aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-134-136/+81
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* faq entry for setuptools_ext issues (#3393)Paul Kehrer2017-02-131-0/+5
|
* Update tutorial.rst (#3394)AlexanderWeyman2017-02-131-2/+2
| | | eliminated inconsitency of variable name in sample code
* Add EVP_PKEY_DHX (#3388)Aviv Palivoda2017-02-132-0/+12
| | | | | | * Add EVP_PKEY_DHX * Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
* bump our latest pypy builds to use the latest pypy (#3391)Paul Kehrer2017-02-111-2/+2
|
* Bump openssl on travis (#3390)Alex Gaynor2017-02-121-2/+2
|
* Fixed #3306 -- changelog entry for linking against OpenSSL 1.1.0 (#3389)Alex Gaynor2017-02-111-0/+1
|
* support defining which windows libraries to link with an env var (#3356)Paul Kehrer2017-02-092-2/+17
| | | | | | | | | | | | * support defining which windows libraries to link with an env var CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend * add some docs * change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110 * lib prefixing is not a thing msvc does, right
* enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)Paul Kehrer2017-02-084-2/+47
| | | | | | | | | | * enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
* replace pyasn1 with asn1crypto (#3361)Ofek Lev2017-02-086-66/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | * replace pyasn1 with asn1crypto * allow trailing bytes * fix x509 test * update CHANGELOG.rst * fix assert * make asn1crypto code more idiomatic * find tag * final clean-up * leave trailing byte logic unchanged * document dependency change * spelling * fix spelling
* Dh serialization changelog (#3385)Aviv Palivoda2017-02-082-0/+11
| | | | | | * Add CHANGELOG entries for DH serialization * update AUTHORS
* DH serialization (#3297)Aviv Palivoda2017-02-0712-8/+393
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* Backport DH_check from OpenSSL 1.1.0. (#3375)Mark Williams2017-02-032-3/+116
| | | | | | | | | | | | | | | | | | | * Backport DH_check from OpenSSL 1.1.0. OpenSSL 1.0.2's DH_check considers the q parameter, allowing it validate more generators and primes; however, OpenSSL 1.1.0's DH_check includes code to handle errors in BN functions, so it's preferred. * Wrap DH_Check when using OpenSSL 1.1.0 or higher. * Adding DH_CHECK_* values missing from older OpenSSLs * Defensively guard DH_CHECK_* definitions with ifndef. This will prevent duplicate definitions when LibreSSL supports a version of DH_check that can return these. * Document the OpenSSL of origin for the DH_check code
* make cryptography fallback to /dev/urandom on mac on macOS < 10.12 (#3354)Paul Kehrer2017-01-311-2/+6
|
* port 1.7.2 changelog (#3371)Paul Kehrer2017-01-281-0/+5
|
* Point people to python3-dev if needed (#3359)Alex Gaynor2017-01-211-2/+4
| | | | | | | | * Point people to python3-dev if needed * oops, syntax fix * Fedora/RHEL as well
* Removed dead link from docs (#3360)Alex Gaynor2017-01-211-3/+2
|
* Use static callbacks with Python 3.x again (#3350)Christian Heimes2017-01-181-4/+1
| | | | | | | | | | | | | | | | * Use static callbacks with Python 3.x again Static callbacks were disabled for Python 3.5+ to work around an issue with subinterpreters, locking callbacks and osrandom engine. Locking callback and osrandom engine were replaced with a C implementations in version 1.6 and 1.7. https://github.com/pyca/cryptography/issues/2970 Closes: #3348 Signed-off-by: Christian Heimes <christian@python.org> * remove unused import
* add a SAN to the certificatebuilder example (#3353)Paul Kehrer2017-01-181-0/+6
| | | | Evidently users copy/paste these examples so adding a SAN here will help people screw up less. Fixes #3314
* update comment to be more descriptive (#3349)Paul Kehrer2017-01-181-2/+3
|
* fix #3308 (#3352)Paul Kehrer2017-01-181-3/+1
|
* Move pkg_resources import location. (#3347)Dan Sully2017-01-171-2/+4
|
* add memory limit check for scrypt (#3328)Paul Kehrer2017-01-053-5/+34
| | | | | | | | | | * add memory limit check for scrypt fixes #3323 * test a pass * move _MEM_LIMIT to the scrypt module
* It is 2017, in UTC (#3342)Alex Gaynor2016-12-313-3/+3
|
* openssl backend: s/unserialize/deserialize/ in exception messages (#3339)Jan-Philip Gehrcke2016-12-281-2/+2
