aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove some unused RAND bindings. (#4239)David Benjamin2018-05-141-4/+0
| | | These are unused. (And not especially useful.)
* Clean up unused EC bindings. (#4225)David Benjamin2018-05-142-83/+0
| | | | | | | | | | | | | | | | | | | | | | | * Clean up unused EC bindings. A lot of these are really OpenSSL internals, like the EC_METHOD business, support for custom curves which are a bad idea, and weird non-standard serializations like taking the usual point serialization and treating it as a single BIGNUM. I also didn't remove things when they're arguably part of a set. E.g. EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at the same abstraction level (basic point operations), so it's strange to have one without the other. I also kept EC_POINT_is_on_curve because, although it is not used, OpenSSL prior to 1.1.0 doesn't perform this important check in EC_POINT_set_affine_coordinates_GFp (though it does in some of the functions which ultimately call it, like EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually uses), so one should not expose the latter without the former. * Fix build issue.
* Remove unused BIO bindings. (#4220)David Benjamin2018-05-141-107/+3
| | | | | | | | | | | | | * Remove unused BIO bindings. This also folds in the const bits from 1.1.0, on the assumption that, now that the function pointer check is gone, it will just cause cffi to generate more conservative pointer types that work for 1.0.2 as well. * Restore some functions used externally. Datagram BIO_CTRL_* constants are intentionally omitted per discussion on the PR.
* Check for CMAC_Init errors. (#4232)David Benjamin2018-05-121-1/+2
|
* Add support for extracting timestamp from a Fernet token (#4229)Paul Kehrer2018-05-121-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add API for retrieving the seconds-to-expiry for the token, given a TTL. * Process PR feedback: * Do compute the TTL, but just the age of the token. The caller can decided what to do next. * Factored out the HMAC signature verification to a separate function. * Fixed a copy&paste mistake in the test cases * Tests cleanup. * `struct` no longer needed * Document `def age()` * typo in `age()` documentation * token, not data * remove test for TTL expiry that is already covered by the parameterized `test_invalid()`. * let's call this extract_timestamp and just return timestamp * review comments * it's UNIX I know this
* Fix some callback type signatures. (#4227)David Benjamin2018-05-121-3/+3
| | | | | | | | | | | | | | | | * Fix some callback type signatures. SSL_CTX_set_psk_server_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734 SSL_CTX_set_tlsext_servername_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499 * Missed a spot
* fixed variable name to be correct (#4226)Alex Gaynor2018-05-111-3/+3
|
* Remove unused BN bindings. (#4219)David Benjamin2018-05-091-28/+2
| | | | | | | | | | * Remove unused BN bindings. These appear to be unused in both cryptography.io and PyOpenSSL. * Restore symbols used by pyUmbral. Along the way, fix some mistranscribed consts.
* adding name so that 1.3.6.1.4.1.11129.2.4.2 is no longer and 'Unknown OID' ↵Joshua Crowgey2018-05-071-0/+3
| | | | (#4218)
* update link to draft rfc (#4214)Alex Gaynor2018-05-021-1/+1
|
* Expose OpenSSL constant time bignum arithmetic (#4200)Tux2018-04-241-0/+14
| | | | | | | | | | | | | | | | | | | * Expose BIGNUM constant time operations This commit exposes the following functions: BN_set_flags BN_get_flags BN_MONT_CTX_new BN_MONT_CTX_set BN_MONT_CTX_free BN_mod_exp_mont BN_mod_exp_mont_consttime This commit also exposes the BN_FLG_CONSTTIME flag. * Add myself to AUTHORS
* Add Session functions, necessary to implement new features in Python 3.6. ↵Amaury Forgeot d'Arc2018-04-241-0/+14
| | | | (#4205)
