler f1b64aa2ee Fix weird inference issue on 1.9 2016-07-31 16:04:03 -07:00
Alex Crichton 3539be3366 Add MidHandshakeSslStream 
Allows recognizing when a stream is still in handshake mode and can gracefully
transition when ready. The blocking usage of the API should still be the same,
just helps nonblocking implementations!
 2016-07-31 16:01:06 -07:00
Steven Fackler 6f40b65d2c Build against 1.9 2016-07-31 15:55:32 -07:00
Steven Fackler e86eb68624 Fix catch_unwind feature and drop feature gate 2016-07-31 15:51:22 -07:00
Steven Fackler 5cb04db787 Fix build with dtls 2016-07-31 15:35:45 -07:00
Steven Fackler f0ffa246b8 Merge remote-tracking branch 'origin/master' into breaks 2016-07-31 15:15:47 -07:00
Steven Fackler 18c1ded8c7 Revert "Add a new trait based Nid setup" 
This reverts commit 49db4c84df.

Unclear that this is a good idea
 2016-07-31 14:41:11 -07:00
Steven Fackler df30e9e700 Merge pull request #402 from bbatha/feat/dsa-ffi 
DSA bindings
 2016-07-29 22:35:50 -07:00
Ben Batha 67d3067dbf improve error handling in rsa 2016-07-29 20:01:54 -04:00
Ben Batha a3a602be51 add low level dsa primitives 2016-07-29 19:04:37 -04:00
Steven Fackler 4eaada2c4b Merge pull request #427 from onur/save_der 
Implement save_der for X509 and X509Req
 2016-07-29 09:05:51 -07:00
Onur Aslan 7c082904fc Implement get_handle for X509Req 2016-07-29 16:30:24 +03:00
Ben Batha 39be51943d add RUST_BACKTRACE=1 to make debugging ci failures easier 2016-07-29 09:23:29 -04:00
Onur Aslan 5ed77df197 Implement save_der for X509 and X509Req 2016-07-29 12:14:49 +03:00
Shaun Taheri 722a2bd673 Set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag 2016-07-24 20:55:15 +02:00
Steven Fackler 85f5b8629c Merge pull request #410 from jonas-schievink/passwd-callbacks 
Password callbacks
 2016-07-03 13:42:57 -04:00
Steven Fackler 5135fca87f Release v0.7.14 2016-07-01 18:43:39 -04:00
Steven Fackler 121169c1f5 Set auto retry 
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
 2016-07-01 18:31:47 -04:00
Jonas Schievink f24ab26936 FnMut -> FnOnce, update docs 2016-06-26 19:44:53 +02:00
Jonas Schievink 351bc569a4 Put the test behind the catch_unwind feature 
And fix an unused variable warning
 2016-06-26 18:25:54 +02:00
Jonas Schievink d176ea1c6e Add an RSA key decryption test 2016-06-26 18:25:54 +02:00
Jonas Schievink 41b78547ad Put password callbacks behind a cargo feature 2016-06-26 18:25:54 +02:00
Jonas Schievink c1b7cd2420 Make the callback take a `&mut [c_char]` 2016-06-26 18:25:54 +02:00
Jonas Schievink c399c2475d Add RSA::private_key_from_pem_cb 2016-06-26 18:25:54 +02:00
Jonas Schievink 8119f06ca5 Move into utility module 2016-06-26 18:25:54 +02:00
Jonas Schievink f0b4a032d5 Try to propagate callback panics 2016-06-26 18:25:54 +02:00
Jonas Schievink 311af7c3be Add PKey::private_key_from_pem_cb 2016-06-26 18:25:54 +02:00
Jonas Schievink f134b94729 Document BigNum 2016-06-13 16:56:48 +02:00
Corey Farwell f4f6412fcb Fix a few mutable types for `self` parameters. 2016-06-02 10:25:33 -04:00
Steven Fackler f6b612df5f Release v0.7.13 2016-05-20 15:57:57 -07:00
Steven Fackler 95051b060d Release v0.7.12 2016-05-16 23:04:03 -07:00
Steven Fackler 1b0757409d Rustfmt 2016-05-16 23:03:13 -07:00
Steven Fackler 2077449bc8 Clean up RSA signature API 2016-05-16 23:03:13 -07:00
Steven Fackler d3230874ae Merge pull request #393 from nox/bitflags 
Allow bitflags 0.7
 2016-05-15 22:11:47 -07:00
Steven Fackler 62c29b54c1 Update cert 
Now with a 10 year expriation
 2016-05-15 22:11:10 -07:00
Anthony Ramine 2c2c272e6a Allow bitflags 0.7 2016-05-15 12:27:49 +02:00
Steven Fackler dce59a63c5 Merge pull request #389 from cmsd2/master 
expose rsa from raw private key and rsa sign and verify
 2016-05-06 15:12:19 -07:00
Chris Dawes f82a1c4f75 add rsa signature tests 2016-05-05 23:41:55 +01:00
Steven Fackler 78122a9d68 Release v0.7.11 2016-05-05 13:32:27 -07:00
Chris Dawes a5ede6a851 add missing NIDs and use Nid as input to signing 2016-05-04 09:00:05 +01:00
Steven Fackler 49db4c84df Add a new trait based Nid setup 2016-05-03 21:15:39 -07:00
Steven Fackler 356d4a0420 Remove AsRaw{Fd, Socket} impls 
An SslStream can't really act as a raw socket since you'd skip the whole
TLS layer
 2016-05-03 20:24:07 -07:00
Steven Fackler f1846bce78 Remove silly internal error enum 2016-05-03 20:24:07 -07:00
