aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Added a test vector of an OCSP response with SCT extension (#5066)Alex Gaynor2019-11-162-0/+2
|
* add SSL[_CTX]_clear_mode (#5062)Maximilian Hils2019-11-111-0/+2
|
* Windows Installation: fix link to binaries (#5061)Maximilian Hils2019-11-111-7/+6
| | | | | | | | | | * Windows Installation: fix link to binaries While https://github.com/pyca/infra/tree/master/windows/openssl points a trusted source (which would be preferable), pyca/infra currently does not provide any Windows binaries for download. Linking to the official OpenSSL wiki seems to be a reasonable compromise. * fix whitespace
* Parse single_extensions in OCSP responses (#5059)Paul Kehrer2019-11-118-1/+48
| | | | | | | | | | | | * add single_extensions to OCSPResponse (#4753) * new vector, updateed docs, more stringent parser, changelog, etc * simplify PR (no SCT for now) * add a comment * finish pulling out the sct stuff so tests might actually run
* Fixes #4699 -- document that UnrecognizedExtension can be used in generation ↵Alex Gaynor2019-11-111-1/+3
| | | | (#5057)
* Fixed #4377 -- document certificate policies with an example (#5058)Alex Gaynor2019-11-111-0/+12
|
* Fixed #5050 -- dropped support for an old LibresSSL release (#5056)Alex Gaynor2019-11-1110-16/+12
| | | | | | * Fixed #5050 -- dropped support for an old LibresSSL release * Changelog
* Retry failed code coverage uploads (#5054)Alex Gaynor2019-11-111-1/+1
|
* Run py3.8 as our py3 in macOS CI (#5032)Alex Gaynor2019-11-111-6/+6
|
* Let Oid enforce positive decimal integers (#5053)Noel Remy2019-11-102-1/+45
| | | | | | Failing that would lead to an OpenSSL error when calling OBJ_txt2obj at serialization. Adds basic tests for oids.
* issue-5039: added documentation for curve attribute on EllipticCurveP… (#5045)jschmidtlein2019-11-041-0/+6
| | | | | | * issue-5039: added documentation for curve attribute on EllipticCurvePrivateKey based on existing docs * issue-5039: changed indentation
* Stop testing 2.7 on fedora (#5052)Alex Gaynor2019-11-051-3/+0
|
* Deal with the 2.5 deprecations (#5048)Alex Gaynor2019-11-037-27/+11
| | | | | | | | | | | | * Deal with the 2.5 deprecations * pep8 + test fixes * docs typo * Why did I do this? * typo
* Fixed link for linkcheck (#5047)Alex Gaynor2019-11-011-1/+1
|
* Add a comment so we can easily find a place to update later (#5043)Alex Gaynor2019-11-011-0/+1
| | | | | | * Add a comment so we can easily find a place to update later * flake8
* Don't bother computing y coefficient in _modinv (#5037)Clayton Smith2019-10-291-3/+3
|
* Silence unguarded availability warnings for `getentropy` when targeting ↵Max Bélanger2019-10-241-1/+5
| | | | | | | | macOS 10.12 (#5019) * silence `Wunguarded-availability` when building with a `MACOSX_DEPLOYMENT_TARGET < 10.12` * use `__builtin_available` rather than a `NULL` echo upon init on mac
* fix copy pasta in example snippet (#5033)Ofek Lev2019-10-231-2/+1
|
* Use 3.8 in CI where we want 'the latest 3.x' (#5021)Alex Gaynor2019-10-201-21/+21
| | | | | | * Use 3.8 in CI where we want 'the latest 3.x' * Revert macOS changes for now
* Test against libressl 3.0 (#5031)Alex Gaynor2019-10-202-2/+4
| | | | | | * Test against libressl 3.0 * Correctly type these ints
* Fix documentation of AuthorityKeyIdentifier.authority_cert_issuer. (#5001)Felix Fontein2019-10-191-1/+1
|
* Move `backend` argument in Scrypt documentation (#5027)Jeremy Lainé2019-10-181-3/+2
| | | | Move the `backend` argument up with the rest of the constructor arguments, otherwise it's easy to miss it.
* Correctly document `backend` argument of KBKDFHMAC (#5026)Jeremy Lainé2019-10-181-2/+2
| | | | The documentation states that `backend` should be a `HashBackend` instance when in fact it should be a `HMACBackend` instance.