* add custom extensions functions for openssl >=1.0.2 (#4202)Denis Lila2018-04-212-0/+77
| | | | | | * add custom extensions functions for openssl >=1.0.2 * Fix style problems
* OpenSSL 1.0.2o has switched to winsock2 (#4184)Thierry Bastian2018-04-052-0/+6
| | | So here we need to make sure we don't simply include windows but only the parts that we want
* add X509_NAME_print_ex (#4174)Joshua Crowgey2018-04-041-0/+1
| | | | | | | | * add X509_NAME_print_ex * Addressing code review + removed comment from bindings regarding deprecation of _print_oneline
* Raise ve on bad gt (#4180)Joshua Crowgey2018-04-031-1/+7
| | | | | | | | | | | | | | | * Raise a ValueError when conversion to generalizedtime fails * added test for badasn1time value error * pep8 compliance * Addressing code review + VE now raises with ```{!r}``` formatting + Test now checks that the bad string made it into the VE message * using ValueError.match
* Fix typo (#4178)Tim D. Smith2018-03-291-1/+1
|
* fix bug with n % 8 length wrapping on AESKWP (#4160)Paul Kehrer2018-03-201-2/+7
| | | | | | * fix bug with n % 8 length wrapping on AESKWP * review feedback
* Revert "don't allow GeneralNames to be an empty list (#4128)" (#4161)Alex Gaynor2018-03-201-3/+0
| | | | | This breaks the urllib3 tests, as well as several in-the-wild certs This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
* open master for 2.3 (#4151)Paul Kehrer2018-03-181-1/+1
|
* 2.2 release! (#4150)Paul Kehrer2018-03-181-1/+1
| | | | | | * 2.2 release! * also change versions
* implement AES KW with padding (RFC 5649) (#3880)Paul Kehrer2018-03-181-0/+57
| | | | | | | | | | | | | | | | | | * implement AES KW with padding (RFC 5649) fixes #3791 * oops, 2.2 * make sure this is the right valueerror * more match * make key padding easier to read * review feedback * review feedback
* Allow DSA q=224 (#4147)Paul Kehrer2018-03-181-2/+2
| | | | | | | | * load Q=224 vectors * DSA parameters should support 224 for q length * oxford comma
* Brainpool curves (#4129)Paul Kehrer2018-03-151-0/+22
| | | | | | | | | | | | | | | | | | * added brainpool ec-curves key_length >= 256bit * limit brainpool curves to the set that appear required + docs * oops * typos all around me * add brainpool ECDH kex tests * switch to using rfc 7027 vectors * review feedback * empty commits are the best
* add X509_CRL_dup function (#4127)Dominic Chen2018-03-051-0/+1
|
* remove cms bindings we don't use (#4131)Paul Kehrer2018-03-053-149/+0
|
* Remove unused bindings from asn1.py (#4082)David Benjamin2018-03-052-66/+1
| | | | | | | | | | | * Remove unused bindings from asn1.py This also includes a couple removals from x509v3.py which also reference ASN1_ITEM_EXP. * re-add int ASN1_STRING_set_default_mask_asc(char *); * also re-add static const int MBSTRING_UTF8
* don't allow GeneralNames to be an empty list (#4128)Paul Kehrer2018-03-051-0/+3
| | | | | | * don't allow GeneralNames to be an empty list * flake8
* Expose BN_rand and BN_rand_range (#4118)Tux2018-02-231-0/+3
|
* Add binding for SSL_get_certificate (#4100)Jeremy Lainé2018-02-061-0/+1
| | | | | | | | | | | | | | Currently we only expose SSL_get_peer_certificate, which allows you to retrieve the remote party's certificate. This adds the symetrical binding to retrieve the local party's certificate. The motivation for this additional binding is to make it possible to query the local certificate regardless of the method which was used to load the certificate into the SSL connection (from a file, from an in-memory object). An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP. This binding can be exposed in pyopenssl as Connection.get_certificate().
* Add bindings for SRTP support (#4099)Jeremy Lainé2018-02-061-0/+3
|
* fix a memory leak in ec derive_private_key (#4096)Paul Kehrer2018-02-041-2/+3
| | | | | | | | * fix a memory leak in ec derive_private_key fixes #4095 * pep8!