Steven Fackler 00f517d2cd Drop MaybeSslStream 
It should be inlined into crates that depend on it.
 2016-05-03 20:24:07 -07:00
Steven Fackler 085b2e6f03 Drop is_dtls methods on SslMethod 2016-05-03 20:24:07 -07:00
Steven Fackler f09ca6fee2 Clean up SNI APIs 2016-05-03 20:24:07 -07:00
Steven Fackler 61f65cd8d6 Move SslContext::set_verify to a closure based API 2016-05-03 20:24:07 -07:00
Steven Fackler 696b1961ce Rename getters in line with conventions 2016-05-03 20:24:07 -07:00
Steven Fackler a0549c1606 Adjust set_ssl_context API 2016-05-03 20:24:07 -07:00
Steven Fackler fa62232649 Error reform 2016-05-03 20:24:07 -07:00
Steven Fackler 58654bc491 Remove deprecated methods 2016-05-03 20:24:07 -07:00
Steven Fackler de47d158c2 Remove NonblockingSslStream 2016-05-03 20:24:07 -07:00
Chris Dawes 6f410a25b2 take enum instead of ints from openssl header file 2016-05-03 22:17:07 +01:00
Chris Dawes 6bbb21779b add constructor for private keys from bignums 2016-05-03 19:46:08 +01:00
Steven Fackler b7de627eec Update openssl version in CI 2016-05-03 08:47:28 -07:00
Steven Fackler 9b1eb6d94d Add a version of Ssl::set_verify that doesn't set a callback 2016-05-01 20:45:49 -07:00
Steven Fackler c7e68637bb Merge pull request #388 from frewsxcv/lifetimes 
Remove unnecessary explicit lifetimes.
 2016-05-01 19:20:25 -07:00
Corey Farwell 487232b52d Remove unnecessary explicit lifetime. 2016-05-01 21:28:51 -04:00
Steven Fackler 59c13aea84 Still check UTF validity in dnsname 2016-05-01 18:14:33 -07:00
Steven Fackler 2cfb25136f Document SAN APIs and tweak accessor names 2016-05-01 09:09:51 -07:00
Steven Fackler 87782b22cf Implement IntoIterator for &GeneralNames 2016-04-30 21:32:29 -07:00
Corey Farwell bf7076b785 Implement `iter` method on `GeneralNames`. 2016-05-01 00:02:10 -04:00
Steven Fackler 7b73003b67 Add X509StoreContext::error_depth 2016-04-30 09:27:50 -07:00
Steven Fackler 62a7dd10e5 Add Ssl::set_verify 
It also uses a better, closure based API than the existing callback
    methods.
 2016-04-30 08:09:12 -07:00
Steven Fackler 50024ce33b Ignore default verify paths test on windows 2016-04-29 21:40:16 -07:00
Steven Fackler 8a5d3ea015 Merge pull request #385 from mbrubeck/bitflags-0.6 
Upgrade to work with bitflags 0.5 and 0.6
 2016-04-29 21:18:03 -07:00
Steven Fackler a7bade104c Merge pull request #381 from chaaz/master 
Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb)
 2016-04-29 21:17:17 -07:00
Steven Fackler 32722e1850 Add accessors for x509 subject alt names 2016-04-29 21:15:32 -07:00
Matt Brubeck ee12087743 Upgrade to work with bitflags 0.5 and 0.6 2016-04-29 13:19:39 -07:00
Steven Fackler caf9272c85 Start on GeneralName 2016-04-28 22:16:29 -07:00
Charlie Ozinga 5682c04469 Remove des_cfb and des_ofb, since they appear on limit platforms 2016-04-19 17:28:19 -06:00
Steven Fackler 54fc1df712 Release v0.7.10 2016-04-16 20:57:12 -07:00
Steven Fackler c60e831cc4 Add docs for set_default_verify_paths 2016-04-16 20:49:46 -07:00
Steven Fackler c2e72f6641 Add SslContext::set_default_verify_paths 2016-04-16 20:47:32 -07:00
Charlie Ozinga 2062d48dd2 Add 1DES symm ciphers (des-cbc, des-ecb, des-cfb, des-ofb) 
1DES is well and truly dead for actual sensitive information, (its
keysize is too small for modern purposes), but it can still find use in
backwards compatiblity or educational applications.
 2016-04-14 03:44:43 -06:00
Steven Fackler b94ea8598c Update for nightly changes 2016-04-13 19:30:08 -07:00
Steven Fackler c48dcde568 Update lazy_static 2016-04-13 19:28:04 -07:00
Steven Fackler 9511a9bc19 Merge pull request #380 from Yoric/master 
Resolves #378 - Module version with the version information
 2016-04-13 14:45:49 -07:00
David Rajchenbach-Teller 0c48f9a0e0 Resolves #378 - Module version with the version information 2016-04-13 23:29:25 +02:00
Rico Huijbers 00282de2a5 Add ability to set session ID context on an SSL context 
This is necessary to make authentication with client certificates work
without session restarts.
 2016-04-13 21:38:23 +02:00
Kevin King fa5537de81 copy PKey using DER encode and decode 
test that fields of cloned private and public keys can be accessed
 2016-04-10 00:16:31 -04:00
Steven Fackler d143203f88 Release v0.7.9 2016-04-06 21:34:20 -07:00
Kevin King 4016edd4de add EVP_PKEY_copy_parameters to FFI 
copy EVP_PKEY params in PKey::clone

