Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pyca/cryptography
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 38.0.4
Choose a base ref
...
head repository: pyca/cryptography
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 39.0.0
Choose a head ref

Commits on Sep 7, 2022

  1. Copy the full SHA
    33c7553 View commit details
  2. Bump BoringSSL version to 2e295b91a3c441d32f985bef0dcff5e639f1f448 (#…

    …7569)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 7, 2022
    Copy the full SHA
    8bb67c4 View commit details
  3. Drop OpenSSL 1.1.0 (#7570)

    There's still a few TODOs for cleanup.
    
    Refs #7109
    alex authored Sep 7, 2022
    Copy the full SHA
    2cae24a View commit details
  4. Increase our minimum LibreSSL. (#7571)

    OpenBSD 7.0 ships 3.4, and Alpine 3.14 ships 3.3.6
    alex authored Sep 7, 2022
    Copy the full SHA
    9547b31 View commit details
  5. Copy the full SHA
    2b6e463 View commit details
  6. Copy the full SHA
    7f4b1a1 View commit details
  7. fix parsing for CRLs with TLVs > 65535 bytes (#7575)

    * add CRL test vector with 9,999 revoked items
    
    * bump rust-asn1
    
    * add large CRL test
    
    this tests CRLs larger than 65535 bytes in size. rust-asn1 supports up
    to 4GiB TLVs now, but we'll avoid putting a test vector that big for now
    reaperhulk authored Sep 7, 2022
    Copy the full SHA
    d518a18 View commit details
  8. Copy the full SHA
    b376fd2 View commit details

Commits on Sep 8, 2022

  1. Bump BoringSSL version to 9f426b60fabf5e5fec0a0a05120de19289ef1fdf (#…

    …7580)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 8, 2022
    Copy the full SHA
    2bda121 View commit details

Commits on Sep 9, 2022

  1. Bump BoringSSL version to 7b2795a323b41e7b148bcd6f6318d67efccb0ce4 (#…

    …7582)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 9, 2022
    Copy the full SHA
    05c2b78 View commit details
  2. Copy the full SHA
    1bc3d1c View commit details

Commits on Sep 10, 2022

  1. Bump BoringSSL version to 1b2b7b2e70ce5ff50df917ee7745403d824155c5 (#…

    …7585)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 10, 2022
    Copy the full SHA
    a76687c View commit details
  2. Copy the full SHA
    2a7be33 View commit details

Commits on Sep 11, 2022

  1. Copy the full SHA
    07fa80f View commit details
  2. Remove pyOpenSSL fallback. (#7590)

    We already require pyOpenSSL>=22.0, but pyOpenSSL has not required this fallback since 21.0.
    alex authored Sep 11, 2022
    Copy the full SHA
    af22226 View commit details
  3. Copy the full SHA
    52a4ff4 View commit details
  4. Copy the full SHA
    7b266ba View commit details
  5. Copy the full SHA
    2c3c6d2 View commit details
  6. Copy the full SHA
    8bc691f View commit details
  7. Copy the full SHA
    b564cd6 View commit details
  8. Copy the full SHA
    7989ea6 View commit details
  9. add more benchmarks for AEAD for upcoming optimizations (#7599)

    * add more benchmarks for AEAD for upcoming optimizations
    
    * black
    reaperhulk authored Sep 11, 2022
    Copy the full SHA
    66762b0 View commit details
  10. Copy the full SHA
    d480268 View commit details
  11. Remove destroy from FixedPool (#7602)

    turns out we don't need it
    alex authored Sep 11, 2022
    Copy the full SHA
    30114c6 View commit details

Commits on Sep 12, 2022

  1. use fixed pool to improve perf of aead ChaCha20Poly1305 (#7601)

    * use fixed pool to improve perf of aead ChaCha20Poly1305
    
    ~35-45% speedup on benchmarks when reusing the same key for multiple
    operations
    
    * remove unneeded call
    reaperhulk authored Sep 12, 2022
    Copy the full SHA
    d6382bb View commit details
  2. Copy the full SHA
    6ed6568 View commit details

Commits on Sep 13, 2022

  1. Bump js-sys from 0.3.59 to 0.3.60 in /src/rust (#7606)

    Bumps [js-sys](https://github.com/rustwasm/wasm-bindgen) from 0.3.59 to 0.3.60.
    - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
    - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/rustwasm/wasm-bindgen/commits)
    
