aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still ↵Alex Gaynor2020-04-254-43/+0
| | | | supported) (#5231)
* add SSL_CTX_(get|set)_keylog_callback (#5187)Maximilian Hils2020-04-112-0/+26
| | | | | | | * add SSL_CTX_(get|set)_keylog_callback * For travis Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* See if we can remove an OpenSSL 1.0.1 workaround (#5184)Alex Gaynor2020-04-061-8/+0
|
* Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182)Alex Gaynor2020-04-052-16/+1
|
* Replace floating point arithmetic with integer arithmetic (#5181)Torin Carey2020-04-042-5/+2
|
* Drop support for OpenSSL 1.0.1 (#5178)Alex Gaynor2020-04-0413-326/+23
|
* reopen master for 3.0 dev (#5175)Paul Kehrer2020-04-021-1/+1
|
* 2.9 version and changelog bump (#5172)Paul Kehrer2020-04-021-1/+1
|
* Fixed error message in AES-CCM data length validation to reflect the error ↵Maciej Jurczak2020-03-281-1/+1
| | | | reason more accurately. (#5157)
* Allow NameAttribute.value to be an empty string (#5109)Andrea De Pasquale2020-03-191-3/+3
| | | | | | | | | | | | * Allow NameAttribute.value to be an empty string RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that "AttributeValue" can not be an empty (zero-length) string. Fixes #5106 * reverse order to match fix from another PR Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120)Thomas Erbesdobler2020-03-021-4/+8
| | | | RFC4514 requires in section 2.1 that RDNs are converted to string representation in reversed order.
* Use literals for collections and comprehensions. (#5091)Mads Jensen2020-01-123-4/+4
|
* Add pthread linking on non-win32 (#5086)Alexander Grund2019-12-231-1/+4
| | | | Required to link in static part of pthread, e.g. pthread_atfork Fixes https://github.com/pyca/cryptography/issues/5084
* Use dict literals. (#5080)Mads Jensen2019-12-021-1/+1
|
* Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't ↵Alex Gaynor2019-11-251-0/+9
| | | | | | | | have RC2 (#5072) * Refs #5065 -- have a CI job with OpenSSL built with no-rc2 * Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2
* issue-5041: do not add extra flags when compiler or platform does not ↵Michael Felt2019-11-241-1/+13
| | | | | | | | | | | | | | support them (#5042) * check for suitable compiler (platform) before adding special flags * pep8 corrections * later pep8 messages * add clang to auto accepted compilers * modify syntax so multi-line is accepted
* add SSL_get_verify_result (#5071)Maximilian Hils2019-11-231-0/+1
|
* add SSL_CTX_get0_param (#5070)Maximilian Hils2019-11-222-0/+3
|
* add SSL[_CTX]_clear_mode (#5062)Maximilian Hils2019-11-111-0/+2
|
* Parse single_extensions in OCSP responses (#5059)Paul Kehrer2019-11-113-1/+25
| | | | | | | | | | | | * add single_extensions to OCSPResponse (#4753) * new vector, updateed docs, more stringent parser, changelog, etc * simplify PR (no SCT for now) * add a comment * finish pulling out the sct stuff so tests might actually run
* Fixed #5050 -- dropped support for an old LibresSSL release (#5056)Alex Gaynor2019-11-118-14/+11
| | | | | | * Fixed #5050 -- dropped support for an old LibresSSL release * Changelog
* Let Oid enforce positive decimal integers (#5053)Noel Remy2019-11-101-1/+6
| | | | | | Failing that would lead to an OpenSSL error when calling OBJ_txt2obj at serialization. Adds basic tests for oids.
* Deal with the 2.5 deprecations (#5048)Alex Gaynor2019-11-034-19/+5
| | | | | | | | | | | | * Deal with the 2.5 deprecations * pep8 + test fixes * docs typo * Why did I do this? * typo
* Add a comment so we can easily find a place to update later (#5043)Alex Gaynor2019-11-011-0/+1
| | | | | | * Add a comment so we can easily find a place to update later * flake8
* Don't bother computing y coefficient in _modinv (#5037)Clayton Smith2019-10-291-3/+3
|
* Silence unguarded availability warnings for `getentropy` when targeting ↵Max Bélanger2019-10-241-1/+5
| | | | | | | | macOS 10.12 (#5019) * silence `Wunguarded-availability` when building with a `MACOSX_DEPLOYMENT_TARGET < 10.12` * use `__builtin_available` rather than a `NULL` echo upon init on mac
* Test against libressl 3.0 (#5031)Alex Gaynor2019-10-201-2/+2
| | | | | | * Test against libressl 3.0 * Correctly type these ints
* Fixes #5018 -- break users on OpenSSL 1.0.1 (#5022)Alex Gaynor2019-10-181-6/+14
| | | | | | | | | | | | * Fixes #5018 -- break users on OpenSSL 1.0.1 * Grammar * Syntax error * Missing import * Missing import
* reopen master for the 2.9 release (#5017)Paul Kehrer2019-10-171-1/+1
|
* Bump versions for 2.8 release (#5014)Alex Gaynor2019-10-171-2/+2
|
* UniversalString needs to be encoded as UCS-4 (#5000)Marko Kreen2019-10-171-0/+2
|
* update openssls (#4995)Paul Kehrer2019-10-152-3/+17
| | | | | | | | | | * update openssls * missed one * what will this do * only do this check for 1.1.0+
* Simplify implementing sequence methods (#4987)Alex Gaynor2019-09-101-94/+31
| | | | | | * Simplify implementing sequence methods * flake8
* it's called FIPS_mode_set, not FIPS_set_mode (#4988)Paul Kehrer2019-09-091-1/+1
|
* Finish ed25519 and ed448 support in x509 module (#4972)Marko Kreen2019-09-094-18/+50
| | | | | | | | | | | | | | | | | | * Support ed25519 in csr/crl creation * Tests for ed25519/x509 * Support ed448 in crt/csr/crl creation * Tests for ed448/x509 * Support ed25519/ed448 in OCSPResponseBuilder * Tests for eddsa in OCSPResponseBuilder * Builder check missing in create_x509_csr * Documentation update for ed25519+ed448 in x509
* be clear that NoEncryption must be an instance in the exception (#4985)Paul Kehrer2019-09-074-4/+4
|
* Allow FreshestCRL extension in CRL (#4975)Marko Kreen2019-09-072-0/+2
| | | Per RFC5280 it is allowed in both certificates and CRL-s.
