summaryrefslogtreecommitdiff
path: root/vectors
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup how we represent authors. (#5650)Alex Gaynor2020-12-151-1/+1
| | | AUTHORS.rst had not been updated in more than 2 years, it was not a good reference.
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-093-6/+0
|
* Switch black to py36 as the minimum version (#5608)Alex Gaynor2020-12-081-1/+1
|
* Reopen master for 3.4 (#5605)Alex Gaynor2020-12-081-1/+1
|
* Prepare for 3.3 release (#5603)3.3Alex Gaynor2020-12-081-1/+1
|
* disallow p less than 512-bit on DH (#5592)Paul Kehrer2020-11-291-0/+4
| | | | | | | | | | | | | | | | * disallow p less than 512-bit on DH OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere that's practical for us. (Note that we do not enforce on deserializing PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the 3.0.0 support branch we can test an error path) * missing test * black * _MIN_MODULUS_SIZE is now a thing * skip on fips
* Reopen master for 3.3 (#5509)Alex Gaynor2020-10-251-2/+2
| | | | | * Reopen master for 3.3 * its how you know its authentic alex gaynor code
* 3.2 release (#5508)3.2Paul Kehrer2020-10-251-1/+1
|
* add RSA 4096-bit self-signed CA for some upcoming tests (#5464)Paul Kehrer2020-09-142-0/+80
|
* Account for Bruce redoing his website or something (#5461)Alex Gaynor2020-09-134-4/+4
|
* bump version for 3.2 dev (#5431)Paul Kehrer2020-08-271-1/+1
|
* 3.1 release (#5430)3.1Paul Kehrer2020-08-271-1/+1
|
* add basic PKCS7 test vectors (#5370)Paul Kehrer2020-08-023-0/+124
|
* 3.1 time (#5330)Paul Kehrer2020-07-201-1/+1
|
* prep 3.0 for release (#5327)3.0Paul Kehrer2020-07-201-1/+1
| | | | | * prep 3.0 for release * okay then
* Paint it Black by the Rolling Stones (#5324)Alex Gaynor2020-07-203-10/+26
|
* raise a valueerror on multi-SINGLERESP valued OCSP responses (#5316)Paul Kehrer2020-07-181-0/+0
| | | InternalErrors are bad when we know they're reachable
* Set vectors -x. (#5310)Tristan Seligmann2020-07-1820-0/+0
|
* support 4096 bit DSA parsing from numbers classes (#5301)Paul Kehrer2020-07-051-0/+36
| | | | | | | | | * support 4096 bit DSA parsing from numbers classes * need to get local linting fixed. * reorder * add a link to more reasons why DSA sucks
* add unstructured name x509 csr attribute vector (#5302)Paul Kehrer2020-07-051-0/+17
| | | | | | | | | * add unstructured name x509 csr attribute vector * Update docs/development/test-vectors.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* invalid challenge value csr (#5300)Paul Kehrer2020-07-051-0/+0
|
* add SubjectInformationAccess extension support (#5295)Paul Kehrer2020-07-021-0/+18
| | | | | * add SubjectInformationAccess extension support * fixes
* Fix up crl_delta_crl_indicator.pem. (#5283)David Benjamin2020-06-241-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CRL is missing a CRL number and should mark the delta CRL extension as critical. RFC 5280 says the following: Section 5.2.3: > CRL issuers conforming to this profile MUST include this extension > [CRL number] in all CRLs and MUST mark this extension as > non-critical. Section 5.2.4: > The delta CRL indicator is a critical CRL extension that identifies a > CRL as being a delta CRL. > When a conforming CRL issuer generates a delta CRL, the delta CRL > MUST include a critical delta CRL indicator extension. Sadly, RFC 5280 is often unclear about the difference between issuer requirements and verifier requirements, but test certificates should conform to issuer requirements where possible, in case the underly library becomes stricter. Section 5.2.4 includes further text which implies a delta CRL without a CRL number is unusable for a verifier anyway: > A complete CRL and a delta CRL MAY be combined if the following four > conditions are satisfied: > > [...] > > (d) The CRL number of the complete CRL is less than the CRL number > of the delta CRL. That is, the delta CRL follows the complete > CRL in the numbering sequence. Note I have not updated the signature in crl_delta_crl_indicator.pem. The test does not care, and it is unclear which key to sign it with.
