| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* Drop CI for OpenSSL 1.0.2
* Delete code for coverage reasons
* Bump minimum cryptography version
|
| |
|
|
|
|
| |
* Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way
Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945
Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
callback
* Update changelog to document bug fix
|
| |
|
|
|
|
|
|
|
|
|
|
| |
X509StoreContext (#948)
The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.
This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
| |
|
|
|
|
|
| |
Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL-
style hashed CA/CRL lookup directory, similar to the already existing
SSL.Context.load_verify_locations().
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
| |
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow accessing a connection's verfied certificate chain
Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.
* TLSv1_METHOD -> SSLv23_METHOD
* Use X509_up_ref instead of X509_dup
* Add _openssl_assert where appropriate
* SSL_get_peer_cert_chain should not be null
* Reformat with black
* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>
* Add Changelog entry
* Remove _add_chain
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* fix PKey.check for some broken keys
RSA_check_key is documented to return 1 for valid keys.
It (currently) returns 0 or -1 for invalid ones.
The previous code accepted invalid keys if RSA_check_key returns -1!
* add test
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Removed deprecated Type aliases
* typo
* typo
* missed this somehow
* Line wrap
|
| |
|
| |
2566 is not a valid digest, whoops!
|
| | |
|
| |
|
|
|
| |
rtype for the following was incorrect:
X509Req.from_cryptography
X509.from_cryptography
|
| |
|
|
|
|
|
|
|
|
|
| |
* Handle NULL bytes in get_components() values
Some old software may generate "bogus" CN with each character preceded
by a NULL.
This is already handled in commonName, but wasn't in get_components()
* review fixes (fix py3 test & avoid unpack/cast)
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* X509Store.add_cert no longer raises an error on duplicate cert
* move changelog entry
|
| |
|
| |
Not much point in making it otherwise.
|
| |
|
|
|
|
|
|
| |
* Use autodoc for OpenSSL.crypto
* Use autodoc for the SSL.Context class
* Use autodoc for SSL.Connection
|
| |
|
|
|
|
|
|
| |
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
|
| | |
|
| |
|
|
|
|
|
|
| |
* Don't use things after they're freed...duh
* changelog
* more details
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where each instance of ``X509StoreContext`` would
leak a small amount of memory, but only if ``verify_certificate`` was
called.
The reason for this is that ``X509_STORE_CTX_init`` is called in
``X509StoreContext.__init__`` and at the start of
``X509StoreContext.verify_certificate``. According to the man page for
``X509_STORE_CTX_init``:
"X509_STORE_CTX_init() sets up ctx for a subsequent verification
operation. It must be called before each call to X509_verify_cert(),
i.e. a ctx is only good for one call to X509_verify_cert(); if you want
to verify a second certificate with the same ctx then you must call
X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before
the second call to X509_verify_cert()."
Prior to this commit, the following script would cause a memory leak:
```
from OpenSSL.crypto import (
X509Store, X509StoreContext, load_certificate, FILETYPE_PEM)
certificate = """
-----BEGIN CERTIFICATE-----
MIIESTCCA7KgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEg
UHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNV
BCkTBmZlZG1zZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5v
cmcwHhcNMTIwNzE1MjExODUyWhcNMjIwNzEzMjExODUyWjCB2DELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRv
cmEgUHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMSswKQYDVQQDEyJzaGVsbC1hcHAw
MS5waHgyLmZlZG9yYXByb2plY3Qub3JnMSswKQYDVQQpEyJzaGVsbC1hcHAwMS5w
aHgyLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv
cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyV0ydvno
pITmFs0kfploKj6nW0/COzp0rDwwvuWZF2KDdl1AeRWzfspOQOWIK5V+o2qxYA6t
aiK4bPfylYL1IGIwlVP9ma5zwkRvWketWjGORp5B7g7oECQOBo3gnQt0Uf5TWAQ1
6Wn0bCrIQSqOWVKScK9vUk/oomUlAZbksEcCAwEAAaOCAVcwggFTMAkGA1UdEwQC
MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQUd3FXBbD2JW3qcmq+5VP7GcuxHF4wgdUGA1UdIwSBzTCByoAU
AJil1efEVQ6Eo2f+ZkoW4AQV3SGhgaakgaMwgaAxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJOQzEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3JhIFByb2pl
Y3QxDzANBgNVBAsTBmZlZG1zZzEPMA0GA1UEAxMGZmVkbXNnMQ8wDQYDVQQpEwZm
