| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
| |
right now it just always skips
|
|
|
|
|
|
|
|
|
|
| |
* support random_serial_number in the CertificateBuilder
* turns out pytest's monkeypatch has an undo
* random_serial_number now a function
* just certs
|
|
|
|
|
|
|
|
|
|
| |
* Add bounds checking for Scrypt parameters.
* Pep8.
* More PEP8.
* Change wording.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Scrypt implementation.
* Docs stuff.
* Make example just an example and not a doctest.
* Add changelog entry.
* Docs cleanup.
* Add more tests.
* Add multibackend tests.
* PEP8.
* Add docs about Scrypt parameters.
* Docs cleanup.
* Add AlreadyFinalized.
|
|
|
|
|
|
| |
* add support for signature_algorithm_oid to cert, CSR, and CRL
* refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
|
| |
|
|
|
|
|
|
|
|
| |
* Add a register_interface_if decorator.
* Add tests.
* PEP 8.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make pre5 work
* add a blank line to make the diff happier
* 1.1.0-pre6 working
* support the changes since 1.1.0-pre6
* fixes
* add 1.1.0 to travis
* expose the symbol
* better testing for numericstring
* handle libre...
* actually use the 1.1.0 we compile
* cache the ossl-110 dir on travis
* add some newlines
* changelog entry for 1.1.0 support
* note that we test on 1.1.0
* proper skip on this test
* reorder
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Iterators can only be enumerated once, breaking code like this in
Python 3 for example:
san = SubjectAlternativeName(map(DNSName, lst))
This is also a slight behavior change if the caller modifies the list
after passing it to the constructor, because input lists are now copied.
Which seems like a good thing.
Also:
* Name now checks that attributes elements are of type NameAttribute
* NoticeReference now allows notice_numbers to be any iterable
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry
|
| |
|
|
|
|
|
|
| |
Fix DNSName wildcard encoding for NameConstraints
Previously '.example.com' would get normalised to 'example.com', making
it impossible to add wildcard NameConstraints.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add an enforce_key_length parameter to HOTP and TOTP.
* Document changes in docs.
* Add some words to the wordlist.
* Add versionadded to docs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
|
|
|
| |
This is due to a bug in CommonCrypto present in 10.11.x. Filed as
radar://26636600
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add sign and verify methods to ECDSA
* Documented ECDSA sign/verify methods
* Added CHANGELOG entry
* Skipping test verify and sign if curve is not supported
* Fixed typo in documentation return type
* Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey
|
|
|
|
|
|
|
|
| |
* Add sign and verify methods to DSA
* Documented DSA sign/verify methods
* Added CHANGELOG entry
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #3008 -- expose calculate max pss salt length
* Fixed a few mistakes in the docs
* move all the code around
* oops
* write a unit test
* versionadded + changelog
|
|
|
| |
We have always been at war with OpenSSL 0.9.8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop OpenSSL 0.9.8
* Drop this test, it's not relevant any longer
* unused import
* Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox
* removed unused code for Cryptography_HAS_PKEY_CTX
* return unused code for _AESCTRCipherContext
* syntax :-(
* remove some unused tests and skips
* remove unused code for Cryptography_HAS_PBKDF2_HMAC
* Revert "return unused code for _AESCTRCipherContext"
This reverts commit 7d149729205aa4c9735eb322414b167a75b302df.
* Remove unused RSA code
* Remove unused test code for conditional bindings
* Remove unused dsa code
* unused import
* Remove unused x509 extension code
* Remove unused EC code
* Attempt to remove unused DER key loading code
* document this
* grammar
* Added back this paragraph
* Update docs
|
|
|
|
|
|
|
|
|
| |
This patch adds wrapper methods to allow the user to sign and verify a
single message block without having to go through the multi-step
process of creating a signer or verifier, updating it with the one
message, and finalizing the result. This will make signing and
verifying data more user-friendly when only using small messages.
Partial bug #1529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* some rsa oaep sha2 support
* various improvements
* fix a thing
* simplify
* update the test
* styyyyyle
* more styyyyle
* fix libre, remove a skip that should never be hit
* OAEP version check fixes
|
|
|
|
|
|
|
|
| |
* added a repr to the dsa numbers classes
* fix
* another test
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* SSH serialization for public keys
* name errors ahoy!
* id, ego, superego
* dsa support
* EC support
* Don't keyerror
* Documentation OpenSSH
* flake8
* fix
* bytes bytes bytes
* skip curve unsupported
* bytes!
* Move a function
* reorganize code for coverage
|
| |
|
|
|
|
|
|
|
|
| |
* Add alias for Certificate serial as serial number
* Adding deprecation to utils
* Now with catch warnings and proper vers
|
| |
|
|
|
|
|
|
|
|
| |
* unicode characters make everything angry
* changelog entry and make skip msgs more informative
* typo fix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* NIST SP 800-108 Counter Mode and Feedback Mode KDF
* CounterKDF unit tests
* Refactor to support multiple key based KDF modes.
* Extracting supported algorithms for KBKDF Counter Mode test vectors
* Adding support for different rlen and counter location in KBKDF
* support for multiple L lengths and 24 bit counter length.
* Adding KBKDF Documentation.
* Refactoring KBKDF to KBKDFHMAC to describe hash algorithm used.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removing test_osrandom_engine_is_default.
test_osrandom_engine_is_default depends on having a valid
sys.executable. This attribute is not always set (see
https://docs.python.org/2/library/sys.html#sys.executable ) so, in some
environments, this test fails. I moved the functionality of the test
into the setup and teardown methods so the correct behavior is still
tested.
* Fixing some style issues.
* Removing an unnecessary newline.
* Putting back the test.
* Moving the assert from teardown to setup.
|
| |
|
| |
|
|
|
|
|
|
| |
* Handle two more error conditions correctly
* fixed test case
|
| |
|
|\
| |
| | |
Fixed #2836 -- error out on OpenSSL 0.9.8 by default
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
| |
version
|
|\
| |
| | |
Added support for padding ANSI X.923
|
| | |
|
| |
| |
| |
| | |
All padding bytes must be 0.
|
| | |
|
| | |
|
| | |
|