aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Another simplification of freeing (#3498)Alex Gaynor2017-04-092-7/+2
|
* Fixed #3492 -- use a better API (#3497)Alex Gaynor2017-04-092-7/+2
| | | | | | | | | | * Fixed #3492 -- use a better API * More correct types * Revert "More correct types" This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f.
* Add some ASN1_TIME related functions for the relevant PyOpenSSL patch. (#3491)Moriyoshi Koizumi2017-04-061-0/+2
| | | | | | * Add ASN1_TIME related functions for the relevant PyOpenSSL patch. * Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~.
* minor int_to_bytes performance increase (#3490)Ofek Lev2017-04-061-7/+13
| | | | | | | | * minor int_to_bytes performance increase * why is Python 2.6 supported anyway... * keep py2k version
* Style nit in C code (#3486)Alex Gaynor2017-04-031-1/+1
|
* remove key check (#3473)Ofek Lev2017-04-011-3/+0
|
* Attempt to simplify the libressl checing (#3482)Alex Gaynor2017-03-2616-60/+54
| | | | | | | | | | * Attempt to simplify the libressl checing * SHENANGINS * Attempted fix * More simplification
* Two additional bindings for CT (#3478)Alex Gaynor2017-03-232-0/+9
| | | | | | * Two additional bindings for CT * Grumble
* First pass at adding SCT bindings (#3471)Alex Gaynor2017-03-223-0/+75
| | | | | | | | | | | | | | * First pass at adding bindings for CT functions. No conditionals yet. * add a stack typedef as well * Don't try to include this header if we're on an older OpenSSL * wire up the conditional stuff * bunch o' nonsense to get it to compile on old openssl * I hate libressl
* Interfaces for SCTs, feedback wanted (#3467)Alex Gaynor2017-03-222-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Stub API for SCTs, feedback wanted * grr, flake8 * port this to being an ABC * finish up the __init__ * Two necessary enums * Roll this back * Wrote some docs * spell words correctly * linky * more details * use the words UTC * coverage * Define MMD for the kids at some * linky linky
* Remove API deprecated in 1.6, clean up the legacy deprecations (#3468)Alex Gaynor2017-03-215-22/+10
| | | | | | * Remove API deprecated in 1.6, clean up the legacy deprecations * flake8, unused import
* Refs #3461 -- added the OID for the SCT x.509 extension (#3464)Alex Gaynor2017-03-201-0/+3
| | | | | | * Refs #3461 -- added the OID for the SCT x.509 extension * Version added
* Remove workaround for weird NetBSD bug (#3458)Alex Gaynor2017-03-172-25/+0
|
* Ec is a thing (#3453)Alex Gaynor2017-03-1510-365/+6
| | | | | | | | | | | | | | | | * We always have EC * We always have ECDH * We always have ECDSA * We always have EC codes * This can go as well * And this * unused import
* Be on brand: it's macOS (#3456)Alex Gaynor2017-03-152-2/+2
| | | | | | * Be on brand: it's macOS * line wrap
* add X509_STORE_CTX_get0_cert binding (#3455)Paul Kehrer2017-03-141-0/+9
|
* More ifdef death (#3450)Alex Gaynor2017-03-144-62/+2
| | | | | | | | | | * CMAC is always supported * TLSv1.2 is always supported * Releasing buffers is always supported * Nonsense IE SSLv2 nonsens is always supported
* Memleak tests (#3140)Alex Gaynor2017-03-142-0/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bind a pair of mem functions. * make these conditional * do the conditional correctly * move to the right section * I'm not saying libressl should be illegal, but it is annoying * sigh, typo * first cut at memleak tests. doesn't work * hack around the previous error, onto the next one * drop the pointless restoration of the original functions * Don't try to use the previous malloc functions. The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever. * flake8 * Get the code basically working * flake8 * say the correct incantation * Don't try to run on old OpenSSL * Flushing this is a good idea * Fixed a py2.7+ism * GRRRRR * WOrkaround for hilarity * Revert "WOrkaround for hilarity" This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439. * Swap out these functions for the originals * py3k fix * flake8 * nonsense for windows * py3k * seperate stdout and stderr because py26 has a warning on stderr * try writing this all out for windows * useful error messages * Debugging utility * Avoid this mess, don't dlopen anything * consistency * Throw away this FFI entirely * some useful comments
* Removed some unused ifdefs from openssl bindings (#3448)Alex Gaynor2017-03-143-45/+0
|
* port 1.8.1 changelog and update master for 1.9 release cycle (#3440)Paul Kehrer2017-03-101-1/+1
|
* 1.8 version bump and changelog date (#3438)Paul Kehrer2017-03-091-1/+1
|
* reverts a change to our exceptions (#3429)Paul Kehrer2017-03-091-21/+1
| | | | | Trying to be too specific about why key loading fails is very difficult when you're using the same logic across DH, EC, RSA, and DSA. This makes it less fancy.
