summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* boldingreaperhulk-patch-1Paul Kehrer2018-05-161-2/+2
|
* links require actual linkingPaul Kehrer2018-05-161-0/+1
|
* tell people to stop using this where possiblePaul Kehrer2018-05-161-1/+4
|
* make codecov stop commenting (#756)Paul Kehrer2018-05-142-1/+2
| | | | | | * make codecov stop commenting * *shakes fist at manifest.in*
* Fixed a handful of typos (#755)Alex Gaynor2018-05-142-2/+2
|
* Always enable auto retry (#753)Paul Kehrer2018-05-142-2/+8
| | | | | | | | | | | | * test using auto retry * add/update changelog and add comment * wordsmithing * Update CHANGELOG.rst * Update CHANGELOG.rst
* Make the changelog consistent (#754)Alex Gaynor2018-05-141-3/+3
|
* Increase the size of RSA key used in tests for OpenSSL 1.1.1 (#750)Alex Gaynor2018-05-122-5/+5
| | | | | | | | * Increase the size of RSA key used in tests for OpenSSL 1.1.1 * here too * In test_ssl.py as well
* fixed tests that want SNI (#751)Alex Gaynor2018-05-121-0/+1
|
* Switch to xcode_image 9.3 (#752)Alex Gaynor2018-05-121-2/+2
|
* Run tests against pypy3, use travis's pypy/pypy3 (#743)Jeremy Lainé2018-03-212-20/+14
|
* Raise minimum cryptography version to 2.2.1, drop python 2.6 (#742)Jeremy Lainé2018-03-218-47/+13
|
* Don't add not supported SSL_ST_* into _all_, fixies #738 (#739)Ondřej Nový2018-03-011-4/+6
| | | | | | | | | Without this patch this fails: >>> from OpenSSL.SSL import * Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/cryptography/utils.py", line 124, in __getattr__ obj = getattr(self._module, attr) AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
* Use autofocus for all module documentation/docstrings (#737)Alex Chan2018-02-154-881/+282
| | | | | | | | * Use autodoc for OpenSSL.crypto * Use autodoc for the SSL.Context class * Use autodoc for SSL.Connection
* open for 17.6.0 (#727)Paul Kehrer2017-12-012-1/+25
|
* 17.5.0 version bump (#726)17.5.0Paul Kehrer2017-11-302-2/+2
|
* Export keying material support (#725)Paul Kehrer2017-11-303-0/+48
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-306-11/+36
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* Pin pytest until we drop 2.6 (#721)Hynek Schlawack2017-11-281-1/+3
|
* define __all__ to make wildcard import work (#719)Nicolas Karolak2017-11-262-0/+128
|
* reopen master (#718)Paul Kehrer2017-11-212-1/+27
|
* Require urllib3 tests to pass; fixes #712 (#716)Alex Gaynor2017-11-221-3/+0
|
* bump to 17.4.0 (#714)17.4.0Paul Kehrer2017-11-212-2/+2
|
* restore a subset of the rand module (#708)Paul Kehrer2017-11-203-0/+81
| | | | | | | | | | * restore a subset of the rand module * flake * remove cleanup, go ahead and assume status will always be 1 * lighten and add power
* Don't use things after they're freed...duh (#709)Alex Gaynor2017-11-203-15/+40
| | | | | | | | * Don't use things after they're freed...duh * changelog * more details
* fix errors with latest flake8 (#710)Alex Gaynor2017-11-204-11/+15
| | | | | | | | | | * fix errors with latest flake8 * Also fix the macOS builds * fix? * allow urllib3 to fail for now
* Improve documentation for passphrase callback (#703)Diego Fernandez2017-10-122-3/+4
| | | Address issue #701
* 17.4.0.dev0 bump (#694)Paul Kehrer2017-09-132-1/+25
|
* bump version and update changelog (#693)17.3.0Paul Kehrer2017-09-132-3/+6
| | | | | | | | * bump version and update changelog * add changelog entries for the memory leak fixes * backticks
