| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
|
| |
|
|
|
|
|
|
|
|
| |
* add freshest CRL support
* add tests
* add changelog
* add tests for FreshestCRL generation
|
| |
|
| |
This is an extension for CRLs
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* implement __hash__ on KeyUsage and ExtendedKeyUsage
* properly use private values and alter test to catch that bug
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Implement __hash__ on AuthorityKeyIdentifier
* Adding dirname to fix build issue on AuthorityKeyIdentifier test
* .authority_cert_issuer to str
* use a tuple and not a str repr
|
| | |
|
| | |
|
| |
|
|
|
| |
strings of the form "scheme:///anything" would incorrectly have two
slashes dropped. This is fixed in two code paths in this PR but one of
those code paths will be entirely removed in a followup PR.
|
| |
|
| |
Needed to implement __hash__ on AuthorityKeyIdentifier
|
| |
|
|
| |
We need to add one small test to cover a case that is no longer covered
with this switch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for the TLSFeature extension in x509
This extension is used for OCSP Must-Staple.
* fix changelog link
* pep8
* refactor to support the sequence properly and add status_request_v2
* update some language
* add test vector, implement eq/ne/hash on TLSFeature
* address review comments
|
| |
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
| |
|
|
|
|
|
|
|
|
|
| |
* move x509 tests into a module
This is just to make grouping things like test_ocsp, etc a bit simpler
in the future
* fix path
* pep8
|
| |
|
|
|
|
|
|
|
|
| |
* add blake2b/blake2s support for hmac
This was a bug, but it turns out the noise protocol suggests using the
HMAC construction with BLAKE2 (rather than BLAKE2's own keyed
functionality) for a few reasons, so we should support it.
* actually test the thing
|
| | |
|
| |
|
|
|
|
| |
* deprecate unicode input for RFC822Name
* pep8...?
|
| |
|
|
|
|
|
|
|
|
| |
* deprecate auto-idna on UniformResourceIdentifier
* fix repr test
* docs
* some updated language
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Begin the deprecation of auto-idna for x509.DNSName
Refs #3357
* fix warning
* py3k fixes
* fix docs
* sigh
* flake8
* these are words
* words
* tests for coverage
* another test
* do idna things
* more idna things
|
| |
|
|
|
|
|
|
|
|
| |
* remove deprecated items
whirlpool, ripemd160, unsupportedextension, and the old interfaces
* flake8 and remove a test generator we no longe use
* make it clear we warned you about these things
|
| |
|
|
|
|
| |
* Remove DH generator size constraint
* Check that g > 1
|
| |
|
|
|
|
|
|
| |
* add AESGCM AEAD support
* remove stray newline
* move AESGCM docs above CCM
|
| |
|
|
|
|
| |
* move tag_length to the AESCCM constructor
* review feedback
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* allow p % 24 == 23 when generator == 2 in DH_check
* short url
* update and expand comments
* even better language!
|
| |
|
|
|
|
|
|
| |
* use an instance in aead_cipher_supported
* test for chacha20poly1305 compatibility via init exception
* pep8
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #3747 -- cache extensions on x.509 objects
* be kind to cpython, save a dict lookup
* flake8
* changelog
|
| | |
|
| |
|
|
|
|
|
|
| |
* don't parse SCTs on older openssl
* use two diff extension parsers because why not
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* disallow MD5 in CertificateBuilder and CertificateSigningRequestBuilder
* only error on ECDSA and DSA
lots of duplication in tests here, bleh
* remove changelog entry, also handle this for CRLBuilder
* pep8
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Test for leaking memory in EllipticCurvePublicNumbers.public_key()
* Fix the memory leak
As far as I can tell, from spelunking in the OpenSSL source (as you do), EC_KEY_set_public_key_affine_coordinates doesn't take ownership of "x" or "y". https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_smpl.c#L362-L420 is the place in the source I found that actually uses "x" and "y".
* Unused imports
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH parameter serizalization - no X9.42
* Support X9.42 serialization - DER not working
* Fix dhp_rfc5114_2.der
Changing the DER parameters serialization after the
fix in openssl commit a292c9f1b835
* DH parameters X9.42 DER serialization fixed
* fix _skip_dhx_unsupported
* document DH parameter_bytes
* PEP8 fixes
* Document load_pem_parameters
* Document load_der_parameters
* document ParameterFormat
* Increase test coverage
* Increase test covrage
* Remove unneeded check
* Fix typo
* Fix error in load_der_parameters
* Add load_pem_parameters and load_der_parameters to interfaces
* CR fixes
* Removed unverified phrase
* Update version to 2.0
* Fix pep8
* Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter
* link pkcs3
* Add new line at end of file to serialization.rst
* Rename DHparameters to PKCS3
* doc CR fix
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* ed25519 vector loader
* refactor to use unpacking
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* early days
* sort of working
* more things
* remove private_bytes
* public bytes, interface fix
* load public keys
* x25519 support basically done now
* private_bytes is gone
* some reminders
* doctest this too
* remove a thing that doesn't matter
* x25519 supported checks
* libressl has the NID, but a different API, so check for OpenSSL
* pep8
* add missing coverage
* update to use reasons
* expand test a little
* add changelog entry
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* chacha20poly1305 support
* add chacha20poly1305 backend and some fixes
* refactor
* forgot to remove this
* pep8
* review feedback and a lot of type/value checking
* review feedback
* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object
if it's not supported.
* switch to ciphertext||tag
* typo
* remove a branch we don't need
* review feedback
* decrypts is *also* a word
* use reasons
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
|
| |
|
|
|
|
| |
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* make signature and verification contexts error better re: prehashed
* code review feedback
|
| |
|
|
|
|
|
|
|
| |
The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs). If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* move MACContext to mac.py and eliminate interfaces.py finally
* improve title
* re-add and deprecate interfaces.MACContext
* use pytest.warns instead of deprecated_call
The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then
|
