aboutsummaryrefslogtreecommitdiffstats
path: root/src/_cffi_src/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Add definitions that help with hostname checking (#4492)Kai Engert2018-10-102-0/+41
| | | | | | | | | | | | | | * Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS * remove unnecessary parameter name * Add version conditionals and more flags * extend cryptography_has_102_verification_params * X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+ * add missing declaration
* additional OCSP bindings for the response builder (#4480)Paul Kehrer2018-10-061-3/+5
| | | | | | * additional OCSP bindings for the response builder * use the OCSP extension funcs that match the rest of x509
* add ed25519 bindings (#4476)Paul Kehrer2018-09-263-0/+33
| | | | | | * add ed25519 bindings * var name
* Remove conditionals for OpenSSL 1.1.1 pre-releases (#4467)Alex Gaynor2018-09-152-8/+3
|
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-091-0/+2
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* Add flags to error on compile with incompatible pointer type (#4455)Paul Kehrer2018-09-054-21/+26
| | | | | | | | | | | | | | | | * try something a bit different. * newer compiler plz * permute * fix some warnings * fix getters on OpenSSL < 1.1.0 * this is getting involved * given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
* OCSP bindings (#4449)Paul Kehrer2018-09-012-0/+97
| | | | | | | | | | | | | | | * add many OCSP bindings Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters for older OpenSSL. However, 1.1.0 itself made it impossible to access certain fields in the opaque struct, so we're forced to de-opaque them for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There is a patch (openssl/openssl#7082) that fixes this and should be in 1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue) * backslashes are sometimes useful * comments
* Simplify OCSP no check serialization (#4444)Alex Gaynor2018-08-311-0/+3
|
* Fixed two memory leaks in x509 csr extensions (#4434)Alex Gaynor2018-08-311-0/+3
| | | | | | | | | | | | * Fixed a memory leak in x.509 OCSP no check * Fix the _actual_ leak * Speed up symbolizations * Disable backtrace by default, because it doesn't work on Windows * line length
* make an ocsp request (#4402)Paul Kehrer2018-08-301-0/+2
| | | | | | | | | | | | | | | | * make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
* 1.1.0 locks (#4420)Paul Kehrer2018-08-291-1/+4
| | | | | | | | | | | | * Do conditional compiling of Cryptography_setup_ssl_threads * Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks Check if compiling and initing locking callbacks is necessary PEP8 fix * Make test_crypto_lock_init more complete
* add bindings for SCT creation (#4407)Paul Kehrer2018-08-201-0/+15
|
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() in ↵Amaury Forgeot d'Arc2018-07-231-0/+19
| | | | | | | | | | | | | | | | PyPy (#4364) * Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1. * Add placeholders for other versions * Remove parameter names * LibreSSL 2.7 has the new functions * Add entries in _conditional.py * SSL_CIPHER_get_id returns int, not char*
* add crl.get_revoked_certificate method (#4331)Paul Kehrer2018-07-161-0/+2
| | | | | | | | * add crl.get_revoked_certificate method * lexicographic is the best ographic * rename
* Make our locking setup function compy with our style guide (#4316)Alex Gaynor2018-07-061-2/+2
| | | And not expose an unprefixed name to anyone who dlopens us.
* set an OPENSSL_API_COMPAT level (#4313)Paul Kehrer2018-07-061-0/+5
| | | | | | | | | * set an OPENSSL_API_COMPAT level this helps prevent adding deprecated functions and will let us see what we need to/can prune in the distant future when we support only 1.1.0+ * raise the api compat to 1.0.1 (which doesn't matter but is less confusing)
* Revert the const bits of #4220. (#4276)David Benjamin2018-06-291-1/+1
| | | | | | | | | | | | | | | | In #4220, I switched BIO_new to take a const pointer (true in 1.1.0, but not 1.0.2) on grounds that: This also folds in the const bits from 1.1.0, on the assumption that, now that the function pointer check is gone, it will just cause cffi to generate more conservative pointer types that work for 1.0.2 as well. But I got this backwards. If the bindings say BIO_METHOD*, cffi will pass a BIO_METHOD* to BIO_new, which works in both OpenSSL versions. If it says const BIO_METHOD*, cffi will pass const BIO_METHD* to BIO_new, which does not work in 1.0.2. (Although cryptography.io's build ignores all these warnings anyway, so it's kind of moot.)
* Exposed OpenSSL prime methods (#4292)Quinten Stokkink2018-06-221-0/+6
| | | These are required by the Tribler project.
