summaryrefslogtreecommitdiff
path: root/src/cryptography
Commit message (Collapse)AuthorAgeFilesLines
* Cleanup how we represent authors. (#5650)Alex Gaynor2020-12-151-1/+1
| | | AUTHORS.rst had not been updated in more than 2 years, it was not a good reference.
* Update APIs to use non-deprecated OpenSSL ones where possible (#5633)Alex Gaynor2020-12-103-7/+7
| | | cherry picked from #4920
* Complete removal of py2 (#5533)Alex Gaynor2020-12-0933-263/+126
| | | | | * Drop Python 2 * Black everything
* we didn't actually commit the final doc fixes for the recover PR (#5614)Paul Kehrer2020-12-091-1/+1
|
* Remove utils.int_from_bytes (#5609)Alex Gaynor2020-12-095-10/+15
|
* Remove __future__ import from our code (#5610)Alex Gaynor2020-12-0983-94/+0
|
* Switch black to py36 as the minimum version (#5608)Alex Gaynor2020-12-083-7/+7
|
* Remove Python2 from CI and code that branched on it (#5607)Alex Gaynor2020-12-087-109/+25
| | | | | | | | | | | | | * Remove Python2 from CI and code that branched on it * Update setup.py Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com> * remove * review feedback Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* Reopen master for 3.4 (#5605)Alex Gaynor2020-12-081-1/+1
|
* Prepare for 3.3 release (#5603)3.3Alex Gaynor2020-12-081-1/+1
|
* Add support for RSA signature recovery (#5573)Zoltan Kelemen2020-12-073-12/+70
| | | | | | | | | | | | | | | | | | * Removed unused argument. * Added support for RSA signature recovery. * Syntatic corrections for passing pep8 tests. * Corrected typo. * Added test of invalid Prehashed parameter to RSA signature recover. * Renamed recover to a more descriptive name. * Extended RSA signature recovery with option to return full data (not only the digest part). * Added missing words to pass spell check.
* Added tls bindings for new OpenSSL APIs (#5595)Alex Gaynor2020-12-011-0/+10
| | | | fixes #5379 closes #5483
* fixes #4531 -- support encoding SCTs in certificates (#5594)Alex Gaynor2020-11-302-3/+17
|
* disallow p less than 512-bit on DH (#5592)Paul Kehrer2020-11-292-2/+15
| | | | | | | | | | | | | | | | * disallow p less than 512-bit on DH OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere that's practical for us. (Note that we do not enforce on deserializing PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the 3.0.0 support branch we can test an error path) * missing test * black * _MIN_MODULUS_SIZE is now a thing * skip on fips
* don't require errors to be on the stack when loading a key (#5590)Paul Kehrer2020-11-261-2/+1
| | | | | In OpenSSL 3.0.0 no error is added in many cases for this path and since we don't do anything with the error anyway we should just consume and move on
* Reduce granularity of error msging when deserializing keys (#5588)Paul Kehrer2020-11-261-17/+9
| | | | | | | | | | | | * Reduce granularity of error msging when deserializing keys In OpenSSL 3.0 it is no longer possible to determine whether the reason a key failed to deserialize is because of an unsupported cipher. Since we want to be more resilient to OpenSSL error code instability we'll just remove these paths. * black * changelog and update docs
* in OpenSSL 1.1.0+ error strings are automatically loaded (#5587)Paul Kehrer2020-11-261-2/+0
|
* Always rely on OpenSSL's builtin locking callbacks (#5561)Alex Gaynor2020-11-112-29/+1
|
* Tighten up this warning message (#5560)Alex Gaynor2020-11-111-2/+2
|
* Fix broken links (#5552)Felix Fontein2020-11-101-5/+8
| | | | | * Fix broken links. * Shorter lines.
* GCM IV size limits (#5553)Paul Kehrer2020-11-092-7/+9
| | | | | | | | | | | | * GCM IV size limits OpenSSL 3.0.0 is going to enforce these size limits so we might as well put them in now. * fix the tests * black * these cases can't happen if we're limiting IV size already
* padding: Tip-toe around bytes subclasses. (#5548)Benjamin Peterson2020-11-041-2/+8
| | | | | This change allows future's newbytes class to be padded again. Fixes https://github.com/pyca/cryptography/issues/5547.
