delta/python-packages/cryptography.git/tests, branch 2.8 github.com: pyca/cryptography.git UniversalString needs to be encoded as UCS-4 (#5000) 2019-10-17T01:07:56+00:00 Marko Kreen markokr@gmail.com 2019-10-17T01:07:56+00:00 16d3ae1b8e96b4c112c0f17911b5d14f0ed20385 






update our test to be more robust wrt some changes from upstream (#4993)
2019-09-11T04:12:30+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2019-09-11T04:12:30+00:00

e575e3d482f976c4a1f3203d63ea0f5007a49a2a












one more missing branch (#4992)
2019-09-09T12:15:44+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2019-09-09T12:15:44+00:00

91f81c514d2d4426ba94cda4f6bcb5719843b760












fix coverage, small cleanups in tests (#4990)
2019-09-09T05:23:35+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2019-09-09T05:23:35+00:00

73114b39c1afe6061cc45acf02d185934ae08b04












Finish ed25519 and ed448 support in x509 module (#4972)
2019-09-08T23:44:02+00:00

Marko Kreen
markokr@gmail.com

2019-09-08T23:44:02+00:00

f7c77712d6611dc72cb2ef6fb1fe72fee4ab88de

* Support ed25519 in csr/crl creation

* Tests for ed25519/x509

* Support ed448 in crt/csr/crl creation

* Tests for ed448/x509

* Support ed25519/ed448 in OCSPResponseBuilder

* Tests for eddsa in OCSPResponseBuilder

* Builder check missing in create_x509_csr

* Documentation update for ed25519+ed448 in x509





* Support ed25519 in csr/crl creation

* Tests for ed25519/x509

* Support ed448 in crt/csr/crl creation

* Tests for ed448/x509

* Support ed25519/ed448 in OCSPResponseBuilder

* Tests for eddsa in OCSPResponseBuilder

* Builder check missing in create_x509_csr

* Documentation update for ed25519+ed448 in x509







Allow FreshestCRL extension in CRL (#4975)
2019-09-07T07:32:13+00:00

Marko Kreen
markokr@gmail.com

2019-09-07T07:32:13+00:00

202f5675b246764461d40725abab704495e0dba2

Per RFC5280 it is allowed in both certificates and CRL-s.




Per RFC5280 it is allowed in both certificates and CRL-s.






fix coverage by adding two artificial DSA public keys (#4984)
2019-09-07T03:22:51+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2019-09-07T03:22:51+00:00

b5b6bd13a22ee48eec55817867a2c8737addeee0

* fix coverage by adding two artificial DSA public keys

One key removes the optional parameters from the structure to cover a
branch conditional, and the other key has its BITSTRING padding value
set to a non-zero value.

* lexicographic? never heard of it





* fix coverage by adding two artificial DSA public keys

One key removes the optional parameters from the structure to cover a
branch conditional, and the other key has its BITSTRING padding value
set to a non-zero value.

* lexicographic? never heard of it







Make DER reader into a context manager (#4957)
2019-07-29T02:58:04+00:00

Alex Gaynor
alex.gaynor@gmail.com

2019-07-29T02:58:04+00:00

9cd41ac714d9bff819ece6d8cdcde064d403c671

* Make DER reader into a context manager

* Added another test case

* flake8





* Make DER reader into a context manager

* Added another test case

* flake8







Remove asn1crypto dependency (#4941)
2019-07-28T17:06:40+00:00

David Benjamin
davidben@google.com

2019-07-28T17:06:40+00:00

2d3b420383fc6aa16675e04caec56ca6b16069a1

* Remove non-test dependencies on asn1crypto.

cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.

Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:

  from __future__ import absolute_import, division, print_function
  import timeit

  print(timeit.timeit(
      "decode_dss_signature(sig)",
      setup=r"""
  from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
  sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
  """,
      number=10000))

Python 2.7:
  asn1crypto: 0.25
  _der.py: 0.098

Python 3.5:
  asn1crypto: 0.17
  _der.py: 0.10

* Remove test dependencies on asn1crypto.

The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.

* Add a read_single_element helper function.

The outermost read is a little tedious.

* Address flake8 warnings

* Fix test for long-form vs short-form lengths.

Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.

* Remove support for negative integers.

These never come up in valid signatures. Note, however, this does
change public API.

* Update src/cryptography/hazmat/primitives/asymmetric/utils.py

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>

* Review comments

* Avoid hardcoding the serialization of NULL in decode_asn1.py too.





* Remove non-test dependencies on asn1crypto.

cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.

Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:

  from __future__ import absolute_import, division, print_function
  import timeit

  print(timeit.timeit(
      "decode_dss_signature(sig)",
      setup=r"""
  from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
  sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
  """,
      number=10000))

Python 2.7:
  asn1crypto: 0.25
  _der.py: 0.098

Python 3.5:
  asn1crypto: 0.17
  _der.py: 0.10

* Remove test dependencies on asn1crypto.

The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.

* Add a read_single_element helper function.

The outermost read is a little tedious.

* Address flake8 warnings

* Fix test for long-form vs short-form lengths.

Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.

* Remove support for negative integers.

These never come up in valid signatures. Note, however, this does
change public API.

* Update src/cryptography/hazmat/primitives/asymmetric/utils.py

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>

* Review comments

* Avoid hardcoding the serialization of NULL in decode_asn1.py too.







some test improvements (#4954)
2019-07-27T19:42:42+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2019-07-27T19:42:42+00:00

25efc646152c3b9e3e4d2ffcd81ccb52055782f3

detect md5 and don't generate short RSA keys
these changes will help if we actually try to run FIPS enabled




detect md5 and don't generate short RSA keys
these changes will help if we actually try to run FIPS enabled