| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
|
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
|
|
| |
This avoids reaching into the ASN1_ITEM mess if not necessary.
|
|
|
|
|
|
| |
* temporarily pin cffi to avoid bug related to virtualenv
* right, don't duplicate the name
|
|
|
|
|
|
|
|
| |
* Fixes #4076 - simplify the implementation of int_from_bytes on python2
* whitespace
* Added a test
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
|
|
|
|
|
|
|
| |
* add 1200 byte HKDF test vector and a generator/verifier for it
* exit non-zero when failing
* ugh
|
|
|
| |
I don't think it's relevant anymore
|
|
|
|
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
* Use BN_clear_free in lieu of BN_free
* Use BN_free on public values
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
|
|
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
|
|
|
|
|
| |
* DH interfaces existed in 0.9 but we didn't implement until 1.7
* sigh empty
|
| |
|
| |
|
|
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| |
|
|
|
|
|
|
| |
* Add import default backend
* Revert blank line in
|
| |
|
| |
|
|
|
|
|
| |
Both because it's weirdo crypto, but also because we don't even support it.
Adhere to our documented policy of using good crypto for all examples
|
|
|
|
|
|
| |
* Fixed 120 warnings from the RSA tests
* typo
|
| |
|
| |
|
|
|
|
|
|
| |
* In RSA test vectors, use verify() to avoid warnings
* whoops
|
| |
|
| |
|
|
|
|
|
|
| |
This bug looks bad but ends up being benign because HMAC is specified to
pad null bytes if a key is too short. So we passed too few bytes and
then OpenSSL obligingly padded it out to the correct length. However, we
should still do the right thing obviously.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix ASN1 string type encoding for several Name OIDs
When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.
Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.
This PR also adds tests for the ASN1 string type of ever supported
NameOID.
* review feedback
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
|
|
|
|
|
| |
* nit in LICENSE, itself doesn't make sense here
* more cleanup
|
| |
|
| |
|
| |
|
|
|
|
| |
(#4002)
|
| |
|
| |
|
|
|
|
|
|
| |
* clearly error out on older setuptools
* use the right thing
|
| |
|
|
|
|
|
|
| |
* Fixes #3947 -- remove the docutils.conf
* include minimum versions
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add rotate method
* add some more tests for the failure modes
* start adding some documentation for the rotate method
* operate on a single token at a time, leave lists to the caller
* add versionadded
add versionadded, drop rotate from class doctest
* give rotate a doctest
* single level, not aligned
* add changelog for mf.rotate
* show that, once rotated, the old fernet instance can no longer decrypt the token
* add the instead of just the how
* update docs to reflect removal of ttl from rotate
* update tests
* refactor internal methods so that we can extract the timestamp
* implement rotate
* update wordlist (case sensitive?)
* lints
* consistent naming
* get_token_data/get_unverified_token_data -> better name
* doc changes
* use the static method, do not treat as imethod
* move up to MultiFernet docs
* add to authors
* alter wording
* monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second
* set the time after encryption to make sure that the time is preserved as part of re-encryption
|