| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
* Put the exchange method on the correct interface
* fixed links in docs
|
| |
|
|
|
| |
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS will now suppress link flags regardless
of platform. Additionally, CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL is
now the flag you need if you want to link against < 1.1.0 on windows.
|
| | |
|
| |
|
|
|
|
| |
* Simplify the update
* wtf, cant reproduce issue
|
| |
|
|
|
|
|
|
| |
* Bump the minimum PyPy/cffi version and simplify as a result
* unused imports
* grumble, fix
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
next release (#3566)
* Deprecate Python 3.3 support, with the intention of being removed in the next release
* whoops
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #3533 -- made GCM mode object immutable
* flake8
* Fix for older openssl
* fix
* fix
* sigh, fix
* fixed
* dropped negation
* computers are bad
* A test
* This implements an interface
|
| |
|
|
|
|
|
|
| |
* remove multibackend
* oops
* goodbye pointless tests
|
| |
|
|
|
|
|
|
| |
* More accurate LibreSSL detection
* Update x509_vfy.py
change approach to use ifndef
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't raise an UnsupportedExtension for critical extensions.
Fixes #2903
Fixes #2901
Fixes #3325
* Don't link
* Revert "Don't link"
This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6.
* fix
* Revert "Revert "Don't link""
This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed.
* fix
* Deprecate this
* Better changelog entry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add PEM_write_bio_DHxparams
* Define PEM_write_bio_DHxparams only if EVP_PKEY_DHX defined.
Both added in commit afb14cda in openssl
* Add d2i_DHxparams_bio and i2d_DHxparams_bio bindings
* Fix bindings addition
* change condtional bindings to be after 1.1.0f
* Change i2d_DHxparams_bio return type
* define Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Remove d2i_DHxparams_bio, i2d_DHxparams_bio bindings
* Add declarations for Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Move Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio declaration to MACROS
* Add Cryptography_d2i_DHxparams_bio, Cryptography_i2d_DHxparams_bio and PEM_write_bio_DHxparams to _coditionals.py
* Make sure we did not define EVP_PKEY_DHX
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added a binding that will be useful for AIA chasing
* another function
* This is required
* void arguments are morally complex
* These are macros
* fixes
* This has existed for a while
* long line
* typo
* Cory wants this as well
* This is conditional
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#3539)
* Document our real API for EC verification, not an accident
* formatting consistency
* fix the code itself
* fixed class name
* fixed a test too
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* postpone GCM authentication tag requirement until finalization
Add a .finalize_with_tag() variant of the .finalize() function of
the GCM context. At the same time, do not enforce the requirement
of supplying the tag with the mode ctor. This facilitates
streamed decryption when the MAC is appended to the ciphertext
and cannot be efficiently retrieved ahead of decryption.
According to the GCM spec (section 7.2: “Algorithm for the
Authenticated Decryption Function”), the tag itself is not needed
until the ciphertext has been decrypted.
Addresses #3380
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
* disallow delayed GCM tag passing for legacy OpenSSL
Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of
OpenSSL which is no longer supported by upstream. This library
seems to cause erratic test failures with the delayed GCM tag
functionality which are not reproducible outside the CI.
Unfortunately OpenSSL v1.0.1 does not even document the required
API (``EVP_EncryptInit(3)``) so there is no by-the-book fix.
For backends of version 1.0.1 and earlier, verify the GCM tag
at the same stage as before.
Also, indicate to the user that late passing of GCM tags is
unsupported by throwing ``NotImplementedError`` for these backend
versions if
- the method ``finalize_with_tag()`` is invoked, or
- the mode ctor is called without passing a tag.
Unit tests have been adapted to account for different backend
versions.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Additional SCT bindings
* forgot to conditional these
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3492 -- use a better API
* More correct types
* Revert "More correct types"
This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f.
|
| |
|
|
|
|
| |
* Add ASN1_TIME related functions for the relevant PyOpenSSL patch.
* Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~.
|
| |
|
|
|
|
|
|
| |
* minor int_to_bytes performance increase
* why is Python 2.6 supported anyway...
* keep py2k version
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
|
| |
|
|
|
|
| |
* Two additional bindings for CT
* Grumble
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First pass at adding bindings for CT functions. No conditionals yet.
* add a stack typedef as well
* Don't try to include this header if we're on an older OpenSSL
* wire up the conditional stuff
* bunch o' nonsense to get it to compile on old openssl
* I hate libressl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Stub API for SCTs, feedback wanted
* grr, flake8
* port this to being an ABC
* finish up the __init__
* Two necessary enums
* Roll this back
* Wrote some docs
* spell words correctly
* linky
* more details
* use the words UTC
* coverage
* Define MMD for the kids at some
* linky linky
|
| |
|
|
|
|
| |
* Remove API deprecated in 1.6, clean up the legacy deprecations
* flake8, unused import
|
| |
|
|
|
|
| |
* Refs #3461 -- added the OID for the SCT x.509 extension
* Version added
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* We always have EC
* We always have ECDH
* We always have ECDSA
* We always have EC codes
* This can go as well
* And this
* unused import
|
| |
|
|
|
|
| |
* Be on brand: it's macOS
* line wrap
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bind a pair of mem functions.
* make these conditional
* do the conditional correctly
* move to the right section
* I'm not saying libressl should be illegal, but it is annoying
* sigh, typo
* first cut at memleak tests. doesn't work
* hack around the previous error, onto the next one
* drop the pointless restoration of the original functions
* Don't try to use the previous malloc functions.
The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever.
* flake8
* Get the code basically working
* flake8
* say the correct incantation
* Don't try to run on old OpenSSL
* Flushing this is a good idea
* Fixed a py2.7+ism
* GRRRRR
* WOrkaround for hilarity
* Revert "WOrkaround for hilarity"
This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439.
* Swap out these functions for the originals
* py3k fix
* flake8
* nonsense for windows
* py3k
* seperate stdout and stderr because py26 has a warning on stderr
* try writing this all out for windows
* useful error messages
* Debugging utility
* Avoid this mess, don't dlopen anything
* consistency
* Throw away this FFI entirely
* some useful comments
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Trying to be too specific about why key loading fails is very difficult
when you're using the same logic across DH, EC, RSA, and DSA. This makes
it less fancy.
|
| |
|
|
|
|
|
|
|
|
| |
* Refs #3430 -- fixed a memory leak in extension parsing for CRL dp
* same fix for policy info
* make this private
* consistency cleanup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3422 -- Remove some legacy code which is now in 1.0.1
* _int_to_bn doesnt like negatives
* minimize the diff
* some additional cleanup
|
| | |
|
| | |
|
