summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup how we represent authors. (#5650)Alex Gaynor2020-12-151-1/+1
| | | AUTHORS.rst had not been updated in more than 2 years, it was not a good reference.
* add missing verification parameter flags (#5643)Eduard Iskandarov2020-12-131-0/+2
|
* Update APIs to use non-deprecated OpenSSL ones where possible (#5633)Alex Gaynor2020-12-107-11/+24
| | | cherry picked from #4920
* re-add Cryptography_HAS_TLSEXT_HOSTNAME and port 3.3.1 changelog (#5627)Paul Kehrer2020-12-091-0/+6
|
* Complete removal of py2 (#5533)Alex Gaynor2020-12-0933-263/+126
| | | | | * Drop Python 2 * Black everything
* we didn't actually commit the final doc fixes for the recover PR (#5614)Paul Kehrer2020-12-091-1/+1
|
* Remove utils.int_from_bytes (#5609)Alex Gaynor2020-12-095-10/+15
|
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-09122-134/+0
|
* Switch black to py36 as the minimum version (#5608)Alex Gaynor2020-12-084-8/+8
|
* Remove Python2 from CI and code that branched on it (#5607)Alex Gaynor2020-12-087-109/+25
| | | | | | | | | | | | | * Remove Python2 from CI and code that branched on it * Update setup.py Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com> * remove * review feedback Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* Reopen master for 3.4 (#5605)Alex Gaynor2020-12-081-1/+1
|
* Prepare for 3.3 release (#5603)3.3Alex Gaynor2020-12-081-1/+1
|
* Add support for RSA signature recovery (#5573)Zoltan Kelemen2020-12-074-12/+73
| | | | | | | | | | | | | | | | | | * Removed unused argument. * Added support for RSA signature recovery. * Syntatic corrections for passing pep8 tests. * Corrected typo. * Added test of invalid Prehashed parameter to RSA signature recover. * Renamed recover to a more descriptive name. * Extended RSA signature recovery with option to return full data (not only the digest part). * Added missing words to pass spell check.
* Added tls bindings for new OpenSSL APIs (#5595)Alex Gaynor2020-12-012-4/+36
| | | | fixes #5379 closes #5483
* fixes #4531 -- support encoding SCTs in certificates (#5594)Alex Gaynor2020-11-303-7/+23
|
* Don't build our custom osrandom engine on libressl (#5593)Alex Gaynor2020-11-291-2/+2
| | | | | | | * Don't build our custom osrandom engine on libressl As far as I can tell it's never used on LibreSSL -- they're `RAND_bytes` function unconditionally calls `arc4random_buf` * Update cryptography.py
* disallow p less than 512-bit on DH (#5592)Paul Kehrer2020-11-292-2/+15
| | | | | | | | | | | | | | | | * disallow p less than 512-bit on DH OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere that's practical for us. (Note that we do not enforce on deserializing PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the 3.0.0 support branch we can test an error path) * missing test * black * _MIN_MODULUS_SIZE is now a thing * skip on fips
* don't require errors to be on the stack when loading a key (#5590)Paul Kehrer2020-11-261-2/+1
| | | | | In OpenSSL 3.0.0 no error is added in many cases for this path and since we don't do anything with the error anyway we should just consume and move on
* Reduce granularity of error msging when deserializing keys (#5588)Paul Kehrer2020-11-261-17/+9
| | | | | | | | | | | | * Reduce granularity of error msging when deserializing keys In OpenSSL 3.0 it is no longer possible to determine whether the reason a key failed to deserialize is because of an unsupported cipher. Since we want to be more resilient to OpenSSL error code instability we'll just remove these paths. * black * changelog and update docs
* define OAEP properties for all openssl versions (#5589)Paul Kehrer2020-11-261-7/+3
| | | | In 3.0 these aren't macros so we can't test this way. All our supported OpenSSLs have these bindings now and LibreSSL does not.
* in OpenSSL 1.1.0+ error strings are automatically loaded (#5587)Paul Kehrer2020-11-261-2/+0
|
* garbage collect dead code (#5562)Alex Gaynor2020-11-111-4/+0
|
* Always rely on OpenSSL's builtin locking callbacks (#5561)Alex Gaynor2020-11-114-168/+2
|
* Tighten up this warning message (#5560)Alex Gaynor2020-11-111-2/+2
|
* Fix broken links (#5552)Felix Fontein2020-11-101-5/+8
| | | | | * Fix broken links. * Shorter lines.
