| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
* add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation)
* ah, that comes from copying it from the man page
* dont use #define ..., delcare it as static cont long <name>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* missing macro and three macro functions
* removed space before function name (style issue)
* remove macro which always will not be set by cryptography
|
| | |
|
| | |
|
| |
|
| |
where it belongs!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2
|
| |
|
| |
refs #3248
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing.
|
| |
|
|
|
|
|
|
| |
Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects. Add the 'rdns' attribute to give
access to the RDNs. Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199
|
| |
|
|
|
|
| |
* Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add Scrypt bindings.
* Add check for OPENSSL_NO_SCRYPT.
* Fix CUSTOMIZATIONS.
* Account for LibreSSL.
* Remove argument names.
* Remove more argument names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make pre5 work
* add a blank line to make the diff happier
* 1.1.0-pre6 working
* support the changes since 1.1.0-pre6
* fixes
* add 1.1.0 to travis
* expose the symbol
* better testing for numericstring
* handle libre...
* actually use the 1.1.0 we compile
* cache the ossl-110 dir on travis
* add some newlines
* changelog entry for 1.1.0 support
* note that we test on 1.1.0
* proper skip on this test
* reorder
|
| | |
|
| | |
|
| |
|
| |
We're so close.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* constify more things in x509 and reorder a few func args
Post pre6 they changed some function argument order...
* fix the function arg order where we call it
* still need arg names when implementing the function...whoops
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* ERR_load_RAND_strings changed function signature in 1.1.0
Here is a hack to avoid breaking pyOpenSSL.
* not sure how I managed that. I blame vim
|
| | |
|
| | |
|
| |
|
| |
Since we aren't using it bye bye
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add the unconditional SecureTransport bindings
* Looks like the PSK cipher suites got removed in 10.8
* Line-length.
* Style.
* Remove further troublesome bindings.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Add the unconditional SecureTransport bindings
* Line-length.
* Looks like the PSK cipher suites got removed in 10.8
* Style.
|
| |
|
|
|
|
|
| |
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' NULL>
>>> lib.OPENSSL_config(ffi.NULL)
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' 0x10adc7440>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
(#3022)
constify + a few small changes to the null checks
|
| |
|
|
|
| |
(#3021)
constify + a few small changes to the null checks
|
