summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
...
* nit: remove stray space (#7429)Alex Gaynor2022-07-171-1/+1
|
* Update things for 2022 (#7413)Alex Gaynor2022-07-102-4/+4
|
* Added OCB vectors from openssl (#7401)Alex Gaynor2022-07-051-1/+2
|
* Added vectors for long form tags (#7396)Alex Gaynor2022-07-041-0/+4
|
* docs: Fix type returned by get_extension_for_oid() and ↵Felix Dreissig2022-06-281-2/+2
| | | | | | | | | get_extension_for_class() (#7380) The previous wording (to me) sounded as if an instance of the specific `ExtensionType` subclass would be returned. But the methods actually return an `Extension` instance, from which the specific `ExtensionType` instance can be accessed through the `value` property.
* Point people at AEADs in symmetric encryption docs (#7326)Alex Gaynor2022-06-101-6/+10
|
* add note that load_pem_private_key is the wrong func for SSH keys (#7315)Paul Kehrer2022-06-061-0/+4
|
* Update installation docs (#7310)Alex Gaynor2022-06-051-2/+2
| | | RHEL/CentOS 8 should work fine with these instructions
* X.509/Certificate: Add `tbs_precertificate_bytes` property (#7279)William Woodruff2022-05-312-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add `tbs_precertificate_bytes` property * docs/x509: document `tbs_precertificate_bytes` Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: add two trivial tests Signed-off-by: William Woodruff <william@trailofbits.com> * x509/base: fix lint Signed-off-by: William Woodruff <william@trailofbits.com> * oid: add CERTIFICATE_TRANSPARENCY (1.3.6.1.4.1.11129.2.4.4) Signed-off-by: William Woodruff <william@trailofbits.com> * hazmat/oid: rehome CERTIFICATE_TRANSPARENCY under ExtendedKeyUsageOID Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: fix link, help the spellchecker Signed-off-by: William Woodruff <william@trailofbits.com> * x509: Raise ValueError when we can't filter SCT list extension * tests: Expect a `ValueError` when accessing `tbs_precertificate_bytes` in default example * tests, vectors: Add TBS precert vector for test comparison * docs/x509: document the `CERTIFICATE_TRANSPARENCY` OID Signed-off-by: William Woodruff <william@trailofbits.com> * docs/x509: elaborate `tbs_precertificate_bytes` Signed-off-by: William Woodruff <william@trailofbits.com> * rust/x509: remove unused OID Signed-off-by: William Woodruff <william@trailofbits.com> * x509/certificate: tweak error Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: reorganize Signed-off-by: William Woodruff <william@trailofbits.com> * Update src/rust/src/x509/certificate.rs Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * tests/x509: more reorg, rename Signed-off-by: William Woodruff <william@trailofbits.com> * docs: document new testvector Signed-off-by: William Woodruff <william@trailofbits.com> * docs: coax the spellchecker Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: use a cert that doesn't require SHA-1 Signed-off-by: William Woodruff <william@trailofbits.com> * tests/x509: test for no extensions at all Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: Alex Cameron <asc@tetsuo.sh> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Enforce that CRL and CSR versions must be valid. (#7249)Alex Gaynor2022-05-221-2/+2
| | | Fixes #7231
* Added vectors for invalid CSR/CRL versions (#7247)Alex Gaynor2022-05-221-0/+3
| | | | | | | | | * Added vectors for invalid CSR/CRL versions * Update docs/development/test-vectors.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* CT: `extensions` -> `extension_bytes` (#7238)William Woodruff2022-05-191-1/+1
| | | Signed-off-by: William Woodruff <william@trailofbits.com>
* CT: add `SignedCertificateTimestamp.extensions` (#7237)William Woodruff2022-05-201-0/+8
| | | Signed-off-by: William Woodruff <william@trailofbits.com>
* Remove vestiges of doc8 (#7233)Alex Gaynor2022-05-181-2/+1
| | | We don't use it since 1eccc52b637a4745a38e61ca2f9f21d383862175
* Update install docs now that we test on Windows 2022 (#7230)Alex Gaynor2022-05-172-2/+3
