aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat
Commit message (Collapse)AuthorAgeFilesLines
...
* error if the key length for x25519 isn't 32 bytes (#4584)Paul Kehrer2018-11-121-0/+4
| | | | | | * error if the key length for x25519 isn't 32 bytes * also test 33
* add SHA512/224 and SHA512/256 support (#4575)Paul Kehrer2018-11-121-0/+14
| | | | | | * add SHA512/224 and SHA512/256 support * add missing docs
* add bindings for early data (#4582)Paul Kehrer2018-11-121-0/+4
| | | | | | * add bindings for early data * remove final var name
* add a little bit of x25519 interface docs we missed (#4574)Paul Kehrer2018-11-121-3/+9
|
* x448 bindings (#4577)Paul Kehrer2018-11-121-0/+8
|
* add EVP raw key bindings (#4578)Paul Kehrer2018-11-121-0/+10
|
* add a few more EC OIDs (#4572)Paul Kehrer2018-11-111-0/+13
| | | | | | * add a few more EC OIDs * spaces matter
* add various new TLS bindings (#4555)Paul Kehrer2018-11-031-0/+12
| | | | | | | | | | * add SSL_OP_NO_TLSv1_3 * compiling now * bind SSL_CTX_set_ciphersuites as well * add some more
* add EC OIDs (#4435)Paul Kehrer2018-10-301-0/+10
| | | | | | * add EC OIDs * move ec oid docs to bottom
* move ObjectIdentifier to break an upcoming import cycle (#4550)Paul Kehrer2018-10-301-0/+67
|
* Add eq/ne/hash to PrecertificateSignedCertificateTimestamps (#4534)Paul Kehrer2018-10-291-0/+20
| | | | | | | | | | | | | | * Add eq/ne/hash to PrecertificateSignedCertificateTimestamps This requires adding it to SignedCertificateTimestamps as well * slightly more consistent * right, these need to be conditional * compare by signature * don't use private API
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm (#4542)Paul Kehrer2018-10-294-47/+37
| | | | | | * create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm * remove unused import
* add SCT_get0_signature (#4540)Paul Kehrer2018-10-281-0/+1
|
* OCSP response builder (#4485)Paul Kehrer2018-10-282-1/+107
| | | | | | | | * ocsp response builder * better prose * review changes
* refactor _decode_dist_points (#4536)Paul Kehrer2018-10-281-64/+67
| | | | | | | | | | | * separate refactor _decode_dist_points We need to be able to parse reasons and distpoint for the CRL extension IssuingDistributionPoint * move comment, rename a variable * review feedback
* add _create_asn1_time (#4524)Paul Kehrer2018-10-241-12/+10
|
* refactor set_asn1_time to take a datetime (#4516)Paul Kehrer2018-10-231-14/+7
|
* next_update is not a required field on OCSP responses (#4513)Paul Kehrer2018-10-231-2/+4
|
* Add definitions that help with hostname checking (#4492)Kai Engert2018-10-101-0/+15
| | | | | | | | | | | | | | * Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS * remove unnecessary parameter name * Add version conditionals and more flags * extend cryptography_has_102_verification_params * X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+ * add missing declaration
* Use our cryptography-specific warning class (#4493)Alex Gaynor2018-10-101-1/+1
|
* OCSP response serialization (#4482)Paul Kehrer2018-10-061-0/+13
| | | | | | * support OCSP response serialization * empty commit, good times
* support extensions in the OCSP request builder (#4481)Paul Kehrer2018-10-062-1/+19
| | | | | | | | | | * support extensions in the OCSP request builder * cover a missed branch * refactor to use new func * review feedback
* Cleanup _encode_asn1_str_gc: don't require the length as an argument (#4484)Alex Gaynor2018-10-072-15/+11
| | | | | | * Cleanup _encode_asn1_str_gc: don't require the length as an argument * Apply the same cleanup to _encode_asn1_str
* add OCSP basic response extension parsing (#4479)Paul Kehrer2018-10-062-1/+17
| | | | | | | | | | * add OCSP basic response extension parsing Just nonce for now. This does not support SINGLERESP extension parsing. * also raises on extensions for non-successful * empty commit
* support OCSP response parsing (#4452)Paul Kehrer2018-10-012-4/+254
| | | | | | | | | | | | * support OCSP response parsing * move the decorator to make pep8 happy * add some missing docs * review feedback * more review feedback
* add ed25519 bindings (#4476)Paul Kehrer2018-09-261-0/+17
| | | | | | * add ed25519 bindings * var name
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-092-2/+23
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* refactor asn1_time_set to be useful in a future PR (#4465)Paul Kehrer2018-09-091-27/+27
|
* don't sort the serial numbers in a parsed CRL (#4457)Paul Kehrer2018-09-041-2/+12
| | | | | | | | | | | * don't sort the serial numbers in a parsed CRL OpenSSL sorts them in place and this breaks the signature and more. fixes #4456 * cache the sorted CRL (but create it lazily) * use the cache decorator
