|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * missing macro and three macro functions
* removed space before function name (style issue)
* remove macro which always will not be set by cryptography | 
| | 
| 
| 
| 
| 
| | * add support for prehashing in ECDSA sign/verify
* move signature_algorithm check to its own function | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support RSA verify with prehashing
* review feedback
* more dedupe
* refactor and move to a separate module | 
| | 
| 
| 
| 
| 
| 
| 
| | * support prehashing in RSA sign
* check to make sure digest size matches prehashed data provided
* move doctest for prehashed | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| | pulled from #3244 | 
| | 
| 
| | where it belongs! | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | In 1.1.0 this is a noop and occurs by default, and this wasn't supported
< 1.0.2 | 
| | 
| 
| | refs #3248 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey
* also rename the backend interface method
* review feedback
* Rename to derive_elliptic_curve_private_key
* Returns EllipticCurvePrivateKey
* Reuses the EC_POINT in the openssl impl
* Rename "secret" arg to "private_value" which is consistent with our
  naming for the value in ECPrivateNumbers. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * cx_freeze support for default_backend
* updated tabing to spaces
* corrected spacing
* moved finding backend to backends __init__
* update to check to see if sys is frozen
* corrected pep8 issues
* update based on comments
* changes to simplify, support testing, and improve comments
* add changelog entry
* right, coverage. I remember now. Time for some contortions.
* updated with review feedback | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add a bytes method to get the DER ASN.1 encoding of an X509 name.
This is useful for creating an OpenSSL style subject_name_hash (#3011)
* add to backend interface and update multibackend
* bytes -> public_bytes | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Remove Python OpenSSL locking callback and replace it with one in C
The Python OpenSSL locking callback is unsafe; if GC is triggered
during the callback's invocation, it can result in the callback being
invoked reentrantly, which can lead to deadlocks. This patch replaces
it with one in C that gets built at compile time via cffi along with
the rest of the OpenSSL binding.
* fixes for some issues
* unused
* revert these changes
* these two for good measure
* missing param
* sigh, syntax
* delete tests that assumed an ability to mess with locks
* style fixes
* licensing stuff
* utf8
* Unicode. Huh. What it isn't good for, absolutely nothing. | 
| | 
| 
| | http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html | 
| | 
| 
| 
| 
| 
| | * add some new oids
* As Alex pointed out, it's streetAddress | 
| | 
| 
| 
| 
| 
| | * add alternate signature OID for RSA with SHA1 + test and vector
* mozilla is a proper noun leave me alone spellchecker | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * finish https://github.com/pyca/cryptography/pull/1973
* change API & add test
Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.
* fix test
* improve coverage
* complete coverage
* final fix
* centos fix
* retry
* cleanup asserts
* use openssl_assert
* skip unsupported platforms
* change API name to derive_private_key
* change version added
* improve description of `secret` param
* separate successful and failure test cases
* simplify successful case
* add docs for derive_elliptic_curve_public_point
* add period | 
| | 
| 
| 
| 
| 
| 
| 
| | Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects.  Add the 'rdns' attribute to give
access to the RDNs.  Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add RelativeDistinguishedName class
* Make relative_name a RelativeDistinguishedName
DistributionPoint relative_name is currently a Name but RFC 5280
defines it as RelativeDistinguishedName, i.e. a non-empty SET OF
name attributes.  Change the DistributionPoint relative_name
attribute to be a RelativeDistinguishedName. | 
| | 
| 
| 
| 
| 
| | * Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible | 
| | |  | 
| | 
| 
| 
| 
| 
| | * re-add setuptools resolve vs load workaround
* add deprecatedin tag so we can find this easier | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support random_serial_number in the CertificateBuilder
* turns out pytest's monkeypatch has an undo
* random_serial_number now a function
* just certs | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add bounds checking for Scrypt parameters.
* Pep8.
* More PEP8.
* Change wording. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | * fix inconsistency in utilization of block_size in openssl cipher impl
Previously we over-allocated our buffers because we treated a bit size
as bytes.
* rename property | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Scrypt implementation.
* Docs stuff.
* Make example just an example and not a doctest.
* Add changelog entry.
* Docs cleanup.
* Add more tests.
* Add multibackend tests.
* PEP8.
* Add docs about Scrypt parameters.
* Docs cleanup.
* Add AlreadyFinalized. | 
| | 
| 
| 
| 
| 
| | * add support for signature_algorithm_oid to cert, CSR, and CRL
* refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that | 
| | 
| 
| 
| 
| 
| 
| 
| | * Add a register_interface_if decorator.
* Add tests.
* PEP 8. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add Scrypt bindings.
* Add check for OPENSSL_NO_SCRYPT.
* Fix CUSTOMIZATIONS.
* Account for LibreSSL.
* Remove argument names.
* Remove more argument names. |