| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
* update the thread link
linkcheck doing its job!
* update our locking information
|
| |
|
| |
Which, despite supporting HTTPS, is non-deterministically providing 404s and DigiCert has asserted that http is the only "supported" protocol.
|
| | |
|
| |
|
|
|
|
|
| |
For additional details, see:
https://github.com/pypa/wheel/blob/3dc261abc98a5e43bc7fcf5783d080aaf8f9f0cf/wheel/bdist_wheel.py#L127-L133
http://pythonwheels.com/
|
| | |
|
| |
|
|
|
|
|
|
| |
* Run wycheproof RSA tests on LibreSSL>=2.8
* Define it this way
* These are errors on libressl
|
| |
|
|
|
|
|
|
|
|
| |
* Fixes #4734 -- Deal with deprecated things
- Make year based aliases of PersistentlyDeprecated so we can easily assess age
- Removed encode/decode rfc6979 signature
- Removed Certificate.serial
* Unused import
|
| |
|
|
|
|
|
|
| |
* Use O_CLOEXEC when it's available
* Don't have two vars with the same name
* A normal person would be emberassed
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* allow asn1 times of 1950-01-01 and later.
* add a test
* pretty up the test
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we used unix timestamps, but now we are switching to using
ASN1_TIME_set_string and automatically formatting the string based on
the year. The rule is as follows:
Per RFC 5280 (section 4.1.2.5.), the valid input time
strings should be encoded with the following rules:
1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
Notably, Dates < 1950 are not valid UTCTime. At the moment we still
reject dates < Jan 1, 1970 in all cases but a followup PR can fix
that.
|
| |
|
|
|
|
|
|
|
|
|
| |
* bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test
This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit
builders) to fail as expected. Technically this isn't a malloc error,
but rather failing because the allocation requested is larger than
32-bits, but raising a MemoryError still seems appropriate
* what you want an endif too?
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add support for encoding compressed points
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* shake128/256 support
* remove block_size
* doc an exception
* change how we detect XOF by adding _xof attribute
* interface!
* review feedback
|
| |
|
|
| |
we already did all the conditional binding, but forgot to actually
expose it.
|
| |
|
|
|
|
| |
* consistently linky RFC in the docs
* oops
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed #4700 -- linkify method in changelog
* fixed linkification
* oxford comma
* line length
|
| | |
|
| |
|
|
|
|
| |
* changelog for byteslike
* bertter prose
|
| | |
|
| |
|
|
|
|
|
|
| |
* byteslike concatkdf
* byteslike scrypt
* byteslike x963kdf
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* support byteslike in HKDF
* support byteslike in PBKDF2HMAC
* add missing docs
|
| |
|
| |
yuck.
|
| |
|
|
|
|
|
|
|
|
|
| |
* x448 and x25519 should enforce key lengths in from_private_bytes
they should also check if the algorithm is supported like the public
bytes class methods do
* oops
* move the checks
|
| |
|
| |
needed for some KDF keying material
|
| |
|
| |
This is needed to handle keying material in some of the KDFs
|
| | |
|
| |
|
|
|
|
| |
* add support for byteslike password/data to load_{pem,der}_private_key
* pypy 5.4 can't do memoryview from_buffer
|
| |
|
|
| |
we don't care about exceeding a deadline in CI because our infra
has wild variability and this can just randomly happen.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add support for byteslike on password and data for pkcs12 loading
* use a contextmanager to yield a null terminated buffer we can zero
* review feedback
* updated text
* one last change
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
|
| | |
|
| |
|
|
|
| |
This adds the ability to retrieve the selected SRTP protection profile
after the DTLS handshake completes. This is needed to perform the
correct key derivation if multiple profiles were offered.
|
| |
|
|
|
|
| |
* add signature_hash_algorithm to OCSPResponse
* fix pointless asserts
|
