summaryrefslogtreecommitdiff
path: root/src/cryptography/hazmat/bindings
Commit message (Collapse)AuthorAgeFilesLines
* support X.509 certificate PSS signing (#8888)Paul Kehrer2023-05-101-0/+2
| | | | | | | | | | | | | * support X.509 certificate PSS signing no CSR, CRL, etc * handle PSS.(MAX_LENGTH, DIGEST_LENGTH), review feedback * name the kwarg * test improvements * skip if sha3 isn't supported
* Remove a bunch of unused bindings (#8830)Alex Gaynor2023-04-261-9/+0
| | | Also replace one DH function with a simpler implementation
* Move is_fips logic to Rust (#8822)Alex Gaynor2023-04-251-0/+1
|
* Convert KDFs to Rust (#8787)Alex Gaynor2023-04-252-0/+24
|
* Migrate DH to Rust (#8768)Alex Gaynor2023-04-242-0/+24
|
* Use pyo3's facilities for exceptions (#8785)Alex Gaynor2023-04-221-0/+17
|
* Convert HMAC to Rust (#8781)Alex Gaynor2023-04-222-0/+23
|
* Convert hashes to Rust (#8775)Alex Gaynor2023-04-212-0/+19
|
* drop libressl 3.5.x support (#8741)Paul Kehrer2023-04-161-7/+0
| | | OpenBSD 7.1 is no longer supported so neither is LibreSSL 3.5.x
* Convert ed448 to Rust (#8705)Alex Gaynor2023-04-112-1/+21
|
* Convert ed25519 to Rust (#8697)Alex Gaynor2023-04-102-2/+22
|
* Migrate x448 to Rust (#8691)Alex Gaynor2023-04-102-2/+16
|
* Use from __future__ import annotations everywhere (#8643)Alex Gaynor2023-03-312-0/+4
|
* drop support for openssl < 1.1.1d (#8449)Paul Kehrer2023-03-242-32/+0
| | | | | This removes the OS random engine, which contained the only CPython PSF licensed code in the repository. Accordingly, that license has now been removed.
* Migrate x25519 to use rust-openssl (#7933)Alex Gaynor2023-03-242-0/+18
|
* Simplify/unify Rust and Python OpenSSL error handling (#8552)Alex Gaynor2023-03-202-76/+16
|
* Support handling OpenSSL errors from Rust code (#8530)Alex Gaynor2023-03-162-18/+26
|
* Ressurect the PoC of OpenSSL from Rust (#7164)Alex Gaynor2023-03-153-7/+21
|
* Stop validating keys in ECDH exchange (#8490)Alex Gaynor2023-03-111-0/+7
| | | | | The theory here is that we're already doing sufficient validation key loading, and this is purely duplicative. Note that there's at least _some_ validationg that was previously occurring only ECDH, the LowOrderPublic check that can be seen in wycheproof.
* Make Union type aliases a documented public API (#8168)Marti Raudsepp2023-03-072-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rename Union type aliases to CamelCase Many `typing.Union` type aliases were previously using `UPPER_SNAKE_CASE`, but Python's convention is `CamelCase` for these (e.g. https://docs.python.org/3/library/typing.html#type-aliases) * Add utils.deprecated for the old non-underscore type aliases * Added documentation for new type aliases & minor tweaks * Use 'versionadded:: 40.0.0' * Fix CertificatePublicKeyTypes vs CertificateIssuerPublicKeyTypes. Rename CertificatePrivateKeyTypes to CertificateIssuerPrivateKeyTypes * Fix imports (ruff) * Fix one more versionadded * Tweak docs & Reorder: CertificateIssuerPublicKeyTypes before CertificateIssuerPrivateKeyTypes * Fix test mypy errors using cast() * Fix black, oops * Revert "Fix black, oops" This reverts commit 85344e231d697bdc0940e105f7aed729445f9743. * Revert "Fix test mypy errors using cast()" This reverts commit b272d8ca95fbbbc62060663f9e8930a139a7a43e. * Revert type of SubjectKeyIdentifier.from_public_key arg * Changelog tweak
* Remove use of deprecated EC functions (#8459)Alex Gaynor2023-03-061-7/+0
|
* deprecate support for OpenSSL <1.1.1d (#8444)Paul Kehrer2023-03-051-0/+18
| | | | | * deprecate support for OpenSSL <1.1.1d * use an actually exported constant
* Add an ignore for the newest ruff (#8440)Alex Gaynor2023-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * Add an ignore for the newest ruff Clearly document why we have each of our ignores * Bump ruff from 0.0.253 to 0.0.254 Bumps [ruff](https://github.com/charliermarsh/ruff) from 0.0.253 to 0.0.254. - [Release notes](https://github.com/charliermarsh/ruff/releases) - [Changelog](https://github.com/charliermarsh/ruff/blob/main/BREAKING_CHANGES.md) - [Commits](https://github.com/charliermarsh/ruff/compare/v0.0.253...v0.0.254) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove unused bindings (#8321)Alex Gaynor2023-02-191-18/+0
|
* Remove now-unused bindings (#8264)Alex Gaynor2023-02-111-10/+0
|
* Use the ruff 'pyupgrade' checks (#8104)Alex Gaynor2023-01-201-5/+7
|
* src/_cffi_src/openssl/evp.py: export EVP_PKEY_set_alias_type in FUNCTIONS ↵hustliyilin2022-12-281-0/+9
| | | | | | | | | | | | | | | (#7935) In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod (https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key. So the EVP_PKEY_set_alias_type API is important for people who want to use cryptography with using SM2 algorithms. Therefore, we need to export EVP_PKEY_set_alias_type in FUNCTIONS. Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com> Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
* Switch from flake8 to ruff (#7920)Alex Gaynor2022-12-214-6/+4
| | | It's more than 60x faster.
