| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add crl.get_revoked_certificate method
* lexicographic is the best ographic
* rename
|
| |
|
|
|
| |
rsa, and keywrap (#4310)
* Refs #3331 -- added initial wycheproof integration, starting with x25519 tests
|
| |
|
| |
I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* document one shot AEAD length restrictions
* write a test that won't consume infinity ram
continue to raise OverflowError since that's what cffi did.
* this applies to associated_data too
* remove unneeded arg
* review feedback on docs
|
| |
|
|
|
|
|
|
|
| |
* raise valueerror for null x25519 derived keys
OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error
* empty commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#4325)
* we don't actually care about the errstack here, it's an invalid signature
We previously had no cases where we could error without getting errors
on the error stack, but wycheproof contains test cases that can error
without adding anything to the stack. Accordingly, we should clear the
stack but raise InvalidSignature no matter what (rather than
InternalError if we have no error msgs)
* add a test
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Previously we encoded them as UTF-8, but as best I can tell in reality a
BMPString is fixed-width basic multilingual plane big endian encoding.
This is basically UCS-2 (aka original Unicode). However, Python doesn't
support UCS-2 encoding so we need to use utf_16_be. This means you can encode
surrogate code points that are invalid in the context of what a
BMPString is supposed to be, but in reality I strongly suspect the sane
encoding ship has sailed and dozens if not hundreds of implementations
both do this and expect other systems to handle their nonsense.
|
| |
|
|
| |
Duplicate attributes now raise an error instead of silently discarding
duplicates.
|
| | |
|
| |
|
|
| |
(#4308)
|
| |
|
|
|
|
|
|
|
|
| |
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests
* Make this binding conditional
* typo
* need to put this call before we reset the function ptrs
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add clearer message in Cipher when key is not bytes
* Change location of key type check to verify_key_size function
* Replace formated error message with static
* Add key type check tests to all ciphers constructors
* Change key type error message to lowercase
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Future proofing use of the six python version constants
After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.
[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/
Signed-off-by: Eric Brown <browne@vmware.com>
* Use not PY2 instead
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add API for retrieving the seconds-to-expiry for the token, given a TTL.
* Process PR feedback:
* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.
* Factored out the HMAC signature verification to a separate function.
* Fixed a copy&paste mistake in the test cases
* Tests cleanup.
* `struct` no longer needed
* Document `def age()`
* typo in `age()` documentation
* token, not data
* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.
* let's call this extract_timestamp and just return timestamp
* review comments
* it's UNIX I know this
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise a ValueError when conversion to generalizedtime fails
* added test for badasn1time value error
* pep8 compliance
* Addressing code review
+ VE now raises with ```{!r}``` formatting
+ Test now checks that the bad string made it into the VE message
* using ValueError.match
|
| |
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
| |
|
|
|
| |
This breaks the urllib3 tests, as well as several in-the-wild certs
This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
| |
* load Q=224 vectors
* DSA parameters should support 224 for q length
* oxford comma
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| |
|
|
|
|
| |
* don't allow GeneralNames to be an empty list
* flake8
|
| |
|
|
|
|
|
|
| |
* fix a memory leak in ec derive_private_key
fixes #4095
* pep8!
|
| |
|
|
|
|
|
|
| |
* Fixes #4076 - simplify the implementation of int_from_bytes on python2
* whitespace
* Added a test
|
| |
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
|
| | |
|
| |
|
|
|
|
| |
* Fixed 120 warnings from the RSA tests
* typo
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* In RSA test vectors, use verify() to avoid warnings
* whoops
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix ASN1 string type encoding for several Name OIDs
When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.
Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.
This PR also adds tests for the ASN1 string type of ever supported
NameOID.
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add rotate method
* add some more tests for the failure modes
* start adding some documentation for the rotate method
* operate on a single token at a time, leave lists to the caller
* add versionadded
add versionadded, drop rotate from class doctest
* give rotate a doctest
* single level, not aligned
* add changelog for mf.rotate
* show that, once rotated, the old fernet instance can no longer decrypt the token
* add the instead of just the how
* update docs to reflect removal of ttl from rotate
* update tests
* refactor internal methods so that we can extract the timestamp
* implement rotate
* update wordlist (case sensitive?)
* lints
* consistent naming
* get_token_data/get_unverified_token_data -> better name
* doc changes
* use the static method, do not treat as imethod
* move up to MultiFernet docs
* add to authors
* alter wording
* monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second
* set the time after encryption to make sure that the time is preserved as part of re-encryption
|
| |
|
|
|
|
|
|
| |
* Inline calls to bit_length now that it's trivial
* unused imports
* An comment
|
| |
|
|
|
|
| |
* Debian sid is python3.6 now
* Workaround because apparently measuring coverage correctly isn't a legitimate use case
|
| |
|
|
|
|
|
|
|
|
| |
* expunge python 2.6
* how did THAT happen
* remove another unsupported python from the tox envlist
* hypothesis can now be unconditionally imported
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* backwards incompatible change to UniformResourceIdentifier
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies URI to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for URI
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* nonsense empty commit 2.6 and codecov are the worst
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* backwards incompatible change to RFC822Name
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies RFC822Name to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for RFC822Name
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* whoops
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backwards incompatible change to DNSName
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies DNSName to take three different types.
U-label strings (which raises a deprecation warning), A-label strings
(the new preferred type), and bytes (which are assumed to be decodable
to unicode strings). The latter, while supported, is primarily intended
for use by our parser and allows us to return the actual encoded data in
a certificate even if it has not been properly encoded to A-label before
the certificate is created. (Of course, if the certificate contains
invalid utf8 sequences this will still fail, but let's handle one
catastrophic failure at a time).
* coverage
* don't delete that asterisk from a test. it does things.
* no bytes in DNSName. Private constructor for bypassing validation
* test unicode in dnsname (yuck)
* fix docs
* empty commit, you disappoint me codecov
* CI is the worst
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
