| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | centralize our bytes check (#4622) | Paul Kehrer | 2018-12-02 | 17 | -92/+50 | |
| | | | | this will make life a bit easier when we support bytearrays | |||||
| * | switch osrandom engine to blocking mode when getting entropy (#4620) | Paul Kehrer | 2018-12-02 | 2 | -15/+3 | |
| | | | | | | | | | * switch osrandom engine to blocking mode when getting entropy * review feedback * we can remove this too | |||||
| * | reuse the libressl branch for OpenSSL built with OPENSSL_NO_PSK (#4619) | Paul Kehrer | 2018-12-01 | 1 | -1/+1 | |
| | | ||||||
| * | refactor some code into separate functions in asn1 encode (#4617) | Paul Kehrer | 2018-12-01 | 1 | -20/+31 | |
| | | | | | | | | | * refactor some code into separate functions in asn1 encode this will be useful in IDP encoding * review feedback | |||||
| * | allow multi-valued RDNs (#4616) | Paul Kehrer | 2018-11-30 | 1 | -1/+1 | |
| | | | | | RDNs can have multiple values. This allows them in FreshestCRL and upcoming IssuingDistributionPoint encoding support. | |||||
| * | IssuingDistributionPoint support (parse only) (#4552) | Paul Kehrer | 2018-11-30 | 3 | -3/+159 | |
| | | | | | | | | | | | | | | | | | | | | | | | * IssuingDistributionPoint support h/t to Irina Renteria for the initial work here * python 2 unfortunately still exists * py2 repr * typo caught by flake8 * add docs * review feedback * reorder args, other fixes * use the alex name * add changelog | |||||
| * | PKCS12 Basic Parsing (#4553) | Paul Kehrer | 2018-11-28 | 2 | -0/+55 | |
| | | | | | | | | | | | | | | | | | | | * PKCS12 parsing support * running all the tests is so gauche * rename func * various significant fixes * dangerous idiot here * move pkcs12 * docs updates * a bit more prose | |||||
| * | Move SSH serialization to it's own file (#4607) | Alex Gaynor | 2018-11-24 | 4 | -148/+158 | |
| | | | | | | | * Move SSH serialization to it's own file * flake8 | |||||
| * | refactor serialization module into package (#4606) | Paul Kehrer | 2018-11-23 | 3 | -11/+35 | |
| | | | | | | | * refactor serialization into a package so we can add a pkcs12 module * oops | |||||
| * | Added comments reminding us to improve this code when we go 1.1.1+ only (#4605) | Alex Gaynor | 2018-11-23 | 1 | -0/+4 | |
| | | ||||||
| * | X448 support (#4580) | Paul Kehrer | 2018-11-22 | 3 | -0/+145 | |
| | | | | | | | | | | | | | | | | | | | | | * x448 support This work was originally authored by derwolfe * update docs to have a more useful derived key length * error if key is not a valid length in from_public_bytes * one more * switch to using evp_pkey_keygen_gc for x448 keygen * review feedback * switch to using evp_pkey_derive * nit fix | |||||
| * | refactor x25519 exchange into utils (#4603) | Paul Kehrer | 2018-11-22 | 2 | -24/+27 | |
| | | ||||||
| * | Import idna lazily to reduce our memory consumption (#4601) | Alex Gaynor | 2018-11-23 | 1 | -2/+12 | |
| | | | | We only use idna in deprecated paths at this point, so we shouldn't make people pay for it. | |||||
| * | add sha3 support (#4573) | Paul Kehrer | 2018-11-22 | 1 | -0/+24 | |
| | | | | | | | | | * add sha3 support * missed versionadded * add prose, remove block_size | |||||
| * | Adjust DTLS check (#4593) | Rosen Penev | 2018-11-19 | 1 | -1/+1 | |
| | | | | OpenSSL defines these even with OPENSSL_NO_DTLS. | |||||
| * | add EVPDigestFinalXOF for extendable output functions (#4589) | Paul Kehrer | 2018-11-13 | 2 | -0/+14 | |
| | | ||||||
| * | refactor x25519 keygen into evp_pkey_keygen (#4587) | Paul Kehrer | 2018-11-13 | 1 | -7/+7 | |
| | | | | this allows us to use the same code for ed25519, x448, and ed448 | |||||
| * | Ed bindings (#4586) | Paul Kehrer | 2018-11-13 | 3 | -0/+30 | |
| | | | | | | | * add evp_pkey_ed25519 * ed448 bindings | |||||
| * | error if the key length for x25519 isn't 32 bytes (#4584) | Paul Kehrer | 2018-11-12 | 1 | -0/+4 | |
| | | | | | | | * error if the key length for x25519 isn't 32 bytes * also test 33 | |||||
| * | add SHA512/224 and SHA512/256 support (#4575) | Paul Kehrer | 2018-11-12 | 1 | -0/+14 | |
| | | | | | | | * add SHA512/224 and SHA512/256 support * add missing docs | |||||
| * | add bindings for early data (#4582) | Paul Kehrer | 2018-11-12 | 2 | -0/+13 | |
| | | | | | | | * add bindings for early data * remove final var name | |||||
| * | add a little bit of x25519 interface docs we missed (#4574) | Paul Kehrer | 2018-11-12 | 1 | -3/+9 | |
| | | ||||||
| * | x448 bindings (#4577) | Paul Kehrer | 2018-11-12 | 3 | -0/+24 | |
| | | ||||||
| * | add EVP raw key bindings (#4578) | Paul Kehrer | 2018-11-12 | 2 | -0/+28 | |
