aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat/backends/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-181-4/+9
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-131-0/+11
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-111-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-113-16/+28
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-071-2/+6
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)Paul Kehrer2016-10-011-4/+15
| | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage
* Resolved some more CFFI warnings; these are also unsigned (#3163)Alex Gaynor2016-09-221-2/+2
|
* fix warnings in cffi 1.8.3 due to wrong buffer types (#3155)Paul Kehrer2016-09-213-3/+3
|
* fix memory leak reported in #3134 (#3135)Paul Kehrer2016-09-041-0/+4
|
* fix inconsistency in utilization of block_size in openssl cipher impl (#3131)Paul Kehrer2016-09-021-7/+6
| | | | | | | | | * fix inconsistency in utilization of block_size in openssl cipher impl Previously we over-allocated our buffers because we treated a bit size as bytes. * rename property
* Scrypt Implementation (#3117)Terry Chia2016-09-011-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* add support for signature_algorithm_oid to cert, CSR, and CRL (#3124)Paul Kehrer2016-08-311-18/+33
| | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
* blake2b/blake2s support (#3116)Paul Kehrer2016-08-282-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | * blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-261-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* constify and reorder getter args (#3103)Paul Kehrer2016-08-241-4/+4
| | | | | | | | | | * constify more things in x509 and reorder a few func args Post pre6 they changed some function argument order... * fix the function arg order where we call it * still need arg names when implementing the function...whoops
* Add code style settings, new excludes, run 'test_x509_ext (Py3)' (#3041)Marti2016-08-021-5/+10
| | | | | | Fix DNSName wildcard encoding for NameConstraints Previously '.example.com' would get normalised to 'example.com', making it impossible to add wildcard NameConstraints.
* Use a series of constants for OpenSSL version checks (#3037)Alex Gaynor2016-07-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | * Use a series of constants for OpenSSL version checks. N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely! * Convert some python as well, also add the file * flake8 * Simplify code, remove functionality that can be expressed more simply * clean up the tests as well * more constants * wrap long lines * reflect feedback * unused * add this back?
* One shot sign/verification ECDSA (#3029)Aviv Palivoda2016-07-021-0/+10
| | | | | | | | | | | | | | * Add sign and verify methods to ECDSA * Documented ECDSA sign/verify methods * Added CHANGELOG entry * Skipping test verify and sign if curve is not supported * Fixed typo in documentation return type * Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey
* One shot sign/verify DSA (#3003)Aviv Palivoda2016-06-301-0/+10
| | | | | | | | * Add sign and verify methods to DSA * Documented DSA sign/verify methods * Added CHANGELOG entry
* Fixed #3008 -- expose calculate max pss salt length (#3014)Alex Gaynor2016-06-271-11/+7
| | | | | | | | | | | | | | * Fixed #3008 -- expose calculate max pss salt length * Fixed a few mistakes in the docs * move all the code around * oops * write a unit test * versionadded + changelog
* Use DSAparams_dup in yet another please (#3007)Alex Gaynor2016-06-201-27/+2
|
* use DSAparams_dup now that we no longer support 0.9.8 (#3006)Paul Kehrer2016-06-202-35/+4
|
* Rewrite a comment. (#3004)Alex Gaynor2016-06-201-4/+4
| | | d2i_AutoPrivateKey is less useful than we thought
* More cleanup of the EVP module for 0.9.8isms (#3000)Alex Gaynor2016-06-201-2/+2
|
* Remove some 0.9.8 code in x509 extension land (#2999)Alex Gaynor2016-06-191-44/+12
|
* Simplify and remove some 0.9.8 code from the EVP bindings (#2996)Alex Gaynor2016-06-191-6/+4
| | | | | | | | * Simplify and remove some 0.9.8 code from the EVP bindings The Cryptography_ symbol remains because pyOpenSSL uses. There's still other 0.9.8isms in this file. * only eclare this once
