summaryrefslogtreecommitdiff
path: root/src/_cffi_src
Commit message (Collapse)AuthorAgeFilesLines
...
* define SYS_getrandom on linux arm64 (#5378)Alex Gaynor2020-08-051-1/+3
|
* support PKCS7 certificate parsing (#5371)Paul Kehrer2020-08-041-0/+2
| | | | | | | | | | | | | * support PKCS7 certificate parsing * refcounts are different in 1.0.2 * rename the functions * black * empty commit * review feedback
* handle unnamed-but-really-named curves in 1.0.2u (#5362)Paul Kehrer2020-07-301-0/+3
| | | | | | | | | * handle unnamed-but-really-named curves in 1.0.2u * handle openssl 1.0.2 not supporting better install commands on make * do what openssl didn't feel was necessary in 1.0.2t/u I didn't bind the named curve constant, fight me.
* remove some more constants we don't need (#5361)Paul Kehrer2020-07-301-4/+0
| | | these are gone in 3.0 anyway and were removed in that draft PR
* shrink bindings more (#5356)Paul Kehrer2020-07-2710-82/+0
| | | | | | | * shrink bindings more * readd a binding we do need * readd two more bindings we need
* remove every error we don't use in cryptography or pyopenssl (#5355)Paul Kehrer2020-07-271-108/+7
| | | | | | | | | | * remove every error we don't use in cryptography or pyopenssl sorry external consumers, carrying things we don't use and don't have downstream tests for has become too much of a burden * re-add a constant we need for tests for now * pyopenssl needs these three
* more error simplification (#5354)Paul Kehrer2020-07-271-3/+0
| | | | | | | X509 signing for RSA keys that are too small. Let's just say signing failed and attach the more specific problem as the error stack. A bit uglier, but far more generic and stable to OpenSSL/LibreSSL/BoringSSL Also be a bit more generic for OCSP signing
* simplify more errors (#5353)Paul Kehrer2020-07-261-14/+0
| | | the quest to stop using unstable openssl error codes continues
* start trying to make our error handling a bit more generic (#5352)Paul Kehrer2020-07-261-16/+0
| | | | | | | | | * start trying to make our error handling a bit more generic * remove more and black * attach error stack to memorylimit error * blaaack
* fixes #5113 - Making some SRTP related symbols conditional on ↵omnigrok2020-07-261-0/+10
| | | | | | | | | | | OPENSSL_NO_SRTP (#5338) * fixes #5113 - Making some SRTP related symbols conditional on OPENSSL_NO_SRTP. * don't remove one symbol, test with no-srtp * test against a no-srtp build Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* remove 4 OCSP bindings we don't use (#5344)Paul Kehrer2020-07-251-4/+0
|
* Refs #5113 -- build against openssl with no ct (#5343)Alex Gaynor2020-07-241-2/+7
|
* fixes #5321 -- deprecate support for OpenSSL 1.0.2 (#5333)Alex Gaynor2020-07-201-0/+1
|
* Delete several unused bindings (#5331)Alex Gaynor2020-07-203-34/+0
|
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-203-25/+39
|
* test FIPS mode on centos8 (#5323)Paul Kehrer2020-07-201-0/+1
| | | | | | | | | | | | | | | * test FIPS mode on centos8 * remove branch we don't take * simpler * better comment * rename * revert some things that don't matter * small cleanups
* disable the osrandom engine on 1.1.1d+ (#5317)Paul Kehrer2020-07-192-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | * disable the osrandom engine on 1.1.1d+ * skip (and run) some tests on 1.1.1d+ * simplify our conditionals * Update src/_cffi_src/openssl/src/osrandom_engine.c Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * words * more words * language * get coverage more cleverly * a word * Update .github/workflows/ci.yml Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* support encoding attributes via CertificateSigningRequestBuilder (#5315)Paul Kehrer2020-07-181-2/+2
| | | | | | | * support encoding attributes via CertificateSigningRequestBuilder * use a constant. now you know what 12 means! * pep8
* fix indexing on X509 request attribute value (#5312)Paul Kehrer2020-07-181-0/+1
|
* Avoid passing the wrong size to strncpy - simply use strcpy (#5311)Alex Gaynor2020-07-181-1/+1
| | | We have already validated that `p` is large enough to store `name`. In `strncpy` the `len` parameter should generally be the length of the target buffer, not the source buffer.
* Add support for IBM z/OS (#5304)Steven Pitman2020-07-153-3/+24
|
* remove NPN bindings -- you should be using ALPN! (#4765)Paul Kehrer2020-07-051-19/+1
| | | | | | | | | | | | | | | | | | | | | | * remove NPN bindings -- you should be using ALPN! pyOpenSSL consumed these, but we've marked it as deprecated and it already handles the case where the bindings are not available. * set Cryptography_HAS_NEXTPROTONEG to 0 for pyOpenSSL we can remove this symbol in like...5 years. * remove another NPN related definition * suspicious * Revert "remove another NPN related definition" This reverts commit d872a7d1d776858c77b8c607f63cc9b5fef1ae39. Revert "suspicious" This reverts commit 5b767484f1cde132f686600a46e61a18e33cbdae.
