aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* add SSL_CTX_set_ecdh_auto where supported (#3250)Paul Kehrer2016-11-182-0/+12
| | | | In 1.1.0 this is a noop and occurs by default, and this wasn't supported < 1.0.2
* add some BIO functions for pypy's ssl stdlib (#3249)Paul Kehrer2016-11-182-0/+13
| | | refs #3248
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-184-16/+18
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* Random flake8 cleanups for the latest release (#3242)Alex Gaynor2016-11-151-0/+2
|
* Raise padding block_size limit to what is allowed by the specs. (#3108)Terry Chia2016-11-152-16/+18
| | | | | | | | | | | | | | | | | | | | * Raize padding block_size limit to what is allowed by the specs. * Add tests for raising padding limits. * Amend C code for padding check to use uint16_t instead of uint8_t. * Fix test to work in Python 3. * Fix typo. * Fix another typo. * Fix return type of the padding checks. * Change hypothesis test on padding. * Update comment.
* workaround for application bundling tools (#3235)Paul Kehrer2016-11-141-1/+31
| | | | | | | | | | | | | | | | | | | | | | | | * cx_freeze support for default_backend * updated tabing to spaces * corrected spacing * moved finding backend to backends __init__ * update to check to see if sys is frozen * corrected pep8 issues * update based on comments * changes to simplify, support testing, and improve comments * add changelog entry * right, coverage. I remember now. Time for some contortions. * updated with review feedback
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-134-0/+29
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* C locking callback (#3226)Alex Gaynor2016-11-132-30/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove Python OpenSSL locking callback and replace it with one in C The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding. * fixes for some issues * unused * revert these changes * these two for good measure * missing param * sigh, syntax * delete tests that assumed an ability to mess with locks * style fixes * licensing stuff * utf8 * Unicode. Huh. What it isn't good for, absolutely nothing.
* Turns out we shouldn't call it uniqueIdentifier (#3234)Paul Kehrer2016-11-121-2/+2
| | | http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
* add some new oids (#3233)Paul Kehrer2016-11-111-0/+4
| | | | | | * add some new oids * As Alex pointed out, it's streetAddress
* add alternate signature OID for RSA with SHA1 + test and vector (#3227)Paul Kehrer2016-11-111-0/+3
| | | | | | * add alternate signature OID for RSA with SHA1 + test and vector * mozilla is a proper noun leave me alone spellchecker
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-114-0/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-115-23/+58
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-075-6/+62
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* Export missing OpenSSL `X509_VERIFY_PARAM_free` (#3221)Thomas Sileo2016-11-061-0/+1
| | | | | | * Export missing OpenSSL `X509_VERIFY_PARAM_free` * Remove un-needed export in conditional names
* Fixes #3211 -- fixed hkdf's output with short length (#3215)Alex Gaynor2016-11-061-1/+1
|
* Fix compilation with MinGW (#3191)Saúl Ibarra Corretgé2016-10-101-2/+5
|
* support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)Paul Kehrer2016-10-011-4/+15
| | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage
* Resolved some more CFFI warnings; these are also unsigned (#3163)Alex Gaynor2016-09-221-2/+2
|
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set (#3162)Paul Kehrer2016-09-222-1/+8
| | | | | | | | | | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set * add a comment explaining why we changed this * 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i * needs to be visible
* fix warnings in cffi 1.8.3 due to wrong buffer types (#3155)Paul Kehrer2016-09-214-4/+4
|
* re-add setuptools resolve vs load workaround (#3150)Paul Kehrer2016-09-141-1/+7
| | | | | | * re-add setuptools resolve vs load workaround * add deprecatedin tag so we can find this easier
* fix memory leak reported in #3134 (#3135)Paul Kehrer2016-09-041-0/+4
|
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-032-0/+7
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
* Add bounds checking for Scrypt parameters. (#3130)Terry Chia2016-09-021-0/+10
| | | | | | | | | | * Add bounds checking for Scrypt parameters. * Pep8. * More PEP8. * Change wording.
