| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed unused argument.
* Added support for RSA signature recovery.
* Syntatic corrections for passing pep8 tests.
* Corrected typo.
* Added test of invalid Prehashed parameter to RSA signature recover.
* Renamed recover to a more descriptive name.
* Extended RSA signature recovery with option to return full data (not
only the digest part).
* Added missing words to pass spell check.
|
| |
|
|
| |
fixes #5379
closes #5483
|
| | |
|
| |
|
|
|
|
|
| |
* Don't build our custom osrandom engine on libressl
As far as I can tell it's never used on LibreSSL -- they're `RAND_bytes` function unconditionally calls `arc4random_buf`
* Update cryptography.py
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disallow p less than 512-bit on DH
OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere
that's practical for us. (Note that we do not enforce on deserializing
PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the
3.0.0 support branch we can test an error path)
* missing test
* black
* _MIN_MODULUS_SIZE is now a thing
* skip on fips
|
| |
|
|
|
| |
In OpenSSL 3.0.0 no error is added in many cases for this path and
since we don't do anything with the error anyway we should just
consume and move on
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Reduce granularity of error msging when deserializing keys
In OpenSSL 3.0 it is no longer possible to determine whether the reason
a key failed to deserialize is because of an unsupported cipher. Since
we want to be more resilient to OpenSSL error code instability we'll
just remove these paths.
* black
* changelog and update docs
|
| |
|
|
| |
In 3.0 these aren't macros so we can't test this way. All our supported
OpenSSLs have these bindings now and LibreSSL does not.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* Fix broken links.
* Shorter lines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* GCM IV size limits
OpenSSL 3.0.0 is going to enforce these size limits so we might as well
put them in now.
* fix the tests
* black
* these cases can't happen if we're limiting IV size already
|
| |
|
|
|
| |
This change allows future's newbytes class to be padded again.
Fixes https://github.com/pyca/cryptography/issues/5547.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* Reopen master for 3.3
* its how you know its authentic alex gaynor code
|
| | |
|
| | |
|
| |
|
|
|
| |
* move blinding to __init__ on both RSA public and private
* change signature to guarantee this test is testing what we think
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* allow additional certificates to be added to a pkcs7
* be more verbose about what these additional certs might be used for
* missing test
|
| |
|
|
|
|
|
|
| |
* PKCS7SignatureBuilder now supports three serializations
PEM, DER, and SMIME. SMIME embeds the S/MIME headers and has the
detached signature concept.
* thanks libre
|
| |
|
|
|
| |
* migrate smime builder to pkcs7 module and rename
* missed a rename
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* smime signer support
* fix ed25519 check
* change some wording
* python 2.7...
* review feedback
* s/secure/signed
* do some verification in the tests
* review feedback
* doc return value
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* add pkcs7/smime bindings
* Update src/_cffi_src/openssl/pkcs7.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Update src/_cffi_src/openssl/pkcs7.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
| |
this doesn't improve efficiency in any way (copies galore!), but it does
make it consistent between a cipher context and a padding context
|
| |
|
|
|
|
|
|
|
| |
* re-add a few engine bindings for advanced users
For users who are capable of compiling cryptography against custom
openssl and properly using these functions this hopefully allows
PKCS11 usage through OpenSSL engines.
* forgot to save my buffer
|
| |
|
| |
This fixes a typo that's been introduced in #5387.
|
| |
|
| |
fixes #5432
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* chunked update_into
* all pointer arithmetic all the time
* review feedback
|
| |
|
|
|
| |
* use _get_backend everywhere
* black
|
| |
|
| |
this will be useful later, i swear
|
| |
|
|
|
|
|
|
|
| |
* move the parser into the backend object
This allows us to generate the list of supported extensions when
instantiating the backend object rather than building multiple parsers
and picking the right one at runtime when parsing the extensions themselves.
* sigh
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* fixes #4706 -- don't internal error on corrupt private key
* Temporary disable paramiko
|
| | |
|
