aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* More ifdef death (#3450)Alex Gaynor2017-03-144-62/+2
| | | | | | | | | | * CMAC is always supported * TLSv1.2 is always supported * Releasing buffers is always supported * Nonsense IE SSLv2 nonsens is always supported
* Memleak tests (#3140)Alex Gaynor2017-03-143-0/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bind a pair of mem functions. * make these conditional * do the conditional correctly * move to the right section * I'm not saying libressl should be illegal, but it is annoying * sigh, typo * first cut at memleak tests. doesn't work * hack around the previous error, onto the next one * drop the pointless restoration of the original functions * Don't try to use the previous malloc functions. The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever. * flake8 * Get the code basically working * flake8 * say the correct incantation * Don't try to run on old OpenSSL * Flushing this is a good idea * Fixed a py2.7+ism * GRRRRR * WOrkaround for hilarity * Revert "WOrkaround for hilarity" This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439. * Swap out these functions for the originals * py3k fix * flake8 * nonsense for windows * py3k * seperate stdout and stderr because py26 has a warning on stderr * try writing this all out for windows * useful error messages * Debugging utility * Avoid this mess, don't dlopen anything * consistency * Throw away this FFI entirely * some useful comments
* Removed some unused ifdefs from openssl bindings (#3448)Alex Gaynor2017-03-143-45/+0
|
* fix typo (#3442)Ofek Lev2017-03-121-1/+1
|
* port 1.8.1 changelog and update master for 1.9 release cycle (#3440)Paul Kehrer2017-03-103-2/+13
|
* 1.8 version bump and changelog date (#3438)Paul Kehrer2017-03-093-6/+4
|
* it's called macOS and let's document openssl 1.1.0 installation on mac (#3437)Paul Kehrer2017-03-091-15/+15
| | | | | | * it's called macOS and let's document openssl 1.1.0 installation on mac * wrap that line
* document that we're not building universal wheels now (#3436)Paul Kehrer2017-03-092-7/+7
| | | Also updates the doing a release documentation
* add changelog entry, fixes #3427 (#3435)Paul Kehrer2017-03-091-0/+1
|
* reverts a change to our exceptions (#3429)Paul Kehrer2017-03-093-43/+12
| | | | | Trying to be too specific about why key loading fails is very difficult when you're using the same logic across DH, EC, RSA, and DSA. This makes it less fancy.
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp (#3431)Alex Gaynor2017-03-094-5/+26
| | | | | | | | | | * Refs #3430 -- fixed a memory leak in extension parsing for CRL dp * same fix for policy info * make this private * consistency cleanup
* missing coverage for dh_x942_serialization_supported in MultiBackend (#3432)Paul Kehrer2017-03-081-0/+1
|
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-0520-71/+481
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* Fixed #3422 -- Remove some legacy code which is now in 1.0.1 (#3423)Alex Gaynor2017-03-012-50/+10
| | | | | | | | | | * Fixed #3422 -- Remove some legacy code which is now in 1.0.1 * _int_to_bn doesnt like negatives * minimize the diff * some additional cleanup
* Update NIST urls in docs (#3418)Alex Gaynor2017-02-273-4/+4
|
* SHA-1 is broken, run for the hills (#3417)Alex Gaynor2017-02-231-15/+16
|
* Use HTTPS urls for a few more websites (#3416)Alex Gaynor2017-02-232-3/+3
|
* Add ASN1_F_ASN1_CHECK_TLEN (#3414)Aviv Palivoda2017-02-211-0/+1
|
* Fixes #3409 -- bump idna dep to a version with massively improved ↵Alex Gaynor2017-02-201-1/+1
| | | | performance/memory usage (#3411)
* This is HTTPS now (#3407)Alex Gaynor2017-02-182-2/+2
|
* use official API for unreachable C code (#3404)Alex Gaynor2017-02-181-3/+3
|
* Two random grammar fixes (#3402)Alex Gaynor2017-02-182-2/+2
|
* Fixed #3398 -- document the serial deprecation in the changelog (#3401)Alex Gaynor2017-02-171-0/+3
| | | | | | | | * Fixed #3398 -- document the serial deprecation in the changelog * fix * sigh, fix
* add support for update_into on CipherContext (#3190)Paul Kehrer2017-02-169-6/+316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add support for update_into on CipherContext This allows you to provide your own buffer (like recv_into) to improve performance when repeatedly calling encrypt/decrypt on large payloads. * another skip_if * more skip_if complexity * maybe do this right * correct number of args * coverage for the coverage gods * add a cffi minimum test tox target and travis builder This tests against macOS so we capture some commoncrypto branches * extra arg * need to actually install py35 * fix * coverage for GCM decrypt in CC * no longer relevant * 1.8 now * pep8 * dramatically simplify * update docs * remove unneeded test * changelog entry * test improvements * coverage fix * add some comments to example * move the comments to their own line * fix and move comment
* bump openssl for tests to 1.1.0e (#3399)Alex Gaynor2017-02-161-2/+2
|
* Refactor binding initialization to allow specified errors (#3278)Paul Kehrer2017-02-132-2/+19
| | | | | | | | | If pyca/cryptography sees any errors on the error stack during its own initialization it immediately raises InternalError and refuses to proceed. This was a safety measure since we weren't sure if it was safe to proceed. However, reality has intervened and we have to bow to the god of pragmatism and just clear the error queue. In practice this is safe since we religiously check the error queue in operation.