| | | ||||||
| * | add a few more EC OIDs (#4572) | Paul Kehrer | 2018-11-11 | 1 | -0/+13 | |
| | | | | | | | * add a few more EC OIDs * spaces matter | |||||
| * | Remove unnecessary use of six.binary_type (#4569) | Jon Dufresne | 2018-11-11 | 1 | -1/+1 | |
| | | | | | | All supported Pythons have type bytes. On Python 2, it is an alias of str, same as six.binary_type. Makes the code slightly more forward compatible and removes some indirection. | |||||
| * | reopen master for 2.5 development (#4571) | Paul Kehrer | 2018-11-11 | 1 | -1/+1 | |
| | | ||||||
| * | Revert O_CLOEXEC change to fix builds (#4570) | Alex Gaynor | 2018-11-11 | 2 | -3/+10 | |
| | | ||||||
| * | bump versions and update changelog for 2.4 release (#4568) | Paul Kehrer | 2018-11-11 | 1 | -1/+1 | |
| | | ||||||
| * | add various new TLS bindings (#4555) | Paul Kehrer | 2018-11-03 | 2 | -0/+31 | |
| | | | | | | | | | | | * add SSL_OP_NO_TLSv1_3 * compiling now * bind SSL_CTX_set_ciphersuites as well * add some more | |||||
| * | add EC OIDs (#4435) | Paul Kehrer | 2018-10-30 | 1 | -0/+10 | |
| | | | | | | | * add EC OIDs * move ec oid docs to bottom | |||||
| * | move ObjectIdentifier to break an upcoming import cycle (#4550) | Paul Kehrer | 2018-10-30 | 2 | -59/+68 | |
| | | ||||||
| * | Add eq/ne/hash to PrecertificateSignedCertificateTimestamps (#4534) | Paul Kehrer | 2018-10-29 | 2 | -0/+35 | |
| | | | | | | | | | | | | | | | * Add eq/ne/hash to PrecertificateSignedCertificateTimestamps This requires adding it to SignedCertificateTimestamps as well * slightly more consistent * right, these need to be conditional * compare by signature * don't use private API | |||||
| * | do not pass conversion on Solaris (#4545) | Bernát Gábor | 2018-10-30 | 1 | -1/+1 | |
| | | ||||||
| * | create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm (#4542) | Paul Kehrer | 2018-10-29 | 4 | -47/+37 | |
| | | | | | | | * create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm * remove unused import | |||||
| * | add SCT_get0_signature (#4540) | Paul Kehrer | 2018-10-28 | 2 | -0/+4 | |
| | | ||||||
| * | OCSP response builder (#4485) | Paul Kehrer | 2018-10-28 | 3 | -10/+279 | |
| | | | | | | | | | * ocsp response builder * better prose * review changes | |||||
| * | add IDP OID and docs (#4533) | Paul Kehrer | 2018-10-28 | 1 | -0/+4 | |
| | | ||||||
| * | refactor _decode_dist_points (#4536) | Paul Kehrer | 2018-10-28 | 1 | -64/+67 | |
| | | | | | | | | | | | | * separate refactor _decode_dist_points We need to be able to parse reasons and distpoint for the CRL extension IssuingDistributionPoint * move comment, rename a variable * review feedback | |||||
| * | add bindings for supporting the issuing distribution point CRL extension (#4532) | Paul Kehrer | 2018-10-27 | 1 | -0/+12 | |
| | | ||||||
| * | add _create_asn1_time (#4524) | Paul Kehrer | 2018-10-24 | 1 | -12/+10 | |
| | | ||||||
| * | refactor set_asn1_time to take a datetime (#4516) | Paul Kehrer | 2018-10-23 | 1 | -14/+7 | |
| | | ||||||
| * | bind a constant for an error check (#4514) | Paul Kehrer | 2018-10-23 | 1 | -0/+1 | |
| | | | | I hate it when we have to do this. | |||||
| * | next_update is not a required field on OCSP responses (#4513) | Paul Kehrer | 2018-10-23 | 1 | -2/+4 | |
| | | ||||||
| * | Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor ↵ | Alex Gaynor | 2018-10-23 | 1 | -9/+2 | |
| | | | | | | | | | (#4507) * Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor * Unused variable | |||||
| * | Remove branch for old libressl versions that we don't support any more (#4505) | Alex Gaynor | 2018-10-20 | 1 | -2/+1 | |
| | | ||||||
| * | Add definitions that help with hostname checking (#4492) | Kai Engert | 2018-10-10 | 3 | -0/+56 | |
| | | | | | | | | | | | | | | | * Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS * remove unnecessary parameter name * Add version conditionals and more flags * extend cryptography_has_102_verification_params * X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+ * add missing declaration | |||||
| * | Use our cryptography-specific warning class (#4493) | Alex Gaynor | 2018-10-10 | 1 | -1/+1 | |
| | | ||||||
| * | OCSP response serialization (#4482) | Paul Kehrer | 2018-10-06 | 1 | -0/+13 | |
| | | | | | | | * support OCSP response serialization * empty commit, good times | |||||
| * | support extensions in the OCSP request builder (#4481) | Paul Kehrer | 2018-10-06 | 3 | -6/+37 | |
| | | | | | | | | | | | * support extensions in the OCSP request builder * cover a missed branch * refactor to use new func * review feedback | |||||
