summaryrefslogtreecommitdiff
path: root/src/cryptography/hazmat/backends/openssl/rsa.py
Commit message (Collapse)AuthorAgeFilesLines
* support equality checks on all public asymmetric key types (#8700)Paul Kehrer2023-04-101-0/+9
| | | | | * support equality checks on all public asymmetric key types * review feedback
* Use from __future__ import annotations everywhere (#8643)Alex Gaynor2023-03-311-17/+19
|
* Simplify/unify Rust and Python OpenSSL error handling (#8552)Alex Gaynor2023-03-201-3/+3
|
* Use the ruff 'pyupgrade' checks (#8104)Alex Gaynor2023-01-201-2/+2
|
* Switch from flake8 to ruff (#7920)Alex Gaynor2022-12-211-6/+3
| | | It's more than 60x faster.
* add unsafe_skip_rsa_key_validation (#7667)Paul Kehrer2022-10-031-2/+7
| | | | | | | | | | | | | | | | | | | * add unsafe_skip_rsa_key_validation This allows users to skip RSA key validation when calling load_pem_private_key, load_der_private_key, and RSAPrivateNumbers.private_key. This is a significant performance improvement but is **only safe if you know the key is valid**. If you use this when the key is invalid OpenSSL makes no guarantees about what might happen. Infinite loops, crashes, and all manner of terrible things become possible if that occurs. Beware, beware, beware. * Apply suggestions from code review Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * remove unneeded variable Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* lazily initialize blinding (#7292)Paul Kehrer2022-05-311-6/+25
|
* Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)Paul Kehrer2022-04-161-2/+14
| | | | | | | * add PSS auto support for verification * add support for PSS.DIGEST_LENGTH * review comments
* check for invalid keys that RSA_check_key misses (#7080)Paul Kehrer2022-04-161-0/+12
| | | | | | | | | * check for invalid keys that RSA_check_key misses RSA_check_key checks for primality but that fails to catch this case since 2 is prime. Instead we fetch p and q and verify that they are odd and if not reject the key as invalid. * circleci sucks
* fixes #6927 -- handle negative return values from openssl (#6928)Alex Gaynor2022-03-041-1/+1
|
* Add types for padding.PSS class. (#6882)Jonathan Slenders2022-02-231-2/+3
|
* more type annotations for internal rsa (#6749)Paul Kehrer2021-12-231-10/+58
|
* simplify _calculate_digest_and_algorithm (#6719)Paul Kehrer2021-12-221-6/+2
|
* fixed out of date error message (#6675)Alex Gaynor2021-12-061-2/+5
|
* remove signer/verifier as they've been deprecated for 4.25 years (#6639)Paul Kehrer2021-12-031-93/+0
| | | | | * remove signer/verifier as they've been deprecated for 4.25 years * fix coverage
* Remove read_only_property and precisely type all these getters (#6668)Alex Gaynor2021-11-291-2/+6
| | | | | | | * Remove read_only_property and precisely type all these getters * flake8 * unused
* Drop supported for older LibreSSL (#6660)Alex Gaynor2021-11-261-1/+1
| | | | | | | | | | | | | * Drop supported for older LibreSSL 3.1 covers the oldest version used by versions of Alpine and OpenBSD that are supported by their upstreams. * Remove tests that are now unused * Update CHANGELOG.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Attempt to turn FIPS small RSA errors into something useful (#6487)Alex Gaynor2021-10-291-1/+4
| | | | | | | | | * Attempt to turn FIPS small RSA errors into something useful * Black * fix * doh
* Speed up RSA tests in 3.0.0 (#6206)Paul Kehrer2021-08-111-5/+11
| | | | | | | | | | | | | | | | | | | | * Speed up RSA tests in 3.0.0 RSA_check_key is slower in OpenSSL 3.0.0 due to improved primality checking. In normal use this is unlikely to be a problem since users don't load new keys constantly, but we do in our tests. This adds some private flags to allow skipping those checks for performance reasons. On my laptop with this patch it takes 16s to run test_rsa.py. The previous commit takes 72s. * black * different approach * skip rsa key checks in wycheproof wycheproof's tets don't rely on broken keys
* rsa type hinting (#5733)Paul Kehrer2021-02-011-34/+94
| | | | | | | | | | | | | | | | | | | * rsa type hinting * remove unused import * missed return type * type fixes * ignores no longer required * black gets me every time * Update src/cryptography/hazmat/backends/openssl/rsa.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* make PrivateKeyWithSerialization an alias of PrivateKey (#5722)Paul Kehrer2021-01-311-4/+4
| | | | | * make PrivateKeyWithSerialization an alias of PrivateKey * black
* we didn't actually commit the final doc fixes for the recover PR (#5614)Paul Kehrer2020-12-091-1/+1
|
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-091-1/+0
|
* Add support for RSA signature recovery (#5573)Zoltan Kelemen2020-12-071-11/+62
| | | | | | | | | | | | | | | | | | * Removed unused argument. * Added support for RSA signature recovery. * Syntatic corrections for passing pep8 tests. * Corrected typo. * Added test of invalid Prehashed parameter to RSA signature recover. * Renamed recover to a more descriptive name. * Extended RSA signature recovery with option to return full data (not only the digest part). * Added missing words to pass spell check.
