| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
* OCSP response vector
* oops, wrong name
* move ocsp response vector docs
* make alex happy
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix encoding errors in RSA test keys.
enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:
The object identifier rsaEncryption identifies RSA public and private
keys as defined in Appendices A.1.1 and A.1.2. The parameters field
has associated with this OID in a value of type AlgorithmIdentifier
SHALL have a value of type NULL.
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.
Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.
I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.
* Update test-vectors.rst.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Document wycheproof revision we're current as of
* Wycheproof is a real word!
* line length
|
| | |
|
| |
|
|
| |
http://blog.pytest.org/2016/whats-new-in-pytest-30/
https://twitter.com/hashtag/dropthedot
|
| |
|
| |
These can be used when OpenSSL 1.1.1 is released
|
| |
|
|
|
|
|
|
| |
* Update URLs for new pypi!
* trailing slash
* grump
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Added badtime.pem vector
In connection with forthcoming PR to fix #4158
* shortened line, corrected and->and
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add 1200 byte HKDF test vector and a generator/verifier for it
* exit non-zero when failing
* ugh
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* expunge python 2.6
* how did THAT happen
* remove another unsupported python from the tox envlist
* hypothesis can now be unconditionally imported
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add unique identifier test vector
* wrap a line I didn't even touch...
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* oaep label vector
* add count so we can use the nist vector loader
* add RSA key from the boring vectors as well
https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt#8
|
| | |
|
| |
|
|
|
|
| |
* add test vector with invalid basicconstraints
* sigh
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
really use (#3763)
* Attempt to use coverage to quantify how many of the CONDITIONAL_NAMES we really use
* rewrite file to improve coverage
* Write it this way so we can use line coverage
* lost this one :-(
* fix comment and flake8
* update the docs as well
* flake8
|
| | |
|
| |
|
|
|
|
|
|
| |
* No more FUNCS/MACROS distinction
* change the docs to not talk about MACROS since they're gone
* remove out of date comment
|
| |
|
|
|
| |
http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmtestvectors.zip
No TLS :(
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add ChaCha20Poly1305 test vectors from OpenSSL/RFC7539
* add the boringssl tests as well
* highlight the lines
|
| |
|
|
|
|
|
|
|
| |
The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs). If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.
|
| |
|
|
|
| |
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS will now suppress link flags regardless
of platform. Additionally, CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL is
now the flag you need if you want to link against < 1.1.0 on windows.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Refs #3461 -- added a test vector with SCTs
* timestamp is a word
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| | |
|
| | |
|
| | |
|
