| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make an ocsp request
* update test, add docs
* make it an OCSPRequestBuilder
* review feedback and more tests
* make it a class
* empty commit to retrigger
* type check
|
| | |
|
| |
|
|
|
|
| |
* Fixes #4408 -- added an FAQ about abi3 wheels
* abi3 is a word, sort of
|
| | |
|
| |
|
|
|
|
| |
* Mention that PyCA also maintains pynacl
* line wrap
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test openssl 1.1.1
* let's see what a 1.1.1 pyopenssl does
* 1.1.1-pre8
* pre9
* docs and test more things
* 3.7 needs xenial
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Do conditional compiling of Cryptography_setup_ssl_threads
* Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks
Check if compiling and initing locking callbacks is necessary
PEP8 fix
* Make test_crypto_lock_init more complete
|
| |
|
|
|
|
| |
* Don't clone wycheproof if we're doing a downstream test
* you and your rules
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix encoding errors in RSA test keys.
enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:
The object identifier rsaEncryption identifies RSA public and private
keys as defined in Appendices A.1.1 and A.1.2. The parameters field
has associated with this OID in a value of type AlgorithmIdentifier
SHALL have a value of type NULL.
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.
Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.
I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.
* Update test-vectors.rst.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* remove freebsd11 builder
it's out of date, we can't update it, and it is unreliable
* we don't test against freebsd for now
* what did case sensitivity ever do for me
* don't assert on bsd since we don't test on for now
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add public_bytes to OCSPRequest
* review feedback
* OCSP request parsing
* change some prose
* add __len__ as a required method
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Document wycheproof revision we're current as of
* Wycheproof is a real word!
* line length
|
| |
|
|
|
|
|
|
| |
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
* cover this file as well
|
| |
|
|
|
|
|
|
| |
at one directory (#4391)
* Fixes #4388 -- when running the aws-encryption-sdk tests only point pytest at one directory
* Drop -l, there's no purpose for how we use these
|
| | |
|
| |
|
|
|
|
|
|
| |
* make a certificate expire a few years in the future, fixes doctests
👋 to future alex when this test breaks in two years
* short lived certs are a good idea
|
| | |
|
| |
|
|
|
|
| |
* Refs #4375 -- integrate wycheproof AES CCM tests
* Skip these tests if we don't have CCM support
|
| |
|
|
|
|
|
|
| |
* updated tests for upstream wycheproof changes
* Updated AES tests
* oops, flake8
|
| |
|
|
|
| |
We already have coverage of the U-label deprecation warnings in
test_x509_ext.py; see TestRFC822Name.test_idna and
TestUniformResourceIdentifier.test_idna_no_port
|
| |
|
|
|
|
|
| |
The remaining calls to `signer()` and `verifier()` are exercising the
deprecated API intentionally. Let's test that the deprecation warnings
are being raised as expected.
Closes #4311; see also #4314.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PyPy (#4364)
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1.
* Add placeholders for other versions
* Remove parameter names
* LibreSSL 2.7 has the new functions
* Add entries in _conditional.py
* SSL_CIPHER_get_id returns int, not char*
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Refs #3331 -- integrated wycheproof ECDH tests
* flake8 + missing assert
* Handle this error case
* skip on unsupported
* shouldn't need to try here any more
|
| | |
|
| |
|
|
|
|
| |
* add wycheproof gcm tests
* add AEAD test
|
| | |
|
| |
|
|
|
|
| |
* also check iv length for GCM nonce in AEAD
* ugh
|
| | |
|
| |
|
|
|
|
|
|
| |
* add chacha20poly1305 wycheproof tests
* flake8
* review
|
| |
|
|
|
|
| |
* add wycheproof tests for AES CMAC
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Refs #3331 -- integrated wycheproof ECDSA tests
* Also handle these key loading errors
* review
* empty commit to trigger jenkins
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add crl.get_revoked_certificate method
* lexicographic is the best ographic
* rename
|
