| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
* HTTPS a bunch of links in random places
* What the heck happened here?
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed build errors on HP-UX.
* PEP 8 style fix.
* No return for void function.
* PEP 8 style fix, take 2.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
|
| |
|
|
|
|
| |
* enable wconversion and finish fixes
* don't pass -Wconversion if it's win32
|
| |
|
|
|
| |
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS will now suppress link flags regardless
of platform. Additionally, CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL is
now the flag you need if you want to link against < 1.1.0 on windows.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First pass at adding bindings for CT functions. No conditionals yet.
* add a stack typedef as well
* Don't try to include this header if we're on an older OpenSSL
* wire up the conditional stuff
* bunch o' nonsense to get it to compile on old openssl
* I hate libressl
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* support defining which windows libraries to link with an env var
CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend
* add some docs
* change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110
* lib prefixing is not a thing msvc does, right
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
|
|
|
| |
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' NULL>
>>> lib.OPENSSL_config(ffi.NULL)
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' 0x10adc7440>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| | |
|
| | |
|
| |
|
|
|
|
| |
OPENSSL_config is deprecated in 1.1.0 and OPENSSL_no_config is a macro
provided solely for compatibility. We don't use either of these and the
only thing we actually need is an opaque typedef for CONF.
|
| |
|
|
| |
We dont' officially support compiling against platform OpenSSL on OS X
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cffi 1.4.0 will introduce a new API to create static callbacks. Contrary
to the old callback API, static callbacks no longer depend on libffi's
dynamic code generation for closures. Static code has some benefits over
dynamic generation. For example the code is faster. Also it doesn't need
writeable and executable memory mappings, which makes it compatible with
SELinux's deny execmem policy.
The branch depends on PR #2488.
https://bitbucket.org/cffi/cffi/issues/232/static-callbacks
Closes: #2477
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
