summaryrefslogtreecommitdiff
path: root/src/cryptography
Commit message (Collapse)AuthorAgeFilesLines
* support parsing bitstring values in DNs (#6629)Paul Kehrer2021-11-281-6/+21
| | | | | | | | | | | * support bitstring values in DNs parsing is limited to x500UniqueIdentifier only * Update src/cryptography/x509/name.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Remove read_only_property and precisely type all these getters (#6668)Alex Gaynor2021-11-297-17/+33
| | | | | | | * Remove read_only_property and precisely type all these getters * flake8 * unused
* closes #6663 -- deprecate openssl 1.1.0 support (#6667)Alex Gaynor2021-11-282-0/+18
|
* Drop supported for older LibreSSL (#6660)Alex Gaynor2021-11-263-36/+14
| | | | | | | | | | | | | * Drop supported for older LibreSSL 3.1 covers the oldest version used by versions of Alpine and OpenBSD that are supported by their upstreams. * Remove tests that are now unused * Update CHANGELOG.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Finally remove deprecated int_from_bytes (#6652)Alex Gaynor2021-11-251-9/+0
|
* Reopen main for the 37.0.0 release (#6645)Alex Gaynor2021-11-211-1/+1
|
* Bump for 36.0.0 release (#6643)36.0.0Alex Gaynor2021-11-221-1/+1
|
* Final polish on removing backends from places they aren't required (#6644)Alex Gaynor2021-11-222-28/+8
|
* allow parsing of nonstandard country name and jurisdiction country name (#6641)Paul Kehrer2021-11-211-2/+15
| | | | | | The spec requires both of these to be exactly two characters to correspond with ISO country codes. Reality is sometimes messier, so this allows parsing (but not encoding) of this invalid data. Parsing will raise a UserWarning if incorrect lengths are detected.
* remind people we're going to remove verifier/signer (#6640)Paul Kehrer2021-11-211-2/+3
|
* Remove unused attributes (#6631)Alex Gaynor2021-11-211-2/+0
|
* more typing (#6616)Paul Kehrer2021-11-171-3/+13
|
* OCB3 support (#6607)Paul Kehrer2021-11-142-3/+82
| | | | | * OCB3 support in aead package * improve comment
* support attributes on csrs with an iterable (#6603)Paul Kehrer2021-11-143-2/+77
|
* add one more engine binding (#6599)Paul Kehrer2021-11-121-0/+1
| | | we don't support these but advanced users may make use of them
* skip pkcs7 tests on boring (#6591)Paul Kehrer2021-11-121-0/+3
| | | | | * skip pkcs7 tests on boring * make it work
* Allow to serialize extension values as DER bytes strings (#6346)Felix Fontein2021-11-122-0/+96
| | | | | * Allow to serialize extension values as DER bytes string. * Prepare test for SignedCertificateTimestamps.
* x509 tests for boring (#6590)Paul Kehrer2021-11-122-6/+7
|
* Run tests/hazmat/backends/ under BoringSSL (#6588)Alex Gaynor2021-11-121-0/+3
| | | Refs #6576
* Run tests/primitives/ (minus a few files) on BoringSSL (#6584)Alex Gaynor2021-11-111-2/+7
|
* Run tests/wycheproof/ on BoringSSL (#6583)Alex Gaynor2021-11-122-2/+14
|
* Simplify how we test boring, in a way that'll be extensible to the future ↵Alex Gaynor2021-11-101-5/+11
| | | | | | | | | (#6575) * Simplify how we test boring, in a way that'll be extensible to the future * Break out what we ignore * Get fernet tests passing on boringssl
* allow x25519/x448 public keys in certificatebuilder (#6562)Paul Kehrer2021-11-072-5/+22
| | | | also document that we can return these key types in a certificate, although they can't be self-signed of course
* Begin building with BoringSSL in our CI, no tests yet (#6554)Alex Gaynor2021-11-071-0/+39
| | | | | | | | | | | | | | | * Attempt to build against BoringSSL in CI * Check for BoringSSL in the SSL bindings * Check for BoringSSL in the err bindings * Check for BoringSSL in the pkcs7 bindings * Check for BoringSSL in the bignum bindings * Check for BoringSSL in the EVP bindings * Check for BoringSSL in the X.509 verify bindings
* Check for BoringSSL in the SSL bindings (#6553)Alex Gaynor2021-11-061-0/+6
|
* deprecate backend part 14 of...probably 15? (#6534)Paul Kehrer2021-11-034-68/+32
| | | | | | | | * * CMAC * HMAC * * hashes * * keywrap
