| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
* missing macro and three macro functions
* removed space before function name (style issue)
* remove macro which always will not be set by cryptography
|
| |
|
|
|
|
| |
* add support for prehashing in ECDSA sign/verify
* move signature_algorithm check to its own function
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* support RSA verify with prehashing
* review feedback
* more dedupe
* refactor and move to a separate module
|
| |
|
|
|
|
|
|
| |
* support prehashing in RSA sign
* check to make sure digest size matches prehashed data provided
* move doctest for prehashed
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
pulled from #3244
|
| |
|
| |
where it belongs!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2
|
| |
|
| |
refs #3248
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* change derive_elliptic_curve_public_point to return EllipticCurvePublicKey
* also rename the backend interface method
* review feedback
* Rename to derive_elliptic_curve_private_key
* Returns EllipticCurvePrivateKey
* Reuses the EC_POINT in the openssl impl
* Rename "secret" arg to "private_value" which is consistent with our
naming for the value in ECPrivateNumbers.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cx_freeze support for default_backend
* updated tabing to spaces
* corrected spacing
* moved finding backend to backends __init__
* update to check to see if sys is frozen
* corrected pep8 issues
* update based on comments
* changes to simplify, support testing, and improve comments
* add changelog entry
* right, coverage. I remember now. Time for some contortions.
* updated with review feedback
|
| |
|
|
|
|
|
|
|
|
| |
* Add a bytes method to get the DER ASN.1 encoding of an X509 name.
This is useful for creating an OpenSSL style subject_name_hash (#3011)
* add to backend interface and update multibackend
* bytes -> public_bytes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing.
|
| |
|
| |
http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
|
| |
|
|
|
|
| |
* add some new oids
* As Alex pointed out, it's streetAddress
|
| |
|
|
|
|
| |
* add alternate signature OID for RSA with SHA1 + test and vector
* mozilla is a proper noun leave me alone spellchecker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* finish https://github.com/pyca/cryptography/pull/1973
* change API & add test
Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.
* fix test
* improve coverage
* complete coverage
* final fix
* centos fix
* retry
* cleanup asserts
* use openssl_assert
* skip unsupported platforms
* change API name to derive_private_key
* change version added
* improve description of `secret` param
* separate successful and failure test cases
* simplify successful case
* add docs for derive_elliptic_curve_public_point
* add period
|
| |
|
|
|
|
|
|
| |
Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects. Add the 'rdns' attribute to give
access to the RDNs. Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add RelativeDistinguishedName class
* Make relative_name a RelativeDistinguishedName
DistributionPoint relative_name is currently a Name but RFC 5280
defines it as RelativeDistinguishedName, i.e. a non-empty SET OF
name attributes. Change the DistributionPoint relative_name
attribute to be a RelativeDistinguishedName.
|
| |
|
|
|
|
| |
* Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible
|
| | |
|
| |
|
|
|
|
| |
* re-add setuptools resolve vs load workaround
* add deprecatedin tag so we can find this easier
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* support random_serial_number in the CertificateBuilder
* turns out pytest's monkeypatch has an undo
* random_serial_number now a function
* just certs
|
| |
|
|
|
|
|
|
|
|
| |
* Add bounds checking for Scrypt parameters.
* Pep8.
* More PEP8.
* Change wording.
|
| |
|
|
|
|
|
|
|
| |
* fix inconsistency in utilization of block_size in openssl cipher impl
Previously we over-allocated our buffers because we treated a bit size
as bytes.
* rename property
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Scrypt implementation.
* Docs stuff.
* Make example just an example and not a doctest.
* Add changelog entry.
* Docs cleanup.
* Add more tests.
* Add multibackend tests.
* PEP8.
* Add docs about Scrypt parameters.
* Docs cleanup.
* Add AlreadyFinalized.
|
| |
|
|
|
|
| |
* add support for signature_algorithm_oid to cert, CSR, and CRL
* refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
|
| |
|
|
|
|
|
|
| |
* Add a register_interface_if decorator.
* Add tests.
* PEP 8.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add Scrypt bindings.
* Add check for OPENSSL_NO_SCRYPT.
* Fix CUSTOMIZATIONS.
* Account for LibreSSL.
* Remove argument names.
* Remove more argument names.
|
| |
|
|
| |
the next release. (#3113)
|
