summaryrefslogtreecommitdiff
path: root/src/_cffi_src
Commit message (Collapse)AuthorAgeFilesLines
...
* Port InvalidityDate and KeyUsage serialization to Rust (#6397)Alex Gaynor2021-10-101-2/+0
|
* Port EKU, PC, and CRL reason extensions to Rust (#6388)Alex Gaynor2021-10-072-10/+0
|
* Convert a few more simple extensions to Rust encoding (#6376)Alex Gaynor2021-10-051-3/+0
|
* Migrate nonce and basic constraint extensions to Rust (#6375)Alex Gaynor2021-10-051-9/+0
| | | | | * Migrate nonce and basic constraint extensions to Rust * clippy
* order defines consistently (#6361)Alex Gaynor2021-10-031-3/+3
|
* Support LibreSSL 3.4.0 (#6360)Charlie Li2021-10-033-6/+15
| | | | | | | | | | | | | | | | | * Add LibreSSL 3.4.0 to CI * Add a LibreSSL 3.4.0 guard Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. * DTLS_get_data_mtu does not exist in LibreSSL * Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ * SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL * Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
* remove unused bindings (#6357)Alex Gaynor2021-10-031-7/+0
|
* remove unused bindings (#6358)Alex Gaynor2021-10-031-14/+1
|
* remove unneeded bindings (#6324)Paul Kehrer2021-09-283-63/+0
|
* remove unused rand bindings (#6309)Alex Gaynor2021-09-271-5/+0
|
* remove unused bindings from x509name (#6310)Alex Gaynor2021-09-271-11/+0
|
* Remove unused OCSP bindings (#6306)Alex Gaynor2021-09-261-112/+0
| | | refs #6289
* cffi: check openssl version is less than 1.1.0 (#6266)match man2021-09-131-0/+4
| | | | | | | Issue an #error directive if it is Signed-off-by: Baofeng Wang <baofeng.wang67@gmail.com> Co-authored-by: Baofeng Wang <baofeng.wang67@gmail.com>
* add PKCS7_get0_signers(), X509_STORE_set_purpose(), and X509_PURPOSE_* (#6187)Mathias Panzenböck2021-08-292-0/+22
| | | | | | | | | | | * add PKCS7_get0_signers(), X509_STORE_set_purpose(), and X509_PURPOSE_* * removed argument names of X509_STORE_set_purpose() and PKCS7_get0_signers() * Update pkcs7.py * Update x509_vfy.py Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* FIPS 3.0.0 support (#6012)Paul Kehrer2021-08-292-1/+14
| | | | | | | | | | | | | | | | | | | | | * FIPS 3.0.0 support * comments * remove unneeded error clear * review comments * small refactor * black * flake8 too * review feedback * oops * fix
* remove unneeded binding (#6150)Paul Kehrer2021-06-301-1/+0
|
* Expose a few more OpenSSL functions that are useful for DTLS support (#6138)Nathaniel J. Smith2021-06-302-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | * Expose a few more OpenSSL functions that are useful for DTLS support * Move BIO_ADDR gunk to proper place * const correct * Throw more #ifdefs at the wall and see if they stick * njsmith used "think about what he's doing" it's probably not very effective * LibreSSL is not my favorite library * Attempt to hide my new undefined symbols * deflake * Give up on trying to check function pointers for NULLness AFAICT it works fine in CFFI's ABI mode, but I can't figure out how to do it in the API mode.
* Remove unused gf2m bindings (#6144)Alex Gaynor2021-06-261-14/+0
| | | | | * Remove unused gf2m bindings * Update ec.py
* Remove OpenSSL ct.h usage (#6115)Alex Gaynor2021-06-122-118/+0
|
* Added handling for OpenSSL "xts duplicated keys" error. (#6085)Angus Gratton2021-06-093-0/+10
| | | | | | | | | | | | | | | | | | | | | * Added handling for OpenSSL "xts duplicated keys" error. Closes #5998 This error value was added pre-OpenSSL 1.1.1d here: https://github.com/openssl/openssl/commit/2a5f63c9a61be7582620c4b5da202bb3fd7e4138 and refined to only cover encryption shortly after: https://github.com/openssl/openssl/commit/58ae5a47da1e4843b0cd1846eb297b341d0e7201 * test_aes: Remove unnecessary assignment * xts: Update duplicated keys check for OpenSSL 3 providers Also, change the exception message slightly: - Now matches the tense used by openssl - Turns out decryption *is* checked for duplicate keys by OpenSSL 3 when in FIPS mode
* Burn down now unused OCSP request bindings (#6078)Alex Gaynor2021-05-311-6/+0
|
* Port OCSP Request extension parsing to Rust (#6005)Alex Gaynor2021-04-241-0/+20
| | | | | | | | | | | * Port OCSP Request extension parsing to Rust * Added test for rando oid * Update src/rust/src/asn1.rs Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* [WIP] 3.0.0 support (#5250)Paul Kehrer2021-04-225-1/+51
| | | | | | | * 3.0.0 support * almost...there... * make mypy happy
* Fix build with LibreSSL 3.3.2 (#5988)Charlie Li2021-04-192-0/+9
| | | | | | | | | | | | | | | | | * LibreSSL 3.3.2 supports SSL_OP_NO_DTLS* While here, bump CI * Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS* DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2 * Switch to LESS_THAN context for LibreSSL 3.3.2 While here, fix indents * Remove extra C variable declaration The variable is not actually used from Python
* switch to evp_pkey_derive for ECDH (#5973)Paul Kehrer2021-04-142-4/+0
| | | remove unused lower level bindings, improve error msg
* switch to using EVP_PKEY_derive instead of DH_compute_key in DH (#5972)Paul Kehrer2021-04-141-1/+0
| | | | | | | | | | | | | * switch to using EVP_PKEY_derive instead of DH_compute_key in DH Where checks are occurring is changing in OpenSSL 3.0 and this makes it easier to be consistent (and is the API we should be using anyway). The tests change because EVP_PKEY_derive now verifies that we have shared parameters, which the test previously only verified by asserting that the derived keys didn't match * review feedback * type ignores required for typeerror tests. some day i will remember this
* Remove unused X509 verification flags bindings (#5868)David Benjamin2021-02-261-25/+0
| | | | These don't appear to be used in pyopenssl or cryptography.io. One less source of conditionals.