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-134-136/+81
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* faq entry for setuptools_ext issues (#3393)Paul Kehrer2017-02-131-0/+5
|
* Update tutorial.rst (#3394)AlexanderWeyman2017-02-131-2/+2
| | | eliminated inconsitency of variable name in sample code
* Add EVP_PKEY_DHX (#3388)Aviv Palivoda2017-02-132-0/+12
| | | | | | * Add EVP_PKEY_DHX * Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
* bump our latest pypy builds to use the latest pypy (#3391)Paul Kehrer2017-02-111-2/+2
|
* Bump openssl on travis (#3390)Alex Gaynor2017-02-121-2/+2
|
* Fixed #3306 -- changelog entry for linking against OpenSSL 1.1.0 (#3389)Alex Gaynor2017-02-111-0/+1
|
* support defining which windows libraries to link with an env var (#3356)Paul Kehrer2017-02-092-2/+17
| | | | | | | | | | | | * support defining which windows libraries to link with an env var CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend * add some docs * change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110 * lib prefixing is not a thing msvc does, right
* enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)Paul Kehrer2017-02-084-2/+47
| | | | | | | | | | * enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
* replace pyasn1 with asn1crypto (#3361)Ofek Lev2017-02-086-66/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | * replace pyasn1 with asn1crypto * allow trailing bytes * fix x509 test * update CHANGELOG.rst * fix assert * make asn1crypto code more idiomatic * find tag * final clean-up * leave trailing byte logic unchanged * document dependency change * spelling * fix spelling
* Dh serialization changelog (#3385)Aviv Palivoda2017-02-082-0/+11
| | | | | | * Add CHANGELOG entries for DH serialization * update AUTHORS
* DH serialization (#3297)Aviv Palivoda2017-02-0712-8/+393
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* Backport DH_check from OpenSSL 1.1.0. (#3375)Mark Williams2017-02-032-3/+116
| | | | | | | | | | | | | | | | | | | * Backport DH_check from OpenSSL 1.1.0. OpenSSL 1.0.2's DH_check considers the q parameter, allowing it validate more generators and primes; however, OpenSSL 1.1.0's DH_check includes code to handle errors in BN functions, so it's preferred. * Wrap DH_Check when using OpenSSL 1.1.0 or higher. * Adding DH_CHECK_* values missing from older OpenSSLs * Defensively guard DH_CHECK_* definitions with ifndef. This will prevent duplicate definitions when LibreSSL supports a version of DH_check that can return these. * Document the OpenSSL of origin for the DH_check code
* make cryptography fallback to /dev/urandom on mac on macOS < 10.12 (#3354)Paul Kehrer2017-01-311-2/+6
|
* port 1.7.2 changelog (#3371)Paul Kehrer2017-01-281-0/+5
|
* Point people to python3-dev if needed (#3359)Alex Gaynor2017-01-211-2/+4
| | | | | | | | * Point people to python3-dev if needed * oops, syntax fix * Fedora/RHEL as well
* Removed dead link from docs (#3360)Alex Gaynor2017-01-211-3/+2
|
* Use static callbacks with Python 3.x again (#3350)Christian Heimes2017-01-181-4/+1
| | | | | | | | | | | | | | | | * Use static callbacks with Python 3.x again Static callbacks were disabled for Python 3.5+ to work around an issue with subinterpreters, locking callbacks and osrandom engine. Locking callback and osrandom engine were replaced with a C implementations in version 1.6 and 1.7. https://github.com/pyca/cryptography/issues/2970 Closes: #3348 Signed-off-by: Christian Heimes <christian@python.org> * remove unused import
* add a SAN to the certificatebuilder example (#3353)Paul Kehrer2017-01-181-0/+6
| | | | Evidently users copy/paste these examples so adding a SAN here will help people screw up less. Fixes #3314
* update comment to be more descriptive (#3349)Paul Kehrer2017-01-181-2/+3
|
* fix #3308 (#3352)Paul Kehrer2017-01-181-3/+1
|
* Move pkg_resources import location. (#3347)Dan Sully2017-01-171-2/+4
|
* add memory limit check for scrypt (#3328)Paul Kehrer2017-01-053-5/+34
| | | | | | | | | | * add memory limit check for scrypt fixes #3323 * test a pass * move _MEM_LIMIT to the scrypt module
* It is 2017, in UTC (#3342)Alex Gaynor2016-12-313-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 07:30:55 +0000