Copy disabled (too large)
Download .txt
Showing preview only (90,754K chars total). Download the full file to get everything.
Repository: pyca/cryptography
Branch: main
Commit: 0ab637dfa4a1
Files: 3001
Total size: 86.2 MB
Directory structure:
gitextract_ph_05tql/
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── openssl-release.md
│ ├── ISSUE_TEMPLATE.rst
│ ├── actions/
│ │ ├── cache/
│ │ │ └── action.yml
│ │ ├── fetch-vectors/
│ │ │ └── action.yml
│ │ ├── upload-coverage/
│ │ │ └── action.yml
│ │ └── wheel-smoketest/
│ │ └── action.yml
│ ├── bin/
│ │ ├── build_openssl.sh
│ │ ├── bump_dependency.py
│ │ ├── bump_downstreams.sh
│ │ ├── compare_benchmarks.py
│ │ └── merge_rust_coverage.py
│ ├── config/
│ │ └── macos-pkg-choices-freethreaded.xml
│ ├── dependabot.yml
│ ├── downstream.d/
│ │ ├── aws-dynamodb-encryption-python.sh
│ │ ├── aws-encryption-sdk-python.sh
│ │ ├── certbot-josepy.sh
│ │ ├── certbot.sh
│ │ ├── mitmproxy.sh
│ │ ├── paramiko.sh
│ │ ├── pyopenssl-release.sh
│ │ ├── pyopenssl.sh
│ │ ├── scapy.sh
│ │ ├── sigstore-python.sh
│ │ └── twisted.sh
│ ├── requirements/
│ │ ├── build-requirements.in
│ │ ├── build-requirements.txt
│ │ ├── uv-requirements.in
│ │ └── uv-requirements.txt
│ └── workflows/
│ ├── auto-close-stale.yml
│ ├── benchmark.yml
│ ├── boring-open-awslc-bump.yml
│ ├── ci.yml
│ ├── downstream-version-bump.yml
│ ├── linkcheck.yml
│ ├── lock.yml
│ ├── pypi-publish.yml
│ ├── wheel-builder.yml
│ └── x509-limbo-version-bump.yml
├── .gitignore
├── .readthedocs.yml
├── CHANGELOG.rst
├── CONTRIBUTING.rst
├── Cargo.toml
├── LICENSE
├── LICENSE.APACHE
├── LICENSE.BSD
├── README.rst
├── ci-constraints-requirements.txt
├── docs/
│ ├── Makefile
│ ├── _ext/
│ │ ├── cryptography-docs.py
│ │ └── linkcode_res.py
│ ├── _static/
│ │ └── .keep
│ ├── _templates/
│ │ └── layout.html
│ ├── api-stability.rst
│ ├── changelog.rst
│ ├── community.rst
│ ├── conf.py
│ ├── development/
│ │ ├── c-bindings.rst
│ │ ├── custom-vectors/
│ │ │ ├── aes-192-gcm-siv/
│ │ │ │ ├── generate_aes192gcmsiv.py
│ │ │ │ └── verify-aes192gcmsiv/
│ │ │ │ ├── Cargo.toml
│ │ │ │ └── src/
│ │ │ │ └── main.rs
│ │ │ ├── aes-192-gcm-siv.rst
│ │ │ ├── arc4/
│ │ │ │ ├── generate_arc4.py
│ │ │ │ └── verify_arc4.go
│ │ │ ├── arc4.rst
│ │ │ ├── cast5/
│ │ │ │ ├── generate_cast5.py
│ │ │ │ └── verify_cast5.go
│ │ │ ├── cast5.rst
│ │ │ ├── chacha20/
│ │ │ │ ├── generate_chacha20_overflow.py
│ │ │ │ └── verify_chacha20_overflow.py
│ │ │ ├── chacha20.rst
│ │ │ ├── hkdf/
│ │ │ │ ├── generate_hkdf.py
│ │ │ │ └── verify_hkdf.go
│ │ │ ├── hkdf.rst
│ │ │ ├── idea/
│ │ │ │ ├── generate_idea.py
│ │ │ │ └── verify_idea.py
│ │ │ ├── idea.rst
│ │ │ ├── rc2/
│ │ │ │ ├── genrc2.go
│ │ │ │ ├── go.mod
│ │ │ │ └── rc2/
│ │ │ │ └── rc2.go
│ │ │ ├── rc2.rst
│ │ │ ├── rsa-oaep-sha2/
│ │ │ │ ├── VerifyRSAOAEPSHA2.java
│ │ │ │ └── generate_rsa_oaep_sha2.py
│ │ │ ├── rsa-oaep-sha2.rst
│ │ │ ├── secp256k1/
│ │ │ │ ├── generate_secp256k1.py
│ │ │ │ └── verify_secp256k1.py
│ │ │ ├── secp256k1.rst
│ │ │ ├── seed/
│ │ │ │ ├── generate_seed.py
│ │ │ │ └── verify_seed.py
│ │ │ └── seed.rst
│ │ ├── getting-started.rst
│ │ ├── index.rst
│ │ ├── reviewing-patches.rst
│ │ ├── submitting-patches.rst
│ │ └── test-vectors.rst
│ ├── doing-a-release.rst
│ ├── exceptions.rst
│ ├── faq.rst
│ ├── fernet.rst
│ ├── glossary.rst
│ ├── hazmat/
│ │ ├── decrepit/
│ │ │ ├── ciphers.rst
│ │ │ ├── index.rst
│ │ │ └── modes.rst
│ │ └── primitives/
│ │ ├── aead.rst
│ │ ├── asymmetric/
│ │ │ ├── cloudhsm.rst
│ │ │ ├── dh.rst
│ │ │ ├── dsa.rst
│ │ │ ├── ec.rst
│ │ │ ├── ed25519.rst
│ │ │ ├── ed448.rst
│ │ │ ├── index.rst
│ │ │ ├── rsa.rst
│ │ │ ├── serialization.rst
│ │ │ ├── utils.rst
│ │ │ ├── x25519.rst
│ │ │ └── x448.rst
│ │ ├── constant-time.rst
│ │ ├── cryptographic-hashes.rst
│ │ ├── hpke.rst
│ │ ├── index.rst
│ │ ├── key-derivation-functions.rst
│ │ ├── keywrap.rst
│ │ ├── mac/
│ │ │ ├── cmac.rst
│ │ │ ├── hmac.rst
│ │ │ ├── index.rst
│ │ │ └── poly1305.rst
│ │ ├── padding.rst
│ │ ├── symmetric-encryption.rst
│ │ └── twofactor.rst
│ ├── index.rst
│ ├── installation.rst
│ ├── limitations.rst
│ ├── make.bat
│ ├── openssl.rst
│ ├── random-numbers.rst
│ ├── security.rst
│ ├── spelling_wordlist.txt
│ ├── statements/
│ │ ├── index.rst
│ │ └── state-of-openssl.rst
│ └── x509/
│ ├── certificate-transparency.rst
│ ├── index.rst
│ ├── ocsp.rst
│ ├── reference.rst
│ ├── tutorial.rst
│ └── verification.rst
├── noxfile.py
├── pyproject.toml
├── release.py
├── src/
│ ├── _cffi_src/
│ │ ├── __init__.py
│ │ ├── build_openssl.py
│ │ ├── openssl/
│ │ │ ├── __init__.py
│ │ │ ├── asn1.py
│ │ │ ├── bignum.py
│ │ │ ├── bio.py
│ │ │ ├── crypto.py
│ │ │ ├── cryptography.py
│ │ │ ├── dh.py
│ │ │ ├── dsa.py
│ │ │ ├── ec.py
│ │ │ ├── engine.py
│ │ │ ├── err.py
│ │ │ ├── evp.py
│ │ │ ├── nid.py
│ │ │ ├── objects.py
│ │ │ ├── opensslv.py
│ │ │ ├── pem.py
│ │ │ ├── rand.py
│ │ │ ├── rsa.py
│ │ │ ├── ssl.py
│ │ │ ├── x509.py
│ │ │ ├── x509_vfy.py
│ │ │ ├── x509name.py
│ │ │ └── x509v3.py
│ │ └── utils.py
│ ├── cryptography/
│ │ ├── __about__.py
│ │ ├── __init__.py
│ │ ├── exceptions.py
│ │ ├── fernet.py
│ │ ├── hazmat/
│ │ │ ├── __init__.py
│ │ │ ├── _oid.py
│ │ │ ├── asn1/
│ │ │ │ ├── __init__.py
│ │ │ │ └── asn1.py
│ │ │ ├── backends/
│ │ │ │ ├── __init__.py
│ │ │ │ └── openssl/
│ │ │ │ ├── __init__.py
│ │ │ │ └── backend.py
│ │ │ ├── bindings/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _rust/
│ │ │ │ │ ├── __init__.pyi
│ │ │ │ │ ├── _openssl.pyi
│ │ │ │ │ ├── asn1.pyi
│ │ │ │ │ ├── declarative_asn1.pyi
│ │ │ │ │ ├── exceptions.pyi
│ │ │ │ │ ├── ocsp.pyi
│ │ │ │ │ ├── openssl/
│ │ │ │ │ │ ├── __init__.pyi
│ │ │ │ │ │ ├── aead.pyi
│ │ │ │ │ │ ├── ciphers.pyi
│ │ │ │ │ │ ├── cmac.pyi
│ │ │ │ │ │ ├── dh.pyi
│ │ │ │ │ │ ├── dsa.pyi
│ │ │ │ │ │ ├── ec.pyi
│ │ │ │ │ │ ├── ed25519.pyi
│ │ │ │ │ │ ├── ed448.pyi
│ │ │ │ │ │ ├── hashes.pyi
│ │ │ │ │ │ ├── hmac.pyi
│ │ │ │ │ │ ├── hpke.pyi
│ │ │ │ │ │ ├── kdf.pyi
│ │ │ │ │ │ ├── keys.pyi
│ │ │ │ │ │ ├── poly1305.pyi
│ │ │ │ │ │ ├── rsa.pyi
│ │ │ │ │ │ ├── x25519.pyi
│ │ │ │ │ │ └── x448.pyi
│ │ │ │ │ ├── pkcs12.pyi
│ │ │ │ │ ├── pkcs7.pyi
│ │ │ │ │ ├── test_support.pyi
│ │ │ │ │ └── x509.pyi
│ │ │ │ └── openssl/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _conditional.py
│ │ │ │ └── binding.py
│ │ │ ├── decrepit/
│ │ │ │ ├── __init__.py
│ │ │ │ └── ciphers/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── algorithms.py
│ │ │ │ └── modes.py
│ │ │ └── primitives/
│ │ │ ├── __init__.py
│ │ │ ├── _asymmetric.py
│ │ │ ├── _cipheralgorithm.py
│ │ │ ├── _modes.py
│ │ │ ├── _serialization.py
│ │ │ ├── asymmetric/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dh.py
│ │ │ │ ├── dsa.py
│ │ │ │ ├── ec.py
│ │ │ │ ├── ed25519.py
│ │ │ │ ├── ed448.py
│ │ │ │ ├── padding.py
│ │ │ │ ├── rsa.py
│ │ │ │ ├── types.py
│ │ │ │ ├── utils.py
│ │ │ │ ├── x25519.py
│ │ │ │ └── x448.py
│ │ │ ├── ciphers/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aead.py
│ │ │ │ ├── algorithms.py
│ │ │ │ ├── base.py
│ │ │ │ └── modes.py
│ │ │ ├── cmac.py
│ │ │ ├── constant_time.py
│ │ │ ├── hashes.py
│ │ │ ├── hmac.py
│ │ │ ├── hpke.py
│ │ │ ├── kdf/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── argon2.py
│ │ │ │ ├── concatkdf.py
│ │ │ │ ├── hkdf.py
│ │ │ │ ├── kbkdf.py
│ │ │ │ ├── pbkdf2.py
│ │ │ │ ├── scrypt.py
│ │ │ │ └── x963kdf.py
│ │ │ ├── keywrap.py
│ │ │ ├── padding.py
│ │ │ ├── poly1305.py
│ │ │ ├── serialization/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── pkcs12.py
│ │ │ │ ├── pkcs7.py
│ │ │ │ └── ssh.py
│ │ │ └── twofactor/
│ │ │ ├── __init__.py
│ │ │ ├── hotp.py
│ │ │ └── totp.py
│ │ ├── py.typed
│ │ ├── utils.py
│ │ └── x509/
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── certificate_transparency.py
│ │ ├── extensions.py
│ │ ├── general_name.py
│ │ ├── name.py
│ │ ├── ocsp.py
│ │ ├── oid.py
│ │ └── verification.py
│ └── rust/
│ ├── Cargo.toml
│ ├── build.rs
│ ├── cryptography-cffi/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ └── lib.rs
│ ├── cryptography-crypto/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── constant_time.rs
│ │ ├── encoding.rs
│ │ ├── lib.rs
│ │ ├── pbkdf1.rs
│ │ └── pkcs12.rs
│ ├── cryptography-keepalive/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ └── lib.rs
│ ├── cryptography-key-parsing/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ ├── dsa.rs
│ │ ├── ec.rs
│ │ ├── lib.rs
│ │ ├── pbe.rs
│ │ ├── pem.rs
│ │ ├── pkcs8.rs
│ │ ├── rsa.rs
│ │ ├── spki.rs
│ │ └── utils.rs
│ ├── cryptography-openssl/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ ├── aead.rs
│ │ ├── cmac.rs
│ │ ├── fips.rs
│ │ ├── hmac.rs
│ │ ├── lib.rs
│ │ ├── poly1305.rs
│ │ ├── rand.rs
│ │ └── utils.rs
│ ├── cryptography-x509/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── certificate.rs
│ │ ├── common.rs
│ │ ├── crl.rs
│ │ ├── csr.rs
│ │ ├── ec_constants.rs
│ │ ├── extensions.rs
│ │ ├── lib.rs
│ │ ├── name.rs
│ │ ├── ocsp_req.rs
│ │ ├── ocsp_resp.rs
│ │ ├── oid.rs
│ │ ├── pkcs12.rs
│ │ ├── pkcs7.rs
│ │ └── pkcs8.rs
│ ├── cryptography-x509-verification/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── certificate.rs
│ │ ├── lib.rs
│ │ ├── ops.rs
│ │ ├── policy/
│ │ │ ├── extension.rs
│ │ │ └── mod.rs
│ │ ├── trust_store.rs
│ │ └── types.rs
│ └── src/
│ ├── asn1.rs
│ ├── backend/
│ │ ├── aead.rs
│ │ ├── cipher_registry.rs
│ │ ├── ciphers.rs
│ │ ├── cmac.rs
│ │ ├── dh.rs
│ │ ├── dsa.rs
│ │ ├── ec.rs
│ │ ├── ed25519.rs
│ │ ├── ed448.rs
│ │ ├── hashes.rs
│ │ ├── hmac.rs
│ │ ├── hpke.rs
│ │ ├── kdf.rs
│ │ ├── keys.rs
│ │ ├── mod.rs
│ │ ├── poly1305.rs
│ │ ├── rand.rs
│ │ ├── rsa.rs
│ │ ├── utils.rs
│ │ ├── x25519.rs
│ │ └── x448.rs
│ ├── buf.rs
│ ├── declarative_asn1/
│ │ ├── asn1.rs
│ │ ├── decode.rs
│ │ ├── encode.rs
│ │ ├── mod.rs
│ │ └── types.rs
│ ├── error.rs
│ ├── exceptions.rs
│ ├── lib.rs
│ ├── oid.rs
│ ├── padding.rs
│ ├── pkcs12.rs
│ ├── pkcs7.rs
│ ├── serialization.rs
│ ├── test_support.rs
│ ├── types.rs
│ └── x509/
│ ├── certificate.rs
│ ├── common.rs
│ ├── crl.rs
│ ├── csr.rs
│ ├── extensions.rs
│ ├── mod.rs
│ ├── ocsp.rs
│ ├── ocsp_req.rs
│ ├── ocsp_resp.rs
│ ├── sct.rs
│ ├── sign.rs
│ └── verify/
│ ├── extension_policy.rs
│ ├── mod.rs
│ └── policy.rs
├── tests/
│ ├── __init__.py
│ ├── bench/
│ │ ├── __init__.py
│ │ ├── test_aead.py
│ │ ├── test_ec_load.py
│ │ ├── test_fernet.py
│ │ ├── test_hashes.py
│ │ ├── test_hkdf.py
│ │ ├── test_hmac.py
│ │ └── test_x509.py
│ ├── conftest.py
│ ├── deprecated_module.py
│ ├── doubles.py
│ ├── hazmat/
│ │ ├── __init__.py
│ │ ├── asn1/
│ │ │ ├── test_api.py
│ │ │ └── test_serialization.py
│ │ ├── backends/
│ │ │ ├── __init__.py
│ │ │ └── test_openssl.py
│ │ ├── bindings/
│ │ │ └── test_openssl.py
│ │ ├── primitives/
│ │ │ ├── __init__.py
│ │ │ ├── decrepit/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_3des.py
│ │ │ │ ├── test_algorithms.py
│ │ │ │ ├── test_arc4.py
│ │ │ │ └── test_rc2.py
│ │ │ ├── fixtures_dh.py
│ │ │ ├── fixtures_dsa.py
│ │ │ ├── fixtures_ec.py
│ │ │ ├── fixtures_rsa.py
│ │ │ ├── test_aead.py
│ │ │ ├── test_aes.py
│ │ │ ├── test_aes_gcm.py
│ │ │ ├── test_argon2.py
│ │ │ ├── test_asym_utils.py
│ │ │ ├── test_block.py
│ │ │ ├── test_camellia.py
│ │ │ ├── test_chacha20.py
│ │ │ ├── test_ciphers.py
│ │ │ ├── test_cmac.py
│ │ │ ├── test_concatkdf.py
│ │ │ ├── test_constant_time.py
│ │ │ ├── test_dh.py
│ │ │ ├── test_dsa.py
│ │ │ ├── test_ec.py
│ │ │ ├── test_ed25519.py
│ │ │ ├── test_ed448.py
│ │ │ ├── test_hash_vectors.py
│ │ │ ├── test_hashes.py
│ │ │ ├── test_hkdf.py
│ │ │ ├── test_hkdf_vectors.py
│ │ │ ├── test_hmac.py
│ │ │ ├── test_hmac_vectors.py
│ │ │ ├── test_hpke.py
│ │ │ ├── test_kbkdf.py
│ │ │ ├── test_kbkdf_vectors.py
│ │ │ ├── test_keywrap.py
│ │ │ ├── test_padding.py
│ │ │ ├── test_pbkdf2hmac.py
│ │ │ ├── test_pbkdf2hmac_vectors.py
│ │ │ ├── test_pkcs12.py
│ │ │ ├── test_pkcs7.py
│ │ │ ├── test_poly1305.py
│ │ │ ├── test_rsa.py
│ │ │ ├── test_scrypt.py
│ │ │ ├── test_serialization.py
│ │ │ ├── test_sm4.py
│ │ │ ├── test_ssh.py
│ │ │ ├── test_x25519.py
│ │ │ ├── test_x448.py
│ │ │ ├── test_x963_vectors.py
│ │ │ ├── test_x963kdf.py
│ │ │ ├── test_xofhash.py
│ │ │ ├── twofactor/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_hotp.py
│ │ │ │ └── test_totp.py
│ │ │ └── utils.py
│ │ └── test_oid.py
│ ├── test_cryptography_utils.py
│ ├── test_doubles.py
│ ├── test_fernet.py
│ ├── test_meta.py
│ ├── test_utils.py
│ ├── test_warnings.py
│ ├── utils.py
│ ├── wycheproof/
│ │ ├── __init__.py
│ │ ├── test_aes.py
│ │ ├── test_chacha20poly1305.py
│ │ ├── test_cmac.py
│ │ ├── test_dsa.py
│ │ ├── test_ecdh.py
│ │ ├── test_ecdsa.py
│ │ ├── test_eddsa.py
│ │ ├── test_hkdf.py
│ │ ├── test_hmac.py
│ │ ├── test_keywrap.py
│ │ ├── test_pbkdf2.py
│ │ ├── test_rsa.py
│ │ ├── test_utils.py
│ │ ├── test_x25519.py
│ │ ├── test_x448.py
│ │ └── utils.py
│ └── x509/
│ ├── __init__.py
│ ├── test_name.py
│ ├── test_ocsp.py
│ ├── test_x509.py
│ ├── test_x509_crlbuilder.py
│ ├── test_x509_ext.py
│ ├── test_x509_revokedcertbuilder.py
│ └── verification/
│ ├── __init__.py
│ ├── test_limbo.py
│ └── test_verification.py
└── vectors/
├── LICENSE
├── LICENSE.APACHE
├── LICENSE.BSD
├── README.rst
├── cryptography_vectors/
│ ├── CMAC/
│ │ ├── nist-800-38b-3des.txt
│ │ ├── nist-800-38b-aes128.txt
│ │ ├── nist-800-38b-aes192.txt
│ │ └── nist-800-38b-aes256.txt
│ ├── HMAC/
│ │ ├── rfc-2202-md5.txt
│ │ ├── rfc-2202-sha1.txt
│ │ ├── rfc-2286-ripemd160.txt
│ │ ├── rfc-4231-sha224.txt
│ │ ├── rfc-4231-sha256.txt
│ │ ├── rfc-4231-sha384.txt
│ │ └── rfc-4231-sha512.txt
│ ├── HPKE/
│ │ ├── hpke-pq-test-vectors.json
│ │ └── test-vectors.json
│ ├── KDF/
│ │ ├── ansx963_2001.txt
│ │ ├── argon2d.txt
│ │ ├── argon2i.txt
│ │ ├── argon2id.txt
│ │ ├── hkdf-generated.txt
│ │ ├── nist-800-108-KBKDF-CTR.txt
│ │ ├── rfc-5869-HKDF-SHA1.txt
│ │ ├── rfc-5869-HKDF-SHA256.txt
│ │ ├── rfc-6070-PBKDF2-SHA1.txt
│ │ └── scrypt.txt
│ ├── __about__.py
│ ├── __init__.py
│ ├── asymmetric/
│ │ ├── DER_Serialization/
│ │ │ ├── dsa.1024.der
│ │ │ ├── dsa.2048.der
│ │ │ ├── dsa.3072.der
│ │ │ ├── dsa_public_key.der
│ │ │ ├── dsa_public_key_invalid_bit_string.der
│ │ │ ├── dsa_public_key_no_params.der
│ │ │ ├── ec_private_key.der
│ │ │ ├── ec_private_key_encrypted.der
│ │ │ ├── ec_public_key.der
│ │ │ ├── enc-rsa-pkcs8.der
│ │ │ ├── enc2-rsa-pkcs8.der
│ │ │ ├── rsa_public_key.der
│ │ │ ├── testrsa.der
│ │ │ ├── unenc-dsa-pkcs8.der
│ │ │ ├── unenc-dsa-pkcs8.pub.der
│ │ │ ├── unenc-rsa-pkcs8.der
│ │ │ └── unenc-rsa-pkcs8.pub.der
│ │ ├── DH/
│ │ │ ├── KASValidityTest_FFCStatic_NOKC_ZZOnly_init.fax
│ │ │ ├── KASValidityTest_FFCStatic_NOKC_ZZOnly_resp.fax
│ │ │ ├── RFC5114.txt
│ │ │ ├── bad_exchange.txt
│ │ │ ├── dh_key_256.pem
│ │ │ ├── dhkey.der
│ │ │ ├── dhkey.pem
│ │ │ ├── dhkey.txt
│ │ │ ├── dhkey_rfc5114_2.der
│ │ │ ├── dhkey_rfc5114_2.pem
│ │ │ ├── dhkey_rfc5114_2.txt
│ │ │ ├── dhp.der
│ │ │ ├── dhp.pem
│ │ │ ├── dhp_rfc5114_2.der
│ │ │ ├── dhp_rfc5114_2.pem
│ │ │ ├── dhpub.der
│ │ │ ├── dhpub.pem
│ │ │ ├── dhpub_cryptography_old.pem
│ │ │ ├── dhpub_rfc5114_2.der
│ │ │ ├── dhpub_rfc5114_2.pem
│ │ │ ├── rfc3526.txt
│ │ │ └── vec.txt
│ │ ├── DSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PQGGen.rsp
│ │ │ │ ├── PQGGen.txt
│ │ │ │ ├── PQGVer.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── FIPS_186-3/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PQGGen.rsp
│ │ │ │ ├── PQGGen.txt
│ │ │ │ ├── PQGVer.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ └── custom/
│ │ │ └── nilpotent.pem
│ │ ├── EC/
│ │ │ ├── compressed_points.txt
│ │ │ ├── ec-missing-curve.pem
│ │ │ ├── explicit_parameters_private_key.pem
│ │ │ ├── explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem
│ │ │ ├── high-bit-set.pem
│ │ │ ├── secp128r1_private_key.pem
│ │ │ ├── secp256k1-explicit-no-seed.pem
│ │ │ ├── secp256k1-pub-explicit-no-seed.pem
│ │ │ ├── secp256r1-explicit-no-seed.pem
│ │ │ ├── secp256r1-explicit-seed.pem
│ │ │ ├── secp256r1-pub-explicit-no-seed.pem
│ │ │ ├── secp256r1-pub-explicit-seed.pem
│ │ │ ├── secp384r1-explicit-no-seed.pem
│ │ │ ├── secp384r1-explicit-seed.pem
│ │ │ ├── secp384r1-pub-explicit-no-seed.pem
│ │ │ ├── secp384r1-pub-explicit-seed.pem
│ │ │ ├── secp521r1-explicit-no-seed.pem
│ │ │ ├── secp521r1-explicit-seed.pem
│ │ │ ├── secp521r1-pub-explicit-no-seed.pem
│ │ │ ├── secp521r1-pub-explicit-seed.pem
│ │ │ ├── sect163k1-spki.pem
│ │ │ ├── sect163r2-spki.pem
│ │ │ ├── sect233k1-spki.pem
│ │ │ ├── sect233r1-spki.pem
│ │ │ └── truncated-private-key.der
│ │ ├── ECDH/
│ │ │ ├── KASValidityTest_ECCStaticUnified_KDFConcat_NOKC_init.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_KDFConcat_NOKC_resp.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_resp.fax
│ │ │ └── brainpool.txt
│ │ ├── ECDSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PKV.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── FIPS_186-3/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PKV.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── RFC6979/
│ │ │ │ └── evppkey_ecdsa_rfc6979.txt
│ │ │ └── SECP256K1/
│ │ │ └── SigGen.txt
│ │ ├── Ed25519/
│ │ │ ├── ed25519-pkcs8-enc.der
│ │ │ ├── ed25519-pkcs8-enc.pem
│ │ │ ├── ed25519-pkcs8.der
│ │ │ ├── ed25519-pkcs8.pem
│ │ │ ├── ed25519-pub.der
│ │ │ ├── ed25519-pub.pem
│ │ │ └── sign.input
│ │ ├── Ed448/
│ │ │ ├── ed448-pkcs8-enc.der
│ │ │ ├── ed448-pkcs8-enc.pem
│ │ │ ├── ed448-pkcs8.der
│ │ │ ├── ed448-pkcs8.pem
│ │ │ ├── ed448-pub.der
│ │ │ ├── ed448-pub.pem
│ │ │ └── rfc8032.txt
│ │ ├── MLDSA/
│ │ │ ├── kat_MLDSA_44_det_pure.rsp
│ │ │ ├── kat_MLDSA_65_det_pure.rsp
│ │ │ └── kat_MLDSA_87_det_pure.rsp
│ │ ├── OpenSSH/
│ │ │ ├── certs/
│ │ │ │ ├── dsa-p256.pub
│ │ │ │ ├── p256-dsa.pub
│ │ │ │ ├── p256-ed25519-non-singular-crit-opt-val.pub
│ │ │ │ ├── p256-ed25519-non-singular-ext-val.pub
│ │ │ │ ├── p256-p256-broken-signature-key-type.pub
│ │ │ │ ├── p256-p256-duplicate-crit-opts.pub
│ │ │ │ ├── p256-p256-duplicate-extension.pub
│ │ │ │ ├── p256-p256-empty-principals.pub
│ │ │ │ ├── p256-p256-invalid-cert-type.pub
│ │ │ │ ├── p256-p256-non-lexical-crit-opts.pub
│ │ │ │ ├── p256-p256-non-lexical-extensions.pub
│ │ │ │ ├── p256-p384.pub
│ │ │ │ ├── p256-p521.pub
│ │ │ │ ├── p256-rsa-sha1.pub
│ │ │ │ ├── p256-rsa-sha256.pub
│ │ │ │ └── p256-rsa-sha512.pub
│ │ │ ├── dsa-nopsw.key
│ │ │ ├── dsa-nopsw.key-cert.pub
│ │ │ ├── dsa-nopsw.key.pub
│ │ │ ├── dsa-psw.key
│ │ │ ├── dsa-psw.key.pub
│ │ │ ├── ecdsa-nopsw.key
│ │ │ ├── ecdsa-nopsw.key-cert.pub
│ │ │ ├── ecdsa-nopsw.key.pub
│ │ │ ├── ecdsa-psw.key
│ │ │ ├── ecdsa-psw.key.pub
│ │ │ ├── ed25519-aesgcm-psw.key
│ │ │ ├── ed25519-aesgcm-psw.key.pub
│ │ │ ├── ed25519-nopsw.key
│ │ │ ├── ed25519-nopsw.key-cert.pub
│ │ │ ├── ed25519-nopsw.key.pub
│ │ │ ├── ed25519-psw.key
│ │ │ ├── ed25519-psw.key.pub
│ │ │ ├── gen.sh
│ │ │ ├── rsa-nopsw.key
│ │ │ ├── rsa-nopsw.key-cert.pub
│ │ │ ├── rsa-nopsw.key.pub
│ │ │ ├── rsa-psw.key
│ │ │ ├── rsa-psw.key.pub
│ │ │ ├── sk-ecdsa-nopsw.key
│ │ │ ├── sk-ecdsa-nopsw.key.pub
│ │ │ ├── sk-ecdsa-psw.key
│ │ │ ├── sk-ecdsa-psw.key.pub
│ │ │ ├── sk-ed25519-nopsw.key
│ │ │ ├── sk-ed25519-nopsw.key.pub
│ │ │ ├── sk-ed25519-psw.key
│ │ │ └── sk-ed25519-psw.key.pub
│ │ ├── PEM_Serialization/
│ │ │ ├── README.txt
│ │ │ ├── dsa_4096.pem
│ │ │ ├── dsa_private_key.pem
│ │ │ ├── dsa_public_key.pem
│ │ │ ├── dsaparam.pem
│ │ │ ├── ec_private_key.pem
│ │ │ ├── ec_private_key_encrypted.pem
│ │ │ ├── ec_public_key.pem
│ │ │ ├── ec_public_key_rsa_delimiter.pem
│ │ │ ├── rsa-bad-1025-q-is-2.pem
│ │ │ ├── rsa_private_key.pem
│ │ │ ├── rsa_public_key.pem
│ │ │ └── rsa_wrong_delimiter_public_key.pem
│ │ ├── PKCS8/
│ │ │ ├── bad-encryption-oid.pem
│ │ │ ├── bad-oid-dsa-key.pem
│ │ │ ├── ec-consistent-curve.pem
│ │ │ ├── ec-inconsistent-curve.pem
│ │ │ ├── ec-inconsistent-curve2.pem
│ │ │ ├── ec-invalid-private-scalar.pem
│ │ │ ├── ec-invalid-version.pem
│ │ │ ├── ec_oid_not_in_reg_private_2.pkcs8.pem
│ │ │ ├── ec_private_key.pem
│ │ │ ├── ec_private_key_encrypted.pem
│ │ │ ├── ecc_private_with_rfc5915_ext.pem
│ │ │ ├── ed25519-scrypt.pem
│ │ │ ├── enc-ec-sha1-128-rc4.pem
│ │ │ ├── enc-rsa-3des.pem
│ │ │ ├── enc-rsa-pkcs8-pbkdf2-0iter.pem
│ │ │ ├── enc-rsa-pkcs8.pem
│ │ │ ├── enc-unknown-algorithm.pem
│ │ │ ├── enc-unknown-kdf.pem
│ │ │ ├── enc-unknown-pbkdf2-prf.pem
│ │ │ ├── enc2-rsa-pkcs8.pem
│ │ │ ├── invalid-version.der
│ │ │ ├── nodompar_private.pkcs8.pem
│ │ │ ├── pkcs12_s2k_pem-X_9607.pem
│ │ │ ├── pkcs12_s2k_pem-X_9671.pem
│ │ │ ├── pkcs12_s2k_pem-X_9925.pem
│ │ │ ├── pkcs12_s2k_pem-X_9926.pem
│ │ │ ├── pkcs12_s2k_pem-X_9927.pem
│ │ │ ├── pkcs12_s2k_pem-X_9928.pem
│ │ │ ├── pkcs12_s2k_pem-X_9929.pem
│ │ │ ├── pkcs12_s2k_pem-X_9930.pem
│ │ │ ├── pkcs12_s2k_pem-X_9931.pem
│ │ │ ├── pkcs12_s2k_pem-X_9932.pem
│ │ │ ├── private.pem
│ │ │ ├── rsa-40bitrc2.pem
│ │ │ ├── rsa-aes-192-cbc.pem
│ │ │ ├── rsa-pbe-3des-long-salt.pem
│ │ │ ├── rsa-pbewithmd5anddescbc.pem
│ │ │ ├── rsa-rc2-cbc-effective-key-length.pem
│ │ │ ├── rsa-rc2-cbc.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
│ │ │ ├── rsa_pss_2048.pem
│ │ │ ├── rsa_pss_2048_hash.pem
│ │ │ ├── rsa_pss_2048_hash_mask.pem
│ │ │ ├── rsa_pss_2048_hash_mask_diff.pem
│ │ │ ├── rsa_pss_2048_hash_mask_salt.pem
│ │ │ ├── rsa_pss_2048_pub.der
│ │ │ ├── unenc-dsa-pkcs8.pem
│ │ │ ├── unenc-dsa-pkcs8.pub.pem
│ │ │ ├── unenc-rsa-pkcs8.pem
│ │ │ ├── unenc-rsa-pkcs8.pub.pem
│ │ │ ├── unknown-oid.der
│ │ │ ├── withdompar_private.pkcs8.pem
│ │ │ └── wrong-pem-delimiter-rsa.pem
│ │ ├── RSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyGenRSA.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen15_186-2.rsp
│ │ │ │ ├── SigGen15_186-2.txt
│ │ │ │ ├── SigGen15_186-3.rsp
│ │ │ │ ├── SigGenPSS_186-2.rsp
│ │ │ │ ├── SigGenPSS_186-2.txt
│ │ │ │ ├── SigGenPSS_186-3.rsp
│ │ │ │ ├── SigGenRSA.rsp
│ │ │ │ ├── SigGenRSA_186-2.rsp
│ │ │ │ ├── SigGenRSA_186-2.txt
│ │ │ │ ├── SigVer15_186-3.rsp
│ │ │ │ ├── SigVerPSS_186-3.rsp
│ │ │ │ └── SigVerRSA.rsp
│ │ │ ├── SigVer15EMTest.txt
│ │ │ ├── oaep-custom/
│ │ │ │ ├── oaep-sha1-sha224.txt
│ │ │ │ ├── oaep-sha1-sha256.txt
│ │ │ │ ├── oaep-sha1-sha384.txt
│ │ │ │ ├── oaep-sha1-sha512.txt
│ │ │ │ ├── oaep-sha224-sha1.txt
│ │ │ │ ├── oaep-sha224-sha224.txt
│ │ │ │ ├── oaep-sha224-sha256.txt
│ │ │ │ ├── oaep-sha224-sha384.txt
│ │ │ │ ├── oaep-sha224-sha512.txt
│ │ │ │ ├── oaep-sha256-sha1.txt
│ │ │ │ ├── oaep-sha256-sha224.txt
│ │ │ │ ├── oaep-sha256-sha256.txt
│ │ │ │ ├── oaep-sha256-sha384.txt
│ │ │ │ ├── oaep-sha256-sha512.txt
│ │ │ │ ├── oaep-sha384-sha1.txt
│ │ │ │ ├── oaep-sha384-sha224.txt
│ │ │ │ ├── oaep-sha384-sha256.txt
│ │ │ │ ├── oaep-sha384-sha384.txt
│ │ │ │ ├── oaep-sha384-sha512.txt
│ │ │ │ ├── oaep-sha512-sha1.txt
│ │ │ │ ├── oaep-sha512-sha224.txt
│ │ │ │ ├── oaep-sha512-sha256.txt
│ │ │ │ ├── oaep-sha512-sha384.txt
│ │ │ │ └── oaep-sha512-sha512.txt
│ │ │ ├── oaep-label.txt
│ │ │ ├── pkcs-1v2-1d2-vec/
│ │ │ │ ├── oaep-int.txt
│ │ │ │ ├── oaep-vect.txt
│ │ │ │ ├── pss-int.txt
│ │ │ │ ├── pss-vect.txt
│ │ │ │ └── readme.txt
│ │ │ ├── pkcs1v15crypt-vectors.txt
│ │ │ └── pkcs1v15sign-vectors.txt
│ │ ├── Traditional_OpenSSL_Serialization/
│ │ │ ├── dsa-wrong-version.pem
│ │ │ ├── dsa.1024.pem
│ │ │ ├── dsa.2048.pem
│ │ │ ├── dsa.3072.pem
│ │ │ ├── key1-malformed-dek-info.pem
│ │ │ ├── key1-malformed-iv.pem
│ │ │ ├── key1-no-dek-info.pem
│ │ │ ├── key1-short-iv.pem
│ │ │ ├── key1.pem
│ │ │ ├── key2.pem
│ │ │ ├── rsa-wrong-version.pem
│ │ │ ├── testrsa-encrypted.pem
│ │ │ └── testrsa.pem
│ │ ├── X25519/
│ │ │ ├── rfc7748.txt
│ │ │ ├── x25519-pkcs8-enc.der
│ │ │ ├── x25519-pkcs8-enc.pem
│ │ │ ├── x25519-pkcs8.der
│ │ │ ├── x25519-pkcs8.pem
│ │ │ ├── x25519-pub.der
│ │ │ └── x25519-pub.pem
│ │ ├── X448/
│ │ │ ├── rfc7748.txt
│ │ │ ├── x448-pkcs8-enc.der
│ │ │ ├── x448-pkcs8-enc.pem
│ │ │ ├── x448-pkcs8.der
│ │ │ ├── x448-pkcs8.pem
│ │ │ ├── x448-pub.der
│ │ │ └── x448-pub.pem
│ │ └── public/
│ │ └── PKCS1/
│ │ ├── dsa.pub.pem
│ │ ├── rsa.pub.der
│ │ └── rsa.pub.pem
│ ├── ciphers/
│ │ ├── 3DES/
│ │ │ ├── CBC/
│ │ │ │ ├── TCBCIMMT1.rsp
│ │ │ │ ├── TCBCIMMT2.rsp
│ │ │ │ ├── TCBCIMMT3.rsp
│ │ │ │ ├── TCBCIinvperm.rsp
│ │ │ │ ├── TCBCIpermop.rsp
│ │ │ │ ├── TCBCIsubtab.rsp
│ │ │ │ ├── TCBCIvarkey.rsp
│ │ │ │ ├── TCBCIvartext.rsp
│ │ │ │ ├── TCBCMMT1.rsp
│ │ │ │ ├── TCBCMMT2.rsp
│ │ │ │ ├── TCBCMMT3.rsp
│ │ │ │ ├── TCBCinvperm.rsp
│ │ │ │ ├── TCBCpermop.rsp
│ │ │ │ ├── TCBCsubtab.rsp
│ │ │ │ ├── TCBCvarkey.rsp
│ │ │ │ └── TCBCvartext.rsp
│ │ │ ├── CFB/
│ │ │ │ ├── TCFB1MMT1.rsp
│ │ │ │ ├── TCFB1MMT2.rsp
│ │ │ │ ├── TCFB1MMT3.rsp
│ │ │ │ ├── TCFB1invperm.rsp
│ │ │ │ ├── TCFB1permop.rsp
│ │ │ │ ├── TCFB1subtab.rsp
│ │ │ │ ├── TCFB1varkey.rsp
│ │ │ │ ├── TCFB1vartext.rsp
│ │ │ │ ├── TCFB64MMT1.rsp
│ │ │ │ ├── TCFB64MMT2.rsp
│ │ │ │ ├── TCFB64MMT3.rsp
│ │ │ │ ├── TCFB64invperm.rsp
│ │ │ │ ├── TCFB64permop.rsp
│ │ │ │ ├── TCFB64subtab.rsp
│ │ │ │ ├── TCFB64varkey.rsp
│ │ │ │ ├── TCFB64vartext.rsp
│ │ │ │ ├── TCFB8MMT1.rsp
│ │ │ │ ├── TCFB8MMT2.rsp
│ │ │ │ ├── TCFB8MMT3.rsp
│ │ │ │ ├── TCFB8invperm.rsp
│ │ │ │ ├── TCFB8permop.rsp
│ │ │ │ ├── TCFB8subtab.rsp
│ │ │ │ ├── TCFB8varkey.rsp
│ │ │ │ ├── TCFB8vartext.rsp
│ │ │ │ ├── TCFBP1MMT1.rsp
│ │ │ │ ├── TCFBP1MMT2.rsp
│ │ │ │ ├── TCFBP1MMT3.rsp
│ │ │ │ ├── TCFBP1invperm.rsp
│ │ │ │ ├── TCFBP1permop.rsp
│ │ │ │ ├── TCFBP1subtab.rsp
│ │ │ │ ├── TCFBP1varkey.rsp
│ │ │ │ ├── TCFBP1vartext.rsp
│ │ │ │ ├── TCFBP64MMT1.rsp
│ │ │ │ ├── TCFBP64MMT2.rsp
│ │ │ │ ├── TCFBP64MMT3.rsp
│ │ │ │ ├── TCFBP64invperm.rsp
│ │ │ │ ├── TCFBP64permop.rsp
│ │ │ │ ├── TCFBP64subtab.rsp
│ │ │ │ ├── TCFBP64varkey.rsp
│ │ │ │ ├── TCFBP64vartext.rsp
│ │ │ │ ├── TCFBP8MMT1.rsp
│ │ │ │ ├── TCFBP8MMT2.rsp
│ │ │ │ ├── TCFBP8MMT3.rsp
│ │ │ │ ├── TCFBP8invperm.rsp
│ │ │ │ ├── TCFBP8permop.rsp
│ │ │ │ ├── TCFBP8subtab.rsp
│ │ │ │ ├── TCFBP8varkey.rsp
│ │ │ │ └── TCFBP8vartext.rsp
│ │ │ ├── ECB/
│ │ │ │ ├── TECBMMT1.rsp
│ │ │ │ ├── TECBMMT2.rsp
│ │ │ │ ├── TECBMMT3.rsp
│ │ │ │ ├── TECBinvperm.rsp
│ │ │ │ ├── TECBpermop.rsp
│ │ │ │ ├── TECBsubtab.rsp
│ │ │ │ ├── TECBvarkey.rsp
│ │ │ │ └── TECBvartext.rsp
│ │ │ └── OFB/
│ │ │ ├── TOFBIMMT1.rsp
│ │ │ ├── TOFBIMMT2.rsp
│ │ │ ├── TOFBIMMT3.rsp
│ │ │ ├── TOFBIinvperm.rsp
│ │ │ ├── TOFBIpermop.rsp
│ │ │ ├── TOFBIsubtab.rsp
│ │ │ ├── TOFBIvarkey.rsp
│ │ │ ├── TOFBIvartext.rsp
│ │ │ ├── TOFBMMT1.rsp
│ │ │ ├── TOFBMMT2.rsp
│ │ │ ├── TOFBMMT3.rsp
│ │ │ ├── TOFBinvperm.rsp
│ │ │ ├── TOFBpermop.rsp
│ │ │ ├── TOFBsubtab.rsp
│ │ │ ├── TOFBvarkey.rsp
│ │ │ └── TOFBvartext.rsp
│ │ ├── AES/
│ │ │ ├── CBC/
│ │ │ │ ├── CBCGFSbox128.rsp
│ │ │ │ ├── CBCGFSbox192.rsp
│ │ │ │ ├── CBCGFSbox256.rsp
│ │ │ │ ├── CBCKeySbox128.rsp
│ │ │ │ ├── CBCKeySbox192.rsp
│ │ │ │ ├── CBCKeySbox256.rsp
│ │ │ │ ├── CBCMMT128.rsp
│ │ │ │ ├── CBCMMT192.rsp
│ │ │ │ ├── CBCMMT256.rsp
│ │ │ │ ├── CBCVarKey128.rsp
│ │ │ │ ├── CBCVarKey192.rsp
│ │ │ │ ├── CBCVarKey256.rsp
│ │ │ │ ├── CBCVarTxt128.rsp
│ │ │ │ ├── CBCVarTxt192.rsp
│ │ │ │ └── CBCVarTxt256.rsp
│ │ │ ├── CCM/
│ │ │ │ ├── DVPT128.rsp
│ │ │ │ ├── DVPT128.txt
│ │ │ │ ├── DVPT192.rsp
│ │ │ │ ├── DVPT192.txt
│ │ │ │ ├── DVPT256.rsp
│ │ │ │ ├── DVPT256.txt
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── VADT128.rsp
│ │ │ │ ├── VADT192.rsp
│ │ │ │ ├── VADT256.rsp
│ │ │ │ ├── VNT128.rsp
│ │ │ │ ├── VNT192.rsp
│ │ │ │ ├── VNT256.rsp
│ │ │ │ ├── VPT128.rsp
│ │ │ │ ├── VPT192.rsp
│ │ │ │ ├── VPT256.rsp
│ │ │ │ ├── VTT128.rsp
│ │ │ │ ├── VTT192.rsp
│ │ │ │ └── VTT256.rsp
│ │ │ ├── CFB/
│ │ │ │ ├── CFB128GFSbox128.rsp
│ │ │ │ ├── CFB128GFSbox192.rsp
│ │ │ │ ├── CFB128GFSbox256.rsp
│ │ │ │ ├── CFB128KeySbox128.rsp
│ │ │ │ ├── CFB128KeySbox192.rsp
│ │ │ │ ├── CFB128KeySbox256.rsp
│ │ │ │ ├── CFB128MMT128.rsp
│ │ │ │ ├── CFB128MMT192.rsp
│ │ │ │ ├── CFB128MMT256.rsp
│ │ │ │ ├── CFB128VarKey128.rsp
│ │ │ │ ├── CFB128VarKey192.rsp
│ │ │ │ ├── CFB128VarKey256.rsp
│ │ │ │ ├── CFB128VarTxt128.rsp
│ │ │ │ ├── CFB128VarTxt192.rsp
│ │ │ │ ├── CFB128VarTxt256.rsp
│ │ │ │ ├── CFB1GFSbox128.rsp
│ │ │ │ ├── CFB1GFSbox192.rsp
│ │ │ │ ├── CFB1GFSbox256.rsp
│ │ │ │ ├── CFB1KeySbox128.rsp
│ │ │ │ ├── CFB1KeySbox192.rsp
│ │ │ │ ├── CFB1KeySbox256.rsp
│ │ │ │ ├── CFB1MMT128.rsp
│ │ │ │ ├── CFB1MMT192.rsp
│ │ │ │ ├── CFB1MMT256.rsp
│ │ │ │ ├── CFB1VarKey128.rsp
│ │ │ │ ├── CFB1VarKey192.rsp
│ │ │ │ ├── CFB1VarKey256.rsp
│ │ │ │ ├── CFB1VarTxt128.rsp
│ │ │ │ ├── CFB1VarTxt192.rsp
│ │ │ │ ├── CFB1VarTxt256.rsp
│ │ │ │ ├── CFB8GFSbox128.rsp
│ │ │ │ ├── CFB8GFSbox192.rsp
│ │ │ │ ├── CFB8GFSbox256.rsp
│ │ │ │ ├── CFB8KeySbox128.rsp
│ │ │ │ ├── CFB8KeySbox192.rsp
│ │ │ │ ├── CFB8KeySbox256.rsp
│ │ │ │ ├── CFB8MMT128.rsp
│ │ │ │ ├── CFB8MMT192.rsp
│ │ │ │ ├── CFB8MMT256.rsp
│ │ │ │ ├── CFB8VarKey128.rsp
│ │ │ │ ├── CFB8VarKey192.rsp
│ │ │ │ ├── CFB8VarKey256.rsp
│ │ │ │ ├── CFB8VarTxt128.rsp
│ │ │ │ ├── CFB8VarTxt192.rsp
│ │ │ │ └── CFB8VarTxt256.rsp
│ │ │ ├── CTR/
│ │ │ │ ├── aes-128-ctr.txt
│ │ │ │ ├── aes-192-ctr.txt
│ │ │ │ └── aes-256-ctr.txt
│ │ │ ├── ECB/
│ │ │ │ ├── ECBGFSbox128.rsp
│ │ │ │ ├── ECBGFSbox192.rsp
│ │ │ │ ├── ECBGFSbox256.rsp
│ │ │ │ ├── ECBKeySbox128.rsp
│ │ │ │ ├── ECBKeySbox192.rsp
│ │ │ │ ├── ECBKeySbox256.rsp
│ │ │ │ ├── ECBMMT128.rsp
│ │ │ │ ├── ECBMMT192.rsp
│ │ │ │ ├── ECBMMT256.rsp
│ │ │ │ ├── ECBVarKey128.rsp
│ │ │ │ ├── ECBVarKey192.rsp
│ │ │ │ ├── ECBVarKey256.rsp
│ │ │ │ ├── ECBVarTxt128.rsp
│ │ │ │ ├── ECBVarTxt192.rsp
│ │ │ │ └── ECBVarTxt256.rsp
│ │ │ ├── GCM/
│ │ │ │ ├── gcmDecrypt128.rsp
│ │ │ │ ├── gcmDecrypt192.rsp
│ │ │ │ ├── gcmDecrypt256.rsp
│ │ │ │ ├── gcmEncryptExtIV128.rsp
│ │ │ │ ├── gcmEncryptExtIV192.rsp
│ │ │ │ └── gcmEncryptExtIV256.rsp
│ │ │ ├── GCM-SIV/
│ │ │ │ ├── aes-192-gcm-siv.txt
│ │ │ │ └── openssl.txt
│ │ │ ├── OCB3/
│ │ │ │ ├── openssl.txt
│ │ │ │ ├── rfc7253.txt
│ │ │ │ ├── test-vector-1-nonce104.txt
│ │ │ │ ├── test-vector-1-nonce112.txt
│ │ │ │ └── test-vector-1-nonce120.txt
│ │ │ ├── OFB/
│ │ │ │ ├── OFBGFSbox128.rsp
│ │ │ │ ├── OFBGFSbox192.rsp
│ │ │ │ ├── OFBGFSbox256.rsp
│ │ │ │ ├── OFBKeySbox128.rsp
│ │ │ │ ├── OFBKeySbox192.rsp
│ │ │ │ ├── OFBKeySbox256.rsp
│ │ │ │ ├── OFBMMT128.rsp
│ │ │ │ ├── OFBMMT192.rsp
│ │ │ │ ├── OFBMMT256.rsp
│ │ │ │ ├── OFBVarKey128.rsp
│ │ │ │ ├── OFBVarKey192.rsp
│ │ │ │ ├── OFBVarKey256.rsp
│ │ │ │ ├── OFBVarTxt128.rsp
│ │ │ │ ├── OFBVarTxt192.rsp
│ │ │ │ └── OFBVarTxt256.rsp
│ │ │ ├── SIV/
│ │ │ │ └── openssl.txt
│ │ │ └── XTS/
│ │ │ ├── tweak-128hexstr/
│ │ │ │ ├── XTSGenAES128.rsp
│ │ │ │ └── XTSGenAES256.rsp
│ │ │ └── tweak-dataunitseqno/
│ │ │ ├── XTSGenAES128.rsp
│ │ │ └── XTSGenAES256.rsp
│ │ ├── ARC4/
│ │ │ ├── arc4.txt
│ │ │ ├── rfc-6229-128.txt
│ │ │ ├── rfc-6229-192.txt
│ │ │ ├── rfc-6229-256.txt
│ │ │ ├── rfc-6229-40.txt
│ │ │ ├── rfc-6229-56.txt
│ │ │ ├── rfc-6229-64.txt
│ │ │ └── rfc-6229-80.txt
│ │ ├── Blowfish/
│ │ │ ├── bf-cbc.txt
│ │ │ ├── bf-cfb.txt
│ │ │ ├── bf-ecb.txt
│ │ │ └── bf-ofb.txt
│ │ ├── CAST5/
│ │ │ ├── cast5-cbc.txt
│ │ │ ├── cast5-cfb.txt
│ │ │ ├── cast5-ctr.txt
│ │ │ ├── cast5-ecb.txt
│ │ │ └── cast5-ofb.txt
│ │ ├── Camellia/
│ │ │ ├── camellia-128-ecb.txt
│ │ │ ├── camellia-192-ecb.txt
│ │ │ ├── camellia-256-ecb.txt
│ │ │ ├── camellia-cbc.txt
│ │ │ ├── camellia-cfb.txt
│ │ │ └── camellia-ofb.txt
│ │ ├── ChaCha20/
│ │ │ ├── counter-overflow.txt
│ │ │ └── rfc7539.txt
│ │ ├── ChaCha20Poly1305/
│ │ │ ├── boringssl.txt
│ │ │ └── openssl.txt
│ │ ├── IDEA/
│ │ │ ├── idea-cbc.txt
│ │ │ ├── idea-cfb.txt
│ │ │ ├── idea-ecb.txt
│ │ │ └── idea-ofb.txt
│ │ ├── RC2/
│ │ │ └── rc2-cbc.txt
│ │ ├── SEED/
│ │ │ ├── rfc-4196.txt
│ │ │ ├── rfc-4269.txt
│ │ │ ├── seed-cfb.txt
│ │ │ └── seed-ofb.txt
│ │ └── SM4/
│ │ ├── draft-ribose-cfrg-sm4-10-cbc.txt
│ │ ├── draft-ribose-cfrg-sm4-10-cfb.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ctr.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ecb.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ofb.txt
│ │ └── rfc8998.txt
│ ├── fernet/
│ │ ├── generate.json
│ │ ├── invalid.json
│ │ └── verify.json
│ ├── hashes/
│ │ ├── MD5/
│ │ │ └── rfc-1321.txt
│ │ ├── SHA1/
│ │ │ ├── Readme.txt
│ │ │ ├── SHA1LongMsg.rsp
│ │ │ ├── SHA1Monte.rsp
│ │ │ ├── SHA1Monte.txt
│ │ │ └── SHA1ShortMsg.rsp
│ │ ├── SHA2/
│ │ │ ├── Readme.txt
│ │ │ ├── SHA224LongMsg.rsp
│ │ │ ├── SHA224Monte.rsp
│ │ │ ├── SHA224Monte.txt
│ │ │ ├── SHA224ShortMsg.rsp
│ │ │ ├── SHA256LongMsg.rsp
│ │ │ ├── SHA256Monte.rsp
│ │ │ ├── SHA256Monte.txt
│ │ │ ├── SHA256ShortMsg.rsp
│ │ │ ├── SHA384LongMsg.rsp
│ │ │ ├── SHA384Monte.rsp
│ │ │ ├── SHA384Monte.txt
│ │ │ ├── SHA384ShortMsg.rsp
│ │ │ ├── SHA512LongMsg.rsp
│ │ │ ├── SHA512Monte.rsp
│ │ │ ├── SHA512Monte.txt
│ │ │ ├── SHA512ShortMsg.rsp
│ │ │ ├── SHA512_224LongMsg.rsp
│ │ │ ├── SHA512_224Monte.rsp
│ │ │ ├── SHA512_224Monte.txt
│ │ │ ├── SHA512_224ShortMsg.rsp
│ │ │ ├── SHA512_256LongMsg.rsp
│ │ │ ├── SHA512_256Monte.rsp
│ │ │ ├── SHA512_256Monte.txt
│ │ │ └── SHA512_256ShortMsg.rsp
│ │ ├── SHA3/
│ │ │ ├── SHA3_224LongMsg.rsp
│ │ │ ├── SHA3_224Monte.rsp
│ │ │ ├── SHA3_224ShortMsg.rsp
│ │ │ ├── SHA3_256LongMsg.rsp
│ │ │ ├── SHA3_256Monte.rsp
│ │ │ ├── SHA3_256ShortMsg.rsp
│ │ │ ├── SHA3_384LongMsg.rsp
│ │ │ ├── SHA3_384Monte.rsp
│ │ │ ├── SHA3_384ShortMsg.rsp
│ │ │ ├── SHA3_512LongMsg.rsp
│ │ │ ├── SHA3_512Monte.rsp
│ │ │ └── SHA3_512ShortMsg.rsp
│ │ ├── SHAKE/
│ │ │ ├── SHAKE128LongMsg.rsp
│ │ │ ├── SHAKE128Monte.rsp
│ │ │ ├── SHAKE128ShortMsg.rsp
│ │ │ ├── SHAKE128VariableOut.rsp
│ │ │ ├── SHAKE256LongMsg.rsp
│ │ │ ├── SHAKE256Monte.rsp
│ │ │ ├── SHAKE256ShortMsg.rsp
│ │ │ └── SHAKE256VariableOut.rsp
│ │ ├── SM3/
│ │ │ └── oscca.txt
│ │ ├── blake2/
│ │ │ ├── blake2b.txt
│ │ │ └── blake2s.txt
│ │ └── ripemd160/
│ │ └── ripevectors.txt
│ ├── keywrap/
│ │ ├── kwp_botan.txt
│ │ └── kwtestvectors/
│ │ ├── KWP_AD_128.txt
│ │ ├── KWP_AD_128_inv.txt
│ │ ├── KWP_AD_192.txt
│ │ ├── KWP_AD_192_inv.txt
│ │ ├── KWP_AD_256.txt
│ │ ├── KWP_AD_256_inv.txt
│ │ ├── KWP_AE_128.txt
│ │ ├── KWP_AE_128_inv.txt
│ │ ├── KWP_AE_192.txt
│ │ ├── KWP_AE_192_inv.txt
│ │ ├── KWP_AE_256.txt
│ │ ├── KWP_AE_256_inv.txt
│ │ ├── KW_AD_128.txt
│ │ ├── KW_AD_128_inv.txt
│ │ ├── KW_AD_192.txt
│ │ ├── KW_AD_192_inv.txt
│ │ ├── KW_AD_256.txt
│ │ ├── KW_AD_256_inv.txt
│ │ ├── KW_AE_128.txt
│ │ ├── KW_AE_128_inv.txt
│ │ ├── KW_AE_192.txt
│ │ ├── KW_AE_192_inv.txt
│ │ ├── KW_AE_256.txt
│ │ ├── KW_AE_256_inv.txt
│ │ ├── Readme.txt
│ │ ├── TKW_AD.txt
│ │ ├── TKW_AD_inv.txt
│ │ ├── TKW_AE.txt
│ │ └── TKW_AE_inv.txt
│ ├── pkcs12/
│ │ ├── ca/
│ │ │ ├── ca.pem
│ │ │ └── ca_key.pem
│ │ ├── cert-aes256cbc-no-key.p12
│ │ ├── cert-key-aes256cbc.p12
│ │ ├── cert-none-key-none.p12
│ │ ├── cert-rc2-key-3des.p12
│ │ ├── java-truststore.p12
│ │ ├── name-1-no-pwd.p12
│ │ ├── name-1-pwd.p12
│ │ ├── name-2-3-no-pwd.p12
│ │ ├── name-2-3-pwd.p12
│ │ ├── name-2-no-pwd.p12
│ │ ├── name-2-pwd.p12
│ │ ├── name-3-no-pwd.p12
│ │ ├── name-3-pwd.p12
│ │ ├── name-all-no-pwd.p12
│ │ ├── name-all-pwd.p12
│ │ ├── name-unicode-no-pwd.p12
│ │ ├── name-unicode-pwd.p12
│ │ ├── no-cert-key-aes256cbc.p12
│ │ ├── no-cert-name-2-no-pwd.p12
│ │ ├── no-cert-name-2-pwd.p12
│ │ ├── no-cert-name-3-no-pwd.p12
│ │ ├── no-cert-name-3-pwd.p12
│ │ ├── no-cert-name-all-no-pwd.p12
│ │ ├── no-cert-name-all-pwd.p12
│ │ ├── no-cert-name-unicode-no-pwd.p12
│ │ ├── no-cert-name-unicode-pwd.p12
│ │ ├── no-cert-no-name-no-pwd.p12
│ │ ├── no-cert-no-name-pwd.p12
│ │ ├── no-name-no-pwd.p12
│ │ ├── no-name-pwd.p12
│ │ └── no-password.p12
│ ├── pkcs7/
│ │ ├── amazon-roots.der
│ │ ├── amazon-roots.p7b
│ │ ├── ascii-san.pem
│ │ ├── enveloped-no-content.der
│ │ ├── enveloped-rsa-oaep.pem
│ │ ├── enveloped-triple-des.pem
│ │ ├── enveloped.pem
│ │ ├── isrg.pem
│ │ └── non-ascii-san.pem
│ ├── poly1305/
│ │ └── rfc7539.txt
│ ├── py.typed
│ ├── twofactor/
│ │ ├── rfc-4226.txt
│ │ └── rfc-6238.txt
│ └── x509/
│ ├── PKITS_data/
│ │ ├── ReadMe.txt
│ │ ├── certpairs/
│ │ │ ├── BadCRLIssuerNameCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadCRLIssuerNameCACertreversecrossCertificatePair.cp
│ │ │ ├── BadCRLSignatureCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadCRLSignatureCACertreversecrossCertificatePair.cp
│ │ │ ├── BadSignedCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadSignedCACertreversecrossCertificatePair.cp
│ │ │ ├── BadnotAfterDateCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadnotAfterDateCACertreversecrossCertificatePair.cp
│ │ │ ├── BadnotBeforeDateCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadnotBeforeDateCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedNewKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedNewKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedOldKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedOldKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── DSACACertforwardcrossCertificatePair.cp
│ │ │ ├── DSACACertreversecrossCertificatePair.cp
│ │ │ ├── DSAParametersInheritedCACertforwardcrossCertificatePair.cp
│ │ │ ├── DSAParametersInheritedCACertreversecrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest7EEforwardcrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest7EEreversecrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest8EEforwardcrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest8EEreversecrossCertificatePair.cp
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodCACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodsubCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── InvalidonlyContainsUserCertsTest11EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidonlyContainsUserCertsTest11EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest10EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest10EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest12EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest12EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest6EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest6EEreversecrossCertificatePair.cp
│ │ │ ├── LongSerialNumberCACertforwardcrossCertificatePair.cp
│ │ │ ├── LongSerialNumberCACertreversecrossCertificatePair.cp
│ │ │ ├── Mapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── Mapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── MappingFromanyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── MappingFromanyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── MappingToanyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── MappingToanyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── MissingbasicConstraintsCACertforwardcrossCertificatePair.cp
│ │ │ ├── MissingbasicConstraintsCACertreversecrossCertificatePair.cp
│ │ │ ├── NameOrderingCACertforwardcrossCertificatePair.cp
│ │ │ ├── NameOrderingCACertreversecrossCertificatePair.cp
│ │ │ ├── NegativeSerialNumberCACertforwardcrossCertificatePair.cp
│ │ │ ├── NegativeSerialNumberCACertreversecrossCertificatePair.cp
│ │ │ ├── NoCRLCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoCRLCACertreversecrossCertificatePair.cp
│ │ │ ├── NoPoliciesCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoPoliciesCACertreversecrossCertificatePair.cp
│ │ │ ├── NoissuingDistributionPointCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoissuingDistributionPointCACertreversecrossCertificatePair.cp
│ │ │ ├── OldCRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── OldCRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── OverlappingPoliciesTest6EEforwardcrossCertificatePair.cp
│ │ │ ├── OverlappingPoliciesTest6EEreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3CACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3CACertreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subCACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subCACertreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234CACertforwardcrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234CACertreversecrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234subCACertforwardcrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234subCACertreversecrossCertificatePair.cp
│ │ │ ├── P1anyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── P1anyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── PanyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── PanyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subCAP123CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subCAP123CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subsubCAP123P12CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subsubCAP123P12CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subCAP12CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subCAP12CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12subCAP1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12subCAP1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12subsubCAP1P2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12subsubCAP1P2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP3CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP3CACertreversecrossCertificatePair.cp
│ │ │ ├── RFC3280MandatoryAttributeTypesCACertforwardcrossCertificatePair.cp
│ │ │ ├── RFC3280MandatoryAttributeTypesCACertreversecrossCertificatePair.cp
│ │ │ ├── RFC3280OptionalAttributeTypesCACertforwardcrossCertificatePair.cp
│ │ │ ├── RFC3280OptionalAttributeTypesCACertreversecrossCertificatePair.cp
│ │ │ ├── RevokedsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── RevokedsubCACertreversecrossCertificatePair.cp
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACertforwardcrossCertificatePair.cp
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACertreversecrossCertificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACertforwardcrossCerificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACertreversecrossCerificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACertforwardcrossCertificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACertreversecrossCertificatePair.cp
│ │ │ ├── TwoCRLsCACertforwardcrossCertificatePair.cp
│ │ │ ├── TwoCRLsCACertreversecrossCertificatePair.cp
│ │ │ ├── UIDCACertforwardcrossCertificatePair.cp
│ │ │ ├── UIDCACertreversecrossCertificatePair.cp
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACertforwardcrossCertificatePair.cp
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACertreversecrossCertificatePair.cp
│ │ │ ├── UTF8StringEncodedNamesCACertforwardcrossCertificatePair.cp
│ │ │ ├── UTF8StringEncodedNamesCACertreversecrossCertificatePair.cp
│ │ │ ├── UnknownCRLEntryExtensionCACertforwardcrossCertificatePair.cp
│ │ │ ├── UnknownCRLEntryExtensionCACertreversecrossCertificatePair.cp
│ │ │ ├── UnknownCRLExtensionCACertforwardcrossCertificatePair.cp
│ │ │ ├── UnknownCRLExtensionCACertreversecrossCertificatePair.cp
│ │ │ ├── ValidonlyContainsCACertsTest13EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidonlyContainsCACertsTest13EEreversecrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest14EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest14EEreversecrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest8EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest8EEreversecrossCertificatePair.cp
│ │ │ ├── WrongCRLCACertforwardcrossCertificatePair.cp
│ │ │ ├── WrongCRLCACertreversecrossCertificatePair.cp
│ │ │ ├── anyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── anyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsCriticalcAFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsCriticalcAFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA1CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA2CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA3CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLIndicatorNoBaseCACertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLIndicatorNoBaseCACertreversecrossCertificatePair.cp
│ │ │ ├── distributionPoint1CACertforwardcrossCertificatePair.cp
│ │ │ ├── distributionPoint1CACertreversecrossCertificatePair.cp
│ │ │ ├── distributionPoint2CACertforwardcrossCertificatePair.cp
│ │ │ ├── distributionPoint2CACertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA1CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA2CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA3CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA4CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA5CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA5CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA6CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA6CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy0CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy0CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subsubCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subsubCA2CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalcRLSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalcRLSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA3CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN2CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN4CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN4CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN5CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN5CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS2CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA3CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA3CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI2CACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsAttributeCertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsAttributeCertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsCACertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsCACertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsUserCertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsUserCertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA1CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA2CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA3CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA4CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1subCACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1subCACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA0CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA0CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA4CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA00CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA00CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA11CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA11CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA41CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA41CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA11XCertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA11XCertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA41XCertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA41XCertreversecrossCertificatePair.cp
│ │ │ ├── pre2000CRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── pre2000CRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subCARE2CertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subCARE2CertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubsubCARE2RE4CertforwardcrossCertificatePair.cp
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4CertreversecrossCertificatePair.cp
│ │ ├── certs/
│ │ │ ├── AllCertificatesNoPoliciesTest2EE.crt
│ │ │ ├── AllCertificatesSamePoliciesTest10EE.crt
│ │ │ ├── AllCertificatesSamePoliciesTest13EE.crt
│ │ │ ├── AllCertificatesanyPolicyTest11EE.crt
│ │ │ ├── AnyPolicyTest14EE.crt
│ │ │ ├── BadCRLIssuerNameCACert.crt
│ │ │ ├── BadCRLSignatureCACert.crt
│ │ │ ├── BadSignedCACert.crt
│ │ │ ├── BadnotAfterDateCACert.crt
│ │ │ ├── BadnotBeforeDateCACert.crt
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACert.crt
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCert.crt
│ │ │ ├── BasicSelfIssuedNewKeyCACert.crt
│ │ │ ├── BasicSelfIssuedNewKeyOldWithNewCACert.crt
│ │ │ ├── BasicSelfIssuedOldKeyCACert.crt
│ │ │ ├── BasicSelfIssuedOldKeyNewWithOldCACert.crt
│ │ │ ├── CPSPointerQualifierTest20EE.crt
│ │ │ ├── DSACACert.crt
│ │ │ ├── DSAParametersInheritedCACert.crt
│ │ │ ├── DifferentPoliciesTest12EE.crt
│ │ │ ├── DifferentPoliciesTest3EE.crt
│ │ │ ├── DifferentPoliciesTest4EE.crt
│ │ │ ├── DifferentPoliciesTest5EE.crt
│ │ │ ├── DifferentPoliciesTest7EE.crt
│ │ │ ├── DifferentPoliciesTest8EE.crt
│ │ │ ├── DifferentPoliciesTest9EE.crt
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACert.crt
│ │ │ ├── GoodCACert.crt
│ │ │ ├── GoodsubCACert.crt
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACert.crt
│ │ │ ├── InvalidBadCRLIssuerNameTest5EE.crt
│ │ │ ├── InvalidBadCRLSignatureTest4EE.crt
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
│ │ │ ├── InvalidBasicSelfIssuedNewWithOldTest5EE.crt
│ │ │ ├── InvalidBasicSelfIssuedOldWithNewTest2EE.crt
│ │ │ ├── InvalidCASignatureTest2EE.crt
│ │ │ ├── InvalidCAnotAfterDateTest5EE.crt
│ │ │ ├── InvalidCAnotBeforeDateTest1EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest31EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest33EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest38EE.crt
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest28EE.crt
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest29EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest10EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest12EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest13EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest15EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest16EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest17EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest20EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest2EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest3EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest7EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest8EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest9EE.crt
│ │ │ ├── InvalidDSASignatureTest6EE.crt
│ │ │ ├── InvalidEESignatureTest3EE.crt
│ │ │ ├── InvalidEEnotAfterDateTest6EE.crt
│ │ │ ├── InvalidEEnotBeforeDateTest2EE.crt
│ │ │ ├── InvalidIDPwithindirectCRLTest23EE.crt
│ │ │ ├── InvalidIDPwithindirectCRLTest26EE.crt
│ │ │ ├── InvalidLongSerialNumberTest18EE.crt
│ │ │ ├── InvalidMappingFromanyPolicyTest7EE.crt
│ │ │ ├── InvalidMappingToanyPolicyTest8EE.crt
│ │ │ ├── InvalidMissingCRLTest1EE.crt
│ │ │ ├── InvalidMissingbasicConstraintsTest1EE.crt
│ │ │ ├── InvalidNameChainingOrderTest2EE.crt
│ │ │ ├── InvalidNameChainingTest1EE.crt
│ │ │ ├── InvalidNegativeSerialNumberTest15EE.crt
│ │ │ ├── InvalidOldCRLnextUpdateTest11EE.crt
│ │ │ ├── InvalidPolicyMappingTest10EE.crt
│ │ │ ├── InvalidPolicyMappingTest2EE.crt
│ │ │ ├── InvalidPolicyMappingTest4EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest22EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest24EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest26EE.crt
│ │ │ ├── InvalidRevokedCATest2EE.crt
│ │ │ ├── InvalidRevokedEETest3EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
│ │ │ ├── InvalidSelfIssuedpathLenConstraintTest16EE.crt
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest20EE.crt
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest21EE.crt
│ │ │ ├── InvalidURInameConstraintsTest35EE.crt
│ │ │ ├── InvalidURInameConstraintsTest37EE.crt
│ │ │ ├── InvalidUnknownCRLEntryExtensionTest8EE.crt
│ │ │ ├── InvalidUnknownCRLExtensionTest10EE.crt
│ │ │ ├── InvalidUnknownCRLExtensionTest9EE.crt
│ │ │ ├── InvalidUnknownCriticalCertificateExtensionTest2EE.crt
│ │ │ ├── InvalidWrongCRLTest6EE.crt
│ │ │ ├── InvalidcAFalseTest2EE.crt
│ │ │ ├── InvalidcAFalseTest3EE.crt
│ │ │ ├── InvalidcRLIssuerTest27EE.crt
│ │ │ ├── InvalidcRLIssuerTest31EE.crt
│ │ │ ├── InvalidcRLIssuerTest32EE.crt
│ │ │ ├── InvalidcRLIssuerTest34EE.crt
│ │ │ ├── InvalidcRLIssuerTest35EE.crt
│ │ │ ├── InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
│ │ │ ├── InvaliddeltaCRLTest10EE.crt
│ │ │ ├── InvaliddeltaCRLTest3EE.crt
│ │ │ ├── InvaliddeltaCRLTest4EE.crt
│ │ │ ├── InvaliddeltaCRLTest6EE.crt
│ │ │ ├── InvaliddeltaCRLTest9EE.crt
│ │ │ ├── InvaliddistributionPointTest2EE.crt
│ │ │ ├── InvaliddistributionPointTest3EE.crt
│ │ │ ├── InvaliddistributionPointTest6EE.crt
│ │ │ ├── InvaliddistributionPointTest8EE.crt
│ │ │ ├── InvaliddistributionPointTest9EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest1EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest4EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest5EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest6EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest1EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest3EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest5EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest6EE.crt
│ │ │ ├── InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
│ │ │ ├── InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
│ │ │ ├── InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
│ │ │ ├── InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
│ │ │ ├── InvalidonlyContainsAttributeCertsTest14EE.crt
│ │ │ ├── InvalidonlyContainsCACertsTest12EE.crt
│ │ │ ├── InvalidonlyContainsUserCertsTest11EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest15EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest16EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest17EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest20EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest21EE.crt
│ │ │ ├── InvalidpathLenConstraintTest10EE.crt
│ │ │ ├── InvalidpathLenConstraintTest11EE.crt
│ │ │ ├── InvalidpathLenConstraintTest12EE.crt
│ │ │ ├── InvalidpathLenConstraintTest5EE.crt
│ │ │ ├── InvalidpathLenConstraintTest6EE.crt
│ │ │ ├── InvalidpathLenConstraintTest9EE.crt
│ │ │ ├── Invalidpre2000CRLnextUpdateTest12EE.crt
│ │ │ ├── Invalidpre2000UTCEEnotAfterDateTest7EE.crt
│ │ │ ├── InvalidrequireExplicitPolicyTest3EE.crt
│ │ │ ├── InvalidrequireExplicitPolicyTest5EE.crt
│ │ │ ├── LongSerialNumberCACert.crt
│ │ │ ├── Mapping1to2CACert.crt
│ │ │ ├── MappingFromanyPolicyCACert.crt
│ │ │ ├── MappingToanyPolicyCACert.crt
│ │ │ ├── MissingbasicConstraintsCACert.crt
│ │ │ ├── NameOrderingCACert.crt
│ │ │ ├── NegativeSerialNumberCACert.crt
│ │ │ ├── NoCRLCACert.crt
│ │ │ ├── NoPoliciesCACert.crt
│ │ │ ├── NoissuingDistributionPointCACert.crt
│ │ │ ├── OldCRLnextUpdateCACert.crt
│ │ │ ├── OverlappingPoliciesTest6EE.crt
│ │ │ ├── P12Mapping1to3CACert.crt
│ │ │ ├── P12Mapping1to3subCACert.crt
│ │ │ ├── P12Mapping1to3subsubCACert.crt
│ │ │ ├── P1Mapping1to234CACert.crt
│ │ │ ├── P1Mapping1to234subCACert.crt
│ │ │ ├── P1anyPolicyMapping1to2CACert.crt
│ │ │ ├── PanyPolicyMapping1to2CACert.crt
│ │ │ ├── PoliciesP1234CACert.crt
│ │ │ ├── PoliciesP1234subCAP123Cert.crt
│ │ │ ├── PoliciesP1234subsubCAP123P12Cert.crt
│ │ │ ├── PoliciesP123CACert.crt
│ │ │ ├── PoliciesP123subCAP12Cert.crt
│ │ │ ├── PoliciesP123subsubCAP12P1Cert.crt
│ │ │ ├── PoliciesP123subsubCAP12P2Cert.crt
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1Cert.crt
│ │ │ ├── PoliciesP12CACert.crt
│ │ │ ├── PoliciesP12subCAP1Cert.crt
│ │ │ ├── PoliciesP12subsubCAP1P2Cert.crt
│ │ │ ├── PoliciesP2subCA2Cert.crt
│ │ │ ├── PoliciesP2subCACert.crt
│ │ │ ├── PoliciesP3CACert.crt
│ │ │ ├── RFC3280MandatoryAttributeTypesCACert.crt
│ │ │ ├── RFC3280OptionalAttributeTypesCACert.crt
│ │ │ ├── RevokedsubCACert.crt
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCRLSigningCert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACert.crt
