| Age | Commit message (Collapse) | Author |
|---|
|
am: e9a9eff135
Change-Id: I71869de7484adf0208b9088ba8aea713e11d601c
|
|
Bug: 124250384
Test: atest
Change-Id: I173e66efd8a938d815598b9d844cc34dcff94520
|
|
am: 6a131d157f
Change-Id: If21a24965fbb719a041ba4a349fc2255381947ca
|
|
am: 4db398a410
Change-Id: I0ef0d7788c76a7b575ed25f58fbe9714fbe5038e
|
|
Merged in version 2.5 and add in misc files.
Bug: 122778810
Test: None
Change-Id: I9c999773d30f4114ab1ce8aa44b27f3aa4ded80c
|
|
|
|
|
|
* allow asn1 times of 1950-01-01 and later.
* add a test
* pretty up the test
|
|
Previously we used unix timestamps, but now we are switching to using
ASN1_TIME_set_string and automatically formatting the string based on
the year. The rule is as follows:
Per RFC 5280 (section 4.1.2.5.), the valid input time
strings should be encoded with the following rules:
1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
Notably, Dates < 1950 are not valid UTCTime. At the moment we still
reject dates < Jan 1, 1970 in all cases but a followup PR can fix
that.
|
|
* bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test
This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit
builders) to fail as expected. Technically this isn't a malloc error,
but rather failing because the allocation requested is larger than
32-bits, but raising a MemoryError still seems appropriate
* what you want an endif too?
|
|
|
|
|
|
|
|
|
|
|
|
* add support for encoding compressed points
* review feedback
|
|
* shake128/256 support
* remove block_size
* doc an exception
* change how we detect XOF by adding _xof attribute
* interface!
* review feedback
|
|
we already did all the conditional binding, but forgot to actually
expose it.
|
|
* consistently linky RFC in the docs
* oops
|
|
* Fixed #4700 -- linkify method in changelog
* fixed linkification
* oxford comma
* line length
|
|
|
|
* changelog for byteslike
* bertter prose
|
|
|
|
* byteslike concatkdf
* byteslike scrypt
* byteslike x963kdf
|
|
|
|
|
|
* support byteslike in HKDF
* support byteslike in PBKDF2HMAC
* add missing docs
|
|
yuck.
|
|
* x448 and x25519 should enforce key lengths in from_private_bytes
they should also check if the algorithm is supported like the public
bytes class methods do
* oops
* move the checks
|
|
needed for some KDF keying material
|
|
This is needed to handle keying material in some of the KDFs
|
|
|
|
* add support for byteslike password/data to load_{pem,der}_private_key
* pypy 5.4 can't do memoryview from_buffer
|
|
we don't care about exceeding a deadline in CI because our infra
has wild variability and this can just randomly happen.
|
|
|
|
|
|
* add support for byteslike on password and data for pkcs12 loading
* use a contextmanager to yield a null terminated buffer we can zero
* review feedback
* updated text
* one last change
|
|
|
|
* modify x25519 serialization to match x448
supports raw and pkcs8 encoding on private_bytes
supports raw and subjectpublickeyinfo on public_bytes
deprecates zero argument call to public_bytes
* add docs
* this is public now
* don't need that
* review feedback
|
|
|
|
|
|
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
|
|
|
|
This adds the ability to retrieve the selected SRTP protection profile
after the DTLS handshake completes. This is needed to perform the
correct key derivation if multiple profiles were offered.
|
|
* add signature_hash_algorithm to OCSPResponse
* fix pointless asserts
|
|
|
|
|
|
|
|
|
|
|
