| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Previously we encoded them as UTF-8, but as best I can tell in reality a
BMPString is fixed-width basic multilingual plane big endian encoding.
This is basically UCS-2 (aka original Unicode). However, Python doesn't
support UCS-2 encoding so we need to use utf_16_be. This means you can encode
surrogate code points that are invalid in the context of what a
BMPString is supposed to be, but in reality I strongly suspect the sane
encoding ship has sailed and dozens if not hundreds of implementations
both do this and expect other systems to handle their nonsense.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* document that an ECPublicNumbers object has some unexpected properties
It is not guaranteed to be a valid point on the curve as that is not
checked until you convert it to a PublicKey object.
* different language
* move the text, make it a warning, alter the language
* new language
|
| |
|
|
| |
Duplicate attributes now raise an error instead of silently discarding
duplicates.
|
| |
|
| |
We have an existence proof that the latter assertion can be triggered, and I bet the former can too.
|
| |
|
| |
And not expose an unprefixed name to anyone who dlopens us.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* set an OPENSSL_API_COMPAT level
this helps prevent adding deprecated functions and will let us see what
we need to/can prune in the distant future when we support only 1.1.0+
* raise the api compat to 1.0.1 (which doesn't matter but is less confusing)
|
| |
|
|
|
|
| |
* Make the docs clearer on why truncated tags are a bad idea
* clarify
|
| | |
|
| |
|
|
| |
(#4308)
|
| |
|
| |
but key_size is nonsense and we'll deprecate it next
|
| |
|
|
|
|
|
|
|
|
| |
So pyca/cryptography's Python classifier already claims support
of Python 3.7, but there is no testing matrix for it. This patch
adds the recently released Python 3.7 to the matrix of testing.
It requires sudo:true and xenial to pass.
Fixes Issue #4301
Signed-off-by: Eric Brown <browne@vmware.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In #4220, I switched BIO_new to take a const pointer (true in 1.1.0, but
not 1.0.2) on grounds that:
This also folds in the const bits from 1.1.0, on the assumption that,
now that the function pointer check is gone, it will just cause cffi to
generate more conservative pointer types that work for 1.0.2 as well.
But I got this backwards. If the bindings say BIO_METHOD*, cffi will
pass a BIO_METHOD* to BIO_new, which works in both OpenSSL versions. If
it says const BIO_METHOD*, cffi will pass const BIO_METHD* to BIO_new,
which does not work in 1.0.2.
(Although cryptography.io's build ignores all these warnings anyway, so
it's kind of moot.)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In 2005, IETF devised a more secure padding scheme to replace PKCS #1
v1.5. To make sure that nobody can easily support or use it, they
mandated lots of complicated parameters in the certificate, unlike any
other X.509 signature scheme.
https://tools.ietf.org/html/rfc4055
`_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be
supported as-is, because the hash algorithm is defined in the signature
algorithm parameters, not by the OID itself.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test against python 3.7 for windows
* update docs to say we test on 3.7
* more succinct
* maybe make this actually work.
* link properly
* moar changes
|
| | |
|
| |
|
| |
These are required by the Tribler project.
|
| |
|
|
|
|
|
|
|
|
| |
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests
* Make this binding conditional
* typo
* need to put this call before we reset the function ptrs
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add clearer message in Cipher when key is not bytes
* Change location of key type check to verify_key_size function
* Replace formated error message with static
* Add key type check tests to all ciphers constructors
* Change key type error message to lowercase
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add downstream tests for awslabs/aws-dynamodb-encryption-python
* require recent OpenSSL for awslabs/dynamodb-encryption-python downstream tests
|
| |
|
| |
Their tests appear to require ALPN now, and the OpenSSL 1.0.1 that comes with the travis image doesn't have ALPN.
|
| |
|
|
|
|
|
|
| |
* libre 2.7.3 compatibility
* add a changelog
* actually build against 2.7.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove defines for openssl 1.1.0 pre
* Update bio.py
* Update dh.py
* Update dsa.py
* Update rsa.py
* Update x509_vfy.py
* Compress branches
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* deprecate the constant time bytes comparison path old python 2.7.x uses
* pep8
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed build errors on HP-UX.
* PEP 8 style fix.
* No return for void function.
* PEP 8 style fix, take 2.
|
| |
|
|
|
|
| |
* build and test libre on travis
* remove libressl jenkinsfile data
|
| |
|
| |
The `AuthorityKeyIdentifier.authority_cert_issuer` docs state that it returns a `Name` instance, but it [actually returns a list of `GeneralName` instances or `None`](https://github.com/pyca/cryptography/blob/master/src/cryptography/x509/extensions.py#L157).
|
| |
|
|
|
|
| |
* Fixes #4228 -- move downstream builders to travis
* Use upstream twisted now that we've confirmed the problem
|
| |
|
|
|
|
| |
Internal block size isn't a particularly useful piece of information and
constructions like SHA3 make it even harder to determine what that
really means. Accordingly, we're removing it from the interface (but
leaving it on all existing hashes)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes:
- ERR_get_state which really shouldn't be public API.
- A bunch of functions that are really mostly useful within the library
to add new errors. NB: I say mostly because they are also useful when
trying to register a new error library, as osrandom does, but osrandom
is written in C. Python code is more likely to be consuming errors.
- All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still
reference it. Per PR #3609, function codes are kind of unstable. This
finishes that up and cleans up the bindings.
- The "line" versions of querying the error queue, just because no one
seems to be using them and there's a lot.
- Error-printing functions, which make less sense in Python since you'd
probably wrap in an exception.
Error codes probably could also do with cleaning, but I've left them
alone for now.
|
| |
|
|
|
|
|
|
|
|
|
| |
They are unused.
These functions have two purposes. They can be used to pass your own
value of k, or to amoritize the cost of generating k. Messing up k is
catastrophic to ECDSA, so best not to expose that one. ECDSA signing is
also quite fast, so there isn't much point in the latter. (The API comes
from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same
as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening
features that have to get skipped when doing this.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Future proofing use of the six python version constants
After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.
[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/
Signed-off-by: Eric Brown <browne@vmware.com>
* Use not PY2 instead
|
| |
|
|
|
|
| |
RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and
RSA_X931_PADDING are obsolete. The low-level padding functions appear
unused and the EVP_PKEY stuff is probably a bit nicer than expecting
callers to RSA_NO_PADDING and do the padding by hand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
| |
This is a remnant of the function code checking when this logic looked
at both encrypt/decrypt versions of this error code.
|
| |
|
| |
These are unused. (And not especially useful.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up unused EC bindings.
A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.
I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.
I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.
* Fix build issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove unused BIO bindings.
This also folds in the const bits from 1.1.0, on the assumption that,
now that the function pointer check is gone, it will just cause cffi to
generate more conservative pointer types that work for 1.0.2 as well.
* Restore some functions used externally.
Datagram BIO_CTRL_* constants are intentionally omitted per discussion
on the PR.
|
| | |
|
| |
|
|
| |
http://blog.pytest.org/2016/whats-new-in-pytest-30/
https://twitter.com/hashtag/dropthedot
|
| | |
|
