aboutsummaryrefslogtreecommitdiffstats
path: root/src/_cffi_src
Commit message (Collapse)AuthorAgeFilesLines
...
* Two additional bindings for CT (#3478)Alex Gaynor2017-03-231-0/+7
| | | | | | * Two additional bindings for CT * Grumble
* First pass at adding SCT bindings (#3471)Alex Gaynor2017-03-222-0/+69
| | | | | | | | | | | | | | * First pass at adding bindings for CT functions. No conditionals yet. * add a stack typedef as well * Don't try to include this header if we're on an older OpenSSL * wire up the conditional stuff * bunch o' nonsense to get it to compile on old openssl * I hate libressl
* Remove workaround for weird NetBSD bug (#3458)Alex Gaynor2017-03-171-21/+0
|
* Ec is a thing (#3453)Alex Gaynor2017-03-158-240/+3
| | | | | | | | | | | | | | | | * We always have EC * We always have ECDH * We always have ECDSA * We always have EC codes * This can go as well * And this * unused import
* Be on brand: it's macOS (#3456)Alex Gaynor2017-03-151-1/+1
| | | | | | * Be on brand: it's macOS * line wrap
* add X509_STORE_CTX_get0_cert binding (#3455)Paul Kehrer2017-03-141-0/+9
|
* More ifdef death (#3450)Alex Gaynor2017-03-142-34/+0
| | | | | | | | | | * CMAC is always supported * TLSv1.2 is always supported * Releasing buffers is always supported * Nonsense IE SSLv2 nonsens is always supported
* Memleak tests (#3140)Alex Gaynor2017-03-141-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bind a pair of mem functions. * make these conditional * do the conditional correctly * move to the right section * I'm not saying libressl should be illegal, but it is annoying * sigh, typo * first cut at memleak tests. doesn't work * hack around the previous error, onto the next one * drop the pointless restoration of the original functions * Don't try to use the previous malloc functions. The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever. * flake8 * Get the code basically working * flake8 * say the correct incantation * Don't try to run on old OpenSSL * Flushing this is a good idea * Fixed a py2.7+ism * GRRRRR * WOrkaround for hilarity * Revert "WOrkaround for hilarity" This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439. * Swap out these functions for the originals * py3k fix * flake8 * nonsense for windows * py3k * seperate stdout and stderr because py26 has a warning on stderr * try writing this all out for windows * useful error messages * Debugging utility * Avoid this mess, don't dlopen anything * consistency * Throw away this FFI entirely * some useful comments
* Removed some unused ifdefs from openssl bindings (#3448)Alex Gaynor2017-03-142-26/+0
|
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp (#3431)Alex Gaynor2017-03-091-0/+6
| | | | | | | | | | * Refs #3430 -- fixed a memory leak in extension parsing for CRL dp * same fix for policy info * make this private * consistency cleanup
* Add ASN1_F_ASN1_CHECK_TLEN (#3414)Aviv Palivoda2017-02-211-0/+1
|
* use official API for unreachable C code (#3404)Alex Gaynor2017-02-181-3/+3
|
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-131-31/+35
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* Add EVP_PKEY_DHX (#3388)Aviv Palivoda2017-02-131-0/+9
| | | | | | * Add EVP_PKEY_DHX * Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
* support defining which windows libraries to link with an env var (#3356)Paul Kehrer2017-02-091-1/+10
| | | | | | | | | | | | * support defining which windows libraries to link with an env var CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend * add some docs * change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110 * lib prefixing is not a thing msvc does, right
* Backport DH_check from OpenSSL 1.1.0. (#3375)Mark Williams2017-02-031-1/+114
| | | | | | | | | | | | | | | | | | | * Backport DH_check from OpenSSL 1.1.0. OpenSSL 1.0.2's DH_check considers the q parameter, allowing it validate more generators and primes; however, OpenSSL 1.1.0's DH_check includes code to handle errors in BN functions, so it's preferred. * Wrap DH_Check when using OpenSSL 1.1.0 or higher. * Adding DH_CHECK_* values missing from older OpenSSLs * Defensively guard DH_CHECK_* definitions with ifndef. This will prevent duplicate definitions when LibreSSL supports a version of DH_check that can return these. * Document the OpenSSL of origin for the DH_check code
* make cryptography fallback to /dev/urandom on mac on macOS < 10.12 (#3354)Paul Kehrer2017-01-311-2/+6
|
* Use static callbacks with Python 3.x again (#3350)Christian Heimes2017-01-181-4/+1
| | | | | | | | | | | | | | | | * Use static callbacks with Python 3.x again Static callbacks were disabled for Python 3.5+ to work around an issue with subinterpreters, locking callbacks and osrandom engine. Locking callback and osrandom engine were replaced with a C implementations in version 1.6 and 1.7. https://github.com/pyca/cryptography/issues/2970 Closes: #3348 Signed-off-by: Christian Heimes <christian@python.org> * remove unused import