│ │ │ ├── TrustAnchorRootCertificate.crt
│ │ │ ├── TwoCRLsCACert.crt
│ │ │ ├── UIDCACert.crt
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACert.crt
│ │ │ ├── UTF8StringEncodedNamesCACert.crt
│ │ │ ├── UnknownCRLEntryExtensionCACert.crt
│ │ │ ├── UnknownCRLExtensionCACert.crt
│ │ │ ├── UserNoticeQualifierTest15EE.crt
│ │ │ ├── UserNoticeQualifierTest16EE.crt
│ │ │ ├── UserNoticeQualifierTest17EE.crt
│ │ │ ├── UserNoticeQualifierTest18EE.crt
│ │ │ ├── UserNoticeQualifierTest19EE.crt
│ │ │ ├── ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest3EE.crt
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest4EE.crt
│ │ │ ├── ValidBasicSelfIssuedOldWithNewTest1EE.crt
│ │ │ ├── ValidCertificatePathTest1EE.crt
│ │ │ ├── ValidDNSnameConstraintsTest30EE.crt
│ │ │ ├── ValidDNSnameConstraintsTest32EE.crt
│ │ │ ├── ValidDNandRFC822nameConstraintsTest27EE.crt
│ │ │ ├── ValidDNnameConstraintsTest11EE.crt
│ │ │ ├── ValidDNnameConstraintsTest14EE.crt
│ │ │ ├── ValidDNnameConstraintsTest18EE.crt
│ │ │ ├── ValidDNnameConstraintsTest19EE.crt
│ │ │ ├── ValidDNnameConstraintsTest1EE.crt
│ │ │ ├── ValidDNnameConstraintsTest4EE.crt
│ │ │ ├── ValidDNnameConstraintsTest5EE.crt
│ │ │ ├── ValidDNnameConstraintsTest6EE.crt
│ │ │ ├── ValidDSAParameterInheritanceTest5EE.crt
│ │ │ ├── ValidDSASignaturesTest4EE.crt
│ │ │ ├── ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
│ │ │ ├── ValidGeneralizedTimenotAfterDateTest8EE.crt
│ │ │ ├── ValidGeneralizedTimenotBeforeDateTest4EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest22EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest24EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest25EE.crt
│ │ │ ├── ValidLongSerialNumberTest16EE.crt
│ │ │ ├── ValidLongSerialNumberTest17EE.crt
│ │ │ ├── ValidNameChainingCapitalizationTest5EE.crt
│ │ │ ├── ValidNameChainingWhitespaceTest3EE.crt
│ │ │ ├── ValidNameChainingWhitespaceTest4EE.crt
│ │ │ ├── ValidNameUIDsTest6EE.crt
│ │ │ ├── ValidNegativeSerialNumberTest14EE.crt
│ │ │ ├── ValidNoissuingDistributionPointTest10EE.crt
│ │ │ ├── ValidPolicyMappingTest11EE.crt
│ │ │ ├── ValidPolicyMappingTest12EE.crt
│ │ │ ├── ValidPolicyMappingTest13EE.crt
│ │ │ ├── ValidPolicyMappingTest14EE.crt
│ │ │ ├── ValidPolicyMappingTest1EE.crt
│ │ │ ├── ValidPolicyMappingTest3EE.crt
│ │ │ ├── ValidPolicyMappingTest5EE.crt
│ │ │ ├── ValidPolicyMappingTest6EE.crt
│ │ │ ├── ValidPolicyMappingTest9EE.crt
│ │ │ ├── ValidRFC3280MandatoryAttributeTypesTest7EE.crt
│ │ │ ├── ValidRFC3280OptionalAttributeTypesTest8EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest21EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest23EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest25EE.crt
│ │ │ ├── ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
│ │ │ ├── ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest15EE.crt
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest17EE.crt
│ │ │ ├── ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
│ │ │ ├── ValidSeparateCertificateandCRLKeysTest19EE.crt
│ │ │ ├── ValidTwoCRLsTest7EE.crt
│ │ │ ├── ValidURInameConstraintsTest34EE.crt
│ │ │ ├── ValidURInameConstraintsTest36EE.crt
│ │ │ ├── ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
│ │ │ ├── ValidUTF8StringEncodedNamesTest9EE.crt
│ │ │ ├── ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
│ │ │ ├── ValidbasicConstraintsNotCriticalTest4EE.crt
│ │ │ ├── ValidcRLIssuerTest28EE.crt
│ │ │ ├── ValidcRLIssuerTest29EE.crt
│ │ │ ├── ValidcRLIssuerTest30EE.crt
│ │ │ ├── ValidcRLIssuerTest33EE.crt
│ │ │ ├── ValiddeltaCRLTest2EE.crt
│ │ │ ├── ValiddeltaCRLTest5EE.crt
│ │ │ ├── ValiddeltaCRLTest7EE.crt
│ │ │ ├── ValiddeltaCRLTest8EE.crt
│ │ │ ├── ValiddistributionPointTest1EE.crt
│ │ │ ├── ValiddistributionPointTest4EE.crt
│ │ │ ├── ValiddistributionPointTest5EE.crt
│ │ │ ├── ValiddistributionPointTest7EE.crt
│ │ │ ├── ValidinhibitAnyPolicyTest2EE.crt
│ │ │ ├── ValidinhibitPolicyMappingTest2EE.crt
│ │ │ ├── ValidinhibitPolicyMappingTest4EE.crt
│ │ │ ├── ValidkeyUsageNotCriticalTest3EE.crt
│ │ │ ├── ValidonlyContainsCACertsTest13EE.crt
│ │ │ ├── ValidonlySomeReasonsTest18EE.crt
│ │ │ ├── ValidonlySomeReasonsTest19EE.crt
│ │ │ ├── ValidpathLenConstraintTest13EE.crt
│ │ │ ├── ValidpathLenConstraintTest14EE.crt
│ │ │ ├── ValidpathLenConstraintTest7EE.crt
│ │ │ ├── ValidpathLenConstraintTest8EE.crt
│ │ │ ├── Validpre2000UTCnotBeforeDateTest3EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest1EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest2EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest4EE.crt
│ │ │ ├── WrongCRLCACert.crt
│ │ │ ├── anyPolicyCACert.crt
│ │ │ ├── basicConstraintsCriticalcAFalseCACert.crt
│ │ │ ├── basicConstraintsNotCriticalCACert.crt
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACert.crt
│ │ │ ├── deltaCRLCA1Cert.crt
│ │ │ ├── deltaCRLCA2Cert.crt
│ │ │ ├── deltaCRLCA3Cert.crt
│ │ │ ├── deltaCRLIndicatorNoBaseCACert.crt
│ │ │ ├── distributionPoint1CACert.crt
│ │ │ ├── distributionPoint2CACert.crt
│ │ │ ├── indirectCRLCA1Cert.crt
│ │ │ ├── indirectCRLCA2Cert.crt
│ │ │ ├── indirectCRLCA3Cert.crt
│ │ │ ├── indirectCRLCA3cRLIssuerCert.crt
│ │ │ ├── indirectCRLCA4Cert.crt
│ │ │ ├── indirectCRLCA4cRLIssuerCert.crt
│ │ │ ├── indirectCRLCA5Cert.crt
│ │ │ ├── indirectCRLCA6Cert.crt
│ │ │ ├── inhibitAnyPolicy0CACert.crt
│ │ │ ├── inhibitAnyPolicy1CACert.crt
│ │ │ ├── inhibitAnyPolicy1SelfIssuedCACert.crt
│ │ │ ├── inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCA1Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCAIAP5Cert.crt
│ │ │ ├── inhibitAnyPolicy1subsubCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy5CACert.crt
│ │ │ ├── inhibitAnyPolicy5subCACert.crt
│ │ │ ├── inhibitAnyPolicy5subsubCACert.crt
│ │ │ ├── inhibitAnyPolicyTest3EE.crt
│ │ │ ├── inhibitPolicyMapping0CACert.crt
│ │ │ ├── inhibitPolicyMapping0subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12CACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5Cert.crt
│ │ │ ├── inhibitPolicyMapping1P12subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
│ │ │ ├── inhibitPolicyMapping1P1CACert.crt
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping5CACert.crt
│ │ │ ├── inhibitPolicyMapping5subCACert.crt
│ │ │ ├── inhibitPolicyMapping5subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping5subsubsubCACert.crt
│ │ │ ├── keyUsageCriticalcRLSignFalseCACert.crt
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACert.crt
│ │ │ ├── keyUsageNotCriticalCACert.crt
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACert.crt
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACert.crt
│ │ │ ├── nameConstraintsDN1CACert.crt
│ │ │ ├── nameConstraintsDN1SelfIssuedCACert.crt
│ │ │ ├── nameConstraintsDN1subCA1Cert.crt
│ │ │ ├── nameConstraintsDN1subCA2Cert.crt
│ │ │ ├── nameConstraintsDN1subCA3Cert.crt
│ │ │ ├── nameConstraintsDN2CACert.crt
│ │ │ ├── nameConstraintsDN3CACert.crt
│ │ │ ├── nameConstraintsDN3subCA1Cert.crt
│ │ │ ├── nameConstraintsDN3subCA2Cert.crt
│ │ │ ├── nameConstraintsDN4CACert.crt
│ │ │ ├── nameConstraintsDN5CACert.crt
│ │ │ ├── nameConstraintsDNS1CACert.crt
│ │ │ ├── nameConstraintsDNS2CACert.crt
│ │ │ ├── nameConstraintsRFC822CA1Cert.crt
│ │ │ ├── nameConstraintsRFC822CA2Cert.crt
│ │ │ ├── nameConstraintsRFC822CA3Cert.crt
│ │ │ ├── nameConstraintsURI1CACert.crt
│ │ │ ├── nameConstraintsURI2CACert.crt
│ │ │ ├── onlyContainsAttributeCertsCACert.crt
│ │ │ ├── onlyContainsCACertsCACert.crt
│ │ │ ├── onlyContainsUserCertsCACert.crt
│ │ │ ├── onlySomeReasonsCA1Cert.crt
│ │ │ ├── onlySomeReasonsCA2Cert.crt
│ │ │ ├── onlySomeReasonsCA3Cert.crt
│ │ │ ├── onlySomeReasonsCA4Cert.crt
│ │ │ ├── pathLenConstraint0CACert.crt
│ │ │ ├── pathLenConstraint0SelfIssuedCACert.crt
│ │ │ ├── pathLenConstraint0subCA2Cert.crt
│ │ │ ├── pathLenConstraint0subCACert.crt
│ │ │ ├── pathLenConstraint1CACert.crt
│ │ │ ├── pathLenConstraint1SelfIssuedCACert.crt
│ │ │ ├── pathLenConstraint1SelfIssuedsubCACert.crt
│ │ │ ├── pathLenConstraint1subCACert.crt
│ │ │ ├── pathLenConstraint6CACert.crt
│ │ │ ├── pathLenConstraint6subCA0Cert.crt
│ │ │ ├── pathLenConstraint6subCA1Cert.crt
│ │ │ ├── pathLenConstraint6subCA4Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA00Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA11Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA41Cert.crt
│ │ │ ├── pathLenConstraint6subsubsubCA11XCert.crt
│ │ │ ├── pathLenConstraint6subsubsubCA41XCert.crt
│ │ │ ├── pre2000CRLnextUpdateCACert.crt
│ │ │ ├── requireExplicitPolicy0CACert.crt
│ │ │ ├── requireExplicitPolicy0subCACert.crt
│ │ │ ├── requireExplicitPolicy0subsubCACert.crt
│ │ │ ├── requireExplicitPolicy0subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy10CACert.crt
│ │ │ ├── requireExplicitPolicy10subCACert.crt
│ │ │ ├── requireExplicitPolicy10subsubCACert.crt
│ │ │ ├── requireExplicitPolicy10subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy2CACert.crt
│ │ │ ├── requireExplicitPolicy2SelfIssuedCACert.crt
│ │ │ ├── requireExplicitPolicy2SelfIssuedsubCACert.crt
│ │ │ ├── requireExplicitPolicy2subCACert.crt
│ │ │ ├── requireExplicitPolicy4CACert.crt
│ │ │ ├── requireExplicitPolicy4subCACert.crt
│ │ │ ├── requireExplicitPolicy4subsubCACert.crt
│ │ │ ├── requireExplicitPolicy4subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy5CACert.crt
│ │ │ ├── requireExplicitPolicy5subCACert.crt
│ │ │ ├── requireExplicitPolicy5subsubCACert.crt
│ │ │ ├── requireExplicitPolicy5subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy7CACert.crt
│ │ │ ├── requireExplicitPolicy7subCARE2Cert.crt
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4Cert.crt
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
│ │ ├── crls/
│ │ │ ├── BadCRLIssuerNameCACRL.crl
│ │ │ ├── BadCRLSignatureCACRL.crl
│ │ │ ├── BadSignedCACRL.crl
│ │ │ ├── BadnotAfterDateCACRL.crl
│ │ │ ├── BadnotBeforeDateCACRL.crl
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl
│ │ │ ├── BasicSelfIssuedNewKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedOldKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedOldKeySelfIssuedCertCRL.crl
│ │ │ ├── DSACACRL.crl
│ │ │ ├── DSAParametersInheritedCACRL.crl
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACRL.crl
│ │ │ ├── GoodCACRL.crl
│ │ │ ├── GoodsubCACRL.crl
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACRL.crl
│ │ │ ├── LongSerialNumberCACRL.crl
│ │ │ ├── Mapping1to2CACRL.crl
│ │ │ ├── MappingFromanyPolicyCACRL.crl
│ │ │ ├── MappingToanyPolicyCACRL.crl
│ │ │ ├── MissingbasicConstraintsCACRL.crl
│ │ │ ├── NameOrderCACRL.crl
│ │ │ ├── NegativeSerialNumberCACRL.crl
│ │ │ ├── NoPoliciesCACRL.crl
│ │ │ ├── NoissuingDistributionPointCACRL.crl
│ │ │ ├── OldCRLnextUpdateCACRL.crl
│ │ │ ├── P12Mapping1to3CACRL.crl
│ │ │ ├── P12Mapping1to3subCACRL.crl
│ │ │ ├── P12Mapping1to3subsubCACRL.crl
│ │ │ ├── P1Mapping1to234CACRL.crl
│ │ │ ├── P1Mapping1to234subCACRL.crl
│ │ │ ├── P1anyPolicyMapping1to2CACRL.crl
│ │ │ ├── PanyPolicyMapping1to2CACRL.crl
│ │ │ ├── PoliciesP1234CACRL.crl
│ │ │ ├── PoliciesP1234subCAP123CRL.crl
│ │ │ ├── PoliciesP1234subsubCAP123P12CRL.crl
│ │ │ ├── PoliciesP123CACRL.crl
│ │ │ ├── PoliciesP123subCAP12CRL.crl
│ │ │ ├── PoliciesP123subsubCAP12P1CRL.crl
│ │ │ ├── PoliciesP123subsubCAP2P2CRL.crl
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CRL.crl
│ │ │ ├── PoliciesP12CACRL.crl
│ │ │ ├── PoliciesP12subCAP1CRL.crl
│ │ │ ├── PoliciesP12subsubCAP1P2CRL.crl
│ │ │ ├── PoliciesP2subCA2CRL.crl
│ │ │ ├── PoliciesP2subCACRL.crl
│ │ │ ├── PoliciesP3CACRL.crl
│ │ │ ├── RFC3280MandatoryAttributeTypesCACRL.crl
│ │ │ ├── RFC3280OptionalAttributeTypesCACRL.crl
│ │ │ ├── RevokedsubCACRL.crl
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACRL.crl
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRL.crl
│ │ │ ├── SeparateCertificateandCRLKeysCRL.crl
│ │ │ ├── TrustAnchorRootCRL.crl
│ │ │ ├── TwoCRLsCABadCRL.crl
│ │ │ ├── TwoCRLsCAGoodCRL.crl
│ │ │ ├── UIDCACRL.crl
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACRL.crl
│ │ │ ├── UTF8StringEncodedNamesCACRL.crl
│ │ │ ├── UnknownCRLEntryExtensionCACRL.crl
│ │ │ ├── UnknownCRLExtensionCACRL.crl
│ │ │ ├── WrongCRLCACRL.crl
│ │ │ ├── anyPolicyCACRL.crl
│ │ │ ├── basicConstraintsCriticalcAFalseCACRL.crl
│ │ │ ├── basicConstraintsNotCriticalCACRL.crl
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACRL.crl
│ │ │ ├── deltaCRLCA1CRL.crl
│ │ │ ├── deltaCRLCA1deltaCRL.crl
│ │ │ ├── deltaCRLCA2CRL.crl
│ │ │ ├── deltaCRLCA2deltaCRL.crl
│ │ │ ├── deltaCRLCA3CRL.crl
│ │ │ ├── deltaCRLCA3deltaCRL.crl
│ │ │ ├── deltaCRLIndicatorNoBaseCACRL.crl
│ │ │ ├── distributionPoint1CACRL.crl
│ │ │ ├── distributionPoint2CACRL.crl
│ │ │ ├── indirectCRLCA1CRL.crl
│ │ │ ├── indirectCRLCA3CRL.crl
│ │ │ ├── indirectCRLCA3cRLIssuerCRL.crl
│ │ │ ├── indirectCRLCA4cRLIssuerCRL.crl
│ │ │ ├── indirectCRLCA5CRL.crl
│ │ │ ├── inhibitAnyPolicy0CACRL.crl
│ │ │ ├── inhibitAnyPolicy1CACRL.crl
│ │ │ ├── inhibitAnyPolicy1subCA1CRL.crl
│ │ │ ├── inhibitAnyPolicy1subCA2CRL.crl
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CRL.crl
│ │ │ ├── inhibitAnyPolicy1subsubCA2CRL.crl
│ │ │ ├── inhibitAnyPolicy5CACRL.crl
│ │ │ ├── inhibitAnyPolicy5subCACRL.crl
│ │ │ ├── inhibitAnyPolicy5subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping0CACRL.crl
│ │ │ ├── inhibitPolicyMapping0subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12CACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
│ │ │ ├── inhibitPolicyMapping1P1CACRL.crl
│ │ │ ├── inhibitPolicyMapping1P1subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P1subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping5CACRL.crl
│ │ │ ├── inhibitPolicyMapping5subCACRL.crl
│ │ │ ├── inhibitPolicyMapping5subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping5subsubsubCACRL.crl
│ │ │ ├── keyUsageCriticalcRLSignFalseCACRL.crl
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACRL.crl
│ │ │ ├── keyUsageNotCriticalCACRL.crl
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACRL.crl
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACRL.crl
│ │ │ ├── nameConstraintsDN1CACRL.crl
│ │ │ ├── nameConstraintsDN1subCA1CRL.crl
│ │ │ ├── nameConstraintsDN1subCA2CRL.crl
│ │ │ ├── nameConstraintsDN1subCA3CRL.crl
│ │ │ ├── nameConstraintsDN2CACRL.crl
│ │ │ ├── nameConstraintsDN3CACRL.crl
│ │ │ ├── nameConstraintsDN3subCA1CRL.crl
│ │ │ ├── nameConstraintsDN3subCA2CRL.crl
│ │ │ ├── nameConstraintsDN4CACRL.crl
│ │ │ ├── nameConstraintsDN5CACRL.crl
│ │ │ ├── nameConstraintsDNS1CACRL.crl
│ │ │ ├── nameConstraintsDNS2CACRL.crl
│ │ │ ├── nameConstraintsRFC822CA1CRL.crl
│ │ │ ├── nameConstraintsRFC822CA2CRL.crl
│ │ │ ├── nameConstraintsRFC822CA3CRL.crl
│ │ │ ├── nameConstraintsURI1CACRL.crl
│ │ │ ├── nameConstraintsURI2CACRL.crl
│ │ │ ├── onlyContainsAttributeCertsCACRL.crl
│ │ │ ├── onlyContainsCACertsCACRL.crl
│ │ │ ├── onlyContainsUserCertsCACRL.crl
│ │ │ ├── onlySomeReasonsCA1compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA1otherreasonsCRL.crl
│ │ │ ├── onlySomeReasonsCA2CRL1.crl
│ │ │ ├── onlySomeReasonsCA2CRL2.crl
│ │ │ ├── onlySomeReasonsCA3compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA3otherreasonsCRL.crl
│ │ │ ├── onlySomeReasonsCA4compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA4otherreasonsCRL.crl
│ │ │ ├── pathLenConstraint0CACRL.crl
│ │ │ ├── pathLenConstraint0subCA2CRL.crl
│ │ │ ├── pathLenConstraint0subCACRL.crl
│ │ │ ├── pathLenConstraint1CACRL.crl
│ │ │ ├── pathLenConstraint1subCACRL.crl
│ │ │ ├── pathLenConstraint6CACRL.crl
│ │ │ ├── pathLenConstraint6subCA0CRL.crl
│ │ │ ├── pathLenConstraint6subCA1CRL.crl
│ │ │ ├── pathLenConstraint6subCA4CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA00CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA11CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA41CRL.crl
│ │ │ ├── pathLenConstraint6subsubsubCA11XCRL.crl
│ │ │ ├── pathLenConstraint6subsubsubCA41XCRL.crl
│ │ │ ├── pre2000CRLnextUpdateCACRL.crl
│ │ │ ├── requireExplicitPolicy0CACRL.crl
│ │ │ ├── requireExplicitPolicy0subCACRL.crl
│ │ │ ├── requireExplicitPolicy0subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy0subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy10CACRL.crl
│ │ │ ├── requireExplicitPolicy10subCACRL.crl
│ │ │ ├── requireExplicitPolicy10subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy10subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy2CACRL.crl
│ │ │ ├── requireExplicitPolicy2subCACRL.crl
│ │ │ ├── requireExplicitPolicy4CACRL.crl
│ │ │ ├── requireExplicitPolicy4subCACRL.crl
│ │ │ ├── requireExplicitPolicy4subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy4subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy5CACRL.crl
│ │ │ ├── requireExplicitPolicy5subCACRL.crl
│ │ │ ├── requireExplicitPolicy5subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy5subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy7CACRL.crl
│ │ │ ├── requireExplicitPolicy7subCARE2CRL.crl
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CRL.crl
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
│ │ ├── pkcs12/
│ │ │ ├── AllCertificatesNoPoliciesTest2EE.p12
│ │ │ ├── AllCertificatesSamePoliciesTest10EE.p12
│ │ │ ├── AllCertificatesSamePoliciesTest13EE.p12
│ │ │ ├── AllCertificatesanyPolicyTest11EE.p12
│ │ │ ├── AnyPolicyTest14EE.p12
│ │ │ ├── BadCRLIssuerNameCACert.p12
│ │ │ ├── BadCRLSignatureCACert.p12
│ │ │ ├── BadSignedCACert.p12
│ │ │ ├── BadnotAfterDateCACert.p12
│ │ │ ├── BadnotBeforeDateCACert.p12
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACert.p12
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCert.p12
│ │ │ ├── BasicSelfIssuedNewKeyCACert.p12
│ │ │ ├── BasicSelfIssuedNewKeyOldWithNewCACert.p12
│ │ │ ├── BasicSelfIssuedOldKeyCACert.p12
│ │ │ ├── BasicSelfIssuedOldKeyNewWithOldCACert.p12
│ │ │ ├── CPSPointerQualifierTest20EE.p12
│ │ │ ├── DSACACert.p12
│ │ │ ├── DSAParametersInheritedCACert.p12
│ │ │ ├── DifferentPoliciesTest12EE.p12
│ │ │ ├── DifferentPoliciesTest3EE.p12
│ │ │ ├── DifferentPoliciesTest4EE.p12
│ │ │ ├── DifferentPoliciesTest5EE.p12
│ │ │ ├── DifferentPoliciesTest7EE.p12
│ │ │ ├── DifferentPoliciesTest8EE.p12
│ │ │ ├── DifferentPoliciesTest9EE.p12
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACert.p12
│ │ │ ├── GoodCACert.p12
│ │ │ ├── GoodsubCACert.p12
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACert.p12
│ │ │ ├── InvalidBadCRLIssuerNameTest5EE.p12
│ │ │ ├── InvalidBadCRLSignatureTest4EE.p12
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest7EE.p12
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest8EE.p12
│ │ │ ├── InvalidBasicSelfIssuedNewWithOldTest5EE.p12
│ │ │ ├── InvalidBasicSelfIssuedOldWithNewTest2EE.p12
│ │ │ ├── InvalidCASignatureTest2EE.p12
│ │ │ ├── InvalidCAnotAfterDateTest5EE.p12
│ │ │ ├── InvalidCAnotBeforeDateTest1EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest31EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest33EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest38EE.p12
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest28EE.p12
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest29EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest10EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest12EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest13EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest15EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest16EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest17EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest20EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest2EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest3EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest7EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest8EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest9EE.p12
│ │ │ ├── InvalidDSASignatureTest6EE.p12
│ │ │ ├── InvalidEESignatureTest3EE.p12
│ │ │ ├── InvalidEEnotAfterDateTest6EE.p12
│ │ │ ├── InvalidEEnotBeforeDateTest2EE.p12
│ │ │ ├── InvalidIDPwithindirectCRLTest23EE.p12
│ │ │ ├── InvalidIDPwithindirectCRLTest26EE.p12
│ │ │ ├── InvalidLongSerialNumberTest18EE.p12
│ │ │ ├── InvalidMappingFromanyPolicyTest7EE.p12
│ │ │ ├── InvalidMappingToanyPolicyTest8EE.p12
│ │ │ ├── InvalidMissingCRLTest1EE.p12
│ │ │ ├── InvalidMissingbasicConstraintsTest1EE.p12
│ │ │ ├── InvalidNameChainingOrderTest2EE.p12
│ │ │ ├── InvalidNameChainingTest1EE.p12
│ │ │ ├── InvalidNegativeSerialNumberTest15EE.p12
│ │ │ ├── InvalidOldCRLnextUpdateTest11EE.p12
│ │ │ ├── InvalidPolicyMappingTest10EE.p12
│ │ │ ├── InvalidPolicyMappingTest2EE.p12
│ │ │ ├── InvalidPolicyMappingTest4EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest22EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest24EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest26EE.p12
│ │ │ ├── InvalidRevokedCATest2EE.p12
│ │ │ ├── InvalidRevokedEETest3EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest10EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest8EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest10EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest11EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest8EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest9EE.p12
│ │ │ ├── InvalidSelfIssuedpathLenConstraintTest16EE.p12
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest7EE.p12
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest8EE.p12
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest20EE.p12
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest21EE.p12
│ │ │ ├── InvalidURInameConstraintsTest35EE.p12
│ │ │ ├── InvalidURInameConstraintsTest37EE.p12
│ │ │ ├── InvalidUnknownCRLEntryExtensionTest8EE.p12
│ │ │ ├── InvalidUnknownCRLExtensionTest10EE.p12
│ │ │ ├── InvalidUnknownCRLExtensionTest9EE.p12
│ │ │ ├── InvalidUnknownCriticalCertificateExtensionTest2EE.p12
│ │ │ ├── InvalidWrongCRLTest6EE.p12
│ │ │ ├── InvalidcAFalseTest2EE.p12
│ │ │ ├── InvalidcAFalseTest3EE.p12
│ │ │ ├── InvalidcRLIssuerTest27EE.p12
│ │ │ ├── InvalidcRLIssuerTest31EE.p12
│ │ │ ├── InvalidcRLIssuerTest32EE.p12
│ │ │ ├── InvalidcRLIssuerTest34EE.p12
│ │ │ ├── InvalidcRLIssuerTest35EE.p12
│ │ │ ├── InvaliddeltaCRLIndicatorNoBaseTest1EE.p12
│ │ │ ├── InvaliddeltaCRLTest10EE.p12
│ │ │ ├── InvaliddeltaCRLTest3EE.p12
│ │ │ ├── InvaliddeltaCRLTest4EE.p12
│ │ │ ├── InvaliddeltaCRLTest6EE.p12
│ │ │ ├── InvaliddeltaCRLTest9EE.p12
│ │ │ ├── InvaliddistributionPointTest2EE.p12
│ │ │ ├── InvaliddistributionPointTest3EE.p12
│ │ │ ├── InvaliddistributionPointTest6EE.p12
│ │ │ ├── InvaliddistributionPointTest8EE.p12
│ │ │ ├── InvaliddistributionPointTest9EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest1EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest4EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest5EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest6EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest1EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest3EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest5EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest6EE.p12
│ │ │ ├── InvalidkeyUsageCriticalcRLSignFalseTest4EE.p12
│ │ │ ├── InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.p12
│ │ │ ├── InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.p12
│ │ │ ├── InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.p12
│ │ │ ├── InvalidonlyContainsAttributeCertsTest14EE.p12
│ │ │ ├── InvalidonlyContainsCACertsTest12EE.p12
│ │ │ ├── InvalidonlyContainsUserCertsTest11EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest15EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest16EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest17EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest20EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest21EE.p12
│ │ │ ├── InvalidpathLenConstraintTest10EE.p12
│ │ │ ├── InvalidpathLenConstraintTest11EE.p12
│ │ │ ├── InvalidpathLenConstraintTest12EE.p12
│ │ │ ├── InvalidpathLenConstraintTest5EE.p12
│ │ │ ├── InvalidpathLenConstraintTest6EE.p12
│ │ │ ├── InvalidpathLenConstraintTest9EE.p12
│ │ │ ├── Invalidpre2000CRLnextUpdateTest12EE.p12
│ │ │ ├── Invalidpre2000UTCEEnotAfterDateTest7EE.p12
│ │ │ ├── InvalidrequireExplicitPolicyTest3EE.p12
│ │ │ ├── InvalidrequireExplicitPolicyTest5EE.p12
│ │ │ ├── LongSerialNumberCACert.p12
│ │ │ ├── Mapping1to2CACert.p12
│ │ │ ├── MappingFromanyPolicyCACert.p12
│ │ │ ├── MappingToanyPolicyCACert.p12
│ │ │ ├── MissingbasicConstraintsCACert.p12
│ │ │ ├── NameOrderingCACert.p12
│ │ │ ├── NegativeSerialNumberCACert.p12
│ │ │ ├── NoCRLCACert.p12
│ │ │ ├── NoPoliciesCACert.p12
│ │ │ ├── NoissuingDistributionPointCACert.p12
│ │ │ ├── OldCRLnextUpdateCACert.p12
│ │ │ ├── OverlappingPoliciesTest6EE.p12
│ │ │ ├── P12Mapping1to3CACert.p12
│ │ │ ├── P12Mapping1to3subCACert.p12
│ │ │ ├── P12Mapping1to3subsubCACert.p12
│ │ │ ├── P1Mapping1to234CACert.p12
│ │ │ ├── P1Mapping1to234subCACert.p12
│ │ │ ├── P1anyPolicyMapping1to2CACert.p12
│ │ │ ├── PanyPolicyMapping1to2CACert.p12
│ │ │ ├── PoliciesP1234CACert.p12
│ │ │ ├── PoliciesP1234subCAP123Cert.p12
│ │ │ ├── PoliciesP1234subsubCAP123P12Cert.p12
│ │ │ ├── PoliciesP123CACert.p12
│ │ │ ├── PoliciesP123subCAP12Cert.p12
│ │ │ ├── PoliciesP123subsubCAP12P1Cert.p12
│ │ │ ├── PoliciesP123subsubCAP12P2Cert.p12
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1Cert.p12
│ │ │ ├── PoliciesP12CACert.p12
│ │ │ ├── PoliciesP12subCAP1Cert.p12
│ │ │ ├── PoliciesP12subsubCAP1P2Cert.p12
│ │ │ ├── PoliciesP2subCA2Cert.p12
│ │ │ ├── PoliciesP2subCACert.p12
│ │ │ ├── PoliciesP3CACert.p12
│ │ │ ├── RFC3280MandatoryAttributeTypesCACert.p12
│ │ │ ├── RFC3280OptionalAttributeTypesCACert.p12
│ │ │ ├── RevokedsubCACert.p12
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRLSigningCert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCRLSigningCert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACert.p12
│ │ │ ├── TrustAnchorRootCertificate.p12
│ │ │ ├── TwoCRLsCACert.p12
│ │ │ ├── UIDCACert.p12
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACert.p12
│ │ │ ├── UTF8StringEncodedNamesCACert.p12
│ │ │ ├── UnknownCRLEntryExtensionCACert.p12
│ │ │ ├── UnknownCRLExtensionCACert.p12
│ │ │ ├── UserNoticeQualifierTest15EE.p12
│ │ │ ├── UserNoticeQualifierTest16EE.p12
│ │ │ ├── UserNoticeQualifierTest17EE.p12
│ │ │ ├── UserNoticeQualifierTest18EE.p12
│ │ │ ├── UserNoticeQualifierTest19EE.p12
│ │ │ ├── ValidBasicSelfIssuedCRLSigningKeyTest6EE.p12
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest3EE.p12
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest4EE.p12
│ │ │ ├── ValidBasicSelfIssuedOldWithNewTest1EE.p12
│ │ │ ├── ValidCertificatePathTest1EE.p12
│ │ │ ├── ValidDNSnameConstraintsTest30EE.p12
│ │ │ ├── ValidDNSnameConstraintsTest32EE.p12
│ │ │ ├── ValidDNandRFC822nameConstraintsTest27EE.p12
│ │ │ ├── ValidDNnameConstraintsTest11EE.p12
│ │ │ ├── ValidDNnameConstraintsTest14EE.p12
│ │ │ ├── ValidDNnameConstraintsTest18EE.p12
│ │ │ ├── ValidDNnameConstraintsTest19EE.p12
│ │ │ ├── ValidDNnameConstraintsTest1EE.p12
│ │ │ ├── ValidDNnameConstraintsTest4EE.p12
│ │ │ ├── ValidDNnameConstraintsTest5EE.p12
│ │ │ ├── ValidDNnameConstraintsTest6EE.p12
│ │ │ ├── ValidDSAParameterInheritanceTest5EE.p12
│ │ │ ├── ValidDSASignaturesTest4EE.p12
│ │ │ ├── ValidGeneralizedTimeCRLnextUpdateTest13EE.p12
│ │ │ ├── ValidGeneralizedTimenotAfterDateTest8EE.p12
│ │ │ ├── ValidGeneralizedTimenotBeforeDateTest4EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest22EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest24EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest25EE.p12
│ │ │ ├── ValidLongSerialNumberTest16EE.p12
│ │ │ ├── ValidLongSerialNumberTest17EE.p12
│ │ │ ├── ValidNameChainingCapitalizationTest5EE.p12
│ │ │ ├── ValidNameChainingWhitespaceTest3EE.p12
│ │ │ ├── ValidNameChainingWhitespaceTest4EE.p12
│ │ │ ├── ValidNameUIDsTest6EE.p12
│ │ │ ├── ValidNegativeSerialNumberTest14EE.p12
│ │ │ ├── ValidNoissuingDistributionPointTest10EE.p12
│ │ │ ├── ValidPolicyMappingTest11EE.p12
│ │ │ ├── ValidPolicyMappingTest12EE.p12
│ │ │ ├── ValidPolicyMappingTest13EE.p12
│ │ │ ├── ValidPolicyMappingTest14EE.p12
│ │ │ ├── ValidPolicyMappingTest1EE.p12
│ │ │ ├── ValidPolicyMappingTest3EE.p12
│ │ │ ├── ValidPolicyMappingTest5EE.p12
│ │ │ ├── ValidPolicyMappingTest6EE.p12
│ │ │ ├── ValidPolicyMappingTest9EE.p12
│ │ │ ├── ValidRFC3280MandatoryAttributeTypesTest7EE.p12
│ │ │ ├── ValidRFC3280OptionalAttributeTypesTest8EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest21EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest23EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest25EE.p12
│ │ │ ├── ValidRolloverfromPrintableStringtoUTF8StringTest10EE.p12
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest7EE.p12
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest9EE.p12
│ │ │ ├── ValidSelfIssuedinhibitPolicyMappingTest7EE.p12
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest15EE.p12
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest17EE.p12
│ │ │ ├── ValidSelfIssuedrequireExplicitPolicyTest6EE.p12
│ │ │ ├── ValidSeparateCertificateandCRLKeysTest19EE.p12
│ │ │ ├── ValidTwoCRLsTest7EE.p12
│ │ │ ├── ValidURInameConstraintsTest34EE.p12
│ │ │ ├── ValidURInameConstraintsTest36EE.p12
│ │ │ ├── ValidUTF8StringCaseInsensitiveMatchTest11EE.p12
│ │ │ ├── ValidUTF8StringEncodedNamesTest9EE.p12
│ │ │ ├── ValidUnknownNotCriticalCertificateExtensionTest1EE.p12
│ │ │ ├── ValidbasicConstraintsNotCriticalTest4EE.p12
│ │ │ ├── ValidcRLIssuerTest28EE.p12
│ │ │ ├── ValidcRLIssuerTest29EE.p12
│ │ │ ├── ValidcRLIssuerTest30EE.p12
│ │ │ ├── ValidcRLIssuerTest33EE.p12
│ │ │ ├── ValiddeltaCRLTest2EE.p12
│ │ │ ├── ValiddeltaCRLTest5EE.p12
│ │ │ ├── ValiddeltaCRLTest7EE.p12
│ │ │ ├── ValiddeltaCRLTest8EE.p12
│ │ │ ├── ValiddistributionPointTest1EE.p12
│ │ │ ├── ValiddistributionPointTest4EE.p12
│ │ │ ├── ValiddistributionPointTest5EE.p12
│ │ │ ├── ValiddistributionPointTest7EE.p12
│ │ │ ├── ValidinhibitAnyPolicyTest2EE.p12
│ │ │ ├── ValidinhibitPolicyMappingTest2EE.p12
│ │ │ ├── ValidinhibitPolicyMappingTest4EE.p12
│ │ │ ├── ValidkeyUsageNotCriticalTest3EE.p12
│ │ │ ├── ValidonlyContainsCACertsTest13EE.p12
│ │ │ ├── ValidonlySomeReasonsTest18EE.p12
│ │ │ ├── ValidonlySomeReasonsTest19EE.p12
│ │ │ ├── ValidpathLenConstraintTest13EE.p12
│ │ │ ├── ValidpathLenConstraintTest14EE.p12
│ │ │ ├── ValidpathLenConstraintTest7EE.p12
│ │ │ ├── ValidpathLenConstraintTest8EE.p12
│ │ │ ├── Validpre2000UTCnotBeforeDateTest3EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest1EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest2EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest4EE.p12
│ │ │ ├── WrongCRLCACert.p12
│ │ │ ├── anyPolicyCACert.p12
│ │ │ ├── basicConstraintsCriticalcAFalseCACert.p12
│ │ │ ├── basicConstraintsNotCriticalCACert.p12
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACert.p12
│ │ │ ├── deltaCRLCA1Cert.p12
│ │ │ ├── deltaCRLCA2Cert.p12
│ │ │ ├── deltaCRLCA3Cert.p12
│ │ │ ├── deltaCRLIndicatorNoBaseCACert.p12
│ │ │ ├── distributionPoint1CACert.p12
│ │ │ ├── distributionPoint2CACert.p12
│ │ │ ├── indirectCRLCA1Cert.p12
│ │ │ ├── indirectCRLCA2Cert.p12
│ │ │ ├── indirectCRLCA3Cert.p12
│ │ │ ├── indirectCRLCA3cRLIssuerCert.p12
│ │ │ ├── indirectCRLCA4Cert.p12
│ │ │ ├── indirectCRLCA4cRLIssuerCert.p12
│ │ │ ├── indirectCRLCA5Cert.p12
│ │ │ ├── indirectCRLCA6Cert.p12
│ │ │ ├── inhibitAnyPolicy0CACert.p12
│ │ │ ├── inhibitAnyPolicy1CACert.p12
│ │ │ ├── inhibitAnyPolicy1SelfIssuedCACert.p12
│ │ │ ├── inhibitAnyPolicy1SelfIssuedsubCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCA1Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCAIAP5Cert.p12
│ │ │ ├── inhibitAnyPolicy1subsubCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy5CACert.p12
│ │ │ ├── inhibitAnyPolicy5subCACert.p12
│ │ │ ├── inhibitAnyPolicy5subsubCACert.p12
│ │ │ ├── inhibitAnyPolicyTest3EE.p12
│ │ │ ├── inhibitPolicyMapping0CACert.p12
│ │ │ ├── inhibitPolicyMapping0subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12CACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5Cert.p12
│ │ │ ├── inhibitPolicyMapping1P12subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5Cert.p12
│ │ │ ├── inhibitPolicyMapping1P1CACert.p12
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedsubCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping5CACert.p12
│ │ │ ├── inhibitPolicyMapping5subCACert.p12
│ │ │ ├── inhibitPolicyMapping5subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping5subsubsubCACert.p12
│ │ │ ├── keyUsageCriticalcRLSignFalseCACert.p12
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACert.p12
│ │ │ ├── keyUsageNotCriticalCACert.p12
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACert.p12
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACert.p12
│ │ │ ├── nameConstraintsDN1CACert.p12
│ │ │ ├── nameConstraintsDN1SelfIssuedCACert.p12
│ │ │ ├── nameConstraintsDN1subCA1Cert.p12
│ │ │ ├── nameConstraintsDN1subCA2Cert.p12
│ │ │ ├── nameConstraintsDN1subCA3Cert.p12
│ │ │ ├── nameConstraintsDN2CACert.p12
│ │ │ ├── nameConstraintsDN3CACert.p12
│ │ │ ├── nameConstraintsDN3subCA1Cert.p12
│ │ │ ├── nameConstraintsDN3subCA2Cert.p12
│ │ │ ├── nameConstraintsDN4CACert.p12
│ │ │ ├── nameConstraintsDN5CACert.p12
│ │ │ ├── nameConstraintsDNS1CACert.p12
│ │ │ ├── nameConstraintsDNS2CACert.p12
│ │ │ ├── nameConstraintsRFC822CA1Cert.p12
│ │ │ ├── nameConstraintsRFC822CA2Cert.p12
│ │ │ ├── nameConstraintsRFC822CA3Cert.p12
│ │ │ ├── nameConstraintsURI1CACert.p12
│ │ │ ├── nameConstraintsURI2CACert.p12
│ │ │ ├── onlyContainsAttributeCertsCACert.p12
│ │ │ ├── onlyContainsCACertsCACert.p12
│ │ │ ├── onlyContainsUserCertsCACert.p12
│ │ │ ├── onlySomeReasonsCA1Cert.p12
│ │ │ ├── onlySomeReasonsCA2Cert.p12
│ │ │ ├── onlySomeReasonsCA3Cert.p12
│ │ │ ├── onlySomeReasonsCA4Cert.p12
│ │ │ ├── pathLenConstraint0CACert.p12
│ │ │ ├── pathLenConstraint0SelfIssuedCACert.p12
│ │ │ ├── pathLenConstraint0subCA2Cert.p12
│ │ │ ├── pathLenConstraint0subCACert.p12
│ │ │ ├── pathLenConstraint1CACert.p12
│ │ │ ├── pathLenConstraint1SelfIssuedCACert.p12
│ │ │ ├── pathLenConstraint1SelfIssuedsubCACert.p12
│ │ │ ├── pathLenConstraint1subCACert.p12
│ │ │ ├── pathLenConstraint6CACert.p12
│ │ │ ├── pathLenConstraint6subCA0Cert.p12
│ │ │ ├── pathLenConstraint6subCA1Cert.p12
│ │ │ ├── pathLenConstraint6subCA4Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA00Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA11Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA41Cert.p12
│ │ │ ├── pathLenConstraint6subsubsubCA11XCert.p12
│ │ │ ├── pathLenConstraint6subsubsubCA41XCert.p12
│ │ │ ├── pre2000CRLnextUpdateCACert.p12
│ │ │ ├── requireExplicitPolicy0CACert.p12
│ │ │ ├── requireExplicitPolicy0subCACert.p12
│ │ │ ├── requireExplicitPolicy0subsubCACert.p12
│ │ │ ├── requireExplicitPolicy0subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy10CACert.p12
│ │ │ ├── requireExplicitPolicy10subCACert.p12
│ │ │ ├── requireExplicitPolicy10subsubCACert.p12
│ │ │ ├── requireExplicitPolicy10subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy2CACert.p12
│ │ │ ├── requireExplicitPolicy2SelfIssuedCACert.p12
│ │ │ ├── requireExplicitPolicy2SelfIssuedsubCACert.p12
│ │ │ ├── requireExplicitPolicy2subCACert.p12
│ │ │ ├── requireExplicitPolicy4CACert.p12
│ │ │ ├── requireExplicitPolicy4subCACert.p12
│ │ │ ├── requireExplicitPolicy4subsubCACert.p12
│ │ │ ├── requireExplicitPolicy4subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy5CACert.p12
│ │ │ ├── requireExplicitPolicy5subCACert.p12
│ │ │ ├── requireExplicitPolicy5subsubCACert.p12
│ │ │ ├── requireExplicitPolicy5subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy7CACert.p12
│ │ │ ├── requireExplicitPolicy7subCARE2Cert.p12
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4Cert.p12
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4Cert.p12
│ │ ├── pkits.ldif
│ │ ├── pkits.schema
│ │ └── smime/
│ │ ├── SignedAllCertificatesAnyPolicyTest11.eml
│ │ ├── SignedAllCertificatesNoPoliciesTest2.eml
│ │ ├── SignedAllCertificatesSamePoliciesTest10.eml
│ │ ├── SignedAllCertificatesSamePoliciesTest13.eml
│ │ ├── SignedAllCertificatesSamePolicyTest1.eml
│ │ ├── SignedAnyPolicyTest14.eml
│ │ ├── SignedCPSPointerQualifierTest20.eml
│ │ ├── SignedDifferentPoliciesTest12.eml
│ │ ├── SignedDifferentPoliciesTest3.eml
│ │ ├── SignedDifferentPoliciesTest4.eml
│ │ ├── SignedDifferentPoliciesTest5.eml
│ │ ├── SignedDifferentPoliciesTest7.eml
│ │ ├── SignedDifferentPoliciesTest8.eml
│ │ ├── SignedDifferentPoliciesTest9.eml
│ │ ├── SignedInvalidBadCRLIssuerNameTest5.eml
│ │ ├── SignedInvalidBadCRLSignatureTest4.eml
│ │ ├── SignedInvalidBasicSelfIssuedCRLSigningKeyTest7.eml
│ │ ├── SignedInvalidBasicSelfIssuedCRLSigningKeyTest8.eml
│ │ ├── SignedInvalidBasicSelfIssuedNewWithOldTest5.eml
│ │ ├── SignedInvalidBasicSelfIssuedOldWithNewTest2.eml
│ │ ├── SignedInvalidCASignatureTest2.eml
│ │ ├── SignedInvalidCAnotAfterDateTest5.eml
│ │ ├── SignedInvalidCAnotBeforeDateTest1.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest31.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest33.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest38.eml
│ │ ├── SignedInvalidDNandRFC822nameConstraintsTest28.eml
│ │ ├── SignedInvalidDNandRFC822nameConstraintsTest29.eml
│ │ ├── SignedInvalidDNnameConstraintsTest10.eml
│ │ ├── SignedInvalidDNnameConstraintsTest12.eml
│ │ ├── SignedInvalidDNnameConstraintsTest13.eml
│ │ ├── SignedInvalidDNnameConstraintsTest15.eml
│ │ ├── SignedInvalidDNnameConstraintsTest16.eml
│ │ ├── SignedInvalidDNnameConstraintsTest17.eml
│ │ ├── SignedInvalidDNnameConstraintsTest2.eml
│ │ ├── SignedInvalidDNnameConstraintsTest3.eml
│ │ ├── SignedInvalidDNnameConstraintsTest7.eml
│ │ ├── SignedInvalidDNnameConstraintsTest8.eml
│ │ ├── SignedInvalidDNnameConstraintsTest9.eml
│ │ ├── SignedInvalidDSASignatureTest6.eml
│ │ ├── SignedInvalidEESignatureTest3.eml
│ │ ├── SignedInvalidEEnotAfterDateTest6.eml
│ │ ├── SignedInvalidEEnotBeforeDateTest2.eml
│ │ ├── SignedInvalidIDPwithindirectCRLTest23.eml
│ │ ├── SignedInvalidIDPwithindirectCRLTest26.eml
│ │ ├── SignedInvalidLongSerialNumberTest18.eml
│ │ ├── SignedInvalidMappingFromanyPolicyTest7.eml
│ │ ├── SignedInvalidMappingToanyPolicyTest8.eml
│ │ ├── SignedInvalidMissingbasicConstraintsTest1.eml
│ │ ├── SignedInvalidNameChainingEETest1.eml
│ │ ├── SignedInvalidNameChainingOrderTest2.eml
│ │ ├── SignedInvalidNegativeSerialNumberTest15.eml
│ │ ├── SignedInvalidOldCRLnextUpdateTest11.eml
│ │ ├── SignedInvalidPolicyMappingTest10.eml
│ │ ├── SignedInvalidPolicyMappingTest2.eml
│ │ ├── SignedInvalidPolicyMappingTest4.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest22.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest24.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest26.eml
│ │ ├── SignedInvalidRequireExplicitPolicyTest3.eml
│ │ ├── SignedInvalidRequireExplicitPolicyTest5.eml
│ │ ├── SignedInvalidRevokedCATest2.eml
│ │ ├── SignedInvalidRevokedEETest3.eml
│ │ ├── SignedInvalidSelfIssuedDNnameConstraintsTest20.eml
│ │ ├── SignedInvalidSelfIssuedinhibitAnyPolicyTest10.eml
│ │ ├── SignedInvalidSelfIssuedinhibitAnyPolicyTest8.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest10.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest11.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest8.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest9.eml
│ │ ├── SignedInvalidSelfIssuedpathLenConstraintTest16.eml
│ │ ├── SignedInvalidSelfIssuedrequireExplicitPolicyTest7.eml
│ │ ├── SignedInvalidSelfIssuedrequireExplicitPolicyTest8.eml
│ │ ├── SignedInvalidSeparateCertificateandCRLKeysTest20.eml
│ │ ├── SignedInvalidSeparateCertificateandCRLKeysTest21.eml
│ │ ├── SignedInvalidURInameConstraintsTest35.eml
│ │ ├── SignedInvalidURInameConstraintsTest37.eml
│ │ ├── SignedInvalidUnknownCRLEntryExtensionTest8.eml
│ │ ├── SignedInvalidUnknownCRLExtensionTest10.eml
│ │ ├── SignedInvalidUnknownCRLExtensionTest9.eml
│ │ ├── SignedInvalidUnknownCriticalCertificateExtensionTest2.eml
│ │ ├── SignedInvalidWrongCRLTest6.eml
│ │ ├── SignedInvalidcAFalseTest2.eml
│ │ ├── SignedInvalidcAFalseTest3.eml
│ │ ├── SignedInvalidcRLIssuerTest27.eml
│ │ ├── SignedInvalidcRLIssuerTest31.eml
│ │ ├── SignedInvalidcRLIssuerTest32.eml
│ │ ├── SignedInvalidcRLIssuerTest34.eml
│ │ ├── SignedInvalidcRLIssuerTest35.eml
│ │ ├── SignedInvaliddeltaCRLIndicatorNoBaseTest1.eml
│ │ ├── SignedInvaliddeltaCRLTest10.eml
│ │ ├── SignedInvaliddeltaCRLTest3.eml
│ │ ├── SignedInvaliddeltaCRLTest4.eml
│ │ ├── SignedInvaliddeltaCRLTest6.eml
│ │ ├── SignedInvaliddeltaCRLTest9.eml
│ │ ├── SignedInvaliddistributionPointTest2.eml
│ │ ├── SignedInvaliddistributionPointTest3.eml
│ │ ├── SignedInvaliddistributionPointTest6.eml
│ │ ├── SignedInvaliddistributionPointTest8.eml
│ │ ├── SignedInvaliddistributionPointTest9.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest1.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest4.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest5.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest6.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest1.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest3.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest5.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest6.eml
│ │ ├── SignedInvalidkeyUsageCriticalcRLSignFalseTest4.eml
│ │ ├── SignedInvalidkeyUsageCriticalkeyCertSignFalseTest1.eml
│ │ ├── SignedInvalidkeyUsageNotCriticalcRLSignFalseTest5.eml
│ │ ├── SignedInvalidkeyUsageNotCriticalkeyCertSignFalseTest2.eml
│ │ ├── SignedInvalidonlyContainsAttributeCertsTest14.eml
│ │ ├── SignedInvalidonlyContainsCACertsCRLTest12.eml
│ │ ├── SignedInvalidonlyContainsUserCertsCRLTest11.eml
│ │ ├── SignedInvalidonlySomeReasonsTest15.eml
│ │ ├── SignedInvalidonlySomeReasonsTest16.eml
│ │ ├── SignedInvalidonlySomeReasonsTest17.eml
│ │ ├── SignedInvalidonlySomeReasonsTest20.eml
│ │ ├── SignedInvalidonlySomeReasonsTest21.eml
│ │ ├── SignedInvalidpathLenConstraintTest10.eml
│ │ ├── SignedInvalidpathLenConstraintTest11.eml
│ │ ├── SignedInvalidpathLenConstraintTest12.eml
│ │ ├── SignedInvalidpathLenConstraintTest5.eml
│ │ ├── SignedInvalidpathLenConstraintTest6.eml
│ │ ├── SignedInvalidpathLenConstraintTest9.eml
│ │ ├── SignedInvalidpre2000CRLnextUpdateTest12.eml
│ │ ├── SignedInvalidpre2000UTCEEnotAfterDateTest7.eml
│ │ ├── SignedMissingCRLTest1.eml
│ │ ├── SignedOverlappingPoliciesTest6.eml
│ │ ├── SignedUserNoticeQualifierTest15.eml
│ │ ├── SignedUserNoticeQualifierTest16.eml
│ │ ├── SignedUserNoticeQualifierTest17.eml
│ │ ├── SignedUserNoticeQualifierTest18.eml
│ │ ├── SignedUserNoticeQualifierTest19.eml
│ │ ├── SignedValidBasicSelfIssuedCRLSigningKeyTest6.eml
│ │ ├── SignedValidBasicSelfIssuedNewWithOldTest3.eml
│ │ ├── SignedValidBasicSelfIssuedNewWithOldTest4.eml
│ │ ├── SignedValidBasicSelfIssuedOldWithNewTest1.eml
│ │ ├── SignedValidDNSnameConstraintsTest30.eml
│ │ ├── SignedValidDNSnameConstraintsTest32.eml
│ │ ├── SignedValidDNandRFC822nameConstraintsTest27.eml
│ │ ├── SignedValidDNnameConstraintsTest1.eml
│ │ ├── SignedValidDNnameConstraintsTest11.eml
│ │ ├── SignedValidDNnameConstraintsTest14.eml
│ │ ├── SignedValidDNnameConstraintsTest18.eml
│ │ ├── SignedValidDNnameConstraintsTest4.eml
│ │ ├── SignedValidDNnameConstraintsTest5.eml
│ │ ├── SignedValidDNnameConstraintsTest6.eml
│ │ ├── SignedValidDSAParameterInheritanceTest5.eml
│ │ ├── SignedValidDSASignaturesTest4.eml
│ │ ├── SignedValidGeneralizedTimeCRLnextUpdateTest13.eml
│ │ ├── SignedValidGeneralizedTimenotAfterDateTest8.eml
│ │ ├── SignedValidGeneralizedTimenotBeforeDateTest4.eml
│ │ ├── SignedValidIDPwithindirectCRLTest22.eml
│ │ ├── SignedValidIDPwithindirectCRLTest24.eml
│ │ ├── SignedValidIDPwithindirectCRLTest25.eml
│ │ ├── SignedValidLongSerialNumberTest16.eml
│ │ ├── SignedValidLongSerialNumberTest17.eml
│ │ ├── SignedValidNameChainingCapitalizationTest5.eml
│ │ ├── SignedValidNameChainingUIDsTest6.eml
│ │ ├── SignedValidNameChainingWhitespaceTest3.eml
│ │ ├── SignedValidNameChainingWhitespaceTest4.eml
│ │ ├── SignedValidNegativeSerialNumberTest14.eml
│ │ ├── SignedValidNoissuingDistributionPointTest10.eml
│ │ ├── SignedValidPolicyMappingTest1.eml
│ │ ├── SignedValidPolicyMappingTest11.eml
│ │ ├── SignedValidPolicyMappingTest12.eml
│ │ ├── SignedValidPolicyMappingTest13.eml
│ │ ├── SignedValidPolicyMappingTest14.eml
│ │ ├── SignedValidPolicyMappingTest3.eml
│ │ ├── SignedValidPolicyMappingTest5.eml
│ │ ├── SignedValidPolicyMappingTest6.eml
│ │ ├── SignedValidPolicyMappingTest9.eml
│ │ ├── SignedValidRFC3280MandatoryAttributeTypesTest7.eml
│ │ ├── SignedValidRFC3280OptionalAttributeTypesTest8.eml
│ │ ├── SignedValidRFC822nameConstraintsTest21.eml
│ │ ├── SignedValidRFC822nameConstraintsTest23.eml
│ │ ├── SignedValidRFC822nameConstraintsTest25.eml
│ │ ├── SignedValidRequireExplicitPolicyTest1.eml
│ │ ├── SignedValidRequireExplicitPolicyTest2.eml
│ │ ├── SignedValidRequireExplicitPolicyTest4.eml
│ │ ├── SignedValidRolloverfromPrintableStringtoUTF8StringTest10.eml
│ │ ├── SignedValidSelfIssuedDNnameConstraintsTest19.eml
│ │ ├── SignedValidSelfIssuedinhibitAnyPolicyTest7.eml
│ │ ├── SignedValidSelfIssuedinhibitAnyPolicyTest9.eml
│ │ ├── SignedValidSelfIssuedinhibitPolicyMappingTest7.eml
│ │ ├── SignedValidSelfIssuedpathLenConstraintTest15.eml
│ │ ├── SignedValidSelfIssuedpathLenConstraintTest17.eml
│ │ ├── SignedValidSelfIssuedrequireExplicitPolicyTest6.eml
│ │ ├── SignedValidSeparateCertificateandCRLKeysTest19.eml
│ │ ├── SignedValidSignaturesTest1.eml
│ │ ├── SignedValidTwoCRLsTest7.eml
│ │ ├── SignedValidURInameConstraintsTest34.eml
│ │ ├── SignedValidURInameConstraintsTest36.eml
│ │ ├── SignedValidUTF8StringCaseInsensitiveMatchTest11.eml
│ │ ├── SignedValidUTF8StringEncodedNamesTest9.eml
│ │ ├── SignedValidUnknownNotCriticalCertificateExtensionTest1.eml
│ │ ├── SignedValidbasicConstraintsNotCriticalTest4.eml
│ │ ├── SignedValidcRLIssuerTest28.eml
│ │ ├── SignedValidcRLIssuerTest29.eml
│ │ ├── SignedValidcRLIssuerTest30.eml
│ │ ├── SignedValidcRLIssuerTest33.eml
│ │ ├── SignedValiddeltaCRLTest2.eml
│ │ ├── SignedValiddeltaCRLTest5.eml
│ │ ├── SignedValiddeltaCRLTest7.eml
│ │ ├── SignedValiddeltaCRLTest8.eml
│ │ ├── SignedValiddistributionPointTest1.eml
│ │ ├── SignedValiddistributionPointTest4.eml
│ │ ├── SignedValiddistributionPointTest5.eml
│ │ ├── SignedValiddistributionPointTest7.eml
│ │ ├── SignedValidinhibitAnyPolicyTest2.eml
│ │ ├── SignedValidinhibitPolicyMappingTest2.eml
│ │ ├── SignedValidinhibitPolicyMappingTest4.eml
│ │ ├── SignedValidkeyUsageNotCriticalTest3.eml
│ │ ├── SignedValidonlyContainsCACertsCRLTest13.eml
│ │ ├── SignedValidonlySomeReasonsTest18.eml
│ │ ├── SignedValidonlySomeReasonsTest19.eml
│ │ ├── SignedValidpathLenConstraintTest13.eml
│ │ ├── SignedValidpathLenConstraintTest14.eml
│ │ ├── SignedValidpathLenConstraintTest7.eml
│ │ ├── SignedValidpathLenConstraintTest8.eml
│ │ ├── SignedValidpre2000UTCnotBeforeDateTest3.eml
│ │ └── SignedinhibitAnyPolicyTest3.eml
│ ├── accvraiz1.pem
│ ├── badasn1time.pem
│ ├── badssl-sct-anonymous-sig.der
│ ├── badssl-sct-none-hash.der
│ ├── badssl-sct.pem
│ ├── belgian-eid-invalid-visiblestring.pem
│ ├── bigoid.pem
│ ├── cryptography-scts-tbs-precert.der
│ ├── cryptography-scts.pem
│ ├── cryptography.io.chain.pem
│ ├── cryptography.io.chain_with_garbage.pem
│ ├── cryptography.io.old_header.pem
│ ├── cryptography.io.pem
│ ├── cryptography.io.precert.pem
│ ├── cryptography.io.with_garbage.pem
│ ├── cryptography.io.with_headers.pem
│ ├── custom/
│ │ ├── admissions_extension_authority_not_provided.pem
│ │ ├── admissions_extension_optional_data_not_provided.pem
│ │ ├── aia_ca_issuers.pem
│ │ ├── aia_ocsp.pem
│ │ ├── aia_ocsp_ca_issuers.pem
│ │ ├── all_key_usages.pem
│ │ ├── all_supported_names.pem
│ │ ├── alternate-rsa-sha1-oid.der
│ │ ├── authority_key_identifier.pem
│ │ ├── authority_key_identifier_no_keyid.pem
│ │ ├── bad_country.pem
│ │ ├── basic_constraints_not_critical.pem
│ │ ├── bc_path_length_zero.pem
│ │ ├── ca/
│ │ │ ├── ca.pem
│ │ │ ├── ca_key.pem
│ │ │ ├── rsa_ca.pem
│ │ │ ├── rsa_key.pem
│ │ │ └── rsae_ca.pem
│ │ ├── cdp_all_reasons.pem
│ │ ├── cdp_crl_issuer.pem
│ │ ├── cdp_empty_hostname.pem
│ │ ├── cdp_fullname_reasons_crl_issuer.pem
│ │ ├── cdp_reason_aa_compromise.pem
│ │ ├── cp_cps_uri.pem
│ │ ├── cp_invalid.pem
│ │ ├── cp_invalid2.der
│ │ ├── cp_user_notice_no_explicit_text.pem
│ │ ├── cp_user_notice_with_explicit_text.pem
│ │ ├── cp_user_notice_with_notice_reference.pem
│ │ ├── crl_all_reasons.pem
│ │ ├── crl_almost_10k.pem
│ │ ├── crl_bad_version.pem
│ │ ├── crl_delta_crl_indicator.pem
│ │ ├── crl_dup_entry_ext.pem
│ │ ├── crl_empty.pem
│ │ ├── crl_empty_no_sequence.der
│ │ ├── crl_ian_aia_aki.pem
│ │ ├── crl_idp_fullname_indirect_crl.pem
│ │ ├── crl_idp_fullname_only.pem
│ │ ├── crl_idp_fullname_only_aa.pem
│ │ ├── crl_idp_fullname_only_user.pem
│ │ ├── crl_idp_only_ca.pem
│ │ ├── crl_idp_reasons_only.pem
│ │ ├── crl_idp_relative_user_all_reasons.pem
│ │ ├── crl_idp_relativename_only.pem
│ │ ├── crl_inner_outer_mismatch.der
│ │ ├── crl_inval_cert_issuer_entry_ext.pem
│ │ ├── crl_invalid_time.der
│ │ ├── crl_issuer_invalid_printable_string.der
│ │ ├── crl_md2_unknown_crit_entry_ext.pem
│ │ ├── crl_no_next_update.pem
│ │ ├── crl_unrecognized_extension.der
│ │ ├── crl_unsupported_reason.pem
│ │ ├── dsa_null_alg_params.pem
│ │ ├── dsa_selfsigned_ca.pem
│ │ ├── ec_no_named_curve.pem
│ │ ├── ecdsa_null_alg.pem
│ │ ├── ekucrit-testuser-cert.pem
│ │ ├── empty-eku.pem
│ │ ├── extended_key_usage.pem
│ │ ├── freshestcrl.pem
│ │ ├── ian_uri.pem
│ │ ├── inhibit_any_policy_5.pem
│ │ ├── inhibit_any_policy_negative.pem
│ │ ├── invalid-sct-length.der
│ │ ├── invalid-sct-version.der
│ │ ├── invalid_signature_cert.pem
│ │ ├── invalid_signature_crl.pem
│ │ ├── invalid_utf8_common_name.pem
│ │ ├── invalid_version.pem
│ │ ├── long-form-name-attribute.pem
│ │ ├── malformed-ian.pem
│ │ ├── malformed-san.pem
│ │ ├── mismatch_inner_outer_sig_algorithm.der
│ │ ├── ms-certificate-template.pem
│ │ ├── nc_excluded.pem
│ │ ├── nc_invalid_ip4_netmask.der
│ │ ├── nc_invalid_ip_netmask.pem
│ │ ├── nc_ip_invalid_length.pem
│ │ ├── nc_permitted.pem
│ │ ├── nc_permitted_2.pem
│ │ ├── nc_permitted_excluded.pem
│ │ ├── nc_permitted_excluded_2.pem
│ │ ├── nc_single_ip_netmask.pem
│ │ ├── negative_serial.pem
│ │ ├── no_sans.pem
│ │ ├── ocsp_nocheck.pem
│ │ ├── pc_inhibit.pem
│ │ ├── pc_inhibit_require.pem
│ │ ├── pc_require.pem
│ │ ├── policy_constraints_explicit.pem
│ │ ├── post2000utctime.pem
│ │ ├── private_key_usage_period_both_dates.pem
│ │ ├── private_key_usage_period_only_not_after.pem
│ │ ├── private_key_usage_period_only_not_before.pem
│ │ ├── rsa_pss.pem
│ │ ├── rsa_pss_cert.pem
│ │ ├── rsa_pss_cert_invalid_mgf.der
│ │ ├── rsa_pss_cert_no_sig_params.der
│ │ ├── rsa_pss_cert_unsupported_mgf_hash.der
│ │ ├── rsa_pss_sha256_no_null.pem
│ │ ├── san_dirname.pem
│ │ ├── san_email_dns_ip_dirname_uri.pem
│ │ ├── san_empty_hostname.pem
│ │ ├── san_idna2003_dnsname.pem
│ │ ├── san_idna_names.pem
│ │ ├── san_ipaddr.pem
│ │ ├── san_other_name.pem
│ │ ├── san_registered_id.pem
│ │ ├── san_rfc822_idna.pem
│ │ ├── san_rfc822_names.pem
│ │ ├── san_uri_with_port.pem
│ │ ├── san_wildcard_idna.pem
│ │ ├── sia.pem
│ │ ├── two_basic_constraints.pem
│ │ ├── unsupported_extension.pem
│ │ ├── unsupported_extension_2.pem
│ │ ├── unsupported_extension_critical.pem
│ │ ├── unsupported_subject_name.pem
│ │ ├── unsupported_subject_public_key_info.pem
│ │ ├── utf8_common_name.pem
│ │ ├── valid_signature_cert.pem
│ │ └── valid_signature_crl.pem
│ ├── department-of-state-root.pem
│ ├── e-trust.ru.der
│ ├── ecdsa_root.pem
│ ├── ed25519/
│ │ ├── ed25519-rfc8410.pem
│ │ ├── root-ed25519.pem
│ │ └── server-ed25519-cert.pem
│ ├── ed448/
│ │ ├── root-ed448.pem
│ │ └── server-ed448-cert.pem
│ ├── ee-pss-sha1-cert.pem
│ ├── letsencryptx3.pem
│ ├── ocsp/
│ │ ├── ocsp-army.deps.mil-resp.der
│ │ ├── ocsp-army.inapplicable-req.der
│ │ ├── ocsp-army.revoked-req.der
│ │ ├── ocsp-army.valid-req.der
│ │ ├── req-acceptable-responses.der
│ │ ├── req-duplicate-ext.der
│ │ ├── req-ext-nonce.der
│ │ ├── req-ext-unknown-oid.der
│ │ ├── req-invalid-hash-alg.der
│ │ ├── req-multi-sha1.der
│ │ ├── req-sha1.der
│ │ ├── resp-delegate-unknown-cert.der
│ │ ├── resp-invalid-signature-oid.der
│ │ ├── resp-responder-key-hash.der
│ │ ├── resp-response-type-unknown-oid.der
│ │ ├── resp-revoked-no-next-update.der
│ │ ├── resp-revoked-reason.der
│ │ ├── resp-revoked.der
│ │ ├── resp-sct-extension.der
│ │ ├── resp-sha256.der
│ │ ├── resp-single-extension-reason.der
│ │ ├── resp-successful-no-response-bytes.der
│ │ ├── resp-unauthorized.der
│ │ ├── resp-unknown-extension.der
│ │ ├── resp-unknown-hash-alg.der
│ │ └── resp-unknown-response-status.der
│ ├── rapidssl_sha256_ca_g3.pem
│ ├── requests/
│ │ ├── bad-version.pem
│ │ ├── basic_constraints.pem
│ │ ├── challenge-invalid.der
│ │ ├── challenge-multi-valued.der
│ │ ├── challenge-unstructured.pem
│ │ ├── challenge.pem
│ │ ├── dsa_sha1.der
│ │ ├── dsa_sha1.pem
│ │ ├── ec_sha256.der
│ │ ├── ec_sha256.pem
│ │ ├── ec_sha256_old_header.pem
│ │ ├── freeipa-bad-critical.pem
│ │ ├── invalid_signature.pem
│ │ ├── long-form-attribute.pem
│ │ ├── rsa_md4.der
│ │ ├── rsa_md4.pem
│ │ ├── rsa_sha1.der
│ │ ├── rsa_sha1.pem
│ │ ├── rsa_sha256.der
│ │ ├── rsa_sha256.pem
│ │ ├── san_rsa_sha1.der
│ │ ├── san_rsa_sha1.pem
│ │ ├── two_basic_constraints.pem
│ │ ├── unsupported_extension.pem
│ │ ├── unsupported_extension_critical.pem
│ │ └── zero-element-attribute.pem
│ ├── san_edipartyname.der
│ ├── san_x400address.der
│ ├── scottishpower-bitstring-dn.pem
│ ├── tls-feature-ocsp-staple.pem
│ ├── unique_identifier.pem
│ ├── utf8-dnsname.pem
│ ├── v1_cert.pem
│ ├── verisign_md2_root.pem
│ ├── wildcard_san.pem
│ └── wosign-bc-invalid.pem
└── pyproject.toml
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitattributes
================================================
*.pem text eol=lf
================================================
FILE: .github/ISSUE_TEMPLATE/openssl-release.md
================================================
- [ ] Windows, macOS, `manylinux`
- [ ] Send a pull request to `pyca/infra` updating the [version and hash](https://github.com/pyca/infra/blob/main/cryptography-linux/openssl-version.sh)
- [ ] Wait for it to be merged
- [ ] Wait for the Github Actions job to complete
- [ ] Changelog entry
- [ ] Release
- [ ] File Github Security Advisory indicating which releases are impacted (if OpenSSL release is fixing a vulnerability)
- [ ] Send announcement to mailing lists
- [ ] Forward port changelog entry (if releasing from release branch)
================================================
FILE: .github/ISSUE_TEMPLATE.rst
================================================
If you're filing a bug (as opposed to a feature request), please try the
following things:
* Check the FAQ to see if your issue is covered there:
https://cryptography.io/en/latest/faq.html
* Upgrade to the latest version of ``setuptools`` and ``pip``
* Make sure you're on a supported version of OpenSSL
* Try with the latest version of ``cryptography``
* Be sure you have the required compilers (both a C compiler and Rust)
installed if you aren't using the binary wheels.