* Remove binding for X509_STORE_get_get_issuer (#7918)David Benjamin2022-12-201-1/+0
| | | | | | | | | This was added alongside X509_STORE_set_get_issuer in 21ef4080ec7666299f1268f3bbfb136582744359. It makes sense to want to override issuer lookup, but I've never seen a valid use case for querying the callbacks. If you're trying to get at the function that was already configured, you presumably already know it. (And if you don't, it's not safe to call because an arbitrary callback may have been written to only be usable in particular contexts.)
* x509: add `load_pem_x509_certificates` (#7878)William Woodruff2022-12-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * x509: add `load_pem_x509_certificates` This behaves similarly to `load_pem_x509_certificate`, except that it returns a list of loaded certificates instead of just the first X.509 certificate. It raises if the input contains no PEM-encoded certificates, or if PEM or certificate parsing fail. Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: blacken Signed-off-by: William Woodruff <william@trailofbits.com> * Update docs/x509/reference.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * tests/x509: assert each item in the list is actually a certificate Signed-off-by: William Woodruff <william@trailofbits.com> * bindings: expose `load_pem_x509_certificates` in `x509.pyi` Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: test the structure of each cert a bit This has the transitive effect of establishing a fixed order. Signed-off-by: William Woodruff <william@trailofbits.com> * CHANGELOG: record changes Signed-off-by: William Woodruff <william@trailofbits.com> * docs: add PEM to spellcheck allowlist Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: document expected param Signed-off-by: William Woodruff <william@trailofbits.com> Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Annotate a few more functions (#7876)Alex Gaynor2022-12-041-1/+7
|
* Rewrite PKCS7 signature generation in Rust (#7729)Alex Gaynor2022-11-251-0/+6
| | | | | * Rewrite PKCS7 signature generation in Rust * Update src/rust/src/pkcs7.rs
* Update minimum LibreSSL to 3.5 (#7780)Alex Gaynor2022-11-071-8/+0
| | | This is the version of LibreSSL in OpenBSD 7.1, which is the oldest currently supported.
* Convert basic PKCS7 generation to Rust (#7700)Alex Gaynor2022-10-121-0/+9
|
* fixes #7454 -- added SSL_get_extms_support (#7697)Alex Gaynor2022-10-121-0/+5
|
* support compilation against openssl 3 with no legacy provider (#7650)Paul Kehrer2022-09-261-8/+23
| | | | | You must pass CRYPTOGRAPHY_OPENSSL_NO_LEGACY for this to be allowed. Downstreams can easily patch this check out if they want to default to this behavior.
* Warn users on 32-bit Pythons on 64-bit windows. (#7641)Alex Gaynor2022-09-241-1/+15
| | | They're leaving a ton of performance on the table.
* A handful of small internal typing improvements (#7625)Alex Gaynor2022-09-181-6/+9
|
* Remove reimplementation of OpenSSL function in DHX (#7611)Alex Gaynor2022-09-141-0/+2
|
* Move to a libressl policy (#7605)Alex Gaynor2022-09-131-18/+0
| | | This policy is to support things that are in supported versions of openbsd. the current oldest supported openbsd is 7.0, which included libressl 3.4
* Remove destroy from FixedPool (#7602)Alex Gaynor2022-09-111-1/+0
| | | turns out we don't need it
* Increase our minimum LibreSSL. (#7571)Alex Gaynor2022-09-071-7/+0
| | | OpenBSD 7.0 ships 3.4, and Alpine 3.14 ships 3.3.6
* Drop OpenSSL 1.1.0 (#7570)Alex Gaynor2022-09-072-28/+0
| | | | | There's still a few TODOs for cleanup. Refs #7109
* Added FixedPool abstraction for use in optimizing various types (#7303)Alex Gaynor2022-07-161-0/+16
|
* Bind functions for dealing with sigalgs (#7349)Jean-Daniel2022-06-191-0/+7
| | | Fixes https://github.com/pyca/cryptography/issues/7336
* Expose SSL_OP_IGNORE_UNEXPECTED_EOF (#7321)dreid2022-06-081-0/+9
| | | | | | | | | | | * Expose SSL_OP_IGNORE_UNEXPECTED_EOF Expose SSL_OP_IGNORE_UNEXPECTED_EOF. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html#:~:text=this%20by%20default.-,SSL_OP_IGNORE_UNEXPECTED_EOF,-Some%20TLS%20implementations * Make this conditional. * Add to _conditionals.py
* add binding for PKCS12_set_mac (#7217)Paul Kehrer2022-05-121-0/+5
| | | | | OpenSSL 3 changed the default MAC to sha256, which is fine and good except Windows Server 2016 can't handle that so we need to build some APIs allowing worse things and name them scary legacy names.
* Instead of ignoring _openssl with mypy, use a pyi (#7177)Alex Gaynor2022-05-021-0/+8
|
* Add license headers to files that need them (#7170)Alex Gaynor2022-05-014-0/+16
|
* add a a constant for pyOpenSSL with OpenSSL 3 (#7156)Paul Kehrer2022-04-301-0/+7
|
View Lorry Controller Status