aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* add 1200 byte HKDF test vector and a generator/verifier for it (#4074)Paul Kehrer2018-01-065-2/+149
| | | | | | | | * add 1200 byte HKDF test vector and a generator/verifier for it * exit non-zero when failing * ugh
* Drop conda workaround from installation docs (#4073)Alex Gaynor2018-01-061-23/+0
| | | I don't think it's relevant anymore
* Use `BN_clear_free` in places where `BN_free` is being used (#4072)Tux2018-01-051-2/+2
| | | | | | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn * Use BN_clear_free in lieu of BN_free * Use BN_free on public values
* Expose `BN_clear_free` in the OpenSSL backend (#4071)Tux2018-01-052-1/+2
| | | | | | * Expose BN_clear_free * Use BN_clear_free in test_int_to_bn
* just a quick confirmation that it really is an x25519 evp key (#4070)Paul Kehrer2018-01-053-0/+13
| | | | | | * just a quick confirmation that it really is an x25519 evp key * openssl assert. take that python -O
* DH interfaces existed in 0.9 but we didn't implement until 1.7 (#4068)Paul Kehrer2018-01-051-9/+7
| | | | | | * DH interfaces existed in 0.9 but we didn't implement until 1.7 * sigh empty
* grammar nit, use a comma here (#4066)Alex Gaynor2017-12-291-1/+1
|
* Fixed #4039 -- added a python_requires to setup.py (#4064)Alex Gaynor2017-12-261-0/+2
|
* Fixed #4006 -- bind functions for dealing with sigalgs (#4063)Alex Gaynor2017-12-262-0/+23
| | | | | | * Fixed #4006 -- bind functions for dealing with sigalgs * oops
* bump libressl version (#4062)Alex Gaynor2017-12-251-1/+1
|
* Add import default backend (#4061)Pablo Lefort2017-12-201-0/+1
| | | | | | * Add import default backend * Revert blank line in
* Fixed #4058 -- use the thread-safe API from OpenSSL, not the danger one (#4059)Alex Gaynor2017-12-183-7/+7
|
* remove whirlpool vectors since we no longer support whirlpool (#4054)Paul Kehrer2017-12-102-73/+0
|
* Don't use whirlpool as an example (#4053)Alex Gaynor2017-12-111-1/+1
| | | | | Both because it's weirdo crypto, but also because we don't even support it. Adhere to our documented policy of using good crypto for all examples
* Fixed 120 warnings from the RSA tests (#4052)Alex Gaynor2017-12-111-9/+6
| | | | | | * Fixed 120 warnings from the RSA tests * typo
* Fixed DSA tests to not emit 200 warnings (#4050)Alex Gaynor2017-12-101-8/+2
|
* update the ec tests to not emit 3000 warnings (#4048)Alex Gaynor2017-12-101-11/+12
|
* In RSA test vectors, use verify() to avoid warnings (#4047)Alex Gaynor2017-12-101-8/+14
| | | | | | * In RSA test vectors, use verify() to avoid warnings * whoops
* Use the latest OpenSSL in travis tests (#4045)Alex Gaynor2017-12-081-3/+3
|
* Fixed deprecation warnings in x509 tests (#4040)Alex Gaynor2017-12-041-26/+18
|
* Pass the right length of null bytes when no salt is provided to HKDF (#4036)Paul Kehrer2017-12-011-1/+1
| | | | | | This bug looks bad but ends up being benign because HMAC is specified to pad null bytes if a key is too short. So we passed too few bytes and then OpenSSL obligingly padded it out to the correct length. However, we should still do the right thing obviously.
