|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | We support directly passing bytes now and these code paths are
duplicated in the deprecated value attributes. | 
| | 
| 
| 
| 
| | strings of the form "scheme:///anything" would incorrectly have two
slashes dropped. This is fixed in two code paths in this PR but one of
those code paths will be entirely removed in a followup PR. | 
| | 
| 
| | Needed to implement __hash__ on AuthorityKeyIdentifier | 
| | 
| 
| 
| | We need to add one small test to cover a case that is no longer covered
with this switch. | 
| | 
| 
| 
| 
| 
| 
| 
| | * refactor AES keywrap into a wrap core and unwrap core
This refactor makes adding AES keywrap with padding much simpler.
* remove an unneeded arg | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add support for the TLSFeature extension in x509
This extension is used for OCSP Must-Staple.
* fix changelog link
* pep8
* refactor to support the sequence properly and add status_request_v2
* update some language
* add test vector, implement eq/ne/hash on TLSFeature
* address review comments | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now | 
| | |  | 
| | 
| 
| 
| 
| 
| | * add OCSP binding for obtaining information from CertID structure
* empty commit | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * added binding support for rfc 5705
* WIP: testing some cffi updates
* added openssl version check
* updated cffi defs to align with pep8
* removed superfluous version checks
* remove more unecessary boilerplate | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add blake2b/blake2s support for hmac
This was a bug, but it turns out the noise protocol suggests using the
HMAC construction with BLAKE2 (rather than BLAKE2's own keyed
functionality) for a few reasons, so we should support it.
* actually test the thing | 
| | 
| 
| | There's no sense in which we actually support them | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fix weak linking of getentropy when compiling on older macOS
We use weak linking in macOS to determine if the getentropy symbol is
available. However, to do that we need to have a declaration that states
the function is __attribute((weak_import)) at compile time. On macOS
10.12 this is provided in sys/random.h, but on older macOS the
declaration doesn't exist at all, so we need to forward declare it
ourselves.
* update a comment and a style nit | 
| | 
| 
| 
| 
| 
| | * deprecate unicode input for RFC822Name
* pep8...? | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * deprecate auto-idna on UniformResourceIdentifier
* fix repr test
* docs
* some updated language | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Begin the deprecation of auto-idna for x509.DNSName
Refs #3357
* fix warning
* py3k fixes
* fix docs
* sigh
* flake8
* these are words
* words
* tests for coverage
* another test
* do idna things
* more idna things | 
| | |  | 
| | 
| 
| 
| | the getentropy fallback is only possible on macOS, wrap it in a define
to remove it entirely on the BSDs. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * remove deprecated items
whirlpool, ripemd160, unsupportedextension, and the old interfaces
* flake8 and remove a test generator we no longe use
* make it clear we warned you about these things | 
| | |  | 
| | 
| 
| 
| 
| 
| | * 2.0 version bump and changelog
* dates are just an illusion | 
| | 
| 
| 
| 
| 
| | * Remove DH generator size constraint
* Check that g > 1 | 
| | 
| 
| 
| 
| 
| 
| 
| | * add AESGCM AEAD support
* remove stray newline
* move AESGCM docs above CCM | 
| | 
| 
| 
| 
| 
| | * move tag_length to the AESCCM constructor
* review feedback | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * allow p % 24 == 23 when generator == 2 in DH_check
* short url
* update and expand comments
* even better language! | 
| | 
| 
| 
| 
| 
| 
| 
| | * use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixed #3747 -- cache extensions on x.509 objects
* be kind to cpython, save a dict lookup
* flake8
* changelog | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * remove egd
* oops
* keep Cryptography_HAS_EGD for compat just in case
This shouldn't really be necessary but maybe we can fully remove it in
2018 or 2019... | 
| | 
| 
| 
| 
| 
| | * remove cryptodev
* oops | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | really use (#3763)
* Attempt to use coverage to quantify how many of the CONDITIONAL_NAMES we really use
* rewrite file to improve coverage
* Write it this way so we can use line coverage
* lost this one :-(
* fix comment and flake8
* update the docs as well
* flake8 | 
| | 
| 
| 
| 
| 
| 
| 
| | * Remove conditionals we never use.
Refs #3763
* put this back | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * don't parse SCTs on older openssl
* use two diff extension parsers because why not
* review feedback | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixes #3745 -- add the any EKU EKU
* docs
* whitespace
* versionadded | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * disallow MD5 in CertificateBuilder and CertificateSigningRequestBuilder
* only error on ECDSA and DSA
lots of duplication in tests here, bleh
* remove changelog entry, also handle this for CRLBuilder
* pep8 | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Test for leaking memory in EllipticCurvePublicNumbers.public_key()
* Fix the memory leak
As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y".
* Unused imports | 
| | 
| 
| 
| 
| 
| 
| 
| | * No more FUNCS/MACROS distinction
* change the docs to not talk about MACROS since they're gone
* remove out of date comment | 
| | 
| 
| 
| 
| 
| | * remove python 3.3 from CI
* remove 3.3 everywhere, not just from CI | 
| | 
| 
| 
| 
| 
| | * enable wconversion and finish fixes
* don't pass -Wconversion if it's win32 | 
| | 
| 
| 
| 
| 
| | * bind DTLS 1.2 methods
* remove version specific dtls bindings, rename sentinel value | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * Reorganize DHParameters and DHPublicKey *WithSerialization
fixes #3720
* fix up the changelog |