test that PKey::clone creates a copy
 2016-04-06 19:39:50 -04:00
Joe Wilm c4b7b85d99 Add safe wrapper BioMethod for ffi::BIO_METHOD 
Adds a wrapper for ffi::BIO_METHOD located at ssl::bio::BioMethod. This
enables SslStream to be Send without doing an unsafe impl on the ffi
struct.
 2016-04-04 16:08:38 -07:00
Steven Fackler 02f114faae Cleanup 2016-03-27 13:37:00 -07:00
Steven Fackler c4187638a8 Update for nightly changes 2016-03-27 13:29:24 -07:00
Leon Anavi 6d4bfaa490 Cast correctly c_char raw pointers (fixes build on ARM #363) 
Fix error caused by mismatched types while building crate
openssl for Raspberry Pi 2 and other ARM devices.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 2016-03-22 00:16:56 +02:00
Steven Fackler e0412850ec Release v0.7.8 2016-03-18 08:54:12 -07:00
Ms2ger 6d043b3700 Allow Rust to infer the type of the argument to SSL_CIPHER_description. 
This allows the code to compile on Android, where an unsigned char is
expected.
 2016-03-18 15:44:47 +01:00
Steven Fackler ade90bf004 Clean up BIO name 2016-03-17 22:27:16 -07:00
Steven Fackler a9a18cf337 Simplify panic safety logic for new nightly 2016-03-17 22:23:51 -07:00
Steven Fackler a569df29f4 Release v0.7.7 2016-03-17 09:04:23 -07:00
Alex Crichton 3467cf343f Fix nightly warnings about zero-sized fn pointers 2016-03-11 12:57:56 -08:00
Steven Fackler 23fd427900 Merge pull request #353 from bluejekyll/master 
adding functionality to directly get and set RSA public key material
 2016-03-05 13:57:53 -08:00
Benjamin Fry 3e5b65b7fa making from_raw() unsafe 2016-03-05 13:43:14 -08:00
Steven Fackler 2fe3e48487 Stop testing sslv2 feature on Travis 
OpenSSL removed support for this entirely in the most recent release.
 2016-03-01 11:05:41 -08:00
Steven Fackler 90ce50730b Update source URL for new OpenSSL release 2016-03-01 10:02:34 -08:00
Steven Fackler 1f5800fe2c Merge pull request #356 from erikjohnston/conninfo 
Add support for SSL_CIPHER
 2016-03-01 09:20:36 -08:00
Erik Johnston 80ac6e54ac Make SSLCipher.bits() return a struct. 2016-02-29 21:23:34 +00:00
Erik Johnston 04cbf049c0 Add SSL_get_version 2016-02-29 20:14:48 +00:00
Benjamin Fry 3fb2c48c98 added public key material to the constructor 2016-02-28 22:05:19 -08:00
Kalita Alexey b37bbba78f Bump bitflags to 0.4 2016-02-28 08:28:25 +04:00
Benjamin Fry 6ebe581308 review fixes, keep raw RSA initiallization private 2016-02-23 20:49:21 -08:00
Benjamin Fry ef95223d26 adding functionality to directly get and set RSA key material 2016-02-17 23:18:42 -08:00
Erik Johnston 1e9667ea89 Add support for SSL_CIPHER 2016-02-17 22:38:32 +00:00
Steven Fackler 3df4c479c9 Release v0.7.6 2016-02-10 09:36:00 -08:00
Steven Fackler 643a4a58c9 More deprecated function cleanup 2016-02-08 23:20:19 -08:00
Steven Fackler e3e4aa4472 Stop using deprecated method 2016-02-08 23:12:54 -08:00
Joe Wilm fe0f8ea1d8 Rename Nid uid/UID to prevent breakage 2016-02-02 14:32:57 -08:00
Joe Wilm 4940ca7e92 Fix Nid::UID value 
Nid::UID (userId) previously held the value of Nid::uid
(uniqueIdentifier).
 2016-02-02 09:25:52 -08:00
Steven Fackler 627f394d59 Revert "Revert "impl Clone for PKey and X509 by using their 'references' member"" 2016-01-31 20:38:36 +00:00
Steven Fackler 4e58fd10de Fix PKey RSA constructors 
`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.

