aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Raise padding block_size limit to what is allowed by the specs. (#3108)Terry Chia2016-11-155-20/+38
| | | | | | | | | | | | | | | | | | | | * Raize padding block_size limit to what is allowed by the specs. * Add tests for raising padding limits. * Amend C code for padding check to use uint16_t instead of uint8_t. * Fix test to work in Python 3. * Fix typo. * Fix another typo. * Fix return type of the padding checks. * Change hypothesis test on padding. * Update comment.
* workaround for application bundling tools (#3235)Paul Kehrer2016-11-143-1/+50
| | | | | | | | | | | | | | | | | | | | | | | | * cx_freeze support for default_backend * updated tabing to spaces * corrected spacing * moved finding backend to backends __init__ * update to check to see if sys is frozen * corrected pep8 issues * update based on comments * changes to simplify, support testing, and improve comments * add changelog entry * right, coverage. I remember now. Time for some contortions. * updated with review feedback
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-139-0/+65
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* C locking callback (#3226)Alex Gaynor2016-11-135-95/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove Python OpenSSL locking callback and replace it with one in C The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding. * fixes for some issues * unused * revert these changes * these two for good measure * missing param * sigh, syntax * delete tests that assumed an ability to mess with locks * style fixes * licensing stuff * utf8 * Unicode. Huh. What it isn't good for, absolutely nothing.
* Fix the docs-linkcheck tox target (#3239)Paul Kehrer2016-11-131-0/+1
|
* Turns out we shouldn't call it uniqueIdentifier (#3234)Paul Kehrer2016-11-122-3/+3
| | | http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
* add some new oids (#3233)Paul Kehrer2016-11-112-0/+16
| | | | | | * add some new oids * As Alex pointed out, it's streetAddress
* update CHANGELOG.rst & AUTHORS.rst (#3231)Ofek Lev2016-11-112-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * try ec.SECT283K1 * try ec.SECT571K1 * try ec.SECT409K1 * try ec.SECT283K1 * try ec.SECT233K1 * try ec.SECT163K1 * try ec.SECT571R1 * try ec.SECT409R1 * try ec.SECT283R1 * try ec.SECT233R1 * try ec.SECT163R2 * try ec.SECP521R1 * try ec.SECP256R1 * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period * update CHANGELOG.rst & AUTHORS.rst for https://github.com/pyca/cryptography/pull/3225 * added reST prefix * reduce line length
* add alternate signature OID for RSA with SHA1 + test and vector (#3227)Paul Kehrer2016-11-115-0/+32
| | | | | | * add alternate signature OID for RSA with SHA1 + test and vector * mozilla is a proper noun leave me alone spellchecker
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-118-0/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-119-49/+144
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Bump OpenSSL version on Travis (#3230)Alex Gaynor2016-11-111-2/+2
|
* Include the CVE (#3228)Alex Gaynor2016-11-101-1/+1
|
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-079-22/+187
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* Last pass over fixing the links (#3224)Alex Gaynor2016-11-067-8/+7
|
* Update the commoncrypto links (#3223)Alex Gaynor2016-11-062-2/+2
|
* Add myself to AUTHORS.rst (#3222)Thomas Sileo2016-11-061-0/+1
|
* Export missing OpenSSL `X509_VERIFY_PARAM_free` (#3221)Thomas Sileo2016-11-061-0/+1
| | | | | | * Export missing OpenSSL `X509_VERIFY_PARAM_free` * Remove un-needed export in conditional names
* Use the canonical host for two urls on the OpenSSL website (#3219)Alex Gaynor2016-11-062-2/+2
|
* Forward port the 1.5.3 changelog (#3218)Alex Gaynor2016-11-061-0/+7
|
* tox 2.4 has new syntax for specifying extras (#3212)Chris Wolfe2016-11-062-8/+9
| | | | | | * tox 2.4 allows has new extras syntax * specify minimum version for tox in dev-requirements.txt
* Fixes #3211 -- fixed hkdf's output with short length (#3215)Alex Gaynor2016-11-062-1/+12
|
* encrypt our IRC channel to prevent forks from notifying. (#3193)Paul Kehrer2016-10-101-3/+6
| | | Also remove the webhook for the buildtrends, which we don't use.
* Fix compilation with MinGW (#3191)Saúl Ibarra Corretgé2016-10-101-2/+5
|
* Link to our implementation of scrypt, now that we have it (#3189)Alex Gaynor2016-10-071-2/+2
|
* Update installation.rst (#3188)Matt Thomas2016-10-031-1/+1
| | | Update openssl https URL, otherwise a 302 result screws up the curl/tar steps and confusion ensues.
* support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)Paul Kehrer2016-10-013-10/+49
| | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage
* reduce a bit of duplication in x509 tests (#3183)Paul Kehrer2016-09-291-55/+29
|
* Bump OpenSSL on travis. Don't run tests against a release with a critical ↵Alex Gaynor2016-09-261-2/+2
| | | | vulnerability (#3177)
* cherry pick the changelog for 1.5.2 (#3176)Alex Gaynor2016-09-261-0/+4
|
* Simplify OpenSSL bits in travis (#3172)Alex Gaynor2016-09-263-25/+12
| | | | | | | | * Simplify OpenSSL bits in travis * more simplify * missed one
* upgrade our pypy5 to the latest version in CI (#3171)Paul Kehrer2016-09-261-2/+2
|
* test against 1.1.0a instead of 1.1.0 (#3170)Paul Kehrer2016-09-263-4/+4
| | | | | | * test against 1.1.0a instead of 1.1.0 * change the dir to foil travis caching
* EC samples for verifying a singature, + serialization (#3076)Alex Railean2016-09-252-0/+80
| | | | | | | | | | | | | | | | | | | | | | | | * first draft of verification and serialization * tweaks in the RST syntax * added example of deserialization * taking into account the returned value, so that doctests pass * adjusted rst syntax and indentation for code samples * removed print call * forgot to actually call splitlines * added missing argument when loading private key * added Deserialization to dictionary * made lines shorter to meet style requirements * applied requested changes in style
* Travis mac updates (#3169)Paul Kehrer2016-09-242-11/+17
| | | | | | | | | | | | * update our travis configs to run against 10.10, 10.11, 10.12 Drops 10.9 from Travis. The xcode8 image is also currently not 10.12, but is planned to become that soon see: https://blog.travis-ci.com/2016-09-15-new-default-osx-image-coming/ * add output of sw_vers for mac builders on travis * reorder
* port 1.5.1 changelog to master (#3166)Paul Kehrer2016-09-221-0/+11
|
* Resolved some more CFFI warnings; these are also unsigned (#3163)Alex Gaynor2016-09-221-2/+2
|
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set (#3162)Paul Kehrer2016-09-223-2/+9
| | | | | | | | | | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set * add a comment explaining why we changed this * 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i * needs to be visible
* fix warnings in cffi 1.8.3 due to wrong buffer types (#3155)Paul Kehrer2016-09-215-6/+6
|
* re-add setuptools resolve vs load workaround (#3150)Paul Kehrer2016-09-141-1/+7
| | | | | | * re-add setuptools resolve vs load workaround * add deprecatedin tag so we can find this easier
* Fixed #3141 -- link some install docs in the readme (#3146)Alex Gaynor2016-09-121-0/+9
|
* Update Python 3s & limit pyenv history cloned (#3145)Hynek Schlawack2016-09-121-5/+5
|
* Fixed #3143 -- added the mandatory serial number parameter (#3144)Alex Gaynor2016-09-091-0/+2
|
* Fix typo in `symmetric-encryption.rst` (#3138)Alex Chan2016-09-041-1/+1
|
* fix memory leak reported in #3134 (#3135)Paul Kehrer2016-09-041-0/+4
|
* Clarified Windows development installation and docd upstream enchant bug (#3128)Nick Badger2016-09-032-6/+17
| | | | | | | | * Clarified Windows development installation and doc'd upstream enchant bug * Fixed whitespace problems * Fixed merge resolution mistake
* make this test assert the right thing. (#3133)Alex Gaynor2016-09-031-1/+2
| | | right now it just always skips
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-035-8/+47
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
* Add bounds checking for Scrypt parameters. (#3130)Terry Chia2016-09-023-0/+30
| | | | | | | | | | * Add bounds checking for Scrypt parameters. * Pep8. * More PEP8. * Change wording.
* fix inconsistency in utilization of block_size in openssl cipher impl (#3131)Paul Kehrer2016-09-021-7/+6
| | | | | | | | | * fix inconsistency in utilization of block_size in openssl cipher impl Previously we over-allocated our buffers because we treated a bit size as bytes. * rename property
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-10 22:48:08 +0000