summaryrefslogtreecommitdiff
path: root/tests/hazmat
Commit message (Collapse)AuthorAgeFilesLines
* Migrate DH to Rust (#8768)Alex Gaynor2023-04-247-41/+49
|
* Convert HMAC to Rust (#8781)Alex Gaynor2023-04-222-1/+5
|
* Convert hashes to Rust (#8775)Alex Gaynor2023-04-211-1/+0
|
* drop libressl 3.5.x support (#8741)Paul Kehrer2023-04-161-2/+1
| | | OpenBSD 7.1 is no longer supported so neither is LibreSSL 3.5.x
* add support for aes256-gcm@openssh.com decryption for SSH keys (#8738)Paul Kehrer2023-04-151-1/+44
| | | | | | | * add support for aes256-gcm@openssh.com decryption for SSH keys * review feedback * skip when bcrypt isn't present
* Remove unused parameter (#8707)Alex Gaynor2023-04-111-10/+0
|
* Convert ed448 to Rust (#8705)Alex Gaynor2023-04-111-0/+3
|
* Convert ed25519 to Rust (#8697)Alex Gaynor2023-04-101-0/+3
|
* Added extra test cases for Ed25519 serialization (#8703)Alex Gaynor2023-04-101-0/+12
|
* support equality checks on all public asymmetric key types (#8700)Paul Kehrer2023-04-108-1/+136
| | | | | * support equality checks on all public asymmetric key types * review feedback
* Upgrade to pyo3 0.18 (#6935)Alex Gaynor2023-03-241-1/+1
| | | | | | | * Upgrade to pyo3 0.16 * Upgrade to pyo3 0.17 * Upgrade to pyo3 0.18
* drop support for openssl < 1.1.1d (#8449)Paul Kehrer2023-03-243-175/+1
| | | | | This removes the OS random engine, which contained the only CPython PSF licensed code in the repository. Accordingly, that license has now been removed.
* Migrate x25519 to use rust-openssl (#7933)Alex Gaynor2023-03-241-1/+46
|
* Added support for handling python buffers in Rust code (#8556)Alex Gaynor2023-03-211-0/+25
| | | This is extra mega cursed, and strictly speaking unsound. It does, however, match the status quo ante, where someone mutating a buffer while its being used in cffi code will basically always be UB.
* Simplify/unify Rust and Python OpenSSL error handling (#8552)Alex Gaynor2023-03-201-2/+1
|
* fix logic for this skip (#8542)Alex Gaynor2023-03-181-1/+1
|
* skip memleak tests on pypy (#8540)Alex Gaynor2023-03-181-2/+4
| | | See: https://github.com/pyca/cryptography/pull/7933#issuecomment-1471865194 + https://foss.heptapod.net/pypy/pypy/-/issues/3905#note_290457 to understand why
* Support handling OpenSSL errors from Rust code (#8530)Alex Gaynor2023-03-161-1/+25
|
* Ressurect the PoC of OpenSSL from Rust (#7164)Alex Gaynor2023-03-151-22/+32
|
* speed up RSA key loading in tests a bit more (#8486)Paul Kehrer2023-03-093-20/+38
|
* refactor PBKDF2HMAC test vectors and skip one test (#8467)Paul Kehrer2023-03-062-32/+20
| | | | The test in question has 2**24 iterations and doesn't represent an interesting edge case in the algorithm, just a high iteration count.
* remove memleak tests for x509 paths that no longer use openssl (#8461)Paul Kehrer2023-03-061-162/+0
|
* double the speed of our rsa tests (#8458)Paul Kehrer2023-03-061-121/+243
| | | | | | | | | | | | | | * double the speed of our rsa tests this both creates a reusable fixture for our most commonly used private keys as well as disables key validation. as always, disabling key validation should not be done unless you never parse untrusted key input. unsurprisingly, our tests are trusted and understood input (and we also continue to have tests where we run check key to verify that it catches corrupt things) * fix typing * explain why we don't use the rsa_key_2048 fixture in the blinding test
* fixes #8298 -- correctly generate content-type header in PKCS#7 SMIME (#8389)Alex Gaynor2023-02-261-5/+20
|
* Enforce max number of SSH certificate principals (#8376)Jake2023-02-231-0/+4
| | | | | | | | | | | | | | | | | | | | * Enforce max number of SSH certificate principals There is an undocumented limit for the maximum number of valid principals accepted by the openssh tooling, as seen at: * https://github.com/openssh/openssh-portable/blob/27267642699342412964aa785b98afd69d952c88/sshkey.h#L108 * https://github.com/openssh/openssh-portable/blob/25c8a2bbcc10c493d27faea57c42a6bf13fa51f2/sshkey.c#L1801 * https://github.com/openssh/openssh-portable/blob/6180b0fa4f7996687678702806257e661fd5931e/ssh-keygen.c#L1833 This change enforces that same restriction as currently a SSH certificate can be generated that is invalid against the default sshd server. Consideration might be given for any non openssh servers that accept openssh certificates, if they exist and want to allow a greater number of principals. Of note, the 256 limit is not found in the spec for SSH certificates as defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys. It instead seems to be arbitrarily chosen by the project as some limit was needed. * Address formatting error. * Comment on valid_prinicpals size limit plus test added. --------- Co-authored-by: Jake <jake@vaultish.com>
* Add shortcut methods for exporting EC keys as raw bytes (#8357)David Buchanan2023-02-224-0/+23
