summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* CT: `extensions` -> `extension_bytes` (#7238)William Woodruff2022-05-192-6/+6
| | | Signed-off-by: William Woodruff <william@trailofbits.com>
* CT: add `SignedCertificateTimestamp.extensions` (#7237)William Woodruff2022-05-202-2/+15
| | | Signed-off-by: William Woodruff <william@trailofbits.com>
* x509: fix SignedCertificateTimestamp interface (#7235)William Woodruff2022-05-181-1/+1
| | | | | This didn't get renamed correctly in the last PR. Signed-off-by: William Woodruff <william@yossarian.net>
* Bump syn from 1.0.94 to 1.0.95 in /src/rust (#7229)dependabot[bot]2022-05-171-9/+3
| | | | | | | | | | | | | | | | Bumps [syn](https://github.com/dtolnay/syn) from 1.0.94 to 1.0.95. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/1.0.94...1.0.95) --- updated-dependencies: - dependency-name: syn dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump libc from 0.2.125 to 0.2.126 in /src/rust (#7228)dependabot[bot]2022-05-171-2/+2
| | | | | | | | | | | | | | | | Bumps [libc](https://github.com/rust-lang/libc) from 0.2.125 to 0.2.126. - [Release notes](https://github.com/rust-lang/libc/releases) - [Commits](https://github.com/rust-lang/libc/compare/0.2.125...0.2.126) --- updated-dependencies: - dependency-name: libc dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump proc-macro2 from 1.0.38 to 1.0.39 in /src/rust (#7227)dependabot[bot]2022-05-171-3/+9
| | | | | | | | | | | | | | | | Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.38 to 1.0.39. - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.38...1.0.39) --- updated-dependencies: - dependency-name: proc-macro2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* x509/CT: expose more SCT internals (#7207)William Woodruff2022-05-132-3/+212
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * WIP * x509: remove TBS work for now Signed-off-by: William Woodruff <william@yossarian.net> * CT: flake8 Signed-off-by: William Woodruff <william@yossarian.net> * CT: remove TODO, add links Signed-off-by: William Woodruff <william@yossarian.net> * CT/SCT: strong enums for HashAlgorithm and SignatureAlgorithm Signed-off-by: William Woodruff <william@yossarian.net> * tests: add SCT hash/signature algorithm tests Signed-off-by: William Woodruff <william@yossarian.net> * tests: fix SignatureAlgorithm test, add signature contents test Signed-off-by: William Woodruff <william@yossarian.net> * rust: unit tests for {Hash,Signature}Algorithm Signed-off-by: William Woodruff <william@yossarian.net> * x509/sct: code coverage shenanigans Signed-off-by: William Woodruff <william@yossarian.net> * asn1, sct: pesky coverage Signed-off-by: William Woodruff <william@yossarian.net> * x509/sct: simplify parsing Signed-off-by: William Woodruff <william@yossarian.net> * docs: document new SCT APIs Signed-off-by: William Woodruff <william@yossarian.net> * docs: add refs to RFC 5246 Signed-off-by: William Woodruff <william@yossarian.net> * SCT: forbid nonsense hash and signature algos No tests, yet. Signed-off-by: William Woodruff <william@yossarian.net> * tests: add invalid hash/sig algo tests Signed-off-by: William Woodruff <william@yossarian.net> * sct: remove ToAttr trait Inline impl into each struct's impl. Signed-off-by: William Woodruff <william@yossarian.net> * sct: remove invalid hash/sig variants These should never appear in the context of SCTs. Signed-off-by: William Woodruff <william@yossarian.net> * sct: collapse matches Handle invalid/unknown variants together. Signed-off-by: William Woodruff <william@yossarian.net> * tests: update SCT tests Signed-off-by: William Woodruff <william@yossarian.net> * sct: add a TODO Signed-off-by: William Woodruff <william@yossarian.net> * sct: return a primitives.hashes object instead of a custom enum Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Alex Cameron <asc@tetsuo.sh>
* Bump syn from 1.0.93 to 1.0.94 in /src/rust (#7218)dependabot[bot]2022-05-131-2/+2
| | | | | | | | | | | | | | | | Bumps [syn](https://github.com/dtolnay/syn) from 1.0.93 to 1.0.94. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/1.0.93...1.0.94) --- updated-dependencies: - dependency-name: syn dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add binding for PKCS12_set_mac (#7217)Paul Kehrer2022-05-122-0/+16
| | | | | OpenSSL 3 changed the default MAC to sha256, which is fine and good except Windows Server 2016 can't handle that so we need to build some APIs allowing worse things and name them scary legacy names.
