summaryrefslogtreecommitdiff
path: root/docs/development
Commit message (Collapse)AuthorAgeFilesLines
* Fix gitlab URLs for linkcheck (#8938)Alex Gaynor2023-05-171-2/+2
|
* add RSA PSS SHA1 hash algorithm + SHA1 MGF1 test vector (#8906)Paul Kehrer2023-05-111-0/+2
|
* invalid visible string support (#8884)Paul Kehrer2023-05-071-0/+2
| | | | | | | | | | | | * invalid visible string support this allows utf8 in visiblestring, which is not valid DER. we raise a warning when this happens, but allow it since belgian eIDs, among others, have encoding errors. Belgium fixed this by 2021 (and possibly earlier), but their eID certificates have 10 year validity. * review comments * clippy
* add one more RSA PSS invalid test vector (#8798)Paul Kehrer2023-04-231-0/+2
|
* add two RSA PSS certificate vectors that have invalid encodings (#8797)Paul Kehrer2023-04-231-0/+5
| | | | | | | * add two RSA PSS certificate vectors that have invalid encodings The signatures on these vectors are not valid. * spelling
* add support for aes256-gcm@openssh.com decryption for SSH keys (#8738)Paul Kehrer2023-04-151-0/+4
| | | | | | | * add support for aes256-gcm@openssh.com decryption for SSH keys * review feedback * skip when bcrypt isn't present
* Support msCertificateTemplate extension (#8695)Paul Kehrer2023-04-101-0/+2
| | | | | | | * support ms certificate template * contortions for rust coverage * review feedback
* update docs for macOS dev with rust openssl (#8653)Paul Kehrer2023-04-021-18/+4
|
* Switch from tox to nox (#8651)Alex Gaynor2023-04-022-33/+14
|
* Added support for OCSP AcceptableResponses extension (#8617)Alex Gaynor2023-03-271-1/+3
| | | fixes #8589
* Update to the new wycheproof (#8403)Alex Gaynor2023-02-281-1/+1
|
* add CRL vector with an inner/outer signature OID mismatch (#8163)Paul Kehrer2023-01-291-0/+3
|
* Use the ruff 'pyupgrade' checks (#8104)Alex Gaynor2023-01-209-46/+38
|
* fixes #8035 -- added a test for loading a cert with another PEM block ↵Alex Gaynor2023-01-121-0/+2
| | | | containing headers (#8045)
* mismatched inner/outer signature algorithm x509 cert (#8038)Paul Kehrer2023-01-101-0/+3
|
* more test vectors for ssh certs (#7993)Paul Kehrer2023-01-061-0/+10
|
* another ssh cert vector (#7991)Paul Kehrer2023-01-051-0/+2
|
* add ssh certificate test vectors (#7984)Paul Kehrer2023-01-051-0/+21
|
* Pin python dev dependencies in CI with a pip constraints file (#7962)Alex Gaynor2023-01-031-28/+16
|
* Switch from flake8 to ruff (#7920)Alex Gaynor2022-12-215-5/+1
| | | It's more than 60x faster.
* x509: add `load_pem_x509_certificates` (#7878)William Woodruff2022-12-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * x509: add `load_pem_x509_certificates` This behaves similarly to `load_pem_x509_certificate`, except that it returns a list of loaded certificates instead of just the first X.509 certificate. It raises if the input contains no PEM-encoded certificates, or if PEM or certificate parsing fail. Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: blacken Signed-off-by: William Woodruff <william@trailofbits.com> * Update docs/x509/reference.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * tests/x509: assert each item in the list is actually a certificate Signed-off-by: William Woodruff <william@trailofbits.com> * bindings: expose `load_pem_x509_certificates` in `x509.pyi` Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: test the structure of each cert a bit This has the transitive effect of establishing a fixed order. Signed-off-by: William Woodruff <william@trailofbits.com> * CHANGELOG: record changes Signed-off-by: William Woodruff <william@trailofbits.com> * docs: add PEM to spellcheck allowlist Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: document expected param Signed-off-by: William Woodruff <william@trailofbits.com> Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fix parsing for CRLs with TLVs > 65535 bytes (#7575)Paul Kehrer2022-09-071-0/+1
| | | | | | | | | | * add CRL test vector with 9,999 revoked items * bump rust-asn1 * add large CRL test this tests CRLs larger than 65535 bytes in size. rust-asn1 supports up to 4GiB TLVs now, but we'll avoid putting a test vector that big for now
* Added OCB vectors from openssl (#7401)Alex Gaynor2022-07-051-1/+2
|
* Added vectors for long form tags (#7396)Alex Gaynor2022-07-041-0/+4
|
* X.509/Certificate: Add `tbs_precertificate_bytes` property (#7279)William Woodruff2022-05-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add `tbs_precertificate_bytes` property * docs/x509: document `tbs_precertificate_bytes` Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: add two trivial tests Signed-off-by: William Woodruff <william@trailofbits.com> * x509/base: fix lint Signed-off-by: William Woodruff <william@trailofbits.com> * oid: add CERTIFICATE_TRANSPARENCY (1.3.6.1.4.1.11129.2.4.4) Signed-off-by: William Woodruff <william@trailofbits.com> * hazmat/oid: rehome CERTIFICATE_TRANSPARENCY under ExtendedKeyUsageOID Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: fix link, help the spellchecker Signed-off-by: William Woodruff <william@trailofbits.com> * x509: Raise ValueError when we can't filter SCT list extension * tests: Expect a `ValueError` when accessing `tbs_precertificate_bytes` in default example * tests, vectors: Add TBS precert vector for test comparison * docs/x509: document the `CERTIFICATE_TRANSPARENCY` OID Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: elaborate `tbs_precertificate_bytes` Signed-off-by: William Woodruff <william@trailofbits.com> * rust/x509: remove unused OID Signed-off-by: William Woodruff <william@trailofbits.com> * x509/certificate: tweak error Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: reorganize Signed-off-by: William Woodruff <william@trailofbits.com> * Update src/rust/src/x509/certificate.rs Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * tests/x509: more reorg, rename Signed-off-by: William Woodruff <william@trailofbits.com> * docs: document new testvector Signed-off-by: William Woodruff <william@trailofbits.com> * docs: coax the spellchecker Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: use a cert that doesn't require SHA-1 Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: test for no extensions at all Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: Alex Cameron <asc@tetsuo.sh> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Added vectors for invalid CSR/CRL versions (#7247)Alex Gaynor2022-05-221-0/+3
| | | | | | | | | * Added vectors for invalid CSR/CRL versions * Update docs/development/test-vectors.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Remove vestiges of doc8 (#7233)Alex Gaynor2022-05-181-2/+1
| | | We don't use it since 1eccc52b637a4745a38e61ca2f9f21d383862175
* docs, vectors: add two more x509 SCT testvectors (#7215)William Woodruff2022-05-121-0/+5
| | | Signed-off-by: William Woodruff <william@yossarian.net>
* Fix test CRLs and CSRs with invalid versions (#7216)David Benjamin2022-05-121-9/+12
| | | | | | | | | | | | CRL versions only go up to v2 (numeric value 1) and CSRs only define v1 (numeric value 0). See https://www.rfc-editor.org/rfc/rfc5280.html#section-5.1 and https://www.rfc-editor.org/rfc/rfc2986.html#section-4. Some of the inputs used in tests were misissued. Unfortunately, the corresponding private keys for these test vectors weren't provided, so I've just editted the inputs with der-ascii and left the signatures invalid. The tests in question don't seem to rely on valid signatures.
* add x509 pss certificate and public key (#7161)Paul Kehrer2022-04-301-0/+4
| | | | | | | | | | | | * add x509 pss certificate and public key the cert is signed using rsa_pss_2048.pem and the public key is the public components of that private key * Update docs/development/test-vectors.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* docs: fix linting tox env name (#7117)Robert Coup2022-04-261-1/+1
|
* add RSA PSS test vectors (#7086)Paul Kehrer2022-04-171-0/+11
|
* check for invalid keys that RSA_check_key misses (#7080)Paul Kehrer2022-04-161-1/+3
| | | | | | | | | * check for invalid keys that RSA_check_key misses RSA_check_key checks for primality but that fails to catch this case since 2 is prime. Instead we fetch p and q and verify that they are odd and if not reject the key as invalid. * circleci sucks
* update pkcs7 test vectors (#7030)Paul Kehrer2022-04-031-2/+4
| | | | | * update pkcs7 test vectors * this is a word
* OCB3 test vectors for 104, 112, and 120-bit nonces (#7009)Paul Kehrer2022-03-291-1/+2
|
* fixes #6804 -- improve error message quality with invalid characters in name ↵Alex Gaynor2022-02-061-0/+2
| | | | attributes (#6843)
* Remove explicit subclassing of object now that all classes are new-style (#6830)Alex Gaynor2022-01-301-1/+1
| | | As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
* support parsing bitstring values in DNs (#6629)Paul Kehrer2021-11-281-0/+2
| | | | | | | | | | | * support bitstring values in DNs parsing is limited to x500UniqueIdentifier only * Update src/cryptography/x509/name.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* allow parsing of nonstandard country name and jurisdiction country name (#6641)Paul Kehrer2021-11-211-0/+3
| | | | | | The spec requires both of these to be exactly two characters to correspond with ISO country codes. Reality is sometimes messier, so this allows parsing (but not encoding) of this invalid data. Parsing will raise a UserWarning if incorrect lengths are detected.
* add AES SIV vectors (#6608)Paul Kehrer2021-11-151-0/+2
|
* add AES OCB3 test vectors (#6606)Paul Kehrer2021-11-151-0/+1
|
* Allow parsing CSR extensions with the critical bit having an explicitly ↵Alex Gaynor2021-11-141-0/+2
| | | | | | | encoded default (#6600) * Allow parsing CSR extensions with the critical bit having an explicitly encoded default * Poke for zuul
* allow multiple identical pem blocks (#6551)Paul Kehrer2021-11-051-2/+2
| | | | | this matches our behavior to OpenSSL and allows users to pass a chain to our PEM loaders. To make this a little less magical it is now documented.
* deprecate backend part 4 of n (#6522)Paul Kehrer2021-11-022-5/+1
|
* deprecate backend part 1 of n (#6517)Paul Kehrer2021-11-028-19/+6
| | | | * update all custom vector generation scripts to not use backends * remove references to backends in test-vectors.rst
* add accvraiz1 bmpstring test vector (#6503)Paul Kehrer2021-10-311-0/+2
|
* Add new PKCS12 test vectors (#6383)Felix Fontein2021-10-061-0/+102
| | | | | | | * Add new PKCS12 test vectors for #6348. * Re-create test certs without DSA. * Forgot to adjust the docs.
* Accept combined PEM files with multiple sections (#6365)Maximilian Hils2021-10-031-0/+4
| | | | | * accept combined PEM files with multiple sections * pass error messages into `find_in_pem`
* support legacy PEM headers for certificate and CSR (#6356)Paul Kehrer2021-10-021-0/+5
|
* add new x509 request vector (#6313)Paul Kehrer2021-09-271-0/+3
|
View Lorry Controller Status