| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
* changelog for byteslike
* bertter prose
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback
|
|
|
|
|
|
| |
* add signature_hash_algorithm to OCSPResponse
* fix pointless asserts
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* compressed point support
* refactor to use oct2point directly
* small docs change
* remove deprecation for the moment and a bit of review feedback
* no backend arg, implicitly import it
* missed a spot
* double oops
* remove superfluous call
* use refactored method
* use vector file
* one last item
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
|
|
|
|
| |
(#4304)
|
|
|
|
|
|
|
|
|
|
| |
* remove idna as a primary dependency
* empty commit
* dynamodb test fix (thanks to Matt Bullock)
* review feedback
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* IssuingDistributionPoint support
h/t to Irina Renteria for the initial work here
* python 2 unfortunately still exists
* py2 repr
* typo caught by flake8
* add docs
* review feedback
* reorder args, other fixes
* use the alex name
* add changelog
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PKCS12 parsing support
* running all the tests is so gauche
* rename func
* various significant fixes
* dangerous idiot here
* move pkcs12
* docs updates
* a bit more prose
|
|
|
|
|
|
|
|
| |
* add sha3 support
* missed versionadded
* add prose, remove block_size
|
| |
|
|
|
|
|
|
| |
* add SHA512/224 and SHA512/256 support
* add missing docs
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* add crl.get_revoked_certificate method
* lexicographic is the best ographic
* rename
|
|
|
| |
I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
|
|
|
|
| |
Duplicate attributes now raise an error instead of silently discarding
duplicates.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test against python 3.7 for windows
* update docs to say we test on 3.7
* more succinct
* maybe make this actually work.
* link properly
* moar changes
|
|
|
|
|
|
|
|
| |
* libre 2.7.3 compatibility
* add a changelog
* actually build against 2.7.3
|
|
|
|
|
|
| |
* deprecate the constant time bytes comparison path old python 2.7.x uses
* pep8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add API for retrieving the seconds-to-expiry for the token, given a TTL.
* Process PR feedback:
* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.
* Factored out the HMAC signature verification to a separate function.
* Fixed a copy&paste mistake in the test cases
* Tests cleanup.
* `struct` no longer needed
* Document `def age()`
* typo in `age()` documentation
* token, not data
* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.
* let's call this extract_timestamp and just return timestamp
* review comments
* it's UNIX I know this
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* 2.2 release!
* also change versions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add rotate method
* add some more tests for the failure modes
* start adding some documentation for the rotate method
* operate on a single token at a time, leave lists to the caller
* add versionadded
add versionadded, drop rotate from class doctest
* give rotate a doctest
* single level, not aligned
* add changelog for mf.rotate
* show that, once rotated, the old fernet instance can no longer decrypt the token
* add the instead of just the how
* update docs to reflect removal of ttl from rotate
* update tests
* refactor internal methods so that we can extract the timestamp
* implement rotate
* update wordlist (case sensitive?)
* lints
* consistent naming
* get_token_data/get_unverified_token_data -> better name
* doc changes
* use the static method, do not treat as imethod
* move up to MultiFernet docs
* add to authors
* alter wording
* monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second
* set the time after encryption to make sure that the time is preserved as part of re-encryption
|
|
|
|
|
| |
"value, value, and value" isn't very helpful.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* expunge python 2.6
* how did THAT happen
* remove another unsupported python from the tox envlist
* hypothesis can now be unconditionally imported
|
| |
|
| |
|