aboutsummaryrefslogtreecommitdiffstats
path: root/src/_cffi_src
Commit message (Collapse)AuthorAgeFilesLines
* allow global suppression of link flags (#3592)Paul Kehrer2017-05-241-24/+11
| | | | | CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS will now suppress link flags regardless of platform. Additionally, CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL is now the flag you need if you want to link against < 1.1.0 on windows.
* add the x25519 NID (#3560)Paul Kehrer2017-05-201-0/+9
|
* More accurate LibreSSL detection (#3530)Moriyoshi Koizumi2017-05-201-0/+8
| | | | | | | | * More accurate LibreSSL detection * Update x509_vfy.py change approach to use ifndef
* time to remove commoncrypto, fare thee well (#3551)Paul Kehrer2017-05-2017-1042/+0
| | | | | | | | | | | | | | | | * time to remove commoncrypto, fare thee well * remove even more * update the changelog * remove more things * don't need this function * remove CAST5 CTR tests since that was only supported in commoncrypto * assert a thing
* Add PEM_write_bio_DHxparams, d2i_DHxparams_bio, i2d_DHxparams_bio (#3485)Aviv Palivoda2017-05-192-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add PEM_write_bio_DHxparams * Define PEM_write_bio_DHxparams only if EVP_PKEY_DHX defined. Both added in commit afb14cda in openssl * Add d2i_DHxparams_bio and i2d_DHxparams_bio bindings * Fix bindings addition * change condtional bindings to be after 1.1.0f * Change i2d_DHxparams_bio return type * define Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio * Remove d2i_DHxparams_bio, i2d_DHxparams_bio bindings * Add declarations for Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio * Move Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio declaration to MACROS * Add Cryptography_d2i_DHxparams_bio, Cryptography_i2d_DHxparams_bio and PEM_write_bio_DHxparams to _coditionals.py * Make sure we did not define EVP_PKEY_DHX
* Added a binding that will be useful for AIA chasing (#3546)Alex Gaynor2017-05-181-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | * Added a binding that will be useful for AIA chasing * another function * This is required * void arguments are morally complex * These are macros * fixes * This has existed for a while * long line * typo * Cory wants this as well * This is conditional
* use openssl constants (#3534)Paul Kehrer2017-05-031-0/+2
|
* Delete dead code and update a comment (#3529)Alex Gaynor2017-04-301-2/+0
|
* Additional SCT bindings (#3510)Alex Gaynor2017-04-211-0/+21
| | | | | | * Additional SCT bindings * forgot to conditional these
* Another simplification of freeing (#3498)Alex Gaynor2017-04-091-0/+1
|
* Fixed #3492 -- use a better API (#3497)Alex Gaynor2017-04-091-0/+1
| | | | | | | | | | * Fixed #3492 -- use a better API * More correct types * Revert "More correct types" This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f.
* Add some ASN1_TIME related functions for the relevant PyOpenSSL patch. (#3491)Moriyoshi Koizumi2017-04-061-0/+2
| | | | | | * Add ASN1_TIME related functions for the relevant PyOpenSSL patch. * Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~.
* Style nit in C code (#3486)Alex Gaynor2017-04-031-1/+1
|
* Attempt to simplify the libressl checing (#3482)Alex Gaynor2017-03-2616-60/+54
| | | | | | | | | | * Attempt to simplify the libressl checing * SHENANGINS * Attempted fix * More simplification
* Two additional bindings for CT (#3478)Alex Gaynor2017-03-231-0/+7
| | | | | | * Two additional bindings for CT * Grumble
* First pass at adding SCT bindings (#3471)Alex Gaynor2017-03-222-0/+69
| | | | | | | | | | | | | | * First pass at adding bindings for CT functions. No conditionals yet. * add a stack typedef as well * Don't try to include this header if we're on an older OpenSSL * wire up the conditional stuff * bunch o' nonsense to get it to compile on old openssl * I hate libressl
* Remove workaround for weird NetBSD bug (#3458)Alex Gaynor2017-03-171-21/+0
|
* Ec is a thing (#3453)Alex Gaynor2017-03-158-240/+3
| | | | | | | | | | | | | | | | * We always have EC * We always have ECDH * We always have ECDSA * We always have EC codes * This can go as well * And this * unused import
* Be on brand: it's macOS (#3456)Alex Gaynor2017-03-151-1/+1
| | | | | | * Be on brand: it's macOS * line wrap
* add X509_STORE_CTX_get0_cert binding (#3455)Paul Kehrer2017-03-141-0/+9
|
* More ifdef death (#3450)Alex Gaynor2017-03-142-34/+0
| | | | | | | | | | * CMAC is always supported * TLSv1.2 is always supported * Releasing buffers is always supported * Nonsense IE SSLv2 nonsens is always supported
* Memleak tests (#3140)Alex Gaynor2017-03-141-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bind a pair of mem functions. * make these conditional * do the conditional correctly * move to the right section * I'm not saying libressl should be illegal, but it is annoying * sigh, typo * first cut at memleak tests. doesn't work * hack around the previous error, onto the next one * drop the pointless restoration of the original functions * Don't try to use the previous malloc functions. The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever. * flake8 * Get the code basically working * flake8 * say the correct incantation * Don't try to run on old OpenSSL * Flushing this is a good idea * Fixed a py2.7+ism * GRRRRR * WOrkaround for hilarity * Revert "WOrkaround for hilarity" This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439. * Swap out these functions for the originals * py3k fix * flake8 * nonsense for windows * py3k * seperate stdout and stderr because py26 has a warning on stderr * try writing this all out for windows * useful error messages * Debugging utility * Avoid this mess, don't dlopen anything * consistency * Throw away this FFI entirely * some useful comments
