| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
* deprecate the constant time bytes comparison path old python 2.7.x uses
* pep8
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed build errors on HP-UX.
* PEP 8 style fix.
* No return for void function.
* PEP 8 style fix, take 2.
|
| |
|
|
|
|
| |
Internal block size isn't a particularly useful piece of information and
constructions like SHA3 make it even harder to determine what that
really means. Accordingly, we're removing it from the interface (but
leaving it on all existing hashes)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes:
- ERR_get_state which really shouldn't be public API.
- A bunch of functions that are really mostly useful within the library
to add new errors. NB: I say mostly because they are also useful when
trying to register a new error library, as osrandom does, but osrandom
is written in C. Python code is more likely to be consuming errors.
- All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still
reference it. Per PR #3609, function codes are kind of unstable. This
finishes that up and cleans up the bindings.
- The "line" versions of querying the error queue, just because no one
seems to be using them and there's a lot.
- Error-printing functions, which make less sense in Python since you'd
probably wrap in an exception.
Error codes probably could also do with cleaning, but I've left them
alone for now.
|
| |
|
|
|
|
|
|
|
|
|
| |
They are unused.
These functions have two purposes. They can be used to pass your own
value of k, or to amoritize the cost of generating k. Messing up k is
catastrophic to ECDSA, so best not to expose that one. ECDSA signing is
also quite fast, so there isn't much point in the latter. (The API comes
from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same
as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening
features that have to get skipped when doing this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Future proofing use of the six python version constants
After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.
[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/
Signed-off-by: Eric Brown <browne@vmware.com>
* Use not PY2 instead
|
| |
|
|
|
|
| |
RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and
RSA_X931_PADDING are obsolete. The low-level padding functions appear
unused and the EVP_PKEY stuff is probably a bit nicer than expecting
callers to RSA_NO_PADDING and do the padding by hand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
| |
This is a remnant of the function code checking when this logic looked
at both encrypt/decrypt versions of this error code.
|
| |
|
| |
These are unused. (And not especially useful.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up unused EC bindings.
A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.
I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.
I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.
* Fix build issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove unused BIO bindings.
This also folds in the const bits from 1.1.0, on the assumption that,
now that the function pointer check is gone, it will just cause cffi to
generate more conservative pointer types that work for 1.0.2 as well.
* Restore some functions used externally.
Datagram BIO_CTRL_* constants are intentionally omitted per discussion
on the PR.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add API for retrieving the seconds-to-expiry for the token, given a TTL.
* Process PR feedback:
* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.
* Factored out the HMAC signature verification to a separate function.
* Fixed a copy&paste mistake in the test cases
* Tests cleanup.
* `struct` no longer needed
* Document `def age()`
* typo in `age()` documentation
* token, not data
* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.
* let's call this extract_timestamp and just return timestamp
* review comments
* it's UNIX I know this
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix some callback type signatures.
SSL_CTX_set_psk_server_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734
SSL_CTX_set_tlsext_servername_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499
* Missed a spot
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Remove unused BN bindings.
These appear to be unused in both cryptography.io and PyOpenSSL.
* Restore symbols used by pyUmbral.
Along the way, fix some mistranscribed consts.
|
| |
|
|
| |
(#4218)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose BIGNUM constant time operations
This commit exposes the following functions:
BN_set_flags
BN_get_flags
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_free
BN_mod_exp_mont
BN_mod_exp_mont_consttime
This commit also exposes the BN_FLG_CONSTTIME flag.
* Add myself to AUTHORS
|
| |
|
|
| |
(#4205)
|
| |
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
| |
|
| |
So here we need to make sure we don't simply include windows but only the parts that we want
|
| |
|
|
|
|
|
|
| |
* add X509_NAME_print_ex
* Addressing code review
+ removed comment from bindings regarding deprecation of _print_oneline
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise a ValueError when conversion to generalizedtime fails
* added test for badasn1time value error
* pep8 compliance
* Addressing code review
+ VE now raises with ```{!r}``` formatting
+ Test now checks that the bad string made it into the VE message
* using ValueError.match
|
| | |
|
| |
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
| |
|
|
|
| |
This breaks the urllib3 tests, as well as several in-the-wild certs
This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
|
| | |
|
| |
|
|
|
|
| |
* 2.2 release!
* also change versions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
| |
* load Q=224 vectors
* DSA parameters should support 224 for q length
* oxford comma
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove unused bindings from asn1.py
This also includes a couple removals from x509v3.py which also reference
ASN1_ITEM_EXP.
* re-add int ASN1_STRING_set_default_mask_asc(char *);
* also re-add static const int MBSTRING_UTF8
|
| |
|
|
|
|
| |
* don't allow GeneralNames to be an empty list
* flake8
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we only expose SSL_get_peer_certificate, which allows you
to retrieve the remote party's certificate. This adds the symetrical
binding to retrieve the local party's certificate.
The motivation for this additional binding is to make it possible to
query the local certificate regardless of the method which was used to
load the certificate into the SSL connection (from a file, from an
in-memory object). An example where this is useful is when negotiating
a DTLS-SRTP connection, the fingerprint of the local certificate needs
to be communicated to the remote party out-of-band via SDP.
This binding can be exposed in pyopenssl as Connection.get_certificate().
|
| | |
|
| |
|
|
|
|
|
|
| |
* fix a memory leak in ec derive_private_key
fixes #4095
* pep8!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
| |
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
| |
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
| |
|
| |
This avoids reaching into the ASN1_ITEM mess if not necessary.
|
| |
|
|
|
|
|
|
| |
* Fixes #4076 - simplify the implementation of int_from_bytes on python2
* whitespace
* Added a test
|
| |
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
|
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
* Use BN_clear_free in lieu of BN_free
* Use BN_free on public values
|
| |
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
|
| |
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