* Avoid a double call to X509_STORE_CTX_init as it leaks memory (#691)Jeremy Cline2017-09-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an issue where each instance of ``X509StoreContext`` would leak a small amount of memory, but only if ``verify_certificate`` was called. The reason for this is that ``X509_STORE_CTX_init`` is called in ``X509StoreContext.__init__`` and at the start of ``X509StoreContext.verify_certificate``. According to the man page for ``X509_STORE_CTX_init``: "X509_STORE_CTX_init() sets up ctx for a subsequent verification operation. It must be called before each call to X509_verify_cert(), i.e. a ctx is only good for one call to X509_verify_cert(); if you want to verify a second certificate with the same ctx then you must call X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before the second call to X509_verify_cert()." Prior to this commit, the following script would cause a memory leak: ``` from OpenSSL.crypto import ( X509Store, X509StoreContext, load_certificate, FILETYPE_PEM) certificate = """ -----BEGIN CERTIFICATE----- MIIESTCCA7KgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEg UHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNV BCkTBmZlZG1zZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5v cmcwHhcNMTIwNzE1MjExODUyWhcNMjIwNzEzMjExODUyWjCB2DELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRv cmEgUHJvamVjdDEPMA0GA1UECxMGZmVkbXNnMSswKQYDVQQDEyJzaGVsbC1hcHAw MS5waHgyLmZlZG9yYXByb2plY3Qub3JnMSswKQYDVQQpEyJzaGVsbC1hcHAwMS5w aHgyLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyV0ydvno pITmFs0kfploKj6nW0/COzp0rDwwvuWZF2KDdl1AeRWzfspOQOWIK5V+o2qxYA6t aiK4bPfylYL1IGIwlVP9ma5zwkRvWketWjGORp5B7g7oECQOBo3gnQt0Uf5TWAQ1 6Wn0bCrIQSqOWVKScK9vUk/oomUlAZbksEcCAwEAAaOCAVcwggFTMAkGA1UdEwQC MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 ZTAdBgNVHQ4EFgQUd3FXBbD2JW3qcmq+5VP7GcuxHF4wgdUGA1UdIwSBzTCByoAU AJil1efEVQ6Eo2f+ZkoW4AQV3SGhgaakgaMwgaAxCzAJBgNVBAYTAlVTMQswCQYD VQQIEwJOQzEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3JhIFByb2pl Y3QxDzANBgNVBAsTBmZlZG1zZzEPMA0GA1UEAxMGZmVkbXNnMQ8wDQYDVQQpEwZm ZWRtc2cxJjAkBgkqhkiG9w0BCQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnggkA juso2KkTnXwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqG SIb3DQEBBQUAA4GBABG1zG/lzYyz/phhROq6nzk3QUVeNGyxFdxxoB57j4xDi60y zy2yAYe9swqlL1Gk94/Zf/lLPFxOM+NinTOh/o6z0bEBBCufwFKiS+ug/pjsI o69vC03F21S0pquM8bQjcdoA5q5pdiY/Bq5HULmosyA+ENu69ovQGZZUiJb/ -----END CERTIFICATE----- """ ca_certificate = """ -----BEGIN CERTIFICATE----- MIIDyzCCAzSgAwIBAgIJAI7rKNipE518MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD VQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNVBAoT DkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZlZG1z ZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFw cm9qZWN0Lm9yZzAeFw0xMjA3MTUyMTE4NTFaFw0yMjA3MTMyMTE4NTFaMIGgMQsw CQYDVQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNV BAoTDkZlZG9yYSBQcm9qZWN0MQ8wDQYDVQQLEwZmZWRtc2cxDzANBgNVBAMTBmZl ZG1zZzEPMA0GA1UEKRMGZmVkbXNnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBmZWRv cmFwcm9qZWN0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9J6RmGr1 LzSJ5Fau2wdkVUiS5WXBcd0bNPyUJ9/G7t9SrycnLnEK4GQh2B525p4SCqvsHZtM 8rqii/Y2PPF5PbpgVjJLYsJk4SSv84aH+VPYcaEtYlPClXgHb3J9jgAxgHBHkJMQ 7mvxiIau7frKFqmJGZkxO2M+Sv8eLCKLJP8CAwEAAaOCAQkwggEFMB0GA1UdDgQW BBQAmKXV58RVDoSjZ/5mShbgBBXdITCB1QYDVR0jBIHNMIHKgBQAmKXV58RVDoSj Z/5mShbgBBXdIaGBpqSBozCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAw DgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEPMA0GA1UE CxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1zZzEmMCQG CSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmeCCQCO6yjYqROdfDAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAN5r+1rbeTyGDdlelbqWOXBu