| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Add PBKDF2-HMAC-SHA256 and -SHA512 functions
|
| | |
| |
| |
| | |
PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This sets automatic curve selection and enables ECDH support.
Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
|
| |
|
|
|
|
|
| |
This abolishes the test.sh script which spawns a bunch of `openssl` instances to
instead run/manage the binary in-process (providing more isolation to boot). The
tests have been updated accordingly and the `connected_socket` dependency was
also dropped in favor of `net2` as it the former doesn't work on Windows.
|
| |\
| |
| | |
Add support for DHE for forward secrecy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rust-openssl didn't support forward secrecy at all.
This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114
parameters, which are conveniently exposed since OpenSSL 1.0.2.
With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple
as (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::dh::DH;
let dh = DH::get_2048_256().unwrap();
ctx.set_tmp_dh(dh).unwrap();
With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the
DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup):
use openssl::bn::BigNum;
use openssl::dh::DH;
let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap();
let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap();
let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap();
let dh = DH::from_params(p, g, q).unwrap();
ctx.set_tmp_dh(dh).unwrap();
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
| |
This dependency causes Servo to depend on multiple versions of the bitflags
crate.
|
| |
|
|
|
|
|
|
|
|
| |
Heavily based on the existing NPN wrapping code. Naming of public
functions is identical to the NPN ones with `s/npn/alpn/` applied to
prevent devs from needing to remember 2 names (and to let my copy the
npn tests and perform the subistution to generate the apln tests).
It might make sense to (at some point) use macros or a trait to cut down
the duplication.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Turns out this is called with a null pointer if you never set the data
which didn't end up doing anything until the recent zeroing drop
changes.
Also use a map of indexes since statics in generic functions don't
monomorphize
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
add support for SSL_CTX_set_options and SSL_CTX_get_options
|