Export keying material support #725
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alex
reviewed
Nov 30, 2017
src/OpenSSL/SSL.py
Outdated
| :return the exported key material bytes or None | ||
| """ | ||
| outp = _no_zero_allocator("unsigned char[]", olen) | ||
| context_buf, context_len, use_context, success = _ffi.NULL, 0, 0, 0 |
There was a problem hiding this comment.
Use normal assignment, not unpacking.
alex
reviewed
Nov 30, 2017
| label, len(label), | ||
| context_buf, context_len, | ||
| use_context) | ||
| _openssl_assert(success == 1) |
There was a problem hiding this comment.
This function has error conditions on SSLv3 and some DTLS nonsense I didn't read very closely. Do we need to handle them?
alex
reviewed
Nov 30, 2017
Codecov Report
@@ Coverage Diff @@
## master #725 +/- ##
==========================================
+ Coverage 97.04% 97.05% +0.01%
==========================================
Files 18 18
Lines 5682 5711 +29
Branches 394 395 +1
==========================================
+ Hits 5514 5543 +29
Misses 112 112
Partials 56 56
Continue to review full report at Codecov.
|
alex
approved these changes
Nov 30, 2017
bors-fusion bot
referenced
this pull request
in fusionapp/fusion-index
Dec 6, 2017
170: Scheduled weekly dependency update for week 49 r=mithrandi a=pyup-bot
## Updates
Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.
<table align="center">
<tr>
<td><b>cryptography</b></td>
<td align="center">2.1.3</td>
<td align="center">»</td>
<td align="center">2.1.4</td>
<td>
<a href="https://pypi.python.org/pypi/cryptography">PyPI</a> | <a href="https://pyup.io/changelogs/cryptography/">Changelog</a> | <a href="https://github.com/pyca/cryptography">Repo</a>
</td>
<tr>
<td><b>eliot</b></td>
<td align="center">1.2.0</td>
<td align="center">»</td>
<td align="center">1.3.0</td>
<td>
<a href="https://pypi.python.org/pypi/eliot">PyPI</a> | <a href="https://pyup.io/changelogs/eliot/">Changelog</a> | <a href="https://github.com/ClusterHQ/eliot/">Repo</a>
</td>
<tr>
<td><b>hypothesis</b></td>
<td align="center">3.38.5</td>
<td align="center">»</td>
<td align="center">3.40.1</td>
<td>
<a href="https://pypi.python.org/pypi/hypothesis">PyPI</a> | <a href="https://pyup.io/changelogs/hypothesis/">Changelog</a> | <a href="https://github.com/HypothesisWorks/hypothesis/issues">Repo</a>
</td>
<tr>
<td><b>pyopenssl</b></td>
<td align="center">17.4.0</td>
<td align="center">»</td>
<td align="center">17.5.0</td>
<td>
<a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a>
</td>
</tr>
</table>
## Changelogs
### eliot 1.2.0 -> 1.3.0
>### 1.3.0
### hypothesis 3.38.5 -> 3.40.1
>### 3.40.1
>-------------------
>This release makes two changes:
>* It makes the calculation of some of the metadata that Hypothesis uses for
> shrinking occur lazily. This should speed up performance of test case
> generation a bit because it no longer calculates information it doesn't need.
>* It improves the shrinker for certain classes of nested examples. e.g. when
> shrinking lists of lists, the shrinker is now able to concatenate two
> adjacent lists together into a single list. As a result of this change,
> shrinking may get somewhat slower when the minimal example found is large.
>-------------------
>### 3.40.0
>-------------------
>This release improves how various ways of seeding Hypothesis interact with the
>example database:
>* Using the example database with :func:`~hypothesis.seed` is now deprecated.
> You should set ``database=None`` if you are doing that. This will only warn
> if you actually load examples from the database while using ``seed``.
>* The :attr:`~hypothesis.settings.derandomize` will behave the same way as
> ``seed``.
>* Using ``--hypothesis-seed`` will disable use of the database.
>* If a test used examples from the database, it will not suggest using a seed
> to reproduce it, because that won't work.
>This work was funded by `Smarkets <https://smarkets.com/>`_.
>-------------------
>### 3.39.0
>-------------------
>This release adds a new health check that checks if the smallest "natural"
>possible example of your test case is very large - this will tend to cause
>Hypothesis to generate bad examples and be quite slow.
>This work was funded by `Smarkets <https://smarkets.com/>`_.