    ---
    updated-dependencies:
    - dependency-name: js-sys
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 13, 2022
    Copy the full SHA
    f597470 View commit details
  2. Bump iana-time-zone from 0.1.47 to 0.1.48 in /src/rust (#7608)

    Bumps [iana-time-zone](https://github.com/strawlab/iana-time-zone) from 0.1.47 to 0.1.48.
    - [Release notes](https://github.com/strawlab/iana-time-zone/releases)
    - [Changelog](https://github.com/strawlab/iana-time-zone/blob/main/CHANGELOG.md)
    - [Commits](strawlab/iana-time-zone@v0.1.47...v0.1.48)
    
    ---
    updated-dependencies:
    - dependency-name: iana-time-zone
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 13, 2022
    Copy the full SHA
    7ddc077 View commit details
  3. Move to a libressl policy (#7605)

    This policy is to support things that are in supported versions of openbsd. the current oldest supported openbsd is 7.0, which included libressl 3.4
    alex authored Sep 13, 2022
    Copy the full SHA
    984bcb2 View commit details

Commits on Sep 14, 2022

  1. Bump BoringSSL version to 91e0b11eba517d83b910b20fe3740eeb39ecb37e (#…

    …7609)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 14, 2022
    Copy the full SHA
    a6d9661 View commit details
  2. Copy the full SHA
    ddcdc08 View commit details
  3. Copy the full SHA
    ed13a1c View commit details
  4. Copy the full SHA
    93a7f37 View commit details
  5. Bump unicode-ident from 1.0.3 to 1.0.4 in /src/rust (#7612)

    Bumps [unicode-ident](https://github.com/dtolnay/unicode-ident) from 1.0.3 to 1.0.4.
    - [Release notes](https://github.com/dtolnay/unicode-ident/releases)
    - [Commits](dtolnay/unicode-ident@1.0.3...1.0.4)
    
    ---
    updated-dependencies:
    - dependency-name: unicode-ident
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 14, 2022
    Copy the full SHA
    0938abf View commit details

Commits on Sep 15, 2022

  1. Bump BoringSSL version to 04989786e9ab16cef5261bbd05a2b1a8cb312dbf (#…

    …7615)
    
    Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
    pyca-boringbot[bot] and BoringSSL Bot authored Sep 15, 2022
    Copy the full SHA
    b95dd4a View commit details
  2. Copy the full SHA
    1ef786c View commit details

Commits on Sep 16, 2022

  1. Copy the full SHA
    2b9e230 View commit details

Commits on Sep 17, 2022

  1. Copy the full SHA
    6c6163f View commit details

Commits on Sep 18, 2022

  1. docs: update of ChaCha20 specification in hazmat (#7622)

    * docs: update of ChaCha20 specification in hazmat
    
    Clarification of the term nonce, because it is not clear to the user that is the concatenation of 4-byte counter and 12-byte nonce. That is important for compatibility with other implementations.
    
    * docs: reformat of ChaCha20 specification
    
    * Update docs/hazmat/primitives/symmetric-encryption.rst
    
    Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
    
    Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
    sec00re and alex authored Sep 18, 2022
    Copy the full SHA
    49d1e4f View commit details
  2. a new domain has decided to have an expired cert (#7623)

    the old one finally got fixed
    alex authored Sep 18, 2022
    Copy the full SHA
    9ca1d23 View commit details
  3. Copy the full SHA
    b90c53e View commit details
  4. Copy the full SHA
    6ff1f39 View commit details
  5. Copy the full SHA
    ab952d0 View commit details

Commits on Sep 19, 2022

  1. Bump ouroboros from 0.15.4 to 0.15.5 in /src/rust (#7626)

    Bumps [ouroboros](https://github.com/joshua-maros/ouroboros) from 0.15.4 to 0.15.5.
    - [Release notes](https://github.com/joshua-maros/ouroboros/releases)
    - [Commits](https://github.com/joshua-maros/ouroboros/commits)
    
    ---
    updated-dependencies:
    - dependency-name: ouroboros
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 19, 2022
    Copy the full SHA
    afff2c7 View commit details
  2. Bump syn from 1.0.99 to 1.0.100 in /src/rust (#7628)

    Bumps [syn](https://github.com/dtolnay/syn) from 1.0.99 to 1.0.100.
    - [Release notes](https://github.com/dtolnay/syn/releases)
    - [Commits](dtolnay/syn@1.0.99...1.0.100)
    