* Drop python 3.5 (#5527)Alex Gaynor2020-10-281-7/+0
|
* Disable blinding for RSA pub keys (#5524)Alex Gaynor2020-10-271-5/+0
|
* Simplify a number of branches around libressl (#5515)Alex Gaynor2020-10-265-15/+15
|
* Delete all the 1.0.2 code (#5511)Alex Gaynor2020-10-255-72/+8
|
* Reopen master for 3.3 (#5509)Alex Gaynor2020-10-251-2/+2
| | | | | * Reopen master for 3.3 * its how you know its authentic alex gaynor code
* 3.2 release (#5508)3.2Paul Kehrer2020-10-251-1/+1
|
* Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)Alex Gaynor2020-10-251-15/+11
|
* move blinding to __init__ on both RSA public and private (#5506)Paul Kehrer2020-10-252-4/+10
| | | | | * move blinding to __init__ on both RSA public and private * change signature to guarantee this test is testing what we think
* be more verbose in the 102 deprecation notice (#5505)Paul Kehrer2020-10-251-2/+5
|
* PKCS7SignatureBuilder now supports new option NoCerts when signing (#5500)frennkie2020-10-252-0/+5
|
* chunking didn't actually work (#5499)Paul Kehrer2020-10-251-1/+1
|
* allow additional certificates to be added to a pkcs7 (#5498)Paul Kehrer2020-10-252-2/+20
| | | | | | | * allow additional certificates to be added to a pkcs7 * be more verbose about what these additional certs might be used for * missing test
* PKCS7SignatureBuilder now supports three serializations (#5497)Paul Kehrer2020-10-243-9/+19
| | | | | | | | * PKCS7SignatureBuilder now supports three serializations PEM, DER, and SMIME. SMIME embeds the S/MIME headers and has the detached signature concept. * thanks libre
* migrate smime builder to pkcs7 module and rename (#5496)Paul Kehrer2020-10-243-117/+110
| | | | | * migrate smime builder to pkcs7 module and rename * missed a rename
* smime signer support (#5465)Paul Kehrer2020-09-192-1/+170
| | | | | | | | | | | | | | | | | | | * smime signer support * fix ed25519 check * change some wording * python 2.7... * review feedback * s/secure/signed * do some verification in the tests * review feedback * doc return value
* allow bytes-like for padding (#5462)Paul Kehrer2020-09-131-4/+4
| | | | this doesn't improve efficiency in any way (copies galore!), but it does make it consistent between a cipher context and a padding context
* re-add a few engine bindings for advanced users (#5449)Paul Kehrer2020-09-011-0/+4
| | | | | | | | | * re-add a few engine bindings for advanced users For users who are capable of compiling cryptography against custom openssl and properly using these functions this hopefully allows PKCS11 usage through OpenSSL engines. * forgot to save my buffer
* Add a missing space to py35 deprecation warning (#5448)Sviatoslav Sydorenko2020-09-011-1/+1
| | | This fixes a typo that's been introduced in #5387.
* Break users on OpenSSL 1.0.2 (#5438)Alex Gaynor2020-08-281-6/+14
| | | fixes #5432
* bump version for 3.2 dev (#5431)Paul Kehrer2020-08-271-1/+1
|
* 3.1 release (#5430)3.1Paul Kehrer2020-08-271-1/+1
|
* new black, actually slightly different than the old black (#5429)Paul Kehrer2020-08-266-27/+30
|
* chunked update_into (#5419)Paul Kehrer2020-08-241-13/+21
| | | | | | | * chunked update_into * all pointer arithmetic all the time * review feedback
* use _get_backend everywhere (#5408)Paul Kehrer2020-08-164-12/+13
| | | | | * use _get_backend everywhere * black
* move encoders into backend as well (#5406)Paul Kehrer2020-08-151-6/+22
| | | this will be useful later, i swear
* move the x509 parsers into the backend object (#5405)Paul Kehrer2020-08-154-118/+103
| | | | | | | | | * move the parser into the backend object This allows us to generate the list of supported extensions when instantiating the backend object rather than building multiple parsers and picking the right one at runtime when parsing the extensions themselves. * sigh
* clean up error stack in p7 (#5403)Alex Gaynor2020-08-151-0/+2
|
* HOTP and TOTP should also have optional backends (#5402)Paul Kehrer2020-08-152-2/+6
|
View Lorry Controller Status