* fix inconsistency in utilization of block_size in openssl cipher impl (#3131)Paul Kehrer2016-09-021-7/+6
| | | | | | | | | * fix inconsistency in utilization of block_size in openssl cipher impl Previously we over-allocated our buffers because we treated a bit size as bytes. * rename property
* Scrypt Implementation (#3117)Terry Chia2016-09-014-2/+78
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* add support for signature_algorithm_oid to cert, CSR, and CRL (#3124)Paul Kehrer2016-08-313-32/+65
| | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
* Add a register_interface_if decorator. (#3120)Terry Chia2016-08-291-0/+9
| | | | | | | | * Add a register_interface_if decorator. * Add tests. * PEP 8.
* blake2b/blake2s support (#3116)Paul Kehrer2016-08-283-4/+57
| | | | | | | | | | | | | | | | | | | | | | | | | * blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
* Scrypt bindings (#3114)Terry Chia2016-08-272-0/+17
| | | | | | | | | | | | | | * Add Scrypt bindings. * Add check for OPENSSL_NO_SCRYPT. * Fix CUSTOMIZATIONS. * Account for LibreSSL. * Remove argument names. * Remove more argument names.
* Refs #3002 -- clearly document that OpenSSL 1.0 support will be removed in ↵Alex Gaynor2016-08-271-3/+3
| | | | the next release. (#3113)
* Reopen master for 1.6 (#3112)Alex Gaynor2016-08-271-1/+1
|
* update changelog and bump version for 1.5 release (#3111)Paul Kehrer2016-08-261-1/+1
|
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-262-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* be a bit more robust about detecting locking callback declarations (#3107)Paul Kehrer2016-08-261-3/+11
|
* remove a few more unneeded and no longer extant functions for 1.1.0 (#3110)Paul Kehrer2016-08-262-3/+0
|
* opaque structs for 1.1.0 compatibility (#3109)Paul Kehrer2016-08-263-48/+9
| | | We're so close.
* Allow passing iterators where collections are expected (#3078)Marti2016-08-262-31/+45
| | | | | | | | | | | | | | Iterators can only be enumerated once, breaking code like this in Python 3 for example: san = SubjectAlternativeName(map(DNSName, lst)) This is also a slight behavior change if the caller modifies the list after passing it to the constructor, because input lists are now copied. Which seems like a good thing. Also: * Name now checks that attributes elements are of type NameAttribute * NoticeReference now allows notice_numbers to be any iterable
* remove two more constants that no longer exist and we don't use (#3101)Paul Kehrer2016-08-252-2/+0
|
* two more functions that became const, one removed that we don't use (#3102)Paul Kehrer2016-08-251-4/+6
|
* constify and reorder getter args (#3103)Paul Kehrer2016-08-242-21/+28
| | | | | | | | | | * constify more things in x509 and reorder a few func args Post pre6 they changed some function argument order... * fix the function arg order where we call it * still need arg names when implementing the function...whoops
* constify x509name functions (#3104)Paul Kehrer2016-08-241-8/+12
|
* const some more ASN1 (#3100)Paul Kehrer2016-08-241-2/+2
|
* CertificateBuilder accepts aware datetimes for not_valid_after and ↵InvalidInterrupt2016-08-161-0/+19
| | | | | | | | | | | | | | | | | | | not_valid_before (#2920) * CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before These functions now accept aware datetimes and convert them to UTC * Added pytz to test requirements * Correct pep8 error and improve Changelog wording * Improve tests and clarify changelog message * Trim Changelog line length * Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes * Fix accidental changelog entry
* ERR_load_RAND_strings changed function signature in 1.1.0 (#3093)Paul Kehrer2016-08-161-1/+6
| | | | | | | | * ERR_load_RAND_strings changed function signature in 1.1.0 Here is a hack to avoid breaking pyOpenSSL. * not sure how I managed that. I blame vim
* move functions that were const-ified in 1.1.0-pre6 (#3090)Paul Kehrer2016-08-163-19/+33
|
* OPENSSL_no_config is a macro in 1.1.0 (#3091)Paul Kehrer2016-08-161-1/+2
|
* BIO_set has been removed in 1.1.0 (#3092)Paul Kehrer2016-08-161-1/+0
| | | Since we aren't using it bye bye
* Disallow X509 certificate serial numbers bigger than 159 bits (#3064) (#3067)Коренберг Марк2016-08-021-8/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 07:07:26 +0000