    ---
    updated-dependencies:
    - dependency-name: syn
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 19, 2022
    Copy the full SHA
    8b0fbee View commit details

Commits on Sep 20, 2022

  1. Bump libc from 0.2.132 to 0.2.133 in /src/rust (#7630)

    Bumps [libc](https://github.com/rust-lang/libc) from 0.2.132 to 0.2.133.
    - [Release notes](https://github.com/rust-lang/libc/releases)
    - [Commits](rust-lang/libc@0.2.132...0.2.133)
    
    ---
    updated-dependencies:
    - dependency-name: libc
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 20, 2022
    Copy the full SHA
    e3802d4 View commit details

Commits on Sep 21, 2022

  1. Bump lock_api from 0.4.8 to 0.4.9 in /src/rust (#7632)

    Bumps [lock_api](https://github.com/Amanieu/parking_lot) from 0.4.8 to 0.4.9.
    - [Release notes](https://github.com/Amanieu/parking_lot/releases)
    - [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
    - [Commits](Amanieu/parking_lot@lock_api-0.4.8...lock_api-0.4.9)
    
    ---
    updated-dependencies:
    - dependency-name: lock_api
      dependency-type: indirect
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 21, 2022
    Copy the full SHA
    1ceccd9 View commit details
  2. Copy the full SHA
    7b1460c View commit details
  3. Bump peter-evans/create-pull-request from 4.1.1 to 4.1.2 (#7634)

    Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.1.1 to 4.1.2.
    - [Release notes](https://github.com/peter-evans/create-pull-request/releases)
    - [Commits](peter-evans/create-pull-request@18f9043...171dd55)
    
    ---
    updated-dependencies:
    - dependency-name: peter-evans/create-pull-request
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Sep 21, 2022
    Copy the full SHA
    4fd171a View commit details