Also make RSA a pointer and actually free it.
 2016-01-30 13:12:06 -08:00
Steven Fackler 8ab4b54541 Revert "impl Clone for PKey and X509 by using their 'references' member" 2016-01-28 23:37:27 -08:00
Steven Fackler 274715fad0 Merge pull request #343 from jimmycuadra/ordered-extensions 
Preserve X.509 extension insertion order
 2016-01-28 22:37:48 -08:00
Steven Fackler 87f94c832f Bump openssl version to test with 2016-01-28 22:21:10 -08:00
Jimmy Cuadra 5e0830286e Preserve X.509 extension insertion order. 
Ensures that extensions that are order-dependent are inserted in the
same order when calling out to OpenSSL during certificate signing.

Fixes #327.
 2016-01-28 20:02:44 -08:00
Steven Fackler 7610804c9d Remove unwraps from rsa accessors 2016-01-22 19:10:22 -08:00
Steven Fackler 18e7e2455c Merge pull request #330 from esclear/master 
Add a interface to RSA structs
 2016-01-22 19:07:38 -08:00
Steven Fackler d25858cb57 Exclude test directory from package 2016-01-22 16:34:31 -08:00
Steven Fackler 2ece5b1039 Release v0.7.5 2016-01-22 15:57:21 -08:00
Steven Fackler b7d3357f37 Fix connect and accept error reporting 
We were previously trying to create an error twice so the second
wouldn't be correct.
 2016-01-22 15:34:31 -08:00
Daniel Albert 3ee2bf9310 Fix up RSA integration 2016-01-20 20:29:06 +00:00
Daniel Albert 74db7db560 Merge branch 'master' of https://github.com/sfackler/rust-openssl 2016-01-20 19:59:41 +00:00
Steven Fackler 95a83c477c Merge pull request #334 from jmesmon/ssl-context 
ssl: fix refcounting of SslContext when set_ssl_context is used
 2016-01-19 20:04:44 -08:00
Cody P Schafer 36a667be49 x509: impl Clone using references & CRYPTO_add() 2016-01-19 22:04:51 -05:00
Cody P Schafer 3c51f159a7 crypto/pkey: impl Clone for PKey using openssl's ref counting 2016-01-19 22:04:51 -05:00
Cody P Schafer d1825c7a86 openssl/ssl/context: test that we are refcounting correctly 
Not a perfect test, on failure it _might_ exit with this output:

Process didn't exit successfully:
`/home/cody/g/rust-openssl/openssl/target/debug/openssl-8e712036e3aac4fe`
(signal: 11)

But unclear if we can do any better.
 2016-01-18 16:40:14 -05:00
Cody P Schafer dacde211c3 ssl: fix refcounting of SslContext when set_ssl_context is used 
Additionally impl Clone for SslContext to both allow us to use it &
allow external users to take advantage of SslContext's internal
refcount.

Maintain the existing signature for set_ssl_context(), but
add inline comments recommending changing it.

Fixes #333
 2016-01-18 15:37:13 -05:00
Daniel Albert 1f45723b39 Fix incorrect unsafe declaration 2016-01-12 20:57:01 +00:00
Daniel Albert 7e8df9febd Adhere to rust conventions 2016-01-12 18:15:07 +00:00
Steven Fackler 86e2f81f43 Fix should_panic check 2016-01-11 23:45:12 -08:00
Steven Fackler 1865dd7374 Test nightly on travis 2016-01-11 22:38:06 -08:00
Steven Fackler fd6454f625 Add stream panic propagation behind a nightly feature gate 2016-01-11 22:36:58 -08:00
Daniel Albert 1238405637 Make the BigNum generation from a native pointer unsafe 2016-01-09 22:09:38 +00:00
Steven Fackler b32a50797c Merge pull request #328 from Cyberunner23/PemRSA 
Add support for RSA PEM files.
 2016-01-09 13:08:00 -08:00
Cyberunner23 c0b9a4c8ec Added tests for private_rsa_key_from_pem() and public_rsa_key_from_pem() 2016-01-09 14:36:01 -05:00
Will Tange 89e88727ff Mark PKey as `Send` and `Sync` 
Provided that the locking function is set, the underlying `ffi::EVP_KEY`
type should be safe to use across threads.
 2016-01-07 06:33:25 +01:00
Cyberunner23 1d3277fbee Added private_rsa_key_from_pem and public_rsa_key_from_pem. 2016-01-05 13:22:56 -05:00
Daniel Albert 578fac7e80 Add public interface to access BigNums from RSA keys 2016-01-01 19:46:03 +00:00
Daniel Albert 5e5d24ee25 Implement the possibility to create BigNums from their ffi counterpart 2016-01-01 19:36:29 +00:00
Daniel Albert 5813ca371d Add RSA structs 2016-01-01 19:33:49 +00:00
Steven Fackler 926c8167be Release v0.7.4 2015-12-18 22:41:46 -08:00
Steven Fackler 11129aa521 Rustfmt 2015-12-18 22:34:30 -08:00
Steven Fackler a31acdbb93 Fix deprecation location 2015-12-18 22:21:23 -08:00
Steven Fackler e85b49d375 Work around the worst of clone bogusness 
SslStream::{clone,try_clone} are inherently broken since the Ssl object
shared by both streams is only going to be talking to one stream. Stuff
like hyper depends on try_clone, so we'll leave it here for now but
minimize the brokenness to "no worse than what it used to be like".
They'll be removed in 0.8.

