| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Previously we encoded them as UTF-8, but as best I can tell in reality a
BMPString is fixed-width basic multilingual plane big endian encoding.
This is basically UCS-2 (aka original Unicode). However, Python doesn't
support UCS-2 encoding so we need to use utf_16_be. This means you can encode
surrogate code points that are invalid in the context of what a
BMPString is supposed to be, but in reality I strongly suspect the sane
encoding ship has sailed and dozens if not hundreds of implementations
both do this and expect other systems to handle their nonsense.
|
| |
|
| |
We have an existence proof that the latter assertion can be triggered, and I bet the former can too.
|
| |
|
| |
And not expose an unprefixed name to anyone who dlopens us.
|
| |
|
| |
but key_size is nonsense and we'll deprecate it next
|
| |
|
|
|
|
|
|
|
|
| |
* Perform an OPENSSL_cleanup before checking the heap in our memleak tests
* Make this binding conditional
* typo
* need to put this call before we reset the function ptrs
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add clearer message in Cipher when key is not bytes
* Change location of key type check to verify_key_size function
* Replace formated error message with static
* Add key type check tests to all ciphers constructors
* Change key type error message to lowercase
|
| |
|
|
|
|
| |
* deprecate the constant time bytes comparison path old python 2.7.x uses
* pep8
|
| |
|
|
|
|
| |
Internal block size isn't a particularly useful piece of information and
constructions like SHA3 make it even harder to determine what that
really means. Accordingly, we're removing it from the interface (but
leaving it on all existing hashes)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Future proofing use of the six python version constants
After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.
[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/
Signed-off-by: Eric Brown <browne@vmware.com>
* Use not PY2 instead
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
|
| |
|
|
| |
This is a remnant of the function code checking when this logic looked
at both encrypt/decrypt versions of this error code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up unused EC bindings.
A lot of these are really OpenSSL internals, like the EC_METHOD
business, support for custom curves which are a bad idea, and weird
non-standard serializations like taking the usual point serialization
and treating it as a single BIGNUM.
I also didn't remove things when they're arguably part of a set. E.g.
EC_POINT_add is used, but EC_POINT_dbl isn't. However, they both set at
the same abstraction level (basic point operations), so it's strange to
have one without the other.
I also kept EC_POINT_is_on_curve because, although it is not used,
OpenSSL prior to 1.1.0 doesn't perform this important check in
EC_POINT_set_affine_coordinates_GFp (though it does in some of the
functions which ultimately call it, like
EC_KEY_set_public_key_affine_coordinates, what cryptography.io actually
uses), so one should not expose the latter without the former.
* Fix build issue.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise a ValueError when conversion to generalizedtime fails
* added test for badasn1time value error
* pep8 compliance
* Addressing code review
+ VE now raises with ```{!r}``` formatting
+ Test now checks that the bad string made it into the VE message
* using ValueError.match
|
| | |
|
| |
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
| |
* load Q=224 vectors
* DSA parameters should support 224 for q length
* oxford comma
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| | |
|
| |
|
|
|
|
|
|
| |
* fix a memory leak in ec derive_private_key
fixes #4095
* pep8!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
| |
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
| |
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
| |
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
| |
|
|
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
* Use BN_clear_free in lieu of BN_free
* Use BN_free on public values
|
| |
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
| |
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| | |
|
| |
|
|
|
|
| |
This bug looks bad but ends up being benign because HMAC is specified to
pad null bytes if a key is too short. So we passed too few bytes and
then OpenSSL obligingly padded it out to the correct length. However, we
should still do the right thing obviously.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Inline calls to bit_length now that it's trivial
* unused imports
* An comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* backwards incompatible change to UniformResourceIdentifier
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies URI to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for URI
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* nonsense empty commit 2.6 and codecov are the worst
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* backwards incompatible change to RFC822Name
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies RFC822Name to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for RFC822Name
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* whoops
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backwards incompatible change to DNSName
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies DNSName to take three different types.
U-label strings (which raises a deprecation warning), A-label strings
(the new preferred type), and bytes (which are assumed to be decodable
to unicode strings). The latter, while supported, is primarily intended
for use by our parser and allows us to return the actual encoded data in
a certificate even if it has not been properly encoded to A-label before
the certificate is created. (Of course, if the certificate contains
invalid utf8 sequences this will still fail, but let's handle one
catastrophic failure at a time).
* coverage
* don't delete that asterisk from a test. it does things.
* no bytes in DNSName. Private constructor for bypassing validation
* test unicode in dnsname (yuck)
* fix docs
* empty commit, you disappoint me codecov
* CI is the worst
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
|
| |
|
|
|
|
|
|
|
|
| |
* add ChaCha20 support
* review feedback
* 256 divided by 8 is what again?
* ...
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
|
| |
|
|
|
|
|
|
|
|
| |
* add freshest CRL support
* add tests
* add changelog
* add tests for FreshestCRL generation
|
| |
|
| |
This is an extension for CRLs
|
| | |
|
| |
|
|
| |
We support directly passing bytes now and these code paths are
duplicated in the deprecated value attributes.
|
| |
|
|
|
| |
strings of the form "scheme:///anything" would incorrectly have two
slashes dropped. This is fixed in two code paths in this PR but one of
those code paths will be entirely removed in a followup PR.
|
