| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These symbols are not conditional on OPENSSL_NO_PSK in ssl.h
SSL_CTX_set_psk_find_session_callback:
https://github.com/openssl/openssl/blob/openssl-3.0.2/include/openssl/ssl.h.in#L847
SSL_CTX_set_psk_use_session_callback:
https://github.com/openssl/openssl/blob/openssl-3.0.2/include/openssl/ssl.h.in#L850-L851
As such we can not guard the fallback with defined(OPENSSL_NO_PSK)
as this will result in redeclaration errors.
Fixes:
build/temp.linux-sparc64-3.10/_openssl.c:2286:8: error: 'SSL_CTX_set_psk_find_session_callback' redeclared as different kind of symbol
2286 | void (*SSL_CTX_set_psk_find_session_callback)(SSL_CTX *,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from build/temp.linux-sparc64-3.10/_openssl.c:832:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/include/openssl/ssl.h:855:6: note: previous declaration of 'SSL_CTX_set_psk_find_session_callback' was here
855 | void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
build/temp.linux-sparc64-3.10/_openssl.c:2293:8: error: 'SSL_CTX_set_psk_use_session_callback' redeclared as different kind of symbol
2293 | void (*SSL_CTX_set_psk_use_session_callback)(SSL_CTX *,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from build/temp.linux-sparc64-3.10/_openssl.c:832:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/include/openssl/ssl.h:858:6: note: previous declaration of 'SSL_CTX_set_psk_use_session_callback' was here
858 | void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
|
| |
|
| |
These will be removed again in a future release.
|
| |
|
|
|
|
|
|
|
|
|
| |
* RSA PSS openssl constant
* load PSS keys (OpenSSL only) but strip the constraints
* empty commit for CI, sigh
* review feedback
* nit
|
| |
|
|
|
|
|
| |
* add PSS auto support for verification
* add support for PSS.DIGEST_LENGTH
* review comments
|
| |
|
|
|
|
|
|
|
| |
* check for invalid keys that RSA_check_key misses
RSA_check_key checks for primality but that fails to catch this case
since 2 is prime. Instead we fetch p and q and verify that they are odd
and if not reject the key as invalid.
* circleci sucks
|
| |
|
|
| |
constify and remove a func we don't use or need that had a wrong return
type anyway.
|
| |
|
|
|
|
|
|
|
| |
* TLSv1.3 PSKs function bindings
* add PSK related functions to be conditional
* add Cryptography_SSL_SESSION_new to avoid namespace collision
Co-authored-by: d00624431 <dongpu1@huawei.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add LibreSSL 3.5.0 to CI
* Add LibreSSL 3.5.0 guard
* Expose FIPS functions in LibreSSL 3.5.0+
* Expose DH API in LibreSSL 3.5.0+
* Expose SSL_get0_verified_chain and SSL_CTX_{set,get}_keylog_callback in LibreSSL 3.5.0+
* Fix SSL_CTX_{set,get}_keylog_callback guard
* Add missing CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 symbol
* Fix SSL_CTX_{set,get}_keylog_callback guard again
* Condense LibreSSL 3.5.0 defines
* Kick CircleCI
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop supported for older LibreSSL
3.1 covers the oldest version used by versions of Alpine and OpenBSD that are supported by their upstreams.
* Remove tests that are now unused
* Update CHANGELOG.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
we don't support these but advanced users may make use of them
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(#6575)
* Simplify how we test boring, in a way that'll be extensible to the future
* Break out what we ignore
* Get fernet tests passing on boringssl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Attempt to build against BoringSSL in CI
* Check for BoringSSL in the SSL bindings
* Check for BoringSSL in the err bindings
* Check for BoringSSL in the pkcs7 bindings
* Check for BoringSSL in the bignum bindings
* Check for BoringSSL in the EVP bindings
* Check for BoringSSL in the X.509 verify bindings
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* remove some unused functions and add some docs about use
The functions being removed are unused by both cryptography and
pyopenssl and the existing functions (x509_getm_notBefore/notAfter) are
not deprecated.
* more bindings removed and docs
Cryptography_EVP_PKEY_id was dropped from pyOpenSSL in 2017
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* xxx
* The rest
* file
* first milestone!
* progress
* Good progress
* Aaaand, tests pass!
* linter fixes
* moar linting
* moar linting
* style on that coverage
* Flesh this out
* reformat
* Remove RSA+DSA support, will be added back later
* Refactor to avoid todo!() branch
* sha384 support
* Unused
* Suggesting I learn to spell? It's a bold move cotton, let's see how it pays off
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* shrink bindings now that we have oxidized all extensions
* re-add for pyopenssl
* another pyopenssl required binding
|
| |
|
|
|
| |
* remove unused error constant
* remove unused
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert CertificatePolicies to Rust
* Satisfy clippy
* Incorporate rust tests into coverage
* Attempt to get the coverage integrated
* Debugging, as a treat
* Attempt to get the coverage integrated
* cursed
* Maybe?
* Required!
* lol
* unused
* Handle non-ascii qualifiers
|
| | |
|
| | |
|
