cryptography

mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00

Author	SHA1	Message	Date
Julien Castiaux	031d407e4d	Add public_key_algorithm_oid to certificate and CSR (#10517 )	2024-03-27 14:32:35 -04:00
Alex Gaynor	e9954a0a31	fixes #10631 -- remove documentation for method that was removed (#10632 ) * fixes #10631 -- remove documentation for method that was removed * Update CHANGELOG.rst	2024-03-23 12:53:01 +00:00
Alex Gaynor	8436316862	Wycheproof lives under C2SP now (#10628 )	2024-03-22 19:34:41 -04:00
William Woodruff	4a3e7dcc97	verification: client verification APIs (#10345 ) * verification: WIP client verification skeleton Signed-off-by: William Woodruff <william@yossarian.net> * verify: fill in build_client_verifier Signed-off-by: William Woodruff <william@yossarian.net> * implement ClientVerifier.verify Signed-off-by: William Woodruff <william@yossarian.net> * verification: make Python 3.8 happy Signed-off-by: William Woodruff <william@yossarian.net> * switch to a full VerifiedClient type Signed-off-by: William Woodruff <william@yossarian.net> * remove the SubjectOwner::None hack Signed-off-by: William Woodruff <william@yossarian.net> * docs: fix ClientVerifier Signed-off-by: William Woodruff <william@yossarian.net> * verification: replace match with if Signed-off-by: William Woodruff <william@yossarian.net> * return GNs directly, not whole extension Signed-off-by: William Woodruff <william@yossarian.net> * docs/verification: document UnsupportedGeneralNameType raise Signed-off-by: William Woodruff <william@yossarian.net> * lib: RFC822 checks on NCs * test_limbo: enable client tests * tests: flake * test_verification: more Python API coverage * verification: filter GNs by NC support * verification: forbid unsupported NC GNs This is what we should have been doing originally, per RFC 5280 4.2.1.10: > If a name constraints extension that is marked as critical > imposes constraints on a particular name form, and an instance of > that name form appears in the subject field or subjectAltName > extension of a subsequent certificate, then the application MUST > either process the constraint or reject the certificate. * docs/verification: remove old sentence Signed-off-by: William Woodruff <william@yossarian.net> * verification: ensure the right EKU for client/server paths Signed-off-by: William Woodruff <william@yossarian.net> * test_limbo: fixup EKU assertion * verification: feedback --------- Signed-off-by: William Woodruff <william@yossarian.net>	2024-03-20 21:00:00 -04:00
Alex Gaynor	dcf6ac240d	Updates for ruff 0.3.1 (#10548 )	2024-03-07 10:57:37 -08:00
Facundo Tuesca	0a1098fcf0	Support for ECDSA deterministic signing (RFC 6979) (#10369 ) * Add support for deterministic ECDSA (RFC 6979)	2024-02-26 19:13:47 +00:00
Alex Gaynor	43b8b7910d	Raise MSRV to 1.65 (#10481 )	2024-02-25 23:04:40 +00:00
Facundo Tuesca	c97808ca77	Add test vectors for deterministic ECDSA (RFC6979) (#10438 )	2024-02-20 06:57:07 -08:00
Paul Kehrer	608ce9520f	add RC2-128-CBC vector (#10402 ) vector created using golang's x/crypto internal impl and verified against openssl	2024-02-16 22:20:14 -05:00
Paul Kehrer	ccd392ed50	mark ARC4 and TripleDES with the right version added for decrepit (#10325 )	2024-02-02 03:41:25 +00:00
Paul Kehrer	c7ec8a6eed	fix decrepit example (#10324 ) * fix decrepit example * Update docs/hazmat/decrepit/ciphers.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> --------- Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>	2024-02-02 03:33:48 +00:00
Paul Kehrer	fd46c01cac	Update install docs (#10309 ) We also test OpenSSL 3.2	2024-01-31 12:09:22 +00:00
Paul Kehrer	722a6393e6	migrate ARC4 and TripleDES to decrepit (#10286 )	2024-01-29 19:42:21 -05:00
