aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* fix coverage by adding two artificial DSA public keys (#4984)Paul Kehrer2019-09-064-0/+37
| | | | | | | | | | * fix coverage by adding two artificial DSA public keys One key removes the optional parameters from the structure to cover a branch conditional, and the other key has its BITSTRING padding value set to a non-zero value. * lexicographic? never heard of it
* Improve documentation for ECDSA sign and verify (#4970)Harry Stern2019-08-161-6/+17
| | | | - Note that signatures are DER-encoded - Note that signatures can be encoded from r,s using util function
* Add SSL_get0_verified_chain to cffi lib (#4965)arjenzorgdoc2019-08-142-0/+16
| | | | | | | | * Add SSL_get0_verified_chain to cffi lib OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert. * Work around no support for #if in cdef in old cffi
* Fixes #4956 -- added a changelog entry for the removal of the asn1crypto dep ↵Alex Gaynor2019-07-281-0/+1
| | | | (#4959)
* Make DER reader into a context manager (#4957)Alex Gaynor2019-07-285-54/+65
| | | | | | | | * Make DER reader into a context manager * Added another test case * flake8
* Run pep8 tests first in travis (#4958)Alex Gaynor2019-07-281-2/+2
|
* Remove asn1crypto dependency (#4941)David Benjamin2019-07-2810-64/+509
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove non-test dependencies on asn1crypto. cryptography.io actually contains two OpenSSL bindings right now, the expected cffi one, and an optional one hidden in asn1crypto. asn1crypto contains a lot of things that cryptography.io doesn't use, including a BER parser and a hand-rolled and not constant-time EC implementation. Instead, check in a much small DER-only parser in cryptography/hazmat. A quick benchmark suggests this parser is also faster than asn1crypto: from __future__ import absolute_import, division, print_function import timeit print(timeit.timeit( "decode_dss_signature(sig)", setup=r""" from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08" """, number=10000)) Python 2.7: asn1crypto: 0.25 _der.py: 0.098 Python 3.5: asn1crypto: 0.17 _der.py: 0.10 * Remove test dependencies on asn1crypto. The remaining use of asn1crypto was some sanity-checking of Certificates. Add a minimal X.509 parser to extract the relevant fields. * Add a read_single_element helper function. The outermost read is a little tedious. * Address flake8 warnings * Fix test for long-form vs short-form lengths. Testing a zero length trips both this check and the non-minimal long form check. Use a one-byte length to cover the missing branch. * Remove support for negative integers. These never come up in valid signatures. Note, however, this does change public API. * Update src/cryptography/hazmat/primitives/asymmetric/utils.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Review comments * Avoid hardcoding the serialization of NULL in decode_asn1.py too.
* fix osrandom/builtin switching methods for 1.1.0+ (#4955)Paul Kehrer2019-07-272-7/+9
| | | | | | | | | | * fix osrandom/builtin switching methods for 1.1.0+ In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin random engine via activate_builtin_random(). Fixed by directly calling RAND_set_rand_method. This works on 1.0.x and 1.1.x * missed an assert
* some test improvements (#4954)Paul Kehrer2019-07-271-1/+25
| | | | detect md5 and don't generate short RSA keys these changes will help if we actually try to run FIPS enabled
* add x509 CSR with challenge password (#4942)Paul Kehrer2019-07-092-0/+18
|
* add bindings to parse and create challenge passwords in X509 CSRs (#4943)Paul Kehrer2019-07-092-1/+11
| | | | | | * add bindings to parse and create challenge passwords in X509 CSRs * moved away from the 1.1.0 section
* add class methods for poly1305 sign verify operations (#4932)Jeff Yang2019-07-084-0/+91
|
* Fix some backend feature checks in tests (#4931)David Benjamin2019-07-088-20/+10
| | | | | | | | | | | | | | | * Remove irrelevant DHBackend test conditions DHBackend provides functions for plain finite-field Diffie-Hellman. X25519 and X448 are their own algorithms, and Ed25519 and Ed448 aren't even Diffie-Hellman primitives. * Add missing backend support checks. Some new AES and EC tests did not check for whether the corresponding mode or curve was supported by the backend. * Add a DummyMode for coverage
* Write a test for an uncovered line (#4940)Alex Gaynor2019-07-061-0/+24
|
* prevaricate more about anyextendedkeyusage (#4939)Paul Kehrer2019-07-061-1/+6
|
* ed25519 support in x509 certificate builder (#4937)Paul Kehrer2019-07-066-14/+168
| | | | | | | | | | * ed25519 support in x509 certificate builder This adds minimal ed25519 support. More to come. * Apply suggestions from code review Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* fix inaccurate ed25519 vector docs (#4938)Paul Kehrer2019-07-061-1/+1
|
* more ed25519 vectors, better description of RFC 8410 vector (#4936)Paul Kehrer2019-07-064-2/+33
| | | | | | | | * more ed25519 vectors, better description of RFC 8410 vector * typo * oops, doc'd wrong
* add ed25519ph x509 test vector (#4933)Paul Kehrer2019-07-032-0/+11
|
* we do not use getrandom in nonblocking mode any more (#4934)Paul Kehrer2019-07-031-1/+1
|
* Alpine linux now contains python 3.7 (#4929)Alex Gaynor2019-06-221-2/+2
|
* Make the rst headers in limitations.rst consistent (#4926)Alex Gaynor2019-06-161-2/+2
|
* Fixes #4731 -- update the secure memory wiping docs (#4925)Alex Gaynor2019-06-152-7/+13
| | | | | | * Fixes #4731 -- update the secure memory wiping docs * It's a word!
