delta/python-packages/cryptography.git/src/_cffi_src, branch alex-patch-4 github.com: pyca/cryptography.git Fixed build errors on HP-UX. (#4259) 2018-05-22T12:19:02+00:00 dumol dumol@chevah.com 2018-05-22T12:19:02+00:00 0a22d486ec9175926aed29a5f4ea963843ebccfa * Fixed build errors on HP-UX. * PEP 8 style fix. * No return for void function. * PEP 8 style fix, take 2. 
* Fixed build errors on HP-UX.

* PEP 8 style fix.

* No return for void function.

* PEP 8 style fix, take 2.
Cleanup unused err bindings. (#4246) 2018-05-16T01:32:05+00:00 David Benjamin davidben@davidben.net 2018-05-16T01:32:05+00:00 18370510b5ea1cfeec514b7662b61ac7ebfb33d5 This removes: - ERR_get_state which really shouldn't be public API. - A bunch of functions that are really mostly useful within the library to add new errors. NB: I say mostly because they are also useful when trying to register a new error library, as osrandom does, but osrandom is written in C. Python code is more likely to be consuming errors. - All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still reference it. Per PR #3609, function codes are kind of unstable. This finishes that up and cleans up the bindings. - The "line" versions of querying the error queue, just because no one seems to be using them and there's a lot. - Error-printing functions, which make less sense in Python since you'd probably wrap in an exception. Error codes probably could also do with cleaning, but I've left them alone for now. 
This removes:

- ERR_get_state which really shouldn't be public API.

- A bunch of functions that are really mostly useful within the library
  to add new errors. NB: I say mostly because they are also useful when
  trying to register a new error library, as osrandom does, but osrandom
  is written in C. Python code is more likely to be consuming errors.

- All function codes but EVP_F_EVP_ENCRYPTFINAL_EX because tests still
  reference it. Per PR #3609, function codes are kind of unstable. This
  finishes that up and cleans up the bindings.

- The "line" versions of querying the error queue, just because no one
  seems to be using them and there's a lot.

- Error-printing functions, which make less sense in Python since you'd
  probably wrap in an exception.

Error codes probably could also do with cleaning, but I've left them
alone for now.
 Remove ECDSA_sign_setup and *sign_ex bindings. (#4245) 2018-05-15T22:12:51+00:00 David Benjamin davidben@davidben.net 2018-05-15T22:12:51+00:00 e564aebd759090c35c374085931f3ada693dab1e They are unused. These functions have two purposes. They can be used to pass your own value of k, or to amoritize the cost of generating k. Messing up k is catastrophic to ECDSA, so best not to expose that one. ECDSA signing is also quite fast, so there isn't much point in the latter. (The API comes from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening features that have to get skipped when doing this. 
They are unused.

These functions have two purposes. They can be used to pass your own
value of k, or to amoritize the cost of generating k. Messing up k is
catastrophic to ECDSA, so best not to expose that one. ECDSA signing is
also quite fast, so there isn't much point in the latter. (The API comes
from DSA, which is a bit slower.) Moreover, ECDSA_sign is not the same
as ECDSA_sign_setup + ECDSA_sign_ex. OpenSSL has some nonce hardening
features that have to get skipped when doing this.
 Remove some unused RSA bindings. (#4243) 2018-05-15T03:41:27+00:00 David Benjamin davidben@davidben.net 2018-05-15T03:41:27+00:00 b2165c2ef0fdf8d63c3b4780648266e37d39df2d RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and RSA_X931_PADDING are obsolete. The low-level padding functions appear unused and the EVP_PKEY stuff is probably a bit nicer than expecting callers to RSA_NO_PADDING and do the padding by hand. 
RSA_blinding_off is a silly function. RSA_SSLV23_PADDING and
RSA_X931_PADDING are obsolete. The low-level padding functions appear
unused and the EVP_PKEY stuff is probably a bit nicer than expecting
callers to RSA_NO_PADDING and do the padding by hand.
 Remove some unused RAND bindings. (#4239) 2018-05-14T20:09:36+00:00 David Benjamin davidben@davidben.net 2018-05-14T20:09:36+00:00 db131983f4e6ae6c2ec34072fbff0e30d967c8c7 These are unused. (And not especially useful.) 
These are unused. (And not especially useful.)
 Clean up unused EC bindings. (#4225) 2018-05-14T17:00:02+00:00 David Benjamin davidben@davidben.net 2018-05-14T17:00:02+00:00 6639dd15a7847fae731b29ce01f98cba79757838 * Clean up unused EC bindings. A lot of these are really OpenSSL internals, like the EC_METHOD business, support for custom curves which are a bad idea, and weird non-standard serializations like taking the usual point serialization and treating it as a single BIGNUM. I also didn't remove things when they're arguably part of a set. E.g. EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at the same abstraction level (basic point operations), so it's strange to have one without the other. I also kept EC_POINT_is_on_curve because, although it is not used, OpenSSL prior to 1.1.0 doesn't perform this important check in EC_POINT_set_affine_coordinates_GFp (though it does in some of the functions which ultimately call it, like EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually uses), so one should not expose the latter without the former. * Fix build issue. 
* Clean up unused EC bindings.

