|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | * add cffi bindings to objects.py and evp.py (required for pypy's _hashlib implementation)
* ah, that comes from copying it from the man page
* dont use #define ..., delcare it as static cont long <name> | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * missing macro and three macro functions
* removed space before function name (style issue)
* remove macro which always will not be set by cryptography | 
| | |  | 
| | |  | 
| | 
| 
| | where it belongs! | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2 | 
| | 
| 
| | refs #3248 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing. | 
| | 
| 
| 
| 
| 
| 
| 
| | Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects.  Add the 'rdns' attribute to give
access to the RDNs.  Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199 | 
| | 
| 
| 
| 
| 
| | * Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add Scrypt bindings.
* Add check for OPENSSL_NO_SCRYPT.
* Fix CUSTOMIZATIONS.
* Account for LibreSSL.
* Remove argument names.
* Remove more argument names. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * make pre5 work
* add a blank line to make the diff happier
* 1.1.0-pre6 working
* support the changes since 1.1.0-pre6
* fixes
* add 1.1.0 to travis
* expose the symbol
* better testing for numericstring
* handle libre...
* actually use the 1.1.0 we compile
* cache the ossl-110 dir on travis
* add some newlines
* changelog entry for 1.1.0 support
* note that we test on 1.1.0
* proper skip on this test
* reorder | 
| | |  | 
| | |  | 
| | 
| 
| | We're so close. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * constify more things in x509 and reorder a few func args
Post pre6 they changed some function argument order...
* fix the function arg order where we call it
* still need arg names when implementing the function...whoops | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * ERR_load_RAND_strings changed function signature in 1.1.0
Here is a hack to avoid breaking pyOpenSSL.
* not sure how I managed that. I blame vim | 
| | |  | 
| | |  | 
| | 
| 
| | Since we aren't using it bye bye | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add the unconditional SecureTransport bindings
* Looks like the PSK cipher suites got removed in 10.8
* Line-length.
* Style.
* Remove further troublesome bindings. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add the unconditional SecureTransport bindings
* Line-length.
* Looks like the PSK cipher suites got removed in 10.8
* Style. | 
| | 
| 
| 
| 
| 
| 
| | >>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' NULL>
>>> lib.OPENSSL_config(ffi.NULL)
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' 0x10adc7440> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back? | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | (#3022)
constify + a few small changes to the null checks | 
| | 
| 
| 
| 
| | (#3021)
constify + a few small changes to the null checks | 
| | 
| 
| 
| 
| | (#3020)
constify + a few small changes to the null checks |