summaryrefslogtreecommitdiff
path: root/src/cryptography/hazmat/bindings/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Remove a bunch of unused bindings (#8830)Alex Gaynor2023-04-261-9/+0
| | | Also replace one DH function with a simpler implementation
* drop libressl 3.5.x support (#8741)Paul Kehrer2023-04-161-7/+0
| | | OpenBSD 7.1 is no longer supported so neither is LibreSSL 3.5.x
* Use from __future__ import annotations everywhere (#8643)Alex Gaynor2023-03-312-0/+4
|
* drop support for openssl < 1.1.1d (#8449)Paul Kehrer2023-03-242-32/+0
| | | | | This removes the OS random engine, which contained the only CPython PSF licensed code in the repository. Accordingly, that license has now been removed.
* Simplify/unify Rust and Python OpenSSL error handling (#8552)Alex Gaynor2023-03-201-76/+6
|
* Support handling OpenSSL errors from Rust code (#8530)Alex Gaynor2023-03-161-18/+23
|
* Ressurect the PoC of OpenSSL from Rust (#7164)Alex Gaynor2023-03-151-7/+16
|
* Stop validating keys in ECDH exchange (#8490)Alex Gaynor2023-03-111-0/+7
| | | | | The theory here is that we're already doing sufficient validation key loading, and this is purely duplicative. Note that there's at least _some_ validationg that was previously occurring only ECDH, the LowOrderPublic check that can be seen in wycheproof.
* Remove use of deprecated EC functions (#8459)Alex Gaynor2023-03-061-7/+0
|
* deprecate support for OpenSSL <1.1.1d (#8444)Paul Kehrer2023-03-051-0/+18
| | | | | * deprecate support for OpenSSL <1.1.1d * use an actually exported constant
* Remove unused bindings (#8321)Alex Gaynor2023-02-191-18/+0
|
* Remove now-unused bindings (#8264)Alex Gaynor2023-02-111-10/+0
|
* Use the ruff 'pyupgrade' checks (#8104)Alex Gaynor2023-01-201-5/+7
|
* src/_cffi_src/openssl/evp.py: export EVP_PKEY_set_alias_type in FUNCTIONS ↵hustliyilin2022-12-281-0/+9
| | | | | | | | | | | | | | | (#7935) In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod (https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key. So the EVP_PKEY_set_alias_type API is important for people who want to use cryptography with using SM2 algorithms. Therefore, we need to export EVP_PKEY_set_alias_type in FUNCTIONS. Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com> Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
* Remove binding for X509_STORE_get_get_issuer (#7918)David Benjamin2022-12-201-1/+0
| | | | | | | | | This was added alongside X509_STORE_set_get_issuer in 21ef4080ec7666299f1268f3bbfb136582744359. It makes sense to want to override issuer lookup, but I've never seen a valid use case for querying the callbacks. If you're trying to get at the function that was already configured, you presumably already know it. (And if you don't, it's not safe to call because an arbitrary callback may have been written to only be usable in particular contexts.)
* Update minimum LibreSSL to 3.5 (#7780)Alex Gaynor2022-11-071-8/+0
| | | This is the version of LibreSSL in OpenBSD 7.1, which is the oldest currently supported.
* fixes #7454 -- added SSL_get_extms_support (#7697)Alex Gaynor2022-10-121-0/+5
|
* support compilation against openssl 3 with no legacy provider (#7650)Paul Kehrer2022-09-261-8/+23
| | | | | You must pass CRYPTOGRAPHY_OPENSSL_NO_LEGACY for this to be allowed. Downstreams can easily patch this check out if they want to default to this behavior.
* Warn users on 32-bit Pythons on 64-bit windows. (#7641)Alex Gaynor2022-09-241-1/+15
| | | They're leaving a ton of performance on the table.
* A handful of small internal typing improvements (#7625)Alex Gaynor2022-09-181-6/+9
|
* Remove reimplementation of OpenSSL function in DHX (#7611)Alex Gaynor2022-09-141-0/+2
|
* Move to a libressl policy (#7605)Alex Gaynor2022-09-131-18/+0
| | | This policy is to support things that are in supported versions of openbsd. the current oldest supported openbsd is 7.0, which included libressl 3.4
* Increase our minimum LibreSSL. (#7571)Alex Gaynor2022-09-071-7/+0
| | | OpenBSD 7.0 ships 3.4, and Alpine 3.14 ships 3.3.6
* Drop OpenSSL 1.1.0 (#7570)Alex Gaynor2022-09-072-28/+0
| | | | | There's still a few TODOs for cleanup. Refs #7109
* Bind functions for dealing with sigalgs (#7349)Jean-Daniel2022-06-191-0/+7
| | | Fixes https://github.com/pyca/cryptography/issues/7336
* Expose SSL_OP_IGNORE_UNEXPECTED_EOF (#7321)dreid2022-06-081-0/+9
| | | | | | | | | | | * Expose SSL_OP_IGNORE_UNEXPECTED_EOF Expose SSL_OP_IGNORE_UNEXPECTED_EOF. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html#:~:text=this%20by%20default.-,SSL_OP_IGNORE_UNEXPECTED_EOF,-Some%20TLS%20implementations * Make this conditional. * Add to _conditionals.py
* add binding for PKCS12_set_mac (#7217)Paul Kehrer2022-05-121-0/+5
| | | | | OpenSSL 3 changed the default MAC to sha256, which is fine and good except Windows Server 2016 can't handle that so we need to build some APIs allowing worse things and name them scary legacy names.
