summaryrefslogtreecommitdiff
path: root/src/cryptography
Commit message (Collapse)AuthorAgeFilesLines
* prep 3.0 for release (#5327)3.0Paul Kehrer2020-07-201-1/+1
| | | | | * prep 3.0 for release * okay then
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-2070-1360/+1808
|
* test FIPS mode on centos8 (#5323)Paul Kehrer2020-07-201-1/+72
| | | | | | | | | | | | | | | * test FIPS mode on centos8 * remove branch we don't take * simpler * better comment * rename * revert some things that don't matter * small cleanups
* PKCS12 support (#5325)Paul Kehrer2020-07-202-0/+92
| | | | | | | | | | | | | | | | | | | * generate_pkcs12 (#4952) * pkcs12 support * simplify * remove fixtures * reorg and other improvements. memleak check * ugh * more fixes * last changes hopefully Co-authored-by: Tomer Shalev <tshalev@proofpoint.com>
* fix grammar in error message (#5322)Alex Gaynor2020-07-191-1/+1
|
* disable the osrandom engine on 1.1.1d+ (#5317)Paul Kehrer2020-07-192-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | * disable the osrandom engine on 1.1.1d+ * skip (and run) some tests on 1.1.1d+ * simplify our conditionals * Update src/_cffi_src/openssl/src/osrandom_engine.c Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * words * more words * language * get coverage more cleverly * a word * Update .github/workflows/ci.yml Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* test exceptions and properly reject duplicate attributes in csrbuilder (#5319)Paul Kehrer2020-07-181-0/+9
|
* Implement __deepcopy__ for x509 certificates (#5318)Alex Gaynor2020-07-181-0/+3
| | | fixes #5129
* raise a valueerror on multi-SINGLERESP valued OCSP responses (#5316)Paul Kehrer2020-07-181-3/+7
| | | InternalErrors are bad when we know they're reachable
* support encoding attributes via CertificateSigningRequestBuilder (#5315)Paul Kehrer2020-07-182-3/+31
| | | | | | | * support encoding attributes via CertificateSigningRequestBuilder * use a constant. now you know what 12 means! * pep8
* change KeyUsage repr to be less confusing (#5314)Paul Kehrer2020-07-181-2/+5
| | | fixes #5127
* support unstructured name x509 attributes (#5313)Paul Kehrer2020-07-181-0/+3
|
* fix indexing on X509 request attribute value (#5312)Paul Kehrer2020-07-181-2/+6
|
* support x509 request challenge password parsing (#4944)Paul Kehrer2020-07-054-3/+57
| | | | | | | | | | | | | * support x509 request challenge password parsing * switch to a more generic (but not too generic) attribute parsing * make it raise a valueerror * Update tests/x509/test_x509.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* support 4096 bit DSA parsing from numbers classes (#5301)Paul Kehrer2020-07-052-4/+8
| | | | | | | | | * support 4096 bit DSA parsing from numbers classes * need to get local linting fixed. * reorder * add a link to more reasons why DSA sucks
* Enforce that X.509 versions on valid on parse. (#5299)Alex Gaynor2020-07-051-13/+13
| | | Closes #5290
* Support parsing SCTs in OCSPResponse (#5298)Paul Kehrer2020-07-055-7/+88
| | | | | | | | | * Support parsing SCTs in OCSPResponse * s/typically/only and pep8 * remove unused vector Co-authored-by: Szilárd Pfeiffer <szilard.pfeiffer@balasys.hu>
* add SubjectInformationAccess extension support (#5295)Paul Kehrer2020-07-025-16/+64
| | | | | * add SubjectInformationAccess extension support * fixes
* constrain RSA key generation more heavily (#5288)Paul Kehrer2020-06-281-5/+5
| | | | | | | * constrain RSA key generation more heavily * constraint to just 3 & 65537 * explain change
* Disallow ttl=None in (Multi)Fernet.decrypt_at_time() (#5280)Jakub Stasiak2020-06-241-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Disallow ttl=None in (Multi)Fernet.decrypt_at_time() Since the introduction of the _at_time() methods in #5256[1] there's been this little voice in the back of my mind telling me that maybe it's not the best idea to allow ttl=None in decrypt_at_time(). It's been like this for convenience and code reuse reasons. Then I submitted a patch for cryptography stubs in typeshed[2] and I had to decide whether to define decrypt_at_time()'s ttl as int and be incompatible with cryptography's behavior or Optional[int] and advertise an API that can be misused much too easily. I went ahead with int. Considering the above I decided to propose this patch. Some amount of redundancy (and a new test to properly cover the MultiFernet.decrypt_at_time() implementation) is a price to prevent clients from shooting themselves in the foot with the tll=None gun since setting ttl to None disabled timestamp checks even if current_time was provided. [1] https://github.com/pyca/cryptography/pull/5256 [2] https://github.com/python/typeshed/pull/4238 * Actually test the return value here * Fix formatting
* Support OpenSSH private key serialization format (#5146)Marko Kreen2020-06-204-152/+642
| | | | | | | | | * ssh.py contains load/serialize code. * Add PrivateFormat.OpenSSH to .private_bytes() format. * Add load_ssh_private_key(). * Use new code for PublicFormat.OpenSSH too. * load_ssh_public_key() now supports reading signed public keys. * Supported algorithms: rsa, dsa, ec, ed25519. * Optional dependency on 'bcrypt' package via [ssh] extra
* Unify X.509 signature algorithm validation (#5276)Marko Kreen2020-06-142-48/+17
| | | | | - Use common implementation - OCSP signing was using different validation - Check if private key is usable for signing
* Add a way to pass current time to Fernet (#5256)Jakub Stasiak2020-06-141-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a way to pass current time to Fernet The motivation behind this is to be able to unit test code using Fernet easily without having to monkey patch global state. * Reformat to satisfy flake8 * Trigger a Fernet.encrypt() branch missing from coverage * Revert specifying explicit current time in MultiFernet.rotate() Message's timestamp is not verified anyway since ttl is None. * Change the Fernet's explicit current time API slightly This's been suggested in code review. * Fix a typo * Fix a typo * Restore full MultiFernet test coverage and fix a typo * Restore more coverage time.time() is not called by MultiFernet.rotate() anymore so the monkey patching and lambda need to go, because the patched function is not used and coverage calculation will rightfully notice it. * Remove an unused import * Document when the *_at_time Fernet methods were added
* Consistently use 'self' in backend.py (#5261)Marko Kreen2020-05-271-6/+6
| | | | There happens to be global var named 'backend' so backend._lib works, but is confusing.