* Disable blinding for RSA pub keys (#5524)Alex Gaynor2020-10-271-5/+0
|
* Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)Alex Gaynor2020-10-251-15/+11
|
* move blinding to __init__ on both RSA public and private (#5506)Paul Kehrer2020-10-251-2/+10
| | | | | * move blinding to __init__ on both RSA public and private * change signature to guarantee this test is testing what we think
* new black, actually slightly different than the old black (#5429)Paul Kehrer2020-08-261-1/+2
|
* fixes #4706 -- don't internal error on corrupt private key (#5307)Alex Gaynor2020-08-151-0/+5
| | | | | * fixes #4706 -- don't internal error on corrupt private key * Temporary disable paramiko
* simplify more errors (#5353)Paul Kehrer2020-07-261-36/+10
| | | the quest to stop using unstable openssl error codes continues
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-201-66/+74
|
* Cleanup serialize (#5149)Marko Kreen2020-05-251-0/+1
| | | | | | | | | | | | | | * Additional tests for public/private_bytes They expose few places that raise TypeError and AssertionError! before, and ValueError later. * Cleanup of private_bytes() backend Also pass key itself down to backend. * Cleanup of public_bytes() backend * Test handling of unsupported key type
* Added wycheproof RSA PKCSv1 encryption tests (#5234)Alex Gaynor2020-04-261-0/+1
|
* Replace floating point arithmetic with integer arithmetic (#5181)Torin Carey2020-04-041-3/+1
|
* Simplify string formatting (#4757)Alex Gaynor2019-02-201-3/+3
|
* Remove a dead assignment (#4692)Alex Gaynor2019-01-151-1/+0
|
* convert some asserts to function calls (#4636)Paul Kehrer2018-12-101-10/+14
|
* centralize our bytes check (#4622)Paul Kehrer2018-12-021-2/+1
| | | this will make life a bit easier when we support bytearrays
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm (#4542)Paul Kehrer2018-10-291-13/+14
| | | | | | * create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm * remove unused import
* we don't actually care about the errstack here, it's an invalid signature ↵Paul Kehrer2018-07-101-2/+1
| | | | | | | | | | | | | | (#4325) * we don't actually care about the errstack here, it's an invalid signature We previously had no cases where we could error without getting errors on the error stack, but wycheproof contains test cases that can error without adding anything to the stack. Accordingly, we should clear the stack but raise InvalidSignature no matter what (rather than InternalError if we have no error msgs) * add a test
* Convert a pair of asserts to use openssl_assert (#4318)Alex Gaynor2018-07-091-2/+2
| | | We have an existence proof that the latter assertion can be triggered, and I bet the former can too.
* refactor rsa signature/verification logic to remove duplication (#3903)Paul Kehrer2017-09-211-91/+34
|
* RSA OAEP label support for OpenSSL 1.0.2+ (#3897)Paul Kehrer2017-09-081-3/+15
| | | | | | | | | | * RSA OAEP label support for OpenSSL 1.0.2+ * changelog * move around tests, address review feedback, use backend supported method * unsupported padding catches this now
* deprecate signer/verifier on asymmetric keys (#3663)Paul Kehrer2017-06-031-1/+4
| | | | | | * deprecate signer/verifier on asymmetric keys * review feedback, switch deprecated_call to work around a bug
* make signature and verification contexts error better re: prehashed (#3658)Paul Kehrer2017-06-021-1/+3
| | | | | | * make signature and verification contexts error better re: prehashed * code review feedback
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-131-29/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-201-18/+17
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* support prehashing in RSA sign (#3238)Paul Kehrer2016-11-201-3/+13
| | | | | | | | * support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
* refactor RSA signature verification to prep for prehash support (#3261)Paul Kehrer2016-11-201-98/+73
|
* refactor RSA signing to prep for prehash support (#3240)Paul Kehrer2016-11-191-110/+131
|
View Lorry Controller Status