* Fix ASN1 string type encoding for several Name OIDs (#4035)Paul Kehrer2017-11-302-23/+150
| | | | | | | | | | | | | | | | | | | * Fix ASN1 string type encoding for several Name OIDs When we changed over to the new type encoding system we didn't verify that the new code exactly matched the ASN1 string types that OpenSSL was previously choosing. This caused serialNumber, dnQualifier, emailAddress, and domainComponent to change from their proper encodings to UTF8String as of version 2.1. Now we check to see if there's a sentinel value (indicating no custom type has been passed) and then check if the OID has a different default than UTF8. If it does, we set it. This PR also adds tests for the ASN1 string type of ever supported NameOID. * review feedback
* port changelog for 2.1.4 to master (#4031)Paul Kehrer2017-11-291-0/+7
|
* add X509_up_ref (#4028)Paul Kehrer2017-11-281-0/+5
|
* pytest 3.3.0 has an issue with parametrized null bytes again (#4026)Paul Kehrer2017-11-281-1/+1
|
* fix typo in comment (#4019)Benjamin Peterson2017-11-131-1/+1
|
* nit: remove double space in deprecation warning (#4018)Alex Gaynor2017-11-111-2/+2
|
* Use a different warning class so users get warnings (#4014)Alex Gaynor2017-11-117-27/+36
| | | | | | | | | | | | * Use a different warning class so users get warnings * fixed tests * do our own warning class * typo * flake8
* nit in LICENSE, itself doesn't make sense here (#4016)Alex Gaynor2017-11-101-2/+1
| | | | | | * nit in LICENSE, itself doesn't make sense here * more cleanup
* bump libressl version (#4012)Alex Gaynor2017-11-071-1/+1
|
* forward port changelog (#4009)Alex Gaynor2017-11-021-0/+8
|
* Fix a few new flake8 issues (#4008)Alex Gaynor2017-11-023-3/+0
|
* Link to how to report a security issue in our readme (and therefore on pypi) ↵Alex Gaynor2017-10-281-0/+7
| | | | (#4002)
* nit: line wrapping change (#4004)Alex Gaynor2017-10-281-2/+1
|
* buster is 3.6 now (#4003)Alex Gaynor2017-10-281-1/+1
|
* clearly error out on older setuptools (#4000)Alex Gaynor2017-10-281-0/+10
| | | | | | * clearly error out on older setuptools * use the right thing
* Forward port 2.1.2 changelog (#3998)Alex Gaynor2017-10-241-0/+8
|
* Fixes #3947 -- remove the docutils.conf (#3995)Alex Gaynor2017-10-232-4/+2
| | | | | | * Fixes #3947 -- remove the docutils.conf * include minimum versions
* Latest flake8 has some rules about variable names (#3996)Alex Gaynor2017-10-232-4/+4
|
* rolling has 36 now that it is artful (#3991)Alex Gaynor2017-10-211-1/+1
|
* fixed #3986 -- properly use unicode for DNSName (#3988)Alex Gaynor2017-10-191-4/+4
|
* Add Multifernet.rotate method (#3979)Chris Wolfe2017-10-196-3/+126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add rotate method * add some more tests for the failure modes * start adding some documentation for the rotate method * operate on a single token at a time, leave lists to the caller * add versionadded add versionadded, drop rotate from class doctest * give rotate a doctest * single level, not aligned * add changelog for mf.rotate * show that, once rotated, the old fernet instance can no longer decrypt the token * add the instead of just the how * update docs to reflect removal of ttl from rotate * update tests * refactor internal methods so that we can extract the timestamp * implement rotate * update wordlist (case sensitive?) * lints * consistent naming * get_token_data/get_unverified_token_data -> better name * doc changes * use the static method, do not treat as imethod * move up to MultiFernet docs * add to authors * alter wording * monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second * set the time after encryption to make sure that the time is preserved as part of re-encryption
* Make changelog for A-label more readable (#3977)Christian Heimes2017-10-171-7/+9
| | | | | "value, value, and value" isn't very helpful. Signed-off-by: Christian Heimes <cheimes@redhat.com>
* use the correct modern API (#3984)Alex Gaynor2017-10-171-1/+1
|
* port 2.1.1 changelog (#3975)Paul Kehrer2017-10-121-0/+7
|
* add a faq entry for a message outdated pip/setuptools can output (#3971)Paul Kehrer2017-10-121-0/+7
| | | | | | * add a faq entry for a message outdated pip/setuptools can output * attention to detail is not my strong suit
* random hack to maybe support older pips (#3970)Alex Gaynor2017-10-121-1/+1
|
* bump libressl to 2.6.2 (#3967)Alex Gaynor2017-10-121-1/+1
|
* Inline calls to bit_length now that it's trivial (#3966)Alex Gaynor2017-10-128-12/+18
| | | | | | | | * Inline calls to bit_length now that it's trivial * unused imports * An comment
* Debian sid is python3.6 now (#3968)Alex Gaynor2017-10-122-1/+4
| | | | | | * Debian sid is python3.6 now * Workaround because apparently measuring coverage correctly isn't a legitimate use case
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 06:09:21 +0000