cc #325
 2015-12-18 21:20:47 -08:00
Steven Fackler 5fa46d428d Release v0.7.3 2015-12-17 21:25:48 -08:00
Steven Fackler e077ed0b4d Disable cross compilation for now 2015-12-17 21:13:44 -08:00
Steven Fackler 053c924d5a Fix nonblocking behavior 
A new nonblocking socket may not have finished connecting yet, so reads
and writes can return ENOTCONNECTED which we should reinterpret into a
WantRead or WantWrite

Closes #323
 2015-12-17 16:54:11 -08:00
Steven Fackler ccab187f5a Travis fixes 2015-12-16 23:51:19 -08:00
Steven Fackler 2cf65fc68d Stop using manifest-path for now 
Some ssl tests depend on the working directory being openssl
 2015-12-16 23:39:29 -08:00
Steven Fackler e7744874f4 Try cross compiling 2015-12-16 23:25:19 -08:00
Steven Fackler 2531ac9a45 Test overhaul + add an arm cross compile build 
The ARM build doesn't do anything yet
 2015-12-16 22:52:30 -08:00
Ondrej Perutka 02d2230a76 Fix regression of c_char type mismatches on ARM 2015-12-16 11:11:14 +01:00
Steven Fackler 157e6aa961 Rustfmt 2015-12-15 21:51:20 -08:00
Steven Fackler edfb318e0b Fix bounds on ssl_read and ssl_write 2015-12-15 20:06:07 -08:00
Steven Fackler 13f7cfd9d8 Release v0.7.2 2015-12-15 19:41:57 -08:00
Steven Fackler 6d559bf1da Cleanup SNI stuff 2015-12-15 19:39:24 -08:00
Steven Fackler 3a0e64dca5 Cleanup 2015-12-15 19:33:36 -08:00
Steven Fackler 167008d247 Merge pull request #320 from uasi/add-variations-of-pbkdf2 
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
 2015-12-15 19:30:57 -08:00
Steven Fackler 514c5ec415 Merge pull request #309 from Geal/master 
Add support for Server Name indication (SNI) on the server's side
 2015-12-15 19:22:39 -08:00
Steven Fackler f2fae1f83f Document unused variant 
No reason to hide it
 2015-12-14 23:44:28 -08:00
Steven Fackler b8c8b770e3 Yet more AsRawSocket fixes 2015-12-12 18:01:21 -08:00
Steven Fackler ddedda1d03 More AsRawSocket fixes 2015-12-12 16:47:03 -08:00
Steven Fackler 63a45ac622 Fix AsRawSocket impls 2015-12-12 16:33:58 -08:00
Steven Fackler d6ce9afdf3 Have NonblockingSslStream delegate to SslStream 2015-12-12 15:46:17 -08:00
Steven Fackler 1df131ff81 Build out a new error type 2015-12-12 15:01:16 -08:00
Steven Fackler aa37dba0bc Make error handling more reliable 2015-12-10 21:58:22 -08:00
Tomoki Aonuma b6647cc610 Put pbkdf2_hmac_{256,512}() behind feature gate 
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
 2015-12-10 23:00:49 +09:00
Tomoki Aonuma e9b8627af2 Add PBKDF2-HMAC-SHA256 and -SHA512 functions 2015-12-10 20:29:52 +09:00
Steven Fackler 91f8c542f7 Replace SslStream implementation! 2015-12-09 23:30:29 -08:00
Steven Fackler 8f56897043 Implement read and write 2015-12-09 22:02:02 -08:00
Steven Fackler 9ee6f1c578 IT LIVES 2015-12-09 21:43:02 -08:00
Steven Fackler 4d883d488e Custom BIO infrastructure 2015-12-08 23:02:38 -08:00
Steven Fackler 8cc69267fd Bump openssl version for travis 2015-12-07 19:03:29 -08:00
Geoffroy Couprie 6850c810d3 Increment SSL_CTX's reference count in Ssl::get_ssl_context() 
Without this, whenever the returned SslContext is released,
the refcount of the underlying SSL_CTX will decrease and it
will be freed too soon
 2015-12-03 12:26:55 +01:00
Ondrej Perutka f54af75eb7 Cast correctly c_char raw pointers (fixes build on ARM #314) 2015-11-30 21:06:54 +01:00
