|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * More accurate LibreSSL detection
* Update x509_vfy.py
change approach to use ifndef | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add PEM_write_bio_DHxparams
* Define PEM_write_bio_DHxparams only if EVP_PKEY_DHX defined.
Both added in commit afb14cda in openssl
* Add d2i_DHxparams_bio and i2d_DHxparams_bio bindings
* Fix bindings addition
* change condtional bindings to be after 1.1.0f
* Change i2d_DHxparams_bio return type
* define Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Remove d2i_DHxparams_bio, i2d_DHxparams_bio bindings
* Add declarations for Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio
* Move Cryptography_d2i_DHxparams_bio and Cryptography_i2d_DHxparams_bio declaration to MACROS
* Add Cryptography_d2i_DHxparams_bio, Cryptography_i2d_DHxparams_bio and PEM_write_bio_DHxparams to _coditionals.py
* Make sure we did not define EVP_PKEY_DHX | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Added a binding that will be useful for AIA chasing
* another function
* This is required
* void arguments are morally complex
* These are macros
* fixes
* This has existed for a while
* long line
* typo
* Cory wants this as well
* This is conditional | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | * Additional SCT bindings
* forgot to conditional these | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixed #3492 -- use a better API
* More correct types
* Revert "More correct types"
This reverts commit e7412927eccf2b983bbcab2d2864ae1e4e83b56f. | 
| | 
| 
| 
| 
| 
| | * Add ASN1_TIME related functions for the relevant PyOpenSSL patch.
* Move ASN1_TIME_check() to MACROS as the argument's constness varies between 1.0.x and 1.1.0~. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification | 
| | 
| 
| 
| 
| 
| | * Two additional bindings for CT
* Grumble | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * First pass at adding bindings for CT functions. No conditionals yet.
* add a stack typedef as well
* Don't try to include this header if we're on an older OpenSSL
* wire up the conditional stuff
* bunch o' nonsense to get it to compile on old openssl
* I hate libressl | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * We always have EC
* We always have ECDH
* We always have ECDSA
* We always have EC codes
* This can go as well
* And this
* unused import | 
| | 
| 
| 
| 
| 
| | * Be on brand: it's macOS
* line wrap | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Bind a pair of mem functions.
* make these conditional
* do the conditional correctly
* move to the right section
* I'm not saying libressl should be illegal, but it is annoying
* sigh, typo
* first cut at memleak tests. doesn't work
* hack around the previous error, onto the next one
* drop the pointless restoration of the original functions
* Don't try to use the previous malloc functions.
The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever.
* flake8
* Get the code basically working
* flake8
* say the correct incantation
* Don't try to run on old OpenSSL
* Flushing this is a good idea
* Fixed a py2.7+ism
* GRRRRR
* WOrkaround for hilarity
* Revert "WOrkaround for hilarity"
This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439.
* Swap out these functions for the originals
* py3k fix
* flake8
* nonsense for windows
* py3k
* seperate stdout and stderr because py26 has a warning on stderr
* try writing this all out for windows
* useful error messages
* Debugging utility
* Avoid this mess, don't dlopen anything
* consistency
* Throw away this FFI entirely
* some useful comments | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Refs #3430 -- fixed a memory leak in extension parsing for CRL dp
* same fix for policy info
* make this private
* consistency cleanup | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix | 
| | 
| 
| 
| 
| 
| | * Add EVP_PKEY_DHX
* Add Cryptography_HAS_EVP_PKEY_DHX to _conditional.py | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support defining which windows libraries to link with an env var
CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend
* add some docs
* change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110
* lib prefixing is not a thing msvc does, right | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Backport DH_check from OpenSSL 1.1.0.
OpenSSL 1.0.2's DH_check considers the q parameter, allowing it
validate more generators and primes; however, OpenSSL 1.1.0's DH_check
includes code to handle errors in BN functions, so it's preferred.
* Wrap DH_Check when using OpenSSL 1.1.0 or higher.
* Adding DH_CHECK_* values missing from older OpenSSLs
* Defensively guard DH_CHECK_* definitions with ifndef.
This will prevent duplicate definitions when LibreSSL supports a
version of DH_check that can return these.
* Document the OpenSSL of origin for the DH_check code | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Use static callbacks with Python 3.x again
Static callbacks were disabled for Python 3.5+ to work around an issue
with subinterpreters, locking callbacks and osrandom engine. Locking
callback and osrandom engine were replaced with a C implementations in
version 1.6 and 1.7.
https://github.com/pyca/cryptography/issues/2970
Closes: #3348
Signed-off-by: Christian Heimes <christian@python.org>
* remove unused import | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add DTLSv1_2 methods
* add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout()
* fix: PEP8 failed
fix the following error:
./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters)
see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/
* Revert "add DTLSv1_2 methods"
This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e.
* replace 'long int' by 'long'
To be more consistent with the naming convention
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970
* wrap with braces
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057
* conditionally bind all DTLS
* rebase error
* rename wrapped function | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation)
* ah, that comes from copying it from the man page
* dont use #define ..., delcare it as static cont long <name> | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * missing macro and three macro functions
* removed space before function name (style issue)
* remove macro which always will not be set by cryptography | 
| | |  | 
| | |  | 
| | 
| 
| | where it belongs! | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2 | 
| | 
| 
| | refs #3248 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment. |