uS0a9BfusO0uwf3tHK9zeB5CDKFgxdfSZ+Fxg1w2HFRHhCOYoZ2ASPfbyANTzxUF fVAId1uhBD1SlhXpTb3Ndo4uXfalf3W8MrQzFiVHbevvfsyd+RwoVT/PDokE3i4A fftCd0uwvSqVgyE28SFt -----END CERTIFICATE----- """ ca_cert = load_certificate(FILETYPE_PEM, ca_certificate) cert = load_certificate(FILETYPE_PEM, certificate) cert_store = X509Store() cert_store.add_cert(ca_cert) while True: cert_store_context = X509StoreContext(cert_store, cert) cert_store_context.verify_certificate() ``` Moving the creation of ``X509StoreContext`` outside the loop stops the memory leak. Signed-off-by: Jeremy Cline <jeremy@jcline.org>
* Provide a destructor for the CRL object (#690)Jeremy Cline2017-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This frees the memory allocated for the CRL object. Prior to this commit, the following script would leak memory: ``` from OpenSSL.crypto import load_crl, FILETYPE_PEM crl = """ -----BEGIN X509 CRL----- MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA -----END X509 CRL----- """ for _ in range(0, 1000000): load_crl(FILETYPE_PEM, crl) ``` Signed-off-by: Jeremy Cline <jeremy@jcline.org>
* Fix another test to not hardcode TLSv1 (#683)Alex Gaynor2017-08-071-1/+1
|
* Don't use "TLSv1" as a default for loopback clients/servers (#682)Alex Gaynor2017-08-071-2/+2
| | | | | | * Don't use "TLSv1" as a default for loopback clients/servers * We're sticklers for spelling
* Delete rand.py (#675)Alex Gaynor2017-07-254-343/+6
|
* Drop py33 (#677)Alex Gaynor2017-07-254-10/+3
|
* Simplify test code (#679)Alex Gaynor2017-07-251-50/+1
| | | | | | * Simplify test code * fix
* Mark this test as flaky (#678)Alex Gaynor2017-07-241-0/+1
|
* Fixes #655 -- deprecate OpenSSL.tsafe (#673)Alex Gaynor2017-07-222-2/+9
| | | | | | * Fixes #655 -- deprecate OpenSSL.tsafe * changelog
* Start new release cycle (#672)Hynek Schlawack2017-07-202-1/+26
|
* Prepare 17.2.0 (#671)17.2.0Hynek Schlawack2017-07-202-2/+2
| | | | | | * Fix version * Prepare 17.2.0
* (EC)DSA signature fix (#670)Paul Kehrer2017-07-203-3/+47
| | | | | | | | | | | | | * Write a test - signatures with EC keys (#609) * Ask for signature length before allocating a buffer. This fixes a potential heap buffer overflow that may happen when a signature is longer than the private key, as with X9.62 ECDSA (#609). * change approach to EVP_PKEY_size and add changelog * add a small assert
* Bend some recent changes to standards (#669)Hynek Schlawack2017-07-205-21/+14
|
* document set_default_verify_paths caveats (#667)Paul Kehrer2017-07-191-2/+9
| | | | | | | | | | * document set_default_verify_paths caveats fixes #642 * add a bit more detail * weasel words
* add note about cryptography to crypto module (#666)Paul Kehrer2017-07-191-0/+10
| | | fixes #663
* fix #664 (#665)Paul Kehrer2017-07-192-2/+8
| | | | | | | | | | | | * fix #664 bytes and strings are different things. * update changelog * let's just make the sentinel values byte strings * flake8
* 101 doesn't work, just mark it flaky (#662)Alex Gaynor2017-07-061-1/+2
|
* move deps to extras (#661)Paul Kehrer2017-07-074-7/+16
| | | | | | * move deps to extras * this file is gone
* FIxed #266 -- attempt to deflake our tests (#660)Alex Gaynor2017-07-062-1/+7
| | | | | | * FIxed #266 -- attempt to deflake our tests * typo
* Fixed #657 -- handle OverflowErrors on large allocation requests (#659)Alex Gaynor2017-07-061-4/+4
| | | | | | * Fixed #657 -- handle OverflowErrors on large allocation requests * always be overflowing
* Fixed #631 -- deprecate all of OpenSSL.rand (#658)Alex Gaynor2017-07-064-43/+9
| | | | | | | | * Fixed #631 -- deprecate all of OpenSSL.rand * syntax fix * flake8
View Lorry Controller Status