Paul Kehrer	1729edef70	add decrepit namespace and put SEED, IDEA, Blowfish, and CAST5 in it (#10284 )	2024-01-28 17:34:33 -05:00
Paul Kehrer	98d764801d	increase toctree depth on primitives (#10282 ) this makes the landing page for hazmat/primtives in the docs much more useful.	2024-01-28 15:40:02 -05:00
Paul Kehrer	3da3a3703b	support bytes-like consistently across our asym sign/verify APIs (#10260 ) and update our docs to show it as well	2024-01-25 21:09:27 +00:00
Paul Kehrer	08b24d87a6	explicitly support bytes-like for signature/data in RSA sign/verify (#10259 ) this was never documented but previously worked in <42. we now also document that this is supported to confuse ourselves less.	2024-01-25 19:51:59 +00:00
Paul Kehrer	075925fd55	allow SPKI RSA keys to be parsed even if they have an incorrect delimiter (#10248 ) * allow SPKI RSA keys to be parsed even if they have an incorrect delimiter This allows RSA SPKI keys (typically delimited with PUBLIC KEY) to be parsed even if they are using the RSA PUBLIC KEY delimiter. * formatting * use original error if nothing parses, don't let it parse non-RSA	2024-01-25 01:54:23 +00:00
Hacksawfred3232	bd0a0648a8	Added warning about SHA1 being used for response signing in ocsp.rst (#10204 ) * Update ocsp.rst Added warning about SHA1 being used for sign() * Update ocsp.rst Fixed spelling issues, at least according to en-GB dictionary. * Update ocsp.rst Spell checker didn't catch "algorithim" somehow. * Update ocsp.rst Attempting to rephrase the warning. * Update ocsp.rst Removing rouge space.	2024-01-19 01:26:45 +00:00
Alex Gaynor	ad4ba0af95	Develop a local nox target (#10173 ) This formats code, runs linters, and tests. And it does these in an order that's optimized for fast local feedback	2024-01-14 20:43:55 -02:00
William Woodruff	a1ed534adb	docs/x509: fix verification example (#10169 ) * docs/x509: fix verification example Signed-off-by: William Woodruff <william@trailofbits.com> * x509/verification: doctest Signed-off-by: William Woodruff <william@trailofbits.com> --------- Signed-off-by: William Woodruff <william@trailofbits.com>	2024-01-12 21:05:59 +00:00
Paul Kehrer	30e5ee2493	add some more EC vectors (#10134 )	2024-01-05 18:03:57 +00:00
Alex Gaynor	e31a34398e	Another test case for explicit parameter private key (#10132 )	2024-01-05 12:57:12 -03:00
Alex Gaynor	bbf2544c79	Added two test cases for unsupported EC private keys (#10126 )	2024-01-05 07:19:16 -03:00
Alex Gaynor	6e106f5584	Update various links in the docs for permanent redirects (#10109 )	2024-01-02 21:00:20 -03:00
Alex Gaynor	42467135ad	Bump copyright years (#10101 )	2024-01-01 07:32:57 -03:00
Alex Gaynor	9e866cc50d	Update various links in the docs for permanent redirects (#10098 )	2023-12-31 17:56:51 -03:00
Alex Gaynor	7a59849a5d	Remove linkcheck ignore for secg.org (#10099 ) They appear to have gotten rid of FF DH KEX entirely	2023-12-31 17:33:05 -03:00
Johnny Hsieh	91541cf726	Add support for GCM mode of SM4 cipher (#10072 ) * Add support for SM4-GCM cipher ref: #7503 ref: https://github.com/openssl/openssl/issues/13667 * Update SM4 GCM tests to use external test vector * Cite SM4 test vectors sources in document * Add tests for SM4ModeGCM finalize_with_tag * Update CHANGELOG.rst	2023-12-29 10:56:29 -03:00
Paul Kehrer	8046ea1c49	document that we raise CryptographyDeprecationWarning on deprecation more clearly (#10053 ) * document we raise CryptographyDeprecationWarning clearly * be a little louder about our deprecated ciphers	2023-12-23 14:48:55 -05:00
Paul Kehrer	cea8a236ae	i grow weary of www.cosic.esat.kuleuven.be (#10045 )	2023-12-23 15:58:41 +00:00