* Bump asn1 from 0.9.0 to 0.9.1 in /src/rust (#7213)dependabot[bot]2022-05-122-5/+5
| | | | | | | | | | | | | | | | Bumps [asn1](https://github.com/alex/rust-asn1) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/alex/rust-asn1/releases) - [Commits](https://github.com/alex/rust-asn1/compare/0.9.0...0.9.1) --- updated-dependencies: - dependency-name: asn1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add SSL_use_* OpenSSL bindings (#7210)Maximilian Hils2022-05-111-0/+2
|
* Bump syn from 1.0.92 to 1.0.93 in /src/rust (#7206)dependabot[bot]2022-05-101-2/+2
| | | | | | | | | | | | | | | | Bumps [syn](https://github.com/dtolnay/syn) from 1.0.92 to 1.0.93. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/1.0.92...1.0.93) --- updated-dependencies: - dependency-name: syn dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump unindent from 0.1.8 to 0.1.9 in /src/rust (#7203)dependabot[bot]2022-05-091-2/+2
| | | | | | | | | | | | | | | | Bumps [unindent](https://github.com/dtolnay/indoc) from 0.1.8 to 0.1.9. - [Release notes](https://github.com/dtolnay/indoc/releases) - [Commits](https://github.com/dtolnay/indoc/compare/0.1.8...0.1.9) --- updated-dependencies: - dependency-name: unindent dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump proc-macro2 from 1.0.37 to 1.0.38 in /src/rust (#7201)dependabot[bot]2022-05-061-2/+2
| | | | | | | | | | | | | | | | Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.37 to 1.0.38. - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.37...1.0.38) --- updated-dependencies: - dependency-name: proc-macro2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump num-traits from 0.2.14 to 0.2.15 in /src/rust (#7185)dependabot[bot]2022-05-031-2/+2
| | | | | | | | | | | | | | | | | Bumps [num-traits](https://github.com/rust-num/num-traits) from 0.2.14 to 0.2.15. - [Release notes](https://github.com/rust-num/num-traits/releases) - [Changelog](https://github.com/rust-num/num-traits/blob/master/RELEASES.md) - [Commits](https://github.com/rust-num/num-traits/compare/num-traits-0.2.14...num-traits-0.2.15) --- updated-dependencies: - dependency-name: num-traits dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Instead of ignoring _openssl with mypy, use a pyi (#7177)Alex Gaynor2022-05-021-0/+8
|
* add a new NID we will use for PKCS12 (#7176)Paul Kehrer2022-05-021-0/+1
|
* Bump unicode-xid from 0.2.2 to 0.2.3 in /src/rust (#7175)dependabot[bot]2022-05-021-2/+2
| | | | | | | | | | | | | | | | Bumps [unicode-xid](https://github.com/unicode-rs/unicode-xid) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/unicode-rs/unicode-xid/releases) - [Commits](https://github.com/unicode-rs/unicode-xid/commits) --- updated-dependencies: - dependency-name: unicode-xid dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump num-integer from 0.1.44 to 0.1.45 in /src/rust (#7173)dependabot[bot]2022-05-021-2/+2
| | | | | | | | | | | | | | | | | Bumps [num-integer](https://github.com/rust-num/num-integer) from 0.1.44 to 0.1.45. - [Release notes](https://github.com/rust-num/num-integer/releases) - [Changelog](https://github.com/rust-num/num-integer/blob/master/RELEASES.md) - [Commits](https://github.com/rust-num/num-integer/compare/num-integer-0.1.44...num-integer-0.1.45) --- updated-dependencies: - dependency-name: num-integer dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump libc from 0.2.124 to 0.2.125 in /src/rust (#7174)dependabot[bot]2022-05-021-2/+2
| | | | | | | | | | | | | | | | Bumps [libc](https://github.com/rust-lang/libc) from 0.2.124 to 0.2.125. - [Release notes](https://github.com/rust-lang/libc/releases) - [Commits](https://github.com/rust-lang/libc/compare/0.2.124...0.2.125) --- updated-dependencies: - dependency-name: libc dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove some dead code (#7171)Alex Gaynor2022-05-022-5/+0
|
* Add license headers to files that need them (#7170)Alex Gaynor2022-05-014-0/+16
