| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose BIGNUM constant time operations
This commit exposes the following functions:
BN_set_flags
BN_get_flags
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_free
BN_mod_exp_mont
BN_mod_exp_mont_consttime
This commit also exposes the BN_FLG_CONSTTIME flag.
* Add myself to AUTHORS
|
|
|
|
| |
(#4205)
|
|
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
|
|
| |
So here we need to make sure we don't simply include windows but only the parts that we want
|
|
|
|
|
|
|
|
| |
* add X509_NAME_print_ex
* Addressing code review
+ removed comment from bindings regarding deprecation of _print_oneline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise a ValueError when conversion to generalizedtime fails
* added test for badasn1time value error
* pep8 compliance
* Addressing code review
+ VE now raises with ```{!r}``` formatting
+ Test now checks that the bad string made it into the VE message
* using ValueError.match
|
| |
|
|
|
|
|
|
| |
* fix bug with n % 8 length wrapping on AESKWP
* review feedback
|
|
|
|
|
| |
This breaks the urllib3 tests, as well as several in-the-wild certs
This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
|
| |
|
|
|
|
|
|
| |
* 2.2 release!
* also change versions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
|
|
|
|
|
|
|
| |
* load Q=224 vectors
* DSA parameters should support 224 for q length
* oxford comma
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove unused bindings from asn1.py
This also includes a couple removals from x509v3.py which also reference
ASN1_ITEM_EXP.
* re-add int ASN1_STRING_set_default_mask_asc(char *);
* also re-add static const int MBSTRING_UTF8
|
|
|
|
|
|
| |
* don't allow GeneralNames to be an empty list
* flake8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we only expose SSL_get_peer_certificate, which allows you
to retrieve the remote party's certificate. This adds the symetrical
binding to retrieve the local party's certificate.
The motivation for this additional binding is to make it possible to
query the local certificate regardless of the method which was used to
load the certificate into the SSL connection (from a file, from an
in-memory object). An example where this is useful is when negotiating
a DTLS-SRTP connection, the fingerprint of the local certificate needs
to be communicated to the remote party out-of-band via SDP.
This binding can be exposed in pyopenssl as Connection.get_certificate().
|
| |
|
|
|
|
|
|
|
|
| |
* fix a memory leak in ec derive_private_key
fixes #4095
* pep8!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
|
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
|
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
|
|
| |
This avoids reaching into the ASN1_ITEM mess if not necessary.
|
|
|
|
|
|
|
|
| |
* Fixes #4076 - simplify the implementation of int_from_bytes on python2
* whitespace
* Added a test
|
|
|
|
|
|
|
|
|
|
|
| |
* The HKDF limit is actually 255 * digest_length_in_bytes
Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.
* test longer output
* changelog
|
|
|
|
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
* Use BN_clear_free in lieu of BN_free
* Use BN_free on public values
|
|
|
|
|
|
| |
* Expose BN_clear_free
* Use BN_clear_free in test_int_to_bn
|
|
|
|
|
|
| |
* just a quick confirmation that it really is an x25519 evp key
* openssl assert. take that python -O
|
|
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| |
|
|
|
|
|
|
| |
This bug looks bad but ends up being benign because HMAC is specified to
pad null bytes if a key is too short. So we passed too few bytes and
then OpenSSL obligingly padded it out to the correct length. However, we
should still do the right thing obviously.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix ASN1 string type encoding for several Name OIDs
When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.
Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.
This PR also adds tests for the ASN1 string type of ever supported
NameOID.
* review feedback
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add rotate method
* add some more tests for the failure modes
* start adding some documentation for the rotate method
* operate on a single token at a time, leave lists to the caller
* add versionadded
add versionadded, drop rotate from class doctest
* give rotate a doctest
* single level, not aligned
* add changelog for mf.rotate
* show that, once rotated, the old fernet instance can no longer decrypt the token
* add the instead of just the how
* update docs to reflect removal of ttl from rotate
* update tests
* refactor internal methods so that we can extract the timestamp
* implement rotate
* update wordlist (case sensitive?)
* lints
* consistent naming
* get_token_data/get_unverified_token_data -> better name
* doc changes
* use the static method, do not treat as imethod
* move up to MultiFernet docs
* add to authors
* alter wording
* monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second
* set the time after encryption to make sure that the time is preserved as part of re-encryption
|
| |
|
|
|
|
|
|
|
|
| |
* Inline calls to bit_length now that it's trivial
* unused imports
* An comment
|
|
|
|
|
|
|
|
|
|
| |
* expunge python 2.6
* how did THAT happen
* remove another unsupported python from the tox envlist
* hypothesis can now be unconditionally imported
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* backwards incompatible change to UniformResourceIdentifier
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies URI to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for URI
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* nonsense empty commit 2.6 and codecov are the worst
|