Commits on Sep 22, 2022

  1. Copy the full SHA
    f8d7320 View commit details
Showing with 7,435 additions and 2,455 deletions.
  1. +1 −0 .github/ISSUE_TEMPLATE/openssl-release.md
  2. +1 −1 .github/actions/upload-coverage/action.yml
  3. +2 −2 .github/downstream.d/certbot-josepy.sh
  4. +18 −0 .github/downstream.d/scapy.sh
  5. +23 −0 .github/workflows/auto-close-stale.yml
  6. +4 −4 .github/workflows/benchmark.yml
  7. +70 −0 .github/workflows/boring-open-version-bump.yml
  8. +0 −50 .github/workflows/boringssl-version-bump.yml
  9. +23 −4 .github/workflows/build_openssl.sh
  10. +94 −73 .github/workflows/ci.yml
  11. +0 −1 .github/workflows/download_openssl.py
  12. +1 −1 .github/workflows/lock.yml
  13. +3 −3 .github/workflows/macarm64.yml
  14. +72 −39 .github/workflows/wheel-builder.yml
  15. +87 −0 CHANGELOG.rst
  16. +3 −3 README.rst
  17. +0 −1 docs/_ext/cryptography-docs.py
  18. +5 −5 docs/conf.py
  19. +0 −1 docs/development/custom-vectors/arc4/generate_arc4.py
  20. +0 −1 docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
  21. +0 −1 docs/development/custom-vectors/secp256k1/generate_secp256k1.py
  22. +0 −1 docs/development/custom-vectors/secp256k1/verify_secp256k1.py
  23. +1 −1 docs/development/submitting-patches.rst
  24. +3 −0 docs/development/test-vectors.rst
  25. +5 −3 docs/doing-a-release.rst
  26. +26 −8 docs/faq.rst
  27. +3 −3 docs/fernet.rst
  28. +5 −0 docs/glossary.rst
  29. +20 −1 docs/hazmat/primitives/asymmetric/rsa.rst
  30. +35 −3 docs/hazmat/primitives/asymmetric/serialization.rst
  31. +2 −2 docs/hazmat/primitives/cryptographic-hashes.rst
  32. +2 −2 docs/hazmat/primitives/key-derivation-functions.rst
  33. +3 −3 docs/hazmat/primitives/symmetric-encryption.rst
  34. +12 −15 docs/installation.rst
  35. +9 −7 docs/limitations.rst
  36. +12 −0 docs/openssl.rst
  37. +2 −0 docs/spelling_wordlist.txt
  38. +31 −1 docs/x509/ocsp.rst
  39. +108 −0 docs/x509/reference.rst
  40. +17 −1 pyproject.toml
  41. +131 −26 release.py
  42. +4 −11 setup.cfg
  43. +6 −0 setup.py
  44. +1 −2 src/_cffi_src/build_openssl.py
  45. +4 −19 src/_cffi_src/openssl/asn1.py
  46. +4 −1 src/_cffi_src/openssl/bio.py
  47. +0 −18 src/_cffi_src/openssl/conf.py
  48. +1 −35 src/_cffi_src/openssl/crypto.py
  49. +32 −38 src/_cffi_src/openssl/cryptography.py
  50. +6 −128 src/_cffi_src/openssl/dh.py
  51. +0 −1 src/_cffi_src/openssl/dsa.py
  52. +17 −36 src/_cffi_src/openssl/evp.py
  53. +1 −1 src/_cffi_src/openssl/fips.py
  54. +8 −1 src/_cffi_src/openssl/rsa.py
  55. +15 −48 src/_cffi_src/openssl/src/osrandom_engine.c
  56. +1 −3 src/_cffi_src/openssl/src/osrandom_engine.h
  57. +24 −84 src/_cffi_src/openssl/ssl.py
  58. +8 −13 src/_cffi_src/openssl/x509.py
  59. +0 −13 src/_cffi_src/openssl/x509_vfy.py
  60. +7 −11 src/_cffi_src/openssl/x509name.py
  61. +2 −2 src/_cffi_src/openssl/x509v3.py
  62. +0 −1 src/_cffi_src/utils.py
  63. +1 −1 src/cryptography/__about__.py
  64. +4 −8 src/cryptography/__init__.py
  65. +1 −1 src/cryptography/fernet.py
  66. +8 −0 src/cryptography/hazmat/_oid.py
  67. +0 −1 src/cryptography/hazmat/backends/openssl/__init__.py
  68. +70 −15 src/cryptography/hazmat/backends/openssl/aead.py
  69. +122 −260 src/cryptography/hazmat/backends/openssl/backend.py
  70. +0 −1 src/cryptography/hazmat/backends/openssl/ciphers.py
  71. +1 −1 src/cryptography/hazmat/backends/openssl/cmac.py
  72. +1 −2 src/cryptography/hazmat/backends/openssl/dh.py
  73. +2 −5 src/cryptography/hazmat/backends/openssl/dsa.py
  74. +3 −3 src/cryptography/hazmat/backends/openssl/ed25519.py
  75. +1 −1 src/cryptography/hazmat/backends/openssl/ed448.py
  76. +0 −1 src/cryptography/hazmat/backends/openssl/hashes.py
  77. +0 −1 src/cryptography/hazmat/backends/openssl/hmac.py
  78. +0 −1 src/cryptography/hazmat/backends/openssl/poly1305.py
  79. +10 −8 src/cryptography/hazmat/backends/openssl/rsa.py
  80. +3 −3 src/cryptography/hazmat/backends/openssl/x25519.py
  81. +1 −1 src/cryptography/hazmat/backends/openssl/x448.py
  82. +0 −45 src/cryptography/hazmat/backends/openssl/x509.py
  83. +8 −3 src/cryptography/hazmat/bindings/_rust/__init__.pyi
  84. +2 −3 src/cryptography/hazmat/bindings/_rust/ocsp.pyi