|
* Move _CRLREASONFLAGS to be in a sensible place (#7167)Alex Gaynor2022-05-013-19/+12
|
* Allow loading of RSA-PSS public keys (#7162)Paul Kehrer2022-04-301-0/+13
| | | | | | This does not enforce PSS constraints and instead loads them as normal RSA public keys, similar to the support we added for private keys. fixes #4858
* Fixes #7127 -- added attr_name_overrides on from_rfc4514_string (#7160)Alex Gaynor2022-04-301-4/+13
|
* Fixes #6602 -- restore the behavior of strict DER parsing for CSRs (#7159)Alex Gaynor2022-04-301-46/+2
|
* add a a constant for pyOpenSSL with OpenSSL 3 (#7156)Paul Kehrer2022-04-302-0/+20
|
* Migrate ObjectIdentifier to Rust (#7153)Alex Gaynor2022-04-305-72/+96
|
* Move all asn1::ObjectIdentifier to py oid code to a function (#7151)Alex Gaynor2022-04-306-46/+25
|
* Use new ability for OIDs to be consts (#7148)Alex Gaynor2022-04-299-542/+604
| | | | | | | * Use new ability for OIDs to be consts * clippy * clutch
* Update to rust-asn1 0.9.0 (#7145)Alex Gaynor2022-04-2911-90/+89
|
* Allow Fernet decryption to accept string tokens (#7116)Robert Coup2022-04-291-8/+16
| | | | | | | | | | | | | | | | | | | | * tests: better testid generation for fernet vectors Use the vector filename and array index for the pytest id rather than a concatenation of the vector content. eg: `tests/test_fernet.py::TestFernet::test_invalid[invalid.json:2]` * (Multi)Fernet: allow str tokens for decryption Remove some developer friction by allowing string tokens to be passed to Fernet decryption methods. Because a valid token as generated by `Fernet.encrypt()` is url-safe base64-encoded, a non-ASCII token is definitely invalid. The stdlib base64 function already accepts and checks ASCII str values so delegate to that. * Kick CI
* Remove invalid OPENSSL_NO_PSK defined guard (#7146)James Hilliard2022-04-291-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These symbols are not conditional on OPENSSL_NO_PSK in ssl.h SSL_CTX_set_psk_find_session_callback: https://github.com/openssl/openssl/blob/openssl-3.0.2/include/openssl/ssl.h.in#L847 SSL_CTX_set_psk_use_session_callback: https://github.com/openssl/openssl/blob/openssl-3.0.2/include/openssl/ssl.h.in#L850-L851 As such we can not guard the fallback with defined(OPENSSL_NO_PSK) as this will result in redeclaration errors. Fixes: build/temp.linux-sparc64-3.10/_openssl.c:2286:8: error: 'SSL_CTX_set_psk_find_session_callback' redeclared as different kind of symbol 2286 | void (*SSL_CTX_set_psk_find_session_callback)(SSL_CTX *, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from build/temp.linux-sparc64-3.10/_openssl.c:832: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/include/openssl/ssl.h:855:6: note: previous declaration of 'SSL_CTX_set_psk_find_session_callback' was here 855 | void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ build/temp.linux-sparc64-3.10/_openssl.c:2293:8: error: 'SSL_CTX_set_psk_use_session_callback' redeclared as different kind of symbol 2293 | void (*SSL_CTX_set_psk_use_session_callback)(SSL_CTX *, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from build/temp.linux-sparc64-3.10/_openssl.c:832: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/include/openssl/ssl.h:858:6: note: previous declaration of 'SSL_CTX_set_psk_use_session_callback' was here 858 | void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
* Bump syn from 1.0.91 to 1.0.92 in /src/rust (#7141)dependabot[bot]2022-04-291-2/+2
| | | | | | | | | | | | | | | | Bumps [syn](https://github.com/dtolnay/syn) from 1.0.91 to 1.0.92. - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/1.0.91...1.0.92) --- updated-dependencies: - dependency-name: syn dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* restore some bindings for older pyopenssl temporarily (#7136)Paul Kehrer2022-04-275-0/+42
| | | These will be removed again in a future release.