* add a a constant for pyOpenSSL with OpenSSL 3 (#7156)Paul Kehrer2022-04-301-0/+7
|
* final deprecation warnings for 1.1.0 (#7123)Paul Kehrer2022-04-261-1/+1
|
* Be clear that OpenSSL 1.1.0 is going bye bye (#7108)Alex Gaynor2022-04-221-2/+2
|
* add TLSv1.3 PSKs function bindings (#7002)可可熊2022-04-031-0/+13
| | | | | | | | | * TLSv1.3 PSKs function bindings * add PSK related functions to be conditional * add Cryptography_SSL_SESSION_new to avoid namespace collision Co-authored-by: d00624431 <dongpu1@huawei.com>
* add new bindings for OpenSSL 3.0.0 cipher fetching/freeing (#7027)Paul Kehrer2022-04-031-0/+5
|
* Try removing the SSL_library_init call in initialization (#6986)Alex Gaynor2022-03-211-2/+0
| | | I'm reasonably certain it's not required in recent OpenSSL's
* Remove initialization call that's not required in 1.1.0+ (#6952)Alex Gaynor2022-03-131-2/+0
|
* Remove explicit subclassing of object now that all classes are new-style (#6830)Alex Gaynor2022-01-301-2/+2
| | | As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
* improve types in the binding (#6737)Paul Kehrer2021-12-221-7/+7
|
* more backend typing (#6731)Paul Kehrer2021-12-211-1/+1
| | | | | | | * more backend typing slow progress in a variety of places * type checking isn't the only way we run code
* type _conditional to lower the untyped percentage (#6730)Paul Kehrer2021-12-221-36/+38
| | | does this have value? ours is not to question the machine
* more internal typing. supported methods, hash, hmac (#6728)Paul Kehrer2021-12-221-2/+6
| | | | | | | | | * more internal typing. supported mehods, hash, hmac * cursed * cursed again * has this man ever linted a thing
* Expand typing coverage to exceptions (#6717)Alex Gaynor2021-12-211-3/+3
| | | | | | | * Expand typing coverage to exceptions Involves making _OpenSSLErrorWithText a typing.NamedTuple * Poke for CI
* Remove read_only_property and precisely type all these getters (#6668)Alex Gaynor2021-11-291-3/+11
| | | | | | | * Remove read_only_property and precisely type all these getters * flake8 * unused
* closes #6663 -- deprecate openssl 1.1.0 support (#6667)Alex Gaynor2021-11-281-0/+17
|
* Drop supported for older LibreSSL (#6660)Alex Gaynor2021-11-261-14/+0
| | | | | | | | | | | | | * Drop supported for older LibreSSL 3.1 covers the oldest version used by versions of Alpine and OpenBSD that are supported by their upstreams. * Remove tests that are now unused * Update CHANGELOG.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* add one more engine binding (#6599)Paul Kehrer2021-11-121-0/+1
| | | we don't support these but advanced users may make use of them
* Begin building with BoringSSL in our CI, no tests yet (#6554)Alex Gaynor2021-11-071-0/+39
| | | | | | | | | | | | | | | * Attempt to build against BoringSSL in CI * Check for BoringSSL in the SSL bindings * Check for BoringSSL in the err bindings * Check for BoringSSL in the pkcs7 bindings * Check for BoringSSL in the bignum bindings * Check for BoringSSL in the EVP bindings * Check for BoringSSL in the X.509 verify bindings
* Check for BoringSSL in the SSL bindings (#6553)Alex Gaynor2021-11-061-0/+6
|
* Remove unused SSL bindings (#6473)Alex Gaynor2021-10-251-8/+0
|
* FIPS 3.0.0 support (#6012)Paul Kehrer2021-08-292-0/+24
| | | | | | | | | | | | | | | | | | | | | * FIPS 3.0.0 support * comments * remove unneeded error clear * review comments * small refactor * black * flake8 too * review feedback * oops * fix
* Expose a few more OpenSSL functions that are useful for DTLS support (#6138)Nathaniel J. Smith2021-06-301-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | * Expose a few more OpenSSL functions that are useful for DTLS support * Move BIO_ADDR gunk to proper place * const correct * Throw more #ifdefs at the wall and see if they stick * njsmith used "think about what he's doing" it's probably not very effective * LibreSSL is not my favorite library * Attempt to hide my new undefined symbols * deflake * Give up on trying to check function pointers for NULLness AFAICT it works fine in CFFI's ABI mode, but I can't figure out how to do it in the API mode.
* 3.0.0 deprecated func and it isn't useful to us in general (#6148)Paul Kehrer2021-06-301-7/+4
| | | remove it everywhere and assert on the code/lib/reason
View Lorry Controller Status