| | | | | | | | | | | | | | | | | * WIP: Add raw export alias method for x25519 keys * Ditto for x448, ed448, ed25519 * Document new private_bytes_raw public_bytes_raw methods * docs: Populate versionadded to be 40 * docs: Fix PublicFormat -> PrivateFormat where applicable * formatting * Update tests for test_pub_priv_bytes_raw in x25519, x448, ed448 (TODO: ed25519) * Add test_pub_priv_bytes_raw test for Ed25519
* fix some binding declarations (#8273)Paul Kehrer2023-02-121-17/+0
| | | | | | | | * fix some binding declarations also adds a comment about why we deliberately incorrectly declare some of them, sigh * it's actually safe to do this since no high bit mode options exist
* fix some pytest warnings (#8245)Paul Kehrer2023-02-081-2/+2
| | | this code will be gone soon, but it's easy enough to fix
* Don't allow update_into to mutate immutable objects (#8230)Alex Gaynor2023-02-071-0/+8
|
* add support for centos9-fips (#8216)Paul Kehrer2023-02-063-45/+52
| | | | | | | | * add support for centos9-fips Requires a variety of new FIPS constraints on our tests, including the addition of rsa_encryption_supported * review comments
* add support for bytes-like objects in data and associated_data in aead ↵Mat2023-02-021-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | algorithms (#8187) * add support for bytes-like objects in data and associated_data in aead algorithms * flake * flake again * rework AESSIV _check_params * flake and 80char columns * associated_data cannot be None in _check_params, set to [] in calling function * Update src/cryptography/hazmat/primitives/ciphers/aead.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * flake fix --------- Co-authored-by: mat gas <none@none.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Remove repeated hex conversion of tag in AES GCM tests (#8126)Alex Gaynor2023-01-241-6/+6
|
* Style fixes for latest ruff (#8120)Alex Gaynor2023-01-234-17/+17
| | | (Also objectively this is better)
* Use the ruff 'pyupgrade' checks (#8104)Alex Gaynor2023-01-205-34/+30
|
* deprecate the rest of DSA support for SSH (#8013)Paul Kehrer2023-01-092-73/+106
| | | | | * deprecate the rest of DSA support for SSH * review comments
* deprecate support for DSA in load_ssh_public_key (#8009)Paul Kehrer2023-01-081-5/+20
| | | | | * deprecate support for DSA in load_ssh_public_key * try to prevent bad things a bit more
* switch to using integers for valid_after/valid_before in SSH certs (#8007)Paul Kehrer2023-01-081-44/+48
| | | | | | | * switch to using integers for valid_after/valid_before in SSH certs * i know this, it's a unix timestamp * one more review nit
* SSHCertificateBuilder (#8004)Paul Kehrer2023-01-081-6/+425
| | | | | | | | | | | * SSHCertificateBuilder This adds support for generating SSH certificates * add deterministic signing tests and valid_for_all_principals * test another edge * one of these two fixes makes no sense
* Use the more modern OpenSSL incantation in tests (#8005)Alex Gaynor2023-01-082-4/+4
|
* support SSH certificate parsing (#7960)Paul Kehrer2023-01-071-0/+229
| | | | | | | | | | | | | * support SSH certificate parsing DSA (deliberately) not supported * make a unified API * Update src/cryptography/hazmat/primitives/serialization/ssh.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* more SSH tests moved to test_ssh (#8001)Paul Kehrer2023-01-062-406/+408
|
* move ssh tests to a new file (#7982)Paul Kehrer2023-01-052-579/+604
|
* Update formatting for new ruff (#7937)Alex Gaynor2022-12-264-8/+8
|
* Switch from flake8 to ruff (#7920)Alex Gaynor2022-12-2139-87/+58
| | | It's more than 60x faster.
* new libressl release (#7911)Alex Gaynor2022-12-201-1/+4
|
* Bump OpenSSL/BoringSSL and adapt for OpenSSL RSA bleichenbacher mitigation ↵Alex Gaynor2022-12-141-2/+3
| | | | | | | | | (#7895) * Bump BoringSSL and/or OpenSSL in CI * Attempt to work-around wycheproof tests Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
* Update invalid EC key test for compatibility with upcoming OpenSSL changes ↵Nicola Tuveri2022-11-271-1/+3
| | | | | | | | | | | | (#7833) One of the tests checking behavior with invalid EC keys hardcoded the error reason. This commit replaces the string matching with a regex to match both the current string and a new reason, introduced by upcoming OpenSSL changes [0], which would otherwise trigger a false positive failure. [0]: https://github.com/openssl/openssl/pull/19681
* Clear out some dead code from the OS random engine, now that macOS 10.12 is ↵Alex Gaynor2022-11-161-1/+1
| | | | our minimum (#7813)
* Test against OpenSSL master in CI (#7770)Alex Gaynor2022-11-041-1/+1
| | | | | | | * Test against OpenSSL master in CI A future PR will incorporate automatic revision bumping into our CI * Sigh, increase this....
* remove memleak tests that no longer exercise openssl code (#7740)Alex Gaynor2022-10-231-46/+0
| | | tests that _create_ x509 structures are left, since they at least exercise signing code
View Lorry Controller Status