aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* add memory limit check for scrypt (#3328)Paul Kehrer2017-01-053-5/+34
| | | | | | | | | | * add memory limit check for scrypt fixes #3323 * test a pass * move _MEM_LIMIT to the scrypt module
* It is 2017, in UTC (#3342)Alex Gaynor2016-12-313-3/+3
|
* openssl backend: s/unserialize/deserialize/ in exception messages (#3339)Jan-Philip Gehrcke2016-12-281-2/+2
|
* Inline a pair of functions that became trivial post-1.0.0 (#3336)Alex Gaynor2016-12-251-7/+1
|
* Fixed #3334 -- added Python 3.6 support (#3335)Alex Gaynor2016-12-236-3/+16
| | | | | | | | | | * Fixed #3334 -- added Python 3.6 support * install py36 * empty commit to retrigger travis * this is an impressively dumb typo
* add openssl_version_number & doc openssl_version_text (#3329)Paul Kehrer2016-12-213-0/+20
| | | | | | | | | | * add openssl_version_number & doc openssl_version_text fixes #3315 * more docs + actually assert on the test... * text
* DTLS bindings (#3309)Paul Kehrer2016-12-192-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add DTLSv1_2 methods * add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout() * fix: PEP8 failed fix the following error: ./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters) see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/ * Revert "add DTLSv1_2 methods" This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e. * replace 'long int' by 'long' To be more consistent with the naming convention cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970 * wrap with braces cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057 * conditionally bind all DTLS * rebase error * rename wrapped function
* We test the latest version of 1.1.0 (#3327)Alex Gaynor2016-12-181-1/+1
|
* Add d2i_DHparams_bio, i2d_DHparams_bio bindings (#3322)Aviv Palivoda2016-12-181-0/+2
|
* 1.7.1 changelog port (#3320)Paul Kehrer2016-12-141-0/+5
| | | | | | * 1.7.1 changelog port * vim stop indenting when I don't want you to
* restore this constant, pyopenssl needs it (#3321)Alex Gaynor2016-12-141-0/+3
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-1324-574/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* fix a regression in int_from_bytes (#3316)Paul Kehrer2016-12-132-1/+13
| | | | | | * fix a regression in int_from_bytes * add a new test file
* no-ssl3, and some hacks (#3313)Alex Gaynor2016-12-123-4/+4
|
* 1.8 begins (#3311)Paul Kehrer2016-12-123-2/+8
|
* 1.7 changelog date and version bump (#3310)Paul Kehrer2016-12-123-6/+4
| | | | | | * 1.7 changelog date and version bump * no wait the 12th
* document DHBackend is implemented for OpenSSL (#3304)Paul Kehrer2016-12-111-0/+1
|
* Scrypt docs code example contradict RFC 7914 (#3302) (#3303)Nick Badger2016-12-102-12/+15
| | | | | | | | | | | | * Scrypt docs code example contradict RFC 7914 (#3302) * More secure example difficulty of parameter n in scrypt docs (#3302) * Change link text to scrypt paper (#3302) * Change link text to scrypt paper, part deux (#3302) * Add "logins" to spelling wordlist
* add changelog entry for osrandom (#3298)Paul Kehrer2016-12-101-0/+4
|
* older readme_renderer doesn't work with docutils 0.13 (#3300)Paul Kehrer2016-12-091-1/+1
|
* New osrandom_engine in C (#3229)Christian Heimes2016-12-0910-72/+775
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* friendly error if you put a date too far in the future on windows (#3279)Paul Kehrer2016-12-052-2/+45
|
* clean up int_from_bytes (#3295)Ofek Lev2016-12-021-13/+1
| | | | | | | | | | * clean up int_from_bytes 7x speed-up and code is more readable * remove unused import * rely on py2 built-in codecs
* Sierra is a thing (#3294)Alex Gaynor2016-12-021-2/+2
|
* Add minversion to tox.ini (#3292)Christian Heimes2016-11-301-0/+1
| | | | | | | | | | | Cryptography uses new features from tox 2.4. Tox 2.3 happily ignores the new config stanzes and doesn't install dependency. This can lead to strange test failures. With minversion=2.4, tox 2.3 fails to run properly: $ tox ERROR: tox version is 2.3.1, required is at least 2.4 Signed-off-by: Christian Heimes <christian@python.org>
* cffi bindings additions for pypy's _hashlib module (#3291)Richard Plangger2016-11-302-0/+10
| | | | | | | | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation) * ah, that comes from copying it from the man page * dont use #define ..., delcare it as static cont long <name>
* Bind TLSEXT_STATUSTYPE_ocsp (#3290)Cory Benfield2016-11-291-0/+1
|
* Add OPENSSL_malloc. (#3289)Cory Benfield2016-11-281-0/+1
|
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-2615-75/+845
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* updated authors.rst (#3277)Erik Daguerre2016-11-221-0/+1
|
* Error out on OpenSSL 1.0.0 by default (#3276)Alex Gaynor2016-11-226-13/+39
| | | | | | * Error out on OpenSSL 1.0.0 by default * what the heck
* let's get rolling on 1.7! (#3274)Paul Kehrer2016-11-223-2/+8
|
* bump version and set changelog date for 1.6 release (#3271)Paul Kehrer2016-11-213-6/+4
|
* error if private_value is <= 0 in ec.derive_private_key (#3273)Paul Kehrer2016-11-212-0/+6
|
* PyPy's ssl module, the last missing macro and three macro functions (#3270)Richard Plangger2016-11-212-1/+4
| | | | | | | | * missing macro and three macro functions * removed space before function name (style issue) * remove macro which always will not be set by cryptography
* update docs and changelog for prehashed support (#3268)Paul Kehrer2016-11-202-4/+16
|
* add support for prehashing in ECDSA sign/verify (#3267)Paul Kehrer2016-11-203-25/+106
| | | | | | * add support for prehashing in ECDSA sign/verify * move signature_algorithm check to its own function
* support prehashed sign/verify in DSA (#3266)Paul Kehrer2016-11-203-10/+71
|
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-206-20/+82
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* support prehashing in RSA sign (#3238)Paul Kehrer2016-11-206-7/+112
| | | | | | | | * support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
* refactor RSA signature verification to prep for prehash support (#3261)Paul Kehrer2016-11-201-98/+73
|
* refactor ecdsa sign/verify for prehash (#3263)Paul Kehrer2016-11-191-34/+31
|
* refactor dsa sign/verify as prep for prehash (#3262)Paul Kehrer2016-11-191-23/+32
|
* bind a few things pypy ssl stdlib needs in x509v3 (#3255)Paul Kehrer2016-11-191-0/+7
|
* refactor RSA signing to prep for prehash support (#3240)Paul Kehrer2016-11-191-110/+131
|
* Additions to the changelog for 1.6 (#3258)Paul Kehrer2016-11-191-1/+5
| | | | | | * Additions to the changelog for 1.6 * explain why
* Add DHparams_dup to DH bindings (#3260)Aviv Palivoda2016-11-191-0/+1
|
* add a few more OIDs (#3259)Paul Kehrer2016-11-192-0/+24
| | | pulled from #3244
* bind GENERAL_NAME_free and move GENERAL_NAME_new to macros... (#3257)Paul Kehrer2016-11-191-1/+2
| | | where it belongs!
* add error codes and ERR_get_state for pypy stdlib ssl (#3256)Paul Kehrer2016-11-191-2/+29
|