| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and
RSA_X931_PADDING are obsolete. The low-level padding functions appear
unused and the EVP_PKEY stuff is probably a bit nicer than expecting
callers to RSA_NO_PADDING and do the padding by hand.
|
| |
|
| |
These are unused. (And not especially useful.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up unused EC bindings.
A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.
I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.
I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.
* Fix build issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove unused BIO bindings.
This also folds in the const bits from 1.1.0, on the assumption that,
now that the function pointer check is gone, it will just cause cffi to
generate more conservative pointer types that work for 1.0.2 as well.
* Restore some functions used externally.
Datagram BIO_CTRL_* constants are intentionally omitted per discussion
on the PR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix some callback type signatures.
SSL_CTX_set_psk_server_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734
SSL_CTX_set_tlsext_servername_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499
* Missed a spot
|
| |
|
|
|
|
|
|
|
|
| |
* Remove unused BN bindings.
These appear to be unused in both cryptography.io and PyOpenSSL.
* Restore symbols used by pyUmbral.
Along the way, fix some mistranscribed consts.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose BIGNUM constant time operations
This commit exposes the following functions:
BN_set_flags
BN_get_flags
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_free
BN_mod_exp_mont
BN_mod_exp_mont_consttime
This commit also exposes the BN_FLG_CONSTTIME flag.
* Add myself to AUTHORS
|
| |
|
|
| |
(#4205)
|
| |
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
| |
|
| |
So here we need to make sure we don't simply include windows but only the parts that we want
|
| |
|
|
|
|
|
|
| |
* add X509_NAME_print_ex
* Addressing code review
+ removed comment from bindings regarding deprecation of _print_oneline
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove unused bindings from asn1.py
This also includes a couple removals from x509v3.py which also reference
ASN1_ITEM_EXP.
* re-add int ASN1_STRING_set_default_mask_asc(char *);
* also re-add static const int MBSTRING_UTF8
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we only expose SSL_get_peer_certificate, which allows you
to retrieve the remote party's certificate. This adds the symetrical
binding to retrieve the local party's certificate.
The motivation for this additional binding is to make it possible to
query the local certificate regardless of the method which was used to
load the certificate into the SSL connection (from a file, from an
in-memory object). An example where this is useful is when negotiating
a DTLS-SRTP connection, the fingerprint of the local certificate needs
to be communicated to the remote party out-of-band via SDP.
This binding can be exposed in pyopenssl as Connection.get_certificate().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
| |
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
| |
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
| |
|
| |
This avoids reaching into the ASN1_ITEM mess if not necessary.
|
| |
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
|
| |
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
| |
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
|
| | |
|
| |
|
|
|
|
| |
* add OCSP binding for obtaining information from CertID structure
* empty commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added binding support for rfc 5705
* WIP: testing some cffi updates
* added openssl version check
* updated cffi defs to align with pep8
* removed superfluous version checks
* remove more unecessary boilerplate
|
| |
|
| |
There's no sense in which we actually support them
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix weak linking of getentropy when compiling on older macOS
We use weak linking in macOS to determine if the getentropy symbol is
available. However, to do that we need to have a declaration that states
the function is __attribute((weak_import)) at compile time. On macOS
10.12 this is provided in sys/random.h, but on older macOS the
declaration doesn't exist at all, so we need to forward declare it
ourselves.
* update a comment and a style nit
|
| |
|
|
| |
the getentropy fallback is only possible on macOS, wrap it in a define
to remove it entirely on the BSDs.
|
| |
|
|
|
|
|
|
|
|
| |
* allow p % 24 == 23 when generator == 2 in DH_check
* short url
* update and expand comments
* even better language!
|
| |
|
|
|
|
|
|
|
|
|
| |
* remove egd
* oops
* keep Cryptography_HAS_EGD for compat just in case
This shouldn't really be necessary but maybe we can fully remove it in
2018 or 2019...
|
| |
|
|
|
|
| |
* remove cryptodev
* oops
|
| |
|
|
|
|
|
|
| |
* Remove conditionals we never use.
Refs #3763
* put this back
|
| |
|
|
|
|
|
|
| |
* No more FUNCS/MACROS distinction
* change the docs to not talk about MACROS since they're gone
* remove out of date comment
|
| |
|
|
|
|
| |
* enable wconversion and finish fixes
* don't pass -Wconversion if it's win32
|
| |
|
|
|
|
| |
* bind DTLS 1.2 methods
* remove version specific dtls bindings, rename sentinel value
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pypy3 fix on macos using work from the pypy project
https://bitbucket.org/pypy/pypy/commits/198dc138680f96c391802fa1e77b8b6d2e0134e6?at=py3.5
* change abort error msg and fix wrong type
* oh windows
* remove an unused variable
* rename mutex1_t, use calloc, small style fixes
* calloc correctly
* (call)
|
| |
|
|
|
|
| |
* bind even more evp
* oops
|
| | |
|
| |
|
|
|
|
| |
* add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519
* add a few more bindings we'll need for X25519
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* runtime detection of getentropy for macOS via weak-linking
In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!
* oops
* separate the enum
* okay just apple
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* jurisdictionCountryName also must be PrintableString
* flake8 + citation
* Write a test, which fails. If my analysis is correct, this is blocked on:
https://github.com/openssl/openssl/pull/3284
* This is only true on 1.1.0
* clearly express the version requirement
|
