| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
| |
this will make life a bit easier when we support bytearrays
|
|
|
|
|
|
| |
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm
* remove unused import
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#4325)
* we don't actually care about the errstack here, it's an invalid signature
We previously had no cases where we could error without getting errors
on the error stack, but wycheproof contains test cases that can error
without adding anything to the stack. Accordingly, we should clear the
stack but raise InvalidSignature no matter what (rather than
InternalError if we have no error msgs)
* add a test
|
|
|
| |
We have an existence proof that the latter assertion can be triggered, and I bet the former can too.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
|
|
|
|
|
| |
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
|
|
|
|
|
|
| |
* make signature and verification contexts error better re: prehashed
* code review feedback
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
|
|
|
|
|
|
|
|
|
| |
* support RSA verify with prehashing
* review feedback
* more dedupe
* refactor and move to a separate module
|
|
|
|
|
|
|
|
| |
* support prehashing in RSA sign
* check to make sure digest size matches prehashed data provided
* move doctest for prehashed
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #3008 -- expose calculate max pss salt length
* Fixed a few mistakes in the docs
* move all the code around
* oops
* write a unit test
* versionadded + changelog
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop OpenSSL 0.9.8
* Drop this test, it's not relevant any longer
* unused import
* Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox
* removed unused code for Cryptography_HAS_PKEY_CTX
* return unused code for _AESCTRCipherContext
* syntax :-(
* remove some unused tests and skips
* remove unused code for Cryptography_HAS_PBKDF2_HMAC
* Revert "return unused code for _AESCTRCipherContext"
This reverts commit 7d149729205aa4c9735eb322414b167a75b302df.
* Remove unused RSA code
* Remove unused test code for conditional bindings
* Remove unused dsa code
* unused import
* Remove unused x509 extension code
* Remove unused EC code
* Attempt to remove unused DER key loading code
* document this
* grammar
* Added back this paragraph
* Update docs
|
|
|
|
|
|
|
|
|
| |
This patch adds wrapper methods to allow the user to sign and verify a
single message block without having to go through the multi-step
process of creating a signer or verifier, updating it with the one
message, and finalizing the result. This will make signing and
verifying data more user-friendly when only using small messages.
Partial bug #1529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* some rsa oaep sha2 support
* various improvements
* fix a thing
* simplify
* update the test
* styyyyyle
* more styyyyle
* fix libre, remove a skip that should never be hit
* OAEP version check fixes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* SSH serialization for public keys
* name errors ahoy!
* id, ego, superego
* dsa support
* EC support
* Don't keyerror
* Documentation OpenSSH
* flake8
* fix
* bytes bytes bytes
* skip curve unsupported
* bytes!
* Move a function
* reorganize code for coverage
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Move the point of checking signatures, as suggested by alex in PR 2262.
|
|
|
|
|
| |
Signature must be in bytes. If the check is skipped, verify() can
explode later in cffi call in _verify_pkey_ctx() for example.
|
|
|
|
| |
This is kind of ugly, but resolves many partial branch coverage issues.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|