| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* switch to xdist in tox for faster runs
* not using auto to avoid too many processes on local laptops
* we need to use pytest-cov to generate coverage properly now
* these env vars aren't present on no coverage builds
* tox changes
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* we already do this check in other places
This test is *incredibly* expensive and we already do roundtrips like
this on other DH groups. To make this test less expensive and also more
accurate to its name we now verify that the parameters on the generated
key match
* empty commit
the most important CI feature
|
| |
|
|
|
|
|
| |
* subtests ec
* continue instead of return
* indentation
|
| |
|
|
|
|
|
| |
* remove AES tests we will always skip
* constrain <64-bit IV vector removal to just GCM
* apparently this is only used by GCM
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* Drop Python 2
* Black everything
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove Python2 from CI and code that branched on it
* Update setup.py
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* remove
* review feedback
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
| |
|
| |
* Fixed DH tests for latest CentOS FIPS OpenSSL (1.1.1g)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed unused argument.
* Added support for RSA signature recovery.
* Syntatic corrections for passing pep8 tests.
* Corrected typo.
* Added test of invalid Prehashed parameter to RSA signature recover.
* Renamed recover to a more descriptive name.
* Extended RSA signature recovery with option to return full data (not
only the digest part).
* Added missing words to pass spell check.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disallow p less than 512-bit on DH
OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere
that's practical for us. (Note that we do not enforce on deserializing
PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the
3.0.0 support branch we can test an error path)
* missing test
* black
* _MIN_MODULUS_SIZE is now a thing
* skip on fips
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Reduce granularity of error msging when deserializing keys
In OpenSSL 3.0 it is no longer possible to determine whether the reason
a key failed to deserialize is because of an unsupported cipher. Since
we want to be more resilient to OpenSSL error code instability we'll
just remove these paths.
* black
* changelog and update docs
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* GCM IV size limits
OpenSSL 3.0.0 is going to enforce these size limits so we might as well
put them in now.
* fix the tests
* black
* these cases can't happen if we're limiting IV size already
|
| |
|
|
|
| |
This change allows future's newbytes class to be padded again.
Fixes https://github.com/pyca/cryptography/issues/5547.
|
| | |
|
| | |
|
| |
|
|
|
| |
* move blinding to __init__ on both RSA public and private
* change signature to guarantee this test is testing what we think
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* allow additional certificates to be added to a pkcs7
* be more verbose about what these additional certs might be used for
* missing test
|
| |
|
|
|
|
|
|
| |
* PKCS7SignatureBuilder now supports three serializations
PEM, DER, and SMIME. SMIME embeds the S/MIME headers and has the
detached signature concept.
* thanks libre
|
| |
|
|
|
| |
* migrate smime builder to pkcs7 module and rename
* missed a rename
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* smime signer support
* fix ed25519 check
* change some wording
* python 2.7...
* review feedback
* s/secure/signed
* do some verification in the tests
* review feedback
* doc return value
|
| |
|
|
| |
this doesn't improve efficiency in any way (copies galore!), but it does
make it consistent between a cipher context and a padding context
|
| |
|
| |
fixes #5432
|
| | |
|
| |
|
|
|
|
|
| |
* chunked update_into
* all pointer arithmetic all the time
* review feedback
|
| |
|
|
|
|
|
| |
* be consistent in our testing
we don't use default_backend this way in our tests
* more black
|
| |
|
|
|
| |
* fixes #4706 -- don't internal error on corrupt private key
* Temporary disable paramiko
|
| | |
|
| |
|
|
|
|
|
| |
* separate these into two test files
AES-GCM is so painful in collection that I want it in another file
* fix flake8
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* support PKCS7 certificate parsing
* refcounts are different in 1.0.2
* rename the functions
* black
* empty commit
* review feedback
|
| | |
|
| |
|
|
|
|
|
| |
X509 signing for RSA keys that are too small. Let's just say signing
failed and attach the more specific problem as the error stack. A bit
uglier, but far more generic and stable to OpenSSL/LibreSSL/BoringSSL
Also be a bit more generic for OCSP signing
|
| |
|
| |
the quest to stop using unstable openssl error codes continues
|
| |
|
|
|
| |
* remove idna support finally
* remove unused import
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test FIPS mode on centos8
* remove branch we don't take
* simpler
* better comment
* rename
* revert some things that don't matter
* small cleanups
|