>-------------------
>### 3.38.9
>-------------------
>This is a documentation release to improve the documentation of shrinking
>behaviour for Hypothesis's strategies.
>-------------------
>### 3.38.8
>-------------------
>This release improves the performance of
>:func:`~hypothesis.strategies.characters` when using ``blacklist_characters``
>and :func:`~hypothesis.strategies.from_regex` when using negative character
>classes.
>The problems this fixes were found in the course of work funded by
>`Smarkets <https://smarkets.com/>`_.
>-------------------
>### 3.38.7
>-------------------
>This is a patch release for :func:`~hypothesis.strategies.from_regex`, which
>had a bug in handling of the :obj:`python:re.VERBOSE` flag (:issue:`992`).
>Flags are now handled correctly when parsing regex.
>-------------------
>### 3.38.6
>-------------------
>This patch changes a few byte-string literals from double to single quotes,
>thanks to an update in :pypi:`unify`. There are no user-visible changes.
>-------------------
### pyopenssl 17.4.0 -> 17.5.0
>### 17.5.0
>-------------------
>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>* The minimum ``cryptography`` version is now 2.1.4.
>Deprecations:
>^^^^^^^^^^^^^
>*none*
>Changes:
>^^^^^^^^
>- Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with ``cacerts``.
> `723 <https://github.com/pyca/pyopenssl/pull/723>`_
>- Added ``Connection.export_keying_material`` for RFC 5705 compatible export of keying material.
> `725 <https://github.com/pyca/pyopenssl/pull/725>`_
>----
That's it for now!
Happy merging! 🤖
bors-fusion bot
referenced
this pull request
in fusionapp/entropy
Dec 6, 2017
163: Scheduled weekly dependency update for week 49 r=mithrandi a=pyup-bot
## Updates
Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.
<table align="center">
<tr>
<td><b>cryptography</b></td>
<td align="center">2.1.3</td>
<td align="center">»</td>
<td align="center">2.1.4</td>
<td>
<a href="https://pypi.python.org/pypi/cryptography">PyPI</a> | <a href="https://pyup.io/changelogs/cryptography/">Changelog</a> | <a href="https://github.com/pyca/cryptography">Repo</a>
</td>
<tr>
<td><b>pyopenssl</b></td>
<td align="center">17.4.0</td>
<td align="center">»</td>
<td align="center">17.5.0</td>
<td>
<a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a>
</td>
</tr>
</table>
## Changelogs
### pyopenssl 17.4.0 -> 17.5.0
>### 17.5.0
>-------------------
>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>* The minimum ``cryptography`` version is now 2.1.4.
>Deprecations:
>^^^^^^^^^^^^^
>*none*
>Changes:
>^^^^^^^^
>- Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with ``cacerts``.
> `723 <https://github.com/pyca/pyopenssl/pull/723>`_
>- Added ``Connection.export_keying_material`` for RFC 5705 compatible export of keying material.
> `725 <https://github.com/pyca/pyopenssl/pull/725>`_
>----
That's it for now!
Happy merging! 🤖
bors-fusion bot
referenced
this pull request
in fusionapp/documint
Dec 6, 2017
121: Scheduled weekly dependency update for week 49 r=mithrandi a=pyup-bot
## Updates
Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.
<table align="center">
<tr>
<td><b>cryptography</b></td>
<td align="center">2.1.3</td>
<td align="center">»</td>
<td align="center">2.1.4</td>
<td>
<a href="https://pypi.python.org/pypi/cryptography">PyPI</a> | <a href="https://pyup.io/changelogs/cryptography/">Changelog</a> | <a href="https://github.com/pyca/cryptography">Repo</a>
</td>
<tr>
<td><b>pyopenssl</b></td>
<td align="center">17.4.0</td>
<td align="center">»</td>
<td align="center">17.5.0</td>
<td>
<a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a>
</td>
</tr>
</table>
## Changelogs
### pyopenssl 17.4.0 -> 17.5.0
>### 17.5.0
>-------------------
>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>* The minimum ``cryptography`` version is now 2.1.4.
>Deprecations:
>^^^^^^^^^^^^^
>*none*
>Changes:
>^^^^^^^^
>- Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with ``cacerts``.
> `723 <https://github.com/pyca/pyopenssl/pull/723>`_
>- Added ``Connection.export_keying_material`` for RFC 5705 compatible export of keying material.
> `725 <https://github.com/pyca/pyopenssl/pull/725>`_
>----
That's it for now!
Happy merging! 🤖
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Continued from #686. Huge thanks to @kelbyludwig for doing all the work here.