| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
* add OpenSSH serialization for ed25519 keys (#4808)
* address review comments
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* poly1305 support
* some more tests
* have I mentioned how bad the spellchecker is?
* doc improvements
* EVP_PKEY_new_raw_private_key copies the key but that's not documented
Let's assume that might change and be very defensive
* review feedback
* add a test that fails on a tag of the correct length but wrong value
* docs improvements
|
| |
|
|
|
|
| |
* support ed25519 openssh public keys
* don't need this check
|
| |
|
|
|
|
|
|
| |
* ed448 support
* move the changelog entry
* flake8
|
| |
|
|
|
|
| |
* ed25519 support
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
| |
* support OPENSSL_NO_ENGINE
* support some new openssl config args
* sigh
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add an EC OID to curve dictionary mapping
* oid_to_curve function
* changelog and docs fix
* rename to get_curve_for_oid
|
| |
|
|
|
|
|
|
|
|
| |
* encode the package version in the shared object
* review feedback
* move into build_ffi so the symbol is in all shared objects
* review feedback
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Run wycheproof RSA tests on LibreSSL>=2.8
* Define it this way
* These are errors on libressl
|
| |
|
|
|
|
|
|
|
|
| |
* Fixes #4734 -- Deal with deprecated things
- Make year based aliases of PersistentlyDeprecated so we can easily assess age
- Removed encode/decode rfc6979 signature
- Removed Certificate.serial
* Unused import
|
| |
|
|
|
|
|
|
| |
* allow asn1 times of 1950-01-01 and later.
* add a test
* pretty up the test
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we used unix timestamps, but now we are switching to using
ASN1_TIME_set_string and automatically formatting the string based on
the year. The rule is as follows:
Per RFC 5280 (section 4.1.2.5.), the valid input time
strings should be encoded with the following rules:
1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
Notably, Dates < 1950 are not valid UTCTime. At the moment we still
reject dates < Jan 1, 1970 in all cases but a followup PR can fix
that.
|
| | |
|
| |
|
|
|
|
| |
* add support for encoding compressed points
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* shake128/256 support
* remove block_size
* doc an exception
* change how we detect XOF by adding _xof attribute
* interface!
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
| |
* byteslike concatkdf
* byteslike scrypt
* byteslike x963kdf
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* support byteslike in HKDF
* support byteslike in PBKDF2HMAC
* add missing docs
|
| |
|
| |
yuck.
|
| |
|
|
|
|
|
|
|
|
|
| |
* x448 and x25519 should enforce key lengths in from_private_bytes
they should also check if the algorithm is supported like the public
bytes class methods do
* oops
* move the checks
|
| |
|
| |
needed for some KDF keying material
|
| |
|
| |
This is needed to handle keying material in some of the KDFs
|
| | |
|
| |
|
|
|
|
| |
* add support for byteslike password/data to load_{pem,der}_private_key
* pypy 5.4 can't do memoryview from_buffer
|
| |
|
|
| |
we don't care about exceeding a deadline in CI because our infra
has wild variability and this can just randomly happen.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add support for byteslike on password and data for pkcs12 loading
* use a contextmanager to yield a null terminated buffer we can zero
* review feedback
* updated text
* one last change
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
|
| |
|
|
|
|
| |
* add signature_hash_algorithm to OCSPResponse
* fix pointless asserts
|
| |
|
|
|
|
| |
* HTTPS a bunch of links in random places
* What the heck happened here?
|
| |
|
|
|
|
|
|
| |
* Support compressed points in the wycheproof tests
* Handle entries with no public key
* Ok, let's try this
|
| |
|
|
|
|
| |
* handle empty byte string in from_encoded_point
* move the error
|
| |
|
|
|
|
| |
RFC 4514 does not explicitly allow whitespace between separators:
https://tools.ietf.org/html/rfc4514
Reported-by: David Arnold <dar@xoe.solutions>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* compressed point support
* refactor to use oct2point directly
* small docs change
* remove deprecation for the moment and a bit of review feedback
* no backend arg, implicitly import it
* missed a spot
* double oops
* remove superfluous call
* use refactored method
* use vector file
* one last item
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Raise MemoryError when backend.derive_scrypt can't malloc enough
* Expose ERR_R_MALLOC_FAILURE and use the reason_match pattern to catch it
* Add test_scrypt_malloc_failure in test_scrypt
* let's see if this passes
* add comment to filippo's blog post about scrypt's params
|
| |
|
|
| |
(#4304)
|
| |
|
|
|
|
|
|
|
|
| |
* remove idna as a primary dependency
* empty commit
* dynamodb test fix (thanks to Matt Bullock)
* review feedback
|
| | |
|
| |
|
|
| |
RDNs can have multiple values. This allows them in FreshestCRL and
upcoming IssuingDistributionPoint encoding support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* IssuingDistributionPoint support
h/t to Irina Renteria for the initial work here
* python 2 unfortunately still exists
* py2 repr
* typo caught by flake8
* add docs
* review feedback
* reorder args, other fixes
* use the alex name
* add changelog
|