A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.

I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.

I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.

* Fix build issue.
Remove unused BIO bindings. (#4220) 2018-05-14T16:19:49+00:00 David Benjamin davidben@davidben.net 2018-05-14T16:19:49+00:00 ce6fe07632c17f16221f02ad19c6875327cdd10a * Remove unused BIO bindings. This also folds in the const bits from 1.1.0, on the assumption that, now that the function pointer check is gone, it will just cause cffi to generate more conservative pointer types that work for 1.0.2 as well. * Restore some functions used externally. Datagram BIO_CTRL_* constants are intentionally omitted per discussion on the PR. 
* Remove unused BIO bindings.

This also folds in the const bits from 1.1.0, on the assumption that,
now that the function pointer check is gone, it will just cause cffi to
generate more conservative pointer types that work for 1.0.2 as well.

* Restore some functions used externally.

Datagram BIO_CTRL_* constants are intentionally omitted per discussion
on the PR.
Fix some callback type signatures. (#4227) 2018-05-12T11:41:37+00:00 David Benjamin davidben@davidben.net 2018-05-12T11:41:37+00:00 33ae3cea990b307eafaa5f52232eba8315fd05fe * Fix some callback type signatures. SSL_CTX_set_psk_server_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734 SSL_CTX_set_tlsext_servername_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964 https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499 * Missed a spot 
* Fix some callback type signatures.

SSL_CTX_set_psk_server_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734

SSL_CTX_set_tlsext_servername_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499

* Missed a spot
Remove unused BN bindings. (#4219) 2018-05-09T15:36:02+00:00 David Benjamin davidben@davidben.net 2018-05-09T15:36:02+00:00 528eb1b4be65d5ad779cbde80680b49a7e5c6d03 * Remove unused BN bindings. These appear to be unused in both cryptography.io and PyOpenSSL. * Restore symbols used by pyUmbral. Along the way, fix some mistranscribed consts. 
* Remove unused BN bindings.

These appear to be unused in both cryptography.io and PyOpenSSL.

* Restore symbols used by pyUmbral.

Along the way, fix some mistranscribed consts.
Expose OpenSSL constant time bignum arithmetic (#4200) 2018-04-25T00:12:13+00:00 Tux tuxxy@users.noreply.github.com 2018-04-25T00:12:13+00:00 47438529612c475f6c10a8c2826d8a16b4f83fe6 * Expose BIGNUM constant time operations This commit exposes the following functions: BN_set_flags BN_get_flags BN_MONT_CTX_new BN_MONT_CTX_set BN_MONT_CTX_free BN_mod_exp_mont BN_mod_exp_mont_consttime This commit also exposes the BN_FLG_CONSTTIME flag. * Add myself to AUTHORS 
* Expose BIGNUM constant time operations

This commit exposes the following functions:
BN_set_flags
BN_get_flags

BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_free

BN_mod_exp_mont
BN_mod_exp_mont_consttime

This commit also exposes the BN_FLG_CONSTTIME flag.

* Add myself to AUTHORS