aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* [WIP] add support for the TLSFeature extension in x509 (#3899)Paul Kehrer2017-09-102-0/+115
| | | | | | | | | | | | | | | | | | * add support for the TLSFeature extension in x509 This extension is used for OCSP Must-Staple. * fix changelog link * pep8 * refactor to support the sequence properly and add status_request_v2 * update some language * add test vector, implement eq/ne/hash on TLSFeature * address review comments
* RSA OAEP label support for OpenSSL 1.0.2+ (#3897)Paul Kehrer2017-09-082-14/+129
| | | | | | | | | | * RSA OAEP label support for OpenSSL 1.0.2+ * changelog * move around tests, address review feedback, use backend supported method * unsupported padding catches this now
* move x509 tests into a module (#3889)Paul Kehrer2017-09-066-12/+12
| | | | | | | | | | | * move x509 tests into a module This is just to make grouping things like test_ocsp, etc a bit simpler in the future * fix path * pep8
* add blake2b/blake2s support for hmac (#3873)Paul Kehrer2017-08-221-1/+29
| | | | | | | | | | * add blake2b/blake2s support for hmac This was a bug, but it turns out the noise protocol suggests using the HMAC construction with BLAKE2 (rather than BLAKE2's own keyed functionality) for a few reasons, so we should support it. * actually test the thing
* Add is_signature_valid method on CertificateRevocationList (#3849)Vincent Pelletier2017-08-121-0/+41
|
* deprecate unicode input for RFC822Name (#3836)Paul Kehrer2017-08-011-25/+34
| | | | | | * deprecate unicode input for RFC822Name * pep8...?
* deprecate auto-idna on UniformResourceIdentifier (#3832)Paul Kehrer2017-08-012-147/+186
| | | | | | | | | | * deprecate auto-idna on UniformResourceIdentifier * fix repr test * docs * some updated language
* Begin the deprecation of auto-idna for x509.DNSName (#3830)Alex Gaynor2017-07-303-122/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Begin the deprecation of auto-idna for x509.DNSName Refs #3357 * fix warning * py3k fixes * fix docs * sigh * flake8 * these are words * words * tests for coverage * another test * do idna things * more idna things
* remove deprecated items (#3794)Paul Kehrer2017-07-206-147/+4
| | | | | | | | | | * remove deprecated items whirlpool, ripemd160, unsupportedextension, and the old interfaces * flake8 and remove a test generator we no longe use * make it clear we warned you about these things
* Remove DH generator size constraint (#3364)mtury2017-07-171-1/+1
| | | | | | * Remove DH generator size constraint * Check that g > 1
* add AESGCM AEAD support (#3785)Paul Kehrer2017-07-171-1/+81
| | | | | | | | * add AESGCM AEAD support * remove stray newline * move AESGCM docs above CCM
* move tag_length to the AESCCM constructor (#3783)Paul Kehrer2017-07-161-20/+18
| | | | | | * move tag_length to the AESCCM constructor * review feedback
* AESCCM support (#3700)Paul Kehrer2017-07-161-6/+151
|
* allow p % 24 == 23 when generator == 2 in DH_check (#3768)Paul Kehrer2017-07-091-1/+25
| | | | | | | | | | * allow p % 24 == 23 when generator == 2 in DH_check * short url * update and expand comments * even better language!
