| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
|
| |
|
|
|
|
|
|
| |
* refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixed a memory leak in x.509 OCSP no check
* Fix the _actual_ leak
* Speed up symbolizations
* Disable backtrace by default, because it doesn't work on Windows
* line length
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make an ocsp request
* update test, add docs
* make it an OCSPRequestBuilder
* review feedback and more tests
* make it a class
* empty commit to retrigger
* type check
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add public_bytes to OCSPRequest
* review feedback
* OCSP request parsing
* change some prose
* add __len__ as a required method
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Future proofing use of the six python version constants
After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.
[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/
Signed-off-by: Eric Brown <browne@vmware.com>
* Use not PY2 instead
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* fix a memory leak in ec derive_private_key
fixes #4095
* pep8!
|
| |
|
|
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
* Use BN_clear_free in lieu of BN_free
* Use BN_free on public values
|
| |
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
| |
|
|
|
|
|
|
|
|
| |
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for the TLSFeature extension in x509
This extension is used for OCSP Must-Staple.
* fix changelog link
* pep8
* refactor to support the sequence properly and add status_request_v2
* update some language
* add test vector, implement eq/ne/hash on TLSFeature
* address review comments
|
| |
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
| |
|
|
|
|
|
|
|
|
| |
* allow p % 24 == 23 when generator == 2 in DH_check
* short url
* update and expand comments
* even better language!
|
| |
|
|
|
|
|
|
| |
* use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* disallow MD5 in CertificateBuilder and CertificateSigningRequestBuilder
* only error on ECDSA and DSA
lots of duplication in tests here, bleh
* remove changelog entry, also handle this for CRLBuilder
* pep8
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Test for leaking memory in EllipticCurvePublicNumbers.public_key()
* Fix the memory leak
As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y".
* Unused imports
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH parameter serizalization - no X9.42
* Support X9.42 serialization - DER not working
* Fix dhp_rfc5114_2.der
Changing the DER parameters serialization after the
fix in openssl commit a292c9f1b835
* DH parameters X9.42 DER serialization fixed
* fix _skip_dhx_unsupported
* document DH parameter_bytes
* PEP8 fixes
* Document load_pem_parameters
* Document load_der_parameters
* document ParameterFormat
* Increase test coverage
* Increase test covrage
* Remove unneeded check
* Fix typo
* Fix error in load_der_parameters
* Add load_pem_parameters and load_der_parameters to interfaces
* CR fixes
* Removed unverified phrase
* Update version to 2.0
* Fix pep8
* Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter
* link pkcs3
* Add new line at end of file to serialization.rst
* Rename DHparameters to PKCS3
* doc CR fix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* early days
* sort of working
* more things
* remove private_bytes
* public bytes, interface fix
* load public keys
* x25519 support basically done now
* private_bytes is gone
* some reminders
* doctest this too
* remove a thing that doesn't matter
* x25519 supported checks
* libressl has the NID, but a different API, so check for OpenSSL
* pep8
* add missing coverage
* update to use reasons
* expand test a little
* add changelog entry
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* chacha20poly1305 support
* add chacha20poly1305 backend and some fixes
* refactor
* forgot to remove this
* pep8
* review feedback and a lot of type/value checking
* review feedback
* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object
if it's not supported.
* switch to ciphertext||tag
* typo
* remove a branch we don't need
* review feedback
* decrypts is *also* a word
* use reasons
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add libre so I can see the error
* add the libre error needed and refactor error handling a bit
We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion
* fix a typo, probably an unneeded branch
* review feedback
* refactor tests to support libressl
insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none
* better assert, fix flake8
|
| |
|
|
|
|
|
|
|
|
| |
* Figure out when this came into existance by deleting it
* Revert "Figure out when this came into existance by deleting it"
This reverts commit 2fb9b8e104742bfa12eb5feedccebacfc23c66bb.
* Clearly document when this became true
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* We always have EC
* We always have ECDH
* We always have ECDSA
* We always have EC codes
* This can go as well
* And this
* unused import
|
| |
|
|
|
|
|
|
|
|
| |
* CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported
|
| |
|
|
|
| |
Trying to be too specific about why key loading fails is very difficult
when you're using the same logic across DH, EC, RSA, and DSA. This makes
it less fancy.
|
| |
|
|
|
|
|
|
|
|
| |
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp
* same fix for policy info
* make this private
* consistency cleanup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3422 -- Remove some legacy code which is now in 1.0.1
* _int_to_bn doesnt like negatives
* minimize the diff
* some additional cleanup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix
|
| |
|
|
|
|
|
|
|
|
| |
* enforce password must be bytes when loading PEM/DER asymmetric keys
Previously we were using an ffi.buffer on the Python string, which was
allowing text implicitly, but our documentation explicitly requires
bytes.
* add changelog entry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* DH keys support serialization
* Add DH serialization documentation
* Add tests for DH keys serialization in DER encoding
* update version to 1.8
* Allow only SubjectPublicKeyInfo serialization
* Remove support in TraditionalOpenSSL format
* Fix pep8
* Refactor dh serialization tests
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backport DH_check from OpenSSL 1.1.0.
OpenSSL 1.0.2's DH_check considers the q parameter, allowing it
validate more generators and primes; however, OpenSSL 1.1.0's DH_check
includes code to handle errors in BN functions, so it's preferred.
* Wrap DH_Check when using OpenSSL 1.1.0 or higher.
* Adding DH_CHECK_* values missing from older OpenSSLs
* Defensively guard DH_CHECK_* definitions with ifndef.
This will prevent duplicate definitions when LibreSSL supports a
version of DH_check that can return these.
* Document the OpenSSL of origin for the DH_check code
|
| |
|
|
|
|
|
|
|
|
| |
* add memory limit check for scrypt
fixes #3323
* test a pass
* move _MEM_LIMIT to the scrypt module
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add openssl_version_number & doc openssl_version_text
fixes #3315
* more docs + actually assert on the test...
* text
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
|
| | |
|