* Fixes #5018 -- break users on OpenSSL 1.0.1 (#5022)Alex Gaynor2019-10-186-9/+47
| | | | | | | | | | | | * Fixes #5018 -- break users on OpenSSL 1.0.1 * Grammar * Syntax error * Missing import * Missing import
* reopen master for the 2.9 release (#5017)Paul Kehrer2019-10-173-3/+10
|
* Bump versions for 2.8 release (#5014)Alex Gaynor2019-10-173-8/+6
|
* Don’t downgrade pip on windows wheel building (#5015)Paul Kehrer2019-10-171-4/+3
| | | | | | | | * Don’t downgrade pip on windows wheel building * Conditionally install enum34 * Syntax
* Comply with PEP 508 by using platform_python_implementation (#5006)Sebastian Jordan2019-10-171-1/+1
|
* UniversalString needs to be encoded as UCS-4 (#5000)Marko Kreen2019-10-172-0/+19
|
* Fixes #5010 -- test and build 3.8 wheels (#5013)Alex Gaynor2019-10-176-1/+30
| | | | | | * Fixes #5010 -- test and build 3.8 wheels * try using isolated_build = True to work around a failure
* update openssls (#4995)Paul Kehrer2019-10-153-11/+25
| | | | | | | | | | * update openssls * missed one * what will this do * only do this check for 1.1.0+
* update our test to be more robust wrt some changes from upstream (#4993)Paul Kehrer2019-09-111-2/+9
|
* Simplify implementing sequence methods (#4987)Alex Gaynor2019-09-101-94/+31
| | | | | | * Simplify implementing sequence methods * flake8
* update libressl and pypy2.7 and pypy3.5 (#4989)Paul Kehrer2019-09-091-3/+5
| | | | | | | | | | * update libressl and pypy2.7 and pypy3.5 * okay can't get 7.1, let's try to at least do 7.0 * 7.1.1 does actually exist * also an empty commit to appease the codecov gods
* we're done here (#4991)Paul Kehrer2019-09-091-0/+2
|
* it's called FIPS_mode_set, not FIPS_set_mode (#4988)Paul Kehrer2019-09-091-1/+1
|
* one more missing branch (#4992)Paul Kehrer2019-09-091-0/+23
|
* fix coverage, small cleanups in tests (#4990)Paul Kehrer2019-09-093-30/+40
|
* Finish ed25519 and ed448 support in x509 module (#4972)Marko Kreen2019-09-0914-64/+662
| | | | | | | | | | | | | | | | | | * Support ed25519 in csr/crl creation * Tests for ed25519/x509 * Support ed448 in crt/csr/crl creation * Tests for ed448/x509 * Support ed25519/ed448 in OCSPResponseBuilder * Tests for eddsa in OCSPResponseBuilder * Builder check missing in create_x509_csr * Documentation update for ed25519+ed448 in x509
* be clear that NoEncryption must be an instance in the exception (#4985)Paul Kehrer2019-09-074-4/+4
|
* changelog addition for freshestcrl in CRLs (#4986)Paul Kehrer2019-09-071-0/+2
|
* Allow FreshestCRL extension in CRL (#4975)Marko Kreen2019-09-073-0/+35
| | | Per RFC5280 it is allowed in both certificates and CRL-s.
* fix coverage by adding two artificial DSA public keys (#4984)Paul Kehrer2019-09-064-0/+37
| | | | | | | | | | * fix coverage by adding two artificial DSA public keys One key removes the optional parameters from the structure to cover a branch conditional, and the other key has its BITSTRING padding value set to a non-zero value. * lexicographic? never heard of it
* Improve documentation for ECDSA sign and verify (#4970)Harry Stern2019-08-161-6/+17
| | | | - Note that signatures are DER-encoded - Note that signatures can be encoded from r,s using util function
* Add SSL_get0_verified_chain to cffi lib (#4965)arjenzorgdoc2019-08-142-0/+16
| | | | | | | | * Add SSL_get0_verified_chain to cffi lib OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert. * Work around no support for #if in cdef in old cffi
* Fixes #4956 -- added a changelog entry for the removal of the asn1crypto dep ↵Alex Gaynor2019-07-281-0/+1
| | | | (#4959)
* Make DER reader into a context manager (#4957)Alex Gaynor2019-07-285-54/+65
| | | | | | | | * Make DER reader into a context manager * Added another test case * flake8
* Run pep8 tests first in travis (#4958)Alex Gaynor2019-07-281-2/+2
|
* Remove asn1crypto dependency (#4941)David Benjamin2019-07-2810-64/+509
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove non-test dependencies on asn1crypto. cryptography.io actually contains two OpenSSL bindings right now, the expected cffi one, and an optional one hidden in asn1crypto. asn1crypto contains a lot of things that cryptography.io doesn't use, including a BER parser and a hand-rolled and not constant-time EC implementation. Instead, check in a much small DER-only parser in cryptography/hazmat. A quick benchmark suggests this parser is also faster than asn1crypto: from __future__ import absolute_import, division, print_function import timeit print(timeit.timeit( "decode_dss_signature(sig)", setup=r""" from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08" """, number=10000)) Python 2.7: asn1crypto: 0.25 _der.py: 0.098 Python 3.5: asn1crypto: 0.17 _der.py: 0.10 * Remove test dependencies on asn1crypto. The remaining use of asn1crypto was some sanity-checking of Certificates. Add a minimal X.509 parser to extract the relevant fields. * Add a read_single_element helper function. The outermost read is a little tedious. * Address flake8 warnings * Fix test for long-form vs short-form lengths. Testing a zero length trips both this check and the non-minimal long form check. Use a one-byte length to cover the missing branch. * Remove support for negative integers. These never come up in valid signatures. Note, however, this does change public API. * Update src/cryptography/hazmat/primitives/asymmetric/utils.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Review comments * Avoid hardcoding the serialization of NULL in decode_asn1.py too.
* fix osrandom/builtin switching methods for 1.1.0+ (#4955)Paul Kehrer2019-07-272-7/+9
| | | | | | | | | | * fix osrandom/builtin switching methods for 1.1.0+ In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin random engine via activate_builtin_random(). Fixed by directly calling RAND_set_rand_method. This works on 1.0.x and 1.1.x * missed an assert
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 20:09:29 +0000