* Remove dead constant time code (#5239)Alex Gaynor2020-04-263-55/+0
|
* Added wycheproof RSA PKCSv1 encryption tests (#5234)Alex Gaynor2020-04-261-0/+1
|
* Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still ↵Alex Gaynor2020-04-252-22/+0
| | | | supported) (#5231)
* add SSL_CTX_(get|set)_keylog_callback (#5187)Maximilian Hils2020-04-111-0/+18
| | | | | | | * add SSL_CTX_(get|set)_keylog_callback * For travis Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Drop support for OpenSSL 1.0.1 (#5178)Alex Gaynor2020-04-046-177/+13
|
* Add pthread linking on non-win32 (#5086)Alexander Grund2019-12-231-1/+4
| | | | Required to link in static part of pthread, e.g. pthread_atfork Fixes https://github.com/pyca/cryptography/issues/5084
* issue-5041: do not add extra flags when compiler or platform does not ↵Michael Felt2019-11-241-1/+13
| | | | | | | | | | | | | | support them (#5042) * check for suitable compiler (platform) before adding special flags * pep8 corrections * later pep8 messages * add clang to auto accepted compilers * modify syntax so multi-line is accepted
* add SSL_get_verify_result (#5071)Maximilian Hils2019-11-231-0/+1
|
* add SSL_CTX_get0_param (#5070)Maximilian Hils2019-11-221-0/+2
|
* add SSL[_CTX]_clear_mode (#5062)Maximilian Hils2019-11-111-0/+2
|
* Fixed #5050 -- dropped support for an old LibresSSL release (#5056)Alex Gaynor2019-11-118-14/+11
| | | | | | * Fixed #5050 -- dropped support for an old LibresSSL release * Changelog
* Add a comment so we can easily find a place to update later (#5043)Alex Gaynor2019-11-011-0/+1
| | | | | | * Add a comment so we can easily find a place to update later * flake8
* Silence unguarded availability warnings for `getentropy` when targeting ↵Max Bélanger2019-10-241-1/+5
| | | | | | | | macOS 10.12 (#5019) * silence `Wunguarded-availability` when building with a `MACOSX_DEPLOYMENT_TARGET < 10.12` * use `__builtin_available` rather than a `NULL` echo upon init on mac
* Test against libressl 3.0 (#5031)Alex Gaynor2019-10-201-2/+2
| | | | | | * Test against libressl 3.0 * Correctly type these ints
* update openssls (#4995)Paul Kehrer2019-10-151-0/+2
| | | | | | | | | | * update openssls * missed one * what will this do * only do this check for 1.1.0+
* Add SSL_get0_verified_chain to cffi lib (#4965)arjenzorgdoc2019-08-141-0/+9
| | | | | | | | * Add SSL_get0_verified_chain to cffi lib OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert. * Work around no support for #if in cdef in old cffi
* fix osrandom/builtin switching methods for 1.1.0+ (#4955)Paul Kehrer2019-07-271-3/+3
| | | | | | | | | | * fix osrandom/builtin switching methods for 1.1.0+ In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin random engine via activate_builtin_random(). Fixed by directly calling RAND_set_rand_method. This works on 1.0.x and 1.1.x * missed an assert
* add bindings to parse and create challenge passwords in X509 CSRs (#4943)Paul Kehrer2019-07-092-1/+11
| | | | | | * add bindings to parse and create challenge passwords in X509 CSRs * moved away from the 1.1.0 section
* Switch to new notBefore/After APIs (#4914)Rosen Penev2019-06-071-0/+9
| | | Introduced in OpenSSL 1.1. Added compatibility for older versions.
* add BIO_free_all (#4874)Dominic Chen2019-05-061-0/+1
|
* Use generic DTLS functions added in LibreSSL 2.9.1 (#4855)Charlie Li2019-04-232-3/+9
| | | | | | | | | | * Use generic DTLS functions added in LibreSSL 2.9.1 While here, bump travis. * Remove LibreSSL 2.9.0 from travis now that 2.9.1 exists. Requested by: @reaperhulk
* fix a memory leak in AIA parsing (#4836)Paul Kehrer2019-04-111-0/+3
| | | | | | * fix a memory leak in AIA parsing * oops can't remove that
* Added BN_is_negative -- refs #4830 (#4831)Alex Gaynor2019-04-051-0/+1
|
* Try to use getrandom even in manylinux1 wheels (#4816)Alex Gaynor2019-03-191-0/+12
| | | | | | * Try to use getrandom even in manylinux1 wheels * typo
* add poly1305 NID/EVP, and EVP_DigestSign{Update,Final} for incremental (#4799)Paul Kehrer2019-03-072-0/+17
|
* ed25519 support (#4114)Paul Kehrer2019-02-261-0/+3
| | | | | | * ed25519 support * review feedback
* remove unused x509 bindings (#4776)Paul Kehrer2019-02-261-87/+1
|
* remove unused locking functions (#4780)Paul Kehrer2019-02-261-24/+2
| | | | | | | | * remove unused locking functions we do all this in C when necessary * oops, need this
View Lorry Controller Status