ZWRtc2cxJjAkBgkqhkiG9w0BCQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnggkA
juso2KkTnXwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqG
SIb3DQEBBQUAA4GBABG1zG/lzYyz/phhROq6nzk3QUVeNGyxFdxxoB57j4xDi60y
zy2yAYe9swqlL1Gk94/Zf/lLPFxOM+NinTOh/o6z0bEBBCufwFKiS+ug/pjsI
o69vC03F21S0pquM8bQjcdoA5q5pdiY/Bq5HULmosyA+ENu69ovQGZZUiJb/
-----END CERTIFICATE-----
"""
ca_certificate = """
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAI7rKNipE518MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNVBAoT
DkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZlZG1z
ZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFw
cm9qZWN0Lm9yZzAeFw0xMjA3MTUyMTE4NTFaFw0yMjA3MTMyMTE4NTFaMIGgMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNV
BAoTDkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZl
ZG1zZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv
cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9J6RmGr1
LzSJ5Fau2wdkVUiS5WXBcd0bNPyUJ9/G7t9SrycnLnEK4GQh2B525p4SCqvsHZtM
8rqii/Y2PPF5PbpgVjJLYsJk4SSv84aH+VPYcaEtYlPClXgHb3J9jgAxgHBHkJMQ
7mvxiIau7frKFqmJGZkxO2M+Sv8eLCKLJP8CAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBQAmKXV58RVDoSjZ/5mShbgBBXdITCB1QYDVR0jBIHNMIHKgBQAmKXV58RVDoSj
Z/5mShbgBBXdIaGBpqSBozCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAw
DgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEPMA0GA1UE
CxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1zZzEmMCQG
CSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmeCCQCO6yjYqROdfDAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAN5r+1rbeTyGDdlelbqWOXBu
uS0a9BfusO0uwf3tHK9zeB5CDKFgxdfSZ+Fxg1w2HFRHhCOYoZ2ASPfbyANTzxUF
fVAId1uhBD1SlhXpTb3Ndo4uXfalf3W8MrQzFiVHbevvfsyd+RwoVT/PDokE3i4A
fftCd0uwvSqVgyE28SFt
-----END CERTIFICATE-----
"""
ca_cert = load_certificate(FILETYPE_PEM, ca_certificate)
cert = load_certificate(FILETYPE_PEM, certificate)
cert_store = X509Store()
cert_store.add_cert(ca_cert)
while True:
cert_store_context = X509StoreContext(cert_store, cert)
cert_store_context.verify_certificate()
```
Moving the creation of ``X509StoreContext`` outside the loop stops the
memory leak.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This frees the memory allocated for the CRL object. Prior to this
commit, the following script would leak memory:
```
from OpenSSL.crypto import load_crl, FILETYPE_PEM
crl = """
-----BEGIN X509 CRL-----
MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP
MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z
ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx
NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G
CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM
WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO
qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA
-----END X509 CRL-----
"""
for _ in range(0, 1000000):
load_crl(FILETYPE_PEM, crl)
```
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Write a test - signatures with EC keys (#609)
* Ask for signature length before allocating a buffer.
This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).
* change approach to EVP_PKEY_size and add changelog
* add a small assert
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed the deprecated md5 default on CRL.export()
* Doh
* unused import
* fixed tests
* last one
* py3k!!!!!
|
| | |
|
| |
|
|
|
|
|
|
| |
* dump_privatekey with FILETYPE_TEXT only supports RSA keys
FILETYPE_TEXT is terrible but everyone hold their nose
* also verify it's a pkey
|
| |
|
|
|
|
| |
* add to_cryptography/from_cryptography on CRL and X509Req
* add changelog entry
|
| |
|
|
|
|
|
|
| |
* Fixed #486 -- deprecate the backwards compat names
* remove the docs for these, pretend they don't exist
* CHANGELOG
|
| |
|
|
|
|
| |
* Added an API for converting X509 to/from cryptography
* changelog
|
| |
|
|
|
|
|
|
| |
* update docs and and changelog for #612
* update changelog
* more detail
|
| |
|
|
|
|
| |
* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL.
* Require cryptography >= 1.9
|
| |
|
| |
We don’t support 0.9.8 anymore.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Prepare for 17.0.0
Fix a bunch URLs and account for the non-existance of 16.3.
* Fix codecov link
|
| |
|
|
|
|
| |
* Fix broken link described in #610
* Fix two other broken links
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
|
| |
|
|
|
|
|
|
|
|
|
| |
* Activate intersphinx
That adds links to CPython docs and cryptography.
Also let the copyright at 2001 which seems to be just fine and gives us
reproducible builds.
* Appease docs builder
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Add empty line to CHANGELOG so extraction works
* Fix a bunch of links
* Prepare 16.2.0
|
| |
|
| |
sad trombone
|
| | |
|
| | |
|