* GCM IV size limits (#5553)Paul Kehrer2020-11-092-7/+9
| | | | | | | | | | | | * GCM IV size limits OpenSSL 3.0.0 is going to enforce these size limits so we might as well put them in now. * fix the tests * black * these cases can't happen if we're limiting IV size already
* padding: Tip-toe around bytes subclasses. (#5548)Benjamin Peterson2020-11-041-2/+8
| | | | | This change allows future's newbytes class to be padded again. Fixes https://github.com/pyca/cryptography/issues/5547.
* Drop python 3.5 (#5527)Alex Gaynor2020-10-281-7/+0
|
* Disable blinding for RSA pub keys (#5524)Alex Gaynor2020-10-271-5/+0
|
* Remove some dead constants (#5518)Alex Gaynor2020-10-263-23/+0
|
* fixes #5513 update comment on why we can't have nice things (#5517)Alex Gaynor2020-10-261-11/+3
|
* Simplify a number of branches around libressl (#5515)Alex Gaynor2020-10-267-39/+23
|
* Delete all the 1.0.2 code (#5511)Alex Gaynor2020-10-2521-534/+38
|
* Reopen master for 3.3 (#5509)Alex Gaynor2020-10-251-2/+2
| | | | | * Reopen master for 3.3 * its how you know its authentic alex gaynor code
* 3.2 release (#5508)3.2Paul Kehrer2020-10-251-1/+1
|
* Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)Alex Gaynor2020-10-251-15/+11
|
* move blinding to __init__ on both RSA public and private (#5506)Paul Kehrer2020-10-252-4/+10
| | | | | * move blinding to __init__ on both RSA public and private * change signature to guarantee this test is testing what we think
* be more verbose in the 102 deprecation notice (#5505)Paul Kehrer2020-10-251-2/+5
|
* PKCS7SignatureBuilder now supports new option NoCerts when signing (#5500)frennkie2020-10-252-0/+5
|
* chunking didn't actually work (#5499)Paul Kehrer2020-10-251-1/+1
|
* allow additional certificates to be added to a pkcs7 (#5498)Paul Kehrer2020-10-252-2/+20
| | | | | | | * allow additional certificates to be added to a pkcs7 * be more verbose about what these additional certs might be used for * missing test
* PKCS7SignatureBuilder now supports three serializations (#5497)Paul Kehrer2020-10-244-9/+20
| | | | | | | | * PKCS7SignatureBuilder now supports three serializations PEM, DER, and SMIME. SMIME embeds the S/MIME headers and has the detached signature concept. * thanks libre
* migrate smime builder to pkcs7 module and rename (#5496)Paul Kehrer2020-10-243-117/+110
| | | | | * migrate smime builder to pkcs7 module and rename * missed a rename
* smime signer support (#5465)Paul Kehrer2020-09-193-1/+171
| | | | | | | | | | | | | | | | | | | * smime signer support * fix ed25519 check * change some wording * python 2.7... * review feedback * s/secure/signed * do some verification in the tests * review feedback * doc return value
* add pkcs7/smime bindings (#5458)Paul Kehrer2020-09-131-0/+12
| | | | | | | | | | | | | * add pkcs7/smime bindings * Update src/_cffi_src/openssl/pkcs7.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * Update src/_cffi_src/openssl/pkcs7.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* allow bytes-like for padding (#5462)Paul Kehrer2020-09-131-4/+4
| | | | this doesn't improve efficiency in any way (copies galore!), but it does make it consistent between a cipher context and a padding context
* re-add a few engine bindings for advanced users (#5449)Paul Kehrer2020-09-012-0/+19
| | | | | | | | | * re-add a few engine bindings for advanced users For users who are capable of compiling cryptography against custom openssl and properly using these functions this hopefully allows PKCS11 usage through OpenSSL engines. * forgot to save my buffer
* Add a missing space to py35 deprecation warning (#5448)Sviatoslav Sydorenko2020-09-011-1/+1
| | | This fixes a typo that's been introduced in #5387.
* Break users on OpenSSL 1.0.2 (#5438)Alex Gaynor2020-08-281-6/+14
| | | fixes #5432
* bump version for 3.2 dev (#5431)Paul Kehrer2020-08-271-1/+1
|
View Lorry Controller Status