summaryrefslogtreecommitdiff
path: root/src/cryptography/hazmat/bindings/openssl/_conditional.py
Commit message (Collapse)AuthorAgeFilesLines
* Remove a bunch of unused bindings (#8830)Alex Gaynor2023-04-261-9/+0
| | | Also replace one DH function with a simpler implementation
* drop libressl 3.5.x support (#8741)Paul Kehrer2023-04-161-7/+0
| | | OpenBSD 7.1 is no longer supported so neither is LibreSSL 3.5.x
* Use from __future__ import annotations everywhere (#8643)Alex Gaynor2023-03-311-0/+2
|
* drop support for openssl < 1.1.1d (#8449)Paul Kehrer2023-03-241-1/+0
| | | | | This removes the OS random engine, which contained the only CPython PSF licensed code in the repository. Accordingly, that license has now been removed.
* Stop validating keys in ECDH exchange (#8490)Alex Gaynor2023-03-111-0/+7
| | | | | The theory here is that we're already doing sufficient validation key loading, and this is purely duplicative. Note that there's at least _some_ validationg that was previously occurring only ECDH, the LowOrderPublic check that can be seen in wycheproof.
* Remove use of deprecated EC functions (#8459)Alex Gaynor2023-03-061-7/+0
|
* Remove unused bindings (#8321)Alex Gaynor2023-02-191-18/+0
|
* Remove now-unused bindings (#8264)Alex Gaynor2023-02-111-10/+0
|
* src/_cffi_src/openssl/evp.py: export EVP_PKEY_set_alias_type in FUNCTIONS ↵hustliyilin2022-12-281-0/+9
| | | | | | | | | | | | | | | (#7935) In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod (https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key. So the EVP_PKEY_set_alias_type API is important for people who want to use cryptography with using SM2 algorithms. Therefore, we need to export EVP_PKEY_set_alias_type in FUNCTIONS. Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com> Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
* Remove binding for X509_STORE_get_get_issuer (#7918)David Benjamin2022-12-201-1/+0
| | | | | | | | | This was added alongside X509_STORE_set_get_issuer in 21ef4080ec7666299f1268f3bbfb136582744359. It makes sense to want to override issuer lookup, but I've never seen a valid use case for querying the callbacks. If you're trying to get at the function that was already configured, you presumably already know it. (And if you don't, it's not safe to call because an arbitrary callback may have been written to only be usable in particular contexts.)
* Update minimum LibreSSL to 3.5 (#7780)Alex Gaynor2022-11-071-8/+0
| | | This is the version of LibreSSL in OpenBSD 7.1, which is the oldest currently supported.
* fixes #7454 -- added SSL_get_extms_support (#7697)Alex Gaynor2022-10-121-0/+5
|
* Remove reimplementation of OpenSSL function in DHX (#7611)Alex Gaynor2022-09-141-0/+2
|
* Move to a libressl policy (#7605)Alex Gaynor2022-09-131-18/+0
| | | This policy is to support things that are in supported versions of openbsd. the current oldest supported openbsd is 7.0, which included libressl 3.4
* Increase our minimum LibreSSL. (#7571)Alex Gaynor2022-09-071-7/+0
| | | OpenBSD 7.0 ships 3.4, and Alpine 3.14 ships 3.3.6
* Drop OpenSSL 1.1.0 (#7570)Alex Gaynor2022-09-071-10/+0
| | | | | There's still a few TODOs for cleanup. Refs #7109
* Bind functions for dealing with sigalgs (#7349)Jean-Daniel2022-06-191-0/+7
| | | Fixes https://github.com/pyca/cryptography/issues/7336
* Expose SSL_OP_IGNORE_UNEXPECTED_EOF (#7321)dreid2022-06-081-0/+9
| | | | | | | | | | | * Expose SSL_OP_IGNORE_UNEXPECTED_EOF Expose SSL_OP_IGNORE_UNEXPECTED_EOF. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html#:~:text=this%20by%20default.-,SSL_OP_IGNORE_UNEXPECTED_EOF,-Some%20TLS%20implementations * Make this conditional. * Add to _conditionals.py
* add binding for PKCS12_set_mac (#7217)Paul Kehrer2022-05-121-0/+5
| | | | | OpenSSL 3 changed the default MAC to sha256, which is fine and good except Windows Server 2016 can't handle that so we need to build some APIs allowing worse things and name them scary legacy names.