  85. +15 −0 src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
  86. +3 −1 src/cryptography/hazmat/bindings/_rust/x509.pyi
  87. +16 −44 src/cryptography/hazmat/bindings/openssl/_conditional.py
  88. +45 −31 src/cryptography/hazmat/bindings/openssl/binding.py
  89. +2 −2 src/cryptography/hazmat/primitives/_asymmetric.py
  90. +8 −5 src/cryptography/hazmat/primitives/_cipheralgorithm.py
  91. +4 −3 src/cryptography/hazmat/primitives/asymmetric/dh.py
  92. +5 −5 src/cryptography/hazmat/primitives/asymmetric/dsa.py
  93. +15 −55 src/cryptography/hazmat/primitives/asymmetric/ec.py
  94. +0 −1 src/cryptography/hazmat/primitives/asymmetric/ed25519.py
  95. +14 −7 src/cryptography/hazmat/primitives/asymmetric/rsa.py
  96. +2 −3 src/cryptography/hazmat/primitives/asymmetric/types.py
  97. +0 −1 src/cryptography/hazmat/primitives/asymmetric/utils.py
  98. +0 −1 src/cryptography/hazmat/primitives/ciphers/__init__.py
  99. +16 −3 src/cryptography/hazmat/primitives/ciphers/aead.py
  100. +3 −3 src/cryptography/hazmat/primitives/ciphers/base.py
  101. +10 −5 src/cryptography/hazmat/primitives/ciphers/modes.py
  102. +2 −4 src/cryptography/hazmat/primitives/cmac.py
  103. +10 −8 src/cryptography/hazmat/primitives/hashes.py
  104. +1 −3 src/cryptography/hazmat/primitives/hmac.py
  105. +1 −4 src/cryptography/hazmat/primitives/kdf/concatkdf.py
  106. +1 −4 src/cryptography/hazmat/primitives/kdf/hkdf.py
  107. +0 −1 src/cryptography/hazmat/primitives/kdf/scrypt.py
  108. +1 −4 src/cryptography/hazmat/primitives/kdf/x963kdf.py
  109. +0 −1 src/cryptography/hazmat/primitives/serialization/__init__.py
  110. +10 −2 src/cryptography/hazmat/primitives/serialization/base.py
  111. +2 −4 src/cryptography/hazmat/primitives/serialization/pkcs12.py
  112. +51 −12 src/cryptography/hazmat/primitives/serialization/pkcs7.py
  113. +3 −1 src/cryptography/hazmat/primitives/serialization/ssh.py
  114. +1 −2 src/cryptography/hazmat/primitives/twofactor/hotp.py
  115. +1 −1 src/cryptography/hazmat/primitives/twofactor/totp.py
  116. +6 −32 src/cryptography/utils.py
  117. +9 −8 src/cryptography/x509/__init__.py
  118. +69 −35 src/cryptography/x509/base.py
  119. +16 −8 src/cryptography/x509/certificate_transparency.py
  120. +9 −10 src/cryptography/x509/extensions.py
  121. +2 −2 src/cryptography/x509/general_name.py
  122. +1 −3 src/cryptography/x509/name.py
  123. +111 −41 src/cryptography/x509/ocsp.py
  124. +2 −3 src/cryptography/x509/oid.py
  125. +156 −47 src/rust/Cargo.lock
  126. +1 −1 src/rust/Cargo.toml
  127. +34 −0 src/rust/src/asn1.rs
  128. +6 −1 src/rust/src/lib.rs
  129. +4 −0 src/rust/src/oid.rs
  130. +385 −0 src/rust/src/pkcs7.rs
  131. +2 −22 src/rust/src/pool.rs
  132. +25 −47 src/rust/src/x509/certificate.rs
  133. +4 −5 src/rust/src/x509/common.rs
  134. +5 −48 src/rust/src/x509/crl.rs
  135. +14 −56 src/rust/src/x509/csr.rs
  136. +2 −2 src/rust/src/x509/mod.rs
  137. +21 −0 src/rust/src/x509/ocsp.rs
  138. +36 −3 src/rust/src/x509/ocsp_req.rs
  139. +205 −206 src/rust/src/x509/ocsp_resp.rs
  140. +0 −4 src/rust/src/x509/oid.rs
  141. +0 −47 src/rust/src/x509/sign.rs
  142. +86 −2 tests/bench/test_aead.py
  143. +0 −9 tests/conftest.py
  144. +8 −58 tests/hazmat/backends/test_openssl.py
  145. +25 −52 tests/hazmat/backends/test_openssl_memleak.py
  146. +7 −1 tests/hazmat/bindings/test_openssl.py
  147. +0 −1 tests/hazmat/primitives/fixtures_dsa.py
  148. +0 −1 tests/hazmat/primitives/fixtures_ec.py
  149. +0 −1 tests/hazmat/primitives/fixtures_rsa.py
  150. +1 −1 tests/hazmat/primitives/test_3des.py
  151. +12 −2 tests/hazmat/primitives/test_aead.py
  152. +1 −1 tests/hazmat/primitives/test_aes.py
  153. +1 −1 tests/hazmat/primitives/test_aes_gcm.py
  154. +1 −1 tests/hazmat/primitives/test_arc4.py
  155. +2 −2 tests/hazmat/primitives/test_block.py
  156. +1 −1 tests/hazmat/primitives/test_blowfish.py
  157. +1 −1 tests/hazmat/primitives/test_camellia.py
  158. +1 −1 tests/hazmat/primitives/test_cast5.py
  159. +1 −1 tests/hazmat/primitives/test_chacha20.py
  160. +2 −9 tests/hazmat/primitives/test_cmac.py
  161. +4 −2 tests/hazmat/primitives/test_concatkdf.py
