aboutsummaryrefslogtreecommitdiffstats
path: root/src/_cffi_src/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* Cleanup unused err bindings. (#4246)David Benjamin2018-05-151-106/+0
| | | | | | | | | | | | | | | | | | | | | | | This removes: - ERR_get_state which really shouldn't be public API. - A bunch of functions that are really mostly useful within the library to add new errors. NB: I say mostly because they are also useful when trying to register a new error library, as osrandom does, but osrandom is written in C. Python code is more likely to be consuming errors. - All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still reference it. Per PR #3609, function codes are kind of unstable. This finishes that up and cleans up the bindings. - The "line" versions of querying the error queue, just because no one seems to be using them and there's a lot. - Error-printing functions, which make less sense in Python since you'd probably wrap in an exception. Error codes probably could also do with cleaning, but I've left them alone for now.
* Remove ECDSA_sign_setup and *sign_ex bindings. (#4245)David Benjamin2018-05-151-5/+0
| | | | | | | | | | | They are unused. These functions have two purposes. They can be used to pass your own value of k, or to amoritize the cost of generating k. Messing up k is catastrophic to ECDSA, so best not to expose that one. ECDSA signing is also quite fast, so there isn't much point in the latter. (The API comes from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening features that have to get skipped when doing this.
* Remove some unused RSA bindings. (#4243)David Benjamin2018-05-141-11/+0
| | | | | | RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and RSA_X931_PADDING are obsolete. The low-level padding functions appear unused and the EVP_PKEY stuff is probably a bit nicer than expecting callers to RSA_NO_PADDING and do the padding by hand.
* Remove some unused RAND bindings. (#4239)David Benjamin2018-05-141-4/+0
| | | These are unused. (And not especially useful.)
* Clean up unused EC bindings. (#4225)David Benjamin2018-05-141-79/+0
| | | | | | | | | | | | | | | | | | | | | | | * Clean up unused EC bindings. A lot of these are really OpenSSL internals, like the EC_METHOD business, support for custom curves which are a bad idea, and weird non-standard serializations like taking the usual point serialization and treating it as a single BIGNUM. I also didn't remove things when they're arguably part of a set. E.g. EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at the same abstraction level (basic point operations), so it's strange to have one without the other. I also kept EC_POINT_is_on_curve because, although it is not used, OpenSSL prior to 1.1.0 doesn't perform this important check in EC_POINT_set_affine_coordinates_GFp (though it does in some of the functions which ultimately call it, like EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually uses), so one should not expose the latter without the former. * Fix build issue.
* Remove unused BIO bindings. (#4220)David Benjamin2018-05-141-107/+3
| | | | | | | | | | | | | * Remove unused BIO bindings. This also folds in the const bits from 1.1.0, on the assumption that, now that the function pointer check is gone, it will just cause cffi to generate more conservative pointer types that work for 1.0.2 as well. * Restore some functions used externally. Datagram BIO_CTRL_* constants are intentionally omitted per discussion on the PR.
* Fix some callback type signatures. (#4227)David Benjamin2018-05-121-3/+3
| | | | | | | | | | | | | | | | * Fix some callback type signatures. SSL_CTX_set_psk_server_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734 SSL_CTX_set_tlsext_servername_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499 * Missed a spot
* Remove unused BN bindings. (#4219)David Benjamin2018-05-091-28/+2
| | | | | | | | | | * Remove unused BN bindings. These appear to be unused in both cryptography.io and PyOpenSSL. * Restore symbols used by pyUmbral. Along the way, fix some mistranscribed consts.
