- No special configuration is required for brew or macports OpenSSL anymore
- There's no point in documenting building local docs, it's basically never necessary
The existing cert doesn't expire until late 2038 but this simplifies
2038 checks for some downstream consumers. We shift the original
cert/key into a new pkcs12/ca directory so that we don't need to
regenerate all the PKCS12 vectors (which don't care about expiry anyway)
* Adapt ChaCha20 test vectors to 64-bit counter
* Add ChaCha20 test vectors for counter overflow
These vectors test the behavior during counter overflow. Since
different implementations use different counter sizes (e.g. OpenSSL
uses a 64-bit counter, whereas BoringSSL uses a 32-bit counter),
it's important to ensure that the behavior during counter overflow
is consistent between implementations.
These vectors take into account both 32-bit and 64-bit overflows.
* tolerate NULL params in ECDSA SHA2 AlgorithmIdentifier
Java 11 does this incorrectly. It was fixed in Java16+ and they are
planning to do a backport, but we'll need to tolerate this invalid
encoding for a while.
* test both inner and outer
RFC 4055 section 2.1 states "All implementations MUST accept both
NULL and absent parameters as legal and equivalent encodings".
It also makes some somewhat conflicting statements after that, but
LibreSSL omits the null params for PSS, and OpenSSL parses this
without issue so tolerance it is.
* invalid visible string support
this allows utf8 in visiblestring, which is not valid DER. we raise a
warning when this happens, but allow it since belgian eIDs, among
others, have encoding errors. Belgium fixed this by 2021 (and possibly
earlier), but their eID certificates have 10 year validity.
* review comments
* clippy
* x509: add `load_pem_x509_certificates`
This behaves similarly to `load_pem_x509_certificate`, except that it
returns a list of loaded certificates instead of just the first X.509
certificate.
It raises if the input contains no PEM-encoded certificates, or if PEM
or certificate parsing fail.
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: blacken
Signed-off-by: William Woodruff <william@trailofbits.com>
* Update docs/x509/reference.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* tests/x509: assert each item in the list is actually a certificate
Signed-off-by: William Woodruff <william@trailofbits.com>
* bindings: expose `load_pem_x509_certificates` in `x509.pyi`
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: test the structure of each cert a bit
This has the transitive effect of establishing a fixed order.
Signed-off-by: William Woodruff <william@trailofbits.com>
* CHANGELOG: record changes
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs: add PEM to spellcheck allowlist
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs/x509: document expected param
Signed-off-by: William Woodruff <william@trailofbits.com>
Signed-off-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* add CRL test vector with 9,999 revoked items
* bump rust-asn1
* add large CRL test
this tests CRLs larger than 65535 bytes in size. rust-asn1 supports up
to 4GiB TLVs now, but we'll avoid putting a test vector that big for now
* Add `tbs_precertificate_bytes` property
* docs/x509: document `tbs_precertificate_bytes`
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: add two trivial tests
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509/base: fix lint
Signed-off-by: William Woodruff <william@trailofbits.com>
* oid: add CERTIFICATE_TRANSPARENCY (1.3.6.1.4.1.11129.2.4.4)
Signed-off-by: William Woodruff <william@trailofbits.com>
* hazmat/oid: rehome CERTIFICATE_TRANSPARENCY under ExtendedKeyUsageOID
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs/x509: fix link, help the spellchecker
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509: Raise ValueError when we can't filter SCT list extension
* tests: Expect a `ValueError` when accessing `tbs_precertificate_bytes`
in default example
* tests, vectors: Add TBS precert vector for test comparison
* docs/x509: document the `CERTIFICATE_TRANSPARENCY` OID
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs/x509: elaborate `tbs_precertificate_bytes`
Signed-off-by: William Woodruff <william@trailofbits.com>
* rust/x509: remove unused OID
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509/certificate: tweak error
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: reorganize
Signed-off-by: William Woodruff <william@trailofbits.com>
* Update src/rust/src/x509/certificate.rs
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* tests/x509: more reorg, rename
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs: document new testvector
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs: coax the spellchecker
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: use a cert that doesn't require SHA-1
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: test for no extensions at all
Signed-off-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Alex Cameron <asc@tetsuo.sh>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
CRL versions only go up to v2 (numeric value 1) and CSRs only define v1
(numeric value 0). See
https://www.rfc-editor.org/rfc/rfc5280.html#section-5.1 and
https://www.rfc-editor.org/rfc/rfc2986.html#section-4. Some of the
inputs used in tests were misissued.
Unfortunately, the corresponding private keys for these test vectors
weren't provided, so I've just editted the inputs with der-ascii and
left the signatures invalid. The tests in question don't seem to rely on
valid signatures.
* add x509 pss certificate and public key
the cert is signed using rsa_pss_2048.pem and the public key is the
public components of that private key
* Update docs/development/test-vectors.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* check for invalid keys that RSA_check_key misses
RSA_check_key checks for primality but that fails to catch this case
since 2 is prime. Instead we fetch p and q and verify that they are odd
and if not reject the key as invalid.
* circleci sucks
