|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add an EC OID to curve dictionary mapping
* oid_to_curve function
* changelog and docs fix
* rename to get_curve_for_oid | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * encode the package version in the shared object
* review feedback
* move into build_ffi so the symbol is in all shared objects
* review feedback | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * Run wycheproof RSA tests on LibreSSL>=2.8
* Define it this way
* These are errors on libressl | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixes #4734 -- Deal with deprecated things
- Make year based aliases of PersistentlyDeprecated so we can easily assess age
- Removed encode/decode rfc6979 signature
- Removed Certificate.serial
* Unused import | 
| | 
| 
| 
| 
| 
| 
| 
| | * Use O_CLOEXEC when it's available
* Don't have two vars with the same name
* A normal person would be emberassed | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * allow asn1 times of 1950-01-01 and later.
* add a test
* pretty up the test | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Previously we used unix timestamps, but now we are switching to using
ASN1_TIME_set_string and automatically formatting the string based on
the year. The rule is as follows:
Per RFC 5280 (section 4.1.2.5.), the valid input time
strings should be encoded with the following rules:
1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
Notably, Dates < 1950 are not valid UTCTime. At the moment we still
reject dates < Jan 1, 1970 in all cases but a followup PR can fix
that. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test
This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit
builders) to fail as expected. Technically this isn't a malloc error,
but rather failing because the allocation requested is larger than
32-bits, but raising a MemoryError still seems appropriate
* what you want an endif too? | 
| | |  | 
| | 
| 
| 
| 
| 
| | * add support for encoding compressed points
* review feedback | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * shake128/256 support
* remove block_size
* doc an exception
* change how we detect XOF by adding _xof attribute
* interface!
* review feedback | 
| | 
| 
| 
| | we already did all the conditional binding, but forgot to actually
expose it. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * byteslike concatkdf
* byteslike scrypt
* byteslike x963kdf | 
| | 
| 
| 
| 
| 
| 
| 
| | * support byteslike in HKDF
* support byteslike in PBKDF2HMAC
* add missing docs | 
| | 
| 
| | yuck. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * x448 and x25519 should enforce key lengths in from_private_bytes
they should also check if the algorithm is supported like the public
bytes class methods do
* oops
* move the checks | 
| | 
| 
| | needed for some KDF keying material | 
| | 
| 
| | This is needed to handle keying material in some of the KDFs | 
| | |  | 
| | 
| 
| 
| 
| 
| | * add support for byteslike password/data to load_{pem,der}_private_key
* pypy 5.4 can't do memoryview from_buffer | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add support for byteslike on password and data for pkcs12 loading
* use a contextmanager to yield a null terminated buffer we can zero
* review feedback
* updated text
* one last change | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something | 
| | |  | 
| | 
| 
| 
| 
| | This adds the ability to retrieve the selected SRTP protection profile
after the DTLS handshake completes. This is needed to perform the
correct key derivation if multiple profiles were offered. | 
| | 
| 
| 
| 
| 
| | * add signature_hash_algorithm to OCSPResponse
* fix pointless asserts | 
| | 
| 
| 
| 
| 
| | * HTTPS a bunch of links in random places
* What the heck happened here? | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Linux (#4656)
* Fixes #4645 -- select() on /dev/random before reading from /dev/urandom on linux
* whoops
* Missing header
* whoops
* Review notes
* Potential uninitialized fix
* Signals are literally impossible | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Improve error message for unsupported ciphers
* fix spacing
* include the openssl version number in the message
* backwards
* pep8 | 
| | 
| 
| 
| 
| 
| | * handle empty byte string in from_encoded_point
* move the error | 
| | 
| 
| 
| 
| 
| | RFC 4514 does not explicitly allow whitespace between separators:
https://tools.ietf.org/html/rfc4514
Reported-by: David Arnold <dar@xoe.solutions> | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * compressed point support
* refactor to use oct2point directly
* small docs change
* remove deprecation for the moment and a bit of review feedback
* no backend arg, implicitly import it
* missed a spot
* double oops
* remove superfluous call
* use refactored method
* use vector file
* one last item | 
| | |  | 
| | 
| 
| 
| 
| 
| | * ec key creation by curve name refactored into a method
* typo | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * PoC code for check PEM wrap
* Remove PoC check wrap code
* Add PEM file info to FAQ
* Add FAQ/PEM link in exception message
* Fix flake8 style issues
* refactor, update language
* it's really amazing how bad the spell checker is
* review feedback
* change to etc | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Updated BLAKE2s and BLAKE2b error messages from unsupportedalgorithm exception to an explicit error.
The error is now "ValueError: Digest size must be 32" (or 64 for BLAKE2b)
This was done to give a more contextual error message and should be in place until OpenSSL supports variable lengths.
* Updated if statements in hashes.py so that they no longer wrap to separate line.
Updated test_hashes.py to unclude a test for non 32 or 64 digest_sizes that fall between 0-32/64.
* Removed the new tests in test_hashes.py as the old ones were satisfactory. This also solved misaligned tabs and spaces.
* Removed dead code in hashes.py that could no longer be reached after error message updates.
* pep8 fix
* remove superfluous parens | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params | 
| | 
| 
| 
| | (#4304) | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * remove idna as a primary dependency
* empty commit
* dynamodb test fix (thanks to Matt Bullock)
* review feedback | 
| | |  |