delta/python-packages/cryptography.git/tests, branch alex-patch-4 github.com: pyca/cryptography.git Future proofing use of the six python version constants (#4238) 2018-05-15T03:47:57+00:00 Eric Brown ericwb@users.noreply.github.com 2018-05-15T03:47:57+00:00 50bad375f5dd3fbb7c7ea62896e2538dc5734be6 * Future proofing use of the six python version constants After reading [1], noticed that cryptography uses a lot of if six.PY3 blocks. The issue with this is that whenever Python 4 is released, this code in the else block will be executed even though it was only intended for Python 2. [1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/ Signed-off-by: Eric Brown <browne@vmware.com> * Use not PY2 instead 
* Future proofing use of the six python version constants

After reading [1], noticed that cryptography uses a lot of if six.PY3
blocks. The issue with this is that whenever Python 4 is released,
this code in the else block will be executed even though it was
only intended for Python 2.

[1] http://astrofrog.github.io/blog/2016/01/12/stop-writing-python-4-incompatible-code/

Signed-off-by: Eric Brown <browne@vmware.com>

* Use not PY2 instead
Validate the public/private halves of EC keys on import. (#4241) 2018-05-15T02:49:24+00:00 David Benjamin davidben@davidben.net 2018-05-15T02:49:24+00:00 763990efa6c158d8a4dec8d71693665d026588a2 * Validate the public/private halves of EC keys on import. OpenSSL's API is a little finicky. If one sets the public key before the private key, it does not validate that they match. If set in the other order, it does validate this. In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax describes error code 7 as: Result = F (7 - IUT's Static private key d changed-prikey validity) Reordering the two operations makes those tests to fail on key import, which is what CAVP appears to have intended. * Wrap to 79 rather than 80 columns 
* Validate the public/private halves of EC keys on import.

OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.

In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:

  Result = F (7 - IUT's Static private key d changed-prikey validity)

Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.

* Wrap to 79 rather than 80 columns
Add support for extracting timestamp from a Fernet token (#4229) 2018-05-12T15:57:32+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-05-12T15:57:32+00:00 36ad98fd5e4b7358dc2aa903b6d51569bf19c5f8 * Add API for retrieving the seconds-to-expiry for the token, given a TTL. * Process PR feedback: * Do compute the TTL, but just the age of the token. The caller can decided what to do next. * Factored out the HMAC signature verification to a separate function. * Fixed a copy&paste mistake in the test cases * Tests cleanup. * `struct` no longer needed * Document `def age()` * typo in `age()` documentation * token, not data * remove test for TTL expiry that is already covered by the parameterized `test_invalid()`. * let's call this extract_timestamp and just return timestamp * review comments * it's UNIX I know this 
* Add API for retrieving the seconds-to-expiry for the token, given a TTL.

* Process PR feedback:

* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.

* Factored out the HMAC signature verification to a separate function.

* Fixed a copy&paste mistake in the test cases

* Tests cleanup.

* `struct` no longer needed

* Document `def age()`

* typo in `age()` documentation

* token, not data

* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.

* let's call this extract_timestamp and just return timestamp

* review comments

* it's UNIX I know this
Raise ve on bad gt (#4180) 2018-04-03T23:24:06+00:00 Joshua Crowgey jcrowgey@u.washington.edu 2018-04-03T23:24:06+00:00 25f2b4e2edc9a162d3d9ecbd9f26e25da4848735 * Raise a ValueError when conversion to generalizedtime fails * added test for badasn1time value error * pep8 compliance * Addressing code review + VE now raises with ```{!r}``` formatting + Test now checks that the bad string made it into the VE message * using ValueError.match 
* Raise a ValueError when conversion to generalizedtime fails

* added test for badasn1time value error

* pep8 compliance

* Addressing code review

+ VE now raises with ```{!r}``` formatting
+ Test now checks that the bad string made it into the VE message

* using ValueError.match
fix bug with n % 8 length wrapping on AESKWP (#4160) 2018-03-20T17:33:57+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-03-20T17:33:57+00:00 f903da081b3eac3bc84a2e596591e7e634c3355d * fix bug with n % 8 length wrapping on AESKWP * review feedback 
* fix bug with n % 8 length wrapping on AESKWP

* review feedback
Revert "don't allow GeneralNames to be an empty list (#4128)" (#4161) 2018-03-20T17:12:13+00:00 Alex Gaynor alex.gaynor@gmail.com 2018-03-20T17:12:13+00:00 79748a9e84b8084559e9a2794ed2d88e05259611 This breaks the urllib3 tests, as well as several in-the-wild certs This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8. 
This breaks the urllib3 tests, as well as several in-the-wild certs

This reverts commit 388d1bd3e9cd953fcc948edbc152d5d140c87eb8.
 implement AES KW with padding (RFC 5649) (#3880) 2018-03-19T02:06:13+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-03-19T02:06:13+00:00 cd6cf4aa7567ec7e870c19eeb5c200d8bf133ed9 * implement AES KW with padding (RFC 5649) fixes #3791 * oops, 2.2 * make sure this is the right valueerror * more match * make key padding easier to read * review feedback * review feedback 
* implement AES KW with padding (RFC 5649)

fixes #3791

* oops, 2.2

* make sure this is the right valueerror

* more match

* make key padding easier to read

* review feedback

* review feedback
Allow DSA q=224 (#4147) 2018-03-18T14:12:14+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-03-18T14:12:14+00:00 47a66f19bd5bc9fb32d34eb1bcb80da297f0d6c0 * load Q=224 vectors * DSA parameters should support 224 for q length * oxford comma 
* load Q=224 vectors

* DSA parameters should support 224 for q length

* oxford comma
Brainpool curves (#4129) 2018-03-15T17:35:10+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-03-15T17:35:10+00:00 17c8f126c7c7d5ce886112a6e924277a7b203f25 * added brainpool ec-curves key_length >= 256bit * limit brainpool curves to the set that appear required + docs * oops * typos all around me * add brainpool ECDH kex tests * switch to using rfc 7027 vectors * review feedback * empty commits are the best 
* added brainpool ec-curves key_length >= 256bit

* limit brainpool curves to the set that appear required + docs

* oops

* typos all around me

* add brainpool ECDH kex tests

* switch to using rfc 7027 vectors

* review feedback

* empty commits are the best
don't allow GeneralNames to be an empty list (#4128) 2018-03-05T15:36:08+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2018-03-05T15:36:08+00:00 388d1bd3e9cd953fcc948edbc152d5d140c87eb8 * don't allow GeneralNames to be an empty list * flake8 
* don't allow GeneralNames to be an empty list

* flake8