Alex Gaynor	c9578f28a1	Fixed a typo in test-vectors documentation (#10041 )	2023-12-23 12:45:31 -03:00
Paul Kehrer	eac469a5c0	we call it unstable in the changelog and not experimental (#10040 ) let's be consistent	2023-12-23 13:51:26 +00:00
William Woodruff	d3f28d3ad8	x509/verification: add an API usage example (#10036 ) * x509/verification: add an API usage example Signed-off-by: William Woodruff <william@yossarian.net> * Apply suggestions from code review Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> --------- Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>	2023-12-22 19:15:56 -05:00
William Woodruff	38461e1c6d	CHANGELOG: record #8873 (#10035 ) * CHANGELOG: record #8873 Signed-off-by: William Woodruff <william@yossarian.net> * docs/x509/verification: clean up, update note Signed-off-by: William Woodruff <william@yossarian.net> * add module ref Signed-off-by: William Woodruff <william@yossarian.net> * CHANGELOG: Cryptograpy's -> our Signed-off-by: William Woodruff <william@yossarian.net> * CHANGELOG: reflow, better linkage Signed-off-by: William Woodruff <william@yossarian.net> --------- Signed-off-by: William Woodruff <william@yossarian.net>	2023-12-22 22:48:13 +00:00
Alex Gaynor	fb4c72c8bf	Added wycheproof vectors for pbkdf2 (#10024 )	2023-12-21 08:30:36 -06:00
Paul Kehrer	2525eb048a	support RSA PSS for CRLs (#10013 ) adds rsa_padding kwarg to sign and also adds signature_algorithm_parameters as a method to CRLs	2023-12-18 17:54:38 -05:00
Alex Gaynor	a8b96dab9b	Simplify the release process: No need to pass the version to release.py (#9990 )	2023-12-12 06:09:51 -08:00
Alex Gaynor	cd9cb8b488	Remind people about rust in the dev docs (#9985 )	2023-12-10 17:39:06 +00:00
Alex Gaynor	0a1f26b48f	Document tests-nocoverage in our dev docs (#9984 ) There's limited value in running coverage locally, since no single build produces 100% coverage	2023-12-10 11:29:29 -06:00
Alex Gaynor	61676b5b05	Update development docs (#9977 ) - No special configuration is required for brew or macports OpenSSL anymore - There's no point in documenting building local docs, it's basically never necessary	2023-12-09 08:36:46 -06:00
Paul Kehrer	d06a6a17cb	regenerate x509/custom/ca/ca.pem to expire in 2100 (#9964 ) The existing cert doesn't expire until late 2038 but this simplifies 2038 checks for some downstream consumers. We shift the original cert/key into a new pkcs12/ca directory so that we don't need to regenerate all the PKCS12 vectors (which don't care about expiry anyway)	2023-12-05 09:21:37 -05:00
Facundo Tuesca	ca4f40621d	Add support for AES-GCM-SIV using OpenSSL>=3.2.0 (#9843 )	2023-12-02 09:39:19 -06:00
Alex Gaynor	f1817f8077	Slightly alter AEAD benchmark code to solve problem AES-GCM-SIV hit (#9948 )	2023-12-01 18:42:42 -06:00
Facundo Tuesca	6359dc0e04	Add test vectors for AES-GCM-SIV (#9930 )	2023-12-01 10:46:29 -06:00
Paul Kehrer	64b3658ee5	port 41.0.6 changelog (#9928 ) * port 41.0.6 changelog * spelling	2023-11-27 20:40:13 +00:00
Alex Gaynor	b7d52c7f9d	Remove more u prefixes (#9884 )	2023-11-16 00:20:37 +00:00
Logan Hunt	0d1035feed	Remove `u` prefix from strings (#9882 )	2023-11-15 23:02:45 +00:00
William Woodruff	380fda6cbc	Fix transposed doc, simplify type in trust store test (#9874 ) * trust_store: simplify assert RHS type Signed-off-by: William Woodruff <william@trailofbits.com> * docs/verification: fix transposed doc item Signed-off-by: William Woodruff <william@trailofbits.com> --------- Signed-off-by: William Woodruff <william@trailofbits.com>	2023-11-13 21:36:11 +00:00
William Woodruff	9ba13da437	verification: add VerificationError, doc APIs (#9873 ) Signed-off-by: William Woodruff <william@trailofbits.com>	2023-11-13 16:21:32 -05:00

1 2 3 4 5 ...

2571 commits