* Convert unpadding code to Rust (#5668)Alex Gaynor2021-02-213-97/+0
|
* Add ssl version constants (#5662)Maximilian Hils2020-12-211-0/+7
| | | | | | | | | | | | | | | * add ssl version constants * try to fix ci * try harder to fix ci * security: if unavailable, set protocol constants to nonexistent version * make linter happy * remove dtls constants * remove superfluous comment
* add missing verification parameter flags (#5643)Eduard Iskandarov2020-12-131-0/+2
|
* Update APIs to use non-deprecated OpenSSL ones where possible (#5633)Alex Gaynor2020-12-104-4/+17
| | | cherry picked from #4920
* re-add Cryptography_HAS_TLSEXT_HOSTNAME and port 3.3.1 changelog (#5627)Paul Kehrer2020-12-091-0/+6
|
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-0939-40/+0
|
* Switch black to py36 as the minimum version (#5608)Alex Gaynor2020-12-081-1/+1
|
* Add support for RSA signature recovery (#5573)Zoltan Kelemen2020-12-071-0/+3
| | | | | | | | | | | | | | | | | | * Removed unused argument. * Added support for RSA signature recovery. * Syntatic corrections for passing pep8 tests. * Corrected typo. * Added test of invalid Prehashed parameter to RSA signature recover. * Renamed recover to a more descriptive name. * Extended RSA signature recovery with option to return full data (not only the digest part). * Added missing words to pass spell check.
* Added tls bindings for new OpenSSL APIs (#5595)Alex Gaynor2020-12-011-4/+26
| | | | fixes #5379 closes #5483
* fixes #4531 -- support encoding SCTs in certificates (#5594)Alex Gaynor2020-11-301-4/+6
|
* Don't build our custom osrandom engine on libressl (#5593)Alex Gaynor2020-11-291-2/+2
| | | | | | | * Don't build our custom osrandom engine on libressl As far as I can tell it's never used on LibreSSL -- they're `RAND_bytes` function unconditionally calls `arc4random_buf` * Update cryptography.py
* define OAEP properties for all openssl versions (#5589)Paul Kehrer2020-11-261-7/+3
| | | | In 3.0 these aren't macros so we can't test this way. All our supported OpenSSLs have these bindings now and LibreSSL does not.
* garbage collect dead code (#5562)Alex Gaynor2020-11-111-4/+0
|
* Always rely on OpenSSL's builtin locking callbacks (#5561)Alex Gaynor2020-11-112-139/+1
|
* Remove some dead constants (#5518)Alex Gaynor2020-10-263-23/+0
|
* fixes #5513 update comment on why we can't have nice things (#5517)Alex Gaynor2020-10-261-11/+3
|
* Simplify a number of branches around libressl (#5515)Alex Gaynor2020-10-262-24/+8
|
* Delete all the 1.0.2 code (#5511)Alex Gaynor2020-10-2516-462/+30
|
* PKCS7SignatureBuilder now supports three serializations (#5497)Paul Kehrer2020-10-241-0/+1
| | | | | | | | * PKCS7SignatureBuilder now supports three serializations PEM, DER, and SMIME. SMIME embeds the S/MIME headers and has the detached signature concept. * thanks libre
* smime signer support (#5465)Paul Kehrer2020-09-191-0/+1
| | | | | | | | | | | | | | | | | | | * smime signer support * fix ed25519 check * change some wording * python 2.7... * review feedback * s/secure/signed * do some verification in the tests * review feedback * doc return value
* add pkcs7/smime bindings (#5458)Paul Kehrer2020-09-131-0/+12
| | | | | | | | | | | | | * add pkcs7/smime bindings * Update src/_cffi_src/openssl/pkcs7.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * Update src/_cffi_src/openssl/pkcs7.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* re-add a few engine bindings for advanced users (#5449)Paul Kehrer2020-09-011-0/+15
| | | | | | | | | * re-add a few engine bindings for advanced users For users who are capable of compiling cryptography against custom openssl and properly using these functions this hopefully allows PKCS11 usage through OpenSSL engines. * forgot to save my buffer
* return from void function cannot compile on solaris studio (#5385)stphnlyd2020-08-111-1/+1
|
View Lorry Controller Status