| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Switch from 12.04 to 14.04 on travis
* test?
* fix for pyenv
* sigh
* try removing this entirely
* one more try
* empty commit to retrigger travis
|
| |
|
|
|
|
|
|
| |
* Delete some code
* removed import
* delete more code
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #3533 -- made GCM mode object immutable
* flake8
* Fix for older openssl
* fix
* fix
* sigh, fix
* fixed
* dropped negation
* computers are bad
* A test
* This implements an interface
|
| |
|
|
|
|
|
|
| |
* Replace release automation with click
* Fix
* fix
|
| |
|
|
|
|
|
|
| |
* remove multibackend
* oops
* goodbye pointless tests
|
| |
|
|
|
|
|
|
| |
* Dropped support for really old macOS
Fixes #3503
* literally, how does spelling
|
| | |
|
| |
|
|
|
|
|
|
| |
* More accurate LibreSSL detection
* Update x509_vfy.py
change approach to use ifndef
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't raise an UnsupportedExtension for critical extensions.
Fixes #2903
Fixes #2901
Fixes #3325
* Don't link
* Revert "Don't link"
This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6.
* fix
* Revert "Revert "Don't link""
This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed.
* fix
* Deprecate this
* Better changelog entry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add PEM_write_bio_DHxparams
* Define PEM_write_bio_DHxparams only if EVP_PKEY_DHX defined.
Both added in commit afb14cda in openssl
* Add d2i_DHxparams_bio and i2d_DHxparams_bio bindings
* Fix bindings addition
* change condtional bindings to be after 1.1.0f
* Change i2d_DHxparams_bio return type
* define Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Remove d2i_DHxparams_bio, i2d_DHxparams_bio bindings
* Add declarations for Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Move Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio declaration to MACROS
* Add Cryptography_d2i_DHxparams_bio, Cryptography_i2d_DHxparams_bio and PEM_write_bio_DHxparams to _coditionals.py
* Make sure we did not define EVP_PKEY_DHX
|
| |
|
|
|
|
| |
* Don't skip DH tests when dhx unsupported and no dhx is required
* Add is_dhx parameter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added a binding that will be useful for AIA chasing
* another function
* This is required
* void arguments are morally complex
* These are macros
* fixes
* This has existed for a while
* long line
* typo
* Cory wants this as well
* This is conditional
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#3539)
* Document our real API for EC verification, not an accident
* formatting consistency
* fix the code itself
* fixed class name
* fixed a test too
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* postpone GCM authentication tag requirement until finalization
Add a .finalize_with_tag() variant of the .finalize() function of
the GCM context. At the same time, do not enforce the requirement
of supplying the tag with the mode ctor. This facilitates
streamed decryption when the MAC is appended to the ciphertext
and cannot be efficiently retrieved ahead of decryption.
According to the GCM spec (section 7.2: “Algorithm for the
Authenticated Decryption Function”), the tag itself is not needed
until the ciphertext has been decrypted.
Addresses #3380
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
* disallow delayed GCM tag passing for legacy OpenSSL
Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of
OpenSSL which is no longer supported by upstream. This library
seems to cause erratic test failures with the delayed GCM tag
functionality which are not reproducible outside the CI.
Unfortunately OpenSSL v1.0.1 does not even document the required
API (``EVP_EncryptInit(3)``) so there is no by-the-book fix.
For backends of version 1.0.1 and earlier, verify the GCM tag
at the same stage as before.
Also, indicate to the user that late passing of GCM tags is
unsupported by throwing ``NotImplementedError`` for these backend
versions if
- the method ``finalize_with_tag()`` is invoked, or
- the mode ctor is called without passing a tag.
Unit tests have been adapted to account for different backend
versions.
|
| | |
|
| | |
|
| |
|
| |
The original source of this vector does not have a space, we added it by accident
|
| | |
|
| | |
|
| |
|
| |
This is sort of a pre-req for #3508 (but not really, because setuptools needs to be this version before setup.py even runs for that PR). Because we still support older setuptools versions in our pkg_resources code, this is mostly a gentle nudge to the ecosystem.
|
| |
|
|
|
|
| |
* Additional SCT bindings
* forgot to conditional these
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Fixed #3489 -- document that we don't have wheels for pypy
* homebrew is a word
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3492 -- use a better API
* More correct types
* Revert "More correct types"
This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f.
|
| |
|
|
|
|
| |
* Add ASN1_TIME related functions for the relevant PyOpenSSL patch.
* Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~.
|
| |
|
|
|
|
|
|
| |
* minor int_to_bytes performance increase
* why is Python 2.6 supported anyway...
* keep py2k version
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Update symmetric-encryption.rst
Import default_backend so the example works out-of-the-box.
* Update symmetric-encryption.rst
* newline nit
|
| |
|
|
|
|
| |
* Two additional bindings for CT
* Grumble
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First pass at adding bindings for CT functions. No conditionals yet.
* add a stack typedef as well
* Don't try to include this header if we're on an older OpenSSL
* wire up the conditional stuff
* bunch o' nonsense to get it to compile on old openssl
* I hate libressl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Stub API for SCTs, feedback wanted
* grr, flake8
* port this to being an ABC
* finish up the __init__
* Two necessary enums
* Roll this back
* Wrote some docs
* spell words correctly
* linky
* more details
* use the words UTC
* coverage
* Define MMD for the kids at some
* linky linky
|
| |
|
|
|
|
| |
* Remove API deprecated in 1.6, clean up the legacy deprecations
* flake8, unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add captions to the split toctrees
this will render the table of contents with separators in the RTD
theme. right now, the table of contents is quite confusing on
the [RTD site][] - that is because there are 3 distinct `toctree`
directives, but no `:caption:` field. instead, there are headers in
the `index.rst` but those are not parsed by RTD.
[RTD site]: https://cryptography.io/en/latest/
by moving those headers in the `:caption:` field, we keep the heading,
but it will also be shown in the left table of contents on the RTD
site.
for an example of that pattern, see the [scrapy documentation][]. they
go even further by hiding the `toctree` elements completely and adding
explanations on every section, but this is out of scope here for now.
[scrapy documentation]: https://doc.scrapy.org/en/latest/index.html
* remove spurious backtics in caption
they do not work in that field, apparently.
|
| |
|
|
|
|
| |
* Refs #3461 -- added the OID for the SCT x.509 extension
* Version added
|