* Fix parsing of priv keys via pub key APIs to error properly in ossl3 (#7132)Paul Kehrer2022-04-271-2/+19
| | | | | | | | In OpenSSL 3.0.x the PEM_read_bio_PUBKEY function will invoke the default password callback if you pass an encrypted private key. This is very, very, very bad as the default callback can trigger an interactive console prompt, which will hang the Python process. We therefore provide our own callback to catch this and error out properly.
* Add typings to default_backend() (#7131)Nicolas Haller2022-04-271-1/+2
| | | This commit adds back a return type for default_backend, so mypy would consider this function typed.
* final deprecation warnings for 1.1.0 (#7123)Paul Kehrer2022-04-261-1/+1
|
* reopen for 38 development (#7118)Paul Kehrer2022-04-261-1/+1
|
* version bump for 37 release (#7085)37.0.0Paul Kehrer2022-04-261-1/+1
|
* Load RSA PSS keys as regular RSA keys (#7112)Paul Kehrer2022-04-263-0/+29
| | | | | | | | | | | * RSA PSS openssl constant * load PSS keys (OpenSSL only) but strip the constraints * empty commit for CI, sigh * review feedback * nit
* Be clear that OpenSSL 1.1.0 is going bye bye (#7108)Alex Gaynor2022-04-221-2/+2
|
* added octet string tag (#7106)Alex Gaynor2022-04-221-0/+1
| | | fixes #7104
* Bump libc from 0.2.123 to 0.2.124 in /src/rust (#7090)dependabot[bot]2022-04-191-2/+2
| | | | | | | | | | | | | | | | Bumps [libc](https://github.com/rust-lang/libc) from 0.2.123 to 0.2.124. - [Release notes](https://github.com/rust-lang/libc/releases) - [Commits](https://github.com/rust-lang/libc/compare/0.2.123...0.2.124) --- updated-dependencies: - dependency-name: libc dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fixes #7081 -- correctly handle escape sequences in RFC4514 strings (#7083)Alex Gaynor2022-04-161-18/+12
| | | | | * fixes #7081 -- correctly handle escape sequences in RFC4514 strings * Fix multi-digit OID arc parsing
* Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)Paul Kehrer2022-04-163-7/+42
| | | | | | | * add PSS auto support for verification * add support for PSS.DIGEST_LENGTH * review comments
* check for invalid keys that RSA_check_key misses (#7080)Paul Kehrer2022-04-162-0/+13
| | | | | | | | | * check for invalid keys that RSA_check_key misses RSA_check_key checks for primality but that fails to catch this case since 2 is prime. Instead we fetch p and q and verify that they are odd and if not reject the key as invalid. * circleci sucks
* Implement a parser for RFC4514 strings (#7055)Alex Gaynor2022-04-161-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | * Initial tests * Implement. Required updating many many tests based on my read of the RFC. Should be reviewed closely. * Fix for py36 * flake8 * Improve coverage on hypothesis test * Remove bad assertion in hypothesis test * Update docs * fix docs * Fixed unicode support * review * docs review
* fix comment for find_in_pem (#7078)Alex Gaynor2022-04-151-2/+2
|
* Update pyo3 to 0.15.2 (#7068)Alex Gaynor2022-04-142-9/+9
|
View Lorry Controller Status