| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
* remove egd
* oops
* keep Cryptography_HAS_EGD for compat just in case
This shouldn't really be necessary but maybe we can fully remove it in
2018 or 2019...
|
| |
|
|
|
|
| |
* remove cryptodev
* oops
|
| |
|
|
|
|
|
|
| |
* Remove conditionals we never use.
Refs #3763
* put this back
|
| |
|
|
|
|
|
|
| |
* No more FUNCS/MACROS distinction
* change the docs to not talk about MACROS since they're gone
* remove out of date comment
|
| |
|
|
|
|
| |
* enable wconversion and finish fixes
* don't pass -Wconversion if it's win32
|
| |
|
|
|
|
| |
* bind DTLS 1.2 methods
* remove version specific dtls bindings, rename sentinel value
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pypy3 fix on macos using work from the pypy project
https://bitbucket.org/pypy/pypy/commits/198dc138680f96c391802fa1e77b8b6d2e0134e6?at=py3.5
* change abort error msg and fix wrong type
* oh windows
* remove an unused variable
* rename mutex1_t, use calloc, small style fixes
* calloc correctly
* (call)
|
| |
|
|
|
|
| |
* bind even more evp
* oops
|
| | |
|
| |
|
|
|
|
| |
* add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519
* add a few more bindings we'll need for X25519
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* runtime detection of getentropy for macOS via weak-linking
In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!
* oops
* separate the enum
* okay just apple
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* jurisdictionCountryName also must be PrintableString
* flake8 + citation
* Write a test, which fails. If my analysis is correct, this is blocked on:
https://github.com/openssl/openssl/pull/3284
* This is only true on 1.1.0
* clearly express the version requirement
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* More accurate LibreSSL detection
* Update x509_vfy.py
change approach to use ifndef
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add PEM_write_bio_DHxparams
* Define PEM_write_bio_DHxparams only if EVP_PKEY_DHX defined.
Both added in commit afb14cda in openssl
* Add d2i_DHxparams_bio and i2d_DHxparams_bio bindings
* Fix bindings addition
* change condtional bindings to be after 1.1.0f
* Change i2d_DHxparams_bio return type
* define Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Remove d2i_DHxparams_bio, i2d_DHxparams_bio bindings
* Add declarations for Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Move Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio declaration to MACROS
* Add Cryptography_d2i_DHxparams_bio, Cryptography_i2d_DHxparams_bio and PEM_write_bio_DHxparams to _coditionals.py
* Make sure we did not define EVP_PKEY_DHX
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added a binding that will be useful for AIA chasing
* another function
* This is required
* void arguments are morally complex
* These are macros
* fixes
* This has existed for a while
* long line
* typo
* Cory wants this as well
* This is conditional
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Additional SCT bindings
* forgot to conditional these
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3492 -- use a better API
* More correct types
* Revert "More correct types"
This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f.
|
| |
|
|
|
|
| |
* Add ASN1_TIME related functions for the relevant PyOpenSSL patch.
* Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
|
| |
|
|
|
|
| |
* Two additional bindings for CT
* Grumble
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First pass at adding bindings for CT functions. No conditionals yet.
* add a stack typedef as well
* Don't try to include this header if we're on an older OpenSSL
* wire up the conditional stuff
* bunch o' nonsense to get it to compile on old openssl
* I hate libressl
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* We always have EC
* We always have ECDH
* We always have ECDSA
* We always have EC codes
* This can go as well
* And this
* unused import
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bind a pair of mem functions.
* make these conditional
* do the conditional correctly
* move to the right section
* I'm not saying libressl should be illegal, but it is annoying
* sigh, typo
* first cut at memleak tests. doesn't work
* hack around the previous error, onto the next one
* drop the pointless restoration of the original functions
* Don't try to use the previous malloc functions.
The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever.
* flake8
* Get the code basically working
* flake8
* say the correct incantation
* Don't try to run on old OpenSSL
* Flushing this is a good idea
* Fixed a py2.7+ism
* GRRRRR
* WOrkaround for hilarity
* Revert "WOrkaround for hilarity"
This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439.
* Swap out these functions for the originals
* py3k fix
* flake8
* nonsense for windows
* py3k
* seperate stdout and stderr because py26 has a warning on stderr
* try writing this all out for windows
* useful error messages
* Debugging utility
* Avoid this mess, don't dlopen anything
* consistency
* Throw away this FFI entirely
* some useful comments
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp
* same fix for policy info
* make this private
* consistency cleanup
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix
|
| |
|
|
|
|
| |
* Add EVP_PKEY_DHX
* Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backport DH_check from OpenSSL 1.1.0.
OpenSSL 1.0.2's DH_check considers the q parameter, allowing it
validate more generators and primes; however, OpenSSL 1.1.0's DH_check
includes code to handle errors in BN functions, so it's preferred.
* Wrap DH_Check when using OpenSSL 1.1.0 or higher.
* Adding DH_CHECK_* values missing from older OpenSSLs
* Defensively guard DH_CHECK_* definitions with ifndef.
This will prevent duplicate definitions when LibreSSL supports a
version of DH_check that can return these.
* Document the OpenSSL of origin for the DH_check code
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use static callbacks with Python 3.x again
Static callbacks were disabled for Python 3.5+ to work around an issue
with subinterpreters, locking callbacks and osrandom engine. Locking
callback and osrandom engine were replaced with a C implementations in
version 1.6 and 1.7.
https://github.com/pyca/cryptography/issues/2970
Closes: #3348
Signed-off-by: Christian Heimes <christian@python.org>
* remove unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add DTLSv1_2 methods
* add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout()
* fix: PEP8 failed
fix the following error:
./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters)
see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/
* Revert "add DTLSv1_2 methods"
This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e.
* replace 'long int' by 'long'
To be more consistent with the naming convention
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970
* wrap with braces
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057
* conditionally bind all DTLS
* rebase error
* rename wrapped function
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
