| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
* ocsp response abc
* collapse SingleReponse into OCSPResponse now that we only support one
* split responder_id into two properties, add tbs_response_bytes
* typo
* rename one method and add a mapping we'll need shortly
|
| |
|
|
|
|
|
|
| |
* refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixed a memory leak in x.509 OCSP no check
* Fix the _actual_ leak
* Speed up symbolizations
* Disable backtrace by default, because it doesn't work on Windows
* line length
|
| |
|
|
|
|
|
|
|
|
| |
dependencies (#4441)
* lock aws-encryption-sdk and dynamodb-encryption-sdk downstream tests to frozen dependencies
* explicitly identify test directory in dynanmodb-encryption-sdk downstream tests
* install the frozen dependencies after installing the package to force dependencies to the frozen set
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* fixed test name
* spelling is hard
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* reorganize downstream tests
* fix run.sh syntax
* add instructions for adding more downstream tests
* rework downstream CI test guide into rst readme
* remove unnecessary example test handler
* all test handlers should "exit 1" if an unexpected argument is received
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#4429)
* Fixes #4357 -- document the additional release steps for a security release
* One additional step
* Fix a few typos
* this is a word
* link these
|
| | |
|
| |
|
|
|
|
| |
* Update our security documentation to match what we actually do
* If you stand for nothing Burr, what will you fall for?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make an ocsp request
* update test, add docs
* make it an OCSPRequestBuilder
* review feedback and more tests
* make it a class
* empty commit to retrigger
* type check
|
| | |
|
| |
|
|
|
|
| |
* Fixes #4408 -- added an FAQ about abi3 wheels
* abi3 is a word, sort of
|
| | |
|
| |
|
|
|
|
| |
* Mention that PyCA also maintains pynacl
* line wrap
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test openssl 1.1.1
* let's see what a 1.1.1 pyopenssl does
* 1.1.1-pre8
* pre9
* docs and test more things
* 3.7 needs xenial
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Do conditional compiling of Cryptography_setup_ssl_threads
* Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks
Check if compiling and initing locking callbacks is necessary
PEP8 fix
* Make test_crypto_lock_init more complete
|
| |
|
|
|
|
| |
* Don't clone wycheproof if we're doing a downstream test
* you and your rules
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix encoding errors in RSA test keys.
enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:
The object identifier rsaEncryption identifies RSA public and private
keys as defined in Appendices A.1.1 and A.1.2. The parameters field
has associated with this OID in a value of type AlgorithmIdentifier
SHALL have a value of type NULL.
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.
Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.
I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.
* Update test-vectors.rst.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* remove freebsd11 builder
it's out of date, we can't update it, and it is unreliable
* we don't test against freebsd for now
* what did case sensitivity ever do for me
* don't assert on bsd since we don't test on for now
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add public_bytes to OCSPRequest
* review feedback
* OCSP request parsing
* change some prose
* add __len__ as a required method
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Document wycheproof revision we're current as of
* Wycheproof is a real word!
* line length
|
| |
|
|
|
|
|
|
| |
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
* cover this file as well
|
| |
|
|
|
|
|
|
| |
at one directory (#4391)
* Fixes #4388 -- when running the aws-encryption-sdk tests only point pytest at one directory
* Drop -l, there's no purpose for how we use these
|
| | |
|
| |
|
|
|
|
|
|
| |
* make a certificate expire a few years in the future, fixes doctests
👋 to future alex when this test breaks in two years
* short lived certs are a good idea
|
| | |
|
| |
|
|
|
|
| |
* Refs #4375 -- integrate wycheproof AES CCM tests
* Skip these tests if we don't have CCM support
|
| |
|
|
|
|
|
|
| |
* updated tests for upstream wycheproof changes
* Updated AES tests
* oops, flake8
|
| |
|
|
|
| |
We already have coverage of the U-label deprecation warnings in
test_x509_ext.py; see TestRFC822Name.test_idna and
TestUniformResourceIdentifier.test_idna_no_port
|
| |
|
|
|
|
|
| |
The remaining calls to `signer()` and `verifier()` are exercising the
deprecated API intentionally. Let's test that the deprecation warnings
are being raised as expected.
Closes #4311; see also #4314.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PyPy (#4364)
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1.
* Add placeholders for other versions
* Remove parameter names
* LibreSSL 2.7 has the new functions
* Add entries in _conditional.py
* SSL_CIPHER_get_id returns int, not char*
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Refs #3331 -- integrated wycheproof ECDH tests
* flake8 + missing assert
* Handle this error case
* skip on unsupported
* shouldn't need to try here any more
|