Steven Fackler fce7cf4d36 Release v0.7.1 2015-11-28 16:14:58 -08:00
Geoffroy Couprie 7835ea1c90 Make shims for SSL_CTX_ctrl and SSL_CTX_callback_ctrl macro wrappers 2015-11-25 08:10:36 +01:00
Geoffroy Couprie e486944320 fix memory management 2015-11-25 07:51:22 +01:00
Geoffroy Couprie 667e3f44b9 Avoid freeing the SSL object when Ssl is dropped 2015-11-24 17:15:52 +01:00
Geoffroy Couprie dba3a0ced2 implement get/set ssl context 2015-11-24 17:11:00 +01:00
Geoffroy Couprie cb4263f91e test SNI support 2015-11-24 17:11:00 +01:00
Steven Fackler 6bb3d8f1b5 Implement try_clone for MaybeSslStream 
Closes #308
 2015-11-20 21:33:36 -08:00
Alex Gaynor 38b3b4a11e Fixed a typo in a comment. 2015-11-19 19:52:26 -05:00
Overmind JIANG 3c6c4a7b3d Fix a leak when using `EVP_PKEY_get1_RSA`. 
`EVP_PKEY_get1_RSA` returns a RSA structure with its reference count
increased by 1 and therefore we need to call `RSA_free` after finishing
using that value.
 2015-11-18 11:36:34 +08:00
Steven Fackler 82547f53d7 Release v0.7.0 2015-11-16 21:10:50 -08:00
Steven Fackler 1bc96a5b3d Remove deprecated X509 methods 2015-11-16 20:56:02 -08:00
Steven Fackler f36f610d07 Move HMAC_CTX_copy to sys-extras 2015-11-16 20:16:01 -08:00
Steven Fackler a8a10e64ad Split stuff requiring a shim out to a separate crate 2015-11-16 20:16:01 -08:00
Steven Fackler 8139fadbff Bump ws2_32-sys version 2015-11-16 20:16:01 -08:00
Steven Fackler 309b6d9f46 Switch to libc 0.2 2015-11-16 20:16:01 -08:00
Steven Fackler 03e4908c13 Move SSL methods to Ssl object, add getter 2015-11-16 20:16:01 -08:00
Steven Fackler fae44250f6 Fix feature gated sslv3 2015-11-16 20:16:01 -08:00
Steven Fackler be2cbabdb7 Revert "Revert "Merge pull request #280 from ltratt/libressl_build"" 
This reverts commit ae3d0e36d7.
 2015-11-16 20:16:01 -08:00
Steven Fackler b0cb0f7c40 Revert "Use AsRef for backwards compatibility with passing IV as Vec" 
This reverts commit d2d20a8377.
 2015-11-16 20:16:01 -08:00
Steven Fackler 65e1d08dd3 Merge pull request #300 from thommay/pkey_private_encrypt 
Provide public_decrypt, private_encrypt for PKEY
 2015-11-16 23:16:04 -05:00
Steven Fackler 776852ff2b Travis without sudo 2015-11-08 23:16:42 -08:00
Thom May 11e3b1b563 Provide public_decrypt, private_encrypt for PKEY 2015-10-28 18:15:55 +00:00
Steven Fackler 1e7ff1d8a8 Better debug impls 2015-10-26 21:43:52 -07:00
Alex Crichton c895b9f09f Get nonblocking tests working on OSX/Windows 2015-10-22 08:45:29 -07:00
Jamie Turner c37767df8f Nonblocking streams support. 2015-10-20 23:14:26 -07:00
Steven Fackler f318a2c84c Release v0.6.7 2015-10-14 22:25:35 -04:00
Steven Fackler ae3d0e36d7 Revert "Merge pull request #280 from ltratt/libressl_build" 
This reverts commit aad933e507, reversing
changes made to 60ee731408.
 2015-10-14 21:51:32 -04:00
Steven Fackler 8f5b67fed4 Merge pull request #286 from jedisct1/use_certificate_chain 
Add set_certificate_chain_file()
 2015-10-13 09:26:18 -04:00
Steven Fackler 81bc1edb61 Merge pull request #284 from bheart/cfb-mode 
AES CFB-mode feature
 2015-10-12 21:18:27 -04:00
Frank Denis a28253ee7d Add set_certificate_chain_file() 
SSL_CTX_use_certificate_chain_file() is preferred over
SSL_CTX_use_certificate_file().