* Add SSL_get0_verified_chain to cffi lib (#4965)arjenzorgdoc2019-08-142-0/+16
| | | | | | | | * Add SSL_get0_verified_chain to cffi lib OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert. * Work around no support for #if in cdef in old cffi
* Make DER reader into a context manager (#4957)Alex Gaynor2019-07-283-17/+22
| | | | | | | | * Make DER reader into a context manager * Added another test case * flake8
* Remove asn1crypto dependency (#4941)David Benjamin2019-07-285-34/+208
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove non-test dependencies on asn1crypto. cryptography.io actually contains two OpenSSL bindings right now, the expected cffi one, and an optional one hidden in asn1crypto. asn1crypto contains a lot of things that cryptography.io doesn't use, including a BER parser and a hand-rolled and not constant-time EC implementation. Instead, check in a much small DER-only parser in cryptography/hazmat. A quick benchmark suggests this parser is also faster than asn1crypto: from __future__ import absolute_import, division, print_function import timeit print(timeit.timeit( "decode_dss_signature(sig)", setup=r""" from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08" """, number=10000)) Python 2.7: asn1crypto: 0.25 _der.py: 0.098 Python 3.5: asn1crypto: 0.17 _der.py: 0.10 * Remove test dependencies on asn1crypto. The remaining use of asn1crypto was some sanity-checking of Certificates. Add a minimal X.509 parser to extract the relevant fields. * Add a read_single_element helper function. The outermost read is a little tedious. * Address flake8 warnings * Fix test for long-form vs short-form lengths. Testing a zero length trips both this check and the non-minimal long form check. Use a one-byte length to cover the missing branch. * Remove support for negative integers. These never come up in valid signatures. Note, however, this does change public API. * Update src/cryptography/hazmat/primitives/asymmetric/utils.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Review comments * Avoid hardcoding the serialization of NULL in decode_asn1.py too.
* fix osrandom/builtin switching methods for 1.1.0+ (#4955)Paul Kehrer2019-07-272-7/+9
| | | | | | | | | | * fix osrandom/builtin switching methods for 1.1.0+ In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin random engine via activate_builtin_random(). Fixed by directly calling RAND_set_rand_method. This works on 1.0.x and 1.1.x * missed an assert
* add bindings to parse and create challenge passwords in X509 CSRs (#4943)Paul Kehrer2019-07-092-1/+11
| | | | | | * add bindings to parse and create challenge passwords in X509 CSRs * moved away from the 1.1.0 section
* add class methods for poly1305 sign verify operations (#4932)Jeff Yang2019-07-081-0/+12
|
* ed25519 support in x509 certificate builder (#4937)Paul Kehrer2019-07-063-7/+23
| | | | | | | | | | * ed25519 support in x509 certificate builder This adds minimal ed25519 support. More to come. * Apply suggestions from code review Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Refs #4923; deprecate OpenSSL 1.0.1 (#4924)Alex Gaynor2019-06-151-1/+1
| | | | | | * Refs #4923; deprecate OpenSSL 1.0.1 * changelog
* Switch to new notBefore/After APIs (#4914)Rosen Penev2019-06-073-4/+13
| | | Introduced in OpenSSL 1.1. Added compatibility for older versions.
* Only EVP_CTRL_AEAD_SET_TAG in _aead_setup for CCM mode (#4916)Christian Heimes2019-06-051-1/+2
|
* reopen master for 2.8 (#4906)Paul Kehrer2019-05-301-1/+1
| | | | | | | | * reopen master for 2.8 also add the missing changelog * sigh, empty commit to trigger azure pipelines
* bump for 2.7 release (#4903)Paul Kehrer2019-05-301-1/+1
|
* add name for ExtensionOID.PRECERT_POISON (#4853)redshiftzero2019-05-191-0/+1
| | | | | | | | * test: ensure all public members of ExtensionOID have names defined * add name for ExtensionOID.PRECERT_POISON ref: https://github.com/google/certificate-transparency/blob/5fce65cb60cfe7808afc98de23c7dd5ddbfa1509/python/ct/crypto/asn1/oid.py#L338
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:03:10 +0000