|
* Inline a pair of functions that became trivial post-1.0.0 (#3336)Alex Gaynor2016-12-251-7/+1
|
* Fixed #3334 -- added Python 3.6 support (#3335)Alex Gaynor2016-12-236-3/+16
| | | | | | | | | | * Fixed #3334 -- added Python 3.6 support * install py36 * empty commit to retrigger travis * this is an impressively dumb typo
* add openssl_version_number & doc openssl_version_text (#3329)Paul Kehrer2016-12-213-0/+20
| | | | | | | | | | * add openssl_version_number & doc openssl_version_text fixes #3315 * more docs + actually assert on the test... * text
* DTLS bindings (#3309)Paul Kehrer2016-12-192-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add DTLSv1_2 methods * add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout() * fix: PEP8 failed fix the following error: ./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters) see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/ * Revert "add DTLSv1_2 methods" This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e. * replace 'long int' by 'long' To be more consistent with the naming convention cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970 * wrap with braces cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057 * conditionally bind all DTLS * rebase error * rename wrapped function
* We test the latest version of 1.1.0 (#3327)Alex Gaynor2016-12-181-1/+1
|
* Add d2i_DHparams_bio, i2d_DHparams_bio bindings (#3322)Aviv Palivoda2016-12-181-0/+2
|
* 1.7.1 changelog port (#3320)Paul Kehrer2016-12-141-0/+5
| | | | | | * 1.7.1 changelog port * vim stop indenting when I don't want you to
* restore this constant, pyopenssl needs it (#3321)Alex Gaynor2016-12-141-0/+3
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-1324-574/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* fix a regression in int_from_bytes (#3316)Paul Kehrer2016-12-132-1/+13
| | | | | | * fix a regression in int_from_bytes * add a new test file
* no-ssl3, and some hacks (#3313)Alex Gaynor2016-12-123-4/+4
|
* 1.8 begins (#3311)Paul Kehrer2016-12-123-2/+8
|
* 1.7 changelog date and version bump (#3310)Paul Kehrer2016-12-123-6/+4
| | | | | | * 1.7 changelog date and version bump * no wait the 12th
* document DHBackend is implemented for OpenSSL (#3304)Paul Kehrer2016-12-111-0/+1
|
* Scrypt docs code example contradict RFC 7914 (#3302) (#3303)Nick Badger2016-12-102-12/+15
| | | | | | | | | | | | * Scrypt docs code example contradict RFC 7914 (#3302) * More secure example difficulty of parameter n in scrypt docs (#3302) * Change link text to scrypt paper (#3302) * Change link text to scrypt paper, part deux (#3302) * Add "logins" to spelling wordlist
* add changelog entry for osrandom (#3298)Paul Kehrer2016-12-101-0/+4
|
* older readme_renderer doesn't work with docutils 0.13 (#3300)Paul Kehrer2016-12-091-1/+1
|
* New osrandom_engine in C (#3229)Christian Heimes2016-12-0910-72/+775
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* friendly error if you put a date too far in the future on windows (#3279)Paul Kehrer2016-12-052-2/+45
|
* clean up int_from_bytes (#3295)Ofek Lev2016-12-021-13/+1
| | | | | | | | | | * clean up int_from_bytes 7x speed-up and code is more readable * remove unused import * rely on py2 built-in codecs
* Sierra is a thing (#3294)Alex Gaynor2016-12-021-2/+2
|
* Add minversion to tox.ini (#3292)Christian Heimes2016-11-301-0/+1
| | | | | | | | | | | Cryptography uses new features from tox 2.4. Tox 2.3 happily ignores the new config stanzes and doesn't install dependency. This can lead to strange test failures. With minversion=2.4, tox 2.3 fails to run properly: $ tox ERROR: tox version is 2.3.1, required is at least 2.4 Signed-off-by: Christian Heimes <christian@python.org>
* cffi bindings additions for pypy's _hashlib module (#3291)Richard Plangger2016-11-302-0/+10
| | | | | | | | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation) * ah, that comes from copying it from the man page * dont use #define ..., delcare it as static cont long <name>
* Bind TLSEXT_STATUSTYPE_ocsp (#3290)Cory Benfield2016-11-291-0/+1
|
* Add OPENSSL_malloc. (#3289)Cory Benfield2016-11-281-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-05 09:30:54 +0000