diff options
| -rwxr-xr-x | .travis/upload_coverage.sh | 3 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 5 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/asn1.py | 19 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/bignum.py | 19 |
4 files changed, 8 insertions, 38 deletions
diff --git a/.travis/upload_coverage.sh b/.travis/upload_coverage.sh index 62489560..113dbef8 100755 --- a/.travis/upload_coverage.sh +++ b/.travis/upload_coverage.sh @@ -6,6 +6,5 @@ set -x NO_COVERAGE_TOXENVS=(pypy pypy3 pep8 py3pep8 docs) if ! [[ "${NO_COVERAGE_TOXENVS[*]}" =~ "${TOXENV}" ]]; then source ~/.venv/bin/activate - wget https://codecov.io/bash -O codecov.sh - bash codecov.sh -e TRAVIS_OS_NAME,TOXENV,OPENSSL + codecov --env TRAVIS_OS_NAME,TOXENV,OPENSSL fi diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index e4df9b10..2fac6d71 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -147,6 +147,10 @@ Elliptic Curve Key Exchange algorithm ... ).public_key() >>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key) + ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly + preferred** over simple ECDH and provides `forward secrecy`_ when used. + You must generate a new private key using :func:`generate_private_key` for + each ``exchange`` when performing an ECDHE key exchange. Elliptic Curves --------------- @@ -470,3 +474,4 @@ Key Interfaces .. _`SafeCurves`: http://safecurves.cr.yp.to/ .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA .. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA +.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index bbbffd8f..259adf19 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -9,24 +9,7 @@ INCLUDES = """ """ TYPES = """ -/* - * TODO: This typedef is wrong. - * - * This is due to limitations of cffi. - * See https://bitbucket.org/cffi/cffi/issue/69 - * - * For another possible work-around (not used here because it involves more - * complicated use of the cffi API which falls outside the general pattern used - * by this package), see - * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * - * The work-around used here is to just be sure to declare a type that is at - * least as large as the real type. Maciej explains: - * - * <fijal> I think you want to declare your value too large (e.g. long) - * <fijal> that way you'll never pass garbage - */ -typedef intptr_t time_t; +typedef int... time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; diff --git a/src/_cffi_src/openssl/bignum.py b/src/_cffi_src/openssl/bignum.py index 843e5119..ae035007 100644 --- a/src/_cffi_src/openssl/bignum.py +++ b/src/_cffi_src/openssl/bignum.py @@ -11,24 +11,7 @@ INCLUDES = """ TYPES = """ typedef ... BN_CTX; typedef ... BIGNUM; -/* - * TODO: This typedef is wrong. - * - * This is due to limitations of cffi. - * See https://bitbucket.org/cffi/cffi/issue/69 - * - * For another possible work-around (not used here because it involves more - * complicated use of the cffi API which falls outside the general pattern used - * by this package), see - * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * - * The work-around used here is to just be sure to declare a type that is at - * least as large as the real type. Maciej explains: - * - * <fijal> I think you want to declare your value too large (e.g. long) - * <fijal> that way you'll never pass garbage - */ -typedef uintptr_t BN_ULONG; +typedef int... BN_ULONG; """ FUNCTIONS = """ |