* Switch to jenkinsfile (#3525)
* [WIP] add a jenkinsfile
* various jenkinsfile fixes [ci skip]
* experiments
* escape the escaping
* can't do that with /usr/bin/env bash
* continue isolation
* bleh
* optimistically enable everything
* things
* add timeout, codecov
* derp
* sigh
* add credentials for codecov upload
* print the env
* nonsense
* checkout without jenkins because jenkins sucks
* maybe we're not allowed to shadow
* maybe if we actually pass the variable
* scope
* cd into a thing
* also here
* print the commit and run all the jobs again
* son of a
* add labels
* ch-ch-ch-changes
* damn it
* add docs, pep8, py3pep8
* try some downstreams
* make this maybe work
* this is probably what we need
* faster testing
* run this in docker duh
* delete me some dirs
* wtf
* god
* more things
* oh boy locales
* re-enable everything, remove the locales now that they're embedded
* refactor, this will probably break everything
* small test
* sigh
* actually bind some variables. also rename things to be camelCase
* oookay
* this is not gonna work
* test all the things
* add docs-linkcheck, remove libre 2.5.3 because it is bad
* syntax is for losers
* append a thing
* add yosemite, run this thing daily
* oops
* some finally cleanup
* twisted is dead to us for a brief moment
* add randomorder and setup.py test
* whatever
* re-enable twisted
* delete everything. eat arby's
* delete everything this time
* all is emptiness
* master builds should use the commit at the time it was merged (#3577)
* Fixes#3573 -- archive the built docs in that builder (#3580)
* Fixes#3573 -- archive the built docs in that builder
* syntax
* try it without this
* I am an idiot
* this is unused
* uhh, let's try this
* maybe this?
* eh, html is the only thing
* ffffuuuu
* Ignore doctree
* broader exclude
* This works now
* pin sphinx version to avoid test breakage (#3544)
* fix compilation on 1.1.0f (#3603)
Trying to be too specific about why key loading fails is very difficult
when you're using the same logic across DH, EC, RSA, and DSA. This makes
it less fancy.
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
* add support for update_into on CipherContext
This allows you to provide your own buffer (like recv_into) to improve
performance when repeatedly calling encrypt/decrypt on large payloads.
* another skip_if
* more skip_if complexity
* maybe do this right
* correct number of args
* coverage for the coverage gods
* add a cffi minimum test tox target and travis builder
This tests against macOS so we capture some commoncrypto branches
* extra arg
* need to actually install py35
* fix
* coverage for GCM decrypt in CC
* no longer relevant
* 1.8 now
* pep8
* dramatically simplify
* update docs
* remove unneeded test
* changelog entry
* test improvements
* coverage fix
* add some comments to example
* move the comments to their own line
* fix and move comment
If pyca/cryptography sees any errors on the error stack during its own
initialization it immediately raises InternalError and refuses to
proceed. This was a safety measure since we weren't sure if it was
safe to proceed. However, reality has intervened and we have to
bow to the god of pragmatism and just clear the error queue. In
practice this is safe since we religiously check the error queue
in operation.
* switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix
* support defining which windows libraries to link with an env var
CRYPTOGRAPHY_WINDOWS_LIBRARIES is your new friend
* add some docs
* change to CRYPTOGRAPHY_WINDOWS_LINK_OPENSSL110
* lib prefixing is not a thing msvc does, right
* enforce password must be bytes when loading PEM/DER asymmetric keys
Previously we were using an ffi.buffer on the Python string, which was
allowing text implicitly, but our documentation explicitly requires
bytes.
* add changelog entry
* DH keys support serialization
* Add DH serialization documentation
* Add tests for DH keys serialization in DER encoding
* update version to 1.8
* Allow only SubjectPublicKeyInfo serialization
* Remove support in TraditionalOpenSSL format
* Fix pep8
* Refactor dh serialization tests
* Backport DH_check from OpenSSL 1.1.0.
OpenSSL 1.0.2's DH_check considers the q parameter, allowing it
validate more generators and primes; however, OpenSSL 1.1.0's DH_check
includes code to handle errors in BN functions, so it's preferred.
* Wrap DH_Check when using OpenSSL 1.1.0 or higher.
* Adding DH_CHECK_* values missing from older OpenSSLs
* Defensively guard DH_CHECK_* definitions with ifndef.
This will prevent duplicate definitions when LibreSSL supports a
version of DH_check that can return these.
* Document the OpenSSL of origin for the DH_check code
* Use static callbacks with Python 3.x again
Static callbacks were disabled for Python 3.5+ to work around an issue
with subinterpreters, locking callbacks and osrandom engine. Locking
callback and osrandom engine were replaced with a C implementations in
version 1.6 and 1.7.
https://github.com/pyca/cryptography/issues/2970Closes: #3348
Signed-off-by: Christian Heimes <christian@python.org>
* remove unused import