* Add bindings for DTLS support (#4089)gesslerpd2018-01-233-0/+30
| | | | | | | | | | | | | | | | * + more DTLS bindings * + BIO_CTRL_DGRAM* * + read ahead functions * rm BIO_CTRL_DGRAM_SET_PEEK_MODE * rm BIO_CTRL_DGRAM_SET_DONT_FRAG * + link mtu conditional logic * rm some BIO_CTRL_DGRAM* bindings
* Add bindings for PSK (#4084)gesslerpd2018-01-182-1/+53
| | | | | | | | | | * + PSK function bindings * + PSK conditional * trigger CI * trigger CI
* Add bindings for SSL_OP_NO_DTLS* (#4079)gesslerpd2018-01-162-0/+6
| | | | | | | | * + bindings for SSL_OP_NO_DTLS* * + conditional for not HAS_GENERIC_DTLS_METHOD * flag SSL_OP_NO_DTLS* for unsupported deletion
* Use the real X509_REVOKED_dup when available. (#4080)David Benjamin2018-01-121-0/+4
| | | This avoids reaching into the ASN1_ITEM mess if not necessary.
* Fixes #4076 - simplify the implementation of int_from_bytes on python2 (#4077)Alex Gaynor2018-01-101-2/+1
| | | | | | | | * Fixes #4076 - simplify the implementation of int_from_bytes on python2 * whitespace * Added a test
* The HKDF limit is actually 255 * digest_length_in_bytes (#4037)Paul Kehrer2018-01-061-1/+1
| | | | | | | | | | | * The HKDF limit is actually 255 * digest_length_in_bytes Previously we had a bug where we divided digest_size by 8...but HashAlgorithm.digest_size is already in bytes. * test longer output * changelog
* Use `BN_clear_free` in places where `BN_free` is being used (#4072)Tux2018-01-051-2/+2
| | | | | | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn * Use BN_clear_free in lieu of BN_free * Use BN_free on public values
* Expose `BN_clear_free` in the OpenSSL backend (#4071)Tux2018-01-051-0/+1
| | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn
* just a quick confirmation that it really is an x25519 evp key (#4070)Paul Kehrer2018-01-053-0/+13
| | | | | | * just a quick confirmation that it really is an x25519 evp key * openssl assert. take that python -O
* Fixed #4006 -- bind functions for dealing with sigalgs (#4063)Alex Gaynor2017-12-262-0/+23
| | | | | | * Fixed #4006 -- bind functions for dealing with sigalgs * oops
* Fixed #4058 -- use the thread-safe API from OpenSSL, not the danger one (#4059)Alex Gaynor2017-12-182-4/+4
|
* Pass the right length of null bytes when no salt is provided to HKDF (#4036)Paul Kehrer2017-12-011-1/+1
| | | | | | This bug looks bad but ends up being benign because HMAC is specified to pad null bytes if a key is too short. So we passed too few bytes and then OpenSSL obligingly padded it out to the correct length. However, we should still do the right thing obviously.
* Fix ASN1 string type encoding for several Name OIDs (#4035)Paul Kehrer2017-11-301-7/+15
| | | | | | | | | | | | | | | | | | | * Fix ASN1 string type encoding for several Name OIDs When we changed over to the new type encoding system we didn't verify that the new code exactly matched the ASN1 string types that OpenSSL was previously choosing. This caused serialNumber, dnQualifier, emailAddress, and domainComponent to change from their proper encodings to UTF8String as of version 2.1. Now we check to see if there's a sentinel value (indicating no custom type has been passed) and then check if the OID has a different default than UTF8. If it does, we set it. This PR also adds tests for the ASN1 string type of ever supported NameOID. * review feedback
* add X509_up_ref (#4028)Paul Kehrer2017-11-281-0/+5
|
* fix typo in comment (#4019)Benjamin Peterson2017-11-131-1/+1
|
* nit: remove double space in deprecation warning (#4018)Alex Gaynor2017-11-111-2/+2
|
* Use a different warning class so users get warnings (#4014)Alex Gaynor2017-11-111-2/+8
| | | | | | | | | | | | * Use a different warning class so users get warnings * fixed tests * do our own warning class * typo * flake8
* Fix a few new flake8 issues (#4008)Alex Gaynor2017-11-021-1/+0
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 21:46:10 +0000