delta/python-packages/cryptography.git/src/cryptography/hazmat/backends, branch github-actions-windows

Use literals for collections and comprehensions. (#5091)

2020-01-12T22:29:17+00:00

Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2 (#5072)

2019-11-24T23:16:14+00:00

* Refs #5065 -- have a CI job with OpenSSL built with no-rc2

* Fixes #5065 -- skip serialization tests which use RC2 if OpenSSL doesn't have RC2

Parse single_extensions in OCSP responses (#5059)

2019-11-11T05:40:11+00:00

* add single_extensions to OCSPResponse (#4753)

* new vector, updateed docs, more stringent parser, changelog, etc

* simplify PR (no SCT for now)

* add a comment

* finish pulling out the sct stuff so tests might actually run

Deal with the 2.5 deprecations (#5048)

2019-11-03T05:47:13+00:00

* Deal with the 2.5 deprecations

* pep8 + test fixes

* docs typo

* Why did I do this?

* typo

UniversalString needs to be encoded as UCS-4 (#5000)

2019-10-17T01:07:56+00:00

update openssls (#4995)

2019-10-16T03:51:09+00:00

* update openssls

* missed one

* what will this do

* only do this check for 1.1.0+

Finish ed25519 and ed448 support in x509 module (#4972)

2019-09-08T23:44:02+00:00

* Support ed25519 in csr/crl creation

* Tests for ed25519/x509

* Support ed448 in crt/csr/crl creation

* Tests for ed448/x509

* Support ed25519/ed448 in OCSPResponseBuilder

* Tests for eddsa in OCSPResponseBuilder

* Builder check missing in create_x509_csr

* Documentation update for ed25519+ed448 in x509

be clear that NoEncryption must be an instance in the exception (#4985)

2019-09-07T13:40:00+00:00

Allow FreshestCRL extension in CRL (#4975)

2019-09-07T07:32:13+00:00

Per RFC5280 it is allowed in both certificates and CRL-s.

Remove asn1crypto dependency (#4941)

2019-07-28T17:06:40+00:00

* Remove non-test dependencies on asn1crypto.

cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.

Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:

  from __future__ import absolute_import, division, print_function
  import timeit

  print(timeit.timeit(
      "decode_dss_signature(sig)",
      setup=r"""
  from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
  sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
  """,
      number=10000))

Python 2.7:
  asn1crypto: 0.25
  _der.py: 0.098

Python 3.5:
  asn1crypto: 0.17
  _der.py: 0.10

* Remove test dependencies on asn1crypto.

The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.

* Add a read_single_element helper function.

The outermost read is a little tedious.

* Address flake8 warnings

* Fix test for long-form vs short-form lengths.

Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.

* Remove support for negative integers.

These never come up in valid signatures. Note, however, this does
change public API.

* Update src/cryptography/hazmat/primitives/asymmetric/utils.py

Co-Authored-By: Alex Gaynor 

* Review comments

* Avoid hardcoding the serialization of NULL in decode_asn1.py too.