* use an instance in aead_cipher_supported (#3772)Paul Kehrer2017-07-091-9/+15
| | | | | | | | * use an instance in aead_cipher_supported * test for chacha20poly1305 compatibility via init exception * pep8
* Fixed #3747 -- cache extensions on x.509 objects (#3769)Alex Gaynor2017-07-081-0/+47
| | | | | | | | | | * Fixed #3747 -- cache extensions on x.509 objects * be kind to cpython, save a dict lookup * flake8 * changelog
* change chacha20poly1305_supported to aead_cipher_supported (#3762)Paul Kehrer2017-07-081-2/+2
|
* don't parse SCTs on older openssl (#3749)Paul Kehrer2017-07-041-4/+27
| | | | | | | | * don't parse SCTs on older openssl * use two diff extension parsers because why not * review feedback
* disallow MD5 in CertificateBuilder and CertificateSigningRequestBuilder (#3738)Paul Kehrer2017-06-302-1/+133
| | | | | | | | | | | | * disallow MD5 in CertificateBuilder and CertificateSigningRequestBuilder * only error on ECDSA and DSA lots of duplication in tests here, bleh * remove changelog entry, also handle this for CRLBuilder * pep8
* Fixed a memory leak in EC private numbers (#3741)Alex Gaynor2017-06-301-10/+16
|
* Fix for leaking memory in EllipticCurvePublicNumbers.public_key() (#3732)Alex Gaynor2017-06-281-0/+19
| | | | | | | | | | * Test for leaking memory in EllipticCurvePublicNumbers.public_key() * Fix the memory leak As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y". * Unused imports
* Dh parameters serialization (#3504)Aviv Palivoda2017-06-243-2/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH parameter serizalization - no X9.42 * Support X9.42 serialization - DER not working * Fix dhp_rfc5114_2.der Changing the DER parameters serialization after the fix in openssl commit a292c9f1b835 * DH parameters X9.42 DER serialization fixed * fix _skip_dhx_unsupported * document DH parameter_bytes * PEP8 fixes * Document load_pem_parameters * Document load_der_parameters * document ParameterFormat * Increase test coverage * Increase test covrage * Remove unneeded check * Fix typo * Fix error in load_der_parameters * Add load_pem_parameters and load_der_parameters to interfaces * CR fixes * Removed unverified phrase * Update version to 2.0 * Fix pep8 * Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter * link pkcs3 * Add new line at end of file to serialization.rst * Rename DHparameters to PKCS3 * doc CR fix
* Add DERSerializationBackend to test_dh serialization tests (#3717)Aviv Palivoda2017-06-241-1/+3
|
* implement CCM vector parser (#3699)Paul Kehrer2017-06-212-3/+260
|
* ed25519 vector loader (#3707)Paul Kehrer2017-06-202-1/+110
| | | | | | * ed25519 vector loader * refactor to use unpacking
* disallow empty string for NameAttribute (#3711)Paul Kehrer2017-06-191-0/+4
|
* X25519 Support (#3686)Paul Kehrer2017-06-091-0/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * early days * sort of working * more things * remove private_bytes * public bytes, interface fix * load public keys * x25519 support basically done now * private_bytes is gone * some reminders * doctest this too * remove a thing that doesn't matter * x25519 supported checks * libressl has the NID, but a different API, so check for OpenSSL * pep8 * add missing coverage * update to use reasons * expand test a little * add changelog entry * review feedback
* ChaCha20Poly1305 support (#3680)Paul Kehrer2017-06-081-0/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * chacha20poly1305 support * add chacha20poly1305 backend and some fixes * refactor * forgot to remove this * pep8 * review feedback and a lot of type/value checking * review feedback * raise unsupportedalgorithm when creating a ChaCha20Poly1305 object if it's not supported. * switch to ciphertext||tag * typo * remove a branch we don't need * review feedback * decrypts is *also* a word * use reasons
* Refs #3461 -- parse SCTs from x.509 extension (#3480)Alex Gaynor2017-06-041-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Stub API for SCTs, feedback wanted * grr, flake8 * finish up the __init__ * Initial implementation and tests * write a test. it fails because computer * get the tests passing and fix some TODOs * changelog entry * This can go now * Put a skip in this test * grump * Removed unreachable code * moved changelog to the correct section * Use the deocrator for expressing requirements * This needs f for the right entry_type * coverage * syntax error * tests for coverage * better sct eq tests * docs * technically correct, the most useless kind of correct * typo and more details * bug * drop __eq__
* deprecate signer/verifier on asymmetric keys (#3663)Paul Kehrer2017-06-033-6/+16
| | | | | | * deprecate signer/verifier on asymmetric keys * review feedback, switch deprecated_call to work around a bug
* call check_backend_support directly from backend fixture (#3666)Alex Gaynor2017-06-033-40/+15
|
* Switched our backend to be a normal fixture in tests (#3665)Alex Gaynor2017-06-033-39/+17
|
* make signature and verification contexts error better re: prehashed (#3658)Paul Kehrer2017-06-023-0/+57
| | | | | | * make signature and verification contexts error better re: prehashed * code review feedback
* Enlarge _oid2txt buffer to handle larger OIDs (#3612)Fraser Tweedale2017-05-291-0/+21
| | | | | | | | | The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt: https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values. But OIDs longer than this occur in real life (e.g. Active Directory makes some very long OIDs). If the length of the stringified OID exceeds the buffer size, allocate a new buffer that is big enough to hold the stringified OID, and re-do the conversion into the new buffer.
