| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2
|
| |
|
| |
refs #3248
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* change derive_elliptic_curve_public_point to return EllipticCurvePublicKey
* also rename the backend interface method
* review feedback
* Rename to derive_elliptic_curve_private_key
* Returns EllipticCurvePrivateKey
* Reuses the EC_POINT in the openssl impl
* Rename "secret" arg to "private_value" which is consistent with our
naming for the value in ECPrivateNumbers.
|
| |
|
|
|
|
| |
* update travis to use xcode8.1 image so we have sierra coverage
* docs too
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cx_freeze support for default_backend
* updated tabing to spaces
* corrected spacing
* moved finding backend to backends __init__
* update to check to see if sys is frozen
* corrected pep8 issues
* update based on comments
* changes to simplify, support testing, and improve comments
* add changelog entry
* right, coverage. I remember now. Time for some contortions.
* updated with review feedback
|
| |
|
|
|
|
|
|
|
|
| |
* Add a bytes method to get the DER ASN.1 encoding of an X509 name.
This is useful for creating an OpenSSL style subject_name_hash (#3011)
* add to backend interface and update multibackend
* bytes -> public_bytes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing.
|
| | |
|
| |
|
| |
http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
|
| |
|
|
|
|
| |
* add some new oids
* As Alex pointed out, it's streetAddress
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* finish https://github.com/pyca/cryptography/pull/1973
* change API & add test
Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.
* fix test
* improve coverage
* complete coverage
* final fix
* centos fix
* try ec.SECT283K1
* try ec.SECT571K1
* try ec.SECT409K1
* try ec.SECT283K1
* try ec.SECT233K1
* try ec.SECT163K1
* try ec.SECT571R1
* try ec.SECT409R1
* try ec.SECT283R1
* try ec.SECT233R1
* try ec.SECT163R2
* try ec.SECP521R1
* try ec.SECP256R1
* retry
* cleanup asserts
* use openssl_assert
* skip unsupported platforms
* change API name to derive_private_key
* change version added
* improve description of `secret` param
* separate successful and failure test cases
* simplify successful case
* add docs for derive_elliptic_curve_public_point
* add period
* update CHANGELOG.rst & AUTHORS.rst
for https://github.com/pyca/cryptography/pull/3225
* added reST prefix
* reduce line length
|
| |
|
|
|
|
| |
* add alternate signature OID for RSA with SHA1 + test and vector
* mozilla is a proper noun leave me alone spellchecker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* finish https://github.com/pyca/cryptography/pull/1973
* change API & add test
Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.
* fix test
* improve coverage
* complete coverage
* final fix
* centos fix
* retry
* cleanup asserts
* use openssl_assert
* skip unsupported platforms
* change API name to derive_private_key
* change version added
* improve description of `secret` param
* separate successful and failure test cases
* simplify successful case
* add docs for derive_elliptic_curve_public_point
* add period
|
| |
|
|
|
|
|
|
| |
Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects. Add the 'rdns' attribute to give
access to the RDNs. Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add RelativeDistinguishedName class
* Make relative_name a RelativeDistinguishedName
DistributionPoint relative_name is currently a Name but RFC 5280
defines it as RelativeDistinguishedName, i.e. a non-empty SET OF
name attributes. Change the DistributionPoint relative_name
attribute to be a RelativeDistinguishedName.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* tox 2.4 allows has new extras syntax
* specify minimum version for tox in dev-requirements.txt
|
| | |
|
| |
|
| |
Also remove the webhook for the buildtrends, which we don't use.
|
| | |
|
| | |
|
| |
|
| |
Update openssl https URL, otherwise a 302 result screws up the curl/tar steps and confusion ensues.
|
| |
|
|
|
|
|
|
|
|
| |
* support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage
|
| | |
|
| |
|
|
| |
vulnerability (#3177)
|
| | |
|
| |
|
|
|
|
|
|
| |
* Simplify OpenSSL bits in travis
* more simplify
* missed one
|
| | |
|
| |
|
|
|
|
| |
* test against 1.1.0a instead of 1.1.0
* change the dir to foil travis caching
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* first draft of verification and serialization
* tweaks in the RST syntax
* added example of deserialization
* taking into account the returned value, so that doctests pass
* adjusted rst syntax and indentation for code samples
* removed print call
* forgot to actually call splitlines
* added missing argument when loading private key
* added Deserialization to dictionary
* made lines shorter to meet style requirements
* applied requested changes in style
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* update our travis configs to run against 10.10, 10.11, 10.12
Drops 10.9 from Travis. The xcode8 image is also currently not 10.12,
but is planned to become that soon see:
https://blog.travis-ci.com/2016-09-15-new-default-osx-image-coming/
* add output of sw_vers for mac builders on travis
* reorder
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible
|
| | |
|
| |
|
|
|
|
| |
* re-add setuptools resolve vs load workaround
* add deprecatedin tag so we can find this easier
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
