saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
7171 commits 40 branches 135 tags 60 MiB
Commit graph

7171 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Kehrer
ba6798161c temporarily pin cffi to avoid bug related to virtualenv (#4083) 
* temporarily pin cffi to avoid bug related to virtualenv

* right, don't duplicate the name
 2018-01-12 14:16:46 -05:00
Alex Gaynor
d2c12683d3 Fixes #4076 - simplify the implementation of int_from_bytes on python2 (#4077) 
* Fixes #4076 - simplify the implementation of int_from_bytes on python2

* whitespace

* Added a test
 2018-01-10 08:17:09 -05:00
David Tucker
038146fdc7 Add a Versioning section to the API stability docs (#4027) 2018-01-07 10:32:36 -06:00
Alex Gaynor
15cc998c1f Fixed import path in go script (#4075) 2018-01-06 18:39:57 -06:00
Paul Kehrer
858a429d88 The HKDF limit is actually 255 * digest_length_in_bytes (#4037) 
* The HKDF limit is actually 255 * digest_length_in_bytes

Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.

* test longer output

* changelog
 2018-01-06 18:55:27 -05:00
Paul Kehrer
323f2ad66b add 1200 byte HKDF test vector and a generator/verifier for it (#4074) 
* add 1200 byte HKDF test vector and a generator/verifier for it

* exit non-zero when failing

* ugh
 2018-01-06 16:00:28 -05:00
Alex Gaynor
f8327a977f Drop conda workaround from installation docs (#4073) 
I don't think it's relevant anymore
 2018-01-06 10:07:40 -06:00
Tux
110398ee2e Use BN_clear_free in places where BN_free is being used (#4072) 
* Expose BN_clear_free

* Use BN_clear_free in test_int_to_bn

* Use BN_clear_free in lieu of BN_free

* Use BN_free on public values
 2018-01-05 19:53:45 -05:00
Tux
fbb0c12c87 Expose BN_clear_free in the OpenSSL backend (#4071) 
* Expose BN_clear_free

* Use BN_clear_free in test_int_to_bn
 2018-01-05 17:44:54 -05:00
Paul Kehrer
bade58f156 just a quick confirmation that it really is an x25519 evp key (#4070) 
* just a quick confirmation that it really is an x25519 evp key

* openssl assert. take that python -O
 2018-01-05 10:58:35 -05:00
Paul Kehrer
754c693bc7 DH interfaces existed in 0.9 but we didn't implement until 1.7 (#4068) 
* DH interfaces existed in 0.9 but we didn't implement until 1.7

* sigh empty
 2018-01-05 07:51:39 -05:00
Alex Gaynor
c0c70fb78d grammar nit, use a comma here (#4066) 2017-12-29 10:09:30 -06:00
Alex Gaynor
0ed80b467d Fixed #4039 -- added a python_requires to setup.py (#4064) 2017-12-26 12:04:31 -06:00
Alex Gaynor
2590556611 Fixed #4006 -- bind functions for dealing with sigalgs (#4063) 
* Fixed #4006 -- bind functions for dealing with sigalgs

* oops
 2017-12-26 10:36:40 -06:00
Alex Gaynor
24bb7a057b bump libressl version (#4062) 2017-12-25 12:49:48 -06:00
Pablo Lefort
a481e660a8 Add import default backend (#4061) 
* Add import default backend

* Revert blank line in
 2017-12-20 21:33:07 -05:00
Alex Gaynor
5db4e5e77e Fixed #4058 -- use the thread-safe API from OpenSSL, not the danger one (#4059) 2017-12-18 09:24:17 -06:00
Paul Kehrer
582b2b4d85 remove whirlpool vectors since we no longer support whirlpool (#4054) 2017-12-10 21:31:42 -05:00
Alex Gaynor
3e38506e0d Don't use whirlpool as an example (#4053) 
Both because it's weirdo crypto, but also because we don't even support it.

Adhere to our documented policy of using good crypto for all examples
 2017-12-11 08:54:02 +08:00
Alex Gaynor
740f3cd344 Fixed 120 warnings from the RSA tests (#4052) 
* Fixed 120 warnings from the RSA tests

* typo
 2017-12-11 08:07:14 +08:00
Alex Gaynor
fe06f3a26e Fixed DSA tests to not emit 200 warnings (#4050) 2017-12-10 15:03:32 +08:00
Alex Gaynor
77c94270bc update the ec tests to not emit 3000 warnings (#4048) 2017-12-10 11:46:07 +08:00
Alex Gaynor
0242c08ee3 In RSA test vectors, use verify() to avoid warnings (#4047) 
* In RSA test vectors, use verify() to avoid warnings

* whoops
 2017-12-10 09:58:52 +08:00
Alex Gaynor
9aec3f918a Use the latest OpenSSL in travis tests (#4045) 2017-12-08 08:18:51 +08:00
Alex Gaynor
b916fa9def Fixed deprecation warnings in x509 tests (#4040) 2017-12-04 08:16:22 +08:00
Paul Kehrer
9fa6fb2735 Pass the right length of null bytes when no salt is provided to HKDF (#4036) 
This bug looks bad but ends up being benign because HMAC is specified to
pad null bytes if a key is too short. So we passed too few bytes and
then OpenSSL obligingly padded it out to the correct length. However, we
should still do the right thing obviously.
 2017-12-01 11:41:25 -05:00
Paul Kehrer
4662d44fd3 Fix ASN1 string type encoding for several Name OIDs (#4035) 
* Fix ASN1 string type encoding for several Name OIDs

When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.

Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.

This PR also adds tests for the ASN1 string type of ever supported
NameOID.

* review feedback
 2017-11-30 20:48:56 -06:00
Paul Kehrer
66460d8f62 port changelog for 2.1.4 to master (#4031) 2017-11-29 21:21:33 -05:00
Paul Kehrer
4cc3b909bc add X509_up_ref (#4028) 2017-11-28 23:34:42 -05:00
Paul Kehrer
9b086fdb07 pytest 3.3.0 has an issue with parametrized null bytes again (#4026) 2017-11-28 07:49:32 -06:00
Benjamin Peterson
7bcb926c53 fix typo in comment (#4019) 2017-11-13 03:56:13 -05:00
Alex Gaynor
f7486f6a3c nit: remove double space in deprecation warning (#4018) 2017-11-11 23:17:58 +08:00
Alex Gaynor
270933c1a2 Use a different warning class so users get warnings (#4014) 
* Use a different warning class so users get warnings

* fixed tests

* do our own warning class

* typo

* flake8
 2017-11-11 12:19:05 +08:00
Alex Gaynor
d2d800058f nit in LICENSE, itself doesn't make sense here (#4016) 
* nit in LICENSE, itself doesn't make sense here

* more cleanup
 2017-11-10 08:29:14 +08:00
Alex Gaynor
6c03b899c8 bump libressl version (#4012) 2017-11-07 14:54:48 -06:00
Alex Gaynor
b1f9a51b5c forward port changelog (#4009) 2017-11-02 15:09:07 -05:00
Alex Gaynor
0654dc9331 Fix a few new flake8 issues (#4008) 2017-11-02 12:25:51 -05:00
Alex Gaynor
3fe869f845 Link to how to report a security issue in our readme (and therefore on pypi) (#4002) 2017-10-28 19:14:42 -05:00
Alex Gaynor
04be3b2848 nit: line wrapping change (#4004) 2017-10-28 19:12:35 -05:00
Alex Gaynor
20128c78a1 buster is 3.6 now (#4003) 2017-10-28 18:16:49 -05:00
Alex Gaynor
4941fc5c01 clearly error out on older setuptools (#4000) 
* clearly error out on older setuptools

* use the right thing
 2017-10-28 10:28:53 -05:00
Alex Gaynor
d3b9af67ae Forward port 2.1.2 changelog (#3998) 2017-10-24 11:23:16 -05:00
Alex Gaynor
30d35aef4a Fixes #3947 -- remove the docutils.conf (#3995) 
* Fixes #3947 -- remove the docutils.conf

* include minimum versions
 2017-10-23 18:09:27 -05:00
Alex Gaynor
c0e31e691e Latest flake8 has some rules about variable names (#3996) 2017-10-23 17:44:50 -05:00
Alex Gaynor
f2a0333fac rolling has 36 now that it is artful (#3991) 2017-10-21 08:13:42 -05:00
Alex Gaynor
a17bcba39a fixed #3986 -- properly use unicode for DNSName (#3988) 2017-10-19 20:43:46 +08:00
Chris Wolfe
af6f990064 Add Multifernet.rotate method (#3979) 
* add rotate method

* add some more tests for the failure modes

* start adding some documentation for the rotate method

* operate on a single token at a time, leave lists to the caller

* add versionadded
add versionadded, drop rotate from class doctest

* give rotate a doctest

* single level, not aligned

* add changelog for mf.rotate

* show that, once rotated, the old fernet instance can no longer decrypt the token

* add the instead of just the how

* update docs to reflect removal of ttl from rotate

* update tests

* refactor internal methods so that we can extract the timestamp

* implement rotate

* update wordlist (case sensitive?)

* lints

* consistent naming

* get_token_data/get_unverified_token_data -> better name

* doc changes

* use the static method, do not treat as imethod

* move up to MultiFernet docs

* add to authors

* alter wording

* monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second

* set the time after encryption to make sure that the time is preserved as part of re-encryption
 2017-10-19 03:23:53 +08:00
Christian Heimes
a0022ead7b Make changelog for A-label more readable (#3977) 
"value, value, and value" isn't very helpful.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
 2017-10-17 10:56:01 +08:00
Alex Gaynor
70da086b75 use the correct modern API (#3984) 2017-10-17 09:04:24 +08:00
Paul Kehrer
0a42f4eba8 port 2.1.1 changelog (#3975) 2017-10-12 07:35:39 -04:00