  162. +5 −1 tests/hazmat/primitives/test_dh.py
  163. +2 −2 tests/hazmat/primitives/test_dsa.py
  164. +6 −72 tests/hazmat/primitives/test_ec.py
  165. +1 −1 tests/hazmat/primitives/test_hash_vectors.py
  166. +1 −1 tests/hazmat/primitives/test_hashes.py
  167. +1 −4 tests/hazmat/primitives/test_hkdf.py
  168. +1 −1 tests/hazmat/primitives/test_hkdf_vectors.py
  169. +1 −1 tests/hazmat/primitives/test_hmac.py
  170. +1 −1 tests/hazmat/primitives/test_hmac_vectors.py
  171. +1 −1 tests/hazmat/primitives/test_idea.py
  172. +1 −1 tests/hazmat/primitives/test_kbkdf.py
  173. +1 −1 tests/hazmat/primitives/test_kbkdf_vectors.py
  174. +1 −1 tests/hazmat/primitives/test_keywrap.py
  175. +1 −1 tests/hazmat/primitives/test_pbkdf2hmac_vectors.py
  176. +1 −1 tests/hazmat/primitives/test_pkcs12.py
  177. +5 −9 tests/hazmat/primitives/test_pkcs7.py
  178. +27 −33 tests/hazmat/primitives/test_rsa.py
  179. +2 −6 tests/hazmat/primitives/test_scrypt.py
  180. +1 −1 tests/hazmat/primitives/test_seed.py
  181. +5 −9 tests/hazmat/primitives/test_serialization.py
  182. +1 −1 tests/hazmat/primitives/test_sm4.py
  183. +1 −4 tests/hazmat/primitives/twofactor/test_hotp.py
  184. +1 −4 tests/hazmat/primitives/twofactor/test_totp.py
  185. +1 −6 tests/hazmat/primitives/utils.py
  186. +10 −0 tests/hazmat/test_oid.py
  187. +4 −4 tests/test_cryptography_utils.py
  188. +1 −4 tests/test_fernet.py
  189. +2 −62 tests/test_interfaces.py
  190. +4 −12 tests/test_rust_utils.py
  191. +1 −3 tests/test_utils.py
  192. +1 −3 tests/utils.py
  193. +1 −1 tests/wycheproof/test_aes.py
  194. +1 −1 tests/wycheproof/test_chacha20poly1305.py
  195. +0 −1 tests/wycheproof/test_dsa.py
  196. +1 −2 tests/wycheproof/test_ecdh.py
  197. +0 −1 tests/wycheproof/test_ecdsa.py
  198. +1 −1 tests/wycheproof/test_eddsa.py
  199. +0 −1 tests/wycheproof/test_hkdf.py
  200. +0 −1 tests/wycheproof/test_hmac.py
  201. +18 −6 tests/wycheproof/test_rsa.py
  202. +1 −3 tests/wycheproof/utils.py
  203. +68 −3 tests/x509/test_ocsp.py
  204. +39 −72 tests/x509/test_x509.py
  205. +3 −4 tests/x509/test_x509_crlbuilder.py
  206. +5 −2 tests/x509/test_x509_ext.py
  207. +0 −1 tests/x509/test_x509_revokedcertbuilder.py
  208. +19 −3 tox.ini
  209. +1 −1 vectors/cryptography_vectors/__about__.py
  210. +0 −1 vectors/cryptography_vectors/__init__.py
  211. +69 −0 vectors/cryptography_vectors/x509/cryptography.io.chain_with_garbage.pem
  212. +4,382 −0 vectors/cryptography_vectors/x509/custom/crl_almost_10k.pem
  213. +0 −1 vectors/setup.py
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE/openssl-release.md
Original file line number Diff line number Diff line change
@@ -4,5 +4,6 @@
- [ ] Wait for the Github Actions job to complete
- [ ] Changelog entry
- [ ] Release
- [ ] File Github Security Advisory indicating which releases are impacted (if OpenSSL release is fixing a vulnerability)
- [ ] Send announcement to mailing lists
- [ ] Forward port changelog entry (if releasing from release branch)
2 changes: 1 addition & 1 deletion .github/actions/upload-coverage/action.yml
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ runs:
steps:
- run: |
COVERAGE_UUID=$(python3 -c "import uuid; print(uuid.uuid4())")
echo "::set-output name=COVERAGE_UUID::${COVERAGE_UUID}"
echo "COVERAGE_UUID=${COVERAGE_UUID}" >> $GITHUB_OUTPUT
if [ -f .coverage ]; then
mv .coverage .coverage.${COVERAGE_UUID}
fi
4 changes: 2 additions & 2 deletions .github/downstream.d/certbot-josepy.sh
Original file line number Diff line number Diff line change
@@ -5,8 +5,8 @@ case "${1}" in
git clone --depth=1 https://github.com/certbot/josepy
cd josepy
git rev-parse HEAD
curl -sSL https://install.python-poetry.org | python3 - --version=1.1.15
"${HOME}/.local/bin/poetry" export -f requirements.txt --dev --without-hashes -o constraints.txt
curl -sSL https://install.python-poetry.org | python3 -
"${HOME}/.local/bin/poetry" export -f constraints.txt --dev --without-hashes -o constraints.txt
pip install -e . pytest -c constraints.txt
;;
run)
18 changes: 18 additions & 0 deletions .github/downstream.d/scapy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash -ex