* Removed some unused ifdefs from openssl bindings (#3448)Alex Gaynor2017-03-142-26/+0
|
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp (#3431)Alex Gaynor2017-03-091-0/+6
| | | | | | | | | | * Refs #3430 -- fixed a memory leak in extension parsing for CRL dp * same fix for policy info * make this private * consistency cleanup
* Add ASN1_F_ASN1_CHECK_TLEN (#3414)Aviv Palivoda2017-02-211-0/+1
|
* use official API for unreachable C code (#3404)Alex Gaynor2017-02-181-3/+3
|
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-131-31/+35
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* Add EVP_PKEY_DHX (#3388)Aviv Palivoda2017-02-131-0/+9
| | | | | | * Add EVP_PKEY_DHX * Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py
* support defining which windows libraries to link with an env var (#3356)Paul Kehrer2017-02-091-1/+10
| | | | | | | | | | | | * support defining which windows libraries to link with an env var CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend * add some docs * change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110 * lib prefixing is not a thing msvc does, right
* Backport DH_check from OpenSSL 1.1.0. (#3375)Mark Williams2017-02-031-1/+114
| | | | | | | | | | | | | | | | | | | * Backport DH_check from OpenSSL 1.1.0. OpenSSL 1.0.2's DH_check considers the q parameter, allowing it validate more generators and primes; however, OpenSSL 1.1.0's DH_check includes code to handle errors in BN functions, so it's preferred. * Wrap DH_Check when using OpenSSL 1.1.0 or higher. * Adding DH_CHECK_* values missing from older OpenSSLs * Defensively guard DH_CHECK_* definitions with ifndef. This will prevent duplicate definitions when LibreSSL supports a version of DH_check that can return these. * Document the OpenSSL of origin for the DH_check code
* make cryptography fallback to /dev/urandom on mac on macOS < 10.12 (#3354)Paul Kehrer2017-01-311-2/+6
|
* Use static callbacks with Python 3.x again (#3350)Christian Heimes2017-01-181-4/+1
| | | | | | | | | | | | | | | | * Use static callbacks with Python 3.x again Static callbacks were disabled for Python 3.5+ to work around an issue with subinterpreters, locking callbacks and osrandom engine. Locking callback and osrandom engine were replaced with a C implementations in version 1.6 and 1.7. https://github.com/pyca/cryptography/issues/2970 Closes: #3348 Signed-off-by: Christian Heimes <christian@python.org> * remove unused import
* DTLS bindings (#3309)Paul Kehrer2016-12-191-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add DTLSv1_2 methods * add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout() * fix: PEP8 failed fix the following error: ./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters) see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/ * Revert "add DTLSv1_2 methods" This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e. * replace 'long int' by 'long' To be more consistent with the naming convention cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970 * wrap with braces cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057 * conditionally bind all DTLS * rebase error * rename wrapped function
* Add d2i_DHparams_bio, i2d_DHparams_bio bindings (#3322)Aviv Palivoda2016-12-181-0/+2
|
* restore this constant, pyopenssl needs it (#3321)Alex Gaynor2016-12-141-0/+3
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-136-110/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* New osrandom_engine in C (#3229)Christian Heimes2016-12-094-0/+694
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* cffi bindings additions for pypy's _hashlib module (#3291)Richard Plangger2016-11-302-0/+10
| | | | | | | | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation) * ah, that comes from copying it from the man page * dont use #define ..., delcare it as static cont long <name>
* Bind TLSEXT_STATUSTYPE_ocsp (#3290)Cory Benfield2016-11-291-0/+1
|
* Add OPENSSL_malloc. (#3289)Cory Benfield2016-11-281-0/+1
|
* PyPy's ssl module, the last missing macro and three macro functions (#3270)Richard Plangger2016-11-212-1/+4
| | | | | | | | * missing macro and three macro functions * removed space before function name (style issue) * remove macro which always will not be set by cryptography
* bind a few things pypy ssl stdlib needs in x509v3 (#3255)Paul Kehrer2016-11-191-0/+7
|
* Add DHparams_dup to DH bindings (#3260)Aviv Palivoda2016-11-191-0/+1
|
* bind GENERAL_NAME_free and move GENERAL_NAME_new to macros... (#3257)Paul Kehrer2016-11-191-1/+2
| | | where it belongs!
* add error codes and ERR_get_state for pypy stdlib ssl (#3256)Paul Kehrer2016-11-191-2/+29
|
* add some x509_object handling for pypy stdlib (#3254)Paul Kehrer2016-11-192-0/+30
|
* add two error codes for pypy ssl stdlib (#3253)Paul Kehrer2016-11-191-0/+3
|
* add OPENSSL_NPN_NEGOTIATED (#3252)Paul Kehrer2016-11-191-0/+12
|
* add some NIDs (#3251)Paul Kehrer2016-11-181-0/+3
|
* add SSL_CTX_set_ecdh_auto where supported (#3250)Paul Kehrer2016-11-181-0/+9
| | | | In 1.1.0 this is a noop and occurs by default, and this wasn't supported < 1.0.2
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 19:04:03 +0000