It allows the use of complete certificate chains instead of loading
only the first certificate in a PEM file.
 2015-10-12 20:54:00 +02:00
Will Tange acbcb49414 AES CFB{1,8,128} mode support 2015-10-11 20:09:36 +02:00
Steven Fackler aad933e507 Merge pull request #280 from ltratt/libressl_build 
Fix build on LibreSSL.
 2015-10-10 21:56:20 -04:00
Steven Fackler 60ee731408 Merge pull request #277 from nixpulvis/read_public_pem 
Add public key PEM read function.
 2015-10-10 21:55:37 -04:00
Steven Fackler 677ed6ad1b Release v0.6.6 2015-10-05 22:34:32 +01:00
Laurence Tratt d7342a09a7 Fix build on LibreSSL. 
LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time
feature.

It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL
header says it is amongst "Obsolete flags kept for compatibility. No sane code
should use them."
 2015-10-03 17:25:38 +00:59
John Downey df93e5e90b Update documentation about SSLv23 
In OpenSSL world, the SSLv23 option is a poorly name method that will
negotiate what version of TLS or SSL to use. It starts with the best
version the library supports and then precedes to keep trying all the
way down to SSL 2.0.
 2015-10-02 16:22:11 -05:00
Nathan Lilienthal ffa9d330fd Add public key PEM read function. 2015-10-01 20:33:12 -04:00
Frank Denis ccc6d07da3 Add an ecdh_auto description 2015-09-25 15:23:52 +02:00
Frank Denis 28320a65a7 Add SSL::set_ecdh_auto() 
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
 2015-09-25 13:15:37 +02:00
Alex Crichton a91b6bf3bd Enable testing on Windows via AppVeyor 
This abolishes the test.sh script which spawns a bunch of `openssl` instances to
instead run/manage the binary in-process (providing more isolation to boot). The
tests have been updated accordingly and the `connected_socket` dependency was
also dropped in favor of `net2` as it the former doesn't work on Windows.
 2015-09-22 17:37:21 -07:00
Steven Fackler b1b76f7913 Merge pull request #266 from jmesmon/alpn 
ssl/npn+alpn: adjust protocol selection to fail if no protocols match
 2015-09-16 11:51:45 -07:00
Cody P Schafer 4c28eb706e ssl/alpn: test mismatch between protocols resulting in None 2015-09-16 13:35:12 -04:00
Steven Fackler 1c3f04138f Merge pull request #261 from jedisct1/try_ssl_null 
Use try_ssl_null!() when relevant
 2015-09-16 01:13:24 -04:00
Frank Denis 6a2b4402e9 Use try_ssl_null!() when relevant 2015-09-13 12:45:05 +02:00
Frank Denis 6666a1818a Add DH::from_pem() to load DH parameters from a file 2015-09-13 12:44:50 +02:00
Steven Fackler f4bf55faa3 Merge pull request #270 from mvdnes/crypto_segv 
Check if public/private RSA key is properly loaded
 2015-09-11 11:31:15 -04:00
Mathijs van de Nes 87d5c0e429 Fix one call to RSA_size found by tests 2015-09-11 09:24:24 +02:00
Mathijs van de Nes 3be32528e5 Add tests to ensure a panic occurs instead of segv 2015-09-11 09:23:51 +02:00
Mathijs van de Nes 0eb2f0ecfa Check rsa.is_null() before passing it to RSA_size 
RSA_size will cause an segmentation fault if it is null
 2015-09-10 13:04:25 +02:00
Mathijs van de Nes 02b109bf04 Check _fromstr function for success 2015-09-10 12:58:40 +02:00
Alex Gaynor 4781a3304a Make the docs say that load_pub/save_pub methods take DER bytes 2015-09-09 19:58:45 -04:00
Cody P Schafer 50c5042c70 ssl/npn+alpn: adjust protocol selection to fail if no protocols match 
The current behavior causes a server written using rust-openssl to (if
it cannot negotiate a protocol) fallback to the first protocol it has
avaliable.

This makes it impossible to detect protocol mismatches.

This updates our selection to be more similar to how openssl's
s_server behaves: non-matching protocols are not supplied with a
fallback.

Note that some setups may actually want a fallback protocol supplied
via ALPN. To support those cases, we should consider adding a generic
callback that allows protocol selection to be entirely controlled by
the programmer.

For the purposes of having a sane default, however, not supplying a
default (and mimicing s_server's behavior) is the best choice.
 2015-09-01 17:14:04 -04:00
Cody P Schafer 164f3f0873 openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPN 2015-09-01 17:13:39 -04:00
Steven Fackler e28b73e1f6 Merge pull request #259 from jedisct1/dh 
Add support for DHE for forward secrecy
 2015-09-01 00:10:03 -04:00
Steven Fackler 7b0b70bd13 Release v0.6.5 2015-08-31 19:10:27 -07:00
Frank Denis 9add4e1001 Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy. 
rust-openssl didn't support forward secrecy at all.

This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.