* Test vectors for OpenSSH serialization format (#5151)Marko Kreen2020-05-2521-0/+207
|
* reopen master for 3.0 dev (#5175)Paul Kehrer2020-04-021-1/+1
|
* 2.9 version and changelog bump (#5172)Paul Kehrer2020-04-021-1/+1
|
* Added a test vector of an OCSP response with SCT extension (#5066)Alex Gaynor2019-11-161-0/+0
|
* Parse single_extensions in OCSP responses (#5059)Paul Kehrer2019-11-111-0/+0
| | | | | | | | | | | | * add single_extensions to OCSPResponse (#4753) * new vector, updateed docs, more stringent parser, changelog, etc * simplify PR (no SCT for now) * add a comment * finish pulling out the sct stuff so tests might actually run
* reopen master for the 2.9 release (#5017)Paul Kehrer2019-10-171-1/+1
|
* Bump versions for 2.8 release (#5014)2.8Alex Gaynor2019-10-171-2/+2
|
* Finish ed25519 and ed448 support in x509 module (#4972)Marko Kreen2019-09-092-0/+25
| | | | | | | | | | | | | | | | | | * Support ed25519 in csr/crl creation * Tests for ed25519/x509 * Support ed448 in crt/csr/crl creation * Tests for ed448/x509 * Support ed25519/ed448 in OCSPResponseBuilder * Tests for eddsa in OCSPResponseBuilder * Builder check missing in create_x509_csr * Documentation update for ed25519+ed448 in x509
* fix coverage by adding two artificial DSA public keys (#4984)Paul Kehrer2019-09-062-0/+0
| | | | | | | | | | * fix coverage by adding two artificial DSA public keys One key removes the optional parameters from the structure to cover a branch conditional, and the other key has its BITSTRING padding value set to a non-zero value. * lexicographic? never heard of it
* add x509 CSR with challenge password (#4942)Paul Kehrer2019-07-091-0/+16
|
* more ed25519 vectors, better description of RFC 8410 vector (#4936)Paul Kehrer2019-07-063-0/+23
| | | | | | | | * more ed25519 vectors, better description of RFC 8410 vector * typo * oops, doc'd wrong
* add ed25519ph x509 test vector (#4933)Paul Kehrer2019-07-031-0/+9
|
* reopen master for 2.8 (#4906)Paul Kehrer2019-05-301-1/+1
| | | | | | | | * reopen master for 2.8 also add the missing changelog * sigh, empty commit to trigger azure pipelines
* bump for 2.7 release (#4903)2.7Paul Kehrer2019-05-301-1/+1
|
* add RSA PSS certificate (#4865)Paul Kehrer2019-05-041-0/+20
| | | | | | * add RSA PSS certificate * i still maintain that 257 is slightly better than 256
* Refs #4830 -- added a vector of an x.509 certificate with a negative … (#4842)Alex Gaynor2019-04-131-0/+25
| | | | | | * Refs #4830 -- added a vector of an x.509 certificate with a negative serial number * Line wrap
* add poly1305 test vectors from rfc 7539 (#4800)Paul Kehrer2019-03-071-0/+56
|
* Reopen master for 2.7 (#4788)Alex Gaynor2019-02-281-1/+1
|
* 2.6.1 release with fixed wheels (#4792)2.6.1Alex Gaynor2019-02-281-1/+1
|
* bump version and update changelog for 2.6 release (#4787)2.6Paul Kehrer2019-02-271-1/+1
| | | | | | * bump version and update changelog for 2.6 release * 1.1.1b wheels for 2.6
* add ed25519 PKCS8 and subjectPublicKeyInfo vectors (#4719)Paul Kehrer2019-02-206-0/+12
| | | | | | * add ed25519 PKCS8 and subjectPublicKeyInfo vectors * line length fix
* add ed448 PKCS8 and subjectPublicKeyInfo vectors (#4718)Paul Kehrer2019-02-206-0/+14
|
* Rename [wheel] section to [bdist_wheel] as the former is legacy (#4743)Jon Dufresne2019-02-031-1/+1
| | | | | | | For additional details, see: https://github.com/pypa/wheel/blob/3dc261abc98a5e43bc7fcf5783d080aaf8f9f0cf/wheel/bdist_wheel.py#L127-L133 http://pythonwheels.com/
* reopen master for 2.6 work (#4730)Paul Kehrer2019-01-221-1/+1
|
* changelog and version bump for 2.5 (#4729)2.5Paul Kehrer2019-01-221-1/+1
|
* add x25519 pkcs8/subjectpublickeyinfo vectors (#4685)Paul Kehrer2019-01-136-0/+12
|
* add signature_hash_algorithm to OCSPResponse (#4681)Paul Kehrer2019-01-101-0/+0
| | | | | | * add signature_hash_algorithm to OCSPResponse * fix pointless asserts
View Lorry Controller Status