| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
|
|
|
| |
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' NULL>
>>> lib.OPENSSL_config(ffi.NULL)
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' 0x10adc7440>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| | |
|
| | |
|
| |
|
|
|
|
| |
OPENSSL_config is deprecated in 1.1.0 and OPENSSL_no_config is a macro
provided solely for compatibility. We don't use either of these and the
only thing we actually need is an opaque typedef for CONF.
|
| |
|
|
| |
We dont' officially support compiling against platform OpenSSL on OS X
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cffi 1.4.0 will introduce a new API to create static callbacks. Contrary
to the old callback API, static callbacks no longer depend on libffi's
dynamic code generation for closures. Static code has some benefits over
dynamic generation. For example the code is faster. Also it doesn't need
writeable and executable memory mappings, which makes it compatible with
SELinux's deny execmem policy.
The branch depends on PR #2488.
https://bitbucket.org/cffi/cffi/issues/232/static-callbacks
Closes: #2477
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