With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::dh::DH;
    let dh = DH::get_2048_256().unwrap();
    ctx.set_tmp_dh(dh).unwrap();

With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):

    use openssl::bn::BigNum;
    use openssl::dh::DH;
    let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
    let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
    let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
    let dh = DH::from_params(p, g, q).unwrap();
    ctx.set_tmp_dh(dh).unwrap();
 2015-08-31 23:12:57 +02:00
Steven Fackler dc8cba4822 Merge pull request #251 from ebarnard/evp_bytestokey 
Expose EVP_BytesToKey
 2015-08-23 13:37:55 -04:00
Edward Barnard 8067565707 Expose EVP_BytesToKey 
This is based on work by pyrho.
Closes #88
 2015-08-23 17:08:18 +07:00
Steven Fackler 4cb68efd99 Merge pull request #253 from manuels/master 
Add get_state_string()
 2015-08-19 02:31:15 -04:00
Manuel Schölling 3fe3d57976 Add get_state_string() 2015-08-17 19:01:43 +02:00
Steven Fackler fa5c4cb5df Fix openssl source link in tests 2015-08-15 14:37:03 -07:00
Steven Fackler 769b8312d8 Merge pull request #240 from jethrogb/topic/x509_req_extension 
Implement certificate extensions for certificate requests
 2015-08-15 16:04:42 -04:00
Steven Fackler df32e53afa Grab errno for directstream want errors 2015-08-10 22:29:34 -04:00
Steven Fackler 69cbd14540 Handle WantWrite and WantRead errors 2015-08-08 12:25:16 -07:00
Steven Fackler a10604e15d Merge pull request #243 from manuels/master 
Fix probelms with DTLS when no packets are pending.
 2015-08-02 22:27:19 -04:00
Steven Fackler 02dc3eda2f Merge pull request #242 from awelkie/master 
Added AES CTR-mode under feature flag.
 2015-08-02 22:25:09 -04:00
panicbit c7eded31a7 Expose ssl::init 2015-07-26 18:28:25 +02:00
Andrew Dunham ab7bfad225 Add function to write RSA public key as PEM 2015-07-23 22:30:07 -07:00
Steven Fackler 3fc8482d36 Make curl follow redirects 2015-07-23 21:51:06 -07:00
Manuel Schölling a43011d77c Fix probelms with DTLS when no packets are pending. 
When using DTLS you might run into the situation where no packets
are pending, so SSL_read returns len=0. On a TLS connection this
means that the connection was closed, but on DTLS it does not
(a DTLS connection cannot be closed in the usual sense).
This commit fixes a bug introduced by c8d23f3.

Conflicts:
	openssl/src/ssl/mod.rs
 2015-07-18 13:00:34 +02:00
Allen Welkie b478c29151 Added AES CTR-mode under feature flag. 2015-07-15 20:45:18 -04:00
Jethro Beekman 90dd54b541 Implement certificate extensions for certificate requests 2015-07-08 13:37:35 -07:00
Jethro Beekman 1e4cba36e8 Add missing C-string conversion, fixing recent build errors 2015-07-08 11:05:18 -07:00
Steven Fackler 3351d5b807 Merge pull request #227 from jethrogb/topic/x509_name 
Allow setting of arbitrary X509 names
 2015-07-08 10:21:19 -07:00
Steven Fackler 0cb4368ef8 Merge pull request #221 from jethrogb/topic/ssl_options 
Several SSL option fixes
 2015-07-08 10:20:33 -07:00
Jethro Beekman e3c562d6a0 Fix/add more X509generator tests 2015-07-08 10:09:40 -07:00
Jethro Beekman 1bcbe8f4bc Add X509generator.add_names method 2015-07-08 10:09:40 -07:00
Jethro Beekman f2b0da1de7 Add public add_name method to X509Generator 2015-07-08 10:08:41 -07:00
Jethro Beekman 11bcac01ec Replace CN field by names vector 2015-07-08 10:06:52 -07:00
Steven Fackler 3229296105 Merge pull request #233 from jethrogb/topic/x509_extension 
Allow setting of arbitrary X509 extensions
 2015-07-08 03:10:40 -04:00
Steven Fackler cc497b4768 Release v0.6.4 2015-07-06 11:09:03 -07:00
Ms2ger f4afe615dd Unpin the bitflags version. 
This dependency causes Servo to depend on multiple versions of the bitflags
crate.
 2015-07-06 19:47:59 +02:00
Jethro Beekman aeefa364b7 Decouple C SSL Option bit flags from Rust version 
The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL
versions. To avoid having to change the Rust definitions, we implement our
own numbering system in Rust, and use an automatically-generated C shim to
convert the bitflags at runtime.
 2015-07-01 21:49:11 -07:00
Jethro Beekman f9a836fae9 tabs to spaces 2015-07-01 00:18:45 -07:00
Jethro Beekman 93eb0cfa2d Add documentation on X509 Extensions 2015-07-01 00:18:45 -07:00