| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This makes it so we don't have to pin sphinx while we wait for
sphinxcontrib-spelling to properly handle smart quotes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
| |
|
|
|
|
| |
* Declare that 2.1 is the last version to support Python 2.6
* It's the Final Countdown!
|
| |
|
|
|
|
|
|
|
|
| |
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add freshest CRL support
* add tests
* add changelog
* add tests for FreshestCRL generation
|
| |
|
| |
This is an extension for CRLs
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
we'll re-enable mac builders when travis recovers and remove the jenkins
build
|
| | |
|
| |
|
|
|
|
| |
* add unique identifier test vector
* wrap a line I didn't even touch...
|
| |
|
| |
The wheel package is starting to drop support and download counts for them represent less than .02% of downloads for the month.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* implement __hash__ on KeyUsage and ExtendedKeyUsage
* properly use private values and alter test to catch that bug
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Implement __hash__ on AuthorityKeyIdentifier
* Adding dirname to fix build issue on AuthorityKeyIdentifier test
* .authority_cert_issuer to str
* use a tuple and not a str repr
|
| | |
|
| | |
|
| |
|
|
| |
We support directly passing bytes now and these code paths are
duplicated in the deprecated value attributes.
|
| |
|
|
|
| |
strings of the form "scheme:///anything" would incorrectly have two
slashes dropped. This is fixed in two code paths in this PR but one of
those code paths will be entirely removed in a followup PR.
|
| |
|
| |
Needed to implement __hash__ on AuthorityKeyIdentifier
|
| |
|
|
|
|
| |
* we pinned coverage for xml generation...let's try everywhere
* add so many comments
|
| |
|
|
| |
We need to add one small test to cover a case that is no longer covered
with this switch.
|
| |
|
|
|
|
|
|
|
| |
* add a faq note about having a compiler that is too old
Also add a bit of text explaining what to do on OpenBSD 6.1 and earlier
since that is the most likely place this will occur.
* I always forget it spell checks titles
|
| |
|
|
|
|
|
|
| |
* refactor AES keywrap into a wrap core and unwrap core
This refactor makes adding AES keywrap with padding much simpler.
* remove an unneeded arg
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for the TLSFeature extension in x509
This extension is used for OCSP Must-Staple.
* fix changelog link
* pep8
* refactor to support the sequence properly and add status_request_v2
* update some language
* add test vector, implement eq/ne/hash on TLSFeature
* address review comments
|
| |
|
|
|
|
|
|
|
|
| |
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* oaep label vector
* add count so we can use the nist vector loader
* add RSA key from the boring vectors as well
https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt#8
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* move x509 tests into a module
This is just to make grouping things like test_ocsp, etc a bit simpler
in the future
* fix path
* pep8
|
| |
|
|
|
|
| |
* add OCSP binding for obtaining information from CertID structure
* empty commit
|
| |
|
|
|
|
| |
* send a few more variables to distinguish our jobs in codecov
* put the labels in the right places
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added binding support for rfc 5705
* WIP: testing some cffi updates
* added openssl version check
* updated cffi defs to align with pep8
* removed superfluous version checks
* remove more unecessary boilerplate
|