| | | | | | | | | | | | | * Update install docs now that we test on Windows 2022 * Update installation.rst * Update spelling_wordlist.txt * Update docs/installation.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* x509/CT: expose more SCT internals (#7207)William Woodruff2022-05-131-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * WIP * x509: remove TBS work for now Signed-off-by: William Woodruff <william@yossarian.net> * CT: flake8 Signed-off-by: William Woodruff <william@yossarian.net> * CT: remove TODO, add links Signed-off-by: William Woodruff <william@yossarian.net> * CT/SCT: strong enums for HashAlgorithm and SignatureAlgorithm Signed-off-by: William Woodruff <william@yossarian.net> * tests: add SCT hash/signature algorithm tests Signed-off-by: William Woodruff <william@yossarian.net> * tests: fix SignatureAlgorithm test, add signature contents test Signed-off-by: William Woodruff <william@yossarian.net> * rust: unit tests for {Hash,Signature}Algorithm Signed-off-by: William Woodruff <william@yossarian.net> * x509/sct: code coverage shenanigans Signed-off-by: William Woodruff <william@yossarian.net> * asn1, sct: pesky coverage Signed-off-by: William Woodruff <william@yossarian.net> * x509/sct: simplify parsing Signed-off-by: William Woodruff <william@yossarian.net> * docs: document new SCT APIs Signed-off-by: William Woodruff <william@yossarian.net> * docs: add refs to RFC 5246 Signed-off-by: William Woodruff <william@yossarian.net> * SCT: forbid nonsense hash and signature algos No tests, yet. Signed-off-by: William Woodruff <william@yossarian.net> * tests: add invalid hash/sig algo tests Signed-off-by: William Woodruff <william@yossarian.net> * sct: remove ToAttr trait Inline impl into each struct's impl. Signed-off-by: William Woodruff <william@yossarian.net> * sct: remove invalid hash/sig variants These should never appear in the context of SCTs. Signed-off-by: William Woodruff <william@yossarian.net> * sct: collapse matches Handle invalid/unknown variants together. Signed-off-by: William Woodruff <william@yossarian.net> * tests: update SCT tests Signed-off-by: William Woodruff <william@yossarian.net> * sct: add a TODO Signed-off-by: William Woodruff <william@yossarian.net> * sct: return a primitives.hashes object instead of a custom enum Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Alex Cameron <asc@tetsuo.sh>
* docs, vectors: add two more x509 SCT testvectors (#7215)William Woodruff2022-05-121-0/+5
| | | Signed-off-by: William Woodruff <william@yossarian.net>
* Fix test CRLs and CSRs with invalid versions (#7216)David Benjamin2022-05-121-9/+12
| | | | | | | | | | | | CRL versions only go up to v2 (numeric value 1) and CSRs only define v1 (numeric value 0). See https://www.rfc-editor.org/rfc/rfc5280.html#section-5.1 and https://www.rfc-editor.org/rfc/rfc2986.html#section-4. Some of the inputs used in tests were misissued. Unfortunately, the corresponding private keys for these test vectors weren't provided, so I've just editted the inputs with der-ascii and left the signatures invalid. The tests in question don't seem to rely on valid signatures.
* Doc: Add parameter nonce for class ChaCha20 (#7202)Yang Yang2022-05-071-1/+1
|
* add x509 pss certificate and public key (#7161)Paul Kehrer2022-04-301-0/+4
| | | | | | | | | | | | * add x509 pss certificate and public key the cert is signed using rsa_pss_2048.pem and the public key is the public components of that private key * Update docs/development/test-vectors.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Fixes #7127 -- added attr_name_overrides on from_rfc4514_string (#7160)Alex Gaynor2022-04-301-1/+7
|
* Allow Fernet decryption to accept string tokens (#7116)Robert Coup2022-04-291-8/+8
| | | | | | | | | | | | | | | | | | | | * tests: better testid generation for fernet vectors Use the vector filename and array index for the pytest id rather than a concatenation of the vector content. eg: `tests/test_fernet.py::TestFernet::test_invalid[invalid.json:2]` * (Multi)Fernet: allow str tokens for decryption Remove some developer friction by allowing string tokens to be passed to Fernet decryption methods. Because a valid token as generated by `Fernet.encrypt()` is url-safe base64-encoded, a non-ASCII token is definitely invalid. The stdlib base64 function already accepts and checks ASCII str values so delegate to that. * Kick CI
* Bump MSRV to 1.48.0 (#7128)Alex Gaynor2022-04-271-8/+7
|
* Drop manylinux2010 (#6694)Alex Gaynor2022-04-261-1/+1
| | | It has very low usage
* docs: fix linting tox env name (#7117)Robert Coup2022-04-261-1/+1
|
* Remove trailing white space in docs (#7115)Alex Gaynor2022-04-261-1/+1
| | | Apparently none of our linters care
* add RSA PSS test vectors (#7086)Paul Kehrer2022-04-171-0/+11
|
* Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)Paul Kehrer2022-04-161-1/+16
| | | | | | | * add PSS auto support for verification * add support for PSS.DIGEST_LENGTH * review comments
* check for invalid keys that RSA_check_key misses (#7080)Paul Kehrer2022-04-161-1/+3
| | | | | | | | | * check for invalid keys that RSA_check_key misses RSA_check_key checks for primality but that fails to catch this case since 2 is prime. Instead we fetch p and q and verify that they are odd and if not reject the key as invalid. * circleci sucks
* Implement a parser for RFC4514 strings (#7055)Alex Gaynor2022-04-161-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * Initial tests * Implement. Required updating many many tests based on my read of the RFC. Should be reviewed closely. * Fix for py36 * flake8 * Improve coverage on hypothesis test * Remove bad assertion in hypothesis test * Update docs * fix docs * Fixed unicode support * review * docs review
* Added Ubuntu Jammy to CI (#7047)Alex Gaynor2022-04-071-1/+1
| | | | | * Added Ubuntu Jammy to CI * try thing
* Fix indentation in docs/x509/reference.rst (#7044)Dustin Ingram2022-04-051-3/+2
|
* serialize certs to pkcs7 (#7034)Paul Kehrer2022-04-041-0/+11
| | | | | * serialize certs to pkcs7 * missed assert
* update pkcs7 test vectors (#7030)Paul Kehrer2022-04-032-2/+5
| | | | | * update pkcs7 test vectors * this is a word
* SIV support (#7029)Paul Kehrer2022-04-021-0/+86
| | | | | * SIV support * empty commit to see if codecov sees the 3.0 coverage this time
* support 12-15 byte nonce sizes in OCB3 (#7011)Paul Kehrer2022-03-291-1/+1
| | | | | | | | | * support 12-15 byte nonce sizes in OCB3 * Update tests/hazmat/primitives/test_aead.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* OCB3 test vectors for 104, 112, and 120-bit nonces (#7009)Paul Kehrer2022-03-291-1/+2
|
* Serialize PKCS12 CA alias/friendlyName (#6910)ajoino2022-03-291-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | * PKCS12 serialization wrapper supports PKCS12Certificate cas * Added code from Felix's gist to serialize_key_and_certificate_to_pkcs12. Doesn't break current behaviour/tests, need to write validate new behaviour, write tests, and format code. * Simplified instance check * Tried to write tests, but I cannot figure out how to read the friendlyName from parsed_more_certs. * Fixed test function and renamed it. * Fixed formatting. * Commiting before trying black * Formatted updates to make flake8 and black happy. * Fixed first review comments. * remove forgotten print statement * use backend.openssl_assert instead of if ... * Documented changes. * Updated documentation.
* Don't reference unsupported version in installation docs (#6946)Alex Gaynor2022-03-131-1/+1
|
* Added OID for #6920 (#6925)sanchayanghosh2022-03-031-0/+9
| | | | | | | | | | | * Added OID * Added to docuemntation for IPSec SAs * Update docs/x509/reference.rst to correct the version change. Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* allow ed pk12, better tests (#6865)whiteowl32022-02-271-3/+7
| | | | | * dont block pk12 serialization of ed pairs * mimic test_ec curve skipping to satisfy alpine ci
* refs #6835 -- added oid constants for SHA3 signatures (#6850)Alex Gaynor2022-02-071-0/+40
|
* Test against Alpine on aarch64 (#6846)Alex Gaynor2022-02-061-0/+1
| | | | | | | | | * Test against Alpine on aarch64 * Update config.yml * Update installation.rst * Update config.yml
* fixes #6804 -- improve error message quality with invalid characters in name ↵Alex Gaynor2022-02-061-0/+2
| | | | attributes (#6843)
* Switch from centos to rhel in CI (#6844)Alex Gaynor2022-02-061-1/+1
| | | | | | | * Switch from centos to rhel in CI * Update installation.rst * Update installation.rst
* Remove FAQ that's no longer relevant (#6833)Alex Gaynor2022-01-301-7/+0
| | | We don't use environment markers anymore, now if you have a really old setuptools you get some different failure mode
* point to the AEAD version of GCM in the FAQ (#6832)Alex Gaynor2022-01-311-1/+1
|
* Remove explicit subclassing of object now that all classes are new-style (#6830)Alex Gaynor2022-01-301-1/+1
| | | As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
* Clean up the language in the docs now that 3.6 is the minimum we support (#6825)Alex Gaynor2022-01-291-4/+4
|
* Found another place where ancient PBKDF2 iterations were listed (#6816)April King2022-01-241-2/+2
|
View Lorry Controller Status