If none of that works, please make sure to include the following information in
your bug report:
* Versions of Python, ``cryptography``, ``cffi``, ``pip``, and ``setuptools``
you're using
* How you installed ``cryptography``
* Clear steps for reproducing your bug
Please do not report security issues on Github! Follow the instructions in our
documentation for reporting security issues:
https://cryptography.io/en/latest/security.html
================================================
FILE: .github/actions/cache/action.yml
================================================
name: Cache
description: Caches build data to speed builds
inputs:
key:
description: 'extra cache key components'
required: false
default: ''
runs:
using: "composite"
steps:
- name: Normalize key
id: normalized-key
run: echo "key=$(echo "${KEY}" | tr -d ',')" >> $GITHUB_OUTPUT
shell: bash
env:
KEY: "${{ inputs.key }}"
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
with:
key: ${{ steps.normalized-key.outputs.key }}-4
================================================
FILE: .github/actions/fetch-vectors/action.yml
================================================
name: Clone test vectors
description: Clones the wycheproof and x509-limbo repositories
runs:
using: "composite"
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: "C2SP/wycheproof"
path: "wycheproof"
# Latest commit on the wycheproof main branch, as of Mar 12, 2026.
ref: "78898104021ebd2cd98820e4112da89b1531d999" # wycheproof-ref
persist-credentials: false
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: "C2SP/x509-limbo"
path: "x509-limbo"
# Latest commit on the x509-limbo main branch, as of Mar 04, 2026.
ref: "9d594748cd0184468ec80a2d6e69d231ecf9fc8f" # x509-limbo-ref
persist-credentials: false
================================================
FILE: .github/actions/upload-coverage/action.yml
================================================
name: Upload Coverage
description: Upload coverage files
runs:
using: "composite"
steps:
- run: |
COVERAGE_UUID=$(python3 -c "import uuid; print(uuid.uuid4())")
echo "COVERAGE_UUID=${COVERAGE_UUID}" >> $GITHUB_OUTPUT
if [ -f .coverage ]; then
mv .coverage .coverage.${COVERAGE_UUID}
fi
id: coverage-uuid
shell: bash
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coverage-data-${{ steps.coverage-uuid.outputs.COVERAGE_UUID }}
path: |
.coverage.*
*.lcov
if-no-files-found: ignore
include-hidden-files: true
================================================
FILE: .github/actions/wheel-smoketest/action.yml
================================================
name: Wheel Smoketest
description: Tests a built cryptography wheel by installing it and verifying basic functionality
inputs:
python-path:
description: "Optional path to a specific Python interpreter to use for creating the venv"
required: false
default: ""
build-requirements-path:
description: "Path to the build requirements file"
required: true
test-pip:
description: "Optional flag to also test installation with pip"
required: false
default: "false"
runs:
using: "composite"
steps:
- name: Create virtual environment
run: |
if [ -n "${PYTHON_PATH}" ]; then
uv venv --python="${PYTHON_PATH}"
else
uv venv
fi
env:
PYTHON_PATH: ${{ inputs.python-path }}
shell: bash
- name: Install build requirements
run: uv pip install --require-hashes -r "${BUILD_REQUIREMENTS_PATH}"
env:
BUILD_REQUIREMENTS_PATH: ${{ inputs.build-requirements-path }}
shell: bash
- name: Install cryptography wheel
run: uv pip install cryptography --no-index -f wheelhouse/
shell: bash
- name: Show the wheel's minimum macOS SDK and architectures
if: runner.os == 'macOS'
run: |
find .venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \;
shell: bash
- name: Verify cryptography installation and OpenSSL version
run: |
uv run - <<'EOF'
from cryptography.hazmat.backends.openssl.backend import backend
print(f"Loaded: {backend.openssl_version_text()}")
print(f"Linked Against: {backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii')}")
EOF
shell: bash
- name: Create virtual environment for pip testing
if: inputs.test-pip == 'true'
run: |
if [ -n "${PYTHON_PATH}" ]; then
"${PYTHON_PATH}" -m venv .venv-pip-test
else
python3 -m venv .venv-pip-test
fi
env:
PYTHON_PATH: ${{ inputs.python-path }}
shell: bash
- name: Install build requirements with pip
if: inputs.test-pip == 'true'
run: .venv-pip-test/bin/pip install --require-hashes -r "${BUILD_REQUIREMENTS_PATH}"
env:
BUILD_REQUIREMENTS_PATH: ${{ inputs.build-requirements-path }}
shell: bash
- name: Install cryptography wheel with pip
if: inputs.test-pip == 'true'
run: .venv-pip-test/bin/pip install cryptography --no-index -f wheelhouse/
shell: bash
- name: Verify pip installation and OpenSSL version
if: inputs.test-pip == 'true'
run: |
.venv-pip-test/bin/python - <<'EOF'
from cryptography.hazmat.backends.openssl.backend import backend
print(f"pip install - Loaded: {backend.openssl_version_text()}")
print(f"pip install - Linked Against: {backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii')}")
EOF
shell: bash
================================================
FILE: .github/bin/build_openssl.sh
================================================
#!/bin/bash
set -e
set -x
if [[ "${TYPE}" == "openssl" ]]; then
if [[ "${VERSION}" =~ ^[0-9a-f]{40}$ ]]; then
git clone https://github.com/openssl/openssl
pushd openssl
git checkout "${VERSION}"
else
curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${VERSION}/openssl-${VERSION}.tar.gz"
tar zxf "openssl-${VERSION}.tar.gz"
pushd "openssl-${VERSION}"
fi
# modify the shlib version to a unique one to make sure the dynamic
# linker doesn't load the system one.
sed -i "s/^SHLIB_VERSION=.*/SHLIB_VERSION=100/" VERSION.dat
# CONFIG_FLAGS is a global coming from a previous step
./config ${CONFIG_FLAGS} -fPIC --prefix="${OSSL_PATH}"
make depend
make -j"$(nproc)"
# avoid installing the docs (for performance)
# https://github.com/openssl/openssl/issues/6685#issuecomment-403838728
make install_sw install_ssldirs
# delete binaries we don't need
rm -rf "${OSSL_PATH}/bin"
# For OpenSSL 3.0.0 set up the FIPS config. This does not activate it by
# default, but allows programmatic activation at runtime
if [[ "${CONFIG_FLAGS}" =~ enable-fips ]]; then
# As of alpha16 we have to install it separately and enable it in the config flags
make -j"$(nproc)" install_fips
pushd "${OSSL_PATH}"
# include the conf file generated as part of install_fips
sed -i "s:# .include fipsmodule.cnf:.include $(pwd)/ssl/fipsmodule.cnf:" ssl/openssl.cnf
# uncomment the FIPS section
sed -i 's:# fips = fips_sect:fips = fips_sect:' ssl/openssl.cnf
popd
fi
popd
elif [[ "${TYPE}" == "libressl" ]]; then
curl -LO "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${VERSION}.tar.gz"
tar zxf "libressl-${VERSION}.tar.gz"
pushd "libressl-${VERSION}"
cmake -GNinja -B build -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX="${OSSL_PATH}"
ninja -C build install
# delete binaries, libtls, and docs we don't need. can't skip install/compile sadly
rm -rf "${OSSL_PATH}/bin"
rm -rf "${OSSL_PATH}/share"
rm -rf "${OSSL_PATH}/lib/libtls*"
popd
elif [[ "${TYPE}" == "boringssl" ]]; then
git clone https://boringssl.googlesource.com/boringssl
pushd boringssl
git checkout "${VERSION}"
cmake -GNinja -B build -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX="${OSSL_PATH}"
ninja -C build install
# delete binaries we don't need
rm -rf "${OSSL_PATH}/bin"
popd
rm -rf boringssl/
elif [[ "${TYPE}" == "aws-lc" ]]; then
git clone https://github.com/aws/aws-lc.git
pushd aws-lc
git checkout "${VERSION}"
cmake -GNinja -B build -DCMAKE_INSTALL_PREFIX="${OSSL_PATH}"
ninja -C build install
# delete binaries we don't need
rm -rf "${OSSL_PATH:?}/bin"
popd # aws-lc
rm -rf aws-lc/
fi
================================================
FILE: .github/bin/bump_dependency.py
================================================
import argparse
import os
import re
import subprocess
import sys
from datetime import datetime
def get_remote_commit_sha(repo_url: str, branch: str) -> str:
output = subprocess.check_output(
["git", "ls-remote", repo_url, f"refs/heads/{branch}"], text=True
)
return output.split("\t")[0]
def get_remote_latest_tag(repo_url: str, tag_pattern: str) -> str:
output = subprocess.check_output(
["git", "ls-remote", "--tags", repo_url], text=True
)
tags = []
for line in output.split("\n"):
if line.strip():
parts = line.split("\t")
if len(parts) == 2:
ref = parts[1]
if ref.startswith("refs/tags/") and not ref.endswith("^{}"):
tag = ref.replace("refs/tags/", "")
if re.match(tag_pattern + "$", tag):
tags.append(tag)
def version_key(tag: str) -> tuple[int, ...]:
version = tag.lstrip("v")
return tuple(map(int, version.split(".")))
return sorted(tags, key=version_key)[-1]
def get_current_version_from_file(file_path: str, pattern: str) -> str:
with open(file_path) as f:
content = f.read()
match = re.search(pattern, content)
return match.group(1)
def update_file_version(
file_path: str, old_pattern: str, new_value: str, comment_pattern: str
) -> None:
with open(file_path) as f:
content = f.read()
new_content = re.sub(old_pattern, new_value, content)
current_date = datetime.now().strftime("%b %d, %Y")
new_content = re.sub(
comment_pattern,
lambda m: m.group(0).split(", as of")[0] + f", as of {current_date}.",
new_content,
)
with open(file_path, "w") as f:
f.write(new_content)
def generate_commit_message(
repo_name: str,
repo_url: str,
old_version: str,
new_version: str,
is_tag: bool,
commit_url_template: str,
diff_url_template: str,
) -> str:
if is_tag:
version_link = (
f"[Tag: {new_version}]({repo_url}/releases/tag/{new_version})"
)
diff_url = diff_url_template.format(
repo_url=repo_url, old_version=old_version, new_version=new_version
)
diff_link = f"[Diff]({diff_url})"
description = "between the previously used tag and the new tag."
else:
commit_url = commit_url_template.format(
repo_url=repo_url, version=new_version
)
version_link = f"[Commit: {new_version}]({commit_url})"
diff_url = diff_url_template.format(
repo_url=repo_url, old_version=old_version, new_version=new_version
)
diff_link = f"[Diff]({diff_url})"
description = (
"between the last commit hash merged to this repository "
"and the new commit."
)
return f"## {repo_name}\n{version_link}\n\n{diff_link} {description}"
def main() -> int:
parser = argparse.ArgumentParser(
description="Bump a single dependency version"
)
parser.add_argument(
"--name", required=True, help="Display name for the dependency"
)
parser.add_argument("--repo-url", required=True, help="Git repository URL")
parser.add_argument(
"--branch", default="main", help="Branch to check (default: main)"
)
parser.add_argument(
"--file-path", required=True, help="File containing current version"
)
parser.add_argument(
"--current-version-pattern",
required=True,
help="Regex to extract current version (group 1)",
)
parser.add_argument(
"--update-pattern", required=True, help="Regex pattern for replacement"
)
parser.add_argument(
"--comment-pattern",
required=True,
help="Regex pattern for comment update",
)
parser.add_argument(
"--tag", action="store_true", help="Check tags instead of commits"
)
parser.add_argument(
"--tag-pattern", default=r"v?[0-9\.]*", help="Pattern for tag matching"
)
parser.add_argument(
"--commit-url-template",
default="{repo_url}/commit/{version}",
help="Template for commit URLs",
)
parser.add_argument(
"--diff-url-template",
default="{repo_url}/compare/{old_version}...{new_version}",
help="Template for diff URLs",
)
parser.add_argument(
"--commit-message-fd",
type=int,
help="File descriptor to write commit message to",
)
args = parser.parse_args()
current_version = get_current_version_from_file(
args.file_path, args.current_version_pattern
)
if args.tag:
latest_version = get_remote_latest_tag(args.repo_url, args.tag_pattern)
else:
latest_version = get_remote_commit_sha(args.repo_url, args.branch)
if current_version == latest_version:
print(f"{args.name}: No update needed (current: {current_version})")
if not args.commit_message_fd:
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write("HAS_UPDATES=false\n")
return 0
print(
f"{args.name}: Update available "
f"({current_version} -> {latest_version})"
)
replacement = args.update_pattern.replace("{new_version}", latest_version)
update_file_version(
args.file_path,
args.current_version_pattern,
replacement,
args.comment_pattern,
)
commit_msg = generate_commit_message(
args.name,
args.repo_url,
current_version,
latest_version,
args.tag,
args.commit_url_template,
args.diff_url_template,
)
if args.commit_message_fd:
with os.fdopen(args.commit_message_fd, "w") as f:
f.write(commit_msg)
else:
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write("COMMIT_MSG<<EOF\n")
f.write(commit_msg)
f.write("\nEOF\n")
f.write("HAS_UPDATES=true\n")
return 0
if __name__ == "__main__":
sys.exit(main())
================================================
FILE: .github/bin/bump_downstreams.sh
================================================
#!/bin/bash
# Extract downstream info from ci.yml using yq
DOWNSTREAMS=$(yq '.jobs.linux-downstream.strategy.matrix.include[] | .DOWNSTREAM + ":" + .REPO + ":" + .REF' .github/workflows/ci.yml)
echo "Found downstreams:"
echo "$DOWNSTREAMS"
# Create individual bump steps for each downstream
HAS_ANY_UPDATES=false
COMBINED_COMMIT_MSG=""
while IFS=: read -r downstream repo ref; do
echo "Processing $downstream..."
# Convert repo to GitHub URL
repo_url="https://github.com/$repo"
# Extract branch name and determine if it's a tag from the comment in ci.yml
# Find the comment line for this downstream by looking for the REF line and getting the comment above it
comment_line=$(grep -B1 -F "REF: $ref" .github/workflows/ci.yml | grep "^[[:space:]]*#" | tail -1)
# Parse the comment to determine branch and whether it's a tag
if echo "$comment_line" | grep -q "release tag"; then
# This is a tag-based entry
tag_args="--tag"
branch="" # Not used for tags
comment_pattern="# Latest release tag of $downstream, as of.*\\."
else
# This is a branch-based entry, extract branch name
branch=$(echo "$comment_line" | sed -n 's/.*on the .* \([^ ]*\) branch.*/\1/p')
tag_args=""
comment_pattern="# Latest commit on the $downstream .* branch, as of.*\\."
fi
echo "Using branch: $branch, tag_args: $tag_args"
# Create pattern to match REF in ci.yml (escape regex special chars in ref)
escaped_ref=$(python3 -c "import re, sys; print(re.escape(sys.argv[1]))" "$ref")
ref_pattern="REF: ($escaped_ref)"
replacement_pattern="REF: {new_version}"
# Create a temporary file for this downstream's commit message
TEMP_MSG_FILE=$(mktemp)
# Run bump_dependency.py with commit-message-fd redirected to the temp file
python3 .github/bin/bump_dependency.py \
--name "$downstream" \
--repo-url "$repo_url" \
--branch "$branch" \
--file-path ".github/workflows/ci.yml" \
--current-version-pattern "$ref_pattern" \
--update-pattern "$replacement_pattern" \
--comment-pattern "$comment_pattern" \
--commit-message-fd 3 \
$tag_args 3>"$TEMP_MSG_FILE"
# Check if this downstream had updates (commit message file has content)
if [ -s "$TEMP_MSG_FILE" ]; then
HAS_ANY_UPDATES=true
DOWNSTREAM_MSG=$(cat "$TEMP_MSG_FILE")
if [ -n "$COMBINED_COMMIT_MSG" ]; then
COMBINED_COMMIT_MSG="$COMBINED_COMMIT_MSG"$'\n\n'"$DOWNSTREAM_MSG"
else
COMBINED_COMMIT_MSG="$DOWNSTREAM_MSG"
fi
fi
# Clean up temp file
rm -f "$TEMP_MSG_FILE"
done <<< "$DOWNSTREAMS"
# Set final outputs
echo "HAS_UPDATES=$HAS_ANY_UPDATES" >> "$GITHUB_OUTPUT"
if [ "$HAS_ANY_UPDATES" = "true" ]; then
echo "COMMIT_MSG<<EOF" >> "$GITHUB_OUTPUT"
echo "$COMBINED_COMMIT_MSG" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
fi
================================================
FILE: .github/bin/compare_benchmarks.py
================================================
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
import json
import sys
def bench_data_as_dict(data):
return {d["fullname"]: d["stats"] for d in data["benchmarks"]}
def main(base_bench_path, pr_bench_path):
with open(base_bench_path) as f:
base_bench_data = bench_data_as_dict(json.load(f))
with open(pr_bench_path) as f:
pr_bench_data = bench_data_as_dict(json.load(f))
print("| Benchmark | Base | PR | Delta |")
print("| --------- | ---- | -- | ----- |")
for bench_name in sorted(base_bench_data):
# TODO: use better statistics than just comparing medians
base_result = base_bench_data[bench_name]["median"]
pr_result = pr_bench_data[bench_name]["median"]
if base_result == pr_result:
# PR and base are identical
delta = "--"
elif base_result > pr_result:
# PR is faster than base
delta = f"{100 - round(100 * pr_result / base_result)}% faster"
else:
delta = f"{100 - round(100 * base_result / pr_result)}% slower"
print(
f"| `{bench_name}` | {round(base_result * 1000 * 1000 * 1000, 2)} "
f"ns | {round(pr_result * 1000 * 1000 * 1000, 2)} ns | {delta} |"
)
if __name__ == "__main__":
main(*sys.argv[1:])
================================================
FILE: .github/bin/merge_rust_coverage.py
================================================
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
import collections.abc
import pathlib
import sys
import coverage
CoverageData = collections.abc.Mapping[str, collections.abc.Mapping[int, int]]
class RustCoveragePlugin(coverage.CoveragePlugin):
def __init__(
self,
coverage_data: CoverageData,
) -> None:
super().__init__()
self._data = coverage_data
def file_reporter(self, filename: str) -> coverage.FileReporter:
return RustCoverageFileReporter(filename, self._data[filename])
class RustCoverageFileReporter(coverage.FileReporter):
def __init__(
self, filename: str, coverage_data: collections.abc.Mapping[int, int]
) -> None:
super().__init__(filename)
self._data = coverage_data
def lines(self) -> set[int]:
return set(self._data)
def arcs(self) -> set[tuple[int, int]]:
return {(-1, line) for line in self._data}
def get_excluded_lines(filename: str) -> list[int]:
"""
Parse source file for NO-COVERAGE-START/END pairs and return excluded
lines.
"""
excluded = []
with open(filename) as f:
in_excluded_block = False
for line_num, line in enumerate(f, start=1):
stripped = line.strip()
if stripped == "// NO-COVERAGE-START":
in_excluded_block = True
elif stripped == "// NO-COVERAGE-END":
in_excluded_block = False
elif in_excluded_block:
excluded.append(line_num)
return excluded
def parse_lcovs(
path: pathlib.Path,
) -> tuple[
CoverageData,
dict[str, set[tuple[int, int]]],
]:
# {filename: {line_number: count}}
raw_data = collections.defaultdict(lambda: collections.defaultdict(int))
current_file = None
for p in path.glob("*.lcov"):
with p.open() as f:
for line in f:
line = line.strip()
if line == "end_of_record":
assert current_file is not None
current_file = None
continue
prefix, suffix = line.split(":", 1)
match prefix:
case "SF":
current_file = raw_data[suffix]
case "DA":
assert current_file is not None
line_number, count = suffix.split(",")
current_file[int(line_number)] += int(count)
case (
"BRF"
| "BRH"
| "FN"
| "FNDA"
| "FNF"
| "FNH"
| "LF"
| "LH"
):
# These are various forms of metadata and summary stats
# that we don't need.
pass
case _:
raise NotImplementedError(prefix)
# Filter out lines within NO-COVERAGE blocks
for file_name in raw_data:
excluded_lines = get_excluded_lines(file_name)
for line_num in excluded_lines:
raw_data[file_name].pop(line_num, None)
covered_lines = {
file_name: {(-1, line) for line, c in lines.items() if c > 0}
for file_name, lines in raw_data.items()
}
return raw_data, covered_lines
def main(coverage_loc: str):
path = pathlib.Path(coverage_loc)
coverage_data = coverage.CoverageData(suffix="rust")
print("Parsing LCOVs")
raw_data, covered_lines = parse_lcovs(path)
coverage_data.add_arcs(covered_lines)
coverage_data.add_file_tracers(
dict.fromkeys(covered_lines, "None.RustCoveragePlugin")
)
coverage_data.write()
cov = coverage.Coverage(
plugins=[
lambda reg: reg.add_file_tracer(RustCoveragePlugin(raw_data))
],
)
print("Combining Coverage")
cov.combine(
data_paths=[str(path), coverage_data.data_filename()], keep=True
)
print("Coverage Report")
coverage_percent = cov.report(show_missing=True)
if coverage_percent < 100:
print("+++ Combined coverage under 100% +++")
cov.html_report()
sys.exit(1)
if __name__ == "__main__":
main(*sys.argv[1:])
================================================
FILE: .github/config/macos-pkg-choices-freethreaded.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>org.python.Python.PythonTFramework-3.14</string>
</dict>
</array>
</plist>
================================================
FILE: .github/dependabot.yml
================================================
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "github-actions"
directories:
- "/"
- "/.github/actions/*/"
schedule:
interval: "daily"
time: "06:00"
timezone: "America/New_York"
open-pull-requests-limit: 1024
cooldown:
default-days: 7
- package-ecosystem: cargo
directory: "/"
schedule:
interval: daily
time: "06:00"
timezone: "America/New_York"
allow:
# Also update indirect dependencies
- dependency-type: all
open-pull-requests-limit: 1024
- package-ecosystem: uv
directories:
- "/"
- "/.github/requirements/"
schedule:
interval: daily
time: "06:00"
timezone: "America/New_York"
allow:
# Also update indirect dependencies
- dependency-type: all
open-pull-requests-limit: 1024
================================================
FILE: .github/downstream.d/aws-dynamodb-encryption-python.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd aws-dynamodb-encryption-python
uv pip install -e .
uv pip install -r test/upstream-requirements-py311.txt
;;
run)
cd aws-dynamodb-encryption-python
pytest -n auto test/ -m "local and not slow and not veryslow and not nope"
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/aws-encryption-sdk-python.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd aws-encryption-sdk-python
uv pip install -e .
uv pip install -r test/upstream-requirements-py311.txt
;;
run)
cd aws-encryption-sdk-python
pytest -m local test/ --ignore test/mpl/
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/certbot-josepy.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd josepy
curl -sSL https://install.python-poetry.org | python3 -
"${HOME}/.local/bin/poetry" self add poetry-plugin-export
"${HOME}/.local/bin/poetry" export -f constraints.txt --dev --without-hashes -o constraints.txt
uv pip install -e . pytest -c constraints.txt
;;
run)
cd josepy
pytest tests
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/certbot.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd certbot
uv pip install pip
tools/pip_install.py -e ./acme[test]
tools/pip_install.py -e ./certbot[test]
uv pip install -U pyopenssl
;;
run)
cd certbot
# Ignore some warnings for now since they're now automatically promoted
# to errors. We can probably remove this when acme gets split into
# its own repo
pytest -Wignore certbot
pytest acme
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/mitmproxy.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd mitmproxy
uv pip install -r <(uv export --locked) -e .
;;
run)
cd mitmproxy
pytest test
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/paramiko.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd paramiko
uv --version
uv sync --inexact --active
;;
run)
cd paramiko
# https://github.com/paramiko/paramiko/issues/1927
inv test || inv test
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/pyopenssl-release.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd pyopenssl
uv pip install -e ".[test]"
;;
run)
cd pyopenssl
pytest tests
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/pyopenssl.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd pyopenssl
uv pip install -e ".[test]"
;;
run)
cd pyopenssl
pytest tests
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/scapy.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd scapy
uv pip install tox
;;
run)
cd scapy
TOX_OVERRIDE="testenv:cryptography.deps=file://$(realpath ..)" tox -e cryptography
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/sigstore-python.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
# NOTE: placed in /tmp to avoid inscrutable pytest failures
# with 'unrecognized arguments: --benchmark-disable'
cp -r sigstore-python /tmp/sigstore-python
cd /tmp/sigstore-python
uv pip install pip
pip install -e ".[test]"
;;
run)
cd /tmp/sigstore-python
# Run only the unit tests, and skip any that require network access.
pytest test/unit --skip-online
;;
*)
exit 1
;;
esac
================================================
FILE: .github/downstream.d/twisted.sh
================================================
#!/bin/bash -ex
case "${1}" in
install)
cd twisted
uv pip install ".[all_non_platform]"
;;
run)
cd twisted
python -m twisted.trial -j4 src/twisted
;;
*)
exit 1
;;
esac
================================================
FILE: .github/requirements/build-requirements.in
================================================
# Must be kept sync with build-system.requires at pyproject.toml
setuptools!=74.0.0
cffi>=1.14; platform_python_implementation != 'PyPy' and python_version == '3.8'
cffi>=2.0.0; platform_python_implementation != 'PyPy' and python_version >= '3.9'
maturin>=1,<2
# Must be kept sync with build-system.requires at vectors/pyproject.toml
uv_build>=0.7.19,<0.11.0
# Must be kept in sync with project.dependencies at pyproject.toml
typing-extensions>=4.13.2; python_version < '3.11'
# WARN: changing the requirements here DOES NOT update the dependencies used
# for building at the github workflow -- it uses build-requirements.txt
# To update build-requirements.txt, update this file and then run
# uv pip compile --universal --python-version 3.9 --allow-unsafe --generate-hashes --refresh build-requirements.in -o build-requirements.txt
================================================
FILE: .github/requirements/build-requirements.txt
================================================
# This file was autogenerated by uv via the following command:
# uv pip compile --universal --python-version 3.9 --allow-unsafe --generate-hashes --refresh build-requirements.in -o build-requirements.txt
cffi==2.0.0 ; platform_python_implementation != 'PyPy' \
--hash=sha256:00bdf7acc5f795150faa6957054fbbca2439db2f775ce831222b66f192f03beb \
--hash=sha256:07b271772c100085dd28b74fa0cd81c8fb1a3ba18b21e03d7c27f3436a10606b \
--hash=sha256:087067fa8953339c723661eda6b54bc98c5625757ea62e95eb4898ad5e776e9f \
--hash=sha256:0a1527a803f0a659de1af2e1fd700213caba79377e27e4693648c2923da066f9 \
--hash=sha256:0cf2d91ecc3fcc0625c2c530fe004f82c110405f101548512cce44322fa8ac44 \
--hash=sha256:0f6084a0ea23d05d20c3edcda20c3d006f9b6f3fefeac38f59262e10cef47ee2 \
--hash=sha256:12873ca6cb9b0f0d3a0da705d6086fe911591737a59f28b7936bdfed27c0d47c \
--hash=sha256:19f705ada2530c1167abacb171925dd886168931e0a7b78f5bffcae5c6b5be75 \
--hash=sha256:1cd13c99ce269b3ed80b417dcd591415d3372bcac067009b6e0f59c7d4015e65 \
--hash=sha256:1e3a615586f05fc4065a8b22b8152f0c1b00cdbc60596d187c2a74f9e3036e4e \
--hash=sha256:1f72fb8906754ac8a2cc3f9f5aaa298070652a0ffae577e0ea9bd480dc3c931a \
--hash=sha256:1fc9ea04857caf665289b7a75923f2c6ed559b8298a1b8c49e59f7dd95c8481e \
--hash=sha256:203a48d1fb583fc7d78a4c6655692963b860a417c0528492a6bc21f1aaefab25 \
--hash=sha256:2081580ebb843f759b9f617314a24ed5738c51d2aee65d31e02f6f7a2b97707a \
--hash=sha256:21d1152871b019407d8ac3985f6775c079416c282e431a4da6afe7aefd2bccbe \
--hash=sha256:24b6f81f1983e6df8db3adc38562c83f7d4a0c36162885ec7f7b77c7dcbec97b \
--hash=sha256:256f80b80ca3853f90c21b23ee78cd008713787b1b1e93eae9f3d6a7134abd91 \
--hash=sha256:28a3a209b96630bca57cce802da70c266eb08c6e97e5afd61a75611ee6c64592 \
--hash=sha256:2c8f814d84194c9ea681642fd164267891702542f028a15fc97d4674b6206187 \
--hash=sha256:2de9a304e27f7596cd03d16f1b7c72219bd944e99cc52b84d0145aefb07cbd3c \
--hash=sha256:38100abb9d1b1435bc4cc340bb4489635dc2f0da7456590877030c9b3d40b0c1 \
--hash=sha256:3925dd22fa2b7699ed2617149842d2e6adde22b262fcbfada50e3d195e4b3a94 \
--hash=sha256:3e17ed538242334bf70832644a32a7aae3d83b57567f9fd60a26257e992b79ba \
--hash=sha256:3e837e369566884707ddaf85fc1744b47575005c0a229de3327f8f9a20f4efeb \
--hash=sha256:3f4d46d8b35698056ec29bca21546e1551a205058ae1a181d871e278b0b28165 \
--hash=sha256:44d1b5909021139fe36001ae048dbdde8214afa20200eda0f64c068cac5d5529 \
--hash=sha256:45d5e886156860dc35862657e1494b9bae8dfa63bf56796f2fb56e1679fc0bca \
--hash=sha256:4647afc2f90d1ddd33441e5b0e85b16b12ddec4fca55f0d9671fef036ecca27c \
--hash=sha256:4671d9dd5ec934cb9a73e7ee9676f9362aba54f7f34910956b84d727b0d73fb6 \
--hash=sha256:53f77cbe57044e88bbd5ed26ac1d0514d2acf0591dd6bb02a3ae37f76811b80c \
--hash=sha256:5eda85d6d1879e692d546a078b44251cdd08dd1cfb98dfb77b670c97cee49ea0 \
--hash=sha256:5fed36fccc0612a53f1d4d9a816b50a36702c28a2aa880cb8a122b3466638743 \
--hash=sha256:61d028e90346df14fedc3d1e5441df818d095f3b87d286825dfcbd6459b7ef63 \
--hash=sha256:66f011380d0e49ed280c789fbd08ff0d40968ee7b665575489afa95c98196ab5 \
--hash=sha256:6824f87845e3396029f3820c206e459ccc91760e8fa24422f8b0c3d1731cbec5 \
--hash=sha256:6c6c373cfc5c83a975506110d17457138c8c63016b563cc9ed6e056a82f13ce4 \
--hash=sha256:6d02d6655b0e54f54c4ef0b94eb6be0607b70853c45ce98bd278dc7de718be5d \
--hash=sha256:6d50360be4546678fc1b79ffe7a66265e28667840010348dd69a314145807a1b \
--hash=sha256:730cacb21e1bdff3ce90babf007d0a0917cc3e6492f336c2f0134101e0944f93 \
--hash=sha256:737fe7d37e1a1bffe70bd5754ea763a62a066dc5913ca57e957824b72a85e205 \
--hash=sha256:74a03b9698e198d47562765773b4a8309919089150a0bb17d829ad7b44b60d27 \
--hash=sha256:7553fb2090d71822f02c629afe6042c299edf91ba1bf94951165613553984512 \
--hash=sha256:7a66c7204d8869299919db4d5069a82f1561581af12b11b3c9f48c584eb8743d \
--hash=sha256:7cc09976e8b56f8cebd752f7113ad07752461f48a58cbba644139015ac24954c \
--hash=sha256:81afed14892743bbe14dacb9e36d9e0e504cd204e0b165062c488942b9718037 \
--hash=sha256:8941aaadaf67246224cee8c3803777eed332a19d909b47e29c9842ef1e79ac26 \
--hash=sha256:89472c9762729b5ae1ad974b777416bfda4ac5642423fa93bd57a09204712322 \
--hash=sha256:8ea985900c5c95ce9db1745f7933eeef5d314f0565b27625d9a10ec9881e1bfb \
--hash=sha256:8eca2a813c1cb7ad4fb74d368c2ffbbb4789d377ee5bb8df98373c2cc0dee76c \
--hash=sha256:92b68146a71df78564e4ef48af17551a5ddd142e5190cdf2c5624d0c3ff5b2e8 \
--hash=sha256:9332088d75dc3241c702d852d4671613136d90fa6881da7d770a483fd05248b4 \
--hash=sha256:94698a9c5f91f9d138526b48fe26a199609544591f859c870d477351dc7b2414 \
--hash=sha256:9a67fc9e8eb39039280526379fb3a70023d77caec1852002b4da7e8b270c4dd9 \
--hash=sha256:9de40a7b0323d889cf8d23d1ef214f565ab154443c42737dfe52ff82cf857664 \
--hash=sha256:a05d0c237b3349096d3981b727493e22147f934b20f6f125a3eba8f994bec4a9 \
--hash=sha256:afb8db5439b81cf9c9d0c80404b60c3cc9c3add93e114dcae767f1477cb53775 \
--hash=sha256:b18a3ed7d5b3bd8d9ef7a8cb226502c6bf8308df1525e1cc676c3680e7176739 \
--hash=sha256:b1e74d11748e7e98e2f426ab176d4ed720a64412b6a15054378afdb71e0f37dc \
--hash=sha256:b21e08af67b8a103c71a250401c78d5e0893beff75e28c53c98f4de42f774062 \
--hash=sha256:b4c854ef3adc177950a8dfc81a86f5115d2abd545751a304c5bcf2c2c7283cfe \
--hash=sha256:b882b3df248017dba09d6b16defe9b5c407fe32fc7c65a9c69798e6175601be9 \
--hash=sha256:baf5215e0ab74c16e2dd324e8ec067ef59e41125d3eade2b863d294fd5035c92 \
--hash=sha256:c649e3a33450ec82378822b3dad03cc228b8f5963c0c12fc3b1e0ab940f768a5 \
--hash=sha256:c654de545946e0db659b3400168c9ad31b5d29593291482c43e3564effbcee13 \
--hash=sha256:c6638687455baf640e37344fe26d37c404db8b80d037c3d29f58fe8d1c3b194d \
--hash=sha256:c8d3b5532fc71b7a77c09192b4a5a200ea992702734a2e9279a37f2478236f26 \
--hash=sha256:cb527a79772e5ef98fb1d700678fe031e353e765d1ca2d409c92263c6d43e09f \
--hash=sha256:cf364028c016c03078a23b503f02058f1814320a56ad535686f90565636a9495 \
--hash=sha256:d48a880098c96020b02d5a1f7d9251308510ce8858940e6fa99ece33f610838b \
--hash=sha256:d68b6cef7827e8641e8ef16f4494edda8b36104d79773a334beaa1e3521430f6 \
--hash=sha256:d9b29c1f0ae438d5ee9acb31cadee00a58c46cc9c0b2f9038c6b0b3470877a8c \
--hash=sha256:d9b97165e8aed9272a6bb17c01e3cc5871a594a446ebedc996e2397a1c1ea8ef \
--hash=sha256:da68248800ad6320861f129cd9c1bf96ca849a2771a59e0344e88681905916f5 \
--hash=sha256:da902562c3e9c550df360bfa53c035b2f241fed6d9aef119048073680ace4a18 \
--hash=sha256:dbd5c7a25a7cb98f5ca55d258b103a2054f859a46ae11aaf23134f9cc0d356ad \
--hash=sha256:dd4f05f54a52fb558f1ba9f528228066954fee3ebe629fc1660d874d040ae5a3 \
--hash=sha256:de8dad4425a6ca6e4e5e297b27b5c824ecc7581910bf9aee86cb6835e6812aa7 \
--hash=sha256:e11e82b744887154b182fd3e7e8512418446501191994dbf9c9fc1f32cc8efd5 \
--hash=sha256:e6e73b9e02893c764e7e8d5bb5ce277f1a009cd5243f8228f75f842bf937c534 \
--hash=sha256:f73b96c41e3b2adedc34a7356e64c8eb96e03a3782b535e043a986276ce12a49 \
--hash=sha256:f93fd8e5c8c0a4aa1f424d6173f14a892044054871c771f8566e4008eaa359d2 \
--hash=sha256:fc33c5141b55ed366cfaad382df24fe7dcbc686de5be719b207bb248e3053dc5 \
--hash=sha256:fc7de24befaeae77ba923797c7c87834c73648a05a4bde34b3b7e5588973a453 \
--hash=sha256:fe562eb1a64e67dd297ccc4f5addea2501664954f2692b69a76449ec7913ecbf
# via -r build-requirements.in
maturin==1.12.6 \
--hash=sha256:06fc8d089f98623ce924c669b70911dfed30f9a29956c362945f727f9abc546b \
--hash=sha256:2cb41139295eed6411d3cdafc7430738094c2721f34b7eeb44f33cac516115dc \
--hash=sha256:351f3af1488a7cbdcff3b6d8482c17164273ac981378a13a4a9937a49aec7d71 \
--hash=sha256:3f32e0a3720b81423c9d35c14e728cb1f954678124749776dc72d533ea1115e8 \
--hash=sha256:6892b4176992fcc143f9d1c1c874a816e9a041248eef46433db87b0f0aff4278 \
--hash=sha256:6dbddfe4dc7ddee60bbac854870bd7cfec660acb54d015d24597d59a1c828f61 \
--hash=sha256:75133e56274d43b9227fd49dca9a86e32f1fd56a7b55544910c4ce978c2bb5aa \
--hash=sha256:8fdb0f63e77ee3df0f027a120e9af78dbc31edf0eb0f263d55783c250c33b728 \
--hash=sha256:977290159d252db946054a0555263c59b3d0c7957135c69e690f4b1558ee9983 \
--hash=sha256:bae91976cdc8148038e13c881e1e844e5c63e58e026e8b9945aa2d19b3b4ae89 \
--hash=sha256:c0c742beeeef7fb93b6a81bd53e75507887e396fd1003c45117658d063812dad \
--hash=sha256:d37be3a811a7f2ee28a0fa0964187efa50e90f21da0c6135c27787fa0b6a89db \
--hash=sha256:e90dc12bc6a38e9495692a36c9e231c4d7e0c9bfde60719468ab7d8673db3c45 \
--hash=sha256:fa84b7493a2e80759cacc2e668fa5b444d55b9994e90707c42904f55d6322c1e
# via -r build-requirements.in
pycparser==2.23 ; python_full_version < '3.10' and implementation_name != 'PyPy' and platform_python_implementation != 'PyPy' \
--hash=sha256:78816d4f24add8f10a06d6f05b4d424ad9e96cfebf68a4ddc99c65c0720d00c2 \
--hash=sha256:e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934
# via cffi
pycparser==3.0 ; python_full_version >= '3.10' and implementation_name != 'PyPy' and platform_python_implementation != 'PyPy' \
--hash=sha256:600f49d217304a5902ac3c37e1281c9fe94e4d0489de643a9504c5cdfdfc6b29 \
--hash=sha256:b727414169a36b7d524c1c3e31839a521725078d7b2ff038656844266160a992
# via cffi
setuptools==82.0.1 \
--hash=sha256:7d872682c5d01cfde07da7bccc7b65469d3dca203318515ada1de5eda35efbf9 \
--hash=sha256:a59e362652f08dcd477c78bb6e7bd9d80a7995bc73ce773050228a348ce2e5bb
# via -r build-requirements.in
tomli==2.4.0 ; python_full_version < '3.11' \
--hash=sha256:0408e3de5ec77cc7f81960c362543cbbd91ef883e3138e81b729fc3eea5b9729 \
--hash=sha256:0dc56fef0e2c1c470aeac5b6ca8cc7b640bb93e92d9803ddaf9ea03e198f5b0b \
--hash=sha256:0e0fe8a0b8312acf3a88077a0802565cb09ee34107813bba1c7cd591fa6cfc8d \
--hash=sha256:0f2e3955efea4d1cfbcb87bc321e00dc08d2bcb737fd1d5e398af111d86db5df \
--hash=sha256:133e93646ec4300d651839d382d63edff11d8978be23da4cc106f5a18b7d0576 \
--hash=sha256:1b168f2731796b045128c45982d3a4874057626da0e2ef1fdd722848b741361d \
--hash=sha256:1c8a885b370751837c029ef9bc014f27d80840e48bac415f3412e6593bbc18c1 \
--hash=sha256:1f776e7d669ebceb01dee46484485f43a4048746235e683bcdffacdf1fb4785a \
--hash=sha256:1fb2945cbe303b1419e2706e711b7113da57b7db31ee378d08712d678a34e51e \
--hash=sha256:20cedb4ee43278bc4f2fee6cb50daec836959aadaf948db5172e776dd3d993fc \
--hash=sha256:20ffd184fb1df76a66e34bd1b36b4a4641bd2b82954befa32fe8163e79f1a702 \
--hash=sha256:26ab906a1eb794cd4e103691daa23d95c6919cc2fa9160000ac02370cc9dd3f6 \
--hash=sha256:2add28aacc7425117ff6364fe9e06a183bb0251b03f986df0e78e974047571fd \
--hash=sha256:2b1e3b80e1d5e52e40e9b924ec43d81570f0e7d09d11081b797bc4692765a3d4 \
--hash=sha256:31d556d079d72db7c584c0627ff3a24c5d3fb4f730221d3444f3efb1b2514776 \
--hash=sha256:36b9d05b51e65b254ea6c2585b59d2c4cb91c8a3d91d0ed0f17591a29aaea54a \
--hash=sha256:39b0b5d1b6dd03684b3fb276407ebed7090bbec989fa55838c98560c01113b66 \
--hash=sha256:3cf226acb51d8f1c394c1b310e0e0e61fecdd7adcb78d01e294ac297dd2e7f87 \
--hash=sha256:3d895d56bd3f82ddd6faaff993c275efc2ff38e52322ea264122d72729dca2b2 \
--hash=sha256:413540dce94673591859c4c6f794dfeaa845e98bf35d72ed59636f869ef9f86f \
--hash=sha256:43e685b9b2341681907759cf3a04e14d7104b3580f808cfde1dfdb60ada85475 \
--hash=sha256:4cbcb367d44a1f0c2be408758b43e1ffb5308abe0ea222897d6bfc8e8281ef2f \
--hash=sha256:551e321c6ba03b55676970b47cb1b73f14a0a4dce6a3e1a9458fd6d921d72e95 \
--hash=sha256:5572e41282d5268eb09a697c89a7bee84fae66511f87533a6f88bd2f7b652da9 \
--hash=sha256:5aa48d7c2356055feef06a43611fc401a07337d5b006be13a30f6c58f869e3c3 \
--hash=sha256:5b5807f3999fb66776dbce568cc9a828544244a8eb84b84b9bafc080c99597b9 \
--hash=sha256:5e3f639a7a8f10069d0e15408c0b96a2a828cfdec6fca05296ebcdcc28ca7c76 \
--hash=sha256:685306e2cc7da35be4ee914fd34ab801a6acacb061b6a7abca922aaf9ad368da \
--hash=sha256:75c2f8bbddf170e8effc98f5e9084a8751f8174ea6ccf4fca5398436e0320bc8 \
--hash=sha256:7b438885858efd5be02a9a133caf5812b8776ee0c969fea02c45e8e3f296ba51 \
--hash=sha256:7d49c66a7d5e56ac959cb6fc583aff0651094ec071ba9ad43df785abc2320d86 \
--hash=sha256:7d6d9a4aee98fac3eab4952ad1d73aee87359452d1c086b5ceb43ed02ddb16b8 \
--hash=sha256:84d081fbc252d1b6a982e1870660e7330fb8f90f676f6e78b052ad4e64714bf0 \
--hash=sha256:8768715ffc41f0008abe25d808c20c3d990f42b6e2e58305d5da280ae7d1fa3b \
--hash=sha256:920b1de295e72887bafa3ad9f7a792f811847d57ea6b1215154030cf131f16b1 \
--hash=sha256:9a08144fa4cba33db5255f9b74f0b89888622109bd2776148f2597447f92a94e \
--hash=sha256:a26d7ff68dfdb9f87a016ecfd1e1c2bacbe3108f4e0f8bcd2228ef9a766c787d \
--hash=sha256:aa89c3f6c277dd275d8e243ad24f3b5e701491a860d5121f2cdd399fbb31fc9c \
--hash=sha256:b5ef256a3fd497d4973c11bf142e9ed78b150d36f5773f1ca6088c230ffc5867 \
--hash=sha256:b6c78bdf37764092d369722d9946cb65b8767bfa4110f902a1b2542d8d173c8a \
--hash=sha256:bbb1b10aa643d973366dc2cb1ad94f99c1726a02343d43cbc011edbfac579e7c \
--hash=sha256:c084ad935abe686bd9c898e62a02a19abfc9760b5a79bc29644463eaf2840cb0 \
--hash=sha256:c73add4bb52a206fd0c0723432db123c0c75c280cbd67174dd9d2db228ebb1b4 \
--hash=sha256:cae9c19ed12d4e8f3ebf46d1a75090e4c0dc16271c5bce1c833ac168f08fb614 \
--hash=sha256:d20b797a5c1ad80c516e41bc1fb0443ddb5006e9aaa7bda2d71978346aeb9132 \
--hash=sha256:d3d1654e11d724760cdb37a3d7691f0be9db5fbdaef59c9f532aabf87006dbaa \
--hash=sha256:d878f2a6707cc9d53a1be1414bbb419e629c3d6e67f69230217bb663e76b5087
# via maturin
typing-extensions==4.15.0 ; python_full_version < '3.11' \
--hash=sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466 \
--hash=sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548
# via -r build-requirements.in
uv-build==0.10.12 \
--hash=sha256:013573044907324c99f74b365dd1574a383d4f453fde965693ba7cdf6432c8e5 \
--hash=sha256:16cd225f57b9fc60a0749572c73497902a22225b847d8606211dbef958b7e865 \
--hash=sha256:2143f3807b654ead18cf7ec13d179b7b2d6e95ed5e20ae6b9fc592203fef3a2c \
--hash=sha256:2157a7787fa79ba550525894780a1bf975205b9248ed22703937af1f1dd74021 \
--hash=sha256:269bdb8907ff463c8dbb7a9b123d7fe316a172912b34b34ec8620a4267cdaf13 \
--hash=sha256:2de063880945b211b24bc243e12d01853474337c328fd73ea9b65915723ea9c8 \
--hash=sha256:30b020c5200d56bf21d0db525256737307866dac3ae138b52b345f691083dd0a \
--hash=sha256:7ab118c31728f7e5192781e58eb7bf18b33f4e6b46675baaa31f266c3c33248f \
--hash=sha256:8aadcea805994bfe47f21fc6e36c0dea802b58cec54ca5430734b86a78c6730a \
--hash=sha256:96ad2d76276ed9f47ea34fdd8ea9d85322221c1e586be75913acd7f548a3ad9f \
--hash=sha256:ac25a26fd6820bcebd65b6ff281788f8041d6a23c5d0372a75f033b0b432dc19 \
--hash=sha256:bb1122894d134ead39b772eb8ec4b9931dea7f6d2c90235b6c323d322d2f61ad \
--hash=sha256:c3e1ce5e0dee4ff971f964ab07bce78aefe537d5364fae243e307dda2550cdc7 \
--hash=sha256:dc1a8eb8b6c761c69ea03aae65ab32f897900d3995d68eda9a9c610ee3ee94f4 \
--hash=sha256:de103bc790f4518c4b77f937d690d50f6311409684b57ce5aca8cbae07c71ae0 \
--hash=sha256:e37047736eda373e7fb3a79399ca4e3c30d9be88e436276ebb7b243bcded428c \
--hash=sha256:e4b618934f177f31a930ea18398ae1cb40f35e2d3aca4d09b73afad5cd86b326 \
--hash=sha256:eaae56f65f9883e363c4f2985acc38270384d758131e39ad530959d1f4d5c244 \
--hash=sha256:f87b14be3275cf8d8666e3c5354509d6a2744a96ef83fdcdd87099bf1b9f1ef5
# via -r build-requirements.in
================================================
FILE: .github/requirements/uv-requirements.in
================================================
uv
================================================
FILE: .github/requirements/uv-requirements.txt
================================================
# This file was autogenerated by uv via the following command:
# uv pip compile --universal --python-version 3.8 --generate-hashes --refresh uv-requirements.in -o uv-requirements.txt
uv==0.10.12 \
--hash=sha256:006812a086fce03d230fc987299f7295c7a73d17a1f1c17de1d1f327826f8481 \
--hash=sha256:101481a1f48db6becf219914a591a588c0b3bfd05bef90768a5d04972bd6455e \
--hash=sha256:2ace05115bd9ee1b30d341728257fe051817c4c0a652c085c90d4bd4fb0bc8f2 \
--hash=sha256:2bb5893d79179727253e4a283871a693d7773c662a534fb897aa65496aa35765 \
--hash=sha256:2c21e1b36c384f75dd3fd4a818b04871158ce115efff0bb4fdcd18ba2df7bd48 \
--hash=sha256:2c5dfc7560453186e911c8c2e4ce95cd1c91e1c5926c3b34c5a825a307217be9 \
--hash=sha256:384b7f36a1ae50efe5f50fe299f276a83bf7acc8b7147517f34e27103270f016 \
--hash=sha256:551f799d53e397843b6cde7e3c61de716fb487da512a21a954b7d0cbc06967e0 \
--hash=sha256:6727e3a0208059cd4d621684e580d5e254322dacbd806e0d218360abd0d48a68 \
--hash=sha256:7099bdefffbe2df81accad52579657b8f9f870170caa779049c9fd82d645c9b3 \
--hash=sha256:76ebe11572409dfbe20ec25a823f9bc8781400ece5356aa33ec44903af7ec316 \
--hash=sha256:8dc352c93a47a4760cf824c31c55ce26511af780481e8f67c796d2779acaa928 \
--hash=sha256:a5afe619e8a861fe4d49df8e10d2c6963de0dac6b79350c4832bf3366c8496cf \
--hash=sha256:b9ca1d264059cb016c853ebbc4f21c72d983e0f347c927ca29e283aec2f596cf \
--hash=sha256:bd84379292e3c1a1bf0a05847c7c72b66bb581dccf8da1ef94cc82bf517efa7c \
--hash=sha256:be85acae8f31c68311505cd96202bad43165cbd7be110c59222f918677e93248 \
--hash=sha256:cca36540d637c80d11d8a44a998a068355f0c78b75ec6b0f152ecbf89dfdd67b \
--hash=sha256:e0f0ef58f0ba6fbfaf5f91b67aad6852252c49b8f78015a2a5800cf74c7538d5 \
--hash=sha256:fa722691c7ae5c023778ad0b040ab8619367bcfe44fd0d9e05a58751af86cdf8
# via -r uv-requirements.in
================================================
FILE: .github/workflows/auto-close-stale.yml
================================================
name: Auto-close stale issues
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
jobs:
auto-close:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
permissions:
issues: "write"
pull-requests: "write"
steps:
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
with:
only-labels: waiting-on-reporter
days-before-stale: 3
days-before-close: 5
stale-issue-message: "This issue has been waiting for a reporter response for 3 days. It will be auto-closed if no activity occurs in the next 5 days."
close-issue-message: "This issue has not received a reporter response and has been auto-closed. If the issue is still relevant please leave a comment and we can reopen it."
close-issue-reason: completed
================================================
FILE: .github/workflows/benchmark.yml
================================================
name: Benchmark
on:
pull_request:
paths:
- ".github/workflows/benchmark.yml"
- "src/**"
- "tests/**"
workflow_dispatch:
inputs:
base_commit:
description: The base commit to compare against
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
benchmark:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
path: "cryptography-pr"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
repository: "pyca/cryptography"
path: "cryptography-base"
ref: "${{ github.event.inputs.base_commit || github.base_ref }}"
- name: Clone test vectors
timeout-minutes: 2
uses: ./cryptography-base/.github/actions/fetch-vectors
- name: Setup python
id: setup-python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.11"
- name: Create virtualenv (base)
run: |
python -m venv .venv-base
.venv-base/bin/pip install -v -c ./cryptography-base/ci-constraints-requirements.txt "./cryptography-base[test]" ./cryptography-base/vectors/
- name: Create virtualenv (PR)
run: |
python -m venv .venv-pr
.venv-pr/bin/pip install -v -c ./cryptography-pr/ci-constraints-requirements.txt "./cryptography-pr[test]" ./cryptography-pr/vectors/
- name: Run benchmarks (base)
run: .venv-base/bin/pytest --benchmark-enable --benchmark-only ./cryptography-pr/tests/bench/ --benchmark-json=bench-base.json --x509-limbo-root=x509-limbo/
- name: Run benchmarks (PR)
run: .venv-pr/bin/pytest --benchmark-enable --benchmark-only ./cryptography-pr/tests/bench/ --benchmark-json=bench-pr.json --x509-limbo-root=x509-limbo/
- name: Compare results
run: python ./cryptography-pr/.github/bin/compare_benchmarks.py bench-base.json bench-pr.json | tee -a $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/boring-open-awslc-bump.yml
================================================
name: Bump BoringSSL, OpenSSL, AWS-LC
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Run daily
- cron: "0 10 * * *"
jobs:
bump:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Needed so we can push back to the repo
persist-credentials: true
- id: bump-boringssl
run: |
python3 .github/bin/bump_dependency.py \
--name "BoringSSL" \
--repo-url "https://boringssl.googlesource.com/boringssl" \
--branch "main" \
--file-path ".github/workflows/ci.yml" \
--current-version-pattern 'TYPE: "boringssl", VERSION: "([a-f0-9]{40})"' \
--update-pattern 'TYPE: "boringssl", VERSION: "{new_version}"' \
--comment-pattern 'Latest commit on the BoringSSL main branch.*?\.' \
--commit-url-template "{repo_url}/+/{version}" \
--diff-url-template "{repo_url}/+/{old_version}..{new_version}"
- id: bump-awslc
run: |
python3 .github/bin/bump_dependency.py \
--name "AWS-LC" \
--repo-url "https://github.com/aws/aws-lc" \
--branch "main" \
--file-path ".github/workflows/ci.yml" \
--current-version-pattern 'TYPE: "aws-lc", VERSION: "(v[0-9\.]*)"' \
--update-pattern 'TYPE: "aws-lc", VERSION: "{new_version}"' \
--comment-pattern 'Latest tag of AWS-LC main branch, as of .*?\.' \
--tag \
--tag-pattern 'v[0-9\.]*'
- name: Check for updates
run: git status
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: ${{ secrets.BORINGBOT_APP_ID }}
private_key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
if: steps.bump-boringssl.outputs.HAS_UPDATES == 'true' || steps.bump-awslc.outputs.HAS_UPDATES == 'true'
- name: Create Pull Request
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
branch: "bump-openssl-boringssl"
commit-message: "Bump BoringSSL, OpenSSL, AWS-LC in CI"
title: "Bump BoringSSL, OpenSSL, AWS-LC in CI"
author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
body: |
${{ steps.bump-boringssl.outputs.COMMIT_MSG }}
${{ steps.bump-awslc.outputs.COMMIT_MSG }}
token: ${{ steps.generate-token.outputs.token }}
if: steps.bump-boringssl.outputs.HAS_UPDATES == 'true' || steps.bump-awslc.outputs.HAS_UPDATES == 'true'
================================================
FILE: .github/workflows/ci.yml
================================================
name: CI
on:
pull_request: {}
push:
branches:
- main
- '*.*.x'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
CARGO_INCREMENTAL: 0
jobs:
linux:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
PYTHON:
- {VERSION: "3.8", NOXSESSION: "flake"}
- {VERSION: "3.14", NOXSESSION: "flake"}
- {VERSION: "3.14", NOXSESSION: "rust"}
- {VERSION: "3.12", NOXSESSION: "docs", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1"}}
- {VERSION: "3.14t", NOXSESSION: "rust,tests"}
- {VERSION: "pypy-3.11", NOXSESSION: "tests-nocoverage"}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct no-psk"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "0"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "1"}}
- {VERSION: "3.14", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.6.1"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.0.19"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.3.6"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.4.4"}}
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.5"}}
- {VERSION: "3.14", NOXSESSION: "tests-ssh", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1"}}
- {VERSION: "3.14", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.1.2"}}
- {VERSION: "3.14", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.2.1"}}
# Latest commit on the BoringSSL main branch, as of Mar 20, 2026.
- {VERSION: "3.14", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "ba3de4d9b41906eb7e50d69edca140ef3cec053a"}}
# Latest tag of AWS-LC main branch, as of Mar 20, 2026.
- {VERSION: "3.14", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "aws-lc", VERSION: "v1.71.0"}}
# Latest commit on the OpenSSL master branch, as of Sep 04, 2025.
- {VERSION: "3.14", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "ceb45f64bde3d299c7ef529e5cd5372e4a421366"}}
# Builds with various Rust versions. Includes MSRV and next
# potential future MSRV.
# noclippy due to: https://github.com/PyO3/pyo3/issues/5768
- {VERSION: "3.14", NOXSESSION: "rust-noclippy,tests", RUST: "1.83.0"}
- {VERSION: "3.14", NOXSESSION: "rust,tests", RUST: "beta"}
- {VERSION: "3.14", NOXSESSION: "rust,tests", RUST: "nightly"}
- {VERSION: "3.14", NOXSESSION: "tests-rust-debug"}
# Not actually an MSRV, just for coverage on this
- {VERSION: "3.14", NOXSESSION: "tests", RUST: "1.87", OPENSSL: {TYPE: "openssl", VERSION: "3.6.1"}}
- {VERSION: "3.14", NOXSESSION: "tests", RUST: "1.87", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.6.1"}}
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Setup python
id: setup-python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
cache: pip
cache-dependency-path: ci-constraints-requirements.txt
timeout-minutes: 3
- name: Setup rust
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9
with:
toolchain: ${{ matrix.PYTHON.RUST }}
components: rustfmt,clippy
if: matrix.PYTHON.RUST
- run: rustup component add llvm-tools-preview
if: matrix.PYTHON.NOXSESSION != 'flake' && matrix.PYTHON.NOXSESSION != 'docs'
- name: Clone test vectors
timeout-minutes: 2
uses: ./.github/actions/fetch-vectors
if: matrix.PYTHON.NOXSESSION != 'flake' && matrix.PYTHON.NOXSESSION != 'docs' && matrix.PYTHON.NOXSESSION != 'rust'
- name: Compute config hash and set config vars
run: |
DEFAULT_CONFIG_FLAGS="shared no-ssl2 no-ssl3"
CONFIG_FLAGS="$DEFAULT_CONFIG_FLAGS $CONFIG_FLAGS"
OPENSSL_HASH=$(echo "${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-$CONFIG_FLAGS" | sha1sum | sed 's/ .*$//')
echo "CONFIG_FLAGS=${CONFIG_FLAGS}" >> $GITHUB_ENV
echo "OPENSSL_HASH=${OPENSSL_HASH}" >> $GITHUB_ENV
echo "OSSL_INFO=${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${CONFIG_FLAGS}" >> $GITHUB_ENV
echo "OSSL_PATH=${{ github.workspace }}/osslcache/${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${OPENSSL_HASH}" >> $GITHUB_ENV
env:
CONFIG_FLAGS: ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }}
if: matrix.PYTHON.OPENSSL
- name: Load OpenSSL cache
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
id: ossl-cache
timeout-minutes: 2
with:
path: ${{ github.workspace }}/osslcache
# When altering the openssl build process you may need to increment
# the value on the end of this cache key so that you can prevent it
# from fetching the cache and skipping the build step.
key: "${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${{ env.OPENSSL_HASH }}-${{ hashFiles('.github/bin/build_openssl.sh') }}-0"
if: matrix.PYTHON.OPENSSL
- name: Build custom OpenSSL/LibreSSL
run: .github/bin/build_openssl.sh
env:
TYPE: ${{ matrix.PYTHON.OPENSSL.TYPE }}
VERSION: ${{ matrix.PYTHON.OPENSSL.VERSION }}
if: matrix.PYTHON.OPENSSL && steps.ossl-cache.outputs.cache-hit != 'true'
- name: Set CFLAGS/LDFLAGS
run: |
echo "OPENSSL_DIR=${OSSL_PATH}" >> $GITHUB_ENV
echo "CFLAGS=${CFLAGS} -Werror=implicit-function-declaration" >> $GITHUB_ENV
echo "RUSTFLAGS=-Clink-arg=-Wl,-rpath=${OSSL_PATH}/lib -Clink-arg=-Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV
if: matrix.PYTHON.OPENSSL
- run: cargo install bindgen-cli
if: matrix.PYTHON.OPENSSL.TYPE == 'boringssl' || matrix.PYTHON.OPENSSL.TYPE == 'aws-lc'
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
# We have both the Python version from the matrix and from the
# setup-python step because the latter doesn't distinguish
# pypy3-3.8 and pypy3-3.9 -- both of them show up as 7.3.11.
key: "${{ matrix.PYTHON.VERSION }}-${{ steps.setup-python.outputs.python-version }}-${{ matrix.PYTHON.NOXSESSION }}-${{ env.OPENSSL_HASH }}-0"
- run: python -m pip install -c ci-constraints-requirements.txt 'nox[uv]' 'tomli; python_version < "3.11"'
- name: Create nox environment
run: |
nox -v --install-only
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
# Needed until https://github.com/PyO3/pyo3/issues/5093
PYO3_USE_ABI3_FORWARD_COMPATIBILITY: 1
- name: Tests
run: |
nox --no-install -- --color=yes --wycheproof-root=wycheproof --x509-limbo-root=x509-limbo ${{ matrix.PYTHON.NOXARGS }}
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
COLUMNS: 80
CRYPTOGRAPHY_OPENSSL_NO_LEGACY: ${{ matrix.PYTHON.OPENSSL.NO_LEGACY }}
- uses: ./.github/actions/upload-coverage
distros:
runs-on: ${{ matrix.IMAGE.RUNNER }}
container: ghcr.io/pyca/cryptography-runner-${{ matrix.IMAGE.IMAGE }}
strategy:
fail-fast: false
matrix:
IMAGE:
- {IMAGE: "bookworm", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "trixie", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "sid", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "ubuntu-jammy", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "ubuntu-noble", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "ubuntu-rolling", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "fedora", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "centos-stream9", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "centos-stream9-fips", NOXSESSION: "tests", RUNNER: "ubuntu-latest", FIPS: true}
- {IMAGE: "centos-stream10", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "centos-stream10-fips", NOXSESSION: "tests", RUNNER: "ubuntu-latest", FIPS: true}
- {IMAGE: "ubuntu-rolling:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
- {IMAGE: "ubuntu-rolling:armv7l", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
- {IMAGE: "ubuntu-rolling:ppc64le", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-ppc64le"}
timeout-minutes: 15
env:
RUSTUP_HOME: /root/.rustup
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
key: ${{ matrix.IMAGE.IMAGE }}
- name: Clone test vectors
timeout-minutes: 2
uses: ./.github/actions/fetch-vectors
# When run in a docker container the home directory doesn't have the same owner as the
# apparent user so pip refuses to create a cache dir
- name: create pip cache dir
run: mkdir -p "${HOME}/.cache/pip"
- run: |
echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
if: matrix.IMAGE.FIPS
- run: /venv/bin/python -m pip install -c ci-constraints-requirements.txt 'nox[uv]' 'tomli; python_version < "3.11"'
- run: '/venv/bin/nox -v --install-only'
env:
# OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
OPENSSL_ENABLE_SHA1_SIGNATURES: 1
NOXSESSION: ${{ matrix.IMAGE.NOXSESSION }}
- run: '/venv/bin/nox --no-install -- --color=yes --wycheproof-root="wycheproof" --x509-limbo-root="x509-limbo"'
env:
COLUMNS: 80
# OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
OPENSSL_ENABLE_SHA1_SIGNATURES: 1
NOXSESSION: ${{ matrix.IMAGE.NOXSESSION }}
- uses: ./.github/actions/upload-coverage
alpine:
runs-on: ${{ matrix.IMAGE.RUNNER }}
container:
image: ghcr.io/pyca/cryptography-runner-${{ matrix.IMAGE.IMAGE }}
volumes:
- /staticnodehost:/staticnodecontainer:rw,rshared
- /staticnodehost/20:/__e/node20:ro,rshared
- /staticnodehost/24:/__e/node24:ro,rshared
strategy:
fail-fast: false
matrix:
IMAGE:
- {IMAGE: "alpine", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
- {IMAGE: "alpine:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
timeout-minutes: 15
env:
RUSTUP_HOME: /root/.rustup
steps:
- name: Ridiculous-er workaround for static node20
run: |
cp -R /staticnode/* /staticnodecontainer/
- name: Ridiculous alpine workaround for actions support on arm64
run: |
# This modifies /etc/os-release so the JS actions
# from GH can't detect that it's on alpine:aarch64. It will
# then use a glibc nodejs, which works fine when gcompat
# is installed in the container (which it is)
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release
if: matrix.IMAGE.IMAGE == 'alpine:aarch64'
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
key: ${{ matrix.IMAGE.IMAGE }}
- name: Clone test vectors
timeout-minutes: 2
uses: ./.github/actions/fetch-vectors
# When run in a docker container the home directory doesn't have the same owner as the
# apparent user so pip refuses to create a cache dir
- name: create pip cache dir
run: mkdir -p "${HOME}/.cache/pip"
- run: |
echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
if: matrix.IMAGE.FIPS
- run: /venv/bin/python -m pip install -c ci-constraints-requirements.txt 'nox[uv]' 'tomli; python_version < "3.11"'
- run: '/venv/bin/nox -v --install-only'
env:
# OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
OPENSSL_ENABLE_SHA1_SIGNATURES: 1
NOXSESSION: ${{ matrix.IMAGE.NOXSESSION }}
- run: '/venv/bin/nox --no-install -- --color=yes --wycheproof-root="wycheproof" --x509-limbo-root="x509-limbo"'
env:
COLUMNS: 80
# OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
OPENSSL_ENABLE_SHA1_SIGNATURES: 1
NOXSESSION: ${{ matrix.IMAGE.NOXSESSION }}
- uses: ./.github/actions/upload-coverage
macos:
runs-on: ${{ matrix.RUNNER.OS }}
strategy:
fail-fast: false
matrix:
RUNNER:
- {OS: 'macos-15-intel', ARCH: 'x86_64'}
- {OS: 'macos-15', ARCH: 'arm64'}
PYTHON:
- {VERSION: "3.8", NOXSESSION: "tests"}
- {VERSION: "3.14", NOXSESSION: "tests"}
- {VERSION: "3.14t", NOXSESSION: "tests"}
exclude:
# We only test latest Python on arm64. py38 won't work since there's no universal2 binary
- PYTHON: {VERSION: "3.8", NOXSESSION: "tests"}
RUNNER: {OS: 'macos-15', ARCH: 'arm64'}
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
key: ${{ matrix.PYTHON.NOXSESSION }}-${{ matrix.PYTHON.VERSION }}
- name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
cache: pip
cache-dependency-path: ci-constraints-requirements.txt
timeout-minutes: 3
- run: rustup component add llvm-tools-preview
- run: python -m pip install -c ci-constraints-requirements.txt 'nox[uv]' 'tomli; python_version < "3.11"'
- name: Clone test vectors
timeout-minutes: 2
uses: ./.github/actions/fetch-vectors
- uses: dawidd6/action-download-artifact@2536c51d3d126276eb39f74d6bc9c72ac6ef30d3 # v16
with:
repo: pyca/infra
workflow: build-macos-openssl.yml
branch: main
workflow_conclusion: success
name: openssl-macos-universal2
path: "../openssl-macos-universal2/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build nox environment
run: |
OPENSSL_DIR=$(readlink -f ../openssl-macos-universal2/) \
OPENSSL_STATIC=1 \
CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function" \
nox -v --install-only
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
MACOSX_DEPLOYMENT_TARGET: "10.13"
- name: Tests
run: nox --no-install -- --color=yes --wycheproof-root=wycheproof --x509-limbo-root=x509-limbo
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
COLUMNS: 80
- uses: ./.github/actions/upload-coverage
windows:
runs-on: ${{ matrix.WINDOWS.RUNNER }}
strategy:
fail-fast: false
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32', RUNNER: 'windows-latest'}
- {ARCH: 'x64', WINDOWS: 'win64', RUNNER: 'windows-latest'}
PYTHON:
- {VERSION: "3.8", NOXSESSION: "tests-nocoverage"}
- {VERSION: "3.14", NOXSESSION: "tests"}
- {VERSION: "3.14t", NOXSESSION: "tests"}
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Setup python
id: setup-python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
cache: pip
cache-dependency-path: ci-constraints-requirements.txt
timeout-minutes: 3
- run: rustup component add llvm-tools-preview
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
key: ${{ matrix.PYTHON.NOXSESSION }}-${{ matrix.WINDOWS.ARCH }}-${{ steps.setup-python.outputs.python-version }}
- run: python -m pip install -c ci-constraints-requirements.txt "nox[uv]" "tomli; python_version < '3.11'"
- uses: dawidd6/action-download-artifact@2536c51d3d126276eb39f74d6bc9c72ac6ef30d3 # v16
with:
repo: pyca/infra
workflow: build-windows-openssl.yml
branch: main
workflow_conclusion: success
name: "openssl-${{ matrix.WINDOWS.WINDOWS }}"
path: "C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure
run: |
echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
shell: bash
- name: Clone test vectors
timeout-minutes: 2
uses: ./.github/actions/fetch-vectors
- name: Build nox environment
run: nox -v --install-only
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
- name: Tests
run: nox --no-install -- --color=yes --wycheproof-root=wycheproof --x509-limbo-root=x509-limbo
env:
NOXSESSION: ${{ matrix.PYTHON.NOXSESSION }}
COLUMNS: 80
- uses: ./.github/actions/upload-coverage
linux-downstream:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- DOWNSTREAM: paramiko
REPO: paramiko/paramiko
# Latest commit on the paramiko main branch, as of Oct 20, 2025.
REF: 8697158113a3eab25ed1d1d541ebe2cad10169a7
PATH: paramiko
- DOWNSTREAM: pyopenssl
REPO: pyca/pyopenssl
# Latest commit on the pyopenssl main branch, as of Mar 17, 2026.
REF: f72218efff8a1e3e7ae4683793ad36d2f9610976
PATH: pyopenssl
- DOWNSTREAM: pyopenssl-release
REPO: pyca/pyopenssl
# Latest release tag of pyopenssl-release, as of Mar 16, 2026.
REF: 26.0.0
PATH: pyopenssl
- DOWNSTREAM: twisted
REPO: twisted/twisted
# Latest commit on the twisted trunk branch, as of Mar 10, 2026.
REF: 3ec002a1f90faacca223f898705e2dd4924e8101
PATH: twisted
- DOWNSTREAM: aws-encryption-sdk-python
REPO: awslabs/aws-encryption-sdk-python
# Latest commit on the aws-encryption-sdk-python master branch, as of Feb 27, 2026.
REF: 51089773be9578ef844dd208c119acd54b2d8a14
PATH: aws-encryption-sdk-python
- DOWNSTREAM: aws-dynamodb-encryption-python
REPO: awslabs/aws-dynamodb-encryption-python
# Latest commit on the aws-dynamodb-encryption-python master branch, as of Jan 29, 2026.
REF: ff8ceec703f6e85cac3a3d658f3de06226cabdf4
PATH: aws-dynamodb-encryption-python
- DOWNSTREAM: certbot
REPO: certbot/certbot
# Latest commit on the certbot main branch, as of Mar 20, 2026.
REF: 9ed92009dbfeaa7578cb5c98724b4b3c1732fde8
PATH: certbot
- DOWNSTREAM: certbot-josepy
REPO: certbot/josepy
# Latest commit on the certbot-josepy main branch, as of Mar 10, 2026.
REF: de4cfa2b439b83c155d4af04c06a794451154612
PATH: josepy
- DOWNSTREAM: mitmproxy
REPO: mitmproxy/mitmproxy
# Latest commit on the mitmproxy main branch, as of Mar 18, 2026.
REF: b5d14444c655c0a0e21c6ba8914539a13f84d103
PATH: mitmproxy
- DOWNSTREAM: scapy
REPO: secdev/scapy
# Latest commit on the scapy master branch, as of Mar 20, 2026.
REF: b1add1f796b4f28f0ff29d6b81480a9cd0ac8b85
PATH: scapy
- DOWNSTREAM: sigstore-python
REPO: sigstore/sigstore-python
# Latest commit on the sigstore-python main branch, as of Mar 20, 2026.
REF: 1353f8aced2cc579485bfed6d536a4fd6053f444
PATH: sigstore-python
name: "Downstream tests for ${{ matrix.DOWNSTREAM }}"
timeout-minutes: 15
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Checkout downstream repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
repository: ${{ matrix.REPO }}
ref: ${{ matrix.REF }}
path: ${{ matrix.PATH }}
persist-credentials: false
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
- name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.12'
cache: pip
cache-dependency-path: ci-constraints-requirements.txt
timeout-minutes: 3
- run: python -m pip install -c ci-constraints-requirements.txt 'uv'
- run: uv venv
- run: source .venv/bin/activate && ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install
- run: uv pip install .