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp (#3431)Alex Gaynor2017-03-094-5/+26
| | | | | | | | | | * Refs #3430 -- fixed a memory leak in extension parsing for CRL dp * same fix for policy info * make this private * consistency cleanup
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-055-33/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* Fixed #3422 -- Remove some legacy code which is now in 1.0.1 (#3423)Alex Gaynor2017-03-012-50/+10
| | | | | | | | | | * Fixed #3422 -- Remove some legacy code which is now in 1.0.1 * _int_to_bn doesnt like negatives * minimize the diff * some additional cleanup
* Add ASN1_F_ASN1_CHECK_TLEN (#3414)Aviv Palivoda2017-02-211-0/+1
|
* use official API for unreachable C code (#3404)Alex Gaynor2017-02-181-3/+3
|
* add support for update_into on CipherContext (#3190)Paul Kehrer2017-02-164-2/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add support for update_into on CipherContext This allows you to provide your own buffer (like recv_into) to improve performance when repeatedly calling encrypt/decrypt on large payloads. * another skip_if * more skip_if complexity * maybe do this right * correct number of args * coverage for the coverage gods * add a cffi minimum test tox target and travis builder This tests against macOS so we capture some commoncrypto branches * extra arg * need to actually install py35 * fix * coverage for GCM decrypt in CC * no longer relevant * 1.8 now * pep8 * dramatically simplify * update docs * remove unneeded test * changelog entry * test improvements * coverage fix * add some comments to example * move the comments to their own line * fix and move comment
* Refactor binding initialization to allow specified errors (#3278)Paul Kehrer2017-02-131-1/+6
| | | | | | | | | If pyca/cryptography sees any errors on the error stack during its own initialization it immediately raises InternalError and refuses to proceed. This was a safety measure since we weren't sure if it was safe to proceed. However, reality has intervened and we have to bow to the god of pragmatism and just clear the error queue. In practice this is safe since we religiously check the error queue in operation.
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-133-121/+57
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* Add EVP_PKEY_DHX (#3388)Aviv Palivoda2017-02-132-0/+12
| | | | | | * Add EVP_PKEY_DHX * Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
* support defining which windows libraries to link with an env var (#3356)Paul Kehrer2017-02-091-1/+10
| | | | | | | | | | | | * support defining which windows libraries to link with an env var CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend * add some docs * change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110 * lib prefixing is not a thing msvc does, right
* enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)Paul Kehrer2017-02-081-0/+2
| | | | | | | | | | * enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
* replace pyasn1 with asn1crypto (#3361)Ofek Lev2017-02-082-48/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | * replace pyasn1 with asn1crypto * allow trailing bytes * fix x509 test * update CHANGELOG.rst * fix assert * make asn1crypto code more idiomatic * find tag * final clean-up * leave trailing byte logic unchanged * document dependency change * spelling * fix spelling
* DH serialization (#3297)Aviv Palivoda2017-02-072-7/+60
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* Backport DH_check from OpenSSL 1.1.0. (#3375)Mark Williams2017-02-032-3/+116
| | | | | | | | | | | | | | | | | | | * Backport DH_check from OpenSSL 1.1.0. OpenSSL 1.0.2's DH_check considers the q parameter, allowing it validate more generators and primes; however, OpenSSL 1.1.0's DH_check includes code to handle errors in BN functions, so it's preferred. * Wrap DH_Check when using OpenSSL 1.1.0 or higher. * Adding DH_CHECK_* values missing from older OpenSSLs * Defensively guard DH_CHECK_* definitions with ifndef. This will prevent duplicate definitions when LibreSSL supports a version of DH_check that can return these. * Document the OpenSSL of origin for the DH_check code
* make cryptography fallback to /dev/urandom on mac on macOS < 10.12 (#3354)Paul Kehrer2017-01-311-2/+6
|
* Use static callbacks with Python 3.x again (#3350)Christian Heimes2017-01-181-4/+1
| | | | | | | | | | | | | | | | * Use static callbacks with Python 3.x again Static callbacks were disabled for Python 3.5+ to work around an issue with subinterpreters, locking callbacks and osrandom engine. Locking callback and osrandom engine were replaced with a C implementations in version 1.6 and 1.7. https://github.com/pyca/cryptography/issues/2970 Closes: #3348 Signed-off-by: Christian Heimes <christian@python.org> * remove unused import
* update comment to be more descriptive (#3349)Paul Kehrer2017-01-181-2/+3
|
* Move pkg_resources import location. (#3347)Dan Sully2017-01-171-2/+4
|
* add memory limit check for scrypt (#3328)Paul Kehrer2017-01-052-4/+12
| | | | | | | | | | * add memory limit check for scrypt fixes #3323 * test a pass * move _MEM_LIMIT to the scrypt module
* It is 2017, in UTC (#3342)Alex Gaynor2016-12-311-1/+1
|
* openssl backend: s/unserialize/deserialize/ in exception messages (#3339)Jan-Philip Gehrcke2016-12-281-2/+2
|
* Inline a pair of functions that became trivial post-1.0.0 (#3336)Alex Gaynor2016-12-251-7/+1
|
* add openssl_version_number & doc openssl_version_text (#3329)Paul Kehrer2016-12-211-0/+3
| | | | | | | | | | * add openssl_version_number & doc openssl_version_text fixes #3315 * more docs + actually assert on the test... * text
* DTLS bindings (#3309)Paul Kehrer2016-12-192-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add DTLSv1_2 methods * add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout() * fix: PEP8 failed fix the following error: ./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters) see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/ * Revert "add DTLSv1_2 methods" This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e. * replace 'long int' by 'long' To be more consistent with the naming convention cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970 * wrap with braces cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057 * conditionally bind all DTLS * rebase error * rename wrapped function
* Add d2i_DHparams_bio, i2d_DHparams_bio bindings (#3322)Aviv Palivoda2016-12-181-0/+2
|
* restore this constant, pyopenssl needs it (#3321)Alex Gaynor2016-12-141-0/+3
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-1314-363/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* fix a regression in int_from_bytes (#3316)Paul Kehrer2016-12-131-1/+2
| | | | | | * fix a regression in int_from_bytes * add a new test file
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 21:02:27 +0000