* add a a constant for pyOpenSSL with OpenSSL 3 (#7156)Paul Kehrer2022-04-301-0/+7
|
* add TLSv1.3 PSKs function bindings (#7002)可可熊2022-04-031-0/+13
| | | | | | | | | * TLSv1.3 PSKs function bindings * add PSK related functions to be conditional * add Cryptography_SSL_SESSION_new to avoid namespace collision Co-authored-by: d00624431 <dongpu1@huawei.com>
* add new bindings for OpenSSL 3.0.0 cipher fetching/freeing (#7027)Paul Kehrer2022-04-031-0/+5
|
* type _conditional to lower the untyped percentage (#6730)Paul Kehrer2021-12-221-36/+38
| | | does this have value? ours is not to question the machine
* Drop supported for older LibreSSL (#6660)Alex Gaynor2021-11-261-14/+0
| | | | | | | | | | | | | * Drop supported for older LibreSSL 3.1 covers the oldest version used by versions of Alpine and OpenBSD that are supported by their upstreams. * Remove tests that are now unused * Update CHANGELOG.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* add one more engine binding (#6599)Paul Kehrer2021-11-121-0/+1
| | | we don't support these but advanced users may make use of them
* Begin building with BoringSSL in our CI, no tests yet (#6554)Alex Gaynor2021-11-071-0/+39
| | | | | | | | | | | | | | | * Attempt to build against BoringSSL in CI * Check for BoringSSL in the SSL bindings * Check for BoringSSL in the err bindings * Check for BoringSSL in the pkcs7 bindings * Check for BoringSSL in the bignum bindings * Check for BoringSSL in the EVP bindings * Check for BoringSSL in the X.509 verify bindings
* Check for BoringSSL in the SSL bindings (#6553)Alex Gaynor2021-11-061-0/+6
|
* Remove unused SSL bindings (#6473)Alex Gaynor2021-10-251-8/+0
|
* FIPS 3.0.0 support (#6012)Paul Kehrer2021-08-291-0/+8
| | | | | | | | | | | | | | | | | | | | | * FIPS 3.0.0 support * comments * remove unneeded error clear * review comments * small refactor * black * flake8 too * review feedback * oops * fix
* Expose a few more OpenSSL functions that are useful for DTLS support (#6138)Nathaniel J. Smith2021-06-301-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | * Expose a few more OpenSSL functions that are useful for DTLS support * Move BIO_ADDR gunk to proper place * const correct * Throw more #ifdefs at the wall and see if they stick * njsmith used "think about what he's doing" it's probably not very effective * LibreSSL is not my favorite library * Attempt to hide my new undefined symbols * deflake * Give up on trying to check function pointers for NULLness AFAICT it works fine in CFFI's ABI mode, but I can't figure out how to do it in the API mode.
* Remove unused gf2m bindings (#6144)Alex Gaynor2021-06-261-2/+0
| | | | | * Remove unused gf2m bindings * Update ec.py
* Remove OpenSSL ct.h usage (#6115)Alex Gaynor2021-06-121-23/+0
|
* [WIP] 3.0.0 support (#5250)Paul Kehrer2021-04-221-0/+11
| | | | | | | * 3.0.0 support * almost...there... * make mypy happy
* Remove unused X509 verification flags bindings (#5868)David Benjamin2021-02-261-15/+0
| | | | These don't appear to be used in pyopenssl or cryptography.io. One less source of conditionals.
* Add ssl version constants (#5662)Maximilian Hils2020-12-211-0/+1
| | | | | | | | | | | | | | | * add ssl version constants * try to fix ci * try harder to fix ci * security: if unavailable, set protocol constants to nonexistent version * make linter happy * remove dtls constants * remove superfluous comment
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-091-2/+0
|
* Added tls bindings for new OpenSSL APIs (#5595)Alex Gaynor2020-12-011-0/+10
| | | | fixes #5379 closes #5483
* fixes #4531 -- support encoding SCTs in certificates (#5594)Alex Gaynor2020-11-301-2/+3
|
* Always rely on OpenSSL's builtin locking callbacks (#5561)Alex Gaynor2020-11-111-7/+0
|
* Delete all the 1.0.2 code (#5511)Alex Gaynor2020-10-251-27/+0
|
* re-add a few engine bindings for advanced users (#5449)Paul Kehrer2020-09-011-0/+4
| | | | | | | | | * re-add a few engine bindings for advanced users For users who are capable of compiling cryptography against custom openssl and properly using these functions this hopefully allows PKCS11 usage through OpenSSL engines. * forgot to save my buffer
* shrink bindings more (#5356)Paul Kehrer2020-07-271-9/+0
| | | | | | | * shrink bindings more * readd a binding we do need * readd two more bindings we need
* simplify more errors (#5353)Paul Kehrer2020-07-261-7/+0
| | | the quest to stop using unstable openssl error codes continues
* start trying to make our error handling a bit more generic (#5352)Paul Kehrer2020-07-261-9/+0
| | | | | | | | | * start trying to make our error handling a bit more generic * remove more and black * attach error stack to memorylimit error * blaaack
* fixes #5113 - Making some SRTP related symbols conditional on ↵omnigrok2020-07-261-0/+9
| | | | | | | | | | | OPENSSL_NO_SRTP (#5338) * fixes #5113 - Making some SRTP related symbols conditional on OPENSSL_NO_SRTP. * don't remove one symbol, test with no-srtp * test against a no-srtp build Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-201-12/+8
|
* Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still ↵Alex Gaynor2020-04-251-15/+0
| | | | supported) (#5231)
* add SSL_CTX_(get|set)_keylog_callback (#5187)Maximilian Hils2020-04-111-0/+8
| | | | | | | * add SSL_CTX_(get|set)_keylog_callback * For travis Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Drop support for OpenSSL 1.0.1 (#5178)Alex Gaynor2020-04-041-76/+2
|
* add SSL_CTX_get0_param (#5070)Maximilian Hils2019-11-221-0/+1
|
View Lorry Controller Status