* DTLS bindings (#3309)Paul Kehrer2016-12-191-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add DTLSv1_2 methods * add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout() * fix: PEP8 failed fix the following error: ./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters) see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/ * Revert "add DTLSv1_2 methods" This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e. * replace 'long int' by 'long' To be more consistent with the naming convention cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970 * wrap with braces cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057 * conditionally bind all DTLS * rebase error * rename wrapped function
* Add d2i_DHparams_bio, i2d_DHparams_bio bindings (#3322)Aviv Palivoda2016-12-181-0/+2
|
* restore this constant, pyopenssl needs it (#3321)Alex Gaynor2016-12-141-0/+3
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-136-110/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* New osrandom_engine in C (#3229)Christian Heimes2016-12-094-0/+694
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* cffi bindings additions for pypy's _hashlib module (#3291)Richard Plangger2016-11-302-0/+10
| | | | | | | | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation) * ah, that comes from copying it from the man page * dont use #define ..., delcare it as static cont long <name>
* Bind TLSEXT_STATUSTYPE_ocsp (#3290)Cory Benfield2016-11-291-0/+1
|
* Add OPENSSL_malloc. (#3289)Cory Benfield2016-11-281-0/+1
|
* PyPy's ssl module, the last missing macro and three macro functions (#3270)Richard Plangger2016-11-212-1/+4
| | | | | | | | * missing macro and three macro functions * removed space before function name (style issue) * remove macro which always will not be set by cryptography
* bind a few things pypy ssl stdlib needs in x509v3 (#3255)Paul Kehrer2016-11-191-0/+7
|
* Add DHparams_dup to DH bindings (#3260)Aviv Palivoda2016-11-191-0/+1
|
* bind GENERAL_NAME_free and move GENERAL_NAME_new to macros... (#3257)Paul Kehrer2016-11-191-1/+2
| | | where it belongs!
* add error codes and ERR_get_state for pypy stdlib ssl (#3256)Paul Kehrer2016-11-191-2/+29
|
* add some x509_object handling for pypy stdlib (#3254)Paul Kehrer2016-11-192-0/+30
|
* add two error codes for pypy ssl stdlib (#3253)Paul Kehrer2016-11-191-0/+3
|
* add OPENSSL_NPN_NEGOTIATED (#3252)Paul Kehrer2016-11-191-0/+12
|
* add some NIDs (#3251)Paul Kehrer2016-11-181-0/+3
|
* add SSL_CTX_set_ecdh_auto where supported (#3250)Paul Kehrer2016-11-181-0/+9
| | | | In 1.1.0 this is a noop and occurs by default, and this wasn't supported < 1.0.2
* add some BIO functions for pypy's ssl stdlib (#3249)Paul Kehrer2016-11-182-0/+13
| | | refs #3248
* Raise padding block_size limit to what is allowed by the specs. (#3108)Terry Chia2016-11-151-14/+16
| | | | | | | | | | | | | | | | | | | | * Raize padding block_size limit to what is allowed by the specs. * Add tests for raising padding limits. * Amend C code for padding check to use uint16_t instead of uint8_t. * Fix test to work in Python 3. * Fix typo. * Fix another typo. * Fix return type of the padding checks. * Change hypothesis test on padding. * Update comment.
* C locking callback (#3226)Alex Gaynor2016-11-131-1/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove Python OpenSSL locking callback and replace it with one in C The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding. * fixes for some issues * unused * revert these changes * these two for good measure * missing param * sigh, syntax * delete tests that assumed an ability to mess with locks * style fixes * licensing stuff * utf8 * Unicode. Huh. What it isn't good for, absolutely nothing.
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-111-0/+10
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Export missing OpenSSL `X509_VERIFY_PARAM_free` (#3221)Thomas Sileo2016-11-061-0/+1
| | | | | | * Export missing OpenSSL `X509_VERIFY_PARAM_free` * Remove un-needed export in conditional names
* Fix compilation with MinGW (#3191)Saúl Ibarra Corretgé2016-10-101-2/+5
|
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set (#3162)Paul Kehrer2016-09-222-1/+8
| | | | | | | | | | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set * add a comment explaining why we changed this * 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i * needs to be visible
* Scrypt bindings (#3114)Terry Chia2016-08-271-0/+14
| | | | | | | | | | | | | | * Add Scrypt bindings. * Add check for OPENSSL_NO_SCRYPT. * Fix CUSTOMIZATIONS. * Account for LibreSSL. * Remove argument names. * Remove more argument names.
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-261-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* be a bit more robust about detecting locking callback declarations (#3107)Paul Kehrer2016-08-261-3/+11
|
* remove a few more unneeded and no longer extant functions for 1.1.0 (#3110)Paul Kehrer2016-08-262-3/+0
|
* opaque structs for 1.1.0 compatibility (#3109)Paul Kehrer2016-08-263-48/+9
| | | We're so close.
* remove two more constants that no longer exist and we don't use (#3101)Paul Kehrer2016-08-252-2/+0
|
* two more functions that became const, one removed that we don't use (#3102)Paul Kehrer2016-08-251-4/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 15:12:53 +0000