* Refs #4923; deprecate OpenSSL 1.0.1 (#4924)Alex Gaynor2019-06-153-3/+5
| | | | | | * Refs #4923; deprecate OpenSSL 1.0.1 * changelog
* Switch to new notBefore/After APIs (#4914)Rosen Penev2019-06-073-4/+13
| | | Introduced in OpenSSL 1.1. Added compatibility for older versions.
* Only EVP_CTRL_AEAD_SET_TAG in _aead_setup for CCM mode (#4916)Christian Heimes2019-06-051-1/+2
|
* fixed broken random order (#4913)Alex Gaynor2019-06-031-1/+1
| | | | | | * fixed broken random order * Err, fix
* Simplify how we define random order tests in tox (#4912)Alex Gaynor2019-06-022-10/+4
|
* Manylinux2010 wheel (#4910)Paul Kehrer2019-06-025-18/+43
| | | | | | | | | | | | * add manylinux2010 wheel builder * various updates * empty commit * need to pass a plat tag * hacks need hacks
* Use the official pytest random order plugin (#4911)Alex Gaynor2019-06-021-2/+2
|
* hack workaround so wheel builder works (#4905)Paul Kehrer2019-05-301-3/+9
| | | | | | * remove don't use pep517 flags now that we have an explicit backend * lol
* reopen master for 2.8 (#4906)Paul Kehrer2019-05-303-2/+11
| | | | | | | | * reopen master for 2.8 also add the missing changelog * sigh, empty commit to trigger azure pipelines
* bump for 2.7 release (#4903)Paul Kehrer2019-05-303-6/+4
|
* brew update (#4904)Alex Gaynor2019-05-301-0/+3
|
* update to latest openssl on travis builders where appropriate (#4900)Paul Kehrer2019-05-281-7/+7
|
* Added a new packaging test (#4899)Alex Gaynor2019-05-273-2/+18
| | | | | | | | | | | | * Added a new packaging test * Fixed packaging job * typo * more fixes * one more
* update docs with latest info & remove the last ci.cryptography.io stuff (#4898)Paul Kehrer2019-05-262-7/+8
|
* Remove the final vestigates of Jenkins (#4897)Alex Gaynor2019-05-269-417/+5
| | | | | | * Remove the final vestigates of Jenkins * flake8
* Add windows to azure wheel builder (#4881)Alex Gaynor2019-05-261-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add windows to azure wheel builder * whoops syntax fix * syntax fix * Added missing container image * Drop the virtualenv * Quotes * Update wheel-builder.yml * Update wheel-builder.yml * Update wheel-builder.yml * Update wheel-builder.yml * Windows. * Update wheel-builder.yml * Update wheel-builder.yml * Update wheel-builder.yml * Update wheel-builder.yml * Update wheel-builder.yml * Added 3.4,3.6,3.7 windows wheels * fix * Update wheel-builder.yml * py35 wheel builder
* Added Windows tests for 3.4-3.7 (#4895)Alex Gaynor2019-05-251-0/+48
| | | | | | | | | | * Added Windows tests for 3.5-3.7 * Ooops, fix image * Fixes * Added Python 3.5
* set the path so codecov can find coverage on windows (#4896)Paul Kehrer2019-05-251-1/+1
| | | | | | * set the path so codecov can find coverage on windows * don't clobber the existing path
* Strip out unused paths for Jenkinsfile (#4894)Alex Gaynor2019-05-251-120/+52
| | | This includes removing the docs-upload builder. I was the only one using it, and it will be hard to port to Azure.
* Delete Jenkinsfile-Update-Homebrew-OpenSSL (#4893)Alex Gaynor2019-05-251-33/+0
|
* Update release.py to use azure for wheel building (#4878)Alex Gaynor2019-05-253-139/+90
| | | | | | | | | | | | * Initial stab at this script * Convert to the old style artifact publish * Update script based on some testing * Remove this * Adapt release.py to combine azure and jenkins wheels
* we don't have these mac builders any more (#4892)Paul Kehrer2019-05-252-15/+1
| | | | | | | | | | * we don't have these mac builders any more let's see if we get coverage from azure like we should! * remove a branch we can't cover in tests * remove unused import
* Small style cleanup (#4891)Alex Gaynor2019-05-191-1/+1
|
* add name for ExtensionOID.PRECERT_POISON (#4853)redshiftzero2019-05-192-1/+9
| | | | | | | | * test: ensure all public members of ExtensionOID have names defined * add name for ExtensionOID.PRECERT_POISON ref: https://github.com/google/certificate-transparency/blob/5fce65cb60cfe7808afc98de23c7dd5ddbfa1509/python/ct/crypto/asn1/oid.py#L338
* fix aia encoding memory leak (#4889)Paul Kehrer2019-05-182-12/+75
| | | | | | * fix aia encoding memory leak * don't return anything from the prealloc func
* use a random key for these tests (#4887)Paul Kehrer2019-05-181-1/+1
| | | | | | Using an all 0 key causes failures in OpenSSL master (and Fedora has cherry-picked the commit that causes it). The change requires that the key/tweak for XTS mode not be the same value, so let's just use a random key.
* Fix typo in docs hazmat Ed448 (#4886)Stephen.Y2019-05-101-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-01 21:18:18 +0000