* deprecate backend part 11 of n (#6530)Paul Kehrer2021-11-031-14/+7
| | | cipher class
* deprecate backend part 9 of n (#6528)Paul Kehrer2021-11-033-59/+68
| | | * DSA, DH, EC converted to ignore backend arg
* deprecate backend part 10 of n (#6529)Paul Kehrer2021-11-034-64/+65
|
* deprecate backend part 8 of n (#6527)Paul Kehrer2021-11-031-21/+15
| | | | | The RSA chapter: * Retype backend args to typing.Any * Stop using _get_backend and directly import
* deprecate backend part 7 of n (#6526)Paul Kehrer2021-11-034-79/+37
| | | | * Move around some code to kill the need for a backend method * Type the backend arg to typing.Any since we just don't care now
* deprecate backend part 12 of n (#6532)Paul Kehrer2021-11-036-121/+43
| | | All the KDFs
* deprecate backend part 13 of n (#6533)Paul Kehrer2021-11-032-25/+6
| | | * OTPs
* handle case where private_value is the point at infinity (#6515)Paul Kehrer2021-11-021-1/+3
| | | Previously we raised InternalError, but now we raise a ValueError
* Allow custom attribute shortnames in rfc4514_string (#6490)Marti Raudsepp2021-11-011-10/+25
| | | | | | | | | | | | | `rfc4514_string()` and related methods now have an optional `attr_name_overrides` parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email address fields as `E` in `rfc4514_string()` methods from version 35.0. The previous behavior can be restored with: `name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})` Expanded documentation of `Name.rfc4514_string`.
* Convert CRL creation to Rust (#6496)Alex Gaynor2021-10-315-284/+6
| | | | | | | | | | | * Convert CRL creation to Rust * fixes * small reflows * Delete all teh code * flake8
* Convert CSR creation to Rust (#6495)Alex Gaynor2021-10-314-104/+10
| | | | | | | | | * Convert CSR creation to Rust * put this back * unused * coverage
* Convert x.509 certificate generation to Rust (#6479)Alex Gaynor2021-10-294-102/+12
| | | | | | | | | | | * Convert x.509 certificate generation to Rust * flake8 * Coverage shenangins * moar hashes * moar hashes
* Attempt to turn FIPS small RSA errors into something useful (#6487)Alex Gaynor2021-10-291-1/+4
| | | | | | | | | * Attempt to turn FIPS small RSA errors into something useful * Black * fix * doh
* add two additional DSA signature algorithm oids & test dsa_with_sha224 (#6483)Paul Kehrer2021-10-261-0/+2
|
* Remove unused SSL bindings (#6473)Alex Gaynor2021-10-251-8/+0
|
* Port OCSP Response generation to Rust (#6460)Alex Gaynor2021-10-253-126/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * xxx * The rest * file * first milestone! * progress * Good progress * Aaaand, tests pass! * linter fixes * moar linting * moar linting * style on that coverage * Flesh this out * reformat * Remove RSA+DSA support, will be added back later * Refactor to avoid todo!() branch * sha384 support * Unused * Suggesting I learn to spell? It's a bold move cotton, let's see how it pays off
* Port OCSPRequest creation to Rust (#6446)Alex Gaynor2021-10-213-30/+7
|
* Complete the migration of extension serialization to Rust! (#6439)Alex Gaynor2021-10-193-159/+5
|
* Port encoding of IssuingDistributionPoint to Rust (#6436)Alex Gaynor2021-10-191-23/+0
|
* rust authoritykeyidentifier support (#6429)Paul Kehrer2021-10-171-25/+0
| | | | | * rust authoritykeyidentifier support * contort ourselves to fix rust coverage
* implement AIA/SIA in rust (#6428)Paul Kehrer2021-10-171-45/+8
|
* rust nameconstraints (#6427)Paul Kehrer2021-10-172-56/+10
| | | | | | | | | | | * rust nameconstraints * remove a todo * remove underscores * clippy * remove ipaddr ossl encode
* port some crl extensions, refactor a bit (#6425)Paul Kehrer2021-10-172-19/+2
| | | | | | | * port some crl extensions, refactor a bit * add a test * black
* Encode general names in rust (#6423)Paul Kehrer2021-10-162-46/+17
| | | | | | | | | | | | | | | * Encode general names in rust Enable SAN/IAN encoding in rust * fmt * simplify * satisfy mypy, review comment * coverage lol * more coverage
View Lorry Controller Status