* Removed 0.9.8 specific hmac code (#2995)Alex Gaynor2016-06-191-10/+4
|
* Simplify control flow now that the 0.9.8 branches are gone (#2989)Alex Gaynor2016-06-181-10/+0
|
* Remove a binding and comments that reference 0.9.8 (#2984)Alex Gaynor2016-06-182-7/+4
|
* Removed some code that existed for OpenSSL 0.9.8 (#2983)Alex Gaynor2016-06-181-11/+3
| | | Refs #2982
* Drop OpenSSL 0.9.8 (#2978)Alex Gaynor2016-06-182-261/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop OpenSSL 0.9.8 * Drop this test, it's not relevant any longer * unused import * Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox * removed unused code for Cryptography_HAS_PKEY_CTX * return unused code for _AESCTRCipherContext * syntax :-( * remove some unused tests and skips * remove unused code for Cryptography_HAS_PBKDF2_HMAC * Revert "return unused code for _AESCTRCipherContext" This reverts commit 7d149729205aa4c9735eb322414b167a75b302df. * Remove unused RSA code * Remove unused test code for conditional bindings * Remove unused dsa code * unused import * Remove unused x509 extension code * Remove unused EC code * Attempt to remove unused DER key loading code * document this * grammar * Added back this paragraph * Update docs
* Small cleanup (#2979)Alex Gaynor2016-06-151-6/+1
|
* Add convenience methods to sign and verify w/ RSA (#2945)Colleen Murphy2016-06-041-0/+11
| | | | | | | | | This patch adds wrapper methods to allow the user to sign and verify a single message block without having to go through the multi-step process of creating a signer or verifier, updating it with the one message, and finalizing the result. This will make signing and verifying data more user-friendly when only using small messages. Partial bug #1529
* RSA OAEP SHA2 Support (#2956)Paul Kehrer2016-06-042-16/+48
| | | | | | | | | | | | | | | | | | | | * some rsa oaep sha2 support * various improvements * fix a thing * simplify * update the test * styyyyyle * more styyyyle * fix libre, remove a skip that should never be hit * OAEP version check fixes
* SSH serialization for public keys (#2957)Alex Gaynor2016-06-034-2/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SSH serialization for public keys * name errors ahoy! * id, ego, superego * dsa support * EC support * Don't keyerror * Documentation OpenSSH * flake8 * fix * bytes bytes bytes * skip curve unsupported * bytes! * Move a function * reorganize code for coverage
* small cleanups to the cert.serial warning (#2958)Alex Gaynor2016-06-031-1/+2
|
* Random grammar stuff (#2955)Alex Gaynor2016-06-021-1/+1
|
* Add alias for Certificate serial as serial number (#2950)Chelsea Winfree2016-06-021-0/+9
| | | | | | | | * Add alias for Certificate serial as serial number * Adding deprecation to utils * Now with catch warnings and proper vers
* treat rsa struct as opaque (#2937)Paul Kehrer2016-06-011-12/+52
|
* treat DSA as opaque (#2936)Paul Kehrer2016-05-311-25/+109
|
* treat rsa struct as opaque (#2935)Paul Kehrer2016-05-311-11/+17
|
* treat the DSA struct as opaque (#2883)Paul Kehrer2016-05-281-19/+45
| | | | | | * initial DSA backend changes for opaque struct * don't use DSAparams_dup because centos5 0.9.8e is a mystery
* move the code aroundAlex Gaynor2016-03-141-54/+54
|
* delete software (flake8)Alex Gaynor2016-03-142-8/+3
|
* Fixed #2747 -- allow creating x509 exts with unknown extensionsAlex Gaynor2016-03-142-33/+55
|
* wrong assertPaul Kehrer2016-03-131-1/+1
|
* support PolicyConstraints in the CertificateBuilderPaul Kehrer2016-03-131-0/+18
|
* Merge pull request #2809 from reaperhulk/110-patch-28Alex Gaynor2016-03-131-10/+34
|\ | | | | add 5 accessor functions that exist in 1.1.0 to help opaque x509 structs
| * add 5 accessor functions that exist in 1.1.0 to help opaque x509 structsPaul Kehrer2016-03-111-10/+34
| | | | | | | | | | | | | | | | | | X509_REVOKED_get0_serialNumber X509_REVOKED_get0_revocationDate X509_CRL_get0_signature i2d_re_X509_REQ_tbs i2d_re_X509_CRL_tbs X509_REQ_get0_signature
* | Merge pull request #2818 from reaperhulk/simplify-extension-creationAlex Gaynor2016-03-132-67/+48
|\ \ | | | | | | simplify extension creation by using X509V3_EXT_i2d
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-05 19:31:53 +0000