case "${1}" in
install)
git clone --depth=1 https://github.com/secdev/scapy
cd scapy
git rev-parse HEAD
pip install tox
;;
run)
cd scapy
# this tox case uses sitepackages=true to use local cryptography
tox -qe cryptography
;;
*)
exit 1
;;
esac
23 changes: 23 additions & 0 deletions .github/workflows/auto-close-stale.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Auto-close stale issues
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'

permissions:
issues: "write"
pull-requests: "write"

jobs:
auto-close:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v7.0.0
with:
only-labels: waiting-on-reporter
days-before-stale: 5
days-before-close: 7
stale-issue-message: "This issue has been waiting for a reporter response for 5 days. It will be auto-closed if no activity occurs in the next week."
close-issue-message: "This issue has not received a reporter response and has been auto-closed. If the issue is still relevant please leave a comment and we can reopen it."
close-issue-reason: completed
8 changes: 4 additions & 4 deletions .github/workflows/benchmark.yml
Original file line number Diff line number Diff line change
@@ -14,12 +14,12 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.2.0
timeout-minutes: 3
with:
persist-credentials: false
path: "cryptography-pr"
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.2.0
timeout-minutes: 3
with:
repository: "pyca/cryptography"
@@ -28,9 +28,9 @@ jobs:

- name: Setup python
id: setup-python
uses: actions/setup-python@v4.2.0
uses: actions/setup-python@v4.4.0
with:
python-version: "3.10"
python-version: "3.11"

- name: Create virtualenv (main)
run: |
70 changes: 70 additions & 0 deletions .github/workflows/boring-open-version-bump.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: Bump BoringSSL and/or OpenSSL
permissions:
contents: read

on:
workflow_dispatch:
schedule:
# Run daily
- cron: "0 0 * * *"

