| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* add SSL_CTX_(get|set)_keylog_callback
* For travis
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #5018 -- break users on OpenSSL 1.0.1
* Grammar
* Syntax error
* Missing import
* Missing import
|
| |
|
|
|
|
|
|
|
|
| |
* Add SSL_get0_verified_chain to cffi lib
OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert.
* Work around no support for #if in cdef in old cffi
|
|
|
|
|
|
| |
* Refs #4923; deprecate OpenSSL 1.0.1
* changelog
|
| |
|
|
|
|
|
|
|
|
| |
* remove unused locking functions
we do all this in C when necessary
* oops, need this
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* support OPENSSL_NO_ENGINE
* support some new openssl config args
* sigh
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* encode the package version in the shared object
* review feedback
* move into build_ffi so the symbol is in all shared objects
* review feedback
|
|
|
|
|
|
|
|
|
|
|
| |
* bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test
This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit
builders) to fail as expected. Technically this isn't a malloc error,
but rather failing because the allocation requested is larger than
32-bits, but raising a MemoryError still seems appropriate
* what you want an endif too?
|
| |
|
|
|
|
|
|
| |
* add evp_pkey_ed25519
* ed448 bindings
|
|
|
|
|
|
| |
* add bindings for early data
* remove final var name
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add SSL_OP_NO_TLSv1_3
* compiling now
* bind SSL_CTX_set_ciphersuites as well
* add some more
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration
|
| |
|
|
|
|
|
|
| |
* add ed25519 bindings
* var name
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Do conditional compiling of Cryptography_setup_ssl_threads
* Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks
Check if compiling and initing locking callbacks is necessary
PEP8 fix
* Make test_crypto_lock_init more complete
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PyPy (#4364)
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1.
* Add placeholders for other versions
* Remove parameter names
* LibreSSL 2.7 has the new functions
* Add entries in _conditional.py
* SSL_CIPHER_get_id returns int, not char*
|
|
|
| |
And not expose an unprefixed name to anyone who dlopens us.
|
|
|
|
|
|
|
|
|
|
| |
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests
* Make this binding conditional
* typo
* need to put this call before we reset the function ptrs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up unused EC bindings.
A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.
I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.
I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.
* Fix build issue.
|
|
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
|
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
|
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
|
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
|
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* remove egd
* oops
* keep Cryptography_HAS_EGD for compat just in case
This shouldn't really be necessary but maybe we can fully remove it in
2018 or 2019...
|
|
|
|
|
|
| |
* remove cryptodev
* oops
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
really use (#3763)
* Attempt to use coverage to quantify how many of the CONDITIONAL_NAMES we really use
* rewrite file to improve coverage
* Write it this way so we can use line coverage
* lost this one :-(
* fix comment and flake8
* update the docs as well
* flake8
|
|
|
|
|
|
|
|
| |
* Remove conditionals we never use.
Refs #3763
* put this back
|
|
|
|
|
|
| |
* bind DTLS 1.2 methods
* remove version specific dtls bindings, rename sentinel value
|
|
|
|
|
|
| |
* bind even more evp
* oops
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add libre so I can see the error
* add the libre error needed and refactor error handling a bit
We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion
* fix a typo, probably an unneeded branch
* review feedback
* refactor tests to support libressl
insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none
* better assert, fix flake8
|