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests (#4293)Alex Gaynor2018-06-201-1/+8
| | | | | | | | | | * Perform an OPENSSL_cleanup before checking the heap in our memleak tests * Make this binding conditional * typo * need to put this call before we reset the function ptrs
* LibreSSL 2.7.x support (#4270)Paul Kehrer2018-05-308-17/+25
| | | | | | | | * libre 2.7.3 compatibility * add a changelog * actually build against 2.7.3
* Removes branches in bindings for various OpenSSL 1.1.0 prereleases (#4269)Alex Gaynor2018-05-316-18/+8
| | | | | | | | | | | | | | | | * Remove defines for openssl 1.1.0 pre * Update bio.py * Update dh.py * Update dsa.py * Update rsa.py * Update x509_vfy.py * Compress branches
* Fixed build errors on HP-UX. (#4259)dumol2018-05-221-1/+1
| | | | | | | | | | * Fixed build errors on HP-UX. * PEP 8 style fix. * No return for void function. * PEP 8 style fix, take 2.
* Cleanup unused err bindings. (#4246)David Benjamin2018-05-151-106/+0
| | | | | | | | | | | | | | | | | | | | | | | This removes: - ERR_get_state which really shouldn't be public API. - A bunch of functions that are really mostly useful within the library to add new errors. NB: I say mostly because they are also useful when trying to register a new error library, as osrandom does, but osrandom is written in C. Python code is more likely to be consuming errors. - All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still reference it. Per PR #3609, function codes are kind of unstable. This finishes that up and cleans up the bindings. - The "line" versions of querying the error queue, just because no one seems to be using them and there's a lot. - Error-printing functions, which make less sense in Python since you'd probably wrap in an exception. Error codes probably could also do with cleaning, but I've left them alone for now.
* Remove ECDSA_sign_setup and *sign_ex bindings. (#4245)David Benjamin2018-05-151-5/+0
| | | | | | | | | | | They are unused. These functions have two purposes. They can be used to pass your own value of k, or to amoritize the cost of generating k. Messing up k is catastrophic to ECDSA, so best not to expose that one. ECDSA signing is also quite fast, so there isn't much point in the latter. (The API comes from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening features that have to get skipped when doing this.
* Remove some unused RSA bindings. (#4243)David Benjamin2018-05-141-11/+0
| | | | | | RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and RSA_X931_PADDING are obsolete. The low-level padding functions appear unused and the EVP_PKEY stuff is probably a bit nicer than expecting callers to RSA_NO_PADDING and do the padding by hand.
* Remove some unused RAND bindings. (#4239)David Benjamin2018-05-141-4/+0
| | | These are unused. (And not especially useful.)
* Clean up unused EC bindings. (#4225)David Benjamin2018-05-141-79/+0
| | | | | | | | | | | | | | | | | | | | | | | * Clean up unused EC bindings. A lot of these are really OpenSSL internals, like the EC_METHOD business, support for custom curves which are a bad idea, and weird non-standard serializations like taking the usual point serialization and treating it as a single BIGNUM. I also didn't remove things when they're arguably part of a set. E.g. EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at the same abstraction level (basic point operations), so it's strange to have one without the other. I also kept EC_POINT_is_on_curve because, although it is not used, OpenSSL prior to 1.1.0 doesn't perform this important check in EC_POINT_set_affine_coordinates_GFp (though it does in some of the functions which ultimately call it, like EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually uses), so one should not expose the latter without the former. * Fix build issue.
* Remove unused BIO bindings. (#4220)David Benjamin2018-05-141-107/+3
| | | | | | | | | | | | | * Remove unused BIO bindings. This also folds in the const bits from 1.1.0, on the assumption that, now that the function pointer check is gone, it will just cause cffi to generate more conservative pointer types that work for 1.0.2 as well. * Restore some functions used externally. Datagram BIO_CTRL_* constants are intentionally omitted per discussion on the PR.
* Fix some callback type signatures. (#4227)David Benjamin2018-05-121-3/+3
| | | | | | | | | | | | | | | | * Fix some callback type signatures. SSL_CTX_set_psk_server_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734 SSL_CTX_set_tlsext_servername_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499 * Missed a spot
* Remove unused BN bindings. (#4219)David Benjamin2018-05-091-28/+2
| | | | | | | | | | * Remove unused BN bindings. These appear to be unused in both cryptography.io and PyOpenSSL. * Restore symbols used by pyUmbral. Along the way, fix some mistranscribed consts.