* move MACContext to mac.py and eliminate interfaces.py (#3631)Paul Kehrer2017-05-291-0/+15
| | | | | | | | | | | | | * move MACContext to mac.py and eliminate interfaces.py finally * improve title * re-add and deprecate interfaces.MACContext * use pytest.warns instead of deprecated_call The pytest docs insist that deprecation warnings are handled differently and that you should use deprecated_call, but this works so okay then
* fix libressl error/refactor some error handling (#3609)Paul Kehrer2017-05-262-15/+8
| | | | | | | | | | | | | | | | | | | | | | | * add libre so I can see the error * add the libre error needed and refactor error handling a bit We were historically matching on lib + func + reason, but func is somewhat unstable so now we match on lib + reason only. Of course, in this case libressl changed both lib and reason so it wouldn't have mattered. All error handling from the error queue in openssl is an illusion * fix a typo, probably an unneeded branch * review feedback * refactor tests to support libressl insert additional rant about libre here, although admittedly these tests were assuming stability where openssl itself guarantees none * better assert, fix flake8
* jurisdictionCountryName also must be PrintableString (#3516)Alex Gaynor2017-05-251-0/+11
| | | | | | | | | | | | | | * jurisdictionCountryName also must be PrintableString * flake8 + citation * Write a test, which fails. If my analysis is correct, this is blocked on: https://github.com/openssl/openssl/pull/3284 * This is only true on 1.1.0 * clearly express the version requirement
* Removed branches that are now unused (#3589)Alex Gaynor2017-05-241-3/+0
|
* add convenience methods for key_size on EC{Public,Private}Key (#3587)Paul Kehrer2017-05-231-0/+9
|
* Bump the minimum PyPy/cffi version and simplify as a result (#3585)Alex Gaynor2017-05-232-54/+0
| | | | | | | | * Bump the minimum PyPy/cffi version and simplify as a result * unused imports * grumble, fix
* Close stdout and stderr when spawning a process (#3578)Alex Gaynor2017-05-231-9/+13
|
* More deprecation warnings (#3579)Alex Gaynor2017-05-231-7/+3
| | | | | | * Fixed more deprecation warnings * unused import
* Delete some code (#3563)Alex Gaynor2017-05-203-72/+8
| | | | | | | | * Delete some code * removed import * delete more code
* Fixed #3533 -- made GCM mode object immutable (#3553)Alex Gaynor2017-05-201-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | * Fixed #3533 -- made GCM mode object immutable * flake8 * Fix for older openssl * fix * fix * sigh, fix * fixed * dropped negation * computers are bad * A test * This implements an interface
* remove multibackend (#3555)Paul Kehrer2017-05-205-692/+2
| | | | | | | | * remove multibackend * oops * goodbye pointless tests
* time to remove commoncrypto, fare thee well (#3551)Paul Kehrer2017-05-205-117/+2
| | | | | | | | | | | | | | | | * time to remove commoncrypto, fare thee well * remove even more * update the changelog * remove more things * don't need this function * remove CAST5 CTR tests since that was only supported in commoncrypto * assert a thing
* Don't raise an UnsupportedExtension for critical extensions. (#3550)Alex Gaynor2017-05-202-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | * Don't raise an UnsupportedExtension for critical extensions. Fixes #2903 Fixes #2901 Fixes #3325 * Don't link * Revert "Don't link" This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6. * fix * Revert "Revert "Don't link"" This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed. * fix * Deprecate this * Better changelog entry
* Don't skip DH tests when dhx unsupported and no dhx is required (#3484)Aviv Palivoda2017-05-191-17/+35
| | | | | | * Don't skip DH tests when dhx unsupported and no dhx is required * Add is_dhx parameter
* Fixes #3538 -- Make our OpenSSL EC verifier's implementation match the API ↵Alex Gaynor2017-05-101-1/+1
| | | | | | | | | | | | | | (#3539) * Document our real API for EC verification, not an accident * formatting consistency * fix the code itself * fixed class name * fixed a test too
* use openssl constants (#3534)Paul Kehrer2017-05-031-6/+15
|