* drop python 3.6 support
* Update tests/hazmat/bindings/test_openssl.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
This removes the OS random engine, which contained the only CPython PSF
licensed code in the repository. Accordingly, that license has now been
removed.
This is extra mega cursed, and strictly speaking unsound. It does, however, match the status quo ante, where someone mutating a buffer while its being used in cffi code will basically always be UB.
* Rename Union type aliases to CamelCase
Many `typing.Union` type aliases were previously using `UPPER_SNAKE_CASE`, but Python's convention is `CamelCase` for these (e.g. https://docs.python.org/3/library/typing.html#type-aliases)
* Add utils.deprecated for the old non-underscore type aliases
* Added documentation for new type aliases & minor tweaks
* Use 'versionadded:: 40.0.0'
* Fix CertificatePublicKeyTypes vs CertificateIssuerPublicKeyTypes. Rename CertificatePrivateKeyTypes to CertificateIssuerPrivateKeyTypes
* Fix imports (ruff)
* Fix one more versionadded
* Tweak docs & Reorder: CertificateIssuerPublicKeyTypes before CertificateIssuerPrivateKeyTypes
* Fix test mypy errors using cast()
* Fix black, oops
* Revert "Fix black, oops"
This reverts commit 85344e231d697bdc0940e105f7aed729445f9743.
* Revert "Fix test mypy errors using cast()"
This reverts commit b272d8ca95fbbbc62060663f9e8930a139a7a43e.
* Revert type of SubjectKeyIdentifier.from_public_key arg
* Changelog tweak
* WIP: Add raw export alias method for x25519 keys
* Ditto for x448, ed448, ed25519
* Document new private_bytes_raw public_bytes_raw methods
* docs: Populate versionadded to be 40
* docs: Fix PublicFormat -> PrivateFormat where applicable
* formatting
* Update tests for test_pub_priv_bytes_raw in x25519, x448, ed448 (TODO: ed25519)
* Add test_pub_priv_bytes_raw test for Ed25519
Update SSHCertificateBuilder sample code to:
* Correctly use the signing key when signing the certificate, rather than the user's own private key.
* Generate the user's public key in one line, making it clearer to the reader that only the public key is an input to the certificate builder.
* add support for bytes-like objects in data and associated_data in aead algorithms
* flake
* flake again
* rework AESSIV _check_params
* flake and 80char columns
* associated_data cannot be None in _check_params, set to [] in calling function
* Update src/cryptography/hazmat/primitives/ciphers/aead.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* flake fix
---------
Co-authored-by: mat gas <none@none.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Add Certificate.verify_signed_by
Verify that the signature on a certificate was created by the
private key belonging to another certificate's public key.
This code does not validate anything else! It is not a path builder,
general x509 validator, etc.
* switch to issued_by
validate issuer subject matches certificate issuer and refactor
* two fixes
* signed_by isn't the right target now
* coverage
* skip test on some *ssls
* extensive refactoring
* lol
* does any of this work
* final commit i swear
* SSHCertificateBuilder
This adds support for generating SSH certificates
* add deterministic signing tests and valid_for_all_principals
* test another edge
* one of these two fixes makes no sense