# cryptography main has a version of "(X+1).0.0.dev1" where X is the
# most recently released major version. A package used by a downstream
# may depend on cryptography <=X. If you use entrypoints stuff, this can
# lead to runtime errors due to version incompatibilities. Rename the
# dist-info directory to pretend to be an older version to "solve" this.
- run: |
.venv/bin/python <<EOF
import json
import importlib.metadata
import shutil
import urllib.request
d = importlib.metadata.distribution("cryptography")
with urllib.request.urlopen("https://pypi.org/pypi/cryptography/json") as r:
latest_version = json.load(r)["info"]["version"]
new_path = d.locate_file(f"cryptography-{latest_version}.dist-info")
shutil.move(d.locate_file(f"cryptography-{d.version}.dist-info"), new_path)
EOF
- run: source .venv/bin/activate && ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh run
all-green:
# https://github.community/t/is-it-possible-to-require-all-github-actions-tasks-to-pass-without-enumerating-them/117957/4?u=graingert
runs-on: ubuntu-latest
needs: [linux, alpine, distros, macos, windows, linux-downstream]
if: ${{ always() }}
timeout-minutes: 3
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
timeout-minutes: 3
with:
persist-credentials: false
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
- name: Setup python
if: ${{ always() }}
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'
cache: pip
cache-dependency-path: ci-constraints-requirements.txt
timeout-minutes: 3
- run: pip install -c ci-constraints-requirements.txt coverage[toml]
if: ${{ always() }}
- name: Download coverage data
if: ${{ always() }}
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: coverage-data-*
merge-multiple: true
path: coverage-data/
- name: Combine coverage and fail if it's <100%.
if: ${{ always() }}
id: combinecoverage
run: |
set +e
echo "## Coverage" >> $GITHUB_STEP_SUMMARY
python -u .github/bin/merge_rust_coverage.py coverage-data/ | tee COV_REPORT
COV_EXIT_CODE=${PIPESTATUS[0]}
if [ $COV_EXIT_CODE -ne 0 ]; then
echo "🚨 Coverage failed. Under 100" | tee -a $GITHUB_STEP_SUMMARY
fi
echo '```' >> $GITHUB_STEP_SUMMARY
cat COV_REPORT >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
exit $COV_EXIT_CODE
- name: Upload HTML report.
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: _html-coverage-report
path: htmlcov
if-no-files-found: ignore
if: ${{ failure() && steps.combinecoverage.outcome == 'failure' }}
================================================
FILE: .github/workflows/downstream-version-bump.yml
================================================
name: Bump downstream dependencies
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Run daily
- cron: "0 10 * * *"
jobs:
bump:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Needed so we can push back to the repo
persist-credentials: true
- name: Parse downstream dependencies
id: downstream-bump
run: ./.github/bin/bump_downstreams.sh
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: ${{ secrets.BORINGBOT_APP_ID }}
private_key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'
- name: Create Pull Request
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
branch: "bump-downstreams"
commit-message: "Bump downstream dependencies in CI"
title: "Bump downstream dependencies in CI"
author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
body: |
${{ steps.downstream-bump.outputs.COMMIT_MSG }}
token: ${{ steps.generate-token.outputs.token }}
if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'
================================================
FILE: .github/workflows/linkcheck.yml
================================================
name: linkcheck
on:
pull_request:
paths:
- docs/conf.py
- .github/workflows/linkcheck.yml
schedule:
# Run once a week on Fridays
- cron: "0 0 * * FRI"
permissions:
contents: read
env:
CARGO_INCREMENTAL: 0
jobs:
docs-linkcheck:
runs-on: ubuntu-latest
name: "linkcheck"
timeout-minutes: 20
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup python
id: setup-python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: 3.11
- name: Cache rust and pip
uses: ./.github/actions/cache
timeout-minutes: 2
with:
# This creates the same key as the docs job (as long as they have the same
# python version)
key: 3.11-${{ steps.setup-python.outputs.python-version }}
- run: python -m pip install -c ci-constraints-requirements.txt 'nox[uv]'
- name: Build nox environment
run: |
nox -v --install-only -s docs-linkcheck
env:
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
- name: linkcheck
run: nox --no-install -s docs-linkcheck -- --color=yes
================================================
FILE: .github/workflows/lock.yml
================================================
name: Lock Issues
on:
workflow_dispatch:
schedule:
- cron: '0 3 * * *'
jobs:
lock:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
permissions:
issues: "write"
steps:
- uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
issue-inactive-days: 90
pr-inactive-days: 90
================================================
FILE: .github/workflows/pypi-publish.yml
================================================
name: Publish to PyPI
on:
workflow_dispatch:
inputs:
run_id:
description: The run of wheel-builder to use for finding artifacts.
required: true
environment:
description: Which PyPI environment to upload to
required: true
type: choice
options: ["testpypi", "pypi"]
workflow_run:
workflows: ["Wheel Builder"]
types: [completed]
env:
PUBLISH_REQUIREMENTS_PATH: .github/requirements/publish-requirements.txt
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
# We're not actually verifying that the triggering push event was for a
# tag, because github doesn't expose enough information to do so.
# wheel-builder.yml currently only has push events for tags.
if: github.event_name == 'workflow_dispatch' || (github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success')
permissions:
id-token: "write"
attestations: "write"
steps:
- run: echo "$EVENT_CONTEXT"
env:
EVENT_CONTEXT: ${{ toJson(github.event) }}
- run: |
echo "PYPI_URL=https://upload.pypi.org/legacy/" >> $GITHUB_ENV
if: github.event_name == 'workflow_run' || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'pypi')
- run: |
echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV
if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi'
- uses: dawidd6/action-download-artifact@2536c51d3d126276eb39f74d6bc9c72ac6ef30d3 # v16
with:
path: tmpdist/
run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }}
- run: mkdir dist/
- run: |
find tmpdist/ -type f -name 'cryptography*' -exec mv {} dist/ \;
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
repository-url: ${{ env.PYPI_URL }}
skip-existing: true
# Do not perform attestation for things for TestPyPI. This is
# because there's nothing that would prevent a malicious PyPI from
# serving a signed TestPyPI asset in place of a release intended for
# PyPI.
attestations: ${{ env.PYPI_URL == 'https://upload.pypi.org/legacy/' }}
================================================
FILE: .github/workflows/wheel-builder.yml
================================================
name: Wheel Builder
permissions:
contents: read
on:
workflow_dispatch:
inputs:
version:
description: The version to build
# Do not add any non-tag push events without updating pypi-publish.yml. If
# you do, it'll upload wheels to PyPI.
push:
tags:
- '*.*'
- '*.*.*'
pull_request:
paths:
- .github/workflows/wheel-builder.yml
- .github/requirements/**
- pyproject.toml
- vectors/pyproject.toml
env:
BUILD_REQUIREMENTS_PATH: .github/requirements/build-requirements.txt
UV_REQUIREMENTS_PATH: .github/requirements/uv-requirements.txt
jobs:
sdist:
runs-on: ubuntu-latest
name: sdists
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.14"
timeout-minutes: 3
- run: python -m pip install -r $UV_REQUIREMENTS_PATH
- name: Make sdist (cryptography)
run: uv build --build-constraint=$BUILD_REQUIREMENTS_PATH --require-hashes --sdist
- name: Make sdist and wheel (vectors)
run: uv build --build-constraint=$BUILD_REQUIREMENTS_PATH --require-hashes vectors/
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "cryptography-sdist"
path: dist/cryptography*
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "vectors-sdist-wheel"
path: vectors/dist/cryptography*
manylinux:
needs: [sdist]
runs-on: ${{ matrix.MANYLINUX.RUNNER }}
container:
image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }}
volumes:
- /staticnodehost:/staticnodecontainer:rw,rshared
- /staticnodehost/20:/__e/node20:ro,rshared
- /staticnodehost/24:/__e/node24:ro,rshared
strategy:
fail-fast: false
matrix:
PYTHON:
- { VERSION: "cp311-cp311", ABI_VERSION: 'py38' }
- { VERSION: "cp311-cp311", ABI_VERSION: 'py311' }
- { VERSION: "cp314-cp314t" }
- { VERSION: "pp311-pypy311_pp73" }
MANYLINUX:
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" }
- { NAME: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest"}
- { NAME: "manylinux_2_34_x86_64", CONTAINER: "cryptography-manylinux_2_34:x86_64", RUNNER: "ubuntu-latest"}
- { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"}
- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: "ubuntu-24.04-arm" }
- { NAME: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: "ubuntu-24.04-arm" }
- { NAME: "manylinux_2_34_aarch64", CONTAINER: "cryptography-manylinux_2_34:aarch64", RUNNER: "ubuntu-24.04-arm" }
- { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: "ubuntu-24.04-arm" }
- { NAME: "manylinux_2_31_armv7l", CONTAINER: "cryptography-manylinux_2_31:armv7l", RUNNER: "ubuntu-24.04-arm" }
- { NAME: "manylinux_2_28_ppc64le", CONTAINER: "cryptography-manylinux_2_28:ppc64le", RUNNER: "ubuntu-24.04-ppc64le" }
- { NAME: "manylinux_2_34_ppc64le", CONTAINER: "cryptography-manylinux_2_34:ppc64le", RUNNER: "ubuntu-24.04-ppc64le" }
exclude:
# There are no readily available musllinux PyPy distributions
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: "ubuntu-24.04-arm" }
# We also don't build pypy wheels for anything except the latest manylinux
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: "ubuntu-24.04-arm" }
# No PyPy on armv7l either
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "manylinux_2_31_armv7l", CONTAINER: "cryptography-manylinux_2_31:armv7l", RUNNER: "ubuntu-24.04-arm" }
# No PyPy on ppc64le
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "manylinux_2_34_ppc64le", CONTAINER: "cryptography-manylinux_2_34:ppc64le", RUNNER: "ubuntu-24.04-ppc64le" }
- PYTHON: { VERSION: "pp311-pypy311_pp73" }
MANYLINUX: { NAME: "manylinux_2_28_ppc64le", CONTAINER: "cryptography-manylinux_2_28:ppc64le", RUNNER: "ubuntu-24.04-ppc64le" }
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- name: Ridiculous-er workaround for static node20
run: |
cp -R /staticnode/* /staticnodecontainer/
- name: Ridiculous alpine workaround for actions support on arm64
run: |
# This modifies /etc/os-release so the JS actions
# from GH can't detect that it's on alpine:aarch64. It will
# then use a glibc nodejs, which works fine when gcompat
# is installed in the container (which it is)
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release
if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64')
- name: Get build-requirements.txt from repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
sparse-checkout: |
${{ env.BUILD_REQUIREMENTS_PATH }}
.github/actions/wheel-smoketest/
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: cryptography-sdist
- run: mkdir tmpwheelhouse
- name: Build the wheel
run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
fi
# The manylinux-entrypoint script accounts for uname issues, otherwise
# the platform tag on armv7 wheels might be tagged as aarch64 under
# docker running on an arm64 CPU
OPENSSL_DIR="/opt/pyca/cryptography/openssl" \
OPENSSL_STATIC=1 \
manylinux-entrypoint uv build --python=/opt/python/${{ matrix.PYTHON.VERSION }}/bin/python --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API --config-settings=build-args=--sbom-include=/opt/pyca/cryptography/openssl/sbom.json cryptography*.tar.gz -o tmpwheelhouse/
env:
RUSTUP_HOME: /root/.rustup
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptography*.whl -w wheelhouse/
- run: unzip wheelhouse/*.whl -d execstack.check
- run: |
results=$(readelf -lW execstack.check/cryptography/hazmat/bindings/*.so)
count=$(echo "$results" | grep -c 'GNU_STACK.*[R ][W ]E' || true)
if [ "$count" -ne 0 ]; then
exit 1
else
exit 0
fi
- name: Smoketest
uses: ./.github/actions/wheel-smoketest
with:
python-path: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python
build-requirements-path: ${{ env.BUILD_REQUIREMENTS_PATH }}
test-pip: ${{ startsWith(matrix.PYTHON.VERSION, 'cp') }}
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
path: wheelhouse/
macos:
needs: [sdist]
runs-on: macos-15
strategy:
fail-fast: false
matrix:
PYTHON:
- VERSION: '3.11'
ABI_VERSION: 'py38'
# Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.14.0/python-3.14.0-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.14/bin/python3'
DEPLOYMENT_TARGET: '10.13'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/8602e864d4d22919d7d8eefb2346f2f89ea23252/cibuildwheel/platforms/macos.py#L317
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: '3.14'
ABI_VERSION: 'py311'
# Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.14.0/python-3.14.0-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.14/bin/python3'
DEPLOYMENT_TARGET: '10.13'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/c8876b5c54a6c6b08de5d4b1586906b56203bd9e/cibuildwheel/macos.py#L257-L269
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: '3.14t'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.14.0/python-3.14.0-macos11.pkg'
BIN_PATH: '/Library/Frameworks/PythonT.framework/Versions/3.14/bin/python3.14t'
DEPLOYMENT_TARGET: '10.13'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/c8876b5c54a6c6b08de5d4b1586906b56203bd9e/cibuildwheel/macos.py#L257-L269
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: 'pypy-3.11'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '11.0'
_PYTHON_HOST_PLATFORM: 'macosx-11.0-arm64'
ARCHFLAGS: '-arch arm64'
name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}"
steps:
- name: Get build-requirements.txt from repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
sparse-checkout: |
${{ env.BUILD_REQUIREMENTS_PATH }}
${{ env.UV_REQUIREMENTS_PATH }}
.github/config/macos-pkg-choices-freethreaded.xml
.github/actions/wheel-smoketest/
sparse-checkout-cone-mode: false
- name: Setup python
run: |
curl --max-time 30 --retry 5 "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
if: contains(matrix.PYTHON.VERSION, 'pypy') == false && matrix.PYTHON.VERSION != '3.14t'
- name: Setup free-threaded python
run: |
curl --max-time 30 --retry 5 "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -applyChoiceChangesXML .github/config/macos-pkg-choices-freethreaded.xml -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
if: matrix.PYTHON.VERSION == '3.14t'
- name: Setup pypy
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
if: contains(matrix.PYTHON.VERSION, 'pypy')
- uses: dawidd6/action-download-artifact@2536c51d3d126276eb39f74d6bc9c72ac6ef30d3 # v16
with:
repo: pyca/infra
workflow: build-macos-openssl.yml
branch: main
workflow_conclusion: success
name: openssl-macos-universal2
path: "../openssl-macos-universal2/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9
with:
toolchain: stable
# Add the x86-64 target in addition to the native arch (arm64)
target: x86_64-apple-darwin
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: cryptography-sdist
- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -r "${UV_REQUIREMENTS_PATH}"
- name: add free-threaded python tools directory to PATH
# This can be deleted once the mac installer has a way to do this PATH
# update automatically, like it does for the GIL-enabled build.
# See https://github.com/python/cpython/issues/137450
run: echo "/Library/Frameworks/PythonT.framework/Versions/3.14/bin" >> "$GITHUB_PATH"
if: matrix.PYTHON.VERSION == '3.14t'
- run: mkdir wheelhouse
- name: Build the wheel
run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
fi
OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \
OPENSSL_STATIC=1 \
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API --config-settings=build-args=--sbom-include="$(readlink -f ../openssl-macos-universal2/sbom.json)" cryptography*.tar.gz -o wheelhouse/
env:
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }}
ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }}
_PYTHON_HOST_PLATFORM: ${{ matrix.PYTHON._PYTHON_HOST_PLATFORM }}
- name: Smoketest
uses: ./.github/actions/wheel-smoketest
with:
build-requirements-path: ${{ env.BUILD_REQUIREMENTS_PATH }}
- run: |
echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls wheelhouse/cryptography*.whl))" >> $GITHUB_ENV
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "${{ env.CRYPTOGRAPHY_WHEEL_NAME }}"
path: wheelhouse/
windows:
needs: [sdist]
runs-on: ${{ matrix.WINDOWS.RUNNER }}
strategy:
fail-fast: false
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc', RUNNER: 'windows-latest'}
- {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc', RUNNER: 'windows-latest'}
PYTHON:
- {VERSION: "3.14", "ABI_VERSION": "py38"}
- {VERSION: "3.14", "ABI_VERSION": "py311"}
- {VERSION: "3.14t"}
- {VERSION: "pypy-3.11"}
exclude:
# We need to exclude the below configuration because there is no 32-bit pypy3
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.11"}
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}"
steps:
- name: Get build-requirements.txt from repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
sparse-checkout: |
${{ env.BUILD_REQUIREMENTS_PATH }}
${{ env.UV_REQUIREMENTS_PATH }}
.github/actions/wheel-smoketest/
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: cryptography-sdist
- name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
timeout-minutes: 3
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9
with:
toolchain: stable
target: ${{ matrix.WINDOWS.RUST_TRIPLE }}
- uses: dawidd6/action-download-artifact@2536c51d3d126276eb39f74d6bc9c72ac6ef30d3 # v16
with:
repo: pyca/infra
workflow: build-windows-openssl.yml
branch: main
workflow_conclusion: success
name: "openssl-${{ matrix.WINDOWS.WINDOWS }}"
path: "C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure OpenSSL
run: |
echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
shell: bash
- run: pip install -r "${UV_REQUIREMENTS_PATH}"
shell: bash
- run: mkdir wheelhouse
- run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
fi
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH cryptography*.tar.gz $PY_LIMITED_API --config-settings=build-args=--sbom-include=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/sbom.json -o wheelhouse/
shell: bash
- name: Smoketest
uses: ./.github/actions/wheel-smoketest
with:
build-requirements-path: ${{ env.BUILD_REQUIREMENTS_PATH }}
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
path: wheelhouse\
================================================
FILE: .github/workflows/x509-limbo-version-bump.yml
================================================
name: Bump x509-limbo and/or wycheproof
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Run daily
- cron: "0 10 * * *"
jobs:
bump:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Needed so we can push back to the repo
persist-credentials: true
- id: bump-x509-limbo
run: |
python3 .github/bin/bump_dependency.py \
--name "x509-limbo" \
--repo-url "https://github.com/C2SP/x509-limbo" \
--branch "main" \
--file-path ".github/actions/fetch-vectors/action.yml" \
--current-version-pattern 'ref: "([a-f0-9]{40})" # x509-limbo-ref' \
--update-pattern 'ref: "{new_version}" # x509-limbo-ref' \
--comment-pattern 'Latest commit on the x509-limbo main branch.*?\.'
- id: bump-wycheproof
run: |
python3 .github/bin/bump_dependency.py \
--name "wycheproof" \
--repo-url "https://github.com/C2SP/wycheproof" \
--branch "main" \
--file-path ".github/actions/fetch-vectors/action.yml" \
--current-version-pattern 'ref: "([a-f0-9]{40})" # wycheproof-ref' \
--update-pattern 'ref: "{new_version}" # wycheproof-ref' \
--comment-pattern 'Latest commit on the wycheproof main branch.*?\.'
- name: Check for updates
run: git status
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: ${{ secrets.BORINGBOT_APP_ID }}
private_key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
if: steps.bump-x509-limbo.outputs.HAS_UPDATES == 'true' || steps.bump-wycheproof.outputs.HAS_UPDATES == 'true'
- name: Create Pull Request
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
branch: "bump-vectors"
commit-message: "Bump x509-limbo and/or wycheproof in CI"
title: "Bump x509-limbo and/or wycheproof in CI"
author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
body: |
${{ steps.bump-x509-limbo.outputs.COMMIT_MSG }}
${{ steps.bump-wycheproof.outputs.COMMIT_MSG }}
token: ${{ steps.generate-token.outputs.token }}
if: steps.bump-x509-limbo.outputs.HAS_UPDATES == 'true' || steps.bump-wycheproof.outputs.HAS_UPDATES == 'true'
================================================
FILE: .gitignore
================================================
__pycache__/
_build/
build/
dist/
htmlcov/
*.so
.tox/
.cache/
.coverage
*.egg-info/
*.egg
.eggs/
*.py[cdo]
.hypothesis/
target/
.rust-cov/
*.lcov
*.profdata
================================================
FILE: .readthedocs.yml
================================================
# https://docs.readthedocs.io/en/stable/config-file/v2.html#supported-settings
version: 2
sphinx:
# The config file overrides the UI settings:
# https://github.com/pyca/cryptography/issues/5863#issuecomment-817828152
builder: dirhtml
configuration: docs/conf.py
formats:
- pdf
build:
os: "ubuntu-24.04"
tools:
python: "3.13"
rust: "latest"
python:
install:
- method: pip
path: .
extra_requirements:
- docs
================================================
FILE: CHANGELOG.rst
================================================
Changelog
=========
.. _v47-0-0:
47.0.0 - `main`_
~~~~~~~~~~~~~~~~
.. note:: This version is not yet released and is under active development.
* Support for Python 3.8 is deprecated and will be removed in the next
``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
(``SECT*`` classes) has been removed. These curves are rarely used and
have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
keys with unsupported explicit curve encodings now raises
:class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
``ValueError``. This change affects
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
and :meth:`~cryptography.x509.Certificate.public_key` when called on
certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now
reject keys that incorrectly encode a private key of the wrong length because
such keys are impossible to process in a constant-time manner. We do not
believe keys with this problem are in wide use, however we may revert this
change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
:class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a
future release, only 192-bit (24-byte) keys will be accepted. Users should
expand shorter keys themselves (e.g., for single DES: ``key + key + key``,
for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
and will be removed in the next release. We will switch to publishing an
``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
and will be removed in the next release. Users should move to a 64-bit
Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided
for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
:class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
:class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module.
They will be removed from the ``modes`` module in 49.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
into :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module.
It will be removed from the ``cipher`` module in 49.0.0.
* Added :meth:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF.extract`
to :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. The previous
private implementation will be removed in 49.0.0.
* Added support for loading elliptic curve keys that contain explicit encodings
of the curves ``secp256r1``, ``secp384r1``, and ``secp521r1``.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2d`
and :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2i`
when using OpenSSL 3.2.0+.
* Added ``derive_into`` methods to
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`,
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`,
:class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash`,
:class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`,
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`,
:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`,
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC`,
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`,
:class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`, and
:class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF` to allow
deriving keys directly into pre-allocated buffers.
* Added ``encrypt_into`` and ``decrypt_into`` methods to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCMSIV`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV`, and
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` to
allow encrypting directly into a pre-allocated buffer.
* Added support for PKCS1v15 signing without DigestInfo using
:class:`~cryptography.hazmat.primitives.asymmetric.utils.NoDigestInfo`.
* Added :meth:`~cryptography.hazmat.primitives.hashes.Hash.hash`, a one-shot
method for computing hashes.
* Added :doc:`/hazmat/primitives/hpke` support implementing :rfc:`9180` for
hybrid authenticated encryption.
.. _v46-0-5:
46.0.5 - 2026-02-10
~~~~~~~~~~~~~~~~~~~
* An attacker could create a malicious public key that reveals portions of your
private key when using certain uncommon elliptic curves (binary curves).
This version now includes additional security checks to prevent this attack.
This issue only affects binary elliptic curves, which are rarely used in
real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
**CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27
~~~~~~~~~~~~~~~~~~~
* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:
46.0.3 - 2025-10-15
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:
46.0.2 - 2025-09-30
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16
~~~~~~~~~~~~~~~~~~~
* Fixed an issue where users installing via ``pip`` on Python 3.14 development
versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
.. _v46-0-0:
46.0.0 - 2025-09-16
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
release.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
and will be removed in two releases. We will switch to publishing an
``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
and will be removed in two releases. Users should move to a 64-bit
Python installation.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
* We now build ``ppc64le`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``win_arm64`` (Windows on Arm) wheels and publish them to PyPI.
* Added support for free-threaded Python 3.14.
* Removed the deprecated ``get_attribute_for_oid`` method on
:class:`~cryptography.x509.CertificateSigningRequest`. Users should use
:meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.
* Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
classes from the cipher module. These are still available in
:doc:`/hazmat/decrepit/index`.
* In X.509, when performing a PSS signature with a SHA-3 hash, it is now
encoded with the official NIST SHA3 OID.
.. _v45-0-7:
45.0.7 - 2025-09-01
~~~~~~~~~~~~~~~~~~~
* Added a function to support an upcoming ``pyOpenSSL`` release.
.. _v45-0-6:
45.0.6 - 2025-08-05
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.2.
.. _v45-0-5:
45.0.5 - 2025-07-02
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.1.
.. _v45-0-4:
45.0.4 - 2025-06-09
~~~~~~~~~~~~~~~~~~~
* Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not
considered secure, and is supported only for backwards compatibility.)
.. _v45-0-3:
45.0.3 - 2025-05-25
~~~~~~~~~~~~~~~~~~~
* Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys
encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly
insecure, this remains prevalent.
.. _v45-0-2:
45.0.2 - 2025-05-17
~~~~~~~~~~~~~~~~~~~
* Fixed using ``mypy`` with ``cryptography`` on older versions of Python.
.. _v45-0-1:
45.0.1 - 2025-05-17
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.
.. _v45-0-0:
45.0.0 - 2025-05-17 (YANKED)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Support for Python 3.7 is deprecated and will be removed in the next
``cryptography`` release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores in
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and
:meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded` methods
to support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using AES-256 as the
content algorithm, in addition to AES-128.
* **BACKWARDS INCOMPATIBLE:** Made SSH private key loading more consistent with
other private key loading:
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
now raises a ``TypeError`` if the key is unencrypted but a password is
provided (previously no exception was raised), and raises a ``TypeError`` if
the key is encrypted but no password is provided (previously a ``ValueError``
was raised).
* Added ``__copy__`` to the
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`, and
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`
abstract base classes.
* We significantly refactored how private key loading (
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`)
works. This is intended to be backwards compatible for all well-formed keys,
therefore if you discover a key that now raises an exception, please file a
bug with instructions for reproducing.
* Added ``unsafe_skip_rsa_key_validation`` keyword-argument to
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash` to support
repeated :meth:`~cryptography.hazmat.primitives.hashes.XOFHash.squeeze`
operations on extendable output functions.
* Added
:meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_response_by_hash`
method to allow creating OCSP responses using certificate hash values rather
than full certificates.
* Extended the :mod:`X.509 path validation <cryptography.x509.verification>` API to
support user-configured extension policies via the
:meth:`PolicyBuilder.extension_policies <cryptography.x509.verification.PolicyBuilder.extension_policies>` method.
* Deprecated the ``subject``, ``verification_time`` and ``max_chain_depth``
properties on :class:`~cryptography.x509.verification.ClientVerifier` and
:class:`~cryptography.x509.verification.ServerVerifier` in favor of a new ``policy`` property.
These properties will be removed in the next release of ``cryptography``.
* **BACKWARDS INCOMPATIBLE:** The
:meth:`VerifiedClient.subject <cryptography.x509.verification.VerifiedClient.subjects>`
property can now be `None` since a custom extension policy may allow certificates
without a Subject Alternative Name extension.
* Changed the behavior when the OpenSSL 3 legacy provider fails to load.
Instead of raising an exception, a warning is now emitted. The
``CRYPTOGRAPHY_OPENSSL_NO_LEGACY`` environment variable can still be used to
disable the legacy provider at runtime.
* Added support for the ``CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY`` environment
variable during build time, which prevents the library from ever attempting
to load the legacy provider.
* Added support for the :class:`~cryptography.x509.PrivateKeyUsagePeriod` X.509 extension.
This extension defines the period during which the private key corresponding
to the certificate's public key may be used.
* Added support for compiling against `aws-lc`_.
* Parsing X.509 structures now more strictly enforces that ``Name`` structures
do not have malformed ASN.1.
* We now publish ``py311`` wheels that utilize the faster ``pyo3::buffer::PyBuffer``
interface, resulting in significantly improved performance for operations
involving small buffers.
* Added :func:`~cryptography.hazmat.primitives.serialization.ssh_key_fingerprint`
for computing fingerprints of SSH public keys.
* Added support for deterministic ECDSA signing via the new keyword-only argument
``ecdsa_deterministic`` in :meth:`~cryptography.x509.CertificateBuilder.sign`,
:meth:`~cryptography.x509.CertificateRevocationListBuilder.sign`
and :meth:`~cryptography.x509.CertificateSigningRequestBuilder.sign`.
.. _v44-0-3:
44.0.3 - 2025-05-02
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 4.1.0.
.. _v44-0-2:
44.0.2 - 2025-03-01
~~~~~~~~~~~~~~~~~~~
* We now build wheels for PyPy 3.11.
.. _v44-0-1:
44.0.1 - 2025-02-11
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.
.. _v44-0-0:
44.0.0 - 2024-11-27
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
Python core team. Support for Python 3.7 will be removed in a future
``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build
``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
not be empty.
* Added support for timestamp extraction to the
:class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by :rfc:`5280` but
forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
.. _v43-0-3:
43.0.3 - 2024-10-18
~~~~~~~~~~~~~~~~~~~
* Fixed release metadata for ``cryptography-vectors``
.. _v43-0-2:
43.0.2 - 2024-10-18
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 4.0.0.
.. _v43-0-1:
43.0.1 - 2024-09-03
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.next_update_utc`,
These are timezone-aware variants of existing properties that return naïve
``datetime`` objects.
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_private_exponent`
* Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.reset_nonce`
for altering the ``nonce`` of a cipher context without initializing a new
instance. See the docs for additional restrictions.
* :class:`~cryptography.x509.NameAttribute` now raises an exception when
attempting to create a common name whose length is shorter or longer than
:rfc:`5280` permits.
* Added basic support for PKCS7 encryption (including SMIME) via
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7EnvelopeBuilder`.
.. _v42-0-8:
42.0.8 - 2024-06-04
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
.. _v42-0-7:
42.0.7 - 2024-05-06
~~~~~~~~~~~~~~~~~~~
* Restored Windows 7 compatibility for our pre-built wheels. Note that we do
not test on Windows 7 and wheels for our next release will not support it.
Microsoft no longer provides support for Windows 7 and users are encouraged
to upgrade.
.. _v42-0-6:
42.0.6 - 2024-05-04
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 3.9.1.
.. _v42-0-5:
42.0.5 - 2024-02-23
~~~~~~~~~~~~~~~~~~~
* Limit the number of name constraint checks that will be performed in
:mod:`X.509 path validation <cryptography.x509.verification>` to protect
against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:
42.0.4 - 2024-02-20
~~~~~~~~~~~~~~~~~~~
* Fixed a null-pointer-dereference and segfault that could occur when creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15
~~~~~~~~~~~~~~~~~~~
* Fixed an initialization issue that caused key loading failures for some
users.
.. _v42-0-2:
42.0.2 - 2024-01-30
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24
~~~~~~~~~~~~~~~~~~~
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public keys in
:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`.
.. _v42-0-0:
42.0.0 - 2024-01-22
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
or
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
will now raise a ``ValueError`` rather than return an empty list.
* Parsing SSH certificates no longer permits malformed critical options with
values, as documented in the 41.0.2 release notes.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should
resolve some errors relating to initializing a module multiple times per
process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
X.509 certificate signing requests and certificate revocation lists with the
keyword-only argument ``rsa_padding`` on the ``sign`` methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder` and
:class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added support for obtaining X.509 certificate revocation list signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters`.
* Added ``mgf`` property to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added ``algorithm`` and ``mgf`` properties to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
These are timezone-aware variants of existing properties that return naïve
``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update`
in favor of the new timezone-aware variants mentioned above.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
:meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.add_signer`.
* In the next release (43.0.0) of cryptography, loading an X.509 certificate
with a negative serial number will raise an exception. This has been
deprecated since 36.0.0.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCMSIV` when using
OpenSSL 3.2.0+.
* Added the :mod:`X.509 path validation <cryptography.x509.verification>` APIs
for :class:`~cryptography.x509.Certificate` chains. These APIs should be
considered unstable and not subject to our stability guarantees until
documented as such in a future release.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`
when using OpenSSL 3.0 or greater.
.. _v41-0-7:
41.0.7 - 2023-11-27
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 3.8.2.
.. _v41-0-6:
41.0.6 - 2023-11-27
~~~~~~~~~~~~~~~~~~~
* Fixed a null-pointer-dereference and segfault that could occur when loading
certificates from a PKCS#7 bundle. Credit to **pkuzco** for reporting the
issue. **CVE-2023-49083**
.. _v41-0-5:
41.0.5 - 2023-10-24
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.
.. _v41-0-4:
41.0.4 - 2023-09-19
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.
.. _v41-0-3:
41.0.3 - 2023-08-01
~~~~~~~~~~~~~~~~~~~
* Fixed performance regression loading DH public keys.
* Fixed a memory leak when using
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2.
.. _v41-0-2:
41.0.2 - 2023-07-10
~~~~~~~~~~~~~~~~~~~
* Fixed bugs in creating and parsing SSH certificates where critical options
with values were handled incorrectly. Certificates are now created correctly
and parsing accepts correct values as well as the previously generated
invalid forms with a warning. In the next release, support for parsing these
invalid forms will be removed.
.. _v41-0-1:
41.0.1 - 2023-06-01
~~~~~~~~~~~~~~~~~~~
* Temporarily allow invalid ECDSA signature algorithm parameters in X.509
certificates, which are generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private keys.
.. _v41-0-0:
41.0.0 - 2023-05-30
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6.
* Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1.
* Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses`
OCSP extension.
* Added support for the :class:`~cryptography.x509.MSCertificateTemplate`
proprietary Microsoft certificate extension.
* Implemented support for equality checks on all asymmetric public key types.
* Added support for ``aes256-gcm@openssh.com`` encrypted keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Added support for obtaining X.509 certificate signature algorithm parameters
(including PSS) via
:meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`.
* Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
X.509 certificates via the new keyword-only argument ``rsa_padding`` on
:meth:`~cryptography.x509.CertificateBuilder.sign`.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
on BoringSSL.
.. _v40-0-2:
40.0.2 - 2023-04-14
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 3.7.2.
* Added some functions to support an upcoming ``pyOpenSSL`` release.
.. _v40-0-1:
40.0.1 - 2023-03-24
~~~~~~~~~~~~~~~~~~~
* Fixed a bug where certain operations would fail if an object happened to be
in the top-half of the memory-space. This only impacted 32-bit systems.
.. _v40-0-0:
40.0.0 - 2023-03-24
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
``cryptography`` links OpenSSL has changed. This only impacts users who
build ``cryptography`` from source (i.e., not from a ``wheel``), and
specify their own version of OpenSSL. For those users, the ``CFLAGS``,
``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS``
environment variables are no longer valid. Instead, users need to configure
their builds `as documented here`_.
* Support for Python 3.6 is deprecated and will be removed in the next
release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0.
In the next release we will raise MSRV to 1.56.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated support for OpenSSL less than 1.1.1d. The next release of
``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
* The minimum supported version of PyPy3 is now 7.3.10.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
* Added support for parsing SSH certificates in addition to public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`.
* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to
:class:`~cryptography.x509.Certificate`.
* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that
:class:`~cryptography.x509.DNSName` constraints do not contain any ``*``
wildcards.
* Removed many unused CFFI OpenSSL bindings. This will not impact you unless
you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that
these have never been considered a stable, supported, public API by
``cryptography``, this note is included as a courtesy.
* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of
``ValueError`` if an unsupported hash algorithm is passed.
* Added public union type aliases for type hinting:
* Asymmetric types:
:const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`.
* SSH keys:
:const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`.
* PKCS12:
:const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes`
* PKCS7:
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`,
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`.
* Two-factor:
:const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes`
* Deprecated previously undocumented but not private type aliases in the
``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new
ones above.
.. _v39-0-2:
39.0.2 - 2023-03-02
~~~~~~~~~~~~~~~~~~~
* Fixed a bug where the content type header was not properly encoded for
PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding.
.. _v39-0-1:
39.0.1 - 2023-02-07
~~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.
.. _v39-0-0:
39.0.0 - 2023-01-01
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
minimum LibreSSL version is 3.5.0. Going forward our policy is to support
versions of LibreSSL that are available in versions of OpenBSD that are
still receiving security support.
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
``from_encoded_point`` methods on
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
which had been deprecated for several years.
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
should be used instead.
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
:class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
PKCS7 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS
users must upgrade to 10.12 or newer.
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change
the way we link OpenSSL. This will only impact users who build
``cryptography`` from source (i.e., not from a ``wheel``), and specify their
own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
variables will no longer be respected. Instead, users will need to
configure their builds `as documented here`_.
* Added support for
:ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`.
* Added support for disabling RSA key validation checks when loading RSA
keys via
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
and
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`.
This speeds up key loading but is :term:`unsafe` if you are loading potentially
attacker supplied keys.
* Significantly improved performance for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
when repeatedly calling ``encrypt`` or ``decrypt`` with the same key.
* Added support for creating OCSP requests with precomputed hashes using
:meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
* Added support for loading multiple PEM-encoded X.509 certificates from
a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.
.. _v38-0-4:
38.0.4 - 2022-11-27
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 3.6.0.
* Fixed error when using ``py2app`` to build an application with a
``cryptography`` dependency.
.. _v38-0-3:
38.0.3 - 2022-11-01
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
which resolves *CVE-2022-3602* and *CVE-2022-3786*.
.. _v38-0-2:
38.0.2 - 2022-10-11 (YANKED)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. attention::
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
.. _v38-0-1:
38.0.1 - 2022-09-07
~~~~~~~~~~~~~~~~~~~
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
seen in large CRLs).
.. _v38-0-0:
38.0.0 - 2022-09-06
~~~~~~~~~~~~~~~~~~~
* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
latest ``pip`` to ensure this doesn't cause issues downloading wheels on
their platform. We now ship ``manylinux_2_28`` wheels for users on new
enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
Users with the latest ``pip`` will typically get a wheel and not need Rust
installed, but check :doc:`/installation` for documentation on installing a
newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
that the ``Extension`` ``critical`` field must be correctly encoded DER. See
`the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
details.
* Added two new OpenSSL functions to the bindings to support an upcoming
``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
:class:`~cryptography.x509.CertificateSigningRequest` values, it is now
enforced that the ``version`` value in the input must be valid according to
the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
other X.509 builders is deprecated and support will be removed in the next
version.
* Added additional APIs to
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
users to access the to-be-signed pre-certificate data needed for signed
certificate timestamp verification.
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
:attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
counter location.
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
to the section 2.1 of the RFC, affecting method
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* It is now possible to customize some aspects of encryption when serializing
private keys, using
:meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
versions older than 22.0 will need to upgrade.
* Added
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
These classes do not replace
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
allows all AES key lengths), but are intended for applications where
developers want to be explicit about key length.
.. _v37-0-4:
37.0.4 - 2022-07-05
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
.. _v37-0-3:
37.0.3 - 2022-06-21 (YANKED)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. attention::
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
.. _v37-0-2:
37.0.2 - 2022-05-03
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
* Added a constant needed for an upcoming pyOpenSSL release.
.. _v37-0-1:
37.0.1 - 2022-04-27
~~~~~~~~~~~~~~~~~~~
* Fixed an issue where parsing an encrypted private key with the public
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
than raising an error.
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
removed again in the future, so ``pyOpenSSL`` users should still upgrade
to the latest version of that package when they upgrade ``cryptography``.
.. _v37-0-0:
37.0.0 - 2022-04-26
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
The new minimum LibreSSL version is 3.1+.
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
from the public key and private key classes. These methods were originally
deprecated in version 2.0, but had an extended deprecation timeline due
to usage. Any remaining users should transition to ``sign`` and ``verify``.
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
the OpenSSL project. The next release of ``cryptography`` will be the last
to support compiling with OpenSSL 1.1.0.
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
Python core team. Support for Python 3.6 will be removed in a future
``cryptography`` release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
In the next release we will raise MSRV to 1.48.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish`` because
they are legacy algorithms with extremely low usage. These will be removed
in a future version of ``cryptography``.
* Added limited support for distinguished names containing a bit string.
* We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
and ``x86_64`` architectures. Users on macOS should upgrade to the latest
``pip`` to ensure they can use this wheel, although we will continue to
ship ``x86_64`` specific wheels for now to ease the transition.
* This will be the final release for which we ship ``manylinux2010`` wheels.
Going forward the minimum supported ``manylinux`` ABI for our wheels will
be ``manylinux2014``. The vast majority of users will continue to receive
``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
wheels this release already requires ``manylinux2014`` for compatibility
with binaries distributed by upstream.
* Added support for multiple
:class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
:class:`~cryptography.x509.ocsp.OCSPResponse`.
* Restored support for signing certificates and other structures in
:doc:`/x509/index` with SHA3 hash algorithms.
* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
disabled in FIPS mode.
* Added support for serialization of PKCS#12 CA friendly names/aliases in
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
* Added support for 12-15 byte (96 to 120 bit) nonces to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
previously supported only 12 byte (96 bit).
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
OpenSSL 3.0.0+.
* Added support for serializing PKCS7 structures from a list of
certificates with
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
* Added support for parsing :rfc:`4514` strings with
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
be used to verify a signature where the salt length is not already known.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
constant will set the salt length to the same length as the ``PSS`` hash
algorithm.
* Added support for loading RSA-PSS key types with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
normal RSA private key, discarding the PSS constraint information.
.. _v36-0-2:
36.0.2 - 2022-03-15
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
.. _v36-0-1:
36.0.1 - 2021-12-14
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
.. _v36-0-0:
36.0.0 - 2021-11-21
~~~~~~~~~~~~~~~~~~~
* **FINAL DEPRECATION** Support for ``verifier`` and ``signer`` on our
asymmetric key classes was deprecated in version 2.0. These functions had an
extended deprecation due to usage, however the next version of
``cryptography`` will drop support. Users should migrate to ``sign`` and
``verify``.
* The entire :doc:`/x509/index` layer is now written in Rust. This allows
alternate asymmetric key implementations that can support cloud key
management services or hardware security modules provided they implement
the necessary interface (for example:
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`).
* :ref:`Deprecated the backend argument<faq-missing-backend>` for all
functions.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`.
* Added support for iterating over arbitrary request
:attr:`~cryptography.x509.CertificateSigningRequest.attributes`.
* Deprecated the ``get_attribute_for_oid`` method on
:class:`~cryptography.x509.CertificateSigningRequest` in favor of
:meth:`~cryptography.x509.Attributes.get_attribute_for_oid` on the new
:class:`~cryptography.x509.Attributes` object.
* Fixed handling of PEM files to allow loading when certificate and key are
in the same file.
* Fixed parsing of :class:`~cryptography.x509.CertificatePolicies` extensions
containing legacy ``BMPString`` values in their ``explicitText``.
* Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by :rfc:`5280` so a deprecation warning will be
raised whenever they are encountered. A future version of ``cryptography``
will drop support for parsing them.
* Added support for parsing PKCS12 files with friendly names for all
certificates with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_pkcs12`,
which will return an object of type
:class:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates`.
* :meth:`~cryptography.x509.Name.rfc4514_string` and related methods now have
an optional ``attr_name_overrides`` parameter to supply custom OID to name
mappings, which can be used to match vendor-specific extensions.
* **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of
email address fields as ``E`` in
:meth:`~cryptography.x509.Name.rfc4514_string` methods from version 35.0.
The previous behavior can be restored with:
``name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})``
* Allow
:class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` to
be used as public keys when parsing certificates or creating them with
:class:`~cryptography.x509.CertificateBuilder`. These key types must be
signed with a different signing algorithm as ``X25519`` and ``X448`` do
not support signing.
* Extension values can now be serialized to a DER byte string by calling
:func:`~cryptography.x509.ExtensionType.public_bytes`.
* Added experimental support for compiling against BoringSSL. As BoringSSL
does not commit to a stable API, ``cryptography`` tests against the
latest commit only. Please note that several features are not available
when building against BoringSSL.
* Parsing ``CertificateSigningRequest`` from DER and PEM now, for a limited
time period, allows the ``Extension`` ``critical`` field to be incorrectly
encoded. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_
for complete details. This will be reverted in a future ``cryptography``
release.
* When :class:`~cryptography.x509.OCSPNonce` are parsed and generated their
value is now correctly wrapped in an ASN.1 ``OCTET STRING``. This conforms
to :rfc:`6960` but conflicts with the original behavior specified in
:rfc:`2560`. For a temporary period for backwards compatibility, we will
also parse values that are encoded as specified in :rfc:`2560` but this
behavior will be removed in a future release.
.. _v35-0-0:
35.0.0 - 2021-09-29
~~~~~~~~~~~~~~~~~~~
* Changed the :ref:`version scheme <api-stability:versioning>`. This will
result in us incrementing the major version more frequently, but does not
change our existing backwards compatibility policy.
* **BACKWARDS INCOMPATIBLE:** The :doc:`/x509/index` PEM parsers now require
that the PEM string passed have PEM delimiters of the correct type. For
example, parsing a private key PEM concatenated with a certificate PEM will
no longer be accepted by the PEM certificate parser.
* **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows
negative serial numbers. :rfc:`5280` has always prohibited these.
* **BACKWARDS INCOMPATIBLE:** Additional forms of invalid ASN.1 found during
:doc:`/x509/index` parsing will raise an error on initial parse rather than
when the malformed field is accessed.
* Rust is now required for building ``cryptography``, the
``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer
respected.
* Parsers for :doc:`/x509/index` no longer use OpenSSL and have been
rewritten in Rust. This should be backwards compatible (modulo the items
listed above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for
:class:`~cryptography.hazmat.primitives.hashes.SM3` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`,
when using OpenSSL 1.1.1. These algorithms are provided for compatibility
in regions where they may be required, and are not generally recommended.
* We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to
our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions
like Alpine Linux should ensure they upgrade to the latest ``pip`` to
correctly receive wheels.
* Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute
<cryptography.x509.NameAttribute.rfc4514_attribute_name>`.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`.
.. _v3-4-8:
3.4.8 - 2021-08-24
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1l.
.. _v3-4-7:
3.4.7 - 2021-03-25
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1k.
.. _v3-4-6:
3.4.6 - 2021-02-16
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1j.
.. _v3-4-5:
3.4.5 - 2021-02-13
~~~~~~~~~~~~~~~~~~
* Various improvements to type hints.
* Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change
improves compatibility with system-provided Rust on several Linux
distributions.
* ``cryptography`` will be switching to a new versioning scheme with its next
feature release. More information is available in our
:doc:`/api-stability` documentation.
.. _v3-4-4:
3.4.4 - 2021-02-09
~~~~~~~~~~~~~~~~~~
* Added a ``py.typed`` file so that ``mypy`` will know to use our type
annotations.
* Fixed an import cycle that could be triggered by certain import sequences.
.. _v3-4-3:
3.4.3 - 2021-02-08
~~~~~~~~~~~~~~~~~~
* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
on older versions will get a clear error message.
.. _v3-4-2:
3.4.2 - 2021-02-08
~~~~~~~~~~~~~~~~~~
* Improvements to make the rust transition a bit easier. This includes some
better error messages and small dependency fixes. If you experience
installation problems **Be sure to update pip** first, then check the
:doc:`FAQ </faq>`.
.. _v3-4-1:
3.4.1 - 2021-02-07
~~~~~~~~~~~~~~~~~~
* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
due to outdated ``pip`` or missing ``rustc``.
.. _v3-4:
3.4 - 2021-02-07
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
themselves will need to have the Rust toolchain installed. Users who use an
officially produced wheel will not need to make any changes. The minimum
supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
APIs. Users can begin using them to type check their code with ``mypy``.
.. _v3-3-2:
3.3.2 - 2021-02-07
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
when symmetrically encrypting very large payloads (>2GB) could result in an
integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:**
This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL
1.1.1j.
.. _v3-3-1:
3.3.1 - 2020-12-09
~~~~~~~~~~~~~~~~~~
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` users.
.. _v3-3:
3.3 - 2020-12-08
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** The
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
is to conform with an upcoming OpenSSL release that will no longer support
sizes outside this window.
* **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
unsupported cipher is used. This change is to conform with an upcoming
OpenSSL release that will no longer distinguish between error types.
* **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
Diffie-Hellman parameters of less than 512 bits in length. This change is to
conform with an upcoming OpenSSL release that no longer supports smaller
sizes. These keys were already wildly insecure and should not have been used
in any application outside of testing.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1i.
* Python 2 support is deprecated in ``cryptography``. This is the last release
that will support Python 2.
* Added the
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
function to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
for recovering the signed data from an RSA signature.
.. _v3-2-1:
3.2.1 - 2020-10-27
~~~~~~~~~~~~~~~~~~
* Disable blinding on RSA public keys to address an error with some versions
of OpenSSL.
.. _v3-2:
3.2 - 2020-10-25
~~~~~~~~~~~~~~~~
* **SECURITY ISSUE:** Attempted to make RSA PKCS#1v1.5 decryption more constant
time, to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed by our API, we cannot completely mitigate this vulnerability and a
future release will contain a new API which is designed to be resilient to
these for contexts where it is required. Credit to **Hubert Kario** for
reporting the issue. *CVE-2020-25659*
* Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.
.. _v3-1-1:
3.1.1 - 2020-09-22
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1h.
.. _v3-1:
3.1 - 2020-08-26
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
the OpenSSL project. The next version of ``cryptography`` will drop support
for it.
* Deprecated support for Python 3.5. This version sees very little use and will
be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
.. _v3-0:
3.0 - 2020-07-20
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Removed support for passing an
:class:`~cryptography.x509.Extension` instance to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`,
as per our deprecation policy.
* **BACKWARDS INCOMPATIBLE:** Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has
been removed (2.9.1+ is still supported).
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.9, macOS users must
upgrade to 10.10 or newer.
* **BACKWARDS INCOMPATIBLE:** RSA
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
no longer accepts ``public_exponent`` values except 65537 and 3 (the latter
for legacy purposes).
* **BACKWARDS INCOMPATIBLE:** X.509 certificate parsing now enforces that the
``version`` field contains a valid value, rather than deferring this check
until :attr:`~cryptography.x509.Certificate.version` is accessed.
* Deprecated support for Python 2. At the time there is no time table for
actually dropping support, however we strongly encourage all users to upgrade
their Python, as Python 2 no longer receives support from the Python core
team.
If you have trouble suppressing this warning in tests view the :ref:`FAQ
entry addressing this issue <faq-howto-handle-deprecation-warning>`.
* Added support for ``OpenSSH`` serialization format for
``ec``, ``ed25519``, ``rsa`` and ``dsa`` private keys:
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
for loading and
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH`
for writing.
* Added support for ``OpenSSH`` certificates to
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`.
* Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and
:meth:`~cryptography.fernet.Fernet.decrypt_at_time` to
:class:`~cryptography.fernet.Fernet`.
* Added support for the :class:`~cryptography.x509.SubjectInformationAccess`
X.509 extension.
* Added support for parsing
:class:`~cryptography.x509.SignedCertificateTimestamps` in OCSP responses.
* Added support for parsing attributes in certificate signing requests via
``CertificateSigningRequest.get_attribute_for_oid``.
* Added support for encoding attributes in certificate signing requests via
:meth:`~cryptography.x509.CertificateSigningRequestBuilder.add_attribute`.
* On OpenSSL 1.1.1d and higher ``cryptography`` now uses OpenSSL's
built-in CSPRNG instead of its own OS random engine because these versions of
OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`.
.. _v2-9-2:
2.9.2 - 2020-04-22
~~~~~~~~~~~~~~~~~~
* Updated the macOS wheel to fix an issue where it would not run on macOS
versions older than 10.15.
.. _v2-9-1:
2.9.1 - 2020-04-21
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1g.
.. _v2-9:
2.9 - 2020-04-02
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for LibreSSL 2.6.x has been removed.
* Removed support for calling
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
with no arguments, as per our deprecation policy. You must now pass
``encoding`` and ``format``.
* **BACKWARDS INCOMPATIBLE:** Reversed the order in which
:meth:`~cryptography.x509.Name.rfc4514_string` returns the RDNs
as required by :rfc:`4514`.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1f.
* Added support for parsing
:attr:`~cryptography.x509.ocsp.OCSPResponse.single_extensions` in an OCSP
response.
* :class:`~cryptography.x509.NameAttribute` values can now be empty strings.
.. _v2-8:
2.8 - 2019-10-16
~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1d.
* Added support for Python 3.8.
* Added class methods
:meth:`Poly1305.generate_tag
<cryptography.hazmat.primitives.poly1305.Poly1305.generate_tag>`
and
:meth:`Poly1305.verify_tag
<cryptography.hazmat.primitives.poly1305.Poly1305.verify_tag>`
for Poly1305 sign and verify operations.
* Deprecated support for OpenSSL 1.0.1. Support will be removed in
``cryptography`` 2.9.
* We now ship ``manylinux2010`` wheels in addition to our ``manylinux1``
wheels.
* Added support for ``ed25519`` and ``ed448`` keys in the
:class:`~cryptography.x509.CertificateBuilder`,
:class:`~cryptography.x509.CertificateSigningRequestBuilder`,
:class:`~cryptography.x509.CertificateRevocationListBuilder` and
:class:`~cryptography.x509.ocsp.OCSPResponseBuilder`.
* ``cryptography`` no longer depends on ``asn1crypto``.
* :class:`~cryptography.x509.FreshestCRL` is now allowed as a
:class:`~cryptography.x509.CertificateRevocationList` extension.
.. _v2-7:
2.7 - 2019-05-30
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Removed the
``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and
``HMAC`` APIs have not changed, but they are no longer registered as
``MACContext`` instances.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1c.
* Removed support for running our tests with ``setup.py test``. Users
interested in running our tests can continue to follow the directions in our
:doc:`development documentation</development/getting-started>`.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with ``Encoding.OpenSSH`` and ``PublicFormat.OpenSSH``
in
:meth:`Ed25519PublicKey.public_bytes
<cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>`
.
* Correctly allow passing a ``SubjectKeyIdentifier`` to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an ``Extension`` object. The documentation always
required ``SubjectKeyIdentifier`` but the implementation previously
required an ``Extension``.
.. _v2-6-1:
2.6.1 - 2019-02-27
~~~~~~~~~~~~~~~~~~
* Resolved an error in our build infrastructure that broke our Python3 wheels
for macOS and Linux.
.. _v2-6:
2.6 - 2019-02-27
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Removed
``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature``
and
``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``,
which had been deprecated for nearly 4 years. Use
:func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`
and
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`
instead.
* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``,
which had been deprecated for nearly 3 years. Use
:attr:`~cryptography.x509.Certificate.serial_number` instead.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1b.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed448` when using
OpenSSL 1.1.1b or newer.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed25519` when using
OpenSSL 1.1.1b or newer.
* :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can
now load ``ed25519`` public keys.
* Add support for easily mapping an object identifier to its elliptic curve
class via
:func:`~cryptography.hazmat.primitives.asymmetric.ec.get_curve_for_oid`.
* Add support for OpenSSL when compiled with the ``no-engine``
(``OPENSSL_NO_ENGINE``) flag.
.. _v2-5:
2.5 - 2019-01-22
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** :term:`U-label` strings were deprecated in
version 2.1, but this version removes the default ``idna`` dependency as
well. If you still need this deprecated path please install cryptography
with the ``idna`` extra: ``pip install cryptography[idna]``.
* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4.
* Numerous classes and functions have been updated to allow :term:`bytes-like`
types for keying material and passwords, including symmetric algorithms, AEAD
ciphers, KDFs, loading asymmetric keys, and one time password classes.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1a.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224`
and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using
OpenSSL 1.1.1.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`,
:class:`~cryptography.hazmat.primitives.hashes.SHA3_256`,
:class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and
:class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL
1.1.1.
* Added support for :doc:`/hazmat/primitives/asymmetric/x448` when using
OpenSSL 1.1.1.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHAKE128`
and :class:`~cryptography.hazmat.primitives.hashes.SHAKE256` when using
OpenSSL 1.1.1.
* Added initial support for parsing PKCS12 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates`.
* Added support for :class:`~cryptography.x509.IssuingDistributionPoint`.
* Added ``rfc4514_string()`` method to
:meth:`x509.Name <cryptography.x509.Name.rfc4514_string>`,
:meth:`x509.RelativeDistinguishedName
<cryptography.x509.RelativeDistinguishedName.rfc4514_string>`, and
:meth:`x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_string>`
to format the name or component an :rfc:`4514` Distinguished Name string.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`,
which immediately checks if the point is on the curve and supports compressed
points. Deprecated the previous method
``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point``.
* Added :attr:`~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm`
to ``OCSPResponse``.
* Updated :doc:`/hazmat/primitives/asymmetric/x25519` support to allow
additional serialization methods. Calling
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
with no arguments has been deprecated.
* Added support for encoding compressed and uncompressed points via
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. Deprecated the previous method
``cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point``.
.. _v2-4-2:
2.4.2 - 2018-11-21
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0j.
.. _v2-4-1:
2.4.1 - 2018-11-11
~~~~~~~~~~~~~~~~~~
* Fixed a build breakage in our ``manylinux1`` wheels.
.. _v2-4:
2.4 - 2018-11-11
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.4.x.
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no longer supported by
the OpenSSL project. At this time there is no time table for dropping
support, however we strongly encourage all users to upgrade or install
``cryptography`` from a wheel.
* Added initial :doc:`OCSP </x509/ocsp>` support.
* Added support for :class:`~cryptography.x509.PrecertPoison`.
.. _v2-3-1:
2.3.1 - 2018-08-14
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0i.
.. _v2-3:
2.3 - 2018-07-18
~~~~~~~~~~~~~~~~
* **SECURITY ISSUE:**
:meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`
allowed tag truncation by default which can allow tag forgery in some cases.
The method now enforces the ``min_tag_length`` provided to the
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
*CVE-2018-10903*
* Added support for Python 3.7.
* Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
authenticated timestamp of a :doc:`Fernet </fernet>` token.
* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
``cryptography`` release.
* Fixed multiple issues preventing ``cryptography`` from compiling against
LibreSSL 2.7.x.
* Added
:class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number`
for quick serial number searches in CRLs.
* The :class:`~cryptography.x509.RelativeDistinguishedName` class now
preserves the order of attributes. Duplicate attributes now raise an error
instead of silently discarding duplicates.
* :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if
the wrapped key is an invalid length, instead of ``ValueError``.
.. _v2-2-2:
2.2.2 - 2018-03-27
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0h.
.. _v2-2-1:
2.2.1 - 2018-03-20
~~~~~~~~~~~~~~~~~~
* Reverted a change to ``GeneralNames`` which prohibited having zero elements,
due to breakages.
* Fixed a bug in
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was
zero.
.. _v2-2:
2.2 - 2018-03-19
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 2.6 has been dropped.
* Resolved a bug in ``HKDF`` that incorrectly constrained output size.
* Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
:meth:`~cryptography.fernet.MultiFernet.rotate`.
* Fixed a memory leak in
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for AES key wrapping with padding via
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding`
and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
.
* Allow loading DSA keys with 224 bit ``q``.
.. _v2-1-4:
2.1.4 - 2017-11-29
~~~~~~~~~~~~~~~~~~
* Added ``X509_up_ref`` for an upcoming ``pyOpenSSL`` release.
.. _v2-1-3:
2.1.3 - 2017-11-02
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0g.
.. _v2-1-2:
2.1.2 - 2017-10-24
~~~~~~~~~~~~~~~~~~
* Corrected a bug with the ``manylinux1`` wheels where OpenSSL's stack was
marked executable.
.. _v2-1-1:
2.1.1 - 2017-10-12
~~~~~~~~~~~~~~~~~~
* Fixed support for install with the system ``pip`` on Ubuntu 16.04.
.. _v2-1:
2.1 - 2017-10-11
~~~~~~~~~~~~~~~~
* **FINAL DEPRECATION** Python 2.6 support is deprecated, and will be removed
in the next release of ``cryptography``.
* **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and
``UnsupportedExtension`` have been removed in accordance with our
:doc:`/api-stability` policy.
* **BACKWARDS INCOMPATIBLE:**
:attr:`DNSName.value <cryptography.x509.DNSName.value>`,
:attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and
:attr:`UniformResourceIdentifier.value
<cryptography.x509.UniformResourceIdentifier.value>`
will now return an :term:`A-label` string when parsing a certificate
containing an internationalized domain name (IDN) or if the caller passed
a :term:`U-label` to the constructor. See below for additional deprecations
related to this change.
* Installing ``cryptography`` now requires ``pip`` 6 or newer.
* Deprecated passing :term:`U-label` strings to the
:class:`~cryptography.x509.DNSName`,
:class:`~cryptography.x509.UniformResourceIdentifier`, and
:class:`~cryptography.x509.RFC822Name` constructors. Instead, users should
pass values as :term:`A-label` strings with ``idna`` encoding if necessary.
This change will not affect anyone who is not processing internationalized
domains.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In
most cases users should choose
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
rather than using this unauthenticated form.
* Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid`
to :class:`~cryptography.x509.CertificateRevocationList`.
* Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with
:class:`~cryptography.hazmat.primitives.hmac.HMAC`.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` mode for
AES.
* Added support for using labels with
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using
OpenSSL 1.0.2 or greater.
* Improved compatibility with NSS when issuing certificates from an issuer
that has a subject with non-``UTF8String`` string types.
* Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension.
* Add support for the :class:`~cryptography.x509.TLSFeature`
extension. This is commonly used for enabling ``OCSP Must-Staple`` in
certificates.
* Add support for the :class:`~cryptography.x509.FreshestCRL` extension.
.. _v2-0-3:
2.0.3 - 2017-08-03
~~~~~~~~~~~~~~~~~~
* Fixed an issue with weak linking symbols when compiling on macOS
versions older than 10.12.
.. _v2-0-2:
2.0.2 - 2017-07-27
~~~~~~~~~~~~~~~~~~
* Marked all symbols as hidden in the ``manylinux1`` wheel to avoid a
bug with symbol resolution in certain scenarios.
.. _v2-0-1:
2.0.1 - 2017-07-26
~~~~~~~~~~~~~~~~~~
* Fixed a compilation bug affecting OpenBSD.
* Altered the ``manylinux1`` wheels to statically link OpenSSL instead of
dynamically linking and bundling the shared object. This should resolve
crashes seen when using ``uwsgi`` or other binaries that link against
OpenSSL independently.
* Fixed the stack level for the ``signer`` and ``verifier`` warnings.
.. _v2-0:
2.0 - 2017-07-17
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.3 has been dropped.
* We now ship ``manylinux1`` wheels linked against OpenSSL 1.1.0f. These wheels
will be automatically used with most Linux distributions if you are running
the latest pip.
* Deprecated the use of ``signer`` on
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
in favor of ``sign``.
* Deprecated the use of ``verifier`` on
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
in favor of ``verify``.
* Added support for parsing
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`
objects from X.509 certificate extensions.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`.
* Added
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM`, a "one shot"
API for AES GCM encryption.
* Added support for :doc:`/hazmat/primitives/asymmetric/x25519`.
* Added support for serializing and deserializing Diffie-Hellman parameters
with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_parameters`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_parameters`,
and
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters.parameter_bytes`
.
* The ``extensions`` attribute on :class:`~cryptography.x509.Certificate`,
:class:`~cryptography.x509.CertificateSigningRequest`,
:class:`~cryptography.x509.CertificateRevocationList`, and
:class:`~cryptography.x509.RevokedCertificate` now caches the computed
``Extensions`` object. There should be no performance change, just a
performance improvement for programs accessing the ``extensions`` attribute
multiple times.
.. _v1-9:
1.9 - 2017-05-29
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Elliptic Curve signature verification no longer
returns ``True`` on success. This brings it in line with the interface's
documentation, and our intent. The correct way to use
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
has always been to check whether or not
:class:`~cryptography.exceptions.InvalidSignature` was raised.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.7 and 10.8.
* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.3.
* Python 3.3 support has been deprecated, and will be removed in the next
``cryptography`` release.
* Add support for providing ``tag`` during
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` finalization via
:meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`.
* Fixed an issue preventing ``cryptography`` from compiling against
LibreSSL 2.5.x.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size`
as convenience methods for determining the bit size of a secret scalar for
the curve.
* Accessing an unrecognized extension marked critical on an X.509 object will
no longer raise an ``UnsupportedExtension`` exception, instead an
:class:`~cryptography.x509.UnrecognizedExtension` object will be returned.
This behavior was based on a poor reading of the RFC, unknown critical
extensions only need to be rejected on certificate verification.
* The CommonCrypto backend has been removed.
* MultiBackend has been removed.
* ``Whirlpool`` and ``RIPEMD160`` have been deprecated.
.. _v1-8-2:
1.8.2 - 2017-05-26
~~~~~~~~~~~~~~~~~~
* Fixed a compilation bug affecting OpenSSL 1.1.0f.
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.
.. _v1-8-1:
1.8.1 - 2017-03-10
~~~~~~~~~~~~~~~~~~
* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.
.. _v1-8:
1.8 - 2017-03-09
~~~~~~~~~~~~~~~~
* Added support for Python 3.6.
* Windows and macOS wheels now link against OpenSSL 1.1.0.
* macOS wheels are no longer universal. This change significantly shrinks the
size of the wheels. Users on macOS 32-bit Python (if there are any) should
migrate to 64-bit or build their own packages.
* Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a
general performance increase when encoding/decoding ASN.1 structures. Also,
the ``pyasn1_modules`` test dependency is no longer required.
* Added support for
:meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey.public_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`.
* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
now require that ``password`` must be bytes if provided. Previously this
was documented but not enforced.
* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.
.. _v1-7-2:
1.7.2 - 2017-01-27
~~~~~~~~~~~~~~~~~~
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.
.. _v1-7-1:
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.
.. _v1-7:
1.7 - 2016-12-12
~~~~~~~~~~~~~~~~
* Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added support for Diffie-Hellman key exchange using
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
* The OS random engine for OpenSSL has been rewritten to improve compatibility
with embedded Python and other edge cases. More information about this change
can be found in the
`pull request <https://github.com/pyca/cryptography/pull/3229>`_.
.. _v1-6:
1.6 - 2016-11-22
~~~~~~~~~~~~~~~~
* Deprecated support for OpenSSL 1.0.0. Support will be removed in
``cryptography`` 1.7.
* Replaced the Python-based OpenSSL locking callbacks with a C version to fix
a potential deadlock that could occur if a garbage collection cycle occurred
while inside the lock.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` when using OpenSSL
1.1.0.
* Added
:attr:`~cryptography.x509.Certificate.signature_algorithm_oid` support to
:class:`~cryptography.x509.Certificate`.
* Added
:attr:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateSigningRequest`.
* Added
:attr:`~cryptography.x509.CertificateRevocationList.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateRevocationList`.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`
when using OpenSSL 1.1.0.
* Added a workaround to improve compatibility with Python application bundling
tools like ``PyInstaller`` and ``cx_freeze``.
* Added support for generating a
:meth:`~cryptography.x509.random_serial_number`.
* Added support for encoding ``IPv4Network`` and ``
gitextract_ph_05tql/
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── openssl-release.md
│ ├── ISSUE_TEMPLATE.rst
│ ├── actions/
│ │ ├── cache/
│ │ │ └── action.yml
│ │ ├── fetch-vectors/
│ │ │ └── action.yml
│ │ ├── upload-coverage/
│ │ │ └── action.yml
│ │ └── wheel-smoketest/
│ │ └── action.yml
│ ├── bin/
│ │ ├── build_openssl.sh
│ │ ├── bump_dependency.py
│ │ ├── bump_downstreams.sh
│ │ ├── compare_benchmarks.py
│ │ └── merge_rust_coverage.py
│ ├── config/
│ │ └── macos-pkg-choices-freethreaded.xml
│ ├── dependabot.yml
│ ├── downstream.d/
│ │ ├── aws-dynamodb-encryption-python.sh
│ │ ├── aws-encryption-sdk-python.sh
│ │ ├── certbot-josepy.sh
│ │ ├── certbot.sh
│ │ ├── mitmproxy.sh
│ │ ├── paramiko.sh
│ │ ├── pyopenssl-release.sh
│ │ ├── pyopenssl.sh
│ │ ├── scapy.sh
│ │ ├── sigstore-python.sh
│ │ └── twisted.sh
│ ├── requirements/
│ │ ├── build-requirements.in
│ │ ├── build-requirements.txt
│ │ ├── uv-requirements.in
│ │ └── uv-requirements.txt
│ └── workflows/
│ ├── auto-close-stale.yml
│ ├── benchmark.yml
│ ├── boring-open-awslc-bump.yml
│ ├── ci.yml
│ ├── downstream-version-bump.yml
│ ├── linkcheck.yml
│ ├── lock.yml
│ ├── pypi-publish.yml
│ ├── wheel-builder.yml
│ └── x509-limbo-version-bump.yml
├── .gitignore
├── .readthedocs.yml
├── CHANGELOG.rst
├── CONTRIBUTING.rst
├── Cargo.toml
├── LICENSE
├── LICENSE.APACHE
├── LICENSE.BSD
├── README.rst
├── ci-constraints-requirements.txt
├── docs/
│ ├── Makefile
│ ├── _ext/
│ │ ├── cryptography-docs.py
│ │ └── linkcode_res.py
│ ├── _static/
│ │ └── .keep
│ ├── _templates/
│ │ └── layout.html
│ ├── api-stability.rst
│ ├── changelog.rst
│ ├── community.rst
│ ├── conf.py
│ ├── development/
│ │ ├── c-bindings.rst
│ │ ├── custom-vectors/
│ │ │ ├── aes-192-gcm-siv/
│ │ │ │ ├── generate_aes192gcmsiv.py
│ │ │ │ └── verify-aes192gcmsiv/
│ │ │ │ ├── Cargo.toml
│ │ │ │ └── src/
│ │ │ │ └── main.rs
│ │ │ ├── aes-192-gcm-siv.rst
│ │ │ ├── arc4/
│ │ │ │ ├── generate_arc4.py
│ │ │ │ └── verify_arc4.go
│ │ │ ├── arc4.rst
│ │ │ ├── cast5/
│ │ │ │ ├── generate_cast5.py
│ │ │ │ └── verify_cast5.go
│ │ │ ├── cast5.rst
│ │ │ ├── chacha20/
│ │ │ │ ├── generate_chacha20_overflow.py
│ │ │ │ └── verify_chacha20_overflow.py
│ │ │ ├── chacha20.rst
│ │ │ ├── hkdf/
│ │ │ │ ├── generate_hkdf.py
│ │ │ │ └── verify_hkdf.go
│ │ │ ├── hkdf.rst
│ │ │ ├── idea/
│ │ │ │ ├── generate_idea.py
│ │ │ │ └── verify_idea.py
│ │ │ ├── idea.rst
│ │ │ ├── rc2/
│ │ │ │ ├── genrc2.go
│ │ │ │ ├── go.mod
│ │ │ │ └── rc2/
│ │ │ │ └── rc2.go
│ │ │ ├── rc2.rst
│ │ │ ├── rsa-oaep-sha2/
│ │ │ │ ├── VerifyRSAOAEPSHA2.java
│ │ │ │ └── generate_rsa_oaep_sha2.py
│ │ │ ├── rsa-oaep-sha2.rst
│ │ │ ├── secp256k1/
│ │ │ │ ├── generate_secp256k1.py
│ │ │ │ └── verify_secp256k1.py
│ │ │ ├── secp256k1.rst
│ │ │ ├── seed/
│ │ │ │ ├── generate_seed.py
│ │ │ │ └── verify_seed.py
│ │ │ └── seed.rst
│ │ ├── getting-started.rst
│ │ ├── index.rst
│ │ ├── reviewing-patches.rst
│ │ ├── submitting-patches.rst
│ │ └── test-vectors.rst
│ ├── doing-a-release.rst
│ ├── exceptions.rst
│ ├── faq.rst
│ ├── fernet.rst
│ ├── glossary.rst
│ ├── hazmat/
│ │ ├── decrepit/
│ │ │ ├── ciphers.rst
│ │ │ ├── index.rst
│ │ │ └── modes.rst
│ │ └── primitives/
│ │ ├── aead.rst
│ │ ├── asymmetric/
│ │ │ ├── cloudhsm.rst
│ │ │ ├── dh.rst
│ │ │ ├── dsa.rst
│ │ │ ├── ec.rst
│ │ │ ├── ed25519.rst
│ │ │ ├── ed448.rst
│ │ │ ├── index.rst
│ │ │ ├── rsa.rst
│ │ │ ├── serialization.rst
│ │ │ ├── utils.rst
│ │ │ ├── x25519.rst
│ │ │ └── x448.rst
│ │ ├── constant-time.rst
│ │ ├── cryptographic-hashes.rst
│ │ ├── hpke.rst
│ │ ├── index.rst
│ │ ├── key-derivation-functions.rst
│ │ ├── keywrap.rst
│ │ ├── mac/
│ │ │ ├── cmac.rst
│ │ │ ├── hmac.rst
│ │ │ ├── index.rst
│ │ │ └── poly1305.rst
│ │ ├── padding.rst
│ │ ├── symmetric-encryption.rst
│ │ └── twofactor.rst
│ ├── index.rst
│ ├── installation.rst
│ ├── limitations.rst
│ ├── make.bat
│ ├── openssl.rst
│ ├── random-numbers.rst
│ ├── security.rst
│ ├── spelling_wordlist.txt
│ ├── statements/
│ │ ├── index.rst
│ │ └── state-of-openssl.rst
│ └── x509/
│ ├── certificate-transparency.rst
│ ├── index.rst
│ ├── ocsp.rst
│ ├── reference.rst
│ ├── tutorial.rst
│ └── verification.rst
├── noxfile.py
├── pyproject.toml
├── release.py
├── src/
│ ├── _cffi_src/
│ │ ├── __init__.py
│ │ ├── build_openssl.py
│ │ ├── openssl/
│ │ │ ├── __init__.py
│ │ │ ├── asn1.py
│ │ │ ├── bignum.py
│ │ │ ├── bio.py
│ │ │ ├── crypto.py
│ │ │ ├── cryptography.py
│ │ │ ├── dh.py
│ │ │ ├── dsa.py
│ │ │ ├── ec.py
│ │ │ ├── engine.py
│ │ │ ├── err.py
│ │ │ ├── evp.py
│ │ │ ├── nid.py
│ │ │ ├── objects.py
│ │ │ ├── opensslv.py
│ │ │ ├── pem.py
│ │ │ ├── rand.py
│ │ │ ├── rsa.py
│ │ │ ├── ssl.py
│ │ │ ├── x509.py
│ │ │ ├── x509_vfy.py
│ │ │ ├── x509name.py
│ │ │ └── x509v3.py
│ │ └── utils.py
│ ├── cryptography/
│ │ ├── __about__.py
│ │ ├── __init__.py
│ │ ├── exceptions.py
│ │ ├── fernet.py
│ │ ├── hazmat/
│ │ │ ├── __init__.py
│ │ │ ├── _oid.py
│ │ │ ├── asn1/
│ │ │ │ ├── __init__.py
│ │ │ │ └── asn1.py
│ │ │ ├── backends/
│ │ │ │ ├── __init__.py
│ │ │ │ └── openssl/
│ │ │ │ ├── __init__.py
│ │ │ │ └── backend.py
│ │ │ ├── bindings/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _rust/
│ │ │ │ │ ├── __init__.pyi
│ │ │ │ │ ├── _openssl.pyi
│ │ │ │ │ ├── asn1.pyi
│ │ │ │ │ ├── declarative_asn1.pyi
│ │ │ │ │ ├── exceptions.pyi
│ │ │ │ │ ├── ocsp.pyi
│ │ │ │ │ ├── openssl/
│ │ │ │ │ │ ├── __init__.pyi
│ │ │ │ │ │ ├── aead.pyi
│ │ │ │ │ │ ├── ciphers.pyi
│ │ │ │ │ │ ├── cmac.pyi
│ │ │ │ │ │ ├── dh.pyi
│ │ │ │ │ │ ├── dsa.pyi
│ │ │ │ │ │ ├── ec.pyi
│ │ │ │ │ │ ├── ed25519.pyi
│ │ │ │ │ │ ├── ed448.pyi
│ │ │ │ │ │ ├── hashes.pyi
│ │ │ │ │ │ ├── hmac.pyi
│ │ │ │ │ │ ├── hpke.pyi
│ │ │ │ │ │ ├── kdf.pyi
│ │ │ │ │ │ ├── keys.pyi
│ │ │ │ │ │ ├── poly1305.pyi
│ │ │ │ │ │ ├── rsa.pyi
│ │ │ │ │ │ ├── x25519.pyi
│ │ │ │ │ │ └── x448.pyi
│ │ │ │ │ ├── pkcs12.pyi
│ │ │ │ │ ├── pkcs7.pyi
│ │ │ │ │ ├── test_support.pyi
│ │ │ │ │ └── x509.pyi
│ │ │ │ └── openssl/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── _conditional.py
│ │ │ │ └── binding.py
│ │ │ ├── decrepit/
│ │ │ │ ├── __init__.py
│ │ │ │ └── ciphers/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── algorithms.py
│ │ │ │ └── modes.py
│ │ │ └── primitives/
│ │ │ ├── __init__.py
│ │ │ ├── _asymmetric.py
│ │ │ ├── _cipheralgorithm.py
│ │ │ ├── _modes.py
│ │ │ ├── _serialization.py
│ │ │ ├── asymmetric/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dh.py
│ │ │ │ ├── dsa.py
│ │ │ │ ├── ec.py
│ │ │ │ ├── ed25519.py
│ │ │ │ ├── ed448.py
│ │ │ │ ├── padding.py
│ │ │ │ ├── rsa.py
│ │ │ │ ├── types.py
│ │ │ │ ├── utils.py
│ │ │ │ ├── x25519.py
│ │ │ │ └── x448.py
│ │ │ ├── ciphers/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aead.py
│ │ │ │ ├── algorithms.py
│ │ │ │ ├── base.py
│ │ │ │ └── modes.py
│ │ │ ├── cmac.py
│ │ │ ├── constant_time.py
│ │ │ ├── hashes.py
│ │ │ ├── hmac.py
│ │ │ ├── hpke.py
│ │ │ ├── kdf/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── argon2.py
│ │ │ │ ├── concatkdf.py
│ │ │ │ ├── hkdf.py
│ │ │ │ ├── kbkdf.py
│ │ │ │ ├── pbkdf2.py
│ │ │ │ ├── scrypt.py
│ │ │ │ └── x963kdf.py
│ │ │ ├── keywrap.py
│ │ │ ├── padding.py
│ │ │ ├── poly1305.py
│ │ │ ├── serialization/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── pkcs12.py
│ │ │ │ ├── pkcs7.py
│ │ │ │ └── ssh.py
│ │ │ └── twofactor/
│ │ │ ├── __init__.py
│ │ │ ├── hotp.py
│ │ │ └── totp.py
│ │ ├── py.typed
│ │ ├── utils.py
│ │ └── x509/
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── certificate_transparency.py
│ │ ├── extensions.py
│ │ ├── general_name.py
│ │ ├── name.py
│ │ ├── ocsp.py
│ │ ├── oid.py
│ │ └── verification.py
│ └── rust/
│ ├── Cargo.toml
│ ├── build.rs
│ ├── cryptography-cffi/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ └── lib.rs
│ ├── cryptography-crypto/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── constant_time.rs
│ │ ├── encoding.rs
│ │ ├── lib.rs
│ │ ├── pbkdf1.rs
│ │ └── pkcs12.rs
│ ├── cryptography-keepalive/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ └── lib.rs
│ ├── cryptography-key-parsing/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ ├── dsa.rs
│ │ ├── ec.rs
│ │ ├── lib.rs
│ │ ├── pbe.rs
│ │ ├── pem.rs
│ │ ├── pkcs8.rs
│ │ ├── rsa.rs
│ │ ├── spki.rs
│ │ └── utils.rs
│ ├── cryptography-openssl/
│ │ ├── Cargo.toml
│ │ ├── build.rs
│ │ └── src/
│ │ ├── aead.rs
│ │ ├── cmac.rs
│ │ ├── fips.rs
│ │ ├── hmac.rs
│ │ ├── lib.rs
│ │ ├── poly1305.rs
│ │ ├── rand.rs
│ │ └── utils.rs
│ ├── cryptography-x509/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── certificate.rs
│ │ ├── common.rs
│ │ ├── crl.rs
│ │ ├── csr.rs
│ │ ├── ec_constants.rs
│ │ ├── extensions.rs
│ │ ├── lib.rs
│ │ ├── name.rs
│ │ ├── ocsp_req.rs
│ │ ├── ocsp_resp.rs
│ │ ├── oid.rs
│ │ ├── pkcs12.rs
│ │ ├── pkcs7.rs
│ │ └── pkcs8.rs
│ ├── cryptography-x509-verification/
│ │ ├── Cargo.toml
│ │ └── src/
│ │ ├── certificate.rs
│ │ ├── lib.rs
│ │ ├── ops.rs
│ │ ├── policy/
│ │ │ ├── extension.rs
│ │ │ └── mod.rs
│ │ ├── trust_store.rs
│ │ └── types.rs
│ └── src/
│ ├── asn1.rs
│ ├── backend/
│ │ ├── aead.rs
│ │ ├── cipher_registry.rs
│ │ ├── ciphers.rs
│ │ ├── cmac.rs
│ │ ├── dh.rs
│ │ ├── dsa.rs
│ │ ├── ec.rs
│ │ ├── ed25519.rs
│ │ ├── ed448.rs
│ │ ├── hashes.rs
│ │ ├── hmac.rs
│ │ ├── hpke.rs
│ │ ├── kdf.rs
│ │ ├── keys.rs
│ │ ├── mod.rs
│ │ ├── poly1305.rs
│ │ ├── rand.rs
│ │ ├── rsa.rs
│ │ ├── utils.rs
│ │ ├── x25519.rs
│ │ └── x448.rs
│ ├── buf.rs
│ ├── declarative_asn1/
│ │ ├── asn1.rs
│ │ ├── decode.rs
│ │ ├── encode.rs
│ │ ├── mod.rs
│ │ └── types.rs
│ ├── error.rs
│ ├── exceptions.rs
│ ├── lib.rs
│ ├── oid.rs
│ ├── padding.rs
│ ├── pkcs12.rs
│ ├── pkcs7.rs
│ ├── serialization.rs
│ ├── test_support.rs
│ ├── types.rs
│ └── x509/
│ ├── certificate.rs
│ ├── common.rs
│ ├── crl.rs
│ ├── csr.rs
│ ├── extensions.rs
│ ├── mod.rs
│ ├── ocsp.rs
│ ├── ocsp_req.rs
│ ├── ocsp_resp.rs
│ ├── sct.rs
│ ├── sign.rs
│ └── verify/
│ ├── extension_policy.rs
│ ├── mod.rs
│ └── policy.rs
├── tests/
│ ├── __init__.py
│ ├── bench/
│ │ ├── __init__.py
│ │ ├── test_aead.py
│ │ ├── test_ec_load.py
│ │ ├── test_fernet.py
│ │ ├── test_hashes.py
│ │ ├── test_hkdf.py
│ │ ├── test_hmac.py
│ │ └── test_x509.py
│ ├── conftest.py
│ ├── deprecated_module.py
│ ├── doubles.py
│ ├── hazmat/
│ │ ├── __init__.py
│ │ ├── asn1/
│ │ │ ├── test_api.py
│ │ │ └── test_serialization.py
│ │ ├── backends/
│ │ │ ├── __init__.py
│ │ │ └── test_openssl.py
│ │ ├── bindings/
│ │ │ └── test_openssl.py
│ │ ├── primitives/
│ │ │ ├── __init__.py
│ │ │ ├── decrepit/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_3des.py
│ │ │ │ ├── test_algorithms.py
│ │ │ │ ├── test_arc4.py
│ │ │ │ └── test_rc2.py
│ │ │ ├── fixtures_dh.py
│ │ │ ├── fixtures_dsa.py
│ │ │ ├── fixtures_ec.py
│ │ │ ├── fixtures_rsa.py
│ │ │ ├── test_aead.py
│ │ │ ├── test_aes.py
│ │ │ ├── test_aes_gcm.py
│ │ │ ├── test_argon2.py
│ │ │ ├── test_asym_utils.py
│ │ │ ├── test_block.py
│ │ │ ├── test_camellia.py
│ │ │ ├── test_chacha20.py
│ │ │ ├── test_ciphers.py
│ │ │ ├── test_cmac.py
│ │ │ ├── test_concatkdf.py
│ │ │ ├── test_constant_time.py
│ │ │ ├── test_dh.py
│ │ │ ├── test_dsa.py
│ │ │ ├── test_ec.py
│ │ │ ├── test_ed25519.py
│ │ │ ├── test_ed448.py
│ │ │ ├── test_hash_vectors.py
│ │ │ ├── test_hashes.py
│ │ │ ├── test_hkdf.py
│ │ │ ├── test_hkdf_vectors.py
│ │ │ ├── test_hmac.py
│ │ │ ├── test_hmac_vectors.py
│ │ │ ├── test_hpke.py
│ │ │ ├── test_kbkdf.py
│ │ │ ├── test_kbkdf_vectors.py
│ │ │ ├── test_keywrap.py
│ │ │ ├── test_padding.py
│ │ │ ├── test_pbkdf2hmac.py
│ │ │ ├── test_pbkdf2hmac_vectors.py
│ │ │ ├── test_pkcs12.py
│ │ │ ├── test_pkcs7.py
│ │ │ ├── test_poly1305.py
│ │ │ ├── test_rsa.py
│ │ │ ├── test_scrypt.py
│ │ │ ├── test_serialization.py
│ │ │ ├── test_sm4.py
│ │ │ ├── test_ssh.py
│ │ │ ├── test_x25519.py
│ │ │ ├── test_x448.py
│ │ │ ├── test_x963_vectors.py
│ │ │ ├── test_x963kdf.py
│ │ │ ├── test_xofhash.py
│ │ │ ├── twofactor/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_hotp.py
│ │ │ │ └── test_totp.py
│ │ │ └── utils.py
│ │ └── test_oid.py
│ ├── test_cryptography_utils.py
│ ├── test_doubles.py
│ ├── test_fernet.py
│ ├── test_meta.py
│ ├── test_utils.py
│ ├── test_warnings.py
│ ├── utils.py
│ ├── wycheproof/
│ │ ├── __init__.py
│ │ ├── test_aes.py
│ │ ├── test_chacha20poly1305.py
│ │ ├── test_cmac.py
│ │ ├── test_dsa.py
│ │ ├── test_ecdh.py
│ │ ├── test_ecdsa.py
│ │ ├── test_eddsa.py
│ │ ├── test_hkdf.py
│ │ ├── test_hmac.py
│ │ ├── test_keywrap.py
│ │ ├── test_pbkdf2.py
│ │ ├── test_rsa.py
│ │ ├── test_utils.py
│ │ ├── test_x25519.py
│ │ ├── test_x448.py
│ │ └── utils.py
│ └── x509/
│ ├── __init__.py
│ ├── test_name.py
│ ├── test_ocsp.py
│ ├── test_x509.py
│ ├── test_x509_crlbuilder.py
│ ├── test_x509_ext.py
│ ├── test_x509_revokedcertbuilder.py
│ └── verification/
│ ├── __init__.py
│ ├── test_limbo.py
│ └── test_verification.py
└── vectors/
├── LICENSE
├── LICENSE.APACHE
├── LICENSE.BSD
├── README.rst
├── cryptography_vectors/
│ ├── CMAC/
│ │ ├── nist-800-38b-3des.txt
│ │ ├── nist-800-38b-aes128.txt
│ │ ├── nist-800-38b-aes192.txt
│ │ └── nist-800-38b-aes256.txt
│ ├── HMAC/
│ │ ├── rfc-2202-md5.txt
│ │ ├── rfc-2202-sha1.txt
│ │ ├── rfc-2286-ripemd160.txt
│ │ ├── rfc-4231-sha224.txt
│ │ ├── rfc-4231-sha256.txt
│ │ ├── rfc-4231-sha384.txt
│ │ └── rfc-4231-sha512.txt
│ ├── HPKE/
│ │ ├── hpke-pq-test-vectors.json
│ │ └── test-vectors.json
│ ├── KDF/
│ │ ├── ansx963_2001.txt
│ │ ├── argon2d.txt
│ │ ├── argon2i.txt
│ │ ├── argon2id.txt
│ │ ├── hkdf-generated.txt
│ │ ├── nist-800-108-KBKDF-CTR.txt
│ │ ├── rfc-5869-HKDF-SHA1.txt
│ │ ├── rfc-5869-HKDF-SHA256.txt
│ │ ├── rfc-6070-PBKDF2-SHA1.txt
│ │ └── scrypt.txt
│ ├── __about__.py
│ ├── __init__.py
│ ├── asymmetric/
│ │ ├── DER_Serialization/
│ │ │ ├── dsa.1024.der
│ │ │ ├── dsa.2048.der
│ │ │ ├── dsa.3072.der
│ │ │ ├── dsa_public_key.der
│ │ │ ├── dsa_public_key_invalid_bit_string.der
│ │ │ ├── dsa_public_key_no_params.der
│ │ │ ├── ec_private_key.der
│ │ │ ├── ec_private_key_encrypted.der
│ │ │ ├── ec_public_key.der
│ │ │ ├── enc-rsa-pkcs8.der
│ │ │ ├── enc2-rsa-pkcs8.der
│ │ │ ├── rsa_public_key.der
│ │ │ ├── testrsa.der
│ │ │ ├── unenc-dsa-pkcs8.der
│ │ │ ├── unenc-dsa-pkcs8.pub.der
│ │ │ ├── unenc-rsa-pkcs8.der
│ │ │ └── unenc-rsa-pkcs8.pub.der
│ │ ├── DH/
│ │ │ ├── KASValidityTest_FFCStatic_NOKC_ZZOnly_init.fax
│ │ │ ├── KASValidityTest_FFCStatic_NOKC_ZZOnly_resp.fax
│ │ │ ├── RFC5114.txt
│ │ │ ├── bad_exchange.txt
│ │ │ ├── dh_key_256.pem
│ │ │ ├── dhkey.der
│ │ │ ├── dhkey.pem
│ │ │ ├── dhkey.txt
│ │ │ ├── dhkey_rfc5114_2.der
│ │ │ ├── dhkey_rfc5114_2.pem
│ │ │ ├── dhkey_rfc5114_2.txt
│ │ │ ├── dhp.der
│ │ │ ├── dhp.pem
│ │ │ ├── dhp_rfc5114_2.der
│ │ │ ├── dhp_rfc5114_2.pem
│ │ │ ├── dhpub.der
│ │ │ ├── dhpub.pem
│ │ │ ├── dhpub_cryptography_old.pem
│ │ │ ├── dhpub_rfc5114_2.der
│ │ │ ├── dhpub_rfc5114_2.pem
│ │ │ ├── rfc3526.txt
│ │ │ └── vec.txt
│ │ ├── DSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PQGGen.rsp
│ │ │ │ ├── PQGGen.txt
│ │ │ │ ├── PQGVer.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── FIPS_186-3/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PQGGen.rsp
│ │ │ │ ├── PQGGen.txt
│ │ │ │ ├── PQGVer.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ └── custom/
│ │ │ └── nilpotent.pem
│ │ ├── EC/
│ │ │ ├── compressed_points.txt
│ │ │ ├── ec-missing-curve.pem
│ │ │ ├── explicit_parameters_private_key.pem
│ │ │ ├── explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem
│ │ │ ├── high-bit-set.pem
│ │ │ ├── secp128r1_private_key.pem
│ │ │ ├── secp256k1-explicit-no-seed.pem
│ │ │ ├── secp256k1-pub-explicit-no-seed.pem
│ │ │ ├── secp256r1-explicit-no-seed.pem
│ │ │ ├── secp256r1-explicit-seed.pem
│ │ │ ├── secp256r1-pub-explicit-no-seed.pem
│ │ │ ├── secp256r1-pub-explicit-seed.pem
│ │ │ ├── secp384r1-explicit-no-seed.pem
│ │ │ ├── secp384r1-explicit-seed.pem
│ │ │ ├── secp384r1-pub-explicit-no-seed.pem
│ │ │ ├── secp384r1-pub-explicit-seed.pem
│ │ │ ├── secp521r1-explicit-no-seed.pem
│ │ │ ├── secp521r1-explicit-seed.pem
│ │ │ ├── secp521r1-pub-explicit-no-seed.pem
│ │ │ ├── secp521r1-pub-explicit-seed.pem
│ │ │ ├── sect163k1-spki.pem
│ │ │ ├── sect163r2-spki.pem
│ │ │ ├── sect233k1-spki.pem
│ │ │ ├── sect233r1-spki.pem
│ │ │ └── truncated-private-key.der
│ │ ├── ECDH/
│ │ │ ├── KASValidityTest_ECCStaticUnified_KDFConcat_NOKC_init.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_KDFConcat_NOKC_resp.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
│ │ │ ├── KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_resp.fax
│ │ │ └── brainpool.txt
│ │ ├── ECDSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PKV.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── FIPS_186-3/
│ │ │ │ ├── KeyPair.rsp
│ │ │ │ ├── PKV.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen.rsp
│ │ │ │ ├── SigGen.txt
│ │ │ │ └── SigVer.rsp
│ │ │ ├── RFC6979/
│ │ │ │ └── evppkey_ecdsa_rfc6979.txt
│ │ │ └── SECP256K1/
│ │ │ └── SigGen.txt
│ │ ├── Ed25519/
│ │ │ ├── ed25519-pkcs8-enc.der
│ │ │ ├── ed25519-pkcs8-enc.pem
│ │ │ ├── ed25519-pkcs8.der
│ │ │ ├── ed25519-pkcs8.pem
│ │ │ ├── ed25519-pub.der
│ │ │ ├── ed25519-pub.pem
│ │ │ └── sign.input
│ │ ├── Ed448/
│ │ │ ├── ed448-pkcs8-enc.der
│ │ │ ├── ed448-pkcs8-enc.pem
│ │ │ ├── ed448-pkcs8.der
│ │ │ ├── ed448-pkcs8.pem
│ │ │ ├── ed448-pub.der
│ │ │ ├── ed448-pub.pem
│ │ │ └── rfc8032.txt
│ │ ├── MLDSA/
│ │ │ ├── kat_MLDSA_44_det_pure.rsp
│ │ │ ├── kat_MLDSA_65_det_pure.rsp
│ │ │ └── kat_MLDSA_87_det_pure.rsp
│ │ ├── OpenSSH/
│ │ │ ├── certs/
│ │ │ │ ├── dsa-p256.pub
│ │ │ │ ├── p256-dsa.pub
│ │ │ │ ├── p256-ed25519-non-singular-crit-opt-val.pub
│ │ │ │ ├── p256-ed25519-non-singular-ext-val.pub
│ │ │ │ ├── p256-p256-broken-signature-key-type.pub
│ │ │ │ ├── p256-p256-duplicate-crit-opts.pub
│ │ │ │ ├── p256-p256-duplicate-extension.pub
│ │ │ │ ├── p256-p256-empty-principals.pub
│ │ │ │ ├── p256-p256-invalid-cert-type.pub
│ │ │ │ ├── p256-p256-non-lexical-crit-opts.pub
│ │ │ │ ├── p256-p256-non-lexical-extensions.pub
│ │ │ │ ├── p256-p384.pub
│ │ │ │ ├── p256-p521.pub
│ │ │ │ ├── p256-rsa-sha1.pub
│ │ │ │ ├── p256-rsa-sha256.pub
│ │ │ │ └── p256-rsa-sha512.pub
│ │ │ ├── dsa-nopsw.key
│ │ │ ├── dsa-nopsw.key-cert.pub
│ │ │ ├── dsa-nopsw.key.pub
│ │ │ ├── dsa-psw.key
│ │ │ ├── dsa-psw.key.pub
│ │ │ ├── ecdsa-nopsw.key
│ │ │ ├── ecdsa-nopsw.key-cert.pub
│ │ │ ├── ecdsa-nopsw.key.pub
│ │ │ ├── ecdsa-psw.key
│ │ │ ├── ecdsa-psw.key.pub
│ │ │ ├── ed25519-aesgcm-psw.key
│ │ │ ├── ed25519-aesgcm-psw.key.pub
│ │ │ ├── ed25519-nopsw.key
│ │ │ ├── ed25519-nopsw.key-cert.pub
│ │ │ ├── ed25519-nopsw.key.pub
│ │ │ ├── ed25519-psw.key
│ │ │ ├── ed25519-psw.key.pub
│ │ │ ├── gen.sh
│ │ │ ├── rsa-nopsw.key
│ │ │ ├── rsa-nopsw.key-cert.pub
│ │ │ ├── rsa-nopsw.key.pub
│ │ │ ├── rsa-psw.key
│ │ │ ├── rsa-psw.key.pub
│ │ │ ├── sk-ecdsa-nopsw.key
│ │ │ ├── sk-ecdsa-nopsw.key.pub
│ │ │ ├── sk-ecdsa-psw.key
│ │ │ ├── sk-ecdsa-psw.key.pub
│ │ │ ├── sk-ed25519-nopsw.key
│ │ │ ├── sk-ed25519-nopsw.key.pub
│ │ │ ├── sk-ed25519-psw.key
│ │ │ └── sk-ed25519-psw.key.pub
│ │ ├── PEM_Serialization/
│ │ │ ├── README.txt
│ │ │ ├── dsa_4096.pem
│ │ │ ├── dsa_private_key.pem
│ │ │ ├── dsa_public_key.pem
│ │ │ ├── dsaparam.pem
│ │ │ ├── ec_private_key.pem
│ │ │ ├── ec_private_key_encrypted.pem
│ │ │ ├── ec_public_key.pem
│ │ │ ├── ec_public_key_rsa_delimiter.pem
│ │ │ ├── rsa-bad-1025-q-is-2.pem
│ │ │ ├── rsa_private_key.pem
│ │ │ ├── rsa_public_key.pem
│ │ │ └── rsa_wrong_delimiter_public_key.pem
│ │ ├── PKCS8/
│ │ │ ├── bad-encryption-oid.pem
│ │ │ ├── bad-oid-dsa-key.pem
│ │ │ ├── ec-consistent-curve.pem
│ │ │ ├── ec-inconsistent-curve.pem
│ │ │ ├── ec-inconsistent-curve2.pem
│ │ │ ├── ec-invalid-private-scalar.pem
│ │ │ ├── ec-invalid-version.pem
│ │ │ ├── ec_oid_not_in_reg_private_2.pkcs8.pem
│ │ │ ├── ec_private_key.pem
│ │ │ ├── ec_private_key_encrypted.pem
│ │ │ ├── ecc_private_with_rfc5915_ext.pem
│ │ │ ├── ed25519-scrypt.pem
│ │ │ ├── enc-ec-sha1-128-rc4.pem
│ │ │ ├── enc-rsa-3des.pem
│ │ │ ├── enc-rsa-pkcs8-pbkdf2-0iter.pem
│ │ │ ├── enc-rsa-pkcs8.pem
│ │ │ ├── enc-unknown-algorithm.pem
│ │ │ ├── enc-unknown-kdf.pem
│ │ │ ├── enc-unknown-pbkdf2-prf.pem
│ │ │ ├── enc2-rsa-pkcs8.pem
│ │ │ ├── invalid-version.der
│ │ │ ├── nodompar_private.pkcs8.pem
│ │ │ ├── pkcs12_s2k_pem-X_9607.pem
│ │ │ ├── pkcs12_s2k_pem-X_9671.pem
│ │ │ ├── pkcs12_s2k_pem-X_9925.pem
│ │ │ ├── pkcs12_s2k_pem-X_9926.pem
│ │ │ ├── pkcs12_s2k_pem-X_9927.pem
│ │ │ ├── pkcs12_s2k_pem-X_9928.pem
│ │ │ ├── pkcs12_s2k_pem-X_9929.pem
│ │ │ ├── pkcs12_s2k_pem-X_9930.pem
│ │ │ ├── pkcs12_s2k_pem-X_9931.pem
│ │ │ ├── pkcs12_s2k_pem-X_9932.pem
│ │ │ ├── private.pem
│ │ │ ├── rsa-40bitrc2.pem
│ │ │ ├── rsa-aes-192-cbc.pem
│ │ │ ├── rsa-pbe-3des-long-salt.pem
│ │ │ ├── rsa-pbewithmd5anddescbc.pem
│ │ │ ├── rsa-rc2-cbc-effective-key-length.pem
│ │ │ ├── rsa-rc2-cbc.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
│ │ │ ├── rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
│ │ │ ├── rsa_pss_2048.pem
│ │ │ ├── rsa_pss_2048_hash.pem
│ │ │ ├── rsa_pss_2048_hash_mask.pem
│ │ │ ├── rsa_pss_2048_hash_mask_diff.pem
│ │ │ ├── rsa_pss_2048_hash_mask_salt.pem
│ │ │ ├── rsa_pss_2048_pub.der
│ │ │ ├── unenc-dsa-pkcs8.pem
│ │ │ ├── unenc-dsa-pkcs8.pub.pem
│ │ │ ├── unenc-rsa-pkcs8.pem
│ │ │ ├── unenc-rsa-pkcs8.pub.pem
│ │ │ ├── unknown-oid.der
│ │ │ ├── withdompar_private.pkcs8.pem
│ │ │ └── wrong-pem-delimiter-rsa.pem
│ │ ├── RSA/
│ │ │ ├── FIPS_186-2/
│ │ │ │ ├── KeyGenRSA.rsp
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── SigGen15_186-2.rsp
│ │ │ │ ├── SigGen15_186-2.txt
│ │ │ │ ├── SigGen15_186-3.rsp
│ │ │ │ ├── SigGenPSS_186-2.rsp
│ │ │ │ ├── SigGenPSS_186-2.txt
│ │ │ │ ├── SigGenPSS_186-3.rsp
│ │ │ │ ├── SigGenRSA.rsp
│ │ │ │ ├── SigGenRSA_186-2.rsp
│ │ │ │ ├── SigGenRSA_186-2.txt
│ │ │ │ ├── SigVer15_186-3.rsp
│ │ │ │ ├── SigVerPSS_186-3.rsp
│ │ │ │ └── SigVerRSA.rsp
│ │ │ ├── SigVer15EMTest.txt
│ │ │ ├── oaep-custom/
│ │ │ │ ├── oaep-sha1-sha224.txt
│ │ │ │ ├── oaep-sha1-sha256.txt
│ │ │ │ ├── oaep-sha1-sha384.txt
│ │ │ │ ├── oaep-sha1-sha512.txt
│ │ │ │ ├── oaep-sha224-sha1.txt
│ │ │ │ ├── oaep-sha224-sha224.txt
│ │ │ │ ├── oaep-sha224-sha256.txt
│ │ │ │ ├── oaep-sha224-sha384.txt
│ │ │ │ ├── oaep-sha224-sha512.txt
│ │ │ │ ├── oaep-sha256-sha1.txt
│ │ │ │ ├── oaep-sha256-sha224.txt
│ │ │ │ ├── oaep-sha256-sha256.txt
│ │ │ │ ├── oaep-sha256-sha384.txt
│ │ │ │ ├── oaep-sha256-sha512.txt
│ │ │ │ ├── oaep-sha384-sha1.txt
│ │ │ │ ├── oaep-sha384-sha224.txt
│ │ │ │ ├── oaep-sha384-sha256.txt
│ │ │ │ ├── oaep-sha384-sha384.txt
│ │ │ │ ├── oaep-sha384-sha512.txt
│ │ │ │ ├── oaep-sha512-sha1.txt
│ │ │ │ ├── oaep-sha512-sha224.txt
│ │ │ │ ├── oaep-sha512-sha256.txt
│ │ │ │ ├── oaep-sha512-sha384.txt
│ │ │ │ └── oaep-sha512-sha512.txt
│ │ │ ├── oaep-label.txt
│ │ │ ├── pkcs-1v2-1d2-vec/
│ │ │ │ ├── oaep-int.txt
│ │ │ │ ├── oaep-vect.txt
│ │ │ │ ├── pss-int.txt
│ │ │ │ ├── pss-vect.txt
│ │ │ │ └── readme.txt
│ │ │ ├── pkcs1v15crypt-vectors.txt
│ │ │ └── pkcs1v15sign-vectors.txt
│ │ ├── Traditional_OpenSSL_Serialization/
│ │ │ ├── dsa-wrong-version.pem
│ │ │ ├── dsa.1024.pem
│ │ │ ├── dsa.2048.pem
│ │ │ ├── dsa.3072.pem
│ │ │ ├── key1-malformed-dek-info.pem
│ │ │ ├── key1-malformed-iv.pem
│ │ │ ├── key1-no-dek-info.pem
│ │ │ ├── key1-short-iv.pem
│ │ │ ├── key1.pem
│ │ │ ├── key2.pem
│ │ │ ├── rsa-wrong-version.pem
│ │ │ ├── testrsa-encrypted.pem
│ │ │ └── testrsa.pem
│ │ ├── X25519/
│ │ │ ├── rfc7748.txt
│ │ │ ├── x25519-pkcs8-enc.der
│ │ │ ├── x25519-pkcs8-enc.pem
│ │ │ ├── x25519-pkcs8.der
│ │ │ ├── x25519-pkcs8.pem
│ │ │ ├── x25519-pub.der
│ │ │ └── x25519-pub.pem
│ │ ├── X448/
│ │ │ ├── rfc7748.txt
│ │ │ ├── x448-pkcs8-enc.der
│ │ │ ├── x448-pkcs8-enc.pem
│ │ │ ├── x448-pkcs8.der
│ │ │ ├── x448-pkcs8.pem
│ │ │ ├── x448-pub.der
│ │ │ └── x448-pub.pem
│ │ └── public/
│ │ └── PKCS1/
│ │ ├── dsa.pub.pem
│ │ ├── rsa.pub.der
│ │ └── rsa.pub.pem
│ ├── ciphers/
│ │ ├── 3DES/
│ │ │ ├── CBC/
│ │ │ │ ├── TCBCIMMT1.rsp
│ │ │ │ ├── TCBCIMMT2.rsp
│ │ │ │ ├── TCBCIMMT3.rsp
│ │ │ │ ├── TCBCIinvperm.rsp
│ │ │ │ ├── TCBCIpermop.rsp
│ │ │ │ ├── TCBCIsubtab.rsp
│ │ │ │ ├── TCBCIvarkey.rsp
│ │ │ │ ├── TCBCIvartext.rsp
│ │ │ │ ├── TCBCMMT1.rsp
│ │ │ │ ├── TCBCMMT2.rsp
│ │ │ │ ├── TCBCMMT3.rsp
│ │ │ │ ├── TCBCinvperm.rsp
│ │ │ │ ├── TCBCpermop.rsp
│ │ │ │ ├── TCBCsubtab.rsp
│ │ │ │ ├── TCBCvarkey.rsp
│ │ │ │ └── TCBCvartext.rsp
│ │ │ ├── CFB/
│ │ │ │ ├── TCFB1MMT1.rsp
│ │ │ │ ├── TCFB1MMT2.rsp
│ │ │ │ ├── TCFB1MMT3.rsp
│ │ │ │ ├── TCFB1invperm.rsp
│ │ │ │ ├── TCFB1permop.rsp
│ │ │ │ ├── TCFB1subtab.rsp
│ │ │ │ ├── TCFB1varkey.rsp
│ │ │ │ ├── TCFB1vartext.rsp
│ │ │ │ ├── TCFB64MMT1.rsp
│ │ │ │ ├── TCFB64MMT2.rsp
│ │ │ │ ├── TCFB64MMT3.rsp
│ │ │ │ ├── TCFB64invperm.rsp
│ │ │ │ ├── TCFB64permop.rsp
│ │ │ │ ├── TCFB64subtab.rsp
│ │ │ │ ├── TCFB64varkey.rsp
│ │ │ │ ├── TCFB64vartext.rsp
│ │ │ │ ├── TCFB8MMT1.rsp
│ │ │ │ ├── TCFB8MMT2.rsp
│ │ │ │ ├── TCFB8MMT3.rsp
│ │ │ │ ├── TCFB8invperm.rsp
│ │ │ │ ├── TCFB8permop.rsp
│ │ │ │ ├── TCFB8subtab.rsp
│ │ │ │ ├── TCFB8varkey.rsp
│ │ │ │ ├── TCFB8vartext.rsp
│ │ │ │ ├── TCFBP1MMT1.rsp
│ │ │ │ ├── TCFBP1MMT2.rsp
│ │ │ │ ├── TCFBP1MMT3.rsp
│ │ │ │ ├── TCFBP1invperm.rsp
│ │ │ │ ├── TCFBP1permop.rsp
│ │ │ │ ├── TCFBP1subtab.rsp
│ │ │ │ ├── TCFBP1varkey.rsp
│ │ │ │ ├── TCFBP1vartext.rsp
│ │ │ │ ├── TCFBP64MMT1.rsp
│ │ │ │ ├── TCFBP64MMT2.rsp
│ │ │ │ ├── TCFBP64MMT3.rsp
│ │ │ │ ├── TCFBP64invperm.rsp
│ │ │ │ ├── TCFBP64permop.rsp
│ │ │ │ ├── TCFBP64subtab.rsp
│ │ │ │ ├── TCFBP64varkey.rsp
│ │ │ │ ├── TCFBP64vartext.rsp
│ │ │ │ ├── TCFBP8MMT1.rsp
│ │ │ │ ├── TCFBP8MMT2.rsp
│ │ │ │ ├── TCFBP8MMT3.rsp
│ │ │ │ ├── TCFBP8invperm.rsp
│ │ │ │ ├── TCFBP8permop.rsp
│ │ │ │ ├── TCFBP8subtab.rsp
│ │ │ │ ├── TCFBP8varkey.rsp
│ │ │ │ └── TCFBP8vartext.rsp
│ │ │ ├── ECB/
│ │ │ │ ├── TECBMMT1.rsp
│ │ │ │ ├── TECBMMT2.rsp
│ │ │ │ ├── TECBMMT3.rsp
│ │ │ │ ├── TECBinvperm.rsp
│ │ │ │ ├── TECBpermop.rsp
│ │ │ │ ├── TECBsubtab.rsp
│ │ │ │ ├── TECBvarkey.rsp
│ │ │ │ └── TECBvartext.rsp
│ │ │ └── OFB/
│ │ │ ├── TOFBIMMT1.rsp
│ │ │ ├── TOFBIMMT2.rsp
│ │ │ ├── TOFBIMMT3.rsp
│ │ │ ├── TOFBIinvperm.rsp
│ │ │ ├── TOFBIpermop.rsp
│ │ │ ├── TOFBIsubtab.rsp
│ │ │ ├── TOFBIvarkey.rsp
│ │ │ ├── TOFBIvartext.rsp
│ │ │ ├── TOFBMMT1.rsp
│ │ │ ├── TOFBMMT2.rsp
│ │ │ ├── TOFBMMT3.rsp
│ │ │ ├── TOFBinvperm.rsp
│ │ │ ├── TOFBpermop.rsp
│ │ │ ├── TOFBsubtab.rsp
│ │ │ ├── TOFBvarkey.rsp
│ │ │ └── TOFBvartext.rsp
│ │ ├── AES/
│ │ │ ├── CBC/
│ │ │ │ ├── CBCGFSbox128.rsp
│ │ │ │ ├── CBCGFSbox192.rsp
│ │ │ │ ├── CBCGFSbox256.rsp
│ │ │ │ ├── CBCKeySbox128.rsp
│ │ │ │ ├── CBCKeySbox192.rsp
│ │ │ │ ├── CBCKeySbox256.rsp
│ │ │ │ ├── CBCMMT128.rsp
│ │ │ │ ├── CBCMMT192.rsp
│ │ │ │ ├── CBCMMT256.rsp
│ │ │ │ ├── CBCVarKey128.rsp
│ │ │ │ ├── CBCVarKey192.rsp
│ │ │ │ ├── CBCVarKey256.rsp
│ │ │ │ ├── CBCVarTxt128.rsp
│ │ │ │ ├── CBCVarTxt192.rsp
│ │ │ │ └── CBCVarTxt256.rsp
│ │ │ ├── CCM/
│ │ │ │ ├── DVPT128.rsp
│ │ │ │ ├── DVPT128.txt
│ │ │ │ ├── DVPT192.rsp
│ │ │ │ ├── DVPT192.txt
│ │ │ │ ├── DVPT256.rsp
│ │ │ │ ├── DVPT256.txt
│ │ │ │ ├── Readme.txt
│ │ │ │ ├── VADT128.rsp
│ │ │ │ ├── VADT192.rsp
│ │ │ │ ├── VADT256.rsp
│ │ │ │ ├── VNT128.rsp
│ │ │ │ ├── VNT192.rsp
│ │ │ │ ├── VNT256.rsp
│ │ │ │ ├── VPT128.rsp
│ │ │ │ ├── VPT192.rsp
│ │ │ │ ├── VPT256.rsp
│ │ │ │ ├── VTT128.rsp
│ │ │ │ ├── VTT192.rsp
│ │ │ │ └── VTT256.rsp
│ │ │ ├── CFB/
│ │ │ │ ├── CFB128GFSbox128.rsp
│ │ │ │ ├── CFB128GFSbox192.rsp
│ │ │ │ ├── CFB128GFSbox256.rsp
│ │ │ │ ├── CFB128KeySbox128.rsp
│ │ │ │ ├── CFB128KeySbox192.rsp
│ │ │ │ ├── CFB128KeySbox256.rsp
│ │ │ │ ├── CFB128MMT128.rsp
│ │ │ │ ├── CFB128MMT192.rsp
│ │ │ │ ├── CFB128MMT256.rsp
│ │ │ │ ├── CFB128VarKey128.rsp
│ │ │ │ ├── CFB128VarKey192.rsp
│ │ │ │ ├── CFB128VarKey256.rsp
│ │ │ │ ├── CFB128VarTxt128.rsp
│ │ │ │ ├── CFB128VarTxt192.rsp
│ │ │ │ ├── CFB128VarTxt256.rsp
│ │ │ │ ├── CFB1GFSbox128.rsp
│ │ │ │ ├── CFB1GFSbox192.rsp
│ │ │ │ ├── CFB1GFSbox256.rsp
│ │ │ │ ├── CFB1KeySbox128.rsp
│ │ │ │ ├── CFB1KeySbox192.rsp
│ │ │ │ ├── CFB1KeySbox256.rsp
│ │ │ │ ├── CFB1MMT128.rsp
│ │ │ │ ├── CFB1MMT192.rsp
│ │ │ │ ├── CFB1MMT256.rsp
│ │ │ │ ├── CFB1VarKey128.rsp
│ │ │ │ ├── CFB1VarKey192.rsp
│ │ │ │ ├── CFB1VarKey256.rsp
│ │ │ │ ├── CFB1VarTxt128.rsp
│ │ │ │ ├── CFB1VarTxt192.rsp
│ │ │ │ ├── CFB1VarTxt256.rsp
│ │ │ │ ├── CFB8GFSbox128.rsp
│ │ │ │ ├── CFB8GFSbox192.rsp
│ │ │ │ ├── CFB8GFSbox256.rsp
│ │ │ │ ├── CFB8KeySbox128.rsp
│ │ │ │ ├── CFB8KeySbox192.rsp
│ │ │ │ ├── CFB8KeySbox256.rsp
│ │ │ │ ├── CFB8MMT128.rsp
│ │ │ │ ├── CFB8MMT192.rsp
│ │ │ │ ├── CFB8MMT256.rsp
│ │ │ │ ├── CFB8VarKey128.rsp
│ │ │ │ ├── CFB8VarKey192.rsp
│ │ │ │ ├── CFB8VarKey256.rsp
│ │ │ │ ├── CFB8VarTxt128.rsp
│ │ │ │ ├── CFB8VarTxt192.rsp
│ │ │ │ └── CFB8VarTxt256.rsp
│ │ │ ├── CTR/
│ │ │ │ ├── aes-128-ctr.txt
│ │ │ │ ├── aes-192-ctr.txt
│ │ │ │ └── aes-256-ctr.txt
│ │ │ ├── ECB/
│ │ │ │ ├── ECBGFSbox128.rsp
│ │ │ │ ├── ECBGFSbox192.rsp
│ │ │ │ ├── ECBGFSbox256.rsp
│ │ │ │ ├── ECBKeySbox128.rsp
│ │ │ │ ├── ECBKeySbox192.rsp
│ │ │ │ ├── ECBKeySbox256.rsp
│ │ │ │ ├── ECBMMT128.rsp
│ │ │ │ ├── ECBMMT192.rsp
│ │ │ │ ├── ECBMMT256.rsp
│ │ │ │ ├── ECBVarKey128.rsp
│ │ │ │ ├── ECBVarKey192.rsp
│ │ │ │ ├── ECBVarKey256.rsp
│ │ │ │ ├── ECBVarTxt128.rsp
│ │ │ │ ├── ECBVarTxt192.rsp
│ │ │ │ └── ECBVarTxt256.rsp
│ │ │ ├── GCM/
│ │ │ │ ├── gcmDecrypt128.rsp
│ │ │ │ ├── gcmDecrypt192.rsp
│ │ │ │ ├── gcmDecrypt256.rsp
│ │ │ │ ├── gcmEncryptExtIV128.rsp
│ │ │ │ ├── gcmEncryptExtIV192.rsp
│ │ │ │ └── gcmEncryptExtIV256.rsp
│ │ │ ├── GCM-SIV/
│ │ │ │ ├── aes-192-gcm-siv.txt
│ │ │ │ └── openssl.txt
│ │ │ ├── OCB3/
│ │ │ │ ├── openssl.txt
│ │ │ │ ├── rfc7253.txt
│ │ │ │ ├── test-vector-1-nonce104.txt
│ │ │ │ ├── test-vector-1-nonce112.txt
│ │ │ │ └── test-vector-1-nonce120.txt
│ │ │ ├── OFB/
│ │ │ │ ├── OFBGFSbox128.rsp
│ │ │ │ ├── OFBGFSbox192.rsp
│ │ │ │ ├── OFBGFSbox256.rsp
│ │ │ │ ├── OFBKeySbox128.rsp
│ │ │ │ ├── OFBKeySbox192.rsp
│ │ │ │ ├── OFBKeySbox256.rsp
│ │ │ │ ├── OFBMMT128.rsp
│ │ │ │ ├── OFBMMT192.rsp
│ │ │ │ ├── OFBMMT256.rsp
│ │ │ │ ├── OFBVarKey128.rsp
│ │ │ │ ├── OFBVarKey192.rsp
│ │ │ │ ├── OFBVarKey256.rsp
│ │ │ │ ├── OFBVarTxt128.rsp
│ │ │ │ ├── OFBVarTxt192.rsp
│ │ │ │ └── OFBVarTxt256.rsp
│ │ │ ├── SIV/
│ │ │ │ └── openssl.txt
│ │ │ └── XTS/
│ │ │ ├── tweak-128hexstr/
│ │ │ │ ├── XTSGenAES128.rsp
│ │ │ │ └── XTSGenAES256.rsp
│ │ │ └── tweak-dataunitseqno/
│ │ │ ├── XTSGenAES128.rsp
│ │ │ └── XTSGenAES256.rsp
│ │ ├── ARC4/
│ │ │ ├── arc4.txt
│ │ │ ├── rfc-6229-128.txt
│ │ │ ├── rfc-6229-192.txt
│ │ │ ├── rfc-6229-256.txt
│ │ │ ├── rfc-6229-40.txt
│ │ │ ├── rfc-6229-56.txt
│ │ │ ├── rfc-6229-64.txt
│ │ │ └── rfc-6229-80.txt
│ │ ├── Blowfish/
│ │ │ ├── bf-cbc.txt
│ │ │ ├── bf-cfb.txt
│ │ │ ├── bf-ecb.txt
│ │ │ └── bf-ofb.txt
│ │ ├── CAST5/
│ │ │ ├── cast5-cbc.txt
│ │ │ ├── cast5-cfb.txt
│ │ │ ├── cast5-ctr.txt
│ │ │ ├── cast5-ecb.txt
│ │ │ └── cast5-ofb.txt
│ │ ├── Camellia/
│ │ │ ├── camellia-128-ecb.txt
│ │ │ ├── camellia-192-ecb.txt
│ │ │ ├── camellia-256-ecb.txt
│ │ │ ├── camellia-cbc.txt
│ │ │ ├── camellia-cfb.txt
│ │ │ └── camellia-ofb.txt
│ │ ├── ChaCha20/
│ │ │ ├── counter-overflow.txt
│ │ │ └── rfc7539.txt
│ │ ├── ChaCha20Poly1305/
│ │ │ ├── boringssl.txt
│ │ │ └── openssl.txt
│ │ ├── IDEA/
│ │ │ ├── idea-cbc.txt
│ │ │ ├── idea-cfb.txt
│ │ │ ├── idea-ecb.txt
│ │ │ └── idea-ofb.txt
│ │ ├── RC2/
│ │ │ └── rc2-cbc.txt
│ │ ├── SEED/
│ │ │ ├── rfc-4196.txt
│ │ │ ├── rfc-4269.txt
│ │ │ ├── seed-cfb.txt
│ │ │ └── seed-ofb.txt
│ │ └── SM4/
│ │ ├── draft-ribose-cfrg-sm4-10-cbc.txt
│ │ ├── draft-ribose-cfrg-sm4-10-cfb.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ctr.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ecb.txt
│ │ ├── draft-ribose-cfrg-sm4-10-ofb.txt
│ │ └── rfc8998.txt
│ ├── fernet/
│ │ ├── generate.json
│ │ ├── invalid.json
│ │ └── verify.json
│ ├── hashes/
│ │ ├── MD5/
│ │ │ └── rfc-1321.txt
│ │ ├── SHA1/
│ │ │ ├── Readme.txt
│ │ │ ├── SHA1LongMsg.rsp
│ │ │ ├── SHA1Monte.rsp
│ │ │ ├── SHA1Monte.txt
│ │ │ └── SHA1ShortMsg.rsp
│ │ ├── SHA2/
│ │ │ ├── Readme.txt
│ │ │ ├── SHA224LongMsg.rsp
│ │ │ ├── SHA224Monte.rsp
│ │ │ ├── SHA224Monte.txt
│ │ │ ├── SHA224ShortMsg.rsp
│ │ │ ├── SHA256LongMsg.rsp
│ │ │ ├── SHA256Monte.rsp
│ │ │ ├── SHA256Monte.txt
│ │ │ ├── SHA256ShortMsg.rsp
│ │ │ ├── SHA384LongMsg.rsp
│ │ │ ├── SHA384Monte.rsp
│ │ │ ├── SHA384Monte.txt
│ │ │ ├── SHA384ShortMsg.rsp
│ │ │ ├── SHA512LongMsg.rsp
│ │ │ ├── SHA512Monte.rsp
│ │ │ ├── SHA512Monte.txt
│ │ │ ├── SHA512ShortMsg.rsp
│ │ │ ├── SHA512_224LongMsg.rsp
│ │ │ ├── SHA512_224Monte.rsp
│ │ │ ├── SHA512_224Monte.txt
│ │ │ ├── SHA512_224ShortMsg.rsp
│ │ │ ├── SHA512_256LongMsg.rsp
│ │ │ ├── SHA512_256Monte.rsp
│ │ │ ├── SHA512_256Monte.txt
│ │ │ └── SHA512_256ShortMsg.rsp
│ │ ├── SHA3/
│ │ │ ├── SHA3_224LongMsg.rsp
│ │ │ ├── SHA3_224Monte.rsp
│ │ │ ├── SHA3_224ShortMsg.rsp
│ │ │ ├── SHA3_256LongMsg.rsp
│ │ │ ├── SHA3_256Monte.rsp
│ │ │ ├── SHA3_256ShortMsg.rsp
│ │ │ ├── SHA3_384LongMsg.rsp
│ │ │ ├── SHA3_384Monte.rsp
│ │ │ ├── SHA3_384ShortMsg.rsp
│ │ │ ├── SHA3_512LongMsg.rsp
│ │ │ ├── SHA3_512Monte.rsp
│ │ │ └── SHA3_512ShortMsg.rsp
│ │ ├── SHAKE/
│ │ │ ├── SHAKE128LongMsg.rsp
│ │ │ ├── SHAKE128Monte.rsp
│ │ │ ├── SHAKE128ShortMsg.rsp
│ │ │ ├── SHAKE128VariableOut.rsp
│ │ │ ├── SHAKE256LongMsg.rsp
│ │ │ ├── SHAKE256Monte.rsp
│ │ │ ├── SHAKE256ShortMsg.rsp
│ │ │ └── SHAKE256VariableOut.rsp
│ │ ├── SM3/
│ │ │ └── oscca.txt
│ │ ├── blake2/
│ │ │ ├── blake2b.txt
│ │ │ └── blake2s.txt
│ │ └── ripemd160/
│ │ └── ripevectors.txt
│ ├── keywrap/
│ │ ├── kwp_botan.txt
│ │ └── kwtestvectors/
│ │ ├── KWP_AD_128.txt
│ │ ├── KWP_AD_128_inv.txt
│ │ ├── KWP_AD_192.txt
│ │ ├── KWP_AD_192_inv.txt
│ │ ├── KWP_AD_256.txt
│ │ ├── KWP_AD_256_inv.txt
│ │ ├── KWP_AE_128.txt
│ │ ├── KWP_AE_128_inv.txt
│ │ ├── KWP_AE_192.txt
│ │ ├── KWP_AE_192_inv.txt
│ │ ├── KWP_AE_256.txt
│ │ ├── KWP_AE_256_inv.txt
│ │ ├── KW_AD_128.txt
│ │ ├── KW_AD_128_inv.txt
│ │ ├── KW_AD_192.txt
│ │ ├── KW_AD_192_inv.txt
│ │ ├── KW_AD_256.txt
│ │ ├── KW_AD_256_inv.txt
│ │ ├── KW_AE_128.txt
│ │ ├── KW_AE_128_inv.txt
│ │ ├── KW_AE_192.txt
│ │ ├── KW_AE_192_inv.txt
│ │ ├── KW_AE_256.txt
│ │ ├── KW_AE_256_inv.txt
│ │ ├── Readme.txt
│ │ ├── TKW_AD.txt
│ │ ├── TKW_AD_inv.txt
│ │ ├── TKW_AE.txt
│ │ └── TKW_AE_inv.txt
│ ├── pkcs12/
│ │ ├── ca/
│ │ │ ├── ca.pem
│ │ │ └── ca_key.pem
│ │ ├── cert-aes256cbc-no-key.p12
│ │ ├── cert-key-aes256cbc.p12
│ │ ├── cert-none-key-none.p12
│ │ ├── cert-rc2-key-3des.p12
│ │ ├── java-truststore.p12
│ │ ├── name-1-no-pwd.p12
│ │ ├── name-1-pwd.p12
│ │ ├── name-2-3-no-pwd.p12
│ │ ├── name-2-3-pwd.p12
│ │ ├── name-2-no-pwd.p12
│ │ ├── name-2-pwd.p12
│ │ ├── name-3-no-pwd.p12
│ │ ├── name-3-pwd.p12
│ │ ├── name-all-no-pwd.p12
│ │ ├── name-all-pwd.p12
│ │ ├── name-unicode-no-pwd.p12
│ │ ├── name-unicode-pwd.p12
│ │ ├── no-cert-key-aes256cbc.p12
│ │ ├── no-cert-name-2-no-pwd.p12
│ │ ├── no-cert-name-2-pwd.p12
│ │ ├── no-cert-name-3-no-pwd.p12
│ │ ├── no-cert-name-3-pwd.p12
│ │ ├── no-cert-name-all-no-pwd.p12
│ │ ├── no-cert-name-all-pwd.p12
│ │ ├── no-cert-name-unicode-no-pwd.p12
│ │ ├── no-cert-name-unicode-pwd.p12
│ │ ├── no-cert-no-name-no-pwd.p12
│ │ ├── no-cert-no-name-pwd.p12
│ │ ├── no-name-no-pwd.p12
│ │ ├── no-name-pwd.p12
│ │ └── no-password.p12
│ ├── pkcs7/
│ │ ├── amazon-roots.der
│ │ ├── amazon-roots.p7b
│ │ ├── ascii-san.pem
│ │ ├── enveloped-no-content.der
│ │ ├── enveloped-rsa-oaep.pem
│ │ ├── enveloped-triple-des.pem
│ │ ├── enveloped.pem
│ │ ├── isrg.pem
│ │ └── non-ascii-san.pem
│ ├── poly1305/
│ │ └── rfc7539.txt
│ ├── py.typed
│ ├── twofactor/
│ │ ├── rfc-4226.txt
│ │ └── rfc-6238.txt
│ └── x509/
│ ├── PKITS_data/
│ │ ├── ReadMe.txt
│ │ ├── certpairs/
│ │ │ ├── BadCRLIssuerNameCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadCRLIssuerNameCACertreversecrossCertificatePair.cp
│ │ │ ├── BadCRLSignatureCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadCRLSignatureCACertreversecrossCertificatePair.cp
│ │ │ ├── BadSignedCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadSignedCACertreversecrossCertificatePair.cp
│ │ │ ├── BadnotAfterDateCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadnotAfterDateCACertreversecrossCertificatePair.cp
│ │ │ ├── BadnotBeforeDateCACertforwardcrossCertificatePair.cp
│ │ │ ├── BadnotBeforeDateCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedNewKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedNewKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedOldKeyCACertforwardcrossCertificatePair.cp
│ │ │ ├── BasicSelfIssuedOldKeyCACertreversecrossCertificatePair.cp
│ │ │ ├── DSACACertforwardcrossCertificatePair.cp
│ │ │ ├── DSACACertreversecrossCertificatePair.cp
│ │ │ ├── DSAParametersInheritedCACertforwardcrossCertificatePair.cp
│ │ │ ├── DSAParametersInheritedCACertreversecrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest7EEforwardcrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest7EEreversecrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest8EEforwardcrossCertificatePair.cp
│ │ │ ├── DifferentPoliciesTest8EEreversecrossCertificatePair.cp
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodCACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodsubCACertreversecrossCertificatePair.cp
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── InvalidonlyContainsUserCertsTest11EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidonlyContainsUserCertsTest11EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest10EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest10EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest12EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest12EEreversecrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest6EEforwardcrossCertificatePair.cp
│ │ │ ├── InvalidpathLenConstraintTest6EEreversecrossCertificatePair.cp
│ │ │ ├── LongSerialNumberCACertforwardcrossCertificatePair.cp
│ │ │ ├── LongSerialNumberCACertreversecrossCertificatePair.cp
│ │ │ ├── Mapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── Mapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── MappingFromanyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── MappingFromanyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── MappingToanyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── MappingToanyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── MissingbasicConstraintsCACertforwardcrossCertificatePair.cp
│ │ │ ├── MissingbasicConstraintsCACertreversecrossCertificatePair.cp
│ │ │ ├── NameOrderingCACertforwardcrossCertificatePair.cp
│ │ │ ├── NameOrderingCACertreversecrossCertificatePair.cp
│ │ │ ├── NegativeSerialNumberCACertforwardcrossCertificatePair.cp
│ │ │ ├── NegativeSerialNumberCACertreversecrossCertificatePair.cp
│ │ │ ├── NoCRLCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoCRLCACertreversecrossCertificatePair.cp
│ │ │ ├── NoPoliciesCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoPoliciesCACertreversecrossCertificatePair.cp
│ │ │ ├── NoissuingDistributionPointCACertforwardcrossCertificatePair.cp
│ │ │ ├── NoissuingDistributionPointCACertreversecrossCertificatePair.cp
│ │ │ ├── OldCRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── OldCRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── OverlappingPoliciesTest6EEforwardcrossCertificatePair.cp
│ │ │ ├── OverlappingPoliciesTest6EEreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3CACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3CACertreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subCACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subCACertreversecrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── P12Mapping1to3subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234CACertforwardcrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234CACertreversecrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234subCACertforwardcrossCertificatePair.cp
│ │ │ ├── P1Mapping1to234subCACertreversecrossCertificatePair.cp
│ │ │ ├── P1anyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── P1anyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── PanyPolicyMapping1to2CACertforwardcrossCertificatePair.cp
│ │ │ ├── PanyPolicyMapping1to2CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subCAP123CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subCAP123CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subsubCAP123P12CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP1234subsubCAP123P12CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subCAP12CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subCAP12CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubCAP12P2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12CACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12subCAP1CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12subCAP1CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP12subsubCAP1P2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP12subsubCAP1P2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP2subCACertreversecrossCertificatePair.cp
│ │ │ ├── PoliciesP3CACertforwardcrossCertificatePair.cp
│ │ │ ├── PoliciesP3CACertreversecrossCertificatePair.cp
│ │ │ ├── RFC3280MandatoryAttributeTypesCACertforwardcrossCertificatePair.cp
│ │ │ ├── RFC3280MandatoryAttributeTypesCACertreversecrossCertificatePair.cp
│ │ │ ├── RFC3280OptionalAttributeTypesCACertforwardcrossCertificatePair.cp
│ │ │ ├── RFC3280OptionalAttributeTypesCACertreversecrossCertificatePair.cp
│ │ │ ├── RevokedsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── RevokedsubCACertreversecrossCertificatePair.cp
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACertforwardcrossCertificatePair.cp
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACertreversecrossCertificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACertforwardcrossCerificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACertreversecrossCerificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACertforwardcrossCertificatePair.cp
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACertreversecrossCertificatePair.cp
│ │ │ ├── TwoCRLsCACertforwardcrossCertificatePair.cp
│ │ │ ├── TwoCRLsCACertreversecrossCertificatePair.cp
│ │ │ ├── UIDCACertforwardcrossCertificatePair.cp
│ │ │ ├── UIDCACertreversecrossCertificatePair.cp
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACertforwardcrossCertificatePair.cp
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACertreversecrossCertificatePair.cp
│ │ │ ├── UTF8StringEncodedNamesCACertforwardcrossCertificatePair.cp
│ │ │ ├── UTF8StringEncodedNamesCACertreversecrossCertificatePair.cp
│ │ │ ├── UnknownCRLEntryExtensionCACertforwardcrossCertificatePair.cp
│ │ │ ├── UnknownCRLEntryExtensionCACertreversecrossCertificatePair.cp
│ │ │ ├── UnknownCRLExtensionCACertforwardcrossCertificatePair.cp
│ │ │ ├── UnknownCRLExtensionCACertreversecrossCertificatePair.cp
│ │ │ ├── ValidonlyContainsCACertsTest13EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidonlyContainsCACertsTest13EEreversecrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest14EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest14EEreversecrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest8EEforwardcrossCertificatePair.cp
│ │ │ ├── ValidpathLenConstraintTest8EEreversecrossCertificatePair.cp
│ │ │ ├── WrongCRLCACertforwardcrossCertificatePair.cp
│ │ │ ├── WrongCRLCACertreversecrossCertificatePair.cp
│ │ │ ├── anyPolicyCACertforwardcrossCertificatePair.cp
│ │ │ ├── anyPolicyCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsCriticalcAFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsCriticalcAFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalCACertreversecrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA1CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA2CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLCA3CertreversecrossCertificatePair.cp
│ │ │ ├── deltaCRLIndicatorNoBaseCACertforwardcrossCertificatePair.cp
│ │ │ ├── deltaCRLIndicatorNoBaseCACertreversecrossCertificatePair.cp
│ │ │ ├── distributionPoint1CACertforwardcrossCertificatePair.cp
│ │ │ ├── distributionPoint1CACertreversecrossCertificatePair.cp
│ │ │ ├── distributionPoint2CACertforwardcrossCertificatePair.cp
│ │ │ ├── distributionPoint2CACertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA1CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA2CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA3CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA4CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA5CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA5CertreversecrossCertificatePair.cp
│ │ │ ├── indirectCRLCA6CertforwardcrossCertificatePair.cp
│ │ │ ├── indirectCRLCA6CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy0CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy0CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subsubCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy1subsubCA2CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitAnyPolicy5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping0subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping1P1subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5CACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5CACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── inhibitPolicyMapping5subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalcRLSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalcRLSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACertforwardcrossCertificatePair.cp
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN1subCA3CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN2CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN3subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN4CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN4CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN5CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDN5CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsDNS2CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA1CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA1CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA2CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA2CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA3CertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsRFC822CA3CertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI1CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI1CACertreversecrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI2CACertforwardcrossCertificatePair.cp
│ │ │ ├── nameConstraintsURI2CACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsAttributeCertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsAttributeCertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsCACertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsCACertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlyContainsUserCertsCACertforwardcrossCertificatePair.cp
│ │ │ ├── onlyContainsUserCertsCACertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA1CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA2CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA3CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA3CertreversecrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── onlySomeReasonsCA4CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCA2CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCA2CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint0subCACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1subCACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint1subCACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6CACertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6CACertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA0CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA0CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA1CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA1CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA4CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subCA4CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA00CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA00CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA11CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA11CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA41CertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubCA41CertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA11XCertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA11XCertreversecrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA41XCertforwardcrossCertificatePair.cp
│ │ │ ├── pathLenConstraint6subsubsubCA41XCertreversecrossCertificatePair.cp
│ │ │ ├── pre2000CRLnextUpdateCACertforwardcrossCertificatePair.cp
│ │ │ ├── pre2000CRLnextUpdateCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy0subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy10subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy2subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy4subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubsubCACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy5subsubsubCACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7CACertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7CACertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subCARE2CertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subCARE2CertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CertforwardcrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CertreversecrossCertificatePair.cp
│ │ │ ├── requireExplicitPolicy7subsubsubCARE2RE4CertforwardcrossCertificatePair.cp
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4CertreversecrossCertificatePair.cp
│ │ ├── certs/
│ │ │ ├── AllCertificatesNoPoliciesTest2EE.crt
│ │ │ ├── AllCertificatesSamePoliciesTest10EE.crt
│ │ │ ├── AllCertificatesSamePoliciesTest13EE.crt
│ │ │ ├── AllCertificatesanyPolicyTest11EE.crt
│ │ │ ├── AnyPolicyTest14EE.crt
│ │ │ ├── BadCRLIssuerNameCACert.crt
│ │ │ ├── BadCRLSignatureCACert.crt
│ │ │ ├── BadSignedCACert.crt
│ │ │ ├── BadnotAfterDateCACert.crt
│ │ │ ├── BadnotBeforeDateCACert.crt
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACert.crt
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCert.crt
│ │ │ ├── BasicSelfIssuedNewKeyCACert.crt
│ │ │ ├── BasicSelfIssuedNewKeyOldWithNewCACert.crt
│ │ │ ├── BasicSelfIssuedOldKeyCACert.crt
│ │ │ ├── BasicSelfIssuedOldKeyNewWithOldCACert.crt
│ │ │ ├── CPSPointerQualifierTest20EE.crt
│ │ │ ├── DSACACert.crt
│ │ │ ├── DSAParametersInheritedCACert.crt
│ │ │ ├── DifferentPoliciesTest12EE.crt
│ │ │ ├── DifferentPoliciesTest3EE.crt
│ │ │ ├── DifferentPoliciesTest4EE.crt
│ │ │ ├── DifferentPoliciesTest5EE.crt
│ │ │ ├── DifferentPoliciesTest7EE.crt
│ │ │ ├── DifferentPoliciesTest8EE.crt
│ │ │ ├── DifferentPoliciesTest9EE.crt
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACert.crt
│ │ │ ├── GoodCACert.crt
│ │ │ ├── GoodsubCACert.crt
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACert.crt
│ │ │ ├── InvalidBadCRLIssuerNameTest5EE.crt
│ │ │ ├── InvalidBadCRLSignatureTest4EE.crt
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
│ │ │ ├── InvalidBasicSelfIssuedNewWithOldTest5EE.crt
│ │ │ ├── InvalidBasicSelfIssuedOldWithNewTest2EE.crt
│ │ │ ├── InvalidCASignatureTest2EE.crt
│ │ │ ├── InvalidCAnotAfterDateTest5EE.crt
│ │ │ ├── InvalidCAnotBeforeDateTest1EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest31EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest33EE.crt
│ │ │ ├── InvalidDNSnameConstraintsTest38EE.crt
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest28EE.crt
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest29EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest10EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest12EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest13EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest15EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest16EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest17EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest20EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest2EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest3EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest7EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest8EE.crt
│ │ │ ├── InvalidDNnameConstraintsTest9EE.crt
│ │ │ ├── InvalidDSASignatureTest6EE.crt
│ │ │ ├── InvalidEESignatureTest3EE.crt
│ │ │ ├── InvalidEEnotAfterDateTest6EE.crt
│ │ │ ├── InvalidEEnotBeforeDateTest2EE.crt
│ │ │ ├── InvalidIDPwithindirectCRLTest23EE.crt
│ │ │ ├── InvalidIDPwithindirectCRLTest26EE.crt
│ │ │ ├── InvalidLongSerialNumberTest18EE.crt
│ │ │ ├── InvalidMappingFromanyPolicyTest7EE.crt
│ │ │ ├── InvalidMappingToanyPolicyTest8EE.crt
│ │ │ ├── InvalidMissingCRLTest1EE.crt
│ │ │ ├── InvalidMissingbasicConstraintsTest1EE.crt
│ │ │ ├── InvalidNameChainingOrderTest2EE.crt
│ │ │ ├── InvalidNameChainingTest1EE.crt
│ │ │ ├── InvalidNegativeSerialNumberTest15EE.crt
│ │ │ ├── InvalidOldCRLnextUpdateTest11EE.crt
│ │ │ ├── InvalidPolicyMappingTest10EE.crt
│ │ │ ├── InvalidPolicyMappingTest2EE.crt
│ │ │ ├── InvalidPolicyMappingTest4EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest22EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest24EE.crt
│ │ │ ├── InvalidRFC822nameConstraintsTest26EE.crt
│ │ │ ├── InvalidRevokedCATest2EE.crt
│ │ │ ├── InvalidRevokedEETest3EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
│ │ │ ├── InvalidSelfIssuedpathLenConstraintTest16EE.crt
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest20EE.crt
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest21EE.crt
│ │ │ ├── InvalidURInameConstraintsTest35EE.crt
│ │ │ ├── InvalidURInameConstraintsTest37EE.crt
│ │ │ ├── InvalidUnknownCRLEntryExtensionTest8EE.crt
│ │ │ ├── InvalidUnknownCRLExtensionTest10EE.crt
│ │ │ ├── InvalidUnknownCRLExtensionTest9EE.crt
│ │ │ ├── InvalidUnknownCriticalCertificateExtensionTest2EE.crt
│ │ │ ├── InvalidWrongCRLTest6EE.crt
│ │ │ ├── InvalidcAFalseTest2EE.crt
│ │ │ ├── InvalidcAFalseTest3EE.crt
│ │ │ ├── InvalidcRLIssuerTest27EE.crt
│ │ │ ├── InvalidcRLIssuerTest31EE.crt
│ │ │ ├── InvalidcRLIssuerTest32EE.crt
│ │ │ ├── InvalidcRLIssuerTest34EE.crt
│ │ │ ├── InvalidcRLIssuerTest35EE.crt
│ │ │ ├── InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
│ │ │ ├── InvaliddeltaCRLTest10EE.crt
│ │ │ ├── InvaliddeltaCRLTest3EE.crt
│ │ │ ├── InvaliddeltaCRLTest4EE.crt
│ │ │ ├── InvaliddeltaCRLTest6EE.crt
│ │ │ ├── InvaliddeltaCRLTest9EE.crt
│ │ │ ├── InvaliddistributionPointTest2EE.crt
│ │ │ ├── InvaliddistributionPointTest3EE.crt
│ │ │ ├── InvaliddistributionPointTest6EE.crt
│ │ │ ├── InvaliddistributionPointTest8EE.crt
│ │ │ ├── InvaliddistributionPointTest9EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest1EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest4EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest5EE.crt
│ │ │ ├── InvalidinhibitAnyPolicyTest6EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest1EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest3EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest5EE.crt
│ │ │ ├── InvalidinhibitPolicyMappingTest6EE.crt
│ │ │ ├── InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
│ │ │ ├── InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
│ │ │ ├── InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
│ │ │ ├── InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
│ │ │ ├── InvalidonlyContainsAttributeCertsTest14EE.crt
│ │ │ ├── InvalidonlyContainsCACertsTest12EE.crt
│ │ │ ├── InvalidonlyContainsUserCertsTest11EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest15EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest16EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest17EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest20EE.crt
│ │ │ ├── InvalidonlySomeReasonsTest21EE.crt
│ │ │ ├── InvalidpathLenConstraintTest10EE.crt
│ │ │ ├── InvalidpathLenConstraintTest11EE.crt
│ │ │ ├── InvalidpathLenConstraintTest12EE.crt
│ │ │ ├── InvalidpathLenConstraintTest5EE.crt
│ │ │ ├── InvalidpathLenConstraintTest6EE.crt
│ │ │ ├── InvalidpathLenConstraintTest9EE.crt
│ │ │ ├── Invalidpre2000CRLnextUpdateTest12EE.crt
│ │ │ ├── Invalidpre2000UTCEEnotAfterDateTest7EE.crt
│ │ │ ├── InvalidrequireExplicitPolicyTest3EE.crt
│ │ │ ├── InvalidrequireExplicitPolicyTest5EE.crt
│ │ │ ├── LongSerialNumberCACert.crt
│ │ │ ├── Mapping1to2CACert.crt
│ │ │ ├── MappingFromanyPolicyCACert.crt
│ │ │ ├── MappingToanyPolicyCACert.crt
│ │ │ ├── MissingbasicConstraintsCACert.crt
│ │ │ ├── NameOrderingCACert.crt
│ │ │ ├── NegativeSerialNumberCACert.crt
│ │ │ ├── NoCRLCACert.crt
│ │ │ ├── NoPoliciesCACert.crt
│ │ │ ├── NoissuingDistributionPointCACert.crt
│ │ │ ├── OldCRLnextUpdateCACert.crt
│ │ │ ├── OverlappingPoliciesTest6EE.crt
│ │ │ ├── P12Mapping1to3CACert.crt
│ │ │ ├── P12Mapping1to3subCACert.crt
│ │ │ ├── P12Mapping1to3subsubCACert.crt
│ │ │ ├── P1Mapping1to234CACert.crt
│ │ │ ├── P1Mapping1to234subCACert.crt
│ │ │ ├── P1anyPolicyMapping1to2CACert.crt
│ │ │ ├── PanyPolicyMapping1to2CACert.crt
│ │ │ ├── PoliciesP1234CACert.crt
│ │ │ ├── PoliciesP1234subCAP123Cert.crt
│ │ │ ├── PoliciesP1234subsubCAP123P12Cert.crt
│ │ │ ├── PoliciesP123CACert.crt
│ │ │ ├── PoliciesP123subCAP12Cert.crt
│ │ │ ├── PoliciesP123subsubCAP12P1Cert.crt
│ │ │ ├── PoliciesP123subsubCAP12P2Cert.crt
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1Cert.crt
│ │ │ ├── PoliciesP12CACert.crt
│ │ │ ├── PoliciesP12subCAP1Cert.crt
│ │ │ ├── PoliciesP12subsubCAP1P2Cert.crt
│ │ │ ├── PoliciesP2subCA2Cert.crt
│ │ │ ├── PoliciesP2subCACert.crt
│ │ │ ├── PoliciesP3CACert.crt
│ │ │ ├── RFC3280MandatoryAttributeTypesCACert.crt
│ │ │ ├── RFC3280OptionalAttributeTypesCACert.crt
│ │ │ ├── RevokedsubCACert.crt
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCRLSigningCert.crt
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACert.crt
│ │ │ ├── TrustAnchorRootCertificate.crt
│ │ │ ├── TwoCRLsCACert.crt
│ │ │ ├── UIDCACert.crt
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACert.crt
│ │ │ ├── UTF8StringEncodedNamesCACert.crt
│ │ │ ├── UnknownCRLEntryExtensionCACert.crt
│ │ │ ├── UnknownCRLExtensionCACert.crt
│ │ │ ├── UserNoticeQualifierTest15EE.crt
│ │ │ ├── UserNoticeQualifierTest16EE.crt
│ │ │ ├── UserNoticeQualifierTest17EE.crt
│ │ │ ├── UserNoticeQualifierTest18EE.crt
│ │ │ ├── UserNoticeQualifierTest19EE.crt
│ │ │ ├── ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest3EE.crt
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest4EE.crt
│ │ │ ├── ValidBasicSelfIssuedOldWithNewTest1EE.crt
│ │ │ ├── ValidCertificatePathTest1EE.crt
│ │ │ ├── ValidDNSnameConstraintsTest30EE.crt
│ │ │ ├── ValidDNSnameConstraintsTest32EE.crt
│ │ │ ├── ValidDNandRFC822nameConstraintsTest27EE.crt
│ │ │ ├── ValidDNnameConstraintsTest11EE.crt
│ │ │ ├── ValidDNnameConstraintsTest14EE.crt
│ │ │ ├── ValidDNnameConstraintsTest18EE.crt
│ │ │ ├── ValidDNnameConstraintsTest19EE.crt
│ │ │ ├── ValidDNnameConstraintsTest1EE.crt
│ │ │ ├── ValidDNnameConstraintsTest4EE.crt
│ │ │ ├── ValidDNnameConstraintsTest5EE.crt
│ │ │ ├── ValidDNnameConstraintsTest6EE.crt
│ │ │ ├── ValidDSAParameterInheritanceTest5EE.crt
│ │ │ ├── ValidDSASignaturesTest4EE.crt
│ │ │ ├── ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
│ │ │ ├── ValidGeneralizedTimenotAfterDateTest8EE.crt
│ │ │ ├── ValidGeneralizedTimenotBeforeDateTest4EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest22EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest24EE.crt
│ │ │ ├── ValidIDPwithindirectCRLTest25EE.crt
│ │ │ ├── ValidLongSerialNumberTest16EE.crt
│ │ │ ├── ValidLongSerialNumberTest17EE.crt
│ │ │ ├── ValidNameChainingCapitalizationTest5EE.crt
│ │ │ ├── ValidNameChainingWhitespaceTest3EE.crt
│ │ │ ├── ValidNameChainingWhitespaceTest4EE.crt
│ │ │ ├── ValidNameUIDsTest6EE.crt
│ │ │ ├── ValidNegativeSerialNumberTest14EE.crt
│ │ │ ├── ValidNoissuingDistributionPointTest10EE.crt
│ │ │ ├── ValidPolicyMappingTest11EE.crt
│ │ │ ├── ValidPolicyMappingTest12EE.crt
│ │ │ ├── ValidPolicyMappingTest13EE.crt
│ │ │ ├── ValidPolicyMappingTest14EE.crt
│ │ │ ├── ValidPolicyMappingTest1EE.crt
│ │ │ ├── ValidPolicyMappingTest3EE.crt
│ │ │ ├── ValidPolicyMappingTest5EE.crt
│ │ │ ├── ValidPolicyMappingTest6EE.crt
│ │ │ ├── ValidPolicyMappingTest9EE.crt
│ │ │ ├── ValidRFC3280MandatoryAttributeTypesTest7EE.crt
│ │ │ ├── ValidRFC3280OptionalAttributeTypesTest8EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest21EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest23EE.crt
│ │ │ ├── ValidRFC822nameConstraintsTest25EE.crt
│ │ │ ├── ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
│ │ │ ├── ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest15EE.crt
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest17EE.crt
│ │ │ ├── ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
│ │ │ ├── ValidSeparateCertificateandCRLKeysTest19EE.crt
│ │ │ ├── ValidTwoCRLsTest7EE.crt
│ │ │ ├── ValidURInameConstraintsTest34EE.crt
│ │ │ ├── ValidURInameConstraintsTest36EE.crt
│ │ │ ├── ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
│ │ │ ├── ValidUTF8StringEncodedNamesTest9EE.crt
│ │ │ ├── ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
│ │ │ ├── ValidbasicConstraintsNotCriticalTest4EE.crt
│ │ │ ├── ValidcRLIssuerTest28EE.crt
│ │ │ ├── ValidcRLIssuerTest29EE.crt
│ │ │ ├── ValidcRLIssuerTest30EE.crt
│ │ │ ├── ValidcRLIssuerTest33EE.crt
│ │ │ ├── ValiddeltaCRLTest2EE.crt
│ │ │ ├── ValiddeltaCRLTest5EE.crt
│ │ │ ├── ValiddeltaCRLTest7EE.crt
│ │ │ ├── ValiddeltaCRLTest8EE.crt
│ │ │ ├── ValiddistributionPointTest1EE.crt
│ │ │ ├── ValiddistributionPointTest4EE.crt
│ │ │ ├── ValiddistributionPointTest5EE.crt
│ │ │ ├── ValiddistributionPointTest7EE.crt
│ │ │ ├── ValidinhibitAnyPolicyTest2EE.crt
│ │ │ ├── ValidinhibitPolicyMappingTest2EE.crt
│ │ │ ├── ValidinhibitPolicyMappingTest4EE.crt
│ │ │ ├── ValidkeyUsageNotCriticalTest3EE.crt
│ │ │ ├── ValidonlyContainsCACertsTest13EE.crt
│ │ │ ├── ValidonlySomeReasonsTest18EE.crt
│ │ │ ├── ValidonlySomeReasonsTest19EE.crt
│ │ │ ├── ValidpathLenConstraintTest13EE.crt
│ │ │ ├── ValidpathLenConstraintTest14EE.crt
│ │ │ ├── ValidpathLenConstraintTest7EE.crt
│ │ │ ├── ValidpathLenConstraintTest8EE.crt
│ │ │ ├── Validpre2000UTCnotBeforeDateTest3EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest1EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest2EE.crt
│ │ │ ├── ValidrequireExplicitPolicyTest4EE.crt
│ │ │ ├── WrongCRLCACert.crt
│ │ │ ├── anyPolicyCACert.crt
│ │ │ ├── basicConstraintsCriticalcAFalseCACert.crt
│ │ │ ├── basicConstraintsNotCriticalCACert.crt
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACert.crt
│ │ │ ├── deltaCRLCA1Cert.crt
│ │ │ ├── deltaCRLCA2Cert.crt
│ │ │ ├── deltaCRLCA3Cert.crt
│ │ │ ├── deltaCRLIndicatorNoBaseCACert.crt
│ │ │ ├── distributionPoint1CACert.crt
│ │ │ ├── distributionPoint2CACert.crt
│ │ │ ├── indirectCRLCA1Cert.crt
│ │ │ ├── indirectCRLCA2Cert.crt
│ │ │ ├── indirectCRLCA3Cert.crt
│ │ │ ├── indirectCRLCA3cRLIssuerCert.crt
│ │ │ ├── indirectCRLCA4Cert.crt
│ │ │ ├── indirectCRLCA4cRLIssuerCert.crt
│ │ │ ├── indirectCRLCA5Cert.crt
│ │ │ ├── indirectCRLCA6Cert.crt
│ │ │ ├── inhibitAnyPolicy0CACert.crt
│ │ │ ├── inhibitAnyPolicy1CACert.crt
│ │ │ ├── inhibitAnyPolicy1SelfIssuedCACert.crt
│ │ │ ├── inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCA1Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy1subCAIAP5Cert.crt
│ │ │ ├── inhibitAnyPolicy1subsubCA2Cert.crt
│ │ │ ├── inhibitAnyPolicy5CACert.crt
│ │ │ ├── inhibitAnyPolicy5subCACert.crt
│ │ │ ├── inhibitAnyPolicy5subsubCACert.crt
│ │ │ ├── inhibitAnyPolicyTest3EE.crt
│ │ │ ├── inhibitPolicyMapping0CACert.crt
│ │ │ ├── inhibitPolicyMapping0subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12CACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5Cert.crt
│ │ │ ├── inhibitPolicyMapping1P12subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
│ │ │ ├── inhibitPolicyMapping1P1CACert.crt
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1subCACert.crt
│ │ │ ├── inhibitPolicyMapping1P1subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping5CACert.crt
│ │ │ ├── inhibitPolicyMapping5subCACert.crt
│ │ │ ├── inhibitPolicyMapping5subsubCACert.crt
│ │ │ ├── inhibitPolicyMapping5subsubsubCACert.crt
│ │ │ ├── keyUsageCriticalcRLSignFalseCACert.crt
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACert.crt
│ │ │ ├── keyUsageNotCriticalCACert.crt
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACert.crt
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACert.crt
│ │ │ ├── nameConstraintsDN1CACert.crt
│ │ │ ├── nameConstraintsDN1SelfIssuedCACert.crt
│ │ │ ├── nameConstraintsDN1subCA1Cert.crt
│ │ │ ├── nameConstraintsDN1subCA2Cert.crt
│ │ │ ├── nameConstraintsDN1subCA3Cert.crt
│ │ │ ├── nameConstraintsDN2CACert.crt
│ │ │ ├── nameConstraintsDN3CACert.crt
│ │ │ ├── nameConstraintsDN3subCA1Cert.crt
│ │ │ ├── nameConstraintsDN3subCA2Cert.crt
│ │ │ ├── nameConstraintsDN4CACert.crt
│ │ │ ├── nameConstraintsDN5CACert.crt
│ │ │ ├── nameConstraintsDNS1CACert.crt
│ │ │ ├── nameConstraintsDNS2CACert.crt
│ │ │ ├── nameConstraintsRFC822CA1Cert.crt
│ │ │ ├── nameConstraintsRFC822CA2Cert.crt
│ │ │ ├── nameConstraintsRFC822CA3Cert.crt
│ │ │ ├── nameConstraintsURI1CACert.crt
│ │ │ ├── nameConstraintsURI2CACert.crt
│ │ │ ├── onlyContainsAttributeCertsCACert.crt
│ │ │ ├── onlyContainsCACertsCACert.crt
│ │ │ ├── onlyContainsUserCertsCACert.crt
│ │ │ ├── onlySomeReasonsCA1Cert.crt
│ │ │ ├── onlySomeReasonsCA2Cert.crt
│ │ │ ├── onlySomeReasonsCA3Cert.crt
│ │ │ ├── onlySomeReasonsCA4Cert.crt
│ │ │ ├── pathLenConstraint0CACert.crt
│ │ │ ├── pathLenConstraint0SelfIssuedCACert.crt
│ │ │ ├── pathLenConstraint0subCA2Cert.crt
│ │ │ ├── pathLenConstraint0subCACert.crt
│ │ │ ├── pathLenConstraint1CACert.crt
│ │ │ ├── pathLenConstraint1SelfIssuedCACert.crt
│ │ │ ├── pathLenConstraint1SelfIssuedsubCACert.crt
│ │ │ ├── pathLenConstraint1subCACert.crt
│ │ │ ├── pathLenConstraint6CACert.crt
│ │ │ ├── pathLenConstraint6subCA0Cert.crt
│ │ │ ├── pathLenConstraint6subCA1Cert.crt
│ │ │ ├── pathLenConstraint6subCA4Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA00Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA11Cert.crt
│ │ │ ├── pathLenConstraint6subsubCA41Cert.crt
│ │ │ ├── pathLenConstraint6subsubsubCA11XCert.crt
│ │ │ ├── pathLenConstraint6subsubsubCA41XCert.crt
│ │ │ ├── pre2000CRLnextUpdateCACert.crt
│ │ │ ├── requireExplicitPolicy0CACert.crt
│ │ │ ├── requireExplicitPolicy0subCACert.crt
│ │ │ ├── requireExplicitPolicy0subsubCACert.crt
│ │ │ ├── requireExplicitPolicy0subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy10CACert.crt
│ │ │ ├── requireExplicitPolicy10subCACert.crt
│ │ │ ├── requireExplicitPolicy10subsubCACert.crt
│ │ │ ├── requireExplicitPolicy10subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy2CACert.crt
│ │ │ ├── requireExplicitPolicy2SelfIssuedCACert.crt
│ │ │ ├── requireExplicitPolicy2SelfIssuedsubCACert.crt
│ │ │ ├── requireExplicitPolicy2subCACert.crt
│ │ │ ├── requireExplicitPolicy4CACert.crt
│ │ │ ├── requireExplicitPolicy4subCACert.crt
│ │ │ ├── requireExplicitPolicy4subsubCACert.crt
│ │ │ ├── requireExplicitPolicy4subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy5CACert.crt
│ │ │ ├── requireExplicitPolicy5subCACert.crt
│ │ │ ├── requireExplicitPolicy5subsubCACert.crt
│ │ │ ├── requireExplicitPolicy5subsubsubCACert.crt
│ │ │ ├── requireExplicitPolicy7CACert.crt
│ │ │ ├── requireExplicitPolicy7subCARE2Cert.crt
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4Cert.crt
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
│ │ ├── crls/
│ │ │ ├── BadCRLIssuerNameCACRL.crl
│ │ │ ├── BadCRLSignatureCACRL.crl
│ │ │ ├── BadSignedCACRL.crl
│ │ │ ├── BadnotAfterDateCACRL.crl
│ │ │ ├── BadnotBeforeDateCACRL.crl
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl
│ │ │ ├── BasicSelfIssuedNewKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedOldKeyCACRL.crl
│ │ │ ├── BasicSelfIssuedOldKeySelfIssuedCertCRL.crl
│ │ │ ├── DSACACRL.crl
│ │ │ ├── DSAParametersInheritedCACRL.crl
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACRL.crl
│ │ │ ├── GoodCACRL.crl
│ │ │ ├── GoodsubCACRL.crl
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACRL.crl
│ │ │ ├── LongSerialNumberCACRL.crl
│ │ │ ├── Mapping1to2CACRL.crl
│ │ │ ├── MappingFromanyPolicyCACRL.crl
│ │ │ ├── MappingToanyPolicyCACRL.crl
│ │ │ ├── MissingbasicConstraintsCACRL.crl
│ │ │ ├── NameOrderCACRL.crl
│ │ │ ├── NegativeSerialNumberCACRL.crl
│ │ │ ├── NoPoliciesCACRL.crl
│ │ │ ├── NoissuingDistributionPointCACRL.crl
│ │ │ ├── OldCRLnextUpdateCACRL.crl
│ │ │ ├── P12Mapping1to3CACRL.crl
│ │ │ ├── P12Mapping1to3subCACRL.crl
│ │ │ ├── P12Mapping1to3subsubCACRL.crl
│ │ │ ├── P1Mapping1to234CACRL.crl
│ │ │ ├── P1Mapping1to234subCACRL.crl
│ │ │ ├── P1anyPolicyMapping1to2CACRL.crl
│ │ │ ├── PanyPolicyMapping1to2CACRL.crl
│ │ │ ├── PoliciesP1234CACRL.crl
│ │ │ ├── PoliciesP1234subCAP123CRL.crl
│ │ │ ├── PoliciesP1234subsubCAP123P12CRL.crl
│ │ │ ├── PoliciesP123CACRL.crl
│ │ │ ├── PoliciesP123subCAP12CRL.crl
│ │ │ ├── PoliciesP123subsubCAP12P1CRL.crl
│ │ │ ├── PoliciesP123subsubCAP2P2CRL.crl
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1CRL.crl
│ │ │ ├── PoliciesP12CACRL.crl
│ │ │ ├── PoliciesP12subCAP1CRL.crl
│ │ │ ├── PoliciesP12subsubCAP1P2CRL.crl
│ │ │ ├── PoliciesP2subCA2CRL.crl
│ │ │ ├── PoliciesP2subCACRL.crl
│ │ │ ├── PoliciesP3CACRL.crl
│ │ │ ├── RFC3280MandatoryAttributeTypesCACRL.crl
│ │ │ ├── RFC3280OptionalAttributeTypesCACRL.crl
│ │ │ ├── RevokedsubCACRL.crl
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACRL.crl
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRL.crl
│ │ │ ├── SeparateCertificateandCRLKeysCRL.crl
│ │ │ ├── TrustAnchorRootCRL.crl
│ │ │ ├── TwoCRLsCABadCRL.crl
│ │ │ ├── TwoCRLsCAGoodCRL.crl
│ │ │ ├── UIDCACRL.crl
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACRL.crl
│ │ │ ├── UTF8StringEncodedNamesCACRL.crl
│ │ │ ├── UnknownCRLEntryExtensionCACRL.crl
│ │ │ ├── UnknownCRLExtensionCACRL.crl
│ │ │ ├── WrongCRLCACRL.crl
│ │ │ ├── anyPolicyCACRL.crl
│ │ │ ├── basicConstraintsCriticalcAFalseCACRL.crl
│ │ │ ├── basicConstraintsNotCriticalCACRL.crl
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACRL.crl
│ │ │ ├── deltaCRLCA1CRL.crl
│ │ │ ├── deltaCRLCA1deltaCRL.crl
│ │ │ ├── deltaCRLCA2CRL.crl
│ │ │ ├── deltaCRLCA2deltaCRL.crl
│ │ │ ├── deltaCRLCA3CRL.crl
│ │ │ ├── deltaCRLCA3deltaCRL.crl
│ │ │ ├── deltaCRLIndicatorNoBaseCACRL.crl
│ │ │ ├── distributionPoint1CACRL.crl
│ │ │ ├── distributionPoint2CACRL.crl
│ │ │ ├── indirectCRLCA1CRL.crl
│ │ │ ├── indirectCRLCA3CRL.crl
│ │ │ ├── indirectCRLCA3cRLIssuerCRL.crl
│ │ │ ├── indirectCRLCA4cRLIssuerCRL.crl
│ │ │ ├── indirectCRLCA5CRL.crl
│ │ │ ├── inhibitAnyPolicy0CACRL.crl
│ │ │ ├── inhibitAnyPolicy1CACRL.crl
│ │ │ ├── inhibitAnyPolicy1subCA1CRL.crl
│ │ │ ├── inhibitAnyPolicy1subCA2CRL.crl
│ │ │ ├── inhibitAnyPolicy1subCAIAP5CRL.crl
│ │ │ ├── inhibitAnyPolicy1subsubCA2CRL.crl
│ │ │ ├── inhibitAnyPolicy5CACRL.crl
│ │ │ ├── inhibitAnyPolicy5subCACRL.crl
│ │ │ ├── inhibitAnyPolicy5subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping0CACRL.crl
│ │ │ ├── inhibitPolicyMapping0subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12CACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5CRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
│ │ │ ├── inhibitPolicyMapping1P1CACRL.crl
│ │ │ ├── inhibitPolicyMapping1P1subCACRL.crl
│ │ │ ├── inhibitPolicyMapping1P1subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping5CACRL.crl
│ │ │ ├── inhibitPolicyMapping5subCACRL.crl
│ │ │ ├── inhibitPolicyMapping5subsubCACRL.crl
│ │ │ ├── inhibitPolicyMapping5subsubsubCACRL.crl
│ │ │ ├── keyUsageCriticalcRLSignFalseCACRL.crl
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACRL.crl
│ │ │ ├── keyUsageNotCriticalCACRL.crl
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACRL.crl
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACRL.crl
│ │ │ ├── nameConstraintsDN1CACRL.crl
│ │ │ ├── nameConstraintsDN1subCA1CRL.crl
│ │ │ ├── nameConstraintsDN1subCA2CRL.crl
│ │ │ ├── nameConstraintsDN1subCA3CRL.crl
│ │ │ ├── nameConstraintsDN2CACRL.crl
│ │ │ ├── nameConstraintsDN3CACRL.crl
│ │ │ ├── nameConstraintsDN3subCA1CRL.crl
│ │ │ ├── nameConstraintsDN3subCA2CRL.crl
│ │ │ ├── nameConstraintsDN4CACRL.crl
│ │ │ ├── nameConstraintsDN5CACRL.crl
│ │ │ ├── nameConstraintsDNS1CACRL.crl
│ │ │ ├── nameConstraintsDNS2CACRL.crl
│ │ │ ├── nameConstraintsRFC822CA1CRL.crl
│ │ │ ├── nameConstraintsRFC822CA2CRL.crl
│ │ │ ├── nameConstraintsRFC822CA3CRL.crl
│ │ │ ├── nameConstraintsURI1CACRL.crl
│ │ │ ├── nameConstraintsURI2CACRL.crl
│ │ │ ├── onlyContainsAttributeCertsCACRL.crl
│ │ │ ├── onlyContainsCACertsCACRL.crl
│ │ │ ├── onlyContainsUserCertsCACRL.crl
│ │ │ ├── onlySomeReasonsCA1compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA1otherreasonsCRL.crl
│ │ │ ├── onlySomeReasonsCA2CRL1.crl
│ │ │ ├── onlySomeReasonsCA2CRL2.crl
│ │ │ ├── onlySomeReasonsCA3compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA3otherreasonsCRL.crl
│ │ │ ├── onlySomeReasonsCA4compromiseCRL.crl
│ │ │ ├── onlySomeReasonsCA4otherreasonsCRL.crl
│ │ │ ├── pathLenConstraint0CACRL.crl
│ │ │ ├── pathLenConstraint0subCA2CRL.crl
│ │ │ ├── pathLenConstraint0subCACRL.crl
│ │ │ ├── pathLenConstraint1CACRL.crl
│ │ │ ├── pathLenConstraint1subCACRL.crl
│ │ │ ├── pathLenConstraint6CACRL.crl
│ │ │ ├── pathLenConstraint6subCA0CRL.crl
│ │ │ ├── pathLenConstraint6subCA1CRL.crl
│ │ │ ├── pathLenConstraint6subCA4CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA00CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA11CRL.crl
│ │ │ ├── pathLenConstraint6subsubCA41CRL.crl
│ │ │ ├── pathLenConstraint6subsubsubCA11XCRL.crl
│ │ │ ├── pathLenConstraint6subsubsubCA41XCRL.crl
│ │ │ ├── pre2000CRLnextUpdateCACRL.crl
│ │ │ ├── requireExplicitPolicy0CACRL.crl
│ │ │ ├── requireExplicitPolicy0subCACRL.crl
│ │ │ ├── requireExplicitPolicy0subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy0subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy10CACRL.crl
│ │ │ ├── requireExplicitPolicy10subCACRL.crl
│ │ │ ├── requireExplicitPolicy10subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy10subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy2CACRL.crl
│ │ │ ├── requireExplicitPolicy2subCACRL.crl
│ │ │ ├── requireExplicitPolicy4CACRL.crl
│ │ │ ├── requireExplicitPolicy4subCACRL.crl
│ │ │ ├── requireExplicitPolicy4subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy4subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy5CACRL.crl
│ │ │ ├── requireExplicitPolicy5subCACRL.crl
│ │ │ ├── requireExplicitPolicy5subsubCACRL.crl
│ │ │ ├── requireExplicitPolicy5subsubsubCACRL.crl
│ │ │ ├── requireExplicitPolicy7CACRL.crl
│ │ │ ├── requireExplicitPolicy7subCARE2CRL.crl
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4CRL.crl
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
│ │ ├── pkcs12/
│ │ │ ├── AllCertificatesNoPoliciesTest2EE.p12
│ │ │ ├── AllCertificatesSamePoliciesTest10EE.p12
│ │ │ ├── AllCertificatesSamePoliciesTest13EE.p12
│ │ │ ├── AllCertificatesanyPolicyTest11EE.p12
│ │ │ ├── AnyPolicyTest14EE.p12
│ │ │ ├── BadCRLIssuerNameCACert.p12
│ │ │ ├── BadCRLSignatureCACert.p12
│ │ │ ├── BadSignedCACert.p12
│ │ │ ├── BadnotAfterDateCACert.p12
│ │ │ ├── BadnotBeforeDateCACert.p12
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCACert.p12
│ │ │ ├── BasicSelfIssuedCRLSigningKeyCRLCert.p12
│ │ │ ├── BasicSelfIssuedNewKeyCACert.p12
│ │ │ ├── BasicSelfIssuedNewKeyOldWithNewCACert.p12
│ │ │ ├── BasicSelfIssuedOldKeyCACert.p12
│ │ │ ├── BasicSelfIssuedOldKeyNewWithOldCACert.p12
│ │ │ ├── CPSPointerQualifierTest20EE.p12
│ │ │ ├── DSACACert.p12
│ │ │ ├── DSAParametersInheritedCACert.p12
│ │ │ ├── DifferentPoliciesTest12EE.p12
│ │ │ ├── DifferentPoliciesTest3EE.p12
│ │ │ ├── DifferentPoliciesTest4EE.p12
│ │ │ ├── DifferentPoliciesTest5EE.p12
│ │ │ ├── DifferentPoliciesTest7EE.p12
│ │ │ ├── DifferentPoliciesTest8EE.p12
│ │ │ ├── DifferentPoliciesTest9EE.p12
│ │ │ ├── GeneralizedTimeCRLnextUpdateCACert.p12
│ │ │ ├── GoodCACert.p12
│ │ │ ├── GoodsubCACert.p12
│ │ │ ├── GoodsubCAPanyPolicyMapping1to2CACert.p12
│ │ │ ├── InvalidBadCRLIssuerNameTest5EE.p12
│ │ │ ├── InvalidBadCRLSignatureTest4EE.p12
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest7EE.p12
│ │ │ ├── InvalidBasicSelfIssuedCRLSigningKeyTest8EE.p12
│ │ │ ├── InvalidBasicSelfIssuedNewWithOldTest5EE.p12
│ │ │ ├── InvalidBasicSelfIssuedOldWithNewTest2EE.p12
│ │ │ ├── InvalidCASignatureTest2EE.p12
│ │ │ ├── InvalidCAnotAfterDateTest5EE.p12
│ │ │ ├── InvalidCAnotBeforeDateTest1EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest31EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest33EE.p12
│ │ │ ├── InvalidDNSnameConstraintsTest38EE.p12
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest28EE.p12
│ │ │ ├── InvalidDNandRFC822nameConstraintsTest29EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest10EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest12EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest13EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest15EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest16EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest17EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest20EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest2EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest3EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest7EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest8EE.p12
│ │ │ ├── InvalidDNnameConstraintsTest9EE.p12
│ │ │ ├── InvalidDSASignatureTest6EE.p12
│ │ │ ├── InvalidEESignatureTest3EE.p12
│ │ │ ├── InvalidEEnotAfterDateTest6EE.p12
│ │ │ ├── InvalidEEnotBeforeDateTest2EE.p12
│ │ │ ├── InvalidIDPwithindirectCRLTest23EE.p12
│ │ │ ├── InvalidIDPwithindirectCRLTest26EE.p12
│ │ │ ├── InvalidLongSerialNumberTest18EE.p12
│ │ │ ├── InvalidMappingFromanyPolicyTest7EE.p12
│ │ │ ├── InvalidMappingToanyPolicyTest8EE.p12
│ │ │ ├── InvalidMissingCRLTest1EE.p12
│ │ │ ├── InvalidMissingbasicConstraintsTest1EE.p12
│ │ │ ├── InvalidNameChainingOrderTest2EE.p12
│ │ │ ├── InvalidNameChainingTest1EE.p12
│ │ │ ├── InvalidNegativeSerialNumberTest15EE.p12
│ │ │ ├── InvalidOldCRLnextUpdateTest11EE.p12
│ │ │ ├── InvalidPolicyMappingTest10EE.p12
│ │ │ ├── InvalidPolicyMappingTest2EE.p12
│ │ │ ├── InvalidPolicyMappingTest4EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest22EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest24EE.p12
│ │ │ ├── InvalidRFC822nameConstraintsTest26EE.p12
│ │ │ ├── InvalidRevokedCATest2EE.p12
│ │ │ ├── InvalidRevokedEETest3EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest10EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitAnyPolicyTest8EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest10EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest11EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest8EE.p12
│ │ │ ├── InvalidSelfIssuedinhibitPolicyMappingTest9EE.p12
│ │ │ ├── InvalidSelfIssuedpathLenConstraintTest16EE.p12
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest7EE.p12
│ │ │ ├── InvalidSelfIssuedrequireExplicitPolicyTest8EE.p12
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest20EE.p12
│ │ │ ├── InvalidSeparateCertificateandCRLKeysTest21EE.p12
│ │ │ ├── InvalidURInameConstraintsTest35EE.p12
│ │ │ ├── InvalidURInameConstraintsTest37EE.p12
│ │ │ ├── InvalidUnknownCRLEntryExtensionTest8EE.p12
│ │ │ ├── InvalidUnknownCRLExtensionTest10EE.p12
│ │ │ ├── InvalidUnknownCRLExtensionTest9EE.p12
│ │ │ ├── InvalidUnknownCriticalCertificateExtensionTest2EE.p12
│ │ │ ├── InvalidWrongCRLTest6EE.p12
│ │ │ ├── InvalidcAFalseTest2EE.p12
│ │ │ ├── InvalidcAFalseTest3EE.p12
│ │ │ ├── InvalidcRLIssuerTest27EE.p12
│ │ │ ├── InvalidcRLIssuerTest31EE.p12
│ │ │ ├── InvalidcRLIssuerTest32EE.p12
│ │ │ ├── InvalidcRLIssuerTest34EE.p12
│ │ │ ├── InvalidcRLIssuerTest35EE.p12
│ │ │ ├── InvaliddeltaCRLIndicatorNoBaseTest1EE.p12
│ │ │ ├── InvaliddeltaCRLTest10EE.p12
│ │ │ ├── InvaliddeltaCRLTest3EE.p12
│ │ │ ├── InvaliddeltaCRLTest4EE.p12
│ │ │ ├── InvaliddeltaCRLTest6EE.p12
│ │ │ ├── InvaliddeltaCRLTest9EE.p12
│ │ │ ├── InvaliddistributionPointTest2EE.p12
│ │ │ ├── InvaliddistributionPointTest3EE.p12
│ │ │ ├── InvaliddistributionPointTest6EE.p12
│ │ │ ├── InvaliddistributionPointTest8EE.p12
│ │ │ ├── InvaliddistributionPointTest9EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest1EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest4EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest5EE.p12
│ │ │ ├── InvalidinhibitAnyPolicyTest6EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest1EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest3EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest5EE.p12
│ │ │ ├── InvalidinhibitPolicyMappingTest6EE.p12
│ │ │ ├── InvalidkeyUsageCriticalcRLSignFalseTest4EE.p12
│ │ │ ├── InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.p12
│ │ │ ├── InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.p12
│ │ │ ├── InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.p12
│ │ │ ├── InvalidonlyContainsAttributeCertsTest14EE.p12
│ │ │ ├── InvalidonlyContainsCACertsTest12EE.p12
│ │ │ ├── InvalidonlyContainsUserCertsTest11EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest15EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest16EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest17EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest20EE.p12
│ │ │ ├── InvalidonlySomeReasonsTest21EE.p12
│ │ │ ├── InvalidpathLenConstraintTest10EE.p12
│ │ │ ├── InvalidpathLenConstraintTest11EE.p12
│ │ │ ├── InvalidpathLenConstraintTest12EE.p12
│ │ │ ├── InvalidpathLenConstraintTest5EE.p12
│ │ │ ├── InvalidpathLenConstraintTest6EE.p12
│ │ │ ├── InvalidpathLenConstraintTest9EE.p12
│ │ │ ├── Invalidpre2000CRLnextUpdateTest12EE.p12
│ │ │ ├── Invalidpre2000UTCEEnotAfterDateTest7EE.p12
│ │ │ ├── InvalidrequireExplicitPolicyTest3EE.p12
│ │ │ ├── InvalidrequireExplicitPolicyTest5EE.p12
│ │ │ ├── LongSerialNumberCACert.p12
│ │ │ ├── Mapping1to2CACert.p12
│ │ │ ├── MappingFromanyPolicyCACert.p12
│ │ │ ├── MappingToanyPolicyCACert.p12
│ │ │ ├── MissingbasicConstraintsCACert.p12
│ │ │ ├── NameOrderingCACert.p12
│ │ │ ├── NegativeSerialNumberCACert.p12
│ │ │ ├── NoCRLCACert.p12
│ │ │ ├── NoPoliciesCACert.p12
│ │ │ ├── NoissuingDistributionPointCACert.p12
│ │ │ ├── OldCRLnextUpdateCACert.p12
│ │ │ ├── OverlappingPoliciesTest6EE.p12
│ │ │ ├── P12Mapping1to3CACert.p12
│ │ │ ├── P12Mapping1to3subCACert.p12
│ │ │ ├── P12Mapping1to3subsubCACert.p12
│ │ │ ├── P1Mapping1to234CACert.p12
│ │ │ ├── P1Mapping1to234subCACert.p12
│ │ │ ├── P1anyPolicyMapping1to2CACert.p12
│ │ │ ├── PanyPolicyMapping1to2CACert.p12
│ │ │ ├── PoliciesP1234CACert.p12
│ │ │ ├── PoliciesP1234subCAP123Cert.p12
│ │ │ ├── PoliciesP1234subsubCAP123P12Cert.p12
│ │ │ ├── PoliciesP123CACert.p12
│ │ │ ├── PoliciesP123subCAP12Cert.p12
│ │ │ ├── PoliciesP123subsubCAP12P1Cert.p12
│ │ │ ├── PoliciesP123subsubCAP12P2Cert.p12
│ │ │ ├── PoliciesP123subsubsubCAP12P2P1Cert.p12
│ │ │ ├── PoliciesP12CACert.p12
│ │ │ ├── PoliciesP12subCAP1Cert.p12
│ │ │ ├── PoliciesP12subsubCAP1P2Cert.p12
│ │ │ ├── PoliciesP2subCA2Cert.p12
│ │ │ ├── PoliciesP2subCACert.p12
│ │ │ ├── PoliciesP3CACert.p12
│ │ │ ├── RFC3280MandatoryAttributeTypesCACert.p12
│ │ │ ├── RFC3280OptionalAttributeTypesCACert.p12
│ │ │ ├── RevokedsubCACert.p12
│ │ │ ├── RolloverfromPrintableStringtoUTF8StringCACert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCA2CRLSigningCert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCA2CertificateSigningCACert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCRLSigningCert.p12
│ │ │ ├── SeparateCertificateandCRLKeysCertificateSigningCACert.p12
│ │ │ ├── TrustAnchorRootCertificate.p12
│ │ │ ├── TwoCRLsCACert.p12
│ │ │ ├── UIDCACert.p12
│ │ │ ├── UTF8StringCaseInsensitiveMatchCACert.p12
│ │ │ ├── UTF8StringEncodedNamesCACert.p12
│ │ │ ├── UnknownCRLEntryExtensionCACert.p12
│ │ │ ├── UnknownCRLExtensionCACert.p12
│ │ │ ├── UserNoticeQualifierTest15EE.p12
│ │ │ ├── UserNoticeQualifierTest16EE.p12
│ │ │ ├── UserNoticeQualifierTest17EE.p12
│ │ │ ├── UserNoticeQualifierTest18EE.p12
│ │ │ ├── UserNoticeQualifierTest19EE.p12
│ │ │ ├── ValidBasicSelfIssuedCRLSigningKeyTest6EE.p12
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest3EE.p12
│ │ │ ├── ValidBasicSelfIssuedNewWithOldTest4EE.p12
│ │ │ ├── ValidBasicSelfIssuedOldWithNewTest1EE.p12
│ │ │ ├── ValidCertificatePathTest1EE.p12
│ │ │ ├── ValidDNSnameConstraintsTest30EE.p12
│ │ │ ├── ValidDNSnameConstraintsTest32EE.p12
│ │ │ ├── ValidDNandRFC822nameConstraintsTest27EE.p12
│ │ │ ├── ValidDNnameConstraintsTest11EE.p12
│ │ │ ├── ValidDNnameConstraintsTest14EE.p12
│ │ │ ├── ValidDNnameConstraintsTest18EE.p12
│ │ │ ├── ValidDNnameConstraintsTest19EE.p12
│ │ │ ├── ValidDNnameConstraintsTest1EE.p12
│ │ │ ├── ValidDNnameConstraintsTest4EE.p12
│ │ │ ├── ValidDNnameConstraintsTest5EE.p12
│ │ │ ├── ValidDNnameConstraintsTest6EE.p12
│ │ │ ├── ValidDSAParameterInheritanceTest5EE.p12
│ │ │ ├── ValidDSASignaturesTest4EE.p12
│ │ │ ├── ValidGeneralizedTimeCRLnextUpdateTest13EE.p12
│ │ │ ├── ValidGeneralizedTimenotAfterDateTest8EE.p12
│ │ │ ├── ValidGeneralizedTimenotBeforeDateTest4EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest22EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest24EE.p12
│ │ │ ├── ValidIDPwithindirectCRLTest25EE.p12
│ │ │ ├── ValidLongSerialNumberTest16EE.p12
│ │ │ ├── ValidLongSerialNumberTest17EE.p12
│ │ │ ├── ValidNameChainingCapitalizationTest5EE.p12
│ │ │ ├── ValidNameChainingWhitespaceTest3EE.p12
│ │ │ ├── ValidNameChainingWhitespaceTest4EE.p12
│ │ │ ├── ValidNameUIDsTest6EE.p12
│ │ │ ├── ValidNegativeSerialNumberTest14EE.p12
│ │ │ ├── ValidNoissuingDistributionPointTest10EE.p12
│ │ │ ├── ValidPolicyMappingTest11EE.p12
│ │ │ ├── ValidPolicyMappingTest12EE.p12
│ │ │ ├── ValidPolicyMappingTest13EE.p12
│ │ │ ├── ValidPolicyMappingTest14EE.p12
│ │ │ ├── ValidPolicyMappingTest1EE.p12
│ │ │ ├── ValidPolicyMappingTest3EE.p12
│ │ │ ├── ValidPolicyMappingTest5EE.p12
│ │ │ ├── ValidPolicyMappingTest6EE.p12
│ │ │ ├── ValidPolicyMappingTest9EE.p12
│ │ │ ├── ValidRFC3280MandatoryAttributeTypesTest7EE.p12
│ │ │ ├── ValidRFC3280OptionalAttributeTypesTest8EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest21EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest23EE.p12
│ │ │ ├── ValidRFC822nameConstraintsTest25EE.p12
│ │ │ ├── ValidRolloverfromPrintableStringtoUTF8StringTest10EE.p12
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest7EE.p12
│ │ │ ├── ValidSelfIssuedinhibitAnyPolicyTest9EE.p12
│ │ │ ├── ValidSelfIssuedinhibitPolicyMappingTest7EE.p12
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest15EE.p12
│ │ │ ├── ValidSelfIssuedpathLenConstraintTest17EE.p12
│ │ │ ├── ValidSelfIssuedrequireExplicitPolicyTest6EE.p12
│ │ │ ├── ValidSeparateCertificateandCRLKeysTest19EE.p12
│ │ │ ├── ValidTwoCRLsTest7EE.p12
│ │ │ ├── ValidURInameConstraintsTest34EE.p12
│ │ │ ├── ValidURInameConstraintsTest36EE.p12
│ │ │ ├── ValidUTF8StringCaseInsensitiveMatchTest11EE.p12
│ │ │ ├── ValidUTF8StringEncodedNamesTest9EE.p12
│ │ │ ├── ValidUnknownNotCriticalCertificateExtensionTest1EE.p12
│ │ │ ├── ValidbasicConstraintsNotCriticalTest4EE.p12
│ │ │ ├── ValidcRLIssuerTest28EE.p12
│ │ │ ├── ValidcRLIssuerTest29EE.p12
│ │ │ ├── ValidcRLIssuerTest30EE.p12
│ │ │ ├── ValidcRLIssuerTest33EE.p12
│ │ │ ├── ValiddeltaCRLTest2EE.p12
│ │ │ ├── ValiddeltaCRLTest5EE.p12
│ │ │ ├── ValiddeltaCRLTest7EE.p12
│ │ │ ├── ValiddeltaCRLTest8EE.p12
│ │ │ ├── ValiddistributionPointTest1EE.p12
│ │ │ ├── ValiddistributionPointTest4EE.p12
│ │ │ ├── ValiddistributionPointTest5EE.p12
│ │ │ ├── ValiddistributionPointTest7EE.p12
│ │ │ ├── ValidinhibitAnyPolicyTest2EE.p12
│ │ │ ├── ValidinhibitPolicyMappingTest2EE.p12
│ │ │ ├── ValidinhibitPolicyMappingTest4EE.p12
│ │ │ ├── ValidkeyUsageNotCriticalTest3EE.p12
│ │ │ ├── ValidonlyContainsCACertsTest13EE.p12
│ │ │ ├── ValidonlySomeReasonsTest18EE.p12
│ │ │ ├── ValidonlySomeReasonsTest19EE.p12
│ │ │ ├── ValidpathLenConstraintTest13EE.p12
│ │ │ ├── ValidpathLenConstraintTest14EE.p12
│ │ │ ├── ValidpathLenConstraintTest7EE.p12
│ │ │ ├── ValidpathLenConstraintTest8EE.p12
│ │ │ ├── Validpre2000UTCnotBeforeDateTest3EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest1EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest2EE.p12
│ │ │ ├── ValidrequireExplicitPolicyTest4EE.p12
│ │ │ ├── WrongCRLCACert.p12
│ │ │ ├── anyPolicyCACert.p12
│ │ │ ├── basicConstraintsCriticalcAFalseCACert.p12
│ │ │ ├── basicConstraintsNotCriticalCACert.p12
│ │ │ ├── basicConstraintsNotCriticalcAFalseCACert.p12
│ │ │ ├── deltaCRLCA1Cert.p12
│ │ │ ├── deltaCRLCA2Cert.p12
│ │ │ ├── deltaCRLCA3Cert.p12
│ │ │ ├── deltaCRLIndicatorNoBaseCACert.p12
│ │ │ ├── distributionPoint1CACert.p12
│ │ │ ├── distributionPoint2CACert.p12
│ │ │ ├── indirectCRLCA1Cert.p12
│ │ │ ├── indirectCRLCA2Cert.p12
│ │ │ ├── indirectCRLCA3Cert.p12
│ │ │ ├── indirectCRLCA3cRLIssuerCert.p12
│ │ │ ├── indirectCRLCA4Cert.p12
│ │ │ ├── indirectCRLCA4cRLIssuerCert.p12
│ │ │ ├── indirectCRLCA5Cert.p12
│ │ │ ├── indirectCRLCA6Cert.p12
│ │ │ ├── inhibitAnyPolicy0CACert.p12
│ │ │ ├── inhibitAnyPolicy1CACert.p12
│ │ │ ├── inhibitAnyPolicy1SelfIssuedCACert.p12
│ │ │ ├── inhibitAnyPolicy1SelfIssuedsubCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCA1Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy1subCAIAP5Cert.p12
│ │ │ ├── inhibitAnyPolicy1subsubCA2Cert.p12
│ │ │ ├── inhibitAnyPolicy5CACert.p12
│ │ │ ├── inhibitAnyPolicy5subCACert.p12
│ │ │ ├── inhibitAnyPolicy5subsubCACert.p12
│ │ │ ├── inhibitAnyPolicyTest3EE.p12
│ │ │ ├── inhibitPolicyMapping0CACert.p12
│ │ │ ├── inhibitPolicyMapping0subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12CACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subCAIPM5Cert.p12
│ │ │ ├── inhibitPolicyMapping1P12subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping1P12subsubCAIPM5Cert.p12
│ │ │ ├── inhibitPolicyMapping1P1CACert.p12
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1SelfIssuedsubCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1subCACert.p12
│ │ │ ├── inhibitPolicyMapping1P1subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping5CACert.p12
│ │ │ ├── inhibitPolicyMapping5subCACert.p12
│ │ │ ├── inhibitPolicyMapping5subsubCACert.p12
│ │ │ ├── inhibitPolicyMapping5subsubsubCACert.p12
│ │ │ ├── keyUsageCriticalcRLSignFalseCACert.p12
│ │ │ ├── keyUsageCriticalkeyCertSignFalseCACert.p12
│ │ │ ├── keyUsageNotCriticalCACert.p12
│ │ │ ├── keyUsageNotCriticalcRLSignFalseCACert.p12
│ │ │ ├── keyUsageNotCriticalkeyCertSignFalseCACert.p12
│ │ │ ├── nameConstraintsDN1CACert.p12
│ │ │ ├── nameConstraintsDN1SelfIssuedCACert.p12
│ │ │ ├── nameConstraintsDN1subCA1Cert.p12
│ │ │ ├── nameConstraintsDN1subCA2Cert.p12
│ │ │ ├── nameConstraintsDN1subCA3Cert.p12
│ │ │ ├── nameConstraintsDN2CACert.p12
│ │ │ ├── nameConstraintsDN3CACert.p12
│ │ │ ├── nameConstraintsDN3subCA1Cert.p12
│ │ │ ├── nameConstraintsDN3subCA2Cert.p12
│ │ │ ├── nameConstraintsDN4CACert.p12
│ │ │ ├── nameConstraintsDN5CACert.p12
│ │ │ ├── nameConstraintsDNS1CACert.p12
│ │ │ ├── nameConstraintsDNS2CACert.p12
│ │ │ ├── nameConstraintsRFC822CA1Cert.p12
│ │ │ ├── nameConstraintsRFC822CA2Cert.p12
│ │ │ ├── nameConstraintsRFC822CA3Cert.p12
│ │ │ ├── nameConstraintsURI1CACert.p12
│ │ │ ├── nameConstraintsURI2CACert.p12
│ │ │ ├── onlyContainsAttributeCertsCACert.p12
│ │ │ ├── onlyContainsCACertsCACert.p12
│ │ │ ├── onlyContainsUserCertsCACert.p12
│ │ │ ├── onlySomeReasonsCA1Cert.p12
│ │ │ ├── onlySomeReasonsCA2Cert.p12
│ │ │ ├── onlySomeReasonsCA3Cert.p12
│ │ │ ├── onlySomeReasonsCA4Cert.p12
│ │ │ ├── pathLenConstraint0CACert.p12
│ │ │ ├── pathLenConstraint0SelfIssuedCACert.p12
│ │ │ ├── pathLenConstraint0subCA2Cert.p12
│ │ │ ├── pathLenConstraint0subCACert.p12
│ │ │ ├── pathLenConstraint1CACert.p12
│ │ │ ├── pathLenConstraint1SelfIssuedCACert.p12
│ │ │ ├── pathLenConstraint1SelfIssuedsubCACert.p12
│ │ │ ├── pathLenConstraint1subCACert.p12
│ │ │ ├── pathLenConstraint6CACert.p12
│ │ │ ├── pathLenConstraint6subCA0Cert.p12
│ │ │ ├── pathLenConstraint6subCA1Cert.p12
│ │ │ ├── pathLenConstraint6subCA4Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA00Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA11Cert.p12
│ │ │ ├── pathLenConstraint6subsubCA41Cert.p12
│ │ │ ├── pathLenConstraint6subsubsubCA11XCert.p12
│ │ │ ├── pathLenConstraint6subsubsubCA41XCert.p12
│ │ │ ├── pre2000CRLnextUpdateCACert.p12
│ │ │ ├── requireExplicitPolicy0CACert.p12
│ │ │ ├── requireExplicitPolicy0subCACert.p12
│ │ │ ├── requireExplicitPolicy0subsubCACert.p12
│ │ │ ├── requireExplicitPolicy0subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy10CACert.p12
│ │ │ ├── requireExplicitPolicy10subCACert.p12
│ │ │ ├── requireExplicitPolicy10subsubCACert.p12
│ │ │ ├── requireExplicitPolicy10subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy2CACert.p12
│ │ │ ├── requireExplicitPolicy2SelfIssuedCACert.p12
│ │ │ ├── requireExplicitPolicy2SelfIssuedsubCACert.p12
│ │ │ ├── requireExplicitPolicy2subCACert.p12
│ │ │ ├── requireExplicitPolicy4CACert.p12
│ │ │ ├── requireExplicitPolicy4subCACert.p12
│ │ │ ├── requireExplicitPolicy4subsubCACert.p12
│ │ │ ├── requireExplicitPolicy4subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy5CACert.p12
│ │ │ ├── requireExplicitPolicy5subCACert.p12
│ │ │ ├── requireExplicitPolicy5subsubCACert.p12
│ │ │ ├── requireExplicitPolicy5subsubsubCACert.p12
│ │ │ ├── requireExplicitPolicy7CACert.p12
│ │ │ ├── requireExplicitPolicy7subCARE2Cert.p12
│ │ │ ├── requireExplicitPolicy7subsubCARE2RE4Cert.p12
│ │ │ └── requireExplicitPolicy7subsubsubCARE2RE4Cert.p12
│ │ ├── pkits.ldif
│ │ ├── pkits.schema
│ │ └── smime/
│ │ ├── SignedAllCertificatesAnyPolicyTest11.eml
│ │ ├── SignedAllCertificatesNoPoliciesTest2.eml
│ │ ├── SignedAllCertificatesSamePoliciesTest10.eml
│ │ ├── SignedAllCertificatesSamePoliciesTest13.eml
│ │ ├── SignedAllCertificatesSamePolicyTest1.eml
│ │ ├── SignedAnyPolicyTest14.eml
│ │ ├── SignedCPSPointerQualifierTest20.eml
│ │ ├── SignedDifferentPoliciesTest12.eml
│ │ ├── SignedDifferentPoliciesTest3.eml
│ │ ├── SignedDifferentPoliciesTest4.eml
│ │ ├── SignedDifferentPoliciesTest5.eml
│ │ ├── SignedDifferentPoliciesTest7.eml
│ │ ├── SignedDifferentPoliciesTest8.eml
│ │ ├── SignedDifferentPoliciesTest9.eml
│ │ ├── SignedInvalidBadCRLIssuerNameTest5.eml
│ │ ├── SignedInvalidBadCRLSignatureTest4.eml
│ │ ├── SignedInvalidBasicSelfIssuedCRLSigningKeyTest7.eml
│ │ ├── SignedInvalidBasicSelfIssuedCRLSigningKeyTest8.eml
│ │ ├── SignedInvalidBasicSelfIssuedNewWithOldTest5.eml
│ │ ├── SignedInvalidBasicSelfIssuedOldWithNewTest2.eml
│ │ ├── SignedInvalidCASignatureTest2.eml
│ │ ├── SignedInvalidCAnotAfterDateTest5.eml
│ │ ├── SignedInvalidCAnotBeforeDateTest1.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest31.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest33.eml
│ │ ├── SignedInvalidDNSnameConstraintsTest38.eml
│ │ ├── SignedInvalidDNandRFC822nameConstraintsTest28.eml
│ │ ├── SignedInvalidDNandRFC822nameConstraintsTest29.eml
│ │ ├── SignedInvalidDNnameConstraintsTest10.eml
│ │ ├── SignedInvalidDNnameConstraintsTest12.eml
│ │ ├── SignedInvalidDNnameConstraintsTest13.eml
│ │ ├── SignedInvalidDNnameConstraintsTest15.eml
│ │ ├── SignedInvalidDNnameConstraintsTest16.eml
│ │ ├── SignedInvalidDNnameConstraintsTest17.eml
│ │ ├── SignedInvalidDNnameConstraintsTest2.eml
│ │ ├── SignedInvalidDNnameConstraintsTest3.eml
│ │ ├── SignedInvalidDNnameConstraintsTest7.eml
│ │ ├── SignedInvalidDNnameConstraintsTest8.eml
│ │ ├── SignedInvalidDNnameConstraintsTest9.eml
│ │ ├── SignedInvalidDSASignatureTest6.eml
│ │ ├── SignedInvalidEESignatureTest3.eml
│ │ ├── SignedInvalidEEnotAfterDateTest6.eml
│ │ ├── SignedInvalidEEnotBeforeDateTest2.eml
│ │ ├── SignedInvalidIDPwithindirectCRLTest23.eml
│ │ ├── SignedInvalidIDPwithindirectCRLTest26.eml
│ │ ├── SignedInvalidLongSerialNumberTest18.eml
│ │ ├── SignedInvalidMappingFromanyPolicyTest7.eml
│ │ ├── SignedInvalidMappingToanyPolicyTest8.eml
│ │ ├── SignedInvalidMissingbasicConstraintsTest1.eml
│ │ ├── SignedInvalidNameChainingEETest1.eml
│ │ ├── SignedInvalidNameChainingOrderTest2.eml
│ │ ├── SignedInvalidNegativeSerialNumberTest15.eml
│ │ ├── SignedInvalidOldCRLnextUpdateTest11.eml
│ │ ├── SignedInvalidPolicyMappingTest10.eml
│ │ ├── SignedInvalidPolicyMappingTest2.eml
│ │ ├── SignedInvalidPolicyMappingTest4.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest22.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest24.eml
│ │ ├── SignedInvalidRFC822nameConstraintsTest26.eml
│ │ ├── SignedInvalidRequireExplicitPolicyTest3.eml
│ │ ├── SignedInvalidRequireExplicitPolicyTest5.eml
│ │ ├── SignedInvalidRevokedCATest2.eml
│ │ ├── SignedInvalidRevokedEETest3.eml
│ │ ├── SignedInvalidSelfIssuedDNnameConstraintsTest20.eml
│ │ ├── SignedInvalidSelfIssuedinhibitAnyPolicyTest10.eml
│ │ ├── SignedInvalidSelfIssuedinhibitAnyPolicyTest8.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest10.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest11.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest8.eml
│ │ ├── SignedInvalidSelfIssuedinhibitPolicyMappingTest9.eml
│ │ ├── SignedInvalidSelfIssuedpathLenConstraintTest16.eml
│ │ ├── SignedInvalidSelfIssuedrequireExplicitPolicyTest7.eml
│ │ ├── SignedInvalidSelfIssuedrequireExplicitPolicyTest8.eml
│ │ ├── SignedInvalidSeparateCertificateandCRLKeysTest20.eml
│ │ ├── SignedInvalidSeparateCertificateandCRLKeysTest21.eml
│ │ ├── SignedInvalidURInameConstraintsTest35.eml
│ │ ├── SignedInvalidURInameConstraintsTest37.eml
│ │ ├── SignedInvalidUnknownCRLEntryExtensionTest8.eml
│ │ ├── SignedInvalidUnknownCRLExtensionTest10.eml
│ │ ├── SignedInvalidUnknownCRLExtensionTest9.eml
│ │ ├── SignedInvalidUnknownCriticalCertificateExtensionTest2.eml
│ │ ├── SignedInvalidWrongCRLTest6.eml
│ │ ├── SignedInvalidcAFalseTest2.eml
│ │ ├── SignedInvalidcAFalseTest3.eml
│ │ ├── SignedInvalidcRLIssuerTest27.eml
│ │ ├── SignedInvalidcRLIssuerTest31.eml
│ │ ├── SignedInvalidcRLIssuerTest32.eml
│ │ ├── SignedInvalidcRLIssuerTest34.eml
│ │ ├── SignedInvalidcRLIssuerTest35.eml
│ │ ├── SignedInvaliddeltaCRLIndicatorNoBaseTest1.eml
│ │ ├── SignedInvaliddeltaCRLTest10.eml
│ │ ├── SignedInvaliddeltaCRLTest3.eml
│ │ ├── SignedInvaliddeltaCRLTest4.eml
│ │ ├── SignedInvaliddeltaCRLTest6.eml
│ │ ├── SignedInvaliddeltaCRLTest9.eml
│ │ ├── SignedInvaliddistributionPointTest2.eml
│ │ ├── SignedInvaliddistributionPointTest3.eml
│ │ ├── SignedInvaliddistributionPointTest6.eml
│ │ ├── SignedInvaliddistributionPointTest8.eml
│ │ ├── SignedInvaliddistributionPointTest9.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest1.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest4.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest5.eml
│ │ ├── SignedInvalidinhibitAnyPolicyTest6.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest1.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest3.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest5.eml
│ │ ├── SignedInvalidinhibitPolicyMappingTest6.eml
│ │ ├── SignedInvalidkeyUsageCriticalcRLSignFalseTest4.eml
│ │ ├── SignedInvalidkeyUsageCriticalkeyCertSignFalseTest1.eml
│ │ ├── SignedInvalidkeyUsageNotCriticalcRLSignFalseTest5.eml
│ │ ├── SignedInvalidkeyUsageNotCriticalkeyCertSignFalseTest2.eml
│ │ ├── SignedInvalidonlyContainsAttributeCertsTest14.eml
│ │ ├── SignedInvalidonlyContainsCACertsCRLTest12.eml
│ │ ├── SignedInvalidonlyContainsUserCertsCRLTest11.eml
│ │ ├── SignedInvalidonlySomeReasonsTest15.eml
│ │ ├── SignedInvalidonlySomeReasonsTest16.eml
│ │ ├── SignedInvalidonlySomeReasonsTest17.eml
│ │ ├── SignedInvalidonlySomeReasonsTest20.eml
│ │ ├── SignedInvalidonlySomeReasonsTest21.eml
│ │ ├── SignedInvalidpathLenConstraintTest10.eml
│ │ ├── SignedInvalidpathLenConstraintTest11.eml
│ │ ├── SignedInvalidpathLenConstraintTest12.eml
│ │ ├── SignedInvalidpathLenConstraintTest5.eml
│ │ ├── SignedInvalidpathLenConstraintTest6.eml
│ │ ├── SignedInvalidpathLenConstraintTest9.eml
│ │ ├── SignedInvalidpre2000CRLnextUpdateTest12.eml
│ │ ├── SignedInvalidpre2000UTCEEnotAfterDateTest7.eml
│ │ ├── SignedMissingCRLTest1.eml
│ │ ├── SignedOverlappingPoliciesTest6.eml
│ │ ├── SignedUserNoticeQualifierTest15.eml
│ │ ├── SignedUserNoticeQualifierTest16.eml
│ │ ├── SignedUserNoticeQualifierTest17.eml
│ │ ├── SignedUserNoticeQualifierTest18.eml
│ │ ├── SignedUserNoticeQualifierTest19.eml
│ │ ├── SignedValidBasicSelfIssuedCRLSigningKeyTest6.eml
│ │ ├── SignedValidBasicSelfIssuedNewWithOldTest3.eml
│ │ ├── SignedValidBasicSelfIssuedNewWithOldTest4.eml
│ │ ├── SignedValidBasicSelfIssuedOldWithNewTest1.eml
│ │ ├── SignedValidDNSnameConstraintsTest30.eml
│ │ ├── SignedValidDNSnameConstraintsTest32.eml
│ │ ├── SignedValidDNandRFC822nameConstraintsTest27.eml
│ │ ├── SignedValidDNnameConstraintsTest1.eml
│ │ ├── SignedValidDNnameConstraintsTest11.eml
│ │ ├── SignedValidDNnameConstraintsTest14.eml
│ │ ├── SignedValidDNnameConstraintsTest18.eml
│ │ ├── SignedValidDNnameConstraintsTest4.eml
│ │ ├── SignedValidDNnameConstraintsTest5.eml
│ │ ├── SignedValidDNnameConstraintsTest6.eml
│ │ ├── SignedValidDSAParameterInheritanceTest5.eml
│ │ ├── SignedValidDSASignaturesTest4.eml
│ │ ├── SignedValidGeneralizedTimeCRLnextUpdateTest13.eml
│ │ ├── SignedValidGeneralizedTimenotAfterDateTest8.eml
│ │ ├── SignedValidGeneralizedTimenotBeforeDateTest4.eml
│ │ ├── SignedValidIDPwithindirectCRLTest22.eml
│ │ ├── SignedValidIDPwithindirectCRLTest24.eml
│ │ ├── SignedValidIDPwithindirectCRLTest25.eml
│ │ ├── SignedValidLongSerialNumberTest16.eml
│ │ ├── SignedValidLongSerialNumberTest17.eml
│ │ ├── SignedValidNameChainingCapitalizationTest5.eml
│ │ ├── SignedValidNameChainingUIDsTest6.eml
│ │ ├── SignedValidNameChainingWhitespaceTest3.eml
│ │ ├── SignedValidNameChainingWhitespaceTest4.eml
│ │ ├── SignedValidNegativeSerialNumberTest14.eml
│ │ ├── SignedValidNoissuingDistributionPointTest10.eml
│ │ ├── SignedValidPolicyMappingTest1.eml
│ │ ├── SignedValidPolicyMappingTest11.eml
│ │ ├── SignedValidPolicyMappingTest12.eml
│ │ ├── SignedValidPolicyMappingTest13.eml
│ │ ├── SignedValidPolicyMappingTest14.eml
│ │ ├── SignedValidPolicyMappingTest3.eml
│ │ ├── SignedValidPolicyMappingTest5.eml
│ │ ├── SignedValidPolicyMappingTest6.eml
│ │ ├── SignedValidPolicyMappingTest9.eml
│ │ ├── SignedValidRFC3280MandatoryAttributeTypesTest7.eml
│ │ ├── SignedValidRFC3280OptionalAttributeTypesTest8.eml
│ │ ├── SignedValidRFC822nameConstraintsTest21.eml
│ │ ├── SignedValidRFC822nameConstraintsTest23.eml
│ │ ├── SignedValidRFC822nameConstraintsTest25.eml
│ │ ├── SignedValidRequireExplicitPolicyTest1.eml
│ │ ├── SignedValidRequireExplicitPolicyTest2.eml
│ │ ├── SignedValidRequireExplicitPolicyTest4.eml
│ │ ├── SignedValidRolloverfromPrintableStringtoUTF8StringTest10.eml
│ │ ├── SignedValidSelfIssuedDNnameConstraintsTest19.eml
│ │ ├── SignedValidSelfIssuedinhibitAnyPolicyTest7.eml
│ │ ├── SignedValidSelfIssuedinhibitAnyPolicyTest9.eml
│ │ ├── SignedValidSelfIssuedinhibitPolicyMappingTest7.eml
│ │ ├── SignedValidSelfIssuedpathLenConstraintTest15.eml
│ │ ├── SignedValidSelfIssuedpathLenConstraintTest17.eml
│ │ ├── SignedValidSelfIssuedrequireExplicitPolicyTest6.eml
│ │ ├── SignedValidSeparateCertificateandCRLKeysTest19.eml
│ │ ├── SignedValidSignaturesTest1.eml
│ │ ├── SignedValidTwoCRLsTest7.eml
│ │ ├── SignedValidURInameConstraintsTest34.eml
│ │ ├── SignedValidURInameConstraintsTest36.eml
│ │ ├── SignedValidUTF8StringCaseInsensitiveMatchTest11.eml
│ │ ├── SignedValidUTF8StringEncodedNamesTest9.eml
│ │ ├── SignedValidUnknownNotCriticalCertificateExtensionTest1.eml
│ │ ├── SignedValidbasicConstraintsNotCriticalTest4.eml
│ │ ├── SignedValidcRLIssuerTest28.eml
│ │ ├── SignedValidcRLIssuerTest29.eml
│ │ ├── SignedValidcRLIssuerTest30.eml
│ │ ├── SignedValidcRLIssuerTest33.eml
│ │ ├── SignedValiddeltaCRLTest2.eml
│ │ ├── SignedValiddeltaCRLTest5.eml
│ │ ├── SignedValiddeltaCRLTest7.eml
│ │ ├── SignedValiddeltaCRLTest8.eml
│ │ ├── SignedValiddistributionPointTest1.eml
│ │ ├── SignedValiddistributionPointTest4.eml
│ │ ├── SignedValiddistributionPointTest5.eml
│ │ ├── SignedValiddistributionPointTest7.eml
│ │ ├── SignedValidinhibitAnyPolicyTest2.eml
│ │ ├── SignedValidinhibitPolicyMappingTest2.eml
│ │ ├── SignedValidinhibitPolicyMappingTest4.eml
│ │ ├── SignedValidkeyUsageNotCriticalTest3.eml
│ │ ├── SignedValidonlyContainsCACertsCRLTest13.eml
│ │ ├── SignedValidonlySomeReasonsTest18.eml
│ │ ├── SignedValidonlySomeReasonsTest19.eml
│ │ ├── SignedValidpathLenConstraintTest13.eml
│ │ ├── SignedValidpathLenConstraintTest14.eml
│ │ ├── SignedValidpathLenConstraintTest7.eml
│ │ ├── SignedValidpathLenConstraintTest8.eml
│ │ ├── SignedValidpre2000UTCnotBeforeDateTest3.eml
│ │ └── SignedinhibitAnyPolicyTest3.eml
│ ├── accvraiz1.pem
│ ├── badasn1time.pem
│ ├── badssl-sct-anonymous-sig.der
│ ├── badssl-sct-none-hash.der
│ ├── badssl-sct.pem
│ ├── belgian-eid-invalid-visiblestring.pem
│ ├── bigoid.pem
│ ├── cryptography-scts-tbs-precert.der
│ ├── cryptography-scts.pem
│ ├── cryptography.io.chain.pem
│ ├── cryptography.io.chain_with_garbage.pem
│ ├── cryptography.io.old_header.pem
│ ├── cryptography.io.pem
│ ├── cryptography.io.precert.pem
│ ├── cryptography.io.with_garbage.pem
│ ├── cryptography.io.with_headers.pem
│ ├── custom/
│ │ ├── admissions_extension_authority_not_provided.pem
│ │ ├── admissions_extension_optional_data_not_provided.pem
│ │ ├── aia_ca_issuers.pem
│ │ ├── aia_ocsp.pem
│ │ ├── aia_ocsp_ca_issuers.pem
│ │ ├── all_key_usages.pem
│ │ ├── all_supported_names.pem
│ │ ├── alternate-rsa-sha1-oid.der
│ │ ├── authority_key_identifier.pem
│ │ ├── authority_key_identifier_no_keyid.pem
│ │ ├── bad_country.pem
│ │ ├── basic_constraints_not_critical.pem
│ │ ├── bc_path_length_zero.pem
│ │ ├── ca/
│ │ │ ├── ca.pem
│ │ │ ├── ca_key.pem
│ │ │ ├── rsa_ca.pem
│ │ │ ├── rsa_key.pem
│ │ │ └── rsae_ca.pem
│ │ ├── cdp_all_reasons.pem
│ │ ├── cdp_crl_issuer.pem
│ │ ├── cdp_empty_hostname.pem
│ │ ├── cdp_fullname_reasons_crl_issuer.pem
│ │ ├── cdp_reason_aa_compromise.pem
│ │ ├── cp_cps_uri.pem
│ │ ├── cp_invalid.pem
│ │ ├── cp_invalid2.der
│ │ ├── cp_user_notice_no_explicit_text.pem
│ │ ├── cp_user_notice_with_explicit_text.pem
│ │ ├── cp_user_notice_with_notice_reference.pem
│ │ ├── crl_all_reasons.pem
│ │ ├── crl_almost_10k.pem
│ │ ├── crl_bad_version.pem
│ │ ├── crl_delta_crl_indicator.pem
│ │ ├── crl_dup_entry_ext.pem
│ │ ├── crl_empty.pem
│ │ ├── crl_empty_no_sequence.der
│ │ ├── crl_ian_aia_aki.pem
│ │ ├── crl_idp_fullname_indirect_crl.pem
│ │ ├── crl_idp_fullname_only.pem
│ │ ├── crl_idp_fullname_only_aa.pem
│ │ ├── crl_idp_fullname_only_user.pem
│ │ ├── crl_idp_only_ca.pem
│ │ ├── crl_idp_reasons_only.pem
│ │ ├── crl_idp_relative_user_all_reasons.pem
│ │ ├── crl_idp_relativename_only.pem
│ │ ├── crl_inner_outer_mismatch.der
│ │ ├── crl_inval_cert_issuer_entry_ext.pem
│ │ ├── crl_invalid_time.der
│ │ ├── crl_issuer_invalid_printable_string.der
│ │ ├── crl_md2_unknown_crit_entry_ext.pem
│ │ ├── crl_no_next_update.pem
│ │ ├── crl_unrecognized_extension.der
│ │ ├── crl_unsupported_reason.pem
│ │ ├── dsa_null_alg_params.pem
│ │ ├── dsa_selfsigned_ca.pem
│ │ ├── ec_no_named_curve.pem
│ │ ├── ecdsa_null_alg.pem
│ │ ├── ekucrit-testuser-cert.pem
│ │ ├── empty-eku.pem
│ │ ├── extended_key_usage.pem
│ │ ├── freshestcrl.pem
│ │ ├── ian_uri.pem
│ │ ├── inhibit_any_policy_5.pem
│ │ ├── inhibit_any_policy_negative.pem
│ │ ├── invalid-sct-length.der
│ │ ├── invalid-sct-version.der
│ │ ├── invalid_signature_cert.pem
│ │ ├── invalid_signature_crl.pem
│ │ ├── invalid_utf8_common_name.pem
│ │ ├── invalid_version.pem
│ │ ├── long-form-name-attribute.pem
│ │ ├── malformed-ian.pem
│ │ ├── malformed-san.pem
│ │ ├── mismatch_inner_outer_sig_algorithm.der
│ │ ├── ms-certificate-template.pem
│ │ ├── nc_excluded.pem
│ │ ├── nc_invalid_ip4_netmask.der
│ │ ├── nc_invalid_ip_netmask.pem
│ │ ├── nc_ip_invalid_length.pem
│ │ ├── nc_permitted.pem
│ │ ├── nc_permitted_2.pem
│ │ ├── nc_permitted_excluded.pem
│ │ ├── nc_permitted_excluded_2.pem
│ │ ├── nc_single_ip_netmask.pem
│ │ ├── negative_serial.pem
│ │ ├── no_sans.pem
│ │ ├── ocsp_nocheck.pem
│ │ ├── pc_inhibit.pem
│ │ ├── pc_inhibit_require.pem
│ │ ├── pc_require.pem
│ │ ├── policy_constraints_explicit.pem
│ │ ├── post2000utctime.pem
│ │ ├── private_key_usage_period_both_dates.pem
│ │ ├── private_key_usage_period_only_not_after.pem
│ │ ├── private_key_usage_period_only_not_before.pem
│ │ ├── rsa_pss.pem
│ │ ├── rsa_pss_cert.pem
│ │ ├── rsa_pss_cert_invalid_mgf.der
│ │ ├── rsa_pss_cert_no_sig_params.der
│ │ ├── rsa_pss_cert_unsupported_mgf_hash.der
│ │ ├── rsa_pss_sha256_no_null.pem
│ │ ├── san_dirname.pem
│ │ ├── san_email_dns_ip_dirname_uri.pem
│ │ ├── san_empty_hostname.pem
│ │ ├── san_idna2003_dnsname.pem
│ │ ├── san_idna_names.pem
│ │ ├── san_ipaddr.pem
│ │ ├── san_other_name.pem
│ │ ├── san_registered_id.pem
│ │ ├── san_rfc822_idna.pem
│ │ ├── san_rfc822_names.pem
│ │ ├── san_uri_with_port.pem
│ │ ├── san_wildcard_idna.pem
│ │ ├── sia.pem
│ │ ├── two_basic_constraints.pem
│ │ ├── unsupported_extension.pem
│ │ ├── unsupported_extension_2.pem
│ │ ├── unsupported_extension_critical.pem
│ │ ├── unsupported_subject_name.pem
│ │ ├── unsupported_subject_public_key_info.pem
│ │ ├── utf8_common_name.pem
│ │ ├── valid_signature_cert.pem
│ │ └── valid_signature_crl.pem
│ ├── department-of-state-root.pem
│ ├── e-trust.ru.der
│ ├── ecdsa_root.pem
│ ├── ed25519/
│ │ ├── ed25519-rfc8410.pem
│ │ ├── root-ed25519.pem
│ │ └── server-ed25519-cert.pem
│ ├── ed448/
│ │ ├── root-ed448.pem
│ │ └── server-ed448-cert.pem
│ ├── ee-pss-sha1-cert.pem
│ ├── letsencryptx3.pem
│ ├── ocsp/
│ │ ├── ocsp-army.deps.mil-resp.der
│ │ ├── ocsp-army.inapplicable-req.der
│ │ ├── ocsp-army.revoked-req.der
│ │ ├── ocsp-army.valid-req.der
│ │ ├── req-acceptable-responses.der
│ │ ├── req-duplicate-ext.der
│ │ ├── req-ext-nonce.der
│ │ ├── req-ext-unknown-oid.der
│ │ ├── req-invalid-hash-alg.der
│ │ ├── req-multi-sha1.der
│ │ ├── req-sha1.der
│ │ ├── resp-delegate-unknown-cert.der
│ │ ├── resp-invalid-signature-oid.der
│ │ ├── resp-responder-key-hash.der
│ │ ├── resp-response-type-unknown-oid.der
│ │ ├── resp-revoked-no-next-update.der
│ │ ├── resp-revoked-reason.der
│ │ ├── resp-revoked.der
│ │ ├── resp-sct-extension.der
│ │ ├── resp-sha256.der
│ │ ├── resp-single-extension-reason.der
│ │ ├── resp-successful-no-response-bytes.der
│ │ ├── resp-unauthorized.der
│ │ ├── resp-unknown-extension.der
│ │ ├── resp-unknown-hash-alg.der
│ │ └── resp-unknown-response-status.der
│ ├── rapidssl_sha256_ca_g3.pem
│ ├── requests/
│ │ ├── bad-version.pem
│ │ ├── basic_constraints.pem
│ │ ├── challenge-invalid.der
│ │ ├── challenge-multi-valued.der
│ │ ├── challenge-unstructured.pem
│ │ ├── challenge.pem
│ │ ├── dsa_sha1.der
│ │ ├── dsa_sha1.pem
│ │ ├── ec_sha256.der
│ │ ├── ec_sha256.pem
│ │ ├── ec_sha256_old_header.pem
│ │ ├── freeipa-bad-critical.pem
│ │ ├── invalid_signature.pem
│ │ ├── long-form-attribute.pem
│ │ ├── rsa_md4.der
│ │ ├── rsa_md4.pem
│ │ ├── rsa_sha1.der
│ │ ├── rsa_sha1.pem
│ │ ├── rsa_sha256.der
│ │ ├── rsa_sha256.pem
│ │ ├── san_rsa_sha1.der
│ │ ├── san_rsa_sha1.pem
│ │ ├── two_basic_constraints.pem
│ │ ├── unsupported_extension.pem
│ │ ├── unsupported_extension_critical.pem
│ │ └── zero-element-attribute.pem
│ ├── san_edipartyname.der
│ ├── san_x400address.der
│ ├── scottishpower-bitstring-dn.pem
│ ├── tls-feature-ocsp-staple.pem
│ ├── unique_identifier.pem
│ ├── utf8-dnsname.pem
│ ├── v1_cert.pem
│ ├── verisign_md2_root.pem
│ ├── wildcard_san.pem
│ └── wosign-bc-invalid.pem
└── pyproject.toml
Showing preview only (553K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (6572 symbols across 293 files)
FILE: .github/bin/bump_dependency.py
function get_remote_commit_sha (line 9) | def get_remote_commit_sha(repo_url: str, branch: str) -> str:
function get_remote_latest_tag (line 16) | def get_remote_latest_tag(repo_url: str, tag_pattern: str) -> str:
function get_current_version_from_file (line 38) | def get_current_version_from_file(file_path: str, pattern: str) -> str:
function update_file_version (line 46) | def update_file_version(
function generate_commit_message (line 65) | def generate_commit_message(
function main (line 100) | def main() -> int:
FILE: .github/bin/compare_benchmarks.py
function bench_data_as_dict (line 9) | def bench_data_as_dict(data):
function main (line 13) | def main(base_bench_path, pr_bench_path):
FILE: .github/bin/merge_rust_coverage.py
class RustCoveragePlugin (line 14) | class RustCoveragePlugin(coverage.CoveragePlugin):
method __init__ (line 15) | def __init__(
method file_reporter (line 22) | def file_reporter(self, filename: str) -> coverage.FileReporter:
class RustCoverageFileReporter (line 26) | class RustCoverageFileReporter(coverage.FileReporter):
method __init__ (line 27) | def __init__(
method lines (line 33) | def lines(self) -> set[int]:
method arcs (line 36) | def arcs(self) -> set[tuple[int, int]]:
function get_excluded_lines (line 40) | def get_excluded_lines(filename: str) -> list[int]:
function parse_lcovs (line 59) | def parse_lcovs(
function main (line 115) | def main(coverage_loc: str):
FILE: docs/_ext/cryptography-docs.py
class HazmatDirective (line 20) | class HazmatDirective(Directive):
method run (line 23) | def run(self):
class Hazmat (line 35) | class Hazmat(nodes.Admonition, nodes.Element):
function html_visit_hazmat_node (line 39) | def html_visit_hazmat_node(self, node):
function latex_visit_hazmat_node (line 43) | def latex_visit_hazmat_node(self, node):
function depart_hazmat_node (line 47) | def depart_hazmat_node(self, node):
function setup (line 51) | def setup(app):
FILE: docs/_ext/linkcode_res.py
function linkcode_resolve (line 45) | def linkcode_resolve(domain, info):
FILE: docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py
function convert_key_to_192_bits (line 10) | def convert_key_to_192_bits(key: str) -> str:
function encrypt (line 29) | def encrypt(key: str, iv: str, plaintext: str, aad: str) -> (str, str):
function build_vectors (line 44) | def build_vectors(filename):
function write_file (line 80) | def write_file(data, filename):
FILE: docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs
type Aes192GcmSiv (line 14) | pub type Aes192GcmSiv = AesGcmSiv<Aes192>;
type VectorArgs (line 16) | struct VectorArgs {
function validate (line 25) | fn validate(v: &VectorArgs) {
function validate_vectors (line 48) | fn validate_vectors(filename: &Path) {
function main (line 111) | fn main() {
FILE: docs/development/custom-vectors/arc4/generate_arc4.py
function _key_for_size (line 47) | def _key_for_size(size, keyinfo):
function _build_vectors (line 55) | def _build_vectors():
function _write_file (line 91) | def _write_file(data, filename):
FILE: docs/development/custom-vectors/arc4/verify_arc4.go
function unhexlify (line 14) | func unhexlify(s string) []byte {
type vectorArgs (line 22) | type vectorArgs struct
type vectorVerifier (line 30) | type vectorVerifier interface
type arc4Verifier (line 34) | type arc4Verifier struct
method validate (line 36) | func (o arc4Verifier) validate(count string, offset uint64, key, plain...
function validateVectors (line 62) | func validateVectors(verifier vectorVerifier, filename string) {
function main (line 108) | func main() {
FILE: docs/development/custom-vectors/cast5/generate_cast5.py
function encrypt (line 10) | def encrypt(mode, key, iv, plaintext):
function build_vectors (line 21) | def build_vectors(mode, filename):
function write_file (line 51) | def write_file(data, filename):
FILE: docs/development/custom-vectors/cast5/verify_cast5.go
function unhexlify (line 14) | func unhexlify(s string) []byte {
type vectorArgs (line 22) | type vectorArgs struct
type vectorVerifier (line 30) | type vectorVerifier interface
type ofbVerifier (line 34) | type ofbVerifier struct
method validate (line 36) | func (o ofbVerifier) validate(count string, key, iv, plaintext, expect...
type cbcVerifier (line 54) | type cbcVerifier struct
method validate (line 56) | func (o cbcVerifier) validate(count string, key, iv, plaintext, expect...
type cfbVerifier (line 74) | type cfbVerifier struct
method validate (line 76) | func (o cfbVerifier) validate(count string, key, iv, plaintext, expect...
type ctrVerifier (line 94) | type ctrVerifier struct
method validate (line 96) | func (o ctrVerifier) validate(count string, key, iv, plaintext, expect...
function validateVectors (line 114) | func validateVectors(verifier vectorVerifier, filename string) {
function main (line 151) | func main() {
FILE: docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py
function _build_vectors (line 15) | def _build_vectors():
function _write_file (line 41) | def _write_file(data, filename):
FILE: docs/development/custom-vectors/chacha20/verify_chacha20_overflow.py
function encrypt (line 17) | def encrypt(
function verify_vectors (line 48) | def verify_vectors(filename: Path):
FILE: docs/development/custom-vectors/hkdf/generate_hkdf.py
function _build_vectors (line 20) | def _build_vectors():
function _write_file (line 33) | def _write_file(data, filename):
FILE: docs/development/custom-vectors/hkdf/verify_hkdf.go
function unhexlify (line 16) | func unhexlify(s string) []byte {
function verifier (line 24) | func verifier(l uint64, ikm, okm []byte) bool {
function validateVectors (line 32) | func validateVectors(filename string) bool {
function main (line 62) | func main() {
FILE: docs/development/custom-vectors/idea/generate_idea.py
function encrypt (line 6) | def encrypt(mode, key, iv, plaintext):
function build_vectors (line 17) | def build_vectors(mode, filename):
function write_file (line 49) | def write_file(data, filename):
FILE: docs/development/custom-vectors/idea/verify_idea.py
function encrypt (line 10) | def encrypt(mode, key, iv, plaintext):
function verify_vectors (line 21) | def verify_vectors(mode, filename):
FILE: docs/development/custom-vectors/rc2/genrc2.go
function main (line 11) | func main() {
FILE: docs/development/custom-vectors/rc2/rc2/rc2.go
constant BlockSize (line 22) | BlockSize = 8
type rc2Cipher (line 24) | type rc2Cipher struct
method BlockSize (line 36) | func (*rc2Cipher) BlockSize() int { return BlockSize }
method Encrypt (line 85) | func (c *rc2Cipher) Encrypt(dst, src []byte) {
method Decrypt (line 178) | func (c *rc2Cipher) Decrypt(dst, src []byte) {
function New (line 29) | func New(key []byte, t1 int) (cipher.Block, error) {
function expandKey (line 57) | func expandKey(key []byte, t1 int) [64]uint16 {
FILE: docs/development/custom-vectors/rsa-oaep-sha2/VerifyRSAOAEPSHA2.java
class TestVectorData (line 22) | class TestVectorData {
class TestVectorLoader (line 37) | class TestVectorLoader {
method TestVectorLoader (line 61) | TestVectorLoader() {
method finalize (line 65) | protected void finalize() {
method open (line 69) | public void open(String path) throws IOException {
method close (line 76) | public void close() {
method loadNextTest (line 93) | public TestVectorData loadNextTest() throws IOException {
method unhexlify (line 142) | private byte[] unhexlify(String line) {
method readBigInteger (line 147) | private BigInteger readBigInteger(BufferedReader br) throws IOException {
method skipFileHeader (line 151) | private void skipFileHeader(BufferedReader br) throws IOException {
method startNewTest (line 157) | private void startNewTest(BufferedReader br) throws IOException {
method loadPublicKey (line 163) | private void loadPublicKey(BufferedReader br, TestVectorData data) thr...
method loadPrivateKey (line 175) | private void loadPrivateKey(BufferedReader br, TestVectorData data) th...
method loadMessage (line 217) | private void loadMessage(BufferedReader br, TestVectorData data) throw...
class VerifyRSAOAEPSHA2 (line 231) | public class VerifyRSAOAEPSHA2 {
type SHAHash (line 233) | public enum SHAHash {
method VerifyRSAOAEPSHA2 (line 243) | VerifyRSAOAEPSHA2(SHAHash mgf1_hash, SHAHash alg_hash, TestVectorData ...
method getCipher (line 259) | private Cipher getCipher(SHAHash alg_hash) throws GeneralSecurityExcep...
method getMGF1ParameterSpec (line 288) | private MGF1ParameterSpec getMGF1ParameterSpec(SHAHash mgf1_hash) {
method getAlgorithmParameterSpec (line 316) | private AlgorithmParameterSpec getAlgorithmParameterSpec(SHAHash alg_h...
method loadPrivateKey (line 346) | private PrivateKey loadPrivateKey(TestVectorData test_data) throws Exc...
method testDecrypt (line 354) | public void testDecrypt(byte[] plaintext, byte[] ciphertext) throws Ex...
method main (line 367) | public static void main(String[] args) {
FILE: docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
function build_vectors (line 14) | def build_vectors(mgf1alg, hashalg, filename):
function write_file (line 97) | def write_file(data, filename):
FILE: docs/development/custom-vectors/secp256k1/generate_secp256k1.py
class TruncatedHash (line 21) | class TruncatedHash:
method __init__ (line 22) | def __init__(self, hasher):
method __call__ (line 25) | def __call__(self, data):
method digest (line 29) | def digest(self):
function build_vectors (line 33) | def build_vectors(fips_vectors):
function write_file (line 68) | def write_file(lines, dest):
FILE: docs/development/custom-vectors/secp256k1/verify_secp256k1.py
function verify_one_vector (line 19) | def verify_one_vector(vector):
function verify_vectors (line 37) | def verify_vectors(vectors):
FILE: docs/development/custom-vectors/seed/generate_seed.py
function encrypt (line 6) | def encrypt(mode, key, iv, plaintext):
function build_vectors (line 17) | def build_vectors(mode, filename):
function write_file (line 48) | def write_file(data, filename):
FILE: docs/development/custom-vectors/seed/verify_seed.py
function encrypt (line 8) | def encrypt(mode, key, iv, plaintext):
function verify_vectors (line 19) | def verify_vectors(mode, filename):
FILE: noxfile.py
function install (line 27) | def install(
function load_pyproject_toml (line 42) | def load_pyproject_toml() -> dict:
function tests (line 52) | def tests(session: nox.Session) -> None:
function docs (line 116) | def docs(session: nox.Session) -> None:
function docs_linkcheck (line 178) | def docs_linkcheck(session: nox.Session) -> None:
function flake (line 187) | def flake(session: nox.Session) -> None:
function rust (line 216) | def rust(session: nox.Session) -> None:
function local (line 271) | def local(session: nox.Session):
function process_rust_coverage (line 341) | def process_rust_coverage(
FILE: release.py
function run (line 26) | def run(*args: str) -> None:
function cli (line 32) | def cli():
function release (line 37) | def release() -> None:
function replace_pattern (line 53) | def replace_pattern(p: pathlib.Path, pattern: str, replacement: str) -> ...
function replace_version (line 63) | def replace_version(
function bump_version (line 73) | def bump_version(new_version: str) -> None:
FILE: src/_cffi_src/utils.py
function build_ffi_for_binding (line 20) | def build_ffi_for_binding(
function build_ffi (line 56) | def build_ffi(
FILE: src/cryptography/exceptions.py
class UnsupportedAlgorithm (line 17) | class UnsupportedAlgorithm(Exception):
method __init__ (line 18) | def __init__(self, message: str, reason: _Reasons | None = None) -> None:
class AlreadyFinalized (line 23) | class AlreadyFinalized(Exception):
class AlreadyUpdated (line 27) | class AlreadyUpdated(Exception):
class NotYetFinalized (line 31) | class NotYetFinalized(Exception):
class InvalidTag (line 35) | class InvalidTag(Exception):
class InvalidSignature (line 39) | class InvalidSignature(Exception):
class InternalError (line 43) | class InternalError(Exception):
method __init__ (line 44) | def __init__(
class InvalidKey (line 51) | class InvalidKey(Exception):
FILE: src/cryptography/fernet.py
class InvalidToken (line 21) | class InvalidToken(Exception):
class Fernet (line 28) | class Fernet:
method __init__ (line 29) | def __init__(
method generate_key (line 49) | def generate_key(cls) -> bytes:
method encrypt (line 52) | def encrypt(self, data: bytes) -> bytes:
method encrypt_at_time (line 55) | def encrypt_at_time(self, data: bytes, current_time: int) -> bytes:
method _encrypt_from_parts (line 59) | def _encrypt_from_parts(
method decrypt (line 84) | def decrypt(self, token: bytes | str, ttl: int | None = None) -> bytes:
method decrypt_at_time (line 92) | def decrypt_at_time(
method extract_timestamp (line 102) | def extract_timestamp(self, token: bytes | str) -> int:
method _get_unverified_token_data (line 109) | def _get_unverified_token_data(token: bytes | str) -> tuple[int, bytes]:
method _verify_signature (line 127) | def _verify_signature(self, data: bytes) -> None:
method _decrypt_data (line 135) | def _decrypt_data(
class MultiFernet (line 171) | class MultiFernet:
method __init__ (line 172) | def __init__(self, fernets: Iterable[Fernet]):
method encrypt (line 180) | def encrypt(self, msg: bytes) -> bytes:
method encrypt_at_time (line 183) | def encrypt_at_time(self, msg: bytes, current_time: int) -> bytes:
method rotate (line 186) | def rotate(self, msg: bytes | str) -> bytes:
method decrypt (line 200) | def decrypt(self, msg: bytes | str, ttl: int | None = None) -> bytes:
method decrypt_at_time (line 208) | def decrypt_at_time(
method extract_timestamp (line 218) | def extract_timestamp(self, msg: bytes | str) -> int:
FILE: src/cryptography/hazmat/_oid.py
class ExtensionOID (line 13) | class ExtensionOID:
class OCSPExtensionOID (line 46) | class OCSPExtensionOID:
class CRLEntryExtensionOID (line 51) | class CRLEntryExtensionOID:
class NameOID (line 57) | class NameOID:
class SignatureAlgorithmOID (line 92) | class SignatureAlgorithmOID:
class HashAlgorithmOID (line 159) | class HashAlgorithmOID:
class PublicKeyAlgorithmOID (line 175) | class PublicKeyAlgorithmOID:
class ExtendedKeyUsageOID (line 186) | class ExtendedKeyUsageOID:
class OtherNameFormOID (line 201) | class OtherNameFormOID:
class AuthorityInformationAccessOID (line 211) | class AuthorityInformationAccessOID:
class SubjectInformationAccessOID (line 216) | class SubjectInformationAccessOID:
class CertificatePoliciesOID (line 220) | class CertificatePoliciesOID:
class AttributeOID (line 226) | class AttributeOID:
FILE: src/cryptography/hazmat/asn1/asn1.py
class Variant (line 51) | class Variant(typing.Generic[U, Tag]):
function _is_union (line 77) | def _is_union(field_type: type) -> bool:
function _extract_annotation (line 89) | def _extract_annotation(
function _normalize_field_type (line 124) | def _normalize_field_type(
function _type_to_variant (line 245) | def _type_to_variant(
function _annotate_fields (line 288) | def _annotate_fields(
function _register_asn1_sequence (line 301) | def _register_asn1_sequence(cls: type[U]) -> None:
function sequence (line 320) | def sequence(cls: type[U]) -> type[U]:
function sequence (line 345) | def sequence(cls: type[U]) -> type[U]:
class Default (line 360) | class Default(typing.Generic[U]):
FILE: src/cryptography/hazmat/backends/__init__.py
function default_backend (line 10) | def default_backend() -> Any:
FILE: src/cryptography/hazmat/backends/openssl/backend.py
class Backend (line 31) | class Backend:
method __init__ (line 69) | def __init__(self) -> None:
method __repr__ (line 75) | def __repr__(self) -> str:
method openssl_assert (line 82) | def openssl_assert(self, ok: bool) -> None:
method _enable_fips (line 85) | def _enable_fips(self) -> None:
method openssl_version_text (line 92) | def openssl_version_text(self) -> str:
method openssl_version_number (line 101) | def openssl_version_number(self) -> int:
method hash_supported (line 104) | def hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
method signature_hash_supported (line 110) | def signature_hash_supported(
method scrypt_supported (line 119) | def scrypt_supported(self) -> bool:
method argon2_supported (line 125) | def argon2_supported(self) -> bool:
method hmac_supported (line 131) | def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
method cipher_supported (line 151) | def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool:
method pbkdf2_hmac_supported (line 160) | def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
method _consume_errors (line 163) | def _consume_errors(self) -> list[rust_openssl.OpenSSLError]:
method _oaep_hash_supported (line 166) | def _oaep_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
method rsa_padding_supported (line 181) | def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool:
method rsa_encryption_supported (line 203) | def rsa_encryption_supported(self, padding: AsymmetricPadding) -> bool:
method dsa_supported (line 209) | def dsa_supported(self) -> bool:
method dsa_hash_supported (line 215) | def dsa_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
method cmac_algorithm_supported (line 220) | def cmac_algorithm_supported(self, algorithm) -> bool:
method elliptic_curve_supported (line 225) | def elliptic_curve_supported(self, curve: ec.EllipticCurve) -> bool:
method elliptic_curve_signature_algorithm_supported (line 233) | def elliptic_curve_signature_algorithm_supported(
method elliptic_curve_exchange_algorithm_supported (line 247) | def elliptic_curve_exchange_algorithm_supported(
method dh_supported (line 254) | def dh_supported(self) -> bool:
method dh_x942_serialization_supported (line 260) | def dh_x942_serialization_supported(self) -> bool:
method x25519_supported (line 263) | def x25519_supported(self) -> bool:
method x448_supported (line 266) | def x448_supported(self) -> bool:
method ed25519_supported (line 275) | def ed25519_supported(self) -> bool:
method ed448_supported (line 278) | def ed448_supported(self) -> bool:
method ecdsa_deterministic_supported (line 287) | def ecdsa_deterministic_supported(self) -> bool:
method poly1305_supported (line 293) | def poly1305_supported(self) -> bool:
method pkcs7_supported (line 296) | def pkcs7_supported(self) -> bool:
FILE: src/cryptography/hazmat/bindings/_rust/__init__.pyi
class PKCS7PaddingContext (line 13) | class PKCS7PaddingContext(padding.PaddingContext):
method __init__ (line 14) | def __init__(self, block_size: int) -> None: ...
method update (line 15) | def update(self, data: Buffer) -> bytes: ...
method finalize (line 16) | def finalize(self) -> bytes: ...
class ANSIX923PaddingContext (line 18) | class ANSIX923PaddingContext(padding.PaddingContext):
method __init__ (line 19) | def __init__(self, block_size: int) -> None: ...
method update (line 20) | def update(self, data: Buffer) -> bytes: ...
method finalize (line 21) | def finalize(self) -> bytes: ...
class PKCS7UnpaddingContext (line 23) | class PKCS7UnpaddingContext(padding.PaddingContext):
method __init__ (line 24) | def __init__(self, block_size: int) -> None: ...
method update (line 25) | def update(self, data: Buffer) -> bytes: ...
method finalize (line 26) | def finalize(self) -> bytes: ...
class ANSIX923UnpaddingContext (line 28) | class ANSIX923UnpaddingContext(padding.PaddingContext):
method __init__ (line 29) | def __init__(self, block_size: int) -> None: ...
method update (line 30) | def update(self, data: Buffer) -> bytes: ...
method finalize (line 31) | def finalize(self) -> bytes: ...
class Encoding (line 33) | class Encoding:
class PrivateFormat (line 41) | class PrivateFormat:
method encryption_builder (line 47) | def encryption_builder(self) -> KeySerializationEncryptionBuilder: ...
class PublicFormat (line 49) | class PublicFormat:
class ParameterFormat (line 57) | class ParameterFormat:
class ObjectIdentifier (line 60) | class ObjectIdentifier:
method __init__ (line 61) | def __init__(self, value: str) -> None: ...
method dotted_string (line 63) | def dotted_string(self) -> str: ...
method _name (line 65) | def _name(self) -> str: ...
FILE: src/cryptography/hazmat/bindings/_rust/asn1.pyi
function decode_dss_signature (line 5) | def decode_dss_signature(signature: bytes) -> tuple[int, int]: ...
function encode_dss_signature (line 6) | def encode_dss_signature(r: int, s: int) -> bytes: ...
function parse_spki_for_data (line 7) | def parse_spki_for_data(data: bytes) -> bytes: ...
FILE: src/cryptography/hazmat/bindings/_rust/declarative_asn1.pyi
function decode_der (line 8) | def decode_der(cls: type, value: bytes) -> typing.Any: ...
function encode_der (line 9) | def encode_der(value: typing.Any) -> bytes: ...
function non_root_python_to_rust (line 10) | def non_root_python_to_rust(cls: type) -> Type: ...
class Type (line 14) | class Type:
class Annotation (line 25) | class Annotation:
method __new__ (line 29) | def __new__(
method is_empty (line 35) | def is_empty(self) -> bool: ...
class Encoding (line 39) | class Encoding:
class Size (line 43) | class Size:
method __new__ (line 47) | def __new__(cls, min: int, max: int | None) -> Size: ...
method exact (line 49) | def exact(n: int) -> Size: ...
class AnnotatedType (line 51) | class AnnotatedType:
method __new__ (line 55) | def __new__(cls, inner: Type, annotation: Annotation) -> AnnotatedType...
class AnnotatedTypeObject (line 57) | class AnnotatedTypeObject:
method __new__ (line 61) | def __new__(
class Variant (line 65) | class Variant:
method __new__ (line 70) | def __new__(
class PrintableString (line 77) | class PrintableString:
method __new__ (line 78) | def __new__(cls, inner: str) -> PrintableString: ...
method __repr__ (line 79) | def __repr__(self) -> str: ...
method __eq__ (line 80) | def __eq__(self, other: object) -> bool: ...
method as_str (line 81) | def as_str(self) -> str: ...
class IA5String (line 83) | class IA5String:
method __new__ (line 84) | def __new__(cls, inner: str) -> IA5String: ...
method __repr__ (line 85) | def __repr__(self) -> str: ...
method __eq__ (line 86) | def __eq__(self, other: object) -> bool: ...
method as_str (line 87) | def as_str(self) -> str: ...
class UtcTime (line 89) | class UtcTime:
method __new__ (line 90) | def __new__(cls, inner: datetime.datetime) -> UtcTime: ...
method __repr__ (line 91) | def __repr__(self) -> str: ...
method __eq__ (line 92) | def __eq__(self, other: object) -> bool: ...
method as_datetime (line 93) | def as_datetime(self) -> datetime.datetime: ...
class GeneralizedTime (line 95) | class GeneralizedTime:
method __new__ (line 96) | def __new__(cls, inner: datetime.datetime) -> GeneralizedTime: ...
method __repr__ (line 97) | def __repr__(self) -> str: ...
method __eq__ (line 98) | def __eq__(self, other: object) -> bool: ...
method as_datetime (line 99) | def as_datetime(self) -> datetime.datetime: ...
class BitString (line 101) | class BitString:
method __new__ (line 102) | def __new__(cls, data: bytes, padding_bits: int) -> BitString: ...
method __repr__ (line 103) | def __repr__(self) -> str: ...
method __eq__ (line 104) | def __eq__(self, other: object) -> bool: ...
method as_bytes (line 105) | def as_bytes(self) -> bytes: ...
method padding_bits (line 106) | def padding_bits(self) -> int: ...
class SetOf (line 110) | class SetOf(typing.Generic[T]):
method __new__ (line 111) | def __new__(cls, inner: list[T]) -> SetOf[T]: ...
method as_list (line 112) | def as_list(self) -> list[T]: ...
method __eq__ (line 113) | def __eq__(self, other: object) -> bool: ...
method __repr__ (line 114) | def __repr__(self) -> str: ...
class Null (line 116) | class Null:
method __new__ (line 117) | def __new__(cls) -> Null: ...
method __repr__ (line 118) | def __repr__(self) -> str: ...
method __eq__ (line 119) | def __eq__(self, other: object) -> bool: ...
FILE: src/cryptography/hazmat/bindings/_rust/exceptions.pyi
class _Reasons (line 5) | class _Reasons:
FILE: src/cryptography/hazmat/bindings/_rust/ocsp.pyi
class OCSPRequest (line 13) | class OCSPRequest:
method issuer_key_hash (line 15) | def issuer_key_hash(self) -> bytes: ...
method issuer_name_hash (line 17) | def issuer_name_hash(self) -> bytes: ...
method hash_algorithm (line 19) | def hash_algorithm(self) -> hashes.HashAlgorithm: ...
method serial_number (line 21) | def serial_number(self) -> int: ...
method public_bytes (line 22) | def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
method extensions (line 24) | def extensions(self) -> x509.Extensions: ...
class OCSPResponse (line 26) | class OCSPResponse:
method responses (line 28) | def responses(self) -> Iterator[OCSPSingleResponse]: ...
method response_status (line 30) | def response_status(self) -> ocsp.OCSPResponseStatus: ...
method signature_algorithm_oid (line 32) | def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
method signature_hash_algorithm (line 34) | def signature_hash_algorithm(
method signature (line 38) | def signature(self) -> bytes: ...
method tbs_response_bytes (line 40) | def tbs_response_bytes(self) -> bytes: ...
method certificates (line 42) | def certificates(self) -> list[x509.Certificate]: ...
method responder_key_hash (line 44) | def responder_key_hash(self) -> bytes | None: ...
method responder_name (line 46) | def responder_name(self) -> x509.Name | None: ...
method produced_at (line 48) | def produced_at(self) -> datetime.datetime: ...
method produced_at_utc (line 50) | def produced_at_utc(self) -> datetime.datetime: ...
method certificate_status (line 52) | def certificate_status(self) -> ocsp.OCSPCertStatus: ...
method revocation_time (line 54) | def revocation_time(self) -> datetime.datetime | None: ...
method revocation_time_utc (line 56) | def revocation_time_utc(self) -> datetime.datetime | None: ...
method revocation_reason (line 58) | def revocation_reason(self) -> x509.ReasonFlags | None: ...
method this_update (line 60) | def this_update(self) -> datetime.datetime: ...
method this_update_utc (line 62) | def this_update_utc(self) -> datetime.datetime: ...
method next_update (line 64) | def next_update(self) -> datetime.datetime | None: ...
method next_update_utc (line 66) | def next_update_utc(self) -> datetime.datetime | None: ...
method issuer_key_hash (line 68) | def issuer_key_hash(self) -> bytes: ...
method issuer_name_hash (line 70) | def issuer_name_hash(self) -> bytes: ...
method hash_algorithm (line 72) | def hash_algorithm(self) -> hashes.HashAlgorithm: ...
method serial_number (line 74) | def serial_number(self) -> int: ...
method extensions (line 76) | def extensions(self) -> x509.Extensions: ...
method single_extensions (line 78) | def single_extensions(self) -> x509.Extensions: ...
method public_bytes (line 79) | def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
class OCSPSingleResponse (line 81) | class OCSPSingleResponse:
method certificate_status (line 83) | def certificate_status(self) -> ocsp.OCSPCertStatus: ...
method revocation_time (line 85) | def revocation_time(self) -> datetime.datetime | None: ...
method revocation_time_utc (line 87) | def revocation_time_utc(self) -> datetime.datetime | None: ...
method revocation_reason (line 89) | def revocation_reason(self) -> x509.ReasonFlags | None: ...
method this_update (line 91) | def this_update(self) -> datetime.datetime: ...
method this_update_utc (line 93) | def this_update_utc(self) -> datetime.datetime: ...
method next_update (line 95) | def next_update(self) -> datetime.datetime | None: ...
method next_update_utc (line 97) | def next_update_utc(self) -> datetime.datetime | None: ...
method issuer_key_hash (line 99) | def issuer_key_hash(self) -> bytes: ...
method issuer_name_hash (line 101) | def issuer_name_hash(self) -> bytes: ...
method hash_algorithm (line 103) | def hash_algorithm(self) -> hashes.HashAlgorithm: ...
method serial_number (line 105) | def serial_number(self) -> int: ...
function load_der_ocsp_request (line 107) | def load_der_ocsp_request(data: bytes) -> ocsp.OCSPRequest: ...
function load_der_ocsp_response (line 108) | def load_der_ocsp_response(data: bytes) -> ocsp.OCSPResponse: ...
function create_ocsp_request (line 109) | def create_ocsp_request(
function create_ocsp_response (line 112) | def create_ocsp_response(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi
class Providers (line 58) | class Providers: ...
function openssl_version (line 63) | def openssl_version() -> int: ...
function openssl_version_text (line 64) | def openssl_version_text() -> str: ...
function raise_openssl_error (line 65) | def raise_openssl_error() -> typing.NoReturn: ...
function capture_error_stack (line 66) | def capture_error_stack() -> list[OpenSSLError]: ...
function is_fips_enabled (line 67) | def is_fips_enabled() -> bool: ...
function enable_fips (line 68) | def enable_fips(providers: Providers) -> None: ...
class OpenSSLError (line 70) | class OpenSSLError:
method lib (line 72) | def lib(self) -> int: ...
method reason (line 74) | def reason(self) -> int: ...
method reason_text (line 76) | def reason_text(self) -> bytes: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi
class AESGCM (line 9) | class AESGCM:
method __init__ (line 10) | def __init__(self, key: Buffer) -> None: ...
method generate_key (line 12) | def generate_key(bit_length: int) -> bytes: ...
method encrypt (line 13) | def encrypt(
method decrypt (line 19) | def decrypt(
method encrypt_into (line 25) | def encrypt_into(
method decrypt_into (line 32) | def decrypt_into(
class ChaCha20Poly1305 (line 40) | class ChaCha20Poly1305:
method __init__ (line 41) | def __init__(self, key: Buffer) -> None: ...
method generate_key (line 43) | def generate_key() -> bytes: ...
method encrypt (line 44) | def encrypt(
method encrypt_into (line 50) | def encrypt_into(
method decrypt (line 57) | def decrypt(
method decrypt_into (line 63) | def decrypt_into(
class AESCCM (line 71) | class AESCCM:
method __init__ (line 72) | def __init__(self, key: Buffer, tag_length: int = 16) -> None: ...
method generate_key (line 74) | def generate_key(bit_length: int) -> bytes: ...
method encrypt (line 75) | def encrypt(
method encrypt_into (line 81) | def encrypt_into(
method decrypt (line 88) | def decrypt(
method decrypt_into (line 94) | def decrypt_into(
class AESSIV (line 102) | class AESSIV:
method __init__ (line 103) | def __init__(self, key: Buffer) -> None: ...
method generate_key (line 105) | def generate_key(bit_length: int) -> bytes: ...
method encrypt (line 106) | def encrypt(
method encrypt_into (line 111) | def encrypt_into(
method decrypt (line 117) | def decrypt(
method decrypt_into (line 122) | def decrypt_into(
class AESOCB3 (line 129) | class AESOCB3:
method __init__ (line 130) | def __init__(self, key: Buffer) -> None: ...
method generate_key (line 132) | def generate_key(bit_length: int) -> bytes: ...
method encrypt (line 133) | def encrypt(
method encrypt_into (line 139) | def encrypt_into(
method decrypt (line 146) | def decrypt(
method decrypt_into (line 152) | def decrypt_into(
class AESGCMSIV (line 160) | class AESGCMSIV:
method __init__ (line 161) | def __init__(self, key: Buffer) -> None: ...
method generate_key (line 163) | def generate_key(bit_length: int) -> bytes: ...
method encrypt (line 164) | def encrypt(
method encrypt_into (line 170) | def encrypt_into(
method decrypt (line 177) | def decrypt(
method decrypt_into (line 183) | def decrypt_into(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi
function create_encryption_ctx (line 11) | def create_encryption_ctx(
function create_encryption_ctx (line 15) | def create_encryption_ctx(
function create_decryption_ctx (line 19) | def create_decryption_ctx(
function create_decryption_ctx (line 23) | def create_decryption_ctx(
function cipher_supported (line 26) | def cipher_supported(
function _advance (line 29) | def _advance(
function _advance_aad (line 32) | def _advance_aad(
class CipherContext (line 36) | class CipherContext: ...
class AEADEncryptionContext (line 37) | class AEADEncryptionContext: ...
class AEADDecryptionContext (line 38) | class AEADDecryptionContext: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi
class CMAC (line 9) | class CMAC:
method __init__ (line 10) | def __init__(
method update (line 15) | def update(self, data: bytes) -> None: ...
method finalize (line 16) | def finalize(self) -> bytes: ...
method verify (line 17) | def verify(self, signature: bytes) -> None: ...
method copy (line 18) | def copy(self) -> CMAC: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi
class DHPrivateKey (line 11) | class DHPrivateKey: ...
class DHPublicKey (line 12) | class DHPublicKey: ...
class DHParameters (line 13) | class DHParameters: ...
class DHPrivateNumbers (line 15) | class DHPrivateNumbers:
method __init__ (line 16) | def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: ...
method private_key (line 17) | def private_key(self, backend: typing.Any = None) -> dh.DHPrivateKey: ...
method x (line 19) | def x(self) -> int: ...
method public_numbers (line 21) | def public_numbers(self) -> DHPublicNumbers: ...
class DHPublicNumbers (line 23) | class DHPublicNumbers:
method __init__ (line 24) | def __init__(
method public_key (line 27) | def public_key(self, backend: typing.Any = None) -> dh.DHPublicKey: ...
method y (line 29) | def y(self) -> int: ...
method parameter_numbers (line 31) | def parameter_numbers(self) -> DHParameterNumbers: ...
class DHParameterNumbers (line 33) | class DHParameterNumbers:
method __init__ (line 34) | def __init__(self, p: int, g: int, q: int | None = None) -> None: ...
method parameters (line 35) | def parameters(self, backend: typing.Any = None) -> dh.DHParameters: ...
method p (line 37) | def p(self) -> int: ...
method g (line 39) | def g(self) -> int: ...
method q (line 41) | def q(self) -> int | None: ...
function generate_parameters (line 43) | def generate_parameters(
function from_pem_parameters (line 46) | def from_pem_parameters(
function from_der_parameters (line 49) | def from_der_parameters(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi
class DSAPrivateKey (line 9) | class DSAPrivateKey: ...
class DSAPublicKey (line 10) | class DSAPublicKey: ...
class DSAParameters (line 11) | class DSAParameters: ...
class DSAPrivateNumbers (line 13) | class DSAPrivateNumbers:
method __init__ (line 14) | def __init__(self, x: int, public_numbers: DSAPublicNumbers) -> None: ...
method x (line 16) | def x(self) -> int: ...
method public_numbers (line 18) | def public_numbers(self) -> DSAPublicNumbers: ...
method private_key (line 19) | def private_key(self, backend: typing.Any = None) -> dsa.DSAPrivateKey...
class DSAPublicNumbers (line 21) | class DSAPublicNumbers:
method __init__ (line 22) | def __init__(
method y (line 26) | def y(self) -> int: ...
method parameter_numbers (line 28) | def parameter_numbers(self) -> DSAParameterNumbers: ...
method public_key (line 29) | def public_key(self, backend: typing.Any = None) -> dsa.DSAPublicKey: ...
class DSAParameterNumbers (line 31) | class DSAParameterNumbers:
method __init__ (line 32) | def __init__(self, p: int, q: int, g: int) -> None: ...
method p (line 34) | def p(self) -> int: ...
method q (line 36) | def q(self) -> int: ...
method g (line 38) | def g(self) -> int: ...
method parameters (line 39) | def parameters(self, backend: typing.Any = None) -> dsa.DSAParameters:...
function generate_parameters (line 41) | def generate_parameters(key_size: int) -> dsa.DSAParameters: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi
class ECPrivateKey (line 9) | class ECPrivateKey: ...
class ECPublicKey (line 10) | class ECPublicKey: ...
class EllipticCurvePrivateNumbers (line 12) | class EllipticCurvePrivateNumbers:
method __init__ (line 13) | def __init__(
method private_key (line 16) | def private_key(
method private_value (line 20) | def private_value(self) -> int: ...
method public_numbers (line 22) | def public_numbers(self) -> EllipticCurvePublicNumbers: ...
class EllipticCurvePublicNumbers (line 24) | class EllipticCurvePublicNumbers:
method __init__ (line 25) | def __init__(self, x: int, y: int, curve: ec.EllipticCurve) -> None: ...
method public_key (line 26) | def public_key(
method x (line 30) | def x(self) -> int: ...
method y (line 32) | def y(self) -> int: ...
method curve (line 34) | def curve(self) -> ec.EllipticCurve: ...
method __eq__ (line 35) | def __eq__(self, other: object) -> bool: ...
function curve_supported (line 37) | def curve_supported(curve: ec.EllipticCurve) -> bool: ...
function generate_private_key (line 38) | def generate_private_key(
function from_private_numbers (line 41) | def from_private_numbers(
function from_public_numbers (line 44) | def from_public_numbers(
function from_public_bytes (line 47) | def from_public_bytes(
function derive_private_key (line 50) | def derive_private_key(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi
class Ed25519PrivateKey (line 8) | class Ed25519PrivateKey: ...
class Ed25519PublicKey (line 9) | class Ed25519PublicKey: ...
function generate_key (line 11) | def generate_key() -> ed25519.Ed25519PrivateKey: ...
function from_private_bytes (line 12) | def from_private_bytes(data: Buffer) -> ed25519.Ed25519PrivateKey: ...
function from_public_bytes (line 13) | def from_public_bytes(data: bytes) -> ed25519.Ed25519PublicKey: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi
class Ed448PrivateKey (line 8) | class Ed448PrivateKey: ...
class Ed448PublicKey (line 9) | class Ed448PublicKey: ...
function generate_key (line 11) | def generate_key() -> ed448.Ed448PrivateKey: ...
function from_private_bytes (line 12) | def from_private_bytes(data: Buffer) -> ed448.Ed448PrivateKey: ...
function from_public_bytes (line 13) | def from_public_bytes(data: bytes) -> ed448.Ed448PublicKey: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi
class Hash (line 10) | class Hash(hashes.HashContext):
method __init__ (line 11) | def __init__(
method algorithm (line 15) | def algorithm(self) -> hashes.HashAlgorithm: ...
method update (line 16) | def update(self, data: Buffer) -> None: ...
method finalize (line 17) | def finalize(self) -> bytes: ...
method copy (line 18) | def copy(self) -> Hash: ...
method hash (line 20) | def hash(algorithm: hashes.HashAlgorithm, data: Buffer) -> bytes: ...
function hash_supported (line 22) | def hash_supported(algorithm: hashes.HashAlgorithm) -> bool: ...
class XOFHash (line 24) | class XOFHash:
method __init__ (line 25) | def __init__(self, algorithm: hashes.ExtendableOutputFunction) -> None...
method algorithm (line 27) | def algorithm(self) -> hashes.ExtendableOutputFunction: ...
method update (line 28) | def update(self, data: Buffer) -> None: ...
method squeeze (line 29) | def squeeze(self, length: int) -> bytes: ...
method copy (line 30) | def copy(self) -> XOFHash: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi
class HMAC (line 10) | class HMAC(hashes.HashContext):
method __init__ (line 11) | def __init__(
method algorithm (line 18) | def algorithm(self) -> hashes.HashAlgorithm: ...
method update (line 19) | def update(self, data: Buffer) -> None: ...
method finalize (line 20) | def finalize(self) -> bytes: ...
method verify (line 21) | def verify(self, signature: bytes) -> None: ...
method copy (line 22) | def copy(self) -> HMAC: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/hpke.pyi
class KEM (line 8) | class KEM:
class KDF (line 14) | class KDF:
class AEAD (line 21) | class AEAD:
class Suite (line 26) | class Suite:
method __init__ (line 27) | def __init__(self, kem: KEM, kdf: KDF, aead: AEAD) -> None: ...
method encrypt (line 28) | def encrypt(
method decrypt (line 34) | def decrypt(
function _encrypt_with_aad (line 41) | def _encrypt_with_aad(
function _decrypt_with_aad (line 48) | def _decrypt_with_aad(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi
class PBKDF2HMAC (line 11) | class PBKDF2HMAC:
method __init__ (line 12) | def __init__(
method derive (line 20) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 21) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 22) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class Scrypt (line 24) | class Scrypt:
method __init__ (line 25) | def __init__(
method derive (line 34) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 35) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 36) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class Argon2d (line 38) | class Argon2d:
method __init__ (line 39) | def __init__(
method derive (line 50) | def derive(self, key_material: bytes) -> bytes: ...
method derive_into (line 51) | def derive_into(self, key_material: bytes, buffer: Buffer) -> int: ...
method verify (line 52) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
method derive_phc_encoded (line 53) | def derive_phc_encoded(self, key_material: bytes) -> str: ...
method verify_phc_encoded (line 55) | def verify_phc_encoded(
class Argon2i (line 59) | class Argon2i:
method __init__ (line 60) | def __init__(
method derive (line 71) | def derive(self, key_material: bytes) -> bytes: ...
method derive_into (line 72) | def derive_into(self, key_material: bytes, buffer: Buffer) -> int: ...
method verify (line 73) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
method derive_phc_encoded (line 74) | def derive_phc_encoded(self, key_material: bytes) -> str: ...
method verify_phc_encoded (line 76) | def verify_phc_encoded(
class Argon2id (line 80) | class Argon2id:
method __init__ (line 81) | def __init__(
method derive (line 92) | def derive(self, key_material: bytes) -> bytes: ...
method derive_into (line 93) | def derive_into(self, key_material: bytes, buffer: Buffer) -> int: ...
method verify (line 94) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
method derive_phc_encoded (line 95) | def derive_phc_encoded(self, key_material: bytes) -> str: ...
method verify_phc_encoded (line 97) | def verify_phc_encoded(
class HKDF (line 101) | class HKDF:
method __init__ (line 102) | def __init__(
method extract (line 111) | def extract(
method derive (line 114) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 115) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 116) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class HKDFExpand (line 118) | class HKDFExpand:
method __init__ (line 119) | def __init__(
method derive (line 126) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 127) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 128) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class X963KDF (line 130) | class X963KDF:
method __init__ (line 131) | def __init__(
method derive (line 138) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 139) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 140) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class ConcatKDFHash (line 142) | class ConcatKDFHash:
method __init__ (line 143) | def __init__(
method derive (line 150) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 151) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 152) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class ConcatKDFHMAC (line 154) | class ConcatKDFHMAC:
method __init__ (line 155) | def __init__(
method derive (line 163) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 164) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 165) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class KBKDFHMAC (line 167) | class KBKDFHMAC:
method __init__ (line 168) | def __init__(
method derive (line 183) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 184) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 185) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
class KBKDFCMAC (line 187) | class KBKDFCMAC:
method __init__ (line 188) | def __init__(
method derive (line 203) | def derive(self, key_material: Buffer) -> bytes: ...
method derive_into (line 204) | def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
method verify (line 205) | def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/keys.pyi
function load_der_private_key (line 13) | def load_der_private_key(
function load_pem_private_key (line 20) | def load_pem_private_key(
function load_der_public_key (line 27) | def load_der_public_key(
function load_pem_public_key (line 31) | def load_pem_public_key(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi
class Poly1305 (line 7) | class Poly1305:
method __init__ (line 8) | def __init__(self, key: Buffer) -> None: ...
method generate_tag (line 10) | def generate_tag(key: Buffer, data: Buffer) -> bytes: ...
method verify_tag (line 12) | def verify_tag(key: Buffer, data: Buffer, tag: bytes) -> None: ...
method update (line 13) | def update(self, data: Buffer) -> None: ...
method finalize (line 14) | def finalize(self) -> bytes: ...
method verify (line 15) | def verify(self, tag: bytes) -> None: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi
class RSAPrivateKey (line 9) | class RSAPrivateKey: ...
class RSAPublicKey (line 10) | class RSAPublicKey: ...
class RSAPrivateNumbers (line 12) | class RSAPrivateNumbers:
method __init__ (line 13) | def __init__(
method p (line 24) | def p(self) -> int: ...
method q (line 26) | def q(self) -> int: ...
method d (line 28) | def d(self) -> int: ...
method dmp1 (line 30) | def dmp1(self) -> int: ...
method dmq1 (line 32) | def dmq1(self) -> int: ...
method iqmp (line 34) | def iqmp(self) -> int: ...
method public_numbers (line 36) | def public_numbers(self) -> RSAPublicNumbers: ...
method private_key (line 37) | def private_key(
class RSAPublicNumbers (line 44) | class RSAPublicNumbers:
method __init__ (line 45) | def __init__(self, e: int, n: int) -> None: ...
method n (line 47) | def n(self) -> int: ...
method e (line 49) | def e(self) -> int: ...
method public_key (line 50) | def public_key(self, backend: typing.Any = None) -> rsa.RSAPublicKey: ...
function generate_private_key (line 52) | def generate_private_key(
FILE: src/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi
class X25519PrivateKey (line 8) | class X25519PrivateKey: ...
class X25519PublicKey (line 9) | class X25519PublicKey: ...
function generate_key (line 11) | def generate_key() -> x25519.X25519PrivateKey: ...
function from_private_bytes (line 12) | def from_private_bytes(data: Buffer) -> x25519.X25519PrivateKey: ...
function from_public_bytes (line 13) | def from_public_bytes(data: bytes) -> x25519.X25519PublicKey: ...
FILE: src/cryptography/hazmat/bindings/_rust/openssl/x448.pyi
class X448PrivateKey (line 8) | class X448PrivateKey: ...
class X448PublicKey (line 9) | class X448PublicKey: ...
function generate_key (line 11) | def generate_key() -> x448.X448PrivateKey: ...
function from_private_bytes (line 12) | def from_private_bytes(data: Buffer) -> x448.X448PrivateKey: ...
function from_public_bytes (line 13) | def from_public_bytes(data: bytes) -> x448.X448PublicKey: ...
FILE: src/cryptography/hazmat/bindings/_rust/pkcs12.pyi
class PKCS12Certificate (line 19) | class PKCS12Certificate:
method __init__ (line 20) | def __init__(
method friendly_name (line 24) | def friendly_name(self) -> bytes | None: ...
method certificate (line 26) | def certificate(self) -> x509.Certificate: ...
function load_key_and_certificates (line 28) | def load_key_and_certificates(
function load_pkcs12 (line 37) | def load_pkcs12(
function serialize_java_truststore (line 42) | def serialize_java_truststore(
function serialize_key_and_certificates (line 46) | def serialize_key_and_certificates(
FILE: src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
function serialize_certificates (line 12) | def serialize_certificates(
function encrypt_and_serialize (line 16) | def encrypt_and_serialize(
function sign_and_serialize (line 22) | def sign_and_serialize(
function decrypt_der (line 27) | def decrypt_der(
function decrypt_pem (line 33) | def decrypt_pem(
function decrypt_smime (line 39) | def decrypt_smime(
function load_pem_pkcs7_certificates (line 45) | def load_pem_pkcs7_certificates(
function load_der_pkcs7_certificates (line 48) | def load_der_pkcs7_certificates(
FILE: src/cryptography/hazmat/bindings/_rust/test_support.pyi
class TestCertificate (line 10) | class TestCertificate:
function test_parse_certificate (line 16) | def test_parse_certificate(data: bytes) -> TestCertificate: ...
function pkcs7_verify (line 17) | def pkcs7_verify(
FILE: src/cryptography/hazmat/bindings/_rust/x509.pyi
function load_pem_x509_certificate (line 20) | def load_pem_x509_certificate(
function load_der_x509_certificate (line 23) | def load_der_x509_certificate(
function load_pem_x509_certificates (line 26) | def load_pem_x509_certificates(
function load_pem_x509_crl (line 29) | def load_pem_x509_crl(
function load_der_x509_crl (line 32) | def load_der_x509_crl(
function load_pem_x509_csr (line 35) | def load_pem_x509_csr(
function load_der_x509_csr (line 38) | def load_der_x509_csr(
function encode_name_bytes (line 41) | def encode_name_bytes(name: x509.Name) -> bytes: ...
function encode_extension_value (line 42) | def encode_extension_value(extension: x509.ExtensionType) -> bytes: ...
function create_x509_certificate (line 43) | def create_x509_certificate(
function create_x509_csr (line 50) | def create_x509_csr(
function create_revoked_certificate (line 57) | def create_revoked_certificate(
function create_x509_crl (line 60) | def create_x509_crl(
class Sct (line 68) | class Sct:
method version (line 70) | def version(self) -> certificate_transparency.Version: ...
method log_id (line 72) | def log_id(self) -> bytes: ...
method timestamp (line 74) | def timestamp(self) -> datetime.datetime: ...
method entry_type (line 76) | def entry_type(self) -> certificate_transparency.LogEntryType: ...
method signature_hash_algorithm (line 78) | def signature_hash_algorithm(self) -> hashes.HashAlgorithm: ...
method signature_algorithm (line 80) | def signature_algorithm(
method signature (line 84) | def signature(self) -> bytes: ...
method extension_bytes (line 86) | def extension_bytes(self) -> bytes: ...
class Certificate (line 88) | class Certificate:
method fingerprint (line 89) | def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
method serial_number (line 91) | def serial_number(self) -> int: ...
method version (line 93) | def version(self) -> x509.Version: ...
method public_key (line 94) | def public_key(self) -> CertificatePublicKeyTypes: ...
method public_key_algorithm_oid (line 96) | def public_key_algorithm_oid(self) -> x509.ObjectIdentifier: ...
method not_valid_before (line 98) | def not_valid_before(self) -> datetime.datetime: ...
method not_valid_before_utc (line 100) | def not_valid_before_utc(self) -> datetime.datetime: ...
method not_valid_after (line 102) | def not_valid_after(self) -> datetime.datetime: ...
method not_valid_after_utc (line 104) | def not_valid_after_utc(self) -> datetime.datetime: ...
method issuer (line 106) | def issuer(self) -> x509.Name: ...
method subject (line 108) | def subject(self) -> x509.Name: ...
method signature_hash_algorithm (line 110) | def signature_hash_algorithm(
method signature_algorithm_oid (line 114) | def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
method signature_algorithm_parameters (line 116) | def signature_algorithm_parameters(
method extensions (line 120) | def extensions(self) -> x509.Extensions: ...
method signature (line 122) | def signature(self) -> bytes: ...
method tbs_certificate_bytes (line 124) | def tbs_certificate_bytes(self) -> bytes: ...
method tbs_precertificate_bytes (line 126) | def tbs_precertificate_bytes(self) -> bytes: ...
method __eq__ (line 127) | def __eq__(self, other: object) -> bool: ...
method __hash__ (line 128) | def __hash__(self) -> int: ...
method public_bytes (line 129) | def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
method verify_directly_issued_by (line 130) | def verify_directly_issued_by(self, issuer: Certificate) -> None: ...
class RevokedCertificate (line 132) | class RevokedCertificate:
method serial_number (line 134) | def serial_number(self) -> int: ...
method revocation_date (line 136) | def revocation_date(self) -> datetime.datetime: ...
method revocation_date_utc (line 138) | def revocation_date_utc(self) -> datetime.datetime: ...
method extensions (line 140) | def extensions(self) -> x509.Extensions: ...
class CertificateRevocationList (line 142) | class CertificateRevocationList:
method public_bytes (line 143) | def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
method fingerprint (line 144) | def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
method get_revoked_certificate_by_serial_number (line 145) | def get_revoked_certificate_by_serial_number(
method signature_hash_algorithm (line 149) | def signature_hash_algorithm(
method signature_algorithm_oid (line 153) | def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
method signature_algorithm_parameters (line 155) | def signature_algorithm_parameters(
method issuer (line 159) | def issuer(self) -> x509.Name: ...
method next_update (line 161) | def next_update(self) -> datetime.datetime | None: ...
method next_update_utc (line 163) | def next_update_utc(self) -> datetime.datetime | None: ...
method last_update (line 165) | def last_update(self) -> datetime.datetime: ...
method last_update_utc (line 167) | def last_update_utc(self) -> datetime.datetime: ...
method extensions (line 169) | def extensions(self) -> x509.Extensions: ...
method signature (line 171) | def signature(self) -> bytes: ...
method tbs_certlist_bytes (line 173) | def tbs_certlist_bytes(self) -> bytes: ...
method __eq__ (line 174) | def __eq__(self, other: object) -> bool: ...
method __len__ (line 175) | def __len__(self) -> int: ...
method __getitem__ (line 177) | def __getitem__(self, idx: int) -> x509.RevokedCertificate: ...
method __getitem__ (line 179) | def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ...
method __iter__ (line 180) | def __iter__(self) -> Iterator[x509.RevokedCertificate]: ...
method is_signature_valid (line 181) | def is_signature_valid(
class CertificateSigningRequest (line 185) | class CertificateSigningRequest:
method __eq__ (line 186) | def __eq__(self, other: object) -> bool: ...
method __hash__ (line 187) | def __hash__(self) -> int: ...
method public_key (line 188) | def public_key(self) -> CertificatePublicKeyTypes: ...
method subject (line 190) | def subject(self) -> x509.Name: ...
method signature_hash_algorithm (line 192) | def signature_hash_algorithm(
method signature_algorithm_oid (line 196) | def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
method signature_algorithm_parameters (line 198) | def signature_algorithm_parameters(
method extensions (line 202) | def extensions(self) -> x509.Extensions: ...
method attributes (line 204) | def attributes(self) -> x509.Attributes: ...
method public_bytes (line 205) | def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
method signature (line 207) | def signature(self) -> bytes: ...
method tbs_certrequest_bytes (line 209) | def tbs_certrequest_bytes(self) -> bytes: ...
method is_signature_valid (line 211) | def is_signature_valid(self) -> bool: ...
class PolicyBuilder (line 213) | class PolicyBuilder:
method time (line 214) | def time(self, time: datetime.datetime) -> PolicyBuilder: ...
method store (line 215) | def store(self, store: Store) -> PolicyBuilder: ...
method max_chain_depth (line 216) | def max_chain_depth(self, max_chain_depth: int) -> PolicyBuilder: ...
method extension_policies (line 217) | def extension_policies(
method build_client_verifier (line 220) | def build_client_verifier(self) -> ClientVerifier: ...
method build_server_verifier (line 221) | def build_server_verifier(
class Policy (line 225) | class Policy:
method max_chain_depth (line 227) | def max_chain_depth(self) -> int: ...
method subject (line 229) | def subject(self) -> x509.verification.Subject | None: ...
method validation_time (line 231) | def validation_time(self) -> datetime.datetime: ...
method extended_key_usage (line 233) | def extended_key_usage(self) -> x509.ObjectIdentifier: ...
method minimum_rsa_modulus (line 235) | def minimum_rsa_modulus(self) -> int: ...
class Criticality (line 237) | class Criticality:
class ExtensionPolicy (line 258) | class ExtensionPolicy:
method permit_all (line 260) | def permit_all() -> ExtensionPolicy: ...
method webpki_defaults_ca (line 262) | def webpki_defaults_ca() -> ExtensionPolicy: ...
method webpki_defaults_ee (line 264) | def webpki_defaults_ee() -> ExtensionPolicy: ...
method require_not_present (line 265) | def require_not_present(
method may_be_present (line 268) | def may_be_present(
method require_present (line 274) | def require_present(
class VerifiedClient (line 281) | class VerifiedClient:
method subjects (line 283) | def subjects(self) -> list[x509.GeneralName] | None: ...
method chain (line 285) | def chain(self) -> list[x509.Certificate]: ...
class ClientVerifier (line 287) | class ClientVerifier:
method policy (line 289) | def policy(self) -> Policy: ...
method store (line 291) | def store(self) -> Store: ...
method verify (line 292) | def verify(
class ServerVerifier (line 298) | class ServerVerifier:
method policy (line 300) | def policy(self) -> Policy: ...
method store (line 302) | def store(self) -> Store: ...
method verify (line 303) | def verify(
class Store (line 309) | class Store:
method __init__ (line 310) | def __init__(self, certs: list[x509.Certificate]) -> None: ...
class VerificationError (line 312) | class VerificationError(Exception): ...
FILE: src/cryptography/hazmat/bindings/openssl/_conditional.py
function cryptography_has_set_cert_cb (line 8) | def cryptography_has_set_cert_cb() -> list[str]:
function cryptography_has_ssl_st (line 15) | def cryptography_has_ssl_st() -> list[str]:
function cryptography_has_tls_st (line 24) | def cryptography_has_tls_st() -> list[str]:
function cryptography_has_ssl_sigalgs (line 31) | def cryptography_has_ssl_sigalgs() -> list[str]:
function cryptography_has_psk (line 37) | def cryptography_has_psk() -> list[str]:
function cryptography_has_psk_tlsv13 (line 45) | def cryptography_has_psk_tlsv13() -> list[str]:
function cryptography_has_custom_ext (line 57) | def cryptography_has_custom_ext() -> list[str]:
function cryptography_has_tlsv13_functions (line 65) | def cryptography_has_tlsv13_functions() -> list[str]:
function cryptography_has_tlsv13_hs_functions (line 71) | def cryptography_has_tlsv13_hs_functions() -> list[str]:
function cryptography_has_ssl_verify_client_post_handshake (line 84) | def cryptography_has_ssl_verify_client_post_handshake() -> list[str]:
function cryptography_has_engine (line 90) | def cryptography_has_engine() -> list[str]:
function cryptography_has_verified_chain (line 109) | def cryptography_has_verified_chain() -> list[str]:
function cryptography_has_srtp (line 115) | def cryptography_has_srtp() -> list[str]:
function cryptography_has_dtls_get_data_mtu (line 123) | def cryptography_has_dtls_get_data_mtu() -> list[str]:
function cryptography_has_ssl_cookie (line 129) | def cryptography_has_ssl_cookie() -> list[str]:
function cryptography_has_prime_checks (line 139) | def cryptography_has_prime_checks() -> list[str]:
function cryptography_has_unexpected_eof_while_reading (line 145) | def cryptography_has_unexpected_eof_while_reading() -> list[str]:
function cryptography_has_ssl_op_ignore_unexpected_eof (line 149) | def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]:
function cryptography_has_get_extms_support (line 155) | def cryptography_has_get_extms_support() -> list[str]:
function cryptography_has_ssl_get0_group_name (line 159) | def cryptography_has_ssl_get0_group_name() -> list[str]:
FILE: src/cryptography/hazmat/bindings/openssl/binding.py
function _openssl_assert (line 21) | def _openssl_assert(ok: bool) -> None:
function build_conditional_library (line 37) | def build_conditional_library(
class Binding (line 55) | class Binding:
method __init__ (line 65) | def __init__(self) -> None:
method _ensure_ffi_initialized (line 69) | def _ensure_ffi_initialized(cls) -> None:
method init_static_locks (line 78) | def init_static_locks(cls) -> None:
function _verify_package_version (line 82) | def _verify_package_version(version: str) -> None:
FILE: src/cryptography/hazmat/decrepit/ciphers/algorithms.py
class ARC4 (line 17) | class ARC4(CipherAlgorithm):
method __init__ (line 21) | def __init__(self, key: bytes):
method key_size (line 25) | def key_size(self) -> int:
class TripleDES (line 29) | class TripleDES(BlockCipherAlgorithm):
method __init__ (line 34) | def __init__(self, key: bytes):
method key_size (line 56) | def key_size(self) -> int:
class _DES (line 61) | class _DES:
class Blowfish (line 65) | class Blowfish(BlockCipherAlgorithm):
method __init__ (line 70) | def __init__(self, key: bytes):
method key_size (line 74) | def key_size(self) -> int:
class CAST5 (line 78) | class CAST5(BlockCipherAlgorithm):
method __init__ (line 83) | def __init__(self, key: bytes):
method key_size (line 87) | def key_size(self) -> int:
class SEED (line 91) | class SEED(BlockCipherAlgorithm):
method __init__ (line 96) | def __init__(self, key: bytes):
method key_size (line 100) | def key_size(self) -> int:
class IDEA (line 104) | class IDEA(BlockCipherAlgorithm):
method __init__ (line 109) | def __init__(self, key: bytes):
method key_size (line 113) | def key_size(self) -> int:
class Camellia (line 117) | class Camellia(BlockCipherAlgorithm):
method __init__ (line 122) | def __init__(self, key: bytes):
method key_size (line 126) | def key_size(self) -> int:
class RC2 (line 132) | class RC2(BlockCipherAlgorithm):
method __init__ (line 137) | def __init__(self, key: bytes):
method key_size (line 141) | def key_size(self) -> int:
FILE: src/cryptography/hazmat/decrepit/ciphers/modes.py
class OFB (line 14) | class OFB(ModeWithInitializationVector):
method __init__ (line 17) | def __init__(self, initialization_vector: utils.Buffer):
method initialization_vector (line 22) | def initialization_vector(self) -> utils.Buffer:
class CFB (line 28) | class CFB(ModeWithInitializationVector):
method __init__ (line 31) | def __init__(self, initialization_vector: utils.Buffer):
method initialization_vector (line 36) | def initialization_vector(self) -> utils.Buffer:
class CFB8 (line 42) | class CFB8(ModeWithInitializationVector):
method __init__ (line 45) | def __init__(self, initialization_vector: utils.Buffer):
method initialization_vector (line 50) | def initialization_vector(self) -> utils.Buffer:
FILE: src/cryptography/hazmat/primitives/_asymmetric.py
class AsymmetricPadding (line 13) | class AsymmetricPadding(metaclass=abc.ABCMeta):
method name (line 16) | def name(self) -> str:
FILE: src/cryptography/hazmat/primitives/_cipheralgorithm.py
class CipherAlgorithm (line 15) | class CipherAlgorithm(metaclass=abc.ABCMeta):
method name (line 18) | def name(self) -> str:
method key_sizes (line 25) | def key_sizes(self) -> frozenset[int]:
method key_size (line 32) | def key_size(self) -> int:
class BlockCipherAlgorithm (line 38) | class BlockCipherAlgorithm(CipherAlgorithm):
method block_size (line 43) | def block_size(self) -> int:
function _verify_key_size (line 49) | def _verify_key_size(
FILE: src/cryptography/hazmat/primitives/_modes.py
class Mode (line 17) | class Mode(metaclass=abc.ABCMeta):
method name (line 20) | def name(self) -> str:
method validate_for_algorithm (line 26) | def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None:
class ModeWithInitializationVector (line 33) | class ModeWithInitializationVector(Mode, metaclass=abc.ABCMeta):
method initialization_vector (line 36) | def initialization_vector(self) -> utils.Buffer:
class ModeWithTweak (line 42) | class ModeWithTweak(Mode, metaclass=abc.ABCMeta):
method tweak (line 45) | def tweak(self) -> utils.Buffer:
class ModeWithNonce (line 51) | class ModeWithNonce(Mode, metaclass=abc.ABCMeta):
method nonce (line 54) | def nonce(self) -> utils.Buffer:
class ModeWithAuthenticationTag (line 60) | class ModeWithAuthenticationTag(Mode, metaclass=abc.ABCMeta):
method tag (line 63) | def tag(self) -> bytes | None:
function _check_aes_key_length (line 69) | def _check_aes_key_length(self: Mode, algorithm: CipherAlgorithm) -> None:
function _check_iv_length (line 76) | def _check_iv_length(
function _check_nonce_length (line 84) | def _check_nonce_length(
function _check_iv_and_key_length (line 96) | def _check_iv_and_key_length(
FILE: src/cryptography/hazmat/primitives/_serialization.py
class PBES (line 22) | class PBES(utils.Enum):
class KeySerializationEncryption (line 27) | class KeySerializationEncryption(metaclass=abc.ABCMeta):
class BestAvailableEncryption (line 31) | class BestAvailableEncryption(KeySerializationEncryption):
method __init__ (line 32) | def __init__(self, password: bytes):
class NoEncryption (line 39) | class NoEncryption(KeySerializationEncryption):
class KeySerializationEncryptionBuilder (line 43) | class KeySerializationEncryptionBuilder:
method __init__ (line 44) | def __init__(
method kdf_rounds (line 58) | def kdf_rounds(self, rounds: int) -> KeySerializationEncryptionBuilder:
method hmac_hash (line 75) | def hmac_hash(
method key_cert_algorithm (line 92) | def key_cert_algorithm(
method build (line 108) | def build(self, password: bytes) -> KeySerializationEncryption:
class _KeySerializationEncryption (line 121) | class _KeySerializationEncryption(KeySerializationEncryption):
method __init__ (line 122) | def __init__(
FILE: src/cryptography/hazmat/primitives/asymmetric/dh.py
class DHParameters (line 20) | class DHParameters(metaclass=abc.ABCMeta):
method generate_private_key (line 22) | def generate_private_key(self) -> DHPrivateKey:
method parameter_bytes (line 28) | def parameter_bytes(
method parameter_numbers (line 38) | def parameter_numbers(self) -> DHParameterNumbers:
class DHPublicKey (line 48) | class DHPublicKey(metaclass=abc.ABCMeta):
method key_size (line 51) | def key_size(self) -> int:
method parameters (line 57) | def parameters(self) -> DHParameters:
method public_numbers (line 63) | def public_numbers(self) -> DHPublicNumbers:
method public_bytes (line 69) | def public_bytes(
method __eq__ (line 79) | def __eq__(self, other: object) -> bool:
method __copy__ (line 85) | def __copy__(self) -> DHPublicKey:
method __deepcopy__ (line 91) | def __deepcopy__(self, memo: dict) -> DHPublicKey:
class DHPrivateKey (line 101) | class DHPrivateKey(metaclass=abc.ABCMeta):
method key_size (line 104) | def key_size(self) -> int:
method public_key (line 110) | def public_key(self) -> DHPublicKey:
method parameters (line 116) | def parameters(self) -> DHParameters:
method exchange (line 122) | def exchange(self, peer_public_key: DHPublicKey) -> bytes:
method private_numbers (line 129) | def private_numbers(self) -> DHPrivateNumbers:
method private_bytes (line 135) | def private_bytes(
method __copy__ (line 146) | def __copy__(self) -> DHPrivateKey:
method __deepcopy__ (line 152) | def __deepcopy__(self, memo: dict) -> DHPrivateKey:
FILE: src/cryptography/hazmat/primitives/asymmetric/dsa.py
class DSAParameters (line 16) | class DSAParameters(metaclass=abc.ABCMeta):
method generate_private_key (line 18) | def generate_private_key(self) -> DSAPrivateKey:
method parameter_numbers (line 24) | def parameter_numbers(self) -> DSAParameterNumbers:
class DSAPrivateKey (line 34) | class DSAPrivateKey(metaclass=abc.ABCMeta):
method key_size (line 37) | def key_size(self) -> int:
method public_key (line 43) | def public_key(self) -> DSAPublicKey:
method parameters (line 49) | def parameters(self) -> DSAParameters:
method sign (line 55) | def sign(
method private_numbers (line 65) | def private_numbers(self) -> DSAPrivateNumbers:
method private_bytes (line 71) | def private_bytes(
method __copy__ (line 82) | def __copy__(self) -> DSAPrivateKey:
method __deepcopy__ (line 88) | def __deepcopy__(self, memo: dict) -> DSAPrivateKey:
class DSAPublicKey (line 98) | class DSAPublicKey(metaclass=abc.ABCMeta):
method key_size (line 101) | def key_size(self) -> int:
method parameters (line 107) | def parameters(self) -> DSAParameters:
method public_numbers (line 113) | def public_numbers(self) -> DSAPublicNumbers:
method public_bytes (line 119) | def public_bytes(
method verify (line 129) | def verify(
method __eq__ (line 140) | def __eq__(self, other: object) -> bool:
method __copy__ (line 146) | def __copy__(self) -> DSAPublicKey:
method __deepcopy__ (line 152) | def __deepcopy__(self, memo: dict) -> DSAPublicKey:
function generate_parameters (line 166) | def generate_parameters(
function generate_private_key (line 175) | def generate_private_key(
FILE: src/cryptography/hazmat/primitives/asymmetric/ec.py
class EllipticCurveOID (line 18) | class EllipticCurveOID:
class EllipticCurve (line 30) | class EllipticCurve(metaclass=abc.ABCMeta):
method name (line 33) | def name(self) -> str:
method key_size (line 40) | def key_size(self) -> int:
method group_order (line 47) | def group_order(self) -> int:
class EllipticCurveSignatureAlgorithm (line 53) | class EllipticCurveSignatureAlgorithm(metaclass=abc.ABCMeta):
method algorithm (line 56) | def algorithm(
class EllipticCurvePrivateKey (line 64) | class EllipticCurvePrivateKey(metaclass=abc.ABCMeta):
method exchange (line 66) | def exchange(
method public_key (line 75) | def public_key(self) -> EllipticCurvePublicKey:
method curve (line 82) | def curve(self) -> EllipticCurve:
method key_size (line 89) | def key_size(self) -> int:
method sign (line 95) | def sign(
method private_numbers (line 105) | def private_numbers(self) -> EllipticCurvePrivateNumbers:
method private_bytes (line 111) | def private_bytes(
method __copy__ (line 122) | def __copy__(self) -> EllipticCurvePrivateKey:
method __deepcopy__ (line 128) | def __deepcopy__(self, memo: dict) -> EllipticCurvePrivateKey:
class EllipticCurvePublicKey (line 138) | class EllipticCurvePublicKey(metaclass=abc.ABCMeta):
method curve (line 141) | def curve(self) -> EllipticCurve:
method key_size (line 148) | def key_size(self) -> int:
method public_numbers (line 154) | def public_numbers(self) -> EllipticCurvePublicNumbers:
method public_bytes (line 160) | def public_bytes(
method verify (line 170) | def verify(
method from_encoded_point (line 181) | def from_encoded_point(
method __eq__ (line 195) | def __eq__(self, other: object) -> bool:
method __copy__ (line 201) | def __copy__(self) -> EllipticCurvePublicKey:
method __deepcopy__ (line 207) | def __deepcopy__(self, memo: dict) -> EllipticCurvePublicKey:
class SECP521R1 (line 220) | class SECP521R1(EllipticCurve):
class SECP384R1 (line 226) | class SECP384R1(EllipticCurve):
class SECP256R1 (line 232) | class SECP256R1(EllipticCurve):
class SECP256K1 (line 240) | class SECP256K1(EllipticCurve):
class SECP224R1 (line 248) | class SECP224R1(EllipticCurve):
class SECP192R1 (line 254) | class SECP192R1(EllipticCurve):
class BrainpoolP256R1 (line 260) | class BrainpoolP256R1(EllipticCurve):
class BrainpoolP384R1 (line 268) | class BrainpoolP384R1(EllipticCurve):
class BrainpoolP512R1 (line 274) | class BrainpoolP512R1(EllipticCurve):
class ECDSA (line 295) | class ECDSA(EllipticCurveSignatureAlgorithm):
method __init__ (line 296) | def __init__(
method algorithm (line 316) | def algorithm(
method deterministic_signing (line 322) | def deterministic_signing(
function derive_private_key (line 331) | def derive_private_key(
class ECDH (line 345) | class ECDH:
function get_curve_for_oid (line 362) | def get_curve_for_oid(oid: ObjectIdentifier) -> type[EllipticCurve]:
FILE: src/cryptography/hazmat/primitives/asymmetric/ed25519.py
class Ed25519PublicKey (line 15) | class Ed25519PublicKey(metaclass=abc.ABCMeta):
method from_public_bytes (line 17) | def from_public_bytes(cls, data: bytes) -> Ed25519PublicKey:
method public_bytes (line 29) | def public_bytes(
method public_bytes_raw (line 39) | def public_bytes_raw(self) -> bytes:
method verify (line 46) | def verify(self, signature: Buffer, data: Buffer) -> None:
method __eq__ (line 52) | def __eq__(self, other: object) -> bool:
method __copy__ (line 58) | def __copy__(self) -> Ed25519PublicKey:
method __deepcopy__ (line 64) | def __deepcopy__(self, memo: dict) -> Ed25519PublicKey:
class Ed25519PrivateKey (line 73) | class Ed25519PrivateKey(metaclass=abc.ABCMeta):
method generate (line 75) | def generate(cls) -> Ed25519PrivateKey:
method from_private_bytes (line 87) | def from_private_bytes(cls, data: Buffer) -> Ed25519PrivateKey:
method public_key (line 99) | def public_key(self) -> Ed25519PublicKey:
method private_bytes (line 105) | def private_bytes(
method private_bytes_raw (line 116) | def private_bytes_raw(self) -> bytes:
method sign (line 123) | def sign(self, data: Buffer) -> bytes:
method __copy__ (line 129) | def __copy__(self) -> Ed25519PrivateKey:
method __deepcopy__ (line 135) | def __deepcopy__(self, memo: dict) -> Ed25519PrivateKey:
FILE: src/cryptography/hazmat/primitives/asymmetric/ed448.py
class Ed448PublicKey (line 15) | class Ed448PublicKey(metaclass=abc.ABCMeta):
method from_public_bytes (line 17) | def from_public_bytes(cls, data: bytes) -> Ed448PublicKey:
method public_bytes (line 29) | def public_bytes(
method public_bytes_raw (line 39) | def public_bytes_raw(self) -> bytes:
method verify (line 46) | def verify(self, signature: Buffer, data: Buffer) -> None:
method __eq__ (line 52) | def __eq__(self, other: object) -> bool:
method __copy__ (line 58) | def __copy__(self) -> Ed448PublicKey:
method __deepcopy__ (line 64) | def __deepcopy__(self, memo: dict) -> Ed448PublicKey:
class Ed448PrivateKey (line 74) | class Ed448PrivateKey(metaclass=abc.ABCMeta):
method generate (line 76) | def generate(cls) -> Ed448PrivateKey:
method from_private_bytes (line 88) | def from_private_bytes(cls, data: Buffer) -> Ed448PrivateKey:
method public_key (line 100) | def public_key(self) -> Ed448PublicKey:
method sign (line 106) | def sign(self, data: Buffer) -> bytes:
method private_bytes (line 112) | def private_bytes(
method private_bytes_raw (line 123) | def private_bytes_raw(self) -> bytes:
method __copy__ (line 130) | def __copy__(self) -> Ed448PrivateKey:
method __deepcopy__ (line 136) | def __deepcopy__(self, memo: dict) -> Ed448PrivateKey:
FILE: src/cryptography/hazmat/primitives/asymmetric/padding.py
class PKCS1v15 (line 16) | class PKCS1v15(AsymmetricPadding):
class _MaxLength (line 20) | class _MaxLength:
class _Auto (line 24) | class _Auto:
class _DigestLength (line 28) | class _DigestLength:
class PSS (line 32) | class PSS(AsymmetricPadding):
method __init__ (line 39) | def __init__(
method mgf (line 60) | def mgf(self) -> MGF:
class OAEP (line 64) | class OAEP(AsymmetricPadding):
method __init__ (line 67) | def __init__(
method algorithm (line 81) | def algorithm(self) -> hashes.HashAlgorithm:
method mgf (line 85) | def mgf(self) -> MGF:
class MGF (line 89) | class MGF(metaclass=abc.ABCMeta):
class MGF1 (line 93) | class MGF1(MGF):
method __init__ (line 94) | def __init__(self, algorithm: hashes.HashAlgorithm):
function calculate_max_pss_salt_length (line 101) | def calculate_max_pss_salt_length(
FILE: src/cryptography/hazmat/primitives/asymmetric/rsa.py
class RSAPrivateKey (line 18) | class RSAPrivateKey(metaclass=abc.ABCMeta):
method decrypt (line 20) | def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> by...
method key_size (line 27) | def key_size(self) -> int:
method public_key (line 33) | def public_key(self) -> RSAPublicKey:
method sign (line 39) | def sign(
method private_numbers (line 52) | def private_numbers(self) -> RSAPrivateNumbers:
method private_bytes (line 58) | def private_bytes(
method __copy__ (line 69) | def __copy__(self) -> RSAPrivateKey:
method __deepcopy__ (line 75) | def __deepcopy__(self, memo: dict) -> RSAPrivateKey:
class RSAPublicKey (line 85) | class RSAPublicKey(metaclass=abc.ABCMeta):
method encrypt (line 87) | def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes:
method key_size (line 94) | def key_size(self) -> int:
method public_numbers (line 100) | def public_numbers(self) -> RSAPublicNumbers:
method public_bytes (line 106) | def public_bytes(
method verify (line 116) | def verify(
method recover_data_from_signature (line 128) | def recover_data_from_signature(
method __eq__ (line 139) | def __eq__(self, other: object) -> bool:
method __copy__ (line 145) | def __copy__(self) -> RSAPublicKey:
method __deepcopy__ (line 151) | def __deepcopy__(self, memo: dict) -> RSAPublicKey:
function generate_private_key (line 164) | def generate_private_key(
function _verify_rsa_parameters (line 173) | def _verify_rsa_parameters(public_exponent: int, key_size: int) -> None:
function _modinv (line 184) | def _modinv(e: int, m: int) -> int:
function rsa_crt_iqmp (line 197) | def rsa_crt_iqmp(p: int, q: int) -> int:
function rsa_crt_dmp1 (line 206) | def rsa_crt_dmp1(private_exponent: int, p: int) -> int:
function rsa_crt_dmq1 (line 216) | def rsa_crt_dmq1(private_exponent: int, q: int) -> int:
function rsa_recover_private_exponent (line 226) | def rsa_recover_private_exponent(e: int, p: int, q: int) -> int:
function rsa_recover_prime_factors (line 254) | def rsa_recover_prime_factors(n: int, e: int, d: int) -> tuple[int, int]:
FILE: src/cryptography/hazmat/primitives/asymmetric/utils.py
class NoDigestInfo (line 14) | class NoDigestInfo:
class Prehashed (line 18) | class Prehashed:
method __init__ (line 19) | def __init__(self, algorithm: hashes.HashAlgorithm):
method digest_size (line 27) | def digest_size(self) -> int:
FILE: src/cryptography/hazmat/primitives/asymmetric/x25519.py
class X25519PublicKey (line 15) | class X25519PublicKey(metaclass=abc.ABCMeta):
method from_public_bytes (line 17) | def from_public_bytes(cls, data: bytes) -> X25519PublicKey:
method public_bytes (line 29) | def public_bytes(
method public_bytes_raw (line 39) | def public_bytes_raw(self) -> bytes:
method __eq__ (line 46) | def __eq__(self, other: object) -> bool:
method __copy__ (line 52) | def __copy__(self) -> X25519PublicKey:
method __deepcopy__ (line 58) | def __deepcopy__(self, memo: dict) -> X25519PublicKey:
class X25519PrivateKey (line 67) | class X25519PrivateKey(metaclass=abc.ABCMeta):
method generate (line 69) | def generate(cls) -> X25519PrivateKey:
method from_private_bytes (line 80) | def from_private_bytes(cls, data: Buffer) -> X25519PrivateKey:
method public_key (line 92) | def public_key(self) -> X25519PublicKey:
method private_bytes (line 98) | def private_bytes(
method private_bytes_raw (line 109) | def private_bytes_raw(self) -> bytes:
method exchange (line 116) | def exchange(self, peer_public_key: X25519PublicKey) -> bytes:
method __copy__ (line 122) | def __copy__(self) -> X25519PrivateKey:
method __deepcopy__ (line 128) | def __deepcopy__(self, memo: dict) -> X25519PrivateKey:
FILE: src/cryptography/hazmat/primitives/asymmetric/x448.py
class X448PublicKey (line 15) | class X448PublicKey(metaclass=abc.ABCMeta):
method from_public_bytes (line 17) | def from_public_bytes(cls, data: bytes) -> X448PublicKey:
method public_bytes (line 29) | def public_bytes(
method public_bytes_raw (line 39) | def public_bytes_raw(self) -> bytes:
method __eq__ (line 46) | def __eq__(self, other: object) -> bool:
method __copy__ (line 52) | def __copy__(self) -> X448PublicKey:
method __deepcopy__ (line 58) | def __deepcopy__(self, memo: dict) -> X448PublicKey:
class X448PrivateKey (line 68) | class X448PrivateKey(metaclass=abc.ABCMeta):
method generate (line 70) | def generate(cls) -> X448PrivateKey:
method from_private_bytes (line 82) | def from_private_bytes(cls, data: Buffer) -> X448PrivateKey:
method public_key (line 94) | def public_key(self) -> X448PublicKey:
method private_bytes (line 100) | def private_bytes(
method private_bytes_raw (line 111) | def private_bytes_raw(self) -> bytes:
method exchange (line 118) | def exchange(self, peer_public_key: X448PublicKey) -> bytes:
method __copy__ (line 124) | def __copy__(self) -> X448PrivateKey:
method __deepcopy__ (line 130) | def __deepcopy__(self, memo: dict) -> X448PrivateKey:
FILE: src/cryptography/hazmat/primitives/ciphers/algorithms.py
class AES (line 36) | class AES(BlockCipherAlgorithm):
method __init__ (line 42) | def __init__(self, key: utils.Buffer):
method key_size (line 46) | def key_size(self) -> int:
class AES128 (line 50) | class AES128(BlockCipherAlgorithm):
method __init__ (line 56) | def __init__(self, key: utils.Buffer):
class AES256 (line 60) | class AES256(BlockCipherAlgorithm):
method __init__ (line 66) | def __init__(self, key: utils.Buffer):
class ChaCha20 (line 106) | class ChaCha20(CipherAlgorithm):
method __init__ (line 110) | def __init__(self, key: utils.Buffer, nonce: utils.Buffer):
method nonce (line 120) | def nonce(self) -> utils.Buffer:
method key_size (line 124) | def key_size(self) -> int:
class SM4 (line 128) | class SM4(BlockCipherAlgorithm):
method __init__ (line 133) | def __init__(self, key: bytes):
method key_size (line 137) | def key_size(self) -> int:
FILE: src/cryptography/hazmat/primitives/ciphers/base.py
class CipherContext (line 16) | class CipherContext(metaclass=abc.ABCMeta):
method update (line 18) | def update(self, data: Buffer) -> bytes:
method update_into (line 25) | def update_into(self, data: Buffer, buf: Buffer) -> int:
method finalize (line 32) | def finalize(self) -> bytes:
method reset_nonce (line 38) | def reset_nonce(self, nonce: bytes) -> None:
class AEADCipherContext (line 46) | class AEADCipherContext(CipherContext, metaclass=abc.ABCMeta):
method authenticate_additional_data (line 48) | def authenticate_additional_data(self, data: Buffer) -> None:
class AEADDecryptionContext (line 54) | class AEADDecryptionContext(AEADCipherContext, metaclass=abc.ABCMeta):
method finalize_with_tag (line 56) | def finalize_with_tag(self, tag: bytes) -> bytes:
class AEADEncryptionContext (line 63) | class AEADEncryptionContext(AEADCipherContext, metaclass=abc.ABCMeta):
method tag (line 66) | def tag(self) -> bytes:
class Cipher (line 78) | class Cipher(typing.Generic[Mode]):
method __init__ (line 79) | def __init__(
method encryptor (line 98) | def encryptor(
method encryptor (line 103) | def encryptor(
method encryptor (line 107) | def encryptor(self):
method decryptor (line 119) | def decryptor(
method decryptor (line 124) | def decryptor(
method decryptor (line 128) | def decryptor(self):
FILE: src/cryptography/hazmat/primitives/ciphers/modes.py
class CBC (line 39) | class CBC(ModeWithInitializationVector):
method __init__ (line 42) | def __init__(self, initialization_vector: utils.Buffer):
method initialization_vector (line 47) | def initialization_vector(self) -> utils.Buffer:
class XTS (line 53) | class XTS(ModeWithTweak):
method __init__ (line 56) | def __init__(self, tweak: utils.Buffer):
method tweak (line 65) | def tweak(self) -> utils.Buffer:
method validate_for_algorithm (line 68) | def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None:
class ECB (line 82) | class ECB(Mode):
class CTR (line 88) | class CTR(ModeWithNonce):
method __init__ (line 91) | def __init__(self, nonce: utils.Buffer):
method nonce (line 96) | def nonce(self) -> utils.Buffer:
method validate_for_algorithm (line 99) | def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None:
class GCM (line 104) | class GCM(ModeWithInitializationVector, ModeWithAuthenticationTag):
method __init__ (line 109) | def __init__(
method tag (line 137) | def tag(self) -> bytes | None:
method initialization_vector (line 141) | def initialization_vector(self) -> utils.Buffer:
method validate_for_algorithm (line 144) | def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None:
FILE: src/cryptography/hazmat/primitives/constant_time.py
function bytes_eq (line 10) | def bytes_eq(a: bytes, b: bytes) -> bool:
FILE: src/cryptography/hazmat/primitives/hashes.py
class HashAlgorithm (line 38) | class HashAlgorithm(metaclass=abc.ABCMeta):
method name (line 41) | def name(self) -> str:
method digest_size (line 48) | def digest_size(self) -> int:
method block_size (line 55) | def block_size(self) -> int | None:
class HashContext (line 62) | class HashContext(metaclass=abc.ABCMeta):
method algorithm (line 65) | def algorithm(self) -> HashAlgorithm:
method update (line 71) | def update(self, data: Buffer) -> None:
method finalize (line 77) | def finalize(self) -> bytes:
method copy (line 83) | def copy(self) -> HashContext:
class ExtendableOutputFunction (line 95) | class ExtendableOutputFunction(metaclass=abc.ABCMeta):
class SHA1 (line 101) | class SHA1(HashAlgorithm):
class SHA512_224 (line 107) | class SHA512_224(HashAlgorithm): # noqa: N801
class SHA512_256 (line 113) | class SHA512_256(HashAlgorithm): # noqa: N801
class SHA224 (line 119) | class SHA224(HashAlgorithm):
class SHA256 (line 125) | class SHA256(HashAlgorithm):
class SHA384 (line 131) | class SHA384(HashAlgorithm):
class SHA512 (line 137) | class SHA512(HashAlgorithm):
class SHA3_224 (line 143) | class SHA3_224(HashAlgorithm): # noqa: N801
class SHA3_256 (line 149) | class SHA3_256(HashAlgorithm): # noqa: N801
class SHA3_384 (line 155) | class SHA3_384(HashAlgorithm): # noqa: N801
class SHA3_512 (line 161) | class SHA3_512(HashAlgorithm): # noqa: N801
class SHAKE128 (line 167) | class SHAKE128(HashAlgorithm, ExtendableOutputFunction):
method __init__ (line 171) | def __init__(self, digest_size: int):
method digest_size (line 181) | def digest_size(self) -> int:
class SHAKE256 (line 185) | class SHAKE256(HashAlgorithm, ExtendableOutputFunction):
method __init__ (line 189) | def __init__(self, digest_size: int):
method digest_size (line 199) | def digest_size(self) -> int:
class MD5 (line 203) | class MD5(HashAlgorithm):
class BLAKE2b (line 209) | class BLAKE2b(HashAlgorithm):
method __init__ (line 215) | def __init__(self, digest_size: int):
method digest_size (line 222) | def digest_size(self) -> int:
class BLAKE2s (line 226) | class BLAKE2s(HashAlgorithm):
method __init__ (line 232) | def __init__(self, digest_size: int):
method digest_size (line 239) | def digest_size(self) -> int:
class SM3 (line 243) | class SM3(HashAlgorithm):
FILE: src/cryptography/hazmat/primitives/kdf/__init__.py
class KeyDerivationFunction (line 12) | class KeyDerivationFunction(metaclass=abc.ABCMeta):
method derive (line 14) | def derive(self, key_material: bytes) -> bytes:
method derive_into (line 21) | def derive_into(self, key_material: bytes, buffer: Buffer) -> None:
method verify (line 28) | def verify(self, key_material: bytes, expected_key: bytes) -> None:
FILE: src/cryptography/hazmat/primitives/kdf/kbkdf.py
class Mode (line 12) | class Mode(utils.Enum):
class CounterLocation (line 16) | class CounterLocation(utils.Enum):
FILE: src/cryptography/hazmat/primitives/keywrap.py
function _wrap_core (line 15) | def _wrap_core(
function aes_key_wrap (line 39) | def aes_key_wrap(
function _unwrap_core (line 58) | def _unwrap_core(
function aes_key_wrap_with_padding (line 81) | def aes_key_wrap_with_padding(
function aes_key_unwrap_with_padding (line 106) | def aes_key_unwrap_with_padding(
function aes_key_unwrap (line 152) | def aes_key_unwrap(
class InvalidUnwrap (line 176) | class InvalidUnwrap(Exception):
FILE: src/cryptography/hazmat/primitives/padding.py
class PaddingContext (line 18) | class PaddingContext(metaclass=abc.ABCMeta):
method update (line 20) | def update(self, data: utils.Buffer) -> bytes:
method finalize (line 26) | def finalize(self) -> bytes:
function _byte_padding_check (line 32) | def _byte_padding_check(block_size: int) -> None:
class PKCS7 (line 40) | class PKCS7:
method __init__ (line 41) | def __init__(self, block_size: int):
method padder (line 45) | def padder(self) -> PaddingContext:
method unpadder (line 48) | def unpadder(self) -> PaddingContext:
class ANSIX923 (line 56) | class ANSIX923:
method __init__ (line 57) | def __init__(self, block_size: int):
method padder (line 61) | def padder(self) -> PaddingContext:
method unpadder (line 64) | def unpadder(self) -> PaddingContext:
FILE: src/cryptography/hazmat/primitives/serialization/pkcs12.py
class PKCS12KeyAndCertificates (line 46) | class PKCS12KeyAndCertificates:
method __init__ (line 47) | def __init__(
method key (line 82) | def key(self) -> PrivateKeyTypes | None:
method cert (line 86) | def cert(self) -> PKCS12Certificate | None:
method additional_certs (line 90) | def additional_certs(self) -> list[PKCS12Certificate]:
method __eq__ (line 93) | def __eq__(self, other: object) -> bool:
method __hash__ (line 103) | def __hash__(self) -> int:
method __repr__ (line 106) | def __repr__(self) -> str:
function serialize_java_truststore (line 123) | def serialize_java_truststore(
function serialize_key_and_certificates (line 141) | def serialize_key_and_certificates(
FILE: src/cryptography/hazmat/primitives/serialization/pkcs7.py
class PKCS7Options (line 47) | class PKCS7Options(utils.Enum):
class PKCS7SignatureBuilder (line 56) | class PKCS7SignatureBuilder:
method __init__ (line 57) | def __init__(
method set_data (line 74) | def set_data(self, data: utils.Buffer) -> PKCS7SignatureBuilder:
method add_signer (line 81) | def add_signer(
method add_certificate (line 124) | def add_certificate(
method sign (line 134) | def sign(
class PKCS7EnvelopeBuilder (line 189) | class PKCS7EnvelopeBuilder:
method __init__ (line 190) | def __init__(
method set_data (line 212) | def set_data(self, data: bytes) -> PKCS7EnvelopeBuilder:
method add_recipient (line 223) | def add_recipient(
method set_content_encryption_algorithm (line 242) | def set_content_encryption_algorithm(
method encrypt (line 259) | def encrypt(
function _smime_signed_encode (line 313) | def _smime_signed_encode(
function _smime_enveloped_encode (line 361) | def _smime_enveloped_encode(data: bytes) -> bytes:
function _smime_enveloped_decode (line 378) | def _smime_enveloped_decode(data: bytes) -> bytes:
function _smime_remove_text_headers (line 388) | def _smime_remove_text_headers(data: bytes) -> bytes:
class OpenSSLMimePart (line 406) | class OpenSSLMimePart(email.message.MIMEPart):
method _write_headers (line 409) | def _write_headers(self, generator) -> None:
FILE: src/cryptography/hazmat/primitives/serialization/ssh.py
function _bcrypt_kdf (line 49) | def _bcrypt_kdf(
class _SSHCipher (line 93) | class _SSHCipher:
function _get_ssh_key_type (line 142) | def _get_ssh_key_type(key: SSHPrivateKeyTypes | SSHPublicKeyTypes) -> by...
function _ecdsa_key_type (line 161) | def _ecdsa_key_type(public_key: ec.EllipticCurvePublicKey) -> bytes:
function _ssh_pem_encode (line 171) | def _ssh_pem_encode(
function _check_block_size (line 179) | def _check_block_size(data: utils.Buffer, block_len: int) -> None:
function _check_empty (line 185) | def _check_empty(data: utils.Buffer) -> None:
function _init_cipher (line 191) | def _init_cipher(
function _get_u32 (line 213) | def _get_u32(data: memoryview) -> tuple[int, memoryview]:
function _get_u64 (line 220) | def _get_u64(data: memoryview) -> tuple[int, memoryview]:
function _get_sshstr (line 227) | def _get_sshstr(data: memoryview) -> tuple[memoryview, memoryview]:
function _get_mpint (line 235) | def _get_mpint(data: memoryview) -> tuple[int, memoryview]:
function _to_mpint (line 243) | def _to_mpint(val: int) -> bytes:
class _FragList (line 253) | class _FragList:
method __init__ (line 258) | def __init__(self, init: list[utils.Buffer] | None = None) -> None:
method put_raw (line 263) | def put_raw(self, val: utils.Buffer) -> None:
method put_u32 (line 267) | def put_u32(self, val: int) -> None:
method put_u64 (line 271) | def put_u64(self, val: int) -> None:
method put_sshstr (line 275) | def put_sshstr(self, val: bytes | _FragList) -> None:
method put_mpint (line 284) | def put_mpint(self, val: int) -> None:
method size (line 288) | def size(self) -> int:
method render (line 292) | def render(self, dstbuf: memoryview, pos: int = 0) -> int:
method tobytes (line 300) | def tobytes(self) -> bytes:
class _SSHFormatRSA (line 307) | class _SSHFormatRSA:
method get_public (line 316) | def get_public(
method load_public (line 324) | def load_public(
method load_private (line 333) | def load_private(
method encode_public (line 357) | def encode_public(
method encode_private (line 365) | def encode_private(
class _SSHFormatDSA (line 381) | class _SSHFormatDSA:
method get_public (line 390) | def get_public(self, data: memoryview) -> tuple[tuple, memoryview]:
method load_public (line 398) | def load_public(
method load_private (line 409) | def load_private(
method encode_public (line 425) | def encode_public(
method encode_private (line 438) | def encode_private(
method _validate (line 445) | def _validate(self, public_numbers: dsa.DSAPublicNumbers) -> None:
class _SSHFormatECDSA (line 451) | class _SSHFormatECDSA:
method __init__ (line 463) | def __init__(self, ssh_curve_name: bytes, curve: ec.EllipticCurve):
method get_public (line 467) | def get_public(
method load_public (line 481) | def load_public(
method load_private (line 491) | def load_private(
method encode_public (line 503) | def encode_public(
method encode_private (line 513) | def encode_private(
class _SSHFormatEd25519 (line 524) | class _SSHFormatEd25519:
method get_public (line 534) | def get_public(
method load_public (line 541) | def load_public(
method load_private (line 551) | def load_private(
method encode_public (line 565) | def encode_public(
method encode_private (line 574) | def encode_private(
function load_application (line 591) | def load_application(data) -> tuple[memoryview, memoryview]:
class _SSHFormatSKEd25519 (line 604) | class _SSHFormatSKEd25519:
method load_public (line 613) | def load_public(
method get_public (line 621) | def get_public(self, data: memoryview) -> typing.NoReturn:
class _SSHFormatSKECDSA (line 629) | class _SSHFormatSKECDSA:
method load_public (line 639) | def load_public(
method get_public (line 647) | def get_public(self, data: memoryview) -> typing.NoReturn:
function _lookup_kformat (line 667) | def _lookup_kformat(key_type: utils.Buffer):
function load_ssh_private_key (line 684) | def load_ssh_private_key(
function _serialize_ssh_private_key (line 798) | def _serialize_ssh_private_key(
class SSHCertificateType (line 889) | class SSHCertificateType(enum.Enum):
class SSHCertificate (line 894) | class SSHCertificate:
method __init__ (line 895) | def __init__(
method nonce (line 937) | def nonce(self) -> bytes:
method public_key (line 940) | def public_key(self) -> SSHCertPublicKeyTypes:
method serial (line 946) | def serial(self) -> int:
method type (line 950) | def type(self) -> SSHCertificateType:
method key_id (line 954) | def key_id(self) -> bytes:
method valid_principals (line 958) | def valid_principals(self) -> list[bytes]:
method valid_before (line 962) | def valid_before(self) -> int:
method valid_after (line 966) | def valid_after(self) -> int:
method critical_options (line 970) | def critical_options(self) -> dict[bytes, bytes]:
method extensions (line 974) | def extensions(self) -> dict[bytes, bytes]:
method signature_key (line 977) | def signature_key(self) -> SSHCertPublicKeyTypes:
method public_bytes (line 983) | def public_bytes(self) -> bytes:
method verify_cert_signature (line 990) | def verify_cert_signature(self) -> None:
function _get_ec_hash_alg (line 1023) | def _get_ec_hash_alg(curve: ec.EllipticCurve) -> hashes.HashAlgorithm:
function _load_ssh_public_identity (line 1033) | def _load_ssh_public_identity(
function load_ssh_public_identity (line 1128) | def load_ssh_public_identity(
function _parse_exts_opts (line 1134) | def _parse_exts_opts(exts_opts: memoryview) -> dict[bytes, bytes]:
function ssh_key_fingerprint (line 1154) | def ssh_key_fingerprint(
function load_ssh_public_key (line 1176) | def load_ssh_public_key(
function serialize_ssh_public_key (line 1196) | def serialize_ssh_public_key(public_key: SSHPublicKeyTypes) -> bytes:
class SSHCertificateBuilder (line 1228) | class SSHCertificateBuilder:
method __init__ (line 1229) | def __init__(
method public_key (line 1253) | def public_key(
method serial (line 1281) | def serial(self, serial: int) -> SSHCertificateBuilder:
method type (line 1302) | def type(self, type: SSHCertificateType) -> SSHCertificateBuilder:
method key_id (line 1321) | def key_id(self, key_id: bytes) -> SSHCertificateBuilder:
method valid_principals (line 1340) | def valid_principals(
method valid_for_all_principals (line 1376) | def valid_for_all_principals(self):
method valid_before (line 1398) | def valid_before(self, valid_before: int | float) -> SSHCertificateBui...
method valid_after (line 1420) | def valid_after(self, valid_after: int | float) -> SSHCertificateBuilder:
method add_critical_option (line 1442) | def add_critical_option(
method add_extension (line 1464) | def add_extension(
method sign (line 1486) | def sign(self, private_key: SSHCertPrivateKeyTypes) -> SSHCertificate:
FILE: src/cryptography/hazmat/primitives/twofactor/__init__.py
class InvalidToken (line 8) | class InvalidToken(Exception):
FILE: src/cryptography/hazmat/primitives/twofactor/hotp.py
function _generate_uri (line 19) | def _generate_uri(
class HOTP (line 45) | class HOTP:
method __init__ (line 46) | def __init__(
method generate (line 70) | def generate(self, counter: int) -> bytes:
method verify (line 78) | def verify(self, hotp: bytes, counter: int) -> None:
method _dynamic_truncate (line 82) | def _dynamic_truncate(self, counter: int) -> int:
method get_provisioning_uri (line 96) | def get_provisioning_uri(
FILE: src/cryptography/hazmat/primitives/twofactor/totp.py
class TOTP (line 19) | class TOTP:
method __init__ (line 20) | def __init__(
method generate (line 34) | def generate(self, time: int | float) -> bytes:
method verify (line 43) | def verify(self, totp: bytes, time: int) -> None:
method get_provisioning_uri (line 47) | def get_provisioning_uri(
FILE: src/cryptography/utils.py
class CryptographyDeprecationWarning (line 17) | class CryptographyDeprecationWarning(UserWarning):
function _check_bytes (line 42) | def _check_bytes(name: str, value: bytes) -> None:
function _check_byteslike (line 47) | def _check_byteslike(name: str, value: Buffer) -> None:
function int_to_bytes (line 54) | def int_to_bytes(integer: int, length: int | None = None) -> bytes:
class InterfaceNotImplemented (line 62) | class InterfaceNotImplemented(Exception):
class _DeprecatedValue (line 66) | class _DeprecatedValue:
method __init__ (line 67) | def __init__(self, value: object, message: str, warning_class):
class _ModuleWithDeprecations (line 73) | class _ModuleWithDeprecations(types.ModuleType):
method __init__ (line 74) | def __init__(self, module: types.ModuleType):
method __getattr__ (line 78) | def __getattr__(self, name: str) -> typing.Any:
method __setattr__ (line 85) | def __setattr__(self, attr: str, value: object) -> None:
method __delattr__ (line 88) | def __delattr__(self, attr: str) -> None:
method __dir__ (line 95) | def __dir__(self) -> Sequence[str]:
function deprecated (line 99) | def deprecated(
function cached_property (line 116) | def cached_property(func: Callable) -> property:
class Enum (line 133) | class Enum(enum.Enum):
method __repr__ (line 134) | def __repr__(self) -> str:
method __str__ (line 137) | def __str__(self) -> str:
FILE: src/cryptography/x509/base.py
class AttributeNotFound (line 53) | class AttributeNotFound(Exception):
method __init__ (line 54) | def __init__(self, msg: str, oid: ObjectIdentifier) -> None:
function _reject_duplicate_extension (line 59) | def _reject_duplicate_extension(
function _reject_duplicate_attribute (line 69) | def _reject_duplicate_attribute(
function _convert_to_naive_utc_time (line 79) | def _convert_to_naive_utc_time(time: datetime.datetime) -> datetime.date...
class Attribute (line 93) | class Attribute:
method __init__ (line 94) | def __init__(
method oid (line 105) | def oid(self) -> ObjectIdentifier:
method value (line 109) | def value(self) -> bytes:
method __repr__ (line 112) | def __repr__(self) -> str:
method __eq__ (line 115) | def __eq__(self, other: object) -> bool:
method __hash__ (line 125) | def __hash__(self) -> int:
class Attributes (line 129) | class Attributes:
method __init__ (line 130) | def __init__(
method __repr__ (line 138) | def __repr__(self) -> str:
method get_attribute_for_oid (line 141) | def get_attribute_for_oid(self, oid: ObjectIdentifier) -> Attribute:
class Version (line 149) | class Version(utils.Enum):
class InvalidVersion (line 154) | class InvalidVersion(Exception):
method __init__ (line 155) | def __init__(self, msg: str, parsed_version: int) -> None:
class CertificateSigningRequestBuilder (line 180) | class CertificateSigningRequestBuilder:
method __init__ (line 181) | def __init__(
method subject_name (line 194) | def subject_name(self, name: Name) -> CertificateSigningRequestBuilder:
method add_extension (line 206) | def add_extension(
method add_attribute (line 224) | def add_attribute(
method sign (line 256) | def sign(
class CertificateBuilder (line 292) | class CertificateBuilder:
method __init__ (line 295) | def __init__(
method issuer_name (line 314) | def issuer_name(self, name: Name) -> CertificateBuilder:
method subject_name (line 332) | def subject_name(self, name: Name) -> CertificateBuilder:
method public_key (line 350) | def public_key(
method serial_number (line 387) | def serial_number(self, number: int) -> CertificateBuilder:
method not_valid_before (line 414) | def not_valid_before(self, time: datetime.datetime) -> CertificateBuil...
method not_valid_after (line 443) | def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder:
method add_extension (line 474) | def add_extension(
method sign (line 496) | def sign(
class CertificateRevocationListBuilder (line 547) | class CertificateRevocationListBuilder:
method __init__ (line 551) | def __init__(
method issuer_name (line 565) | def issuer_name(
method last_update (line 580) | def last_update(
method next_update (line 604) | def next_update(
method add_extension (line 628) | def add_extension(
method add_revoked_certificate (line 647) | def add_revoked_certificate(
method sign (line 664) | def sign(
class RevokedCertificateBuilder (line 703) | class RevokedCertificateBuilder:
method __init__ (line 704) | def __init__(
method serial_number (line 714) | def serial_number(self, number: int) -> RevokedCertificateBuilder:
method revocation_date (line 732) | def revocation_date(
method add_extension (line 748) | def add_extension(
method build (line 762) | def build(self, backend: typing.Any = None) -> RevokedCertificate:
function random_serial_number (line 772) | def random_serial_number() -> int:
FILE: src/cryptography/x509/certificate_transparency.py
class LogEntryType (line 11) | class LogEntryType(utils.Enum):
class Version (line 16) | class Version(utils.Enum):
class SignatureAlgorithm (line 20) | class SignatureAlgorithm(utils.Enum):
FILE: src/cryptography/x509/extensions.py
function _key_identifier_from_public_key (line 51) | def _key_identifier_from_public_key(
function _make_sequence_methods (line 75) | def _make_sequence_methods(field_name: str):
class DuplicateExtension (line 88) | class DuplicateExtension(Exception):
method __init__ (line 89) | def __init__(self, msg: str, oid: ObjectIdentifier) -> None:
class ExtensionNotFound (line 94) | class ExtensionNotFound(Exception):
method __init__ (line 95) | def __init__(self, msg: str, oid: ObjectIdentifier) -> None:
class ExtensionType (line 100) | class ExtensionType(metaclass=abc.ABCMeta):
method public_bytes (line 103) | def public_bytes(self) -> bytes:
class Extensions (line 112) | class Extensions:
method __init__ (line 113) | def __init__(self, extensions: Iterable[Extension[ExtensionType]]) -> ...
method get_extension_for_oid (line 116) | def get_extension_for_oid(
method get_extension_for_class (line 125) | def get_extension_for_class(
method __repr__ (line 145) | def __repr__(self) -> str:
class CRLNumber (line 149) | class CRLNumber(ExtensionType):
method __init__ (line 152) | def __init__(self, crl_number: int) -> None:
method __eq__ (line 158) | def __eq__(self, other: object) -> bool:
method __hash__ (line 164) | def __hash__(self) -> int:
method __repr__ (line 167) | def __repr__(self) -> str:
method crl_number (line 171) | def crl_number(self) -> int:
method public_bytes (line 174) | def public_bytes(self) -> bytes:
class AuthorityKeyIdentifier (line 178) | class AuthorityKeyIdentifier(ExtensionType):
method __init__ (line 181) | def __init__(
method from_issuer_public_key (line 220) | def from_issuer_public_key(
method from_issuer_subject_key_identifier (line 231) | def from_issuer_subject_key_identifier(
method __repr__ (line 240) | def __repr__(self) -> str:
method __eq__ (line 248) | def __eq__(self, other: object) -> bool:
method __hash__ (line 259) | def __hash__(self) -> int:
method key_identifier (line 269) | def key_identifier(self) -> bytes | None:
method authority_cert_issuer (line 273) | def authority_cert_issuer(
method authority_cert_serial_number (line 279) | def authority_cert_serial_number(self) -> int | None:
method public_bytes (line 282) | def public_bytes(self) -> bytes:
class SubjectKeyIdentifier (line 286) | class SubjectKeyIdentifier(ExtensionType):
method __init__ (line 289) | def __init__(self, digest: bytes) -> None:
method from_public_key (line 293) | def from_public_key(
method digest (line 299) | def digest(self) -> bytes:
method key_identifier (line 303) | def key_identifier(self) -> bytes:
method __repr__ (line 306) | def __repr__(self) -> str:
method __eq__ (line 309) | def __eq__(self, other: object) -> bool:
method __hash__ (line 315) | def __hash__(self) -> int:
method public_bytes (line 318) | def public_bytes(self) -> bytes:
class AuthorityInformationAccess (line 322) | class AuthorityInformationAccess(ExtensionType):
method __init__ (line 325) | def __init__(self, descriptions: Iterable[AccessDescription]) -> None:
method __repr__ (line 337) | def __repr__(self) -> str:
method __eq__ (line 340) | def __eq__(self, other: object) -> bool:
method __hash__ (line 346) | def __hash__(self) -> int:
method public_bytes (line 349) | def public_bytes(self) -> bytes:
class SubjectInformationAccess (line 353) | class SubjectInformationAccess(ExtensionType):
method __init__ (line 356) | def __init__(self, descriptions: Iterable[AccessDescription]) -> None:
method __repr__ (line 368) | def __repr__(self) -> str:
method __eq__ (line 371) | def __eq__(self, other: object) -> bool:
method __hash__ (line 377) | def __hash__(self) -> int:
method public_bytes (line 380) | def public_bytes(self) -> bytes:
class AccessDescription (line 384) | class AccessDescription:
method __init__ (line 385) | def __init__(
method __repr__ (line 397) | def __repr__(self) -> str:
method __eq__ (line 403) | def __eq__(self, other: object) -> bool:
method __hash__ (line 412) | def __hash__(self) -> int:
method access_method (line 416) | def access_method(self) -> ObjectIdentifier:
method access_location (line 420) | def access_location(self) -> GeneralName:
class BasicConstraints (line 424) | class BasicConstraints(ExtensionType):
method __init__ (line 427) | def __init__(self, ca: bool, path_length: int | None) -> None:
method ca (line 445) | def ca(self) -> bool:
method path_length (line 449) | def path_length(self) -> int | None:
method __repr__ (line 452) | def __repr__(self) -> str:
method __eq__ (line 457) | def __eq__(self, other: object) -> bool:
method __hash__ (line 463) | def __hash__(self) -> int:
method public_bytes (line 466) | def public_bytes(self) -> bytes:
class DeltaCRLIndicator (line 470) | class DeltaCRLIndicator(ExtensionType):
method __init__ (line 473) | def __init__(self, crl_number: int) -> None:
method crl_number (line 480) | def crl_number(self) -> int:
method __eq__ (line 483) | def __eq__(self, other: object) -> bool:
method __hash__ (line 489) | def __hash__(self) -> int:
method __repr__ (line 492) | def __repr__(self) -> str:
method public_bytes (line 495) | def public_bytes(self) -> bytes:
class CRLDistributionPoints (line 499) | class CRLDistributionPoints(ExtensionType):
method __init__ (line 502) | def __init__(
method __repr__ (line 520) | def __repr__(self) -> str:
method __eq__ (line 523) | def __eq__(self, other: object) -> bool:
method __hash__ (line 529) | def __hash__(self) -> int:
method public_bytes (line 532) | def public_bytes(self) -> bytes:
class FreshestCRL (line 536) | class FreshestCRL(ExtensionType):
method __init__ (line 539) | def __init__(
method __repr__ (line 557) | def __repr__(self) -> str:
method __eq__ (line 560) | def __eq__(self, other: object) -> bool:
method __hash__ (line 566) | def __hash__(self) -> int:
method public_bytes (line 569) | def public_bytes(self) -> bytes:
class DistributionPoint (line 573) | class DistributionPoint:
method __init__ (line 574) | def __init__(
method __repr__ (line 632) | def __repr__(self) -> str:
method __eq__ (line 639) | def __eq__(self, other: object) -> bool:
method __hash__ (line 650) | def __hash__(self) -> int:
method full_name (line 664) | def full_name(self) -> list[GeneralName] | None:
method relative_name (line 668) | def relative_name(self) -> RelativeDistinguishedName | None:
method reasons (line 672) | def reasons(self) -> frozenset[ReasonFlags] | None:
method crl_issuer (line 676) | def crl_issuer(self) -> list[GeneralName] | None:
class ReasonFlags (line 680) | class ReasonFlags(utils.Enum):
class PolicyConstraints (line 753) | class PolicyConstraints(ExtensionType):
method __init__ (line 756) | def __init__(
method __repr__ (line 785) | def __repr__(self) -> str:
method __eq__ (line 792) | def __eq__(self, other: object) -> bool:
method __hash__ (line 801) | def __hash__(self) -> int:
method require_explicit_policy (line 807) | def require_explicit_policy(self) -> int | None:
method inhibit_policy_mapping (line 811) | def inhibit_policy_mapping(self) -> int | None:
method public_bytes (line 814) | def public_bytes(self) -> bytes:
class CertificatePolicies (line 818) | class CertificatePolicies(ExtensionType):
method __init__ (line 821) | def __init__(self, policies: Iterable[PolicyInformation]) -> None:
method __repr__ (line 832) | def __repr__(self) -> str:
method __eq__ (line 835) | def __eq__(self, other: object) -> bool:
method __hash__ (line 841) | def __hash__(self) -> int:
method public_bytes (line 844) | def public_bytes(self) -> bytes:
class PolicyInformation (line 848) | class PolicyInformation:
method __init__ (line 849) | def __init__(
method __repr__ (line 871) | def __repr__(self) -> str:
method __eq__ (line 877) | def __eq__(self, other: object) -> bool:
method __hash__ (line 886) | def __hash__(self) -> int:
method policy_identifier (line 895) | def policy_identifier(self) -> ObjectIdentifier:
method policy_qualifiers (line 899) | def policy_qualifiers(
class UserNotice (line 905) | class UserNotice:
method __init__ (line 906) | def __init__(
method __repr__ (line 921) | def __repr__(self) -> str:
method __eq__ (line 927) | def __eq__(self, other: object) -> bool:
method __hash__ (line 936) | def __hash__(self) -> int:
method notice_reference (line 940) | def notice_reference(self) -> NoticeReference | None:
method explicit_text (line 944) | def explicit_text(self) -> str | None:
class NoticeReference (line 948) | class NoticeReference:
method __init__ (line 949) | def __init__(
method __repr__ (line 961) | def __repr__(self) -> str:
method __eq__ (line 967) | def __eq__(self, other: object) -> bool:
method __hash__ (line 976) | def __hash__(self) -> int:
method organization (line 980) | def organization(self) -> str | None:
method notice_numbers (line 984) | def notice_numbers(self) -> list[int]:
class ExtendedKeyUsage (line 988) | class ExtendedKeyUsage(ExtensionType):
method __init__ (line 991) | def __init__(self, usages: Iterable[ObjectIdentifier]) -> None:
method __repr__ (line 1002) | def __repr__(self) -> str:
method __eq__ (line 1005) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1011) | def __hash__(self) -> int:
method public_bytes (line 1014) | def public_bytes(self) -> bytes:
class OCSPNoCheck (line 1018) | class OCSPNoCheck(ExtensionType):
method __eq__ (line 1021) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1027) | def __hash__(self) -> int:
method __repr__ (line 1030) | def __repr__(self) -> str:
method public_bytes (line 1033) | def public_bytes(self) -> bytes:
class PrecertPoison (line 1037) | class PrecertPoison(ExtensionType):
method __eq__ (line 1040) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1046) | def __hash__(self) -> int:
method __repr__ (line 1049) | def __repr__(self) -> str:
method public_bytes (line 1052) | def public_bytes(self) -> bytes:
class TLSFeature (line 1056) | class TLSFeature(ExtensionType):
method __init__ (line 1059) | def __init__(self, features: Iterable[TLSFeatureType]) -> None:
method __repr__ (line 1074) | def __repr__(self) -> str:
method __eq__ (line 1077) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1083) | def __hash__(self) -> int:
method public_bytes (line 1086) | def public_bytes(self) -> bytes:
class TLSFeatureType (line 1090) | class TLSFeatureType(utils.Enum):
class InhibitAnyPolicy (line 1104) | class InhibitAnyPolicy(ExtensionType):
method __init__ (line 1107) | def __init__(self, skip_certs: int) -> None:
method __repr__ (line 1116) | def __repr__(self) -> str:
method __eq__ (line 1119) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1125) | def __hash__(self) -> int:
method skip_certs (line 1129) | def skip_certs(self) -> int:
method public_bytes (line 1132) | def public_bytes(self) -> bytes:
class KeyUsage (line 1136) | class KeyUsage(ExtensionType):
method __init__ (line 1139) | def __init__(
method digital_signature (line 1168) | def digital_signature(self) -> bool:
method content_commitment (line 1172) | def content_commitment(self) -> bool:
method key_encipherment (line 1176) | def key_encipherment(self) -> bool:
method data_encipherment (line 1180) | def data_encipherment(self) -> bool:
method key_agreement (line 1184) | def key_agreement(self) -> bool:
method key_cert_sign (line 1188) | def key_cert_sign(self) -> bool:
method crl_sign (line 1192) | def crl_sign(self) -> bool:
method encipher_only (line 1196) | def encipher_only(self) -> bool:
method decipher_only (line 1205) | def decipher_only(self) -> bool:
method __repr__ (line 1213) | def __repr__(self) -> str:
method __eq__ (line 1234) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1250) | def __hash__(self) -> int:
method public_bytes (line 1265) | def public_bytes(self) -> bytes:
class PrivateKeyUsagePeriod (line 1269) | class PrivateKeyUsagePeriod(ExtensionType):
method __init__ (line 1272) | def __init__(
method not_before (line 1305) | def not_before(self) -> datetime.datetime | None:
method not_after (line 1309) | def not_after(self) -> datetime.datetime | None:
method __repr__ (line 1312) | def __repr__(self) -> str:
method __eq__ (line 1318) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1327) | def __hash__(self) -> int:
method public_bytes (line 1330) | def public_bytes(self) -> bytes:
class NameConstraints (line 1334) | class NameConstraints(ExtensionType):
method __init__ (line 1337) | def __init__(
method __eq__ (line 1379) | def __eq__(self, other: object) -> bool:
method _validate_tree (line 1388) | def _validate_tree(self, tree: Iterable[GeneralName]) -> None:
method _validate_ip_name (line 1392) | def _validate_ip_name(self, tree: Iterable[GeneralName]) -> None:
method _validate_dns_name (line 1405) | def _validate_dns_name(self, tree: Iterable[GeneralName]) -> None:
method __repr__ (line 1414) | def __repr__(self) -> str:
method __hash__ (line 1420) | def __hash__(self) -> int:
method permitted_subtrees (line 1434) | def permitted_subtrees(
method excluded_subtrees (line 1440) | def excluded_subtrees(
method public_bytes (line 1445) | def public_bytes(self) -> bytes:
class Extension (line 1449) | class Extension(typing.Generic[ExtensionTypeVar]):
method __init__ (line 1450) | def __init__(
method oid (line 1466) | def oid(self) -> ObjectIdentifier:
method critical (line 1470) | def critical(self) -> bool:
method value (line 1474) | def value(self) -> ExtensionTypeVar:
method __repr__ (line 1477) | def __repr__(self) -> str:
method __eq__ (line 1483) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1493) | def __hash__(self) -> int:
class GeneralNames (line 1497) | class GeneralNames:
method __init__ (line 1498) | def __init__(self, general_names: Iterable[GeneralName]) -> None:
method get_values_for_type (line 1511) | def get_values_for_type(
method get_values_for_type (line 1519) | def get_values_for_type(
method get_values_for_type (line 1525) | def get_values_for_type(
method get_values_for_type (line 1531) | def get_values_for_type(
method get_values_for_type (line 1536) | def get_values_for_type(
method get_values_for_type (line 1540) | def get_values_for_type(
method __repr__ (line 1564) | def __repr__(self) -> str:
method __eq__ (line 1567) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1573) | def __hash__(self) -> int:
class SubjectAlternativeName (line 1577) | class SubjectAlternativeName(ExtensionType):
method __init__ (line 1580) | def __init__(self, general_names: Iterable[GeneralName]) -> None:
method get_values_for_type (line 1586) | def get_values_for_type(
method get_values_for_type (line 1594) | def get_values_for_type(
method get_values_for_type (line 1600) | def get_values_for_type(
method get_values_for_type (line 1606) | def get_values_for_type(
method get_values_for_type (line 1611) | def get_values_for_type(
method get_values_for_type (line 1615) | def get_values_for_type(
method __repr__ (line 1633) | def __repr__(self) -> str:
method __eq__ (line 1636) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1642) | def __hash__(self) -> int:
method public_bytes (line 1645) | def public_bytes(self) -> bytes:
class IssuerAlternativeName (line 1649) | class IssuerAlternativeName(ExtensionType):
method __init__ (line 1652) | def __init__(self, general_names: Iterable[GeneralName]) -> None:
method get_values_for_type (line 1658) | def get_values_for_type(
method get_values_for_type (line 1666) | def get_values_for_type(
method get_values_for_type (line 1672) | def get_values_for_type(
method get_values_for_type (line 1678) | def get_values_for_type(
method get_values_for_type (line 1683) | def get_values_for_type(
method get_values_for_type (line 1687) | def get_values_for_type(
method __repr__ (line 1705) | def __repr__(self) -> str:
method __eq__ (line 1708) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1714) | def __hash__(self) -> int:
method public_bytes (line 1717) | def public_bytes(self) -> bytes:
class CertificateIssuer (line 1721) | class CertificateIssuer(ExtensionType):
method __init__ (line 1724) | def __init__(self, general_names: Iterable[GeneralName]) -> None:
method get_values_for_type (line 1730) | def get_values_for_type(
method get_values_for_type (line 1738) | def get_values_for_type(
method get_values_for_type (line 1744) | def get_values_for_type(
method get_values_for_type (line 1750) | def get_values_for_type(
method get_values_for_type (line 1755) | def get_values_for_type(
method get_values_for_type (line 1759) | def get_values_for_type(
method __repr__ (line 1777) | def __repr__(self) -> str:
method __eq__ (line 1780) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1786) | def __hash__(self) -> int:
method public_bytes (line 1789) | def public_bytes(self) -> bytes:
class CRLReason (line 1793) | class CRLReason(ExtensionType):
method __init__ (line 1796) | def __init__(self, reason: ReasonFlags) -> None:
method __repr__ (line 1802) | def __repr__(self) -> str:
method __eq__ (line 1805) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1811) | def __hash__(self) -> int:
method reason (line 1815) | def reason(self) -> ReasonFlags:
method public_bytes (line 1818) | def public_bytes(self) -> bytes:
class InvalidityDate (line 1822) | class InvalidityDate(ExtensionType):
method __init__ (line 1825) | def __init__(self, invalidity_date: datetime.datetime) -> None:
method __repr__ (line 1831) | def __repr__(self) -> str:
method __eq__ (line 1834) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1840) | def __hash__(self) -> int:
method invalidity_date (line 1844) | def invalidity_date(self) -> datetime.datetime:
method invalidity_date_utc (line 1848) | def invalidity_date_utc(self) -> datetime.datetime:
method public_bytes (line 1854) | def public_bytes(self) -> bytes:
class PrecertificateSignedCertificateTimestamps (line 1858) | class PrecertificateSignedCertificateTimestamps(ExtensionType):
method __init__ (line 1861) | def __init__(
method __repr__ (line 1880) | def __repr__(self) -> str:
method __hash__ (line 1883) | def __hash__(self) -> int:
method __eq__ (line 1886) | def __eq__(self, other: object) -> bool:
method public_bytes (line 1895) | def public_bytes(self) -> bytes:
class SignedCertificateTimestamps (line 1899) | class SignedCertificateTimestamps(ExtensionType):
method __init__ (line 1902) | def __init__(
method __repr__ (line 1921) | def __repr__(self) -> str:
method __hash__ (line 1924) | def __hash__(self) -> int:
method __eq__ (line 1927) | def __eq__(self, other: object) -> bool:
method public_bytes (line 1936) | def public_bytes(self) -> bytes:
class OCSPNonce (line 1940) | class OCSPNonce(ExtensionType):
method __init__ (line 1943) | def __init__(self, nonce: bytes) -> None:
method __eq__ (line 1949) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1955) | def __hash__(self) -> int:
method __repr__ (line 1958) | def __repr__(self) -> str:
method nonce (line 1962) | def nonce(self) -> bytes:
method public_bytes (line 1965) | def public_bytes(self) -> bytes:
class OCSPAcceptableResponses (line 1969) | class OCSPAcceptableResponses(ExtensionType):
method __init__ (line 1972) | def __init__(self, responses: Iterable[ObjectIdentifier]) -> None:
method __eq__ (line 1979) | def __eq__(self, other: object) -> bool:
method __hash__ (line 1985) | def __hash__(self) -> int:
method __repr__ (line 1988) | def __repr__(self) -> str:
method __iter__ (line 1991) | def __iter__(self) -> Iterator[ObjectIdentifier]:
method public_bytes (line 1994) | def public_bytes(self) -> bytes:
class IssuingDistributionPoint (line 1998) | class IssuingDistributionPoint(ExtensionType):
method __init__ (line 2001) | def __init__(
method __repr__ (line 2086) | def __repr__(self) -> str:
method __eq__ (line 2098) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2113) | def __hash__(self) -> int:
method full_name (line 2132) | def full_name(self) -> list[GeneralName] | None:
method relative_name (line 2136) | def relative_name(self) -> RelativeDistinguishedName | None:
method only_contains_user_certs (line 2140) | def only_contains_user_certs(self) -> bool:
method only_contains_ca_certs (line 2144) | def only_contains_ca_certs(self) -> bool:
method only_some_reasons (line 2148) | def only_some_reasons(
method indirect_crl (line 2154) | def indirect_crl(self) -> bool:
method only_contains_attribute_certs (line 2158) | def only_contains_attribute_certs(self) -> bool:
method public_bytes (line 2161) | def public_bytes(self) -> bytes:
class MSCertificateTemplate (line 2165) | class MSCertificateTemplate(ExtensionType):
method __init__ (line 2168) | def __init__(
method template_id (line 2189) | def template_id(self) -> ObjectIdentifier:
method major_version (line 2193) | def major_version(self) -> int | None:
method minor_version (line 2197) | def minor_version(self) -> int | None:
method __repr__ (line 2200) | def __repr__(self) -> str:
method __eq__ (line 2207) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2217) | def __hash__(self) -> int:
method public_bytes (line 2220) | def public_bytes(self) -> bytes:
class NamingAuthority (line 2224) | class NamingAuthority:
method __init__ (line 2225) | def __init__(
method id (line 2245) | def id(self) -> ObjectIdentifier | None:
method url (line 2249) | def url(self) -> str | None:
method text (line 2253) | def text(self) -> str | None:
method __repr__ (line 2256) | def __repr__(self) -> str:
method __eq__ (line 2262) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2272) | def __hash__(self) -> int:
class ProfessionInfo (line 2282) | class ProfessionInfo:
method __init__ (line 2283) | def __init__(
method naming_authority (line 2329) | def naming_authority(self) -> NamingAuthority | None:
method profession_items (line 2333) | def profession_items(self) -> list[str]:
method profession_oids (line 2337) | def profession_oids(self) -> list[ObjectIdentifier] | None:
method registration_number (line 2341) | def registration_number(self) -> str | None:
method add_profession_info (line 2345) | def add_profession_info(self) -> bytes | None:
method __repr__ (line 2348) | def __repr__(self) -> str:
method __eq__ (line 2357) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2369) | def __hash__(self) -> int:
class Admission (line 2385) | class Admission:
method __init__ (line 2386) | def __init__(
method admission_authority (line 2416) | def admission_authority(self) -> GeneralName | None:
method naming_authority (line 2420) | def naming_authority(self) -> NamingAuthority | None:
method profession_infos (line 2424) | def profession_infos(self) -> list[ProfessionInfo]:
method __repr__ (line 2427) | def __repr__(self) -> str:
method __eq__ (line 2434) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2444) | def __hash__(self) -> int:
class Admissions (line 2454) | class Admissions(ExtensionType):
method __init__ (line 2457) | def __init__(
method authority (line 2480) | def authority(self) -> GeneralName | None:
method __repr__ (line 2483) | def __repr__(self) -> str:
method __eq__ (line 2489) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2498) | def __hash__(self) -> int:
method public_bytes (line 2501) | def public_bytes(self) -> bytes:
class UnrecognizedExtension (line 2505) | class UnrecognizedExtension(ExtensionType):
method __init__ (line 2506) | def __init__(self, oid: ObjectIdentifier, value: bytes) -> None:
method oid (line 2513) | def oid(self) -> ObjectIdentifier: # type: ignore[override]
method value (line 2517) | def value(self) -> bytes:
method __repr__ (line 2520) | def __repr__(self) -> str:
method __eq__ (line 2523) | def __eq__(self, other: object) -> bool:
method __hash__ (line 2529) | def __hash__(self) -> int:
method public_bytes (line 2532) | def public_bytes(self) -> bytes:
FILE: src/cryptography/x509/general_name.py
class UnsupportedGeneralNameType (line 23) | class UnsupportedGeneralNameType(Exception):
class GeneralName (line 27) | class GeneralName(metaclass=abc.ABCMeta):
method value (line 30) | def value(self) -> typing.Any:
class RFC822Name (line 36) | class RFC822Name(GeneralName):
method __init__ (line 37) | def __init__(self, value: str) -> None:
method value (line 59) | def value(self) -> str:
method _init_without_validation (line 63) | def _init_without_validation(cls, value: str) -> RFC822Name:
method __repr__ (line 68) | def __repr__(self) -> str:
method __eq__ (line 71) | def __eq__(self, other: object) -> bool:
method __hash__ (line 77) | def __hash__(self) -> int:
class DNSName (line 81) | class DNSName(GeneralName):
method __init__ (line 82) | def __init__(self, value: str) -> None:
method value (line 98) | def value(self) -> str:
method _init_without_validation (line 102) | def _init_without_validation(cls, value: str) -> DNSName:
method __repr__ (line 107) | def __repr__(self) -> str:
method __eq__ (line 110) | def __eq__(self, other: object) -> bool:
method __hash__ (line 116) | def __hash__(self) -> int:
class UniformResourceIdentifier (line 120) | class UniformResourceIdentifier(GeneralName):
method __init__ (line 121) | def __init__(self, value: str) -> None:
method value (line 137) | def value(self) -> str:
method _init_without_validation (line 141) | def _init_without_validation(cls, value: str) -> UniformResourceIdenti...
method __repr__ (line 146) | def __repr__(self) -> str:
method __eq__ (line 149) | def __eq__(self, other: object) -> bool:
method __hash__ (line 155) | def __hash__(self) -> int:
class DirectoryName (line 159) | class DirectoryName(GeneralName):
method __init__ (line 160) | def __init__(self, value: Name) -> None:
method value (line 167) | def value(self) -> Name:
method __repr__ (line 170) | def __repr__(self) -> str:
method __eq__ (line 173) | def __eq__(self, other: object) -> bool:
method __hash__ (line 179) | def __hash__(self) -> int:
class RegisteredID (line 183) | class RegisteredID(GeneralName):
method __init__ (line 184) | def __init__(self, value: ObjectIdentifier) -> None:
method value (line 191) | def value(self) -> ObjectIdentifier:
method __repr__ (line 194) | def __repr__(self) -> str:
method __eq__ (line 197) | def __eq__(self, other: object) -> bool:
method __hash__ (line 203) | def __hash__(self) -> int:
class IPAddress (line 207) | class IPAddress(GeneralName):
method __init__ (line 208) | def __init__(self, value: _IPAddressTypes) -> None:
method value (line 227) | def value(self) -> _IPAddressTypes:
method _packed (line 230) | def _packed(self) -> bytes:
method __repr__ (line 240) | def __repr__(self) -> str:
method __eq__ (line 243) | def __eq__(self, other: object) -> bool:
method __hash__ (line 249) | def __hash__(self) -> int:
class OtherName (line 253) | class OtherName(GeneralName):
method __init__ (line 254) | def __init__(self, type_id: ObjectIdentifier, value: bytes) -> None:
method type_id (line 264) | def type_id(self) -> ObjectIdentifier:
method value (line 268) | def value(self) -> bytes:
method __repr__ (line 271) | def __repr__(self) -> str:
method __eq__ (line 274) | def __eq__(self, other: object) -> bool:
method __hash__ (line 280) | def __hash__(self) -> int:
FILE: src/cryptography/x509/name.py
class _ASN1Type (line 19) | class _ASN1Type(utils.Enum):
function _escape_dn_value (line 70) | def _escape_dn_value(val: str | bytes) -> str:
function _unescape_dn_value (line 99) | def _unescape_dn_value(val: str) -> str:
class NameAttribute (line 128) | class NameAttribute(typing.Generic[NameAttributeValueType]):
method __init__ (line 129) | def __init__(
method oid (line 183) | def oid(self) -> ObjectIdentifier:
method value (line 187) | def value(self) -> NameAttributeValueType:
method rfc4514_attribute_name (line 191) | def rfc4514_attribute_name(self) -> str:
method rfc4514_string (line 198) | def rfc4514_string(
method __eq__ (line 215) | def __eq__(self, other: object) -> bool:
method __hash__ (line 221) | def __hash__(self) -> int:
method __repr__ (line 224) | def __repr__(self) -> str:
class RelativeDistinguishedName (line 228) | class RelativeDistinguishedName:
method __init__ (line 229) | def __init__(self, attributes: Iterable[NameAttribute[str | bytes]]):
method get_attributes_for_oid (line 243) | def get_attributes_for_oid(
method rfc4514_string (line 249) | def rfc4514_string(
method __eq__ (line 263) | def __eq__(self, other: object) -> bool:
method __hash__ (line 269) | def __hash__(self) -> int:
method __iter__ (line 272) | def __iter__(self) -> Iterator[NameAttribute[str | bytes]]:
method __len__ (line 275) | def __len__(self) -> int:
method __repr__ (line 278) | def __repr__(self) -> str:
class Name (line 282) | class Name:
method __init__ (line 284) | def __init__(
method __init__ (line 289) | def __init__(
method __init__ (line 293) | def __init__(
method from_rfc4514_string (line 316) | def from_rfc4514_string(
method rfc4514_string (line 323) | def rfc4514_string(
method get_attributes_for_oid (line 341) | def get_attributes_for_oid(
method rdns (line 348) | def rdns(self) -> list[RelativeDistinguishedName]:
method public_bytes (line 351) | def public_bytes(self, backend: typing.Any = None) -> bytes:
method __eq__ (line 354) | def __eq__(self, other: object) -> bool:
method __hash__ (line 360) | def __hash__(self) -> int:
method __iter__ (line 365) | def __iter__(self) -> Iterator[NameAttribute[str | bytes]]:
method __len__ (line 369) | def __len__(self) -> int:
method __repr__ (line 372) | def __repr__(self) -> str:
class _RFC4514NameParser (line 376) | class _RFC4514NameParser:
method __init__ (line 405) | def __init__(self, data: str, attr_name_overrides: _NameOidMap) -> None:
method _has_data (line 411) | def _has_data(self) -> bool:
method _peek (line 414) | def _peek(self) -> str | None:
method _read_char (line 419) | def _read_char(self, ch: str) -> None:
method _read_re (line 424) | def _read_re(self, pat) -> str:
method parse (line 432) | def parse(self) -> Name:
method _parse_rdn (line 453) | def _parse_rdn(self) -> RelativeDistinguishedName:
method _parse_na (line 461) | def _parse_na(self) -> NameAttribute[str]:
FILE: src/cryptography/x509/ocsp.py
class OCSPResponderEncoding (line 19) | class OCSPResponderEncoding(utils.Enum):
class OCSPResponseStatus (line 24) | class OCSPResponseStatus(utils.Enum):
function _verify_algorithm (line 42) | def _verify_algorithm(algorithm: hashes.HashAlgorithm) -> None:
class OCSPCertStatus (line 49) | class OCSPCertStatus(utils.Enum):
class _SingleResponse (line 55) | class _SingleResponse:
method __init__ (line 56) | def __init__(
class OCSPRequestBuilder (line 118) | class OCSPRequestBuilder:
method __init__ (line 119) | def __init__(
method add_certificate (line 133) | def add_certificate(
method add_certificate_by_hash (line 152) | def add_certificate_by_hash(
method add_extension (line 182) | def add_extension(
method build (line 195) | def build(self) -> OCSPRequest:
class OCSPResponseBuilder (line 202) | class OCSPResponseBuilder:
method __init__ (line 203) | def __init__(
method add_response (line 216) | def add_response(
method add_response_by_hash (line 252) | def add_response_by_hash(
method responder_id (line 298) | def responder_id(
method certificates (line 317) | def certificates(
method add_extension (line 334) | def add_extension(
method sign (line 350) | def sign(
method build_unsuccessful (line 365) | def build_unsuccessful(
FILE: src/rust/build.rs
function main (line 8) | fn main() {
FILE: src/rust/cryptography-cffi/build.rs
function main (line 9) | fn main() {
function run_python_script (line 107) | fn run_python_script(interpreter: impl AsRef<Path>, script: &str) -> Res...
function macos_link_search_path (line 131) | fn macos_link_search_path() -> Option<String> {
FILE: src/rust/cryptography-cffi/src/lib.rs
function Cryptography_make_openssl_module (line 9) | fn Cryptography_make_openssl_module() -> std::os::raw::c_int;
function PyInit__openssl (line 13) | fn PyInit__openssl() -> *mut pyo3::ffi::PyObject;
function create_module (line 16) | pub fn create_module(
FILE: src/rust/cryptography-crypto/src/constant_time.rs
function bytes_eq (line 6) | pub fn bytes_eq(a: &[u8], b: &[u8]) -> bool {
FILE: src/rust/cryptography-crypto/src/encoding.rs
function hex_decode (line 5) | pub fn hex_decode(v: &str) -> Option<Vec<u8>> {
function hex_encode (line 33) | pub fn hex_encode(data: &[u8]) -> String {
function test_hex_decode (line 48) | fn test_hex_decode() {
function test_hex_encode (line 64) | fn test_hex_encode() {
FILE: src/rust/cryptography-crypto/src/pbkdf1.rs
function openssl_kdf (line 7) | pub fn openssl_kdf(
function pbkdf1 (line 34) | pub fn pbkdf1(
function test_openssl_kdf (line 66) | fn test_openssl_kdf() {
function test_pbkdf1 (line 131) | fn test_pbkdf1() {
FILE: src/rust/cryptography-crypto/src/pkcs12.rs
constant KDF_ENCRYPTION_KEY_ID (line 5) | pub const KDF_ENCRYPTION_KEY_ID: u8 = 1;
constant KDF_IV_ID (line 6) | pub const KDF_IV_ID: u8 = 2;
constant KDF_MAC_KEY_ID (line 7) | pub const KDF_MAC_KEY_ID: u8 = 3;
function kdf (line 9) | pub fn kdf(
function test_pkcs12_kdf (line 113) | fn test_pkcs12_kdf() {
FILE: src/rust/cryptography-keepalive/src/lib.rs
type KeepAlive (line 12) | pub struct KeepAlive<T: StableDeref> {
type StableDeref (line 19) | pub unsafe trait StableDeref: Deref {}
function new (line 32) | pub fn new() -> Self {
function add (line 38) | pub fn add(&self, v: T) -> &T::Target {
FILE: src/rust/cryptography-key-parsing/build.rs
function main (line 7) | fn main() {
FILE: src/rust/cryptography-key-parsing/src/dsa.rs
type DsaPrivateKey (line 8) | struct DsaPrivateKey<'a> {
function serialize_pkcs1_private_key (line 17) | pub fn serialize_pkcs1_private_key(
function parse_pkcs