| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This removes the OS random engine, which contained the only CPython PSF
licensed code in the repository. Accordingly, that license has now been
removed.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* fix some binding declarations
also adds a comment about why we deliberately incorrectly declare some
of them, sigh
* it's actually safe to do this since no high bit mode options exist
|
| | |
|
| |
|
|
|
| |
You must pass CRYPTOGRAPHY_OPENSSL_NO_LEGACY for this to be allowed.
Downstreams can easily patch this check out if they want to default to
this behavior.
|
| | |
|
| |
|
| |
As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
|
| |
|
| |
Refs #6576
|
| |
|
| |
remove it everywhere and assert on the code/lib/reason
|
| |
|
|
|
|
|
| |
* 3.0.0 support
* almost...there...
* make mypy happy
|
| | |
|
| | |
|
| | |
|
| |
|
| |
fixes #5432
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #5018 -- break users on OpenSSL 1.0.1
* Grammar
* Syntax error
* Missing import
* Missing import
|
| |
|
|
|
|
|
|
|
|
| |
* encode the package version in the shared object
* review feedback
* move into build_ffi so the symbol is in all shared objects
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Do conditional compiling of Cryptography_setup_ssl_threads
* Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks
Check if compiling and initing locking callbacks is necessary
PEP8 fix
* Make test_crypto_lock_init more complete
|
| | |
|
| |
|
|
|
|
|
|
| |
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
* cover this file as well
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add libre so I can see the error
* add the libre error needed and refactor error handling a bit
We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion
* fix a typo, probably an unneeded branch
* review feedback
* refactor tests to support libressl
insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none
* better assert, fix flake8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
|
|
|
|
| |
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
|
| |
|
|
|
|
|
|
|
| |
If pyca/cryptography sees any errors on the error stack during its own
initialization it immediately raises InternalError and refuses to
proceed. This was a safety measure since we weren't sure if it was
safe to proceed. However, reality has intervened and we have to
bow to the god of pragmatism and just clear the error queue. In
practice this is safe since we religiously check the error queue
in operation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| |
|
|
|
|
| |
* Error out on OpenSSL 1.0.0 by default
* what the heck
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make pre5 work
* add a blank line to make the diff happier
* 1.1.0-pre6 working
* support the changes since 1.1.0-pre6
* fixes
* add 1.1.0 to travis
* expose the symbol
* better testing for numericstring
* handle libre...
* actually use the 1.1.0 we compile
* cache the ossl-110 dir on travis
* add some newlines
* changelog entry for 1.1.0 support
* note that we test on 1.1.0
* proper skip on this test
* reorder
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop OpenSSL 0.9.8
* Drop this test, it's not relevant any longer
* unused import
* Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox
* removed unused code for Cryptography_HAS_PKEY_CTX
* return unused code for _AESCTRCipherContext
* syntax :-(
* remove some unused tests and skips
* remove unused code for Cryptography_HAS_PBKDF2_HMAC
* Revert "return unused code for _AESCTRCipherContext"
This reverts commit 7d149729205aa4c9735eb322414b167a75b302df.
* Remove unused RSA code
* Remove unused test code for conditional bindings
* Remove unused dsa code
* unused import
* Remove unused x509 extension code
* Remove unused EC code
* Attempt to remove unused DER key loading code
* document this
* grammar
* Added back this paragraph
* Update docs
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Threading issues keep cropping up. ENGINE_add already
acquires a lock at the C layer via CRYPTO_w_lock (provided you
have registered the locking callbacks) so let's try to use that.
As part of this we'll try to init the openssl locks, but of course
there's potentially a race there as well. Clearly this isn't the real
fix but it might improve the situation while we try to determine what to
do.
|
| |\
| |
| | |
create a ConditionalLibrary and remove unsupported items
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
This test was in the bindings dir, which is incorrect. We do not set
the urandom engine to default unless the openssl backend is loaded. The
reason the test wasn't failing (even in the random test case) is that
the backends are loaded during pytest_generate_tests by a call to
_available_backends. So no matter what order it occurred in the engine
was already set to default. I discovered this when I tried to run the
test_openssl.py bindings tests directly via pytest. Hooray global state.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