* Expose OpenSSL constant time bignum arithmetic (#4200)Tux2018-04-241-0/+14
| | | | | | | | | | | | | | | | | | | * Expose BIGNUM constant time operations This commit exposes the following functions: BN_set_flags BN_get_flags BN_MONT_CTX_new BN_MONT_CTX_set BN_MONT_CTX_free BN_mod_exp_mont BN_mod_exp_mont_consttime This commit also exposes the BN_FLG_CONSTTIME flag. * Add myself to AUTHORS
* Add Session functions, necessary to implement new features in Python 3.6. ↵Amaury Forgeot d'Arc2018-04-241-0/+14
| | | | (#4205)
* add custom extensions functions for openssl >=1.0.2 (#4202)Denis Lila2018-04-211-0/+68
| | | | | | * add custom extensions functions for openssl >=1.0.2 * Fix style problems
* OpenSSL 1.0.2o has switched to winsock2 (#4184)Thierry Bastian2018-04-052-0/+6
| | | So here we need to make sure we don't simply include windows but only the parts that we want
* add X509_NAME_print_ex (#4174)Joshua Crowgey2018-04-041-0/+1
| | | | | | | | * add X509_NAME_print_ex * Addressing code review + removed comment from bindings regarding deprecation of _print_oneline
* add X509_CRL_dup function (#4127)Dominic Chen2018-03-051-0/+1
|
* remove cms bindings we don't use (#4131)Paul Kehrer2018-03-051-113/+0
|
* Remove unused bindings from asn1.py (#4082)David Benjamin2018-03-052-66/+1
| | | | | | | | | | | * Remove unused bindings from asn1.py This also includes a couple removals from x509v3.py which also reference ASN1_ITEM_EXP. * re-add int ASN1_STRING_set_default_mask_asc(char *); * also re-add static const int MBSTRING_UTF8
* Expose BN_rand and BN_rand_range (#4118)Tux2018-02-231-0/+3
|
* Add binding for SSL_get_certificate (#4100)Jeremy Lainé2018-02-061-0/+1
| | | | | | | | | | | | | | Currently we only expose SSL_get_peer_certificate, which allows you to retrieve the remote party's certificate. This adds the symetrical binding to retrieve the local party's certificate. The motivation for this additional binding is to make it possible to query the local certificate regardless of the method which was used to load the certificate into the SSL connection (from a file, from an in-memory object). An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP. This binding can be exposed in pyopenssl as Connection.get_certificate().
* Add bindings for SRTP support (#4099)Jeremy Lainé2018-02-061-0/+3
|
* Add bindings for DTLS support (#4089)gesslerpd2018-01-232-0/+28
| | | | | | | | | | | | | | | | * + more DTLS bindings * + BIO_CTRL_DGRAM* * + read ahead functions * rm BIO_CTRL_DGRAM_SET_PEEK_MODE * rm BIO_CTRL_DGRAM_SET_DONT_FRAG * + link mtu conditional logic * rm some BIO_CTRL_DGRAM* bindings
* Add bindings for PSK (#4084)gesslerpd2018-01-181-1/+44
| | | | | | | | | | * + PSK function bindings * + PSK conditional * trigger CI * trigger CI
* Add bindings for SSL_OP_NO_DTLS* (#4079)gesslerpd2018-01-161-0/+4
| | | | | | | | * + bindings for SSL_OP_NO_DTLS* * + conditional for not HAS_GENERIC_DTLS_METHOD * flag SSL_OP_NO_DTLS* for unsupported deletion
* Use the real X509_REVOKED_dup when available. (#4080)David Benjamin2018-01-121-0/+4
| | | This avoids reaching into the ASN1_ITEM mess if not necessary.
* Expose `BN_clear_free` in the OpenSSL backend (#4071)Tux2018-01-051-0/+1
| | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn
* just a quick confirmation that it really is an x25519 evp key (#4070)Paul Kehrer2018-01-051-0/+9
| | | | | | * just a quick confirmation that it really is an x25519 evp key * openssl assert. take that python -O
* Fixed #4006 -- bind functions for dealing with sigalgs (#4063)Alex Gaynor2017-12-261-0/+15
| | | | | | * Fixed #4006 -- bind functions for dealing with sigalgs * oops
* Fixed #4058 -- use the thread-safe API from OpenSSL, not the danger one (#4059)Alex Gaynor2017-12-181-1/+0
|
* add X509_up_ref (#4028)Paul Kehrer2017-11-281-0/+5
|