aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | move two asserts much closer to call sitePaul Kehrer2015-09-251-2/+2
| | | |
* | | | convert the rest of the openssl backend to using openssl_assertPaul Kehrer2015-09-258-87/+90
| |_|/ |/| |
* | | remove unnecessary checkPaul Kehrer2015-09-251-1/+0
| | |
* | | change some asserts back since they're not openssl specificPaul Kehrer2015-09-251-18/+19
| | | | | | | | | | | | plus bonus better exception msg
* | | start converting asserts to a function callPaul Kehrer2015-09-251-166/+185
| |/ |/| | | | | | | This prevents situations where asserts are bypassed when running python with -O.
* | Add X963KDF from ANSI X9.63:2001Simo Sorce2015-09-241-0/+70
|/ | | | | | | | | | The implemention allows the use a Hash function to implement a KDF very similar to ConcatKDFHash, just different enough to require a separate derivation function. Closes #2203 Signed-off-by: Simo Sorce <simo@redhat.com>
* should have _asn1_* utility functions in a common placeErik Trauschke2015-09-242-73/+63
|
* Resolve an unusual test bug related to initializing the bindingsPaul Kehrer2015-08-292-7/+6
| | | | | | | | | | | | | | | | | | | To make calls against the "SSL" parts of OpenSSL you need to call SSL_library_init. There are multiple ways this can be called: * If you're using the same OpenSSL in cryptography as you are in your Python then Python will call it for you. * If you import the openssl backend. These tests need SSL_library_init to be called. When run in our CI SSL_library_init is called because during the parametrization step the OpenSSL backend is imported (thus triggering it). However, you can also run tests directly via py.test and without this change py.test tests/hazmat/bindings/test_openssl.py would crash if you had cryptography linked against a different OpenSSL than your Python used.
* add conditional removal for SET_CERT_CBPaul Kehrer2015-08-251-1/+5
|
* set the default stringmask to utf8Paul Kehrer2015-08-221-0/+6
| | | | | This corrects a problem where older OpenSSL versions don't do this by default. fixes #2291
* Move signature type checksStanisław Pitucha2015-08-143-8/+9
| | | | Move the point of checking signatures, as suggested by alex in PR 2262.
* Merge pull request #2262 from viraptor/non-bytes-signaturesPaul Kehrer2015-08-123-0/+8
|\ | | | | Ensure early exeption on non-bytes signature
| * Enforce signature type in ECDSA and add testsStanisław Pitucha2015-08-121-0/+2
| | | | | | | | | | Ensure that ECDSA signatures are bytes to match RSA/DSA and add tests for all three.
| * Ensure early exeption on non-bytes signatureStanisław Pitucha2015-08-112-0/+6
| | | | | | | | | | Signature must be in bytes. If the check is skipped, verify() can explode later in cffi call in _verify_pkey_ctx() for example.
* | Merge pull request #2250 from reaperhulk/fix-2246Alex Gaynor2015-08-121-0/+26
|\ \ | |/ |/| resolve incorrect docs/naming around DSA (r, s) tuple encode/decode
| * resolve incorrect docs/naming around DSA (r, s) tuple encode/decodePaul Kehrer2015-08-101-0/+26
| |
* | switch the openssl backend to use the OID namespacePaul Kehrer2015-08-102-26/+28
|/
* Merge pull request #2233 from reaperhulk/encode-nocheckAlex Gaynor2015-08-091-0/+9
|\ | | | | add support for OCSPNoCheck to the CertificateBuilder
| * improve comment for ocsp_nocheck encodingPaul Kehrer2015-08-091-3/+2
| |
| * add support for OCSPNoCheck to the CertificateBuilderPaul Kehrer2015-08-091-0/+10
| |
* | support issuer alternative name encodingPaul Kehrer2015-08-091-2/+3
|/
* move encode out of try blocksPaul Kehrer2015-08-091-2/+2
|
* simplify the CSRBuilderPaul Kehrer2015-08-081-9/+4
|
* remove a lot of if/elif chains in the certificate builderPaul Kehrer2015-08-081-23/+19
|
* support InhibitAnyPolicy in CertificateBuilderPaul Kehrer2015-08-081-0/+13
|
* add support for AuthorityKeyIdentifier in CertificateBuilderPaul Kehrer2015-08-081-0/+32
|
* add support for encoding SubjectKeyIdentifier to CertificateBuilderPaul Kehrer2015-08-081-0/+13
|
* move distpoint fullname/relativename to consts in backends.openssl.x509Paul Kehrer2015-08-082-5/+9
|
* switch to _encode_general_names.Paul Kehrer2015-08-081-8/+1
| | | | I knew I made that for a reason, thanks Alex
* remove a double for loop that made literally no sensePaul Kehrer2015-08-081-6/+5
|
* switch ReasonFlags bit string setting to use a dict mappingPaul Kehrer2015-08-081-40/+18
|
* support relativename encoding using X509_NAMEPaul Kehrer2015-08-081-3/+6
| | | | X509_NAME contains a STACK_OF(X509_NAME_ENTRY) which we duplicate
* support CRLDistributionPoints in the CertificateBuilderPaul Kehrer2015-08-081-0/+93
|
* Merge pull request #2222 from reaperhulk/memleak-partdeuxAlex Gaynor2015-08-061-0/+2
|\ | | | | X509_add_ext dupes the X509_EXTENSION when adding it. fix the leak
| * X509_add_ext dupes the X509_EXTENSION when adding it. fix the leakPaul Kehrer2015-08-061-0/+2
| |
* | fix a memory leak in certificate creation during extension creationPaul Kehrer2015-08-061-1/+1
|/
* rename sign_x509_certificate backend method to create_x509_certificatePaul Kehrer2015-08-063-5/+5
|
* we still need to gc in encode_subject_alt_namePaul Kehrer2015-08-051-0/+3
|
* refactor SAN encoding to separate out general names in openssl backendPaul Kehrer2015-08-051-7/+8
|
* Merge pull request #2180 from reaperhulk/easy-conditional-fixDonald Stufft2015-08-042-1/+432
|\ | | | | create a ConditionalLibrary and remove unsupported items
| * change approach for pypy performance reasonsPaul Kehrer2015-08-041-12/+13
| |
| * only copy the attrs we know should exist (courtesy dstufft)Paul Kehrer2015-08-031-7/+9
| |
| * pass in the imports to make it a bit clearer what's going onPaul Kehrer2015-08-031-3/+3
| |
| * move the attr setting to the __init__ of _ConditionalLibraryPaul Kehrer2015-08-031-12/+10
| |
| * create a ConditionalLibrary and remove unsupported itemsPaul Kehrer2015-08-012-1/+431
| |
* | Merge pull request #2193 from reaperhulk/encode-aiaAlex Gaynor2015-08-031-0/+30
|\ \ | | | | | | Support AuthorityInformationAccess in CertificateBuilder
| * | add support for AIA to CertificateBuilder and OpenSSL backendPaul Kehrer2015-08-031-1/+7
| | |
| * | encode authority information accessPaul Kehrer2015-08-031-0/+24
| | |
* | | Fixes #2199 -- allow SSH keys to have spaces in their commentsAlex Gaynor2015-08-031-2/+2
| | |
* | | support keyusage and extendedkeyusage in certificatebuilderPaul Kehrer2015-08-031-0/+4
|/ /
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-07 23:33:16 +0000