* Cleanup serialize (#5149)Marko Kreen2020-05-2510-189/+104
| | | | | | | | | | | | | | * Additional tests for public/private_bytes They expose few places that raise TypeError and AssertionError! before, and ValueError later. * Cleanup of private_bytes() backend Also pass key itself down to backend. * Cleanup of public_bytes() backend * Test handling of unsupported key type
* Deprecate support for Python 2 (#5251)Alex Gaynor2020-05-161-0/+12
|
* GOST certificates support in cryptography (#5195)Nikolay Morozov2020-05-081-0/+25
|
* Added wycheproof RSA PKCSv1 encryption tests (#5234)Alex Gaynor2020-04-261-0/+1
|
* Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still ↵Alex Gaynor2020-04-252-21/+0
| | | | supported) (#5231)
* add SSL_CTX_(get|set)_keylog_callback (#5187)Maximilian Hils2020-04-111-0/+8
| | | | | | | * add SSL_CTX_(get|set)_keylog_callback * For travis Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* See if we can remove an OpenSSL 1.0.1 workaround (#5184)Alex Gaynor2020-04-061-8/+0
|
* Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182)Alex Gaynor2020-04-052-16/+1
|
* Replace floating point arithmetic with integer arithmetic (#5181)Torin Carey2020-04-042-5/+2
|
* Drop support for OpenSSL 1.0.1 (#5178)Alex Gaynor2020-04-047-149/+10
|
* reopen master for 3.0 dev (#5175)Paul Kehrer2020-04-021-1/+1
|
* 2.9 version and changelog bump (#5172)Paul Kehrer2020-04-021-1/+1
|
* Fixed error message in AES-CCM data length validation to reflect the error ↵Maciej Jurczak2020-03-281-1/+1
| | | | reason more accurately. (#5157)
* Allow NameAttribute.value to be an empty string (#5109)Andrea De Pasquale2020-03-191-3/+3
| | | | | | | | | | | | * Allow NameAttribute.value to be an empty string RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that "AttributeValue" can not be an empty (zero-length) string. Fixes #5106 * reverse order to match fix from another PR Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120)Thomas Erbesdobler2020-03-021-4/+8
| | | | RFC4514 requires in section 2.1 that RDNs are converted to string representation in reversed order.
* Use literals for collections and comprehensions. (#5091)Mads Jensen2020-01-123-4/+4
|
* Use dict literals. (#5080)Mads Jensen2019-12-021-1/+1
|
* Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't ↵Alex Gaynor2019-11-251-0/+9
| | | | | | | | have RC2 (#5072) * Refs #5065 -- have a CI job with OpenSSL built with no-rc2 * Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2
* add SSL_CTX_get0_param (#5070)Maximilian Hils2019-11-221-0/+1
|
* Parse single_extensions in OCSP responses (#5059)Paul Kehrer2019-11-113-1/+25
| | | | | | | | | | | | * add single_extensions to OCSPResponse (#4753) * new vector, updateed docs, more stringent parser, changelog, etc * simplify PR (no SCT for now) * add a comment * finish pulling out the sct stuff so tests might actually run
* Let Oid enforce positive decimal integers (#5053)Noel Remy2019-11-101-1/+6
| | | | | | Failing that would lead to an OpenSSL error when calling OBJ_txt2obj at serialization. Adds basic tests for oids.
* Deal with the 2.5 deprecations (#5048)Alex Gaynor2019-11-034-19/+5
| | | | | | | | | | | | * Deal with the 2.5 deprecations * pep8 + test fixes * docs typo * Why did I do this? * typo
* Don't bother computing y coefficient in _modinv (#5037)Clayton Smith2019-10-291-3/+3
|
* Fixes #5018 -- break users on OpenSSL 1.0.1 (#5022)Alex Gaynor2019-10-181-6/+14
| | | | | | | | | | | | * Fixes #5018 -- break users on OpenSSL 1.0.1 * Grammar * Syntax error * Missing import * Missing import
* reopen master for the 2.9 release (#5017)Paul Kehrer2019-10-171-1/+1
|
* Bump versions for 2.8 release (#5014)2.8Alex Gaynor2019-10-171-2/+2
|
View Lorry Controller Status