jobs:
bump:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.2.0
- id: check-sha-boring
run: |
SHA=$(git ls-remote https://boringssl.googlesource.com/boringssl refs/heads/master | cut -f1)
LAST_COMMIT=$(grep boringssl .github/workflows/ci.yml | grep TYPE | grep -oE '[a-f0-9]{40}')
if ! grep -q "$SHA" .github/workflows/ci.yml; then
echo "COMMIT_SHA=${SHA}" >> $GITHUB_OUTPUT
echo "COMMIT_MSG<<EOF" >> $GITHUB_OUTPUT
echo -e "## BoringSSL\n[Commit: ${SHA}](https://boringssl.googlesource.com/boringssl/+/${SHA})\n\n[Diff](https://boringssl.googlesource.com/boringssl/+/${LAST_COMMIT}..${SHA}) between the last commit hash merged to this repository and the new commit." >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- id: check-sha-openssl
run: |
SHA=$(git ls-remote https://github.com/openssl/openssl refs/heads/master | cut -f1)
LAST_COMMIT=$(grep openssl .github/workflows/ci.yml | grep TYPE | grep -oE '[a-f0-9]{40}')
if ! grep -q "$SHA" .github/workflows/ci.yml; then
echo "COMMIT_SHA=${SHA}" >> $GITHUB_OUTPUT
echo "COMMIT_MSG<<EOF" >> $GITHUB_OUTPUT
echo -e "## OpenSSL\n[Commit: ${SHA}](https://github.com/openssl/openssl/commit/${SHA})\n\n[Diff](https://github.com/openssl/openssl/compare/${LAST_COMMIT}...${SHA}) between the last commit hash merged to this repository and the new commit." >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- name: Update boring
run: |
set -xe
CURRENT_DATE=$(date "+%b %d, %Y")
sed -E -i "s/Latest commit on the BoringSSL master branch.*/Latest commit on the BoringSSL master branch, as of ${CURRENT_DATE}./" .github/workflows/ci.yml
sed -E -i "s/TYPE: \"boringssl\", VERSION: \"[0-9a-f]{40}\"/TYPE: \"boringssl\", VERSION: \"${{ steps.check-sha-boring.outputs.COMMIT_SHA }}\"/" .github/workflows/ci.yml
git status
if: steps.check-sha-boring.outputs.COMMIT_SHA
- name: Update OpenSSL
run: |
set -xe
CURRENT_DATE=$(date "+%b %d, %Y")
sed -E -i "s/Latest commit on the OpenSSL master branch.*/Latest commit on the OpenSSL master branch, as of ${CURRENT_DATE}./" .github/workflows/ci.yml
sed -E -i "s/TYPE: \"openssl\", VERSION: \"[0-9a-f]{40}\"/TYPE: \"openssl\", VERSION: \"${{ steps.check-sha-openssl.outputs.COMMIT_SHA }}\"/" .github/workflows/ci.yml
git status
if: steps.check-sha-openssl.outputs.COMMIT_SHA
- uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c
id: generate-token
with:
app_id: ${{ secrets.BORINGBOT_APP_ID }}
private_key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
if: steps.check-sha-boring.outputs.COMMIT_SHA || steps.check-sha-openssl.outputs.COMMIT_SHA
- name: Create Pull Request
uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04
with:
commit-message: "Bump BoringSSL and/or OpenSSL in CI"
title: "Bump BoringSSL and/or OpenSSL in CI"
author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
body: |
${{ steps.check-sha-boring.outputs.COMMIT_MSG }}
${{ steps.check-sha-openssl.outputs.COMMIT_MSG }}
token: ${{ steps.generate-token.outputs.token }}
if: steps.check-sha-boring.outputs.COMMIT_SHA || steps.check-sha-openssl.outputs.COMMIT_SHA
50 changes: 0 additions & 50 deletions .github/workflows/boringssl-version-bump.yml

This file was deleted.

27 changes: 23 additions & 4 deletions .github/workflows/build_openssl.sh
Original file line number Diff line number Diff line change
@@ -9,14 +9,33 @@ shlib_sed() {
sed -i "s/^SHLIB_MINOR=.*/SHLIB_MINOR=0.0/" Makefile
sed -i "s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=100.0.0/" Makefile
}
shlib_sed_3() {
# OpenSSL 3 changes how it does the shlib versioning
sed -i "s/^SHLIB_VERSION=.*/SHLIB_VERSION=100/" VERSION.dat
}

if [[ "${TYPE}" == "openssl" ]]; then
curl -O "https://www.openssl.org/source/openssl-${VERSION}.tar.gz"
tar zxf "openssl-${VERSION}.tar.gz"
pushd "openssl-${VERSION}"
if [[ "${VERSION}" =~ ^[0-9a-f]{40}$ ]]; then
git clone https://github.com/openssl/openssl
pushd openssl
git checkout "${VERSION}"
else
curl -O "https://www.openssl.org/source/openssl-${VERSION}.tar.gz"
tar zxf "openssl-${VERSION}.tar.gz"
pushd "openssl-${VERSION}"
fi
# For OpenSSL 3 we need to call this before config
if [[ "${VERSION}" =~ ^3. ]] || [[ "${VERSION}" =~ ^[0-9a-f]{40}$ ]]; then
shlib_sed_3
fi

# CONFIG_FLAGS is a global coming from a previous step
./config ${CONFIG_FLAGS} -fPIC --prefix="${OSSL_PATH}"
shlib_sed

# For OpenSSL 1 we need to call this after config
if [[ "${VERSION}" =~ ^1. ]]; then
shlib_sed
fi
make depend
make -j"$(nproc)"
# avoid installing the docs (for performance)
Loading