* Expose OpenSSL constant time bignum arithmetic (#4200)Tux2018-04-241-0/+14
| | | | | | | | | | | | | | | | | | | * Expose BIGNUM constant time operations This commit exposes the following functions: BN_set_flags BN_get_flags BN_MONT_CTX_new BN_MONT_CTX_set BN_MONT_CTX_free BN_mod_exp_mont BN_mod_exp_mont_consttime This commit also exposes the BN_FLG_CONSTTIME flag. * Add myself to AUTHORS
* Add Session functions, necessary to implement new features in Python 3.6. ↵Amaury Forgeot d'Arc2018-04-241-0/+14
| | | | (#4205)
* add custom extensions functions for openssl >=1.0.2 (#4202)Denis Lila2018-04-211-0/+68
| | | | | | * add custom extensions functions for openssl >=1.0.2 * Fix style problems
* OpenSSL 1.0.2o has switched to winsock2 (#4184)Thierry Bastian2018-04-052-0/+6
| | | So here we need to make sure we don't simply include windows but only the parts that we want
* add X509_NAME_print_ex (#4174)Joshua Crowgey2018-04-041-0/+1
| | | | | | | | * add X509_NAME_print_ex * Addressing code review + removed comment from bindings regarding deprecation of _print_oneline
* add X509_CRL_dup function (#4127)Dominic Chen2018-03-051-0/+1
|
* remove cms bindings we don't use (#4131)Paul Kehrer2018-03-051-113/+0
|
* Remove unused bindings from asn1.py (#4082)David Benjamin2018-03-052-66/+1
| | | | | | | | | | | * Remove unused bindings from asn1.py This also includes a couple removals from x509v3.py which also reference ASN1_ITEM_EXP. * re-add int ASN1_STRING_set_default_mask_asc(char *); * also re-add static const int MBSTRING_UTF8
* Expose BN_rand and BN_rand_range (#4118)Tux2018-02-231-0/+3
|
* Add binding for SSL_get_certificate (#4100)Jeremy Lainé2018-02-061-0/+1
| | | | | | | | | | | | | | Currently we only expose SSL_get_peer_certificate, which allows you to retrieve the remote party's certificate. This adds the symetrical binding to retrieve the local party's certificate. The motivation for this additional binding is to make it possible to query the local certificate regardless of the method which was used to load the certificate into the SSL connection (from a file, from an in-memory object). An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP. This binding can be exposed in pyopenssl as Connection.get_certificate().
* Add bindings for SRTP support (#4099)Jeremy Lainé2018-02-061-0/+3
|
* Add bindings for DTLS support (#4089)gesslerpd2018-01-232-0/+28
| | | | | | | | | | | | | | | | * + more DTLS bindings * + BIO_CTRL_DGRAM* * + read ahead functions * rm BIO_CTRL_DGRAM_SET_PEEK_MODE * rm BIO_CTRL_DGRAM_SET_DONT_FRAG * + link mtu conditional logic * rm some BIO_CTRL_DGRAM* bindings
* Add bindings for PSK (#4084)gesslerpd2018-01-181-1/+44
| | | | | | | | | | * + PSK function bindings * + PSK conditional * trigger CI * trigger CI
* Add bindings for SSL_OP_NO_DTLS* (#4079)gesslerpd2018-01-161-0/+4
| | | | | | | | * + bindings for SSL_OP_NO_DTLS* * + conditional for not HAS_GENERIC_DTLS_METHOD * flag SSL_OP_NO_DTLS* for unsupported deletion
* Use the real X509_REVOKED_dup when available. (#4080)David Benjamin2018-01-121-0/+4
| | | This avoids reaching into the ASN1_ITEM mess if not necessary.
* Expose `BN_clear_free` in the OpenSSL backend (#4071)Tux2018-01-051-0/+1
| | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn
* just a quick confirmation that it really is an x25519 evp key (#4070)Paul Kehrer2018-01-051-0/+9
| | | | | | * just a quick confirmation that it really is an x25519 evp key * openssl assert. take that python -O
* Fixed #4006 -- bind functions for dealing with sigalgs (#4063)Alex Gaynor2017-12-261-0/+15
| | | | | | * Fixed #4006 -- bind functions for dealing with sigalgs * oops
* Fixed #4058 -- use the thread-safe API from OpenSSL, not the danger one (#4059)Alex Gaynor2017-12-181-1/+0
|
* add X509_up_ref (#4028)Paul Kehrer2017-11-281-0/+5
|
* Expose FIPS funcs for OpenSSL. (#3939)Scott Sturdivant2017-09-271-0/+28
| | | | | | | | | | | | | * Expose FIPS funcs for OpenSSL. * Remove FIPS customization / conditionals. It seems that the FIPS functions are always defined, regardless of if the FIPS module is present. * Do not include FIPS_selftest_check func. * Libressl does not have FIPS.
* add set0_rsa_oaep_label binding (#3894)Paul Kehrer2017-09-071-0/+10
|
* add OCSP binding for obtaining information from CertID structure (#3888)Paul Kehrer2017-09-061-0/+2
| | | | | | * add OCSP binding for obtaining information from CertID structure * empty commit
* added binding support for rfc 5705 (#3878)Kelby Ludwig2017-08-291-0/+2
| | | | | | | | | | | | | | * added binding support for rfc 5705 * WIP: testing some cffi updates * added openssl version check * updated cffi defs to align with pep8 * removed superfluous version checks * remove more unecessary boilerplate
* Remove branches for 1.0.2 betas. (#3870)Alex Gaynor2017-08-203-8/+6
| | | There's no sense in which we actually support them
* Fix weak linking of getentropy when compiling on older macOS (#3841)Paul Kehrer2017-08-031-0/+3
| | | | | | | | | | | | | * Fix weak linking of getentropy when compiling on older macOS We use weak linking in macOS to determine if the getentropy symbol is available. However, to do that we need to have a declaration that states the function is __attribute((weak_import)) at compile time. On macOS 10.12 this is provided in sys/random.h, but on older macOS the declaration doesn't exist at all, so we need to forward declare it ourselves. * update a comment and a style nit
* fix compilation on openbsd (#3814)Paul Kehrer2017-07-261-0/+2
| | | | the getentropy fallback is only possible on macOS, wrap it in a define to remove it entirely on the BSDs.
* allow p % 24 == 23 when generator == 2 in DH_check (#3768)Paul Kehrer2017-07-091-0/+2
| | | | | | | | | | * allow p % 24 == 23 when generator == 2 in DH_check * short url * update and expand comments * even better language!
* remove egd (#3771)Paul Kehrer2017-07-081-11/+0
| | | | | | | | | | | * remove egd * oops * keep Cryptography_HAS_EGD for compat just in case This shouldn't really be necessary but maybe we can fully remove it in 2018 or 2019...
* remove cryptodev (#3770)Paul Kehrer2017-07-081-10/+0
| | | | | | * remove cryptodev * oops
* Remove conditionals we never use. (#3766)Alex Gaynor2017-07-081-6/+0
| | | | | | | | * Remove conditionals we never use. Refs #3763 * put this back
* Funcs macros gone (#3695)Paul Kehrer2017-06-2735-104/+0
| | | | | | | | * No more FUNCS/MACROS distinction * change the docs to not talk about MACROS since they're gone * remove out of date comment
* enable wconversion and finish fixes (#3728)Paul Kehrer2017-06-263-5/+5
| | | | | | * enable wconversion and finish fixes * don't pass -Wconversion if it's win32
* bind DTLS 1.2 methods (#3725)Paul Kehrer2017-06-261-0/+15
| | | | | | * bind DTLS 1.2 methods * remove version specific dtls bindings, rename sentinel value
* some wconversion fixes (#3727)Paul Kehrer2017-06-263-7/+8
|
* pypy3 compilation fix for locking callback (#3716)Paul Kehrer2017-06-241-20/+60
| | | | | | | | | | | | | | | | | | * pypy3 fix on macos using work from the pypy project https://bitbucket.org/pypy/pypy/commits/198dc138680f96c391802fa1e77b8b6d2e0134e6?at=py3.5 * change abort error msg and fix wrong type * oh windows * remove an unused variable * rename mutex1_t, use calloc, small style fixes * calloc correctly * (call)
* bind even more evp (#3684)Paul Kehrer2017-06-061-3/+8
| | | | | | * bind even more evp * oops
* bind EVP_PKEY_get1_tls_encodedpoint because X25519 (#3682)Paul Kehrer2017-06-051-0/+11
|
* add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519 (#3681)Paul Kehrer2017-06-051-0/+6
| | | | | | * add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519 * add a few more bindings we'll need for X25519
* bind EVP_CTRL_AEAD even when on < 1.1.0 (#3679)Paul Kehrer2017-06-041-3/+14
|
* runtime detection of getentropy for macOS via weak-linking (#3650)Paul Kehrer2017-05-302-22/+55
| | | | | | | | | | | | | | | | | | | | | | | | | * runtime detection of getentropy for macOS via weak-linking In the before time, in the long long ago, there was a desire to use getentropy on macOS. So some code was written and it detected getentropy support by seeing if SYS_getentropy was available in the headers. But lo, it turns out Apple ships headers for different SDK versions and users on < 10.12 were getting headers that had SYS_getentropy even though their OS did not support it. There was much wailing and gnashing of teeth, but the frustrated developers remembered that Apple wants their developers to use weak linking. With weak linking the mighty developer can specify a minimum version and any symbol that was added after that version will be weakly linked. Then, at runtime, the dynamic linker will make unavailable symbols thus marked into NULLs. So, the developer need only alter their code to do runtime detection of weakly linked symbols and then a single binary may be compiled that will correctly select getentropy or /dev/urandom at runtime. Hallelujah! * oops * separate the enum * okay just apple
* move files to make the next PR easier to read (#3651)Paul Kehrer2017-05-301-43/+43
|