delta/python-packages/cryptography.git/src/cryptography/x509, branch github-actions-windows

Allow NameAttribute.value to be an empty string (#5109)

2020-03-19T19:23:35+00:00

* Allow NameAttribute.value to be an empty string

RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that
"AttributeValue" can not be an empty (zero-length) string.

Fixes #5106

* reverse order to match fix from another PR

Co-authored-by: Paul Kehrer

Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120)

2020-03-03T02:26:07+00:00

RFC4514 requires in section 2.1 that RDNs are converted to string
representation in reversed order.

Use literals for collections and comprehensions. (#5091)

2020-01-12T22:29:17+00:00

Use dict literals. (#5080)

2019-12-02T14:02:30+00:00

Parse single_extensions in OCSP responses (#5059)

2019-11-11T05:40:11+00:00

* add single_extensions to OCSPResponse (#4753)

* new vector, updateed docs, more stringent parser, changelog, etc

* simplify PR (no SCT for now)

* add a comment

* finish pulling out the sct stuff so tests might actually run

Simplify implementing sequence methods (#4987)

2019-09-09T21:32:59+00:00

* Simplify implementing sequence methods

* flake8

Finish ed25519 and ed448 support in x509 module (#4972)

2019-09-08T23:44:02+00:00

* Support ed25519 in csr/crl creation

* Tests for ed25519/x509

* Support ed448 in crt/csr/crl creation

* Tests for ed448/x509

* Support ed25519/ed448 in OCSPResponseBuilder

* Tests for eddsa in OCSPResponseBuilder

* Builder check missing in create_x509_csr

* Documentation update for ed25519+ed448 in x509

Make DER reader into a context manager (#4957)

2019-07-29T02:58:04+00:00

* Make DER reader into a context manager

* Added another test case

* flake8

Remove asn1crypto dependency (#4941)

2019-07-28T17:06:40+00:00

* Remove non-test dependencies on asn1crypto.

cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.

Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:

  from __future__ import absolute_import, division, print_function
  import timeit

  print(timeit.timeit(
      "decode_dss_signature(sig)",
      setup=r"""
  from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
  sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
  """,
      number=10000))

Python 2.7:
  asn1crypto: 0.25
  _der.py: 0.098

Python 3.5:
  asn1crypto: 0.17
  _der.py: 0.10

* Remove test dependencies on asn1crypto.

The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.

* Add a read_single_element helper function.

The outermost read is a little tedious.

* Address flake8 warnings

* Fix test for long-form vs short-form lengths.

Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.

* Remove support for negative integers.

These never come up in valid signatures. Note, however, this does
change public API.

* Update src/cryptography/hazmat/primitives/asymmetric/utils.py

Co-Authored-By: Alex Gaynor 

* Review comments

* Avoid hardcoding the serialization of NULL in decode_asn1.py too.

ed25519 support in x509 certificate builder (#4937)

2019-07-06T23:01:33+00:00

* ed25519 support in x509 certificate builder

This adds minimal ed25519 support. More to come.

* Apply suggestions from code review

Co-Authored-By: Alex Gaynor