aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove unused constant binding from ecdh.py (#4774)Alex Gaynor2019-02-261-3/+0
|
* Remove unused constant from ec.py bindings (#4773)Alex Gaynor2019-02-261-3/+0
|
* Remove unused bindings from aes.py (#4772)Alex Gaynor2019-02-261-7/+1
|
* Removed unused constant from bindings (#4771)Alex Gaynor2019-02-261-2/+0
|
* Polish off removal of unused engine bindings (#4769)Alex Gaynor2019-02-252-15/+0
|
* reduce our engine bindings even more (#4768)Paul Kehrer2019-02-256-110/+47
|
* support NO_ENGINE (#4763)Paul Kehrer2019-02-2511-18/+155
| | | | | | | | * support OPENSSL_NO_ENGINE * support some new openssl config args * sigh
* Remove a bunch of unused engine bindings (#4766)Alex Gaynor2019-02-251-61/+0
|
* why did we have these variables (#4764)Paul Kehrer2019-02-243-10/+8
|
* add an EC OID to curve dictionary mapping (#4759)Paul Kehrer2019-02-204-1/+57
| | | | | | | | | | * add an EC OID to curve dictionary mapping * oid_to_curve function * changelog and docs fix * rename to get_curve_for_oid
* encode the package version in the shared object (#4756)Paul Kehrer2019-02-203-1/+42
| | | | | | | | | | * encode the package version in the shared object * review feedback * move into build_ffi so the symbol is in all shared objects * review feedback
* add ed25519 PKCS8 and subjectPublicKeyInfo vectors (#4719)Paul Kehrer2019-02-207-0/+19
| | | | | | * add ed25519 PKCS8 and subjectPublicKeyInfo vectors * line length fix
* add ed448 PKCS8 and subjectPublicKeyInfo vectors (#4718)Paul Kehrer2019-02-207-0/+21
|
* full state or province name (#4758)itinerarium2019-02-201-2/+2
| | | | | | | CA -> California 6.3.5 of ITU-T X.520 (10/2016) provides a spelled out sample state. In other contexts, hints generally suggest the "full name" of a state or province. A spelled out state in the sample code might be more consistent with general usage.
* Simplify string formatting (#4757)Alex Gaynor2019-02-2032-89/+89
|
* update the thread link (#4748)Paul Kehrer2019-02-031-10/+9
| | | | | | | | * update the thread link linkcheck doing its job! * update our locking information
* concede to digicert's garbage CDN (#4747)Paul Kehrer2019-02-031-1/+1
| | | Which, despite supporting HTTPS, is non-deterministically providing 404s and DigiCert has asserted that http is the only "supported" protocol.
* Also suggest cryptopals to learn crypo (#4745)Alex Gaynor2019-02-031-1/+3
|
* Rename [wheel] section to [bdist_wheel] as the former is legacy (#4743)Jon Dufresne2019-02-031-1/+1
| | | | | | | For additional details, see: https://github.com/pypa/wheel/blob/3dc261abc98a5e43bc7fcf5783d080aaf8f9f0cf/wheel/bdist_wheel.py#L127-L133 http://pythonwheels.com/
* Fixes for the latest pep8-naming (#4744)Alex Gaynor2019-02-0212-60/+60
|
* Run wycheproof RSA tests on LibreSSL>=2.8 (#4737)Alex Gaynor2019-01-242-7/+16
| | | | | | | | * Run wycheproof RSA tests on LibreSSL>=2.8 * Define it this way * These are errors on libressl
* Fixes #4734 -- Deal with deprecated things (#4736)Alex Gaynor2019-01-2310-79/+26
| | | | | | | | | | * Fixes #4734 -- Deal with deprecated things - Make year based aliases of PersistentlyDeprecated so we can easily assess age - Removed encode/decode rfc6979 signature - Removed Certificate.serial * Unused import
* Use O_CLOEXEC when it's available (#4733)Alex Gaynor2019-01-231-10/+16
| | | | | | | | * Use O_CLOEXEC when it's available * Don't have two vars with the same name * A normal person would be emberassed
* pypy 5.4+ (#4732)Paul Kehrer2019-01-221-1/+1
|
* reopen master for 2.6 work (#4730)Paul Kehrer2019-01-223-2/+10
|
* changelog and version bump for 2.5 (#4729)Paul Kehrer2019-01-223-6/+6
|
* allow asn1 times of 1950-01-01 and later. (#4728)Paul Kehrer2019-01-225-28/+57
| | | | | | | | * allow asn1 times of 1950-01-01 and later. * add a test * pretty up the test
* allow 32-bit platforms to encode certs with dates > unix epoch (#4727)Paul Kehrer2019-01-212-23/+19
| | | | | | | | | | | | | | | | | Previously we used unix timestamps, but now we are switching to using ASN1_TIME_set_string and automatically formatting the string based on the year. The rule is as follows: Per RFC 5280 (section 4.1.2.5.), the valid input time strings should be encoded with the following rules: 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ Notably, Dates < 1950 are not valid UTCTime. At the moment we still reject dates < Jan 1, 1970 in all cases but a followup PR can fix that.
* bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test (#4726)Paul Kehrer2019-01-213-0/+22
| | | | | | | | | | | * bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit builders) to fail as expected. Technically this isn't a malloc error, but rather failing because the allocation requested is larger than 32-bits, but raising a MemoryError still seems appropriate * what you want an endif too?
* Updated link to PKCS#3 -- fixes #4671 (#4722)Alex Gaynor2019-01-211-1/+1
|
* update jenkinsfile to compile openssl 1.1.1 on windows (#4725)Paul Kehrer2019-01-211-1/+1
|
* See if urllib3 tests pass on xenial nowadays (#4724)Alex Gaynor2019-01-211-3/+0
|
* Apparently NIST crypto resources are essential to life and property (#4721)Alex Gaynor2019-01-201-2/+0
|
* deprecate encode_point and migrate all internal callers (#4720)Paul Kehrer2019-01-206-4/+28
|
* add support for encoding compressed points (#4638)Paul Kehrer2019-01-2010-33/+207
| | | | | | * add support for encoding compressed points * review feedback
* shake128/256 support (#4611)Paul Kehrer2019-01-198-8/+192
| | | | | | | | | | | | | | * shake128/256 support * remove block_size * doc an exception * change how we detect XOF by adding _xof attribute * interface! * review feedback
* expose the ed448 nid (#4717)Paul Kehrer2019-01-191-0/+1
| | | | we already did all the conditional binding, but forgot to actually expose it.
* consistently linky RFC in the docs (#4716)Alex Gaynor2019-01-184-9/+8
| | | | | | * consistently linky RFC in the docs * oops
* Fixed #4700 -- linkify method in changelog (#4715)Alex Gaynor2019-01-181-4/+6
| | | | | | | | | | * Fixed #4700 -- linkify method in changelog * fixed linkification * oxford comma * line length
* Bump this way up and see if it helps (#4713)Alex Gaynor2019-01-171-1/+1
|
* changelog for byteslike (#4712)Paul Kehrer2019-01-171-0/+3
| | | | | | * changelog for byteslike * bertter prose
* support byteslike in KBKDFHMAC (#4711)Paul Kehrer2019-01-173-2/+11
|
* support byteslike in ConcatKDF{HMAC,Hash}, Scrypt, and X963KDF (#4709)Paul Kehrer2019-01-178-7/+70
| | | | | | | | * byteslike concatkdf * byteslike scrypt * byteslike x963kdf
* support byteslike for OTP (#4710)Paul Kehrer2019-01-173-6/+19
|
* normalize KBKDF tests (#4708)Paul Kehrer2019-01-171-38/+37
|
* Support byteslike in HKDF and PBKDF2HMAC (#4707)Paul Kehrer2019-01-176-6/+42
| | | | | | | | * support byteslike in HKDF * support byteslike in PBKDF2HMAC * add missing docs
* support bytes-like for X25519PrivateKey.from_private_bytes (#4698)Paul Kehrer2019-01-172-6/+40
| | | yuck.
* x448 and x25519 should enforce key lengths in backend (#4703)Paul Kehrer2019-01-175-4/+42
| | | | | | | | | | | * x448 and x25519 should enforce key lengths in from_private_bytes they should also check if the algorithm is supported like the public bytes class methods do * oops * move the checks
* support byteslike in hmac update (#4705)Paul Kehrer2019-01-174-4/+6
| | | needed for some KDF keying material
* support byteslike in hash updates (#4702)Paul Kehrer2019-01-163-2/+17
| | | This is needed to handle keying material in some of the KDFs