* small refactor of OCSP request parsing (#4447)Paul Kehrer2018-09-011-38/+54
| | | | This allows us to reuse these functions in the OCSPResponse object in the future
* Fixes #4333 -- added support for precert poison extension (#4442)Alex Gaynor2018-08-312-5/+22
| | | | | | | | | | | | | | * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell
* Simplify OCSP no check serialization (#4444)Alex Gaynor2018-08-311-5/+2
|
* refactor ocsp request parsing and generation to support only one cert (#4439)Paul Kehrer2018-08-312-50/+22
| | | | | | | | * refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror
* Fixes #3460 -- deprecate OpenSSL 1.0.1 (#4427)Alex Gaynor2018-08-311-0/+16
| | | | | | | | | | | | * Fixes #3460 -- deprecate OpenSSL 1.0.1 * We need to import warnings * flake8 * words are hard * rephrase
* Fixed two memory leaks in x509 csr extensions (#4434)Alex Gaynor2018-08-312-3/+16
| | | | | | | | | | | | * Fixed a memory leak in x.509 OCSP no check * Fix the _actual_ leak * Speed up symbolizations * Disable backtrace by default, because it doesn't work on Windows * line length
* make an ocsp request (#4402)Paul Kehrer2018-08-301-0/+16
| | | | | | | | | | | | | | | | * make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
* 1.1.0 locks (#4420)Paul Kehrer2018-08-292-1/+3
| | | | | | | | | | | | * Do conditional compiling of Cryptography_setup_ssl_threads * Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks Check if compiling and initing locking callbacks is necessary PEP8 fix * Make test_crypto_lock_init more complete
* add bindings for SCT creation (#4407)Paul Kehrer2018-08-201-0/+7
|
* OCSP request parsing (#4393)Paul Kehrer2018-08-152-0/+130
| | | | | | | | | | | | * add public_bytes to OCSPRequest * review feedback * OCSP request parsing * change some prose * add __len__ as a required method
* Refs #4375 -- integrate wycheproof AES CCM tests (#4379)Alex Gaynor2018-08-021-1/+1
| | | | | | * Refs #4375 -- integrate wycheproof AES CCM tests * Skip these tests if we don't have CCM support
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() in ↵Amaury Forgeot d'Arc2018-07-231-0/+11
| | | | | | | | | | | | | | | | PyPy (#4364) * Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1. * Add placeholders for other versions * Remove parameter names * LibreSSL 2.7 has the new functions * Add entries in _conditional.py * SSL_CIPHER_get_id returns int, not char*
* sign is a method (#4362)Paul Kehrer2018-07-201-1/+1
|
* also check iv length for GCM nonce in AEAD (#4350)Paul Kehrer2018-07-171-0/+2
| | | | | | * also check iv length for GCM nonce in AEAD * ugh
* raise ValueError on zero length GCM IV (#4348)Paul Kehrer2018-07-171-0/+2
|
* disallow implicit tag truncation with finalize_with_tag (#4342)Paul Kehrer2018-07-172-0/+6
|
* add crl.get_revoked_certificate method (#4331)Paul Kehrer2018-07-161-0/+19
| | | | | | | | * add crl.get_revoked_certificate method * lexicographic is the best ographic * rename
* Change the exception we raise in keywrap unwrapping on invalid length (#4337)Alex Gaynor2018-07-161-3/+3
| | | I believe this can reasonably be considered backwards compatible since other invalid inputs already lead to InvalidUnwrap, and clients shouldn't be distinguishing between these two conditions, and ValueError wasn't documented anyways.
* document one shot AEAD length restrictions (#4322)Paul Kehrer2018-07-141-0/+24
| | | | | | | | | | | | | | * document one shot AEAD length restrictions * write a test that won't consume infinity ram continue to raise OverflowError since that's what cffi did. * this applies to associated_data too * remove unneeded arg * review feedback on docs
* raise valueerror for null x25519 derived keys (#4332)Paul Kehrer2018-07-121-1/+5
| | | | | | | | | * raise valueerror for null x25519 derived keys OpenSSL errors when it hits this edge case and a null shared key is bad anyway so let's raise an error * empty commit
* we don't actually care about the errstack here, it's an invalid signature ↵Paul Kehrer2018-07-101-2/+1
| | | | | | | | | | | | | | (#4325) * we don't actually care about the errstack here, it's an invalid signature We previously had no cases where we could error without getting errors on the error stack, but wycheproof contains test cases that can error without adding anything to the stack. Accordingly, we should clear the stack but raise InvalidSignature no matter what (rather than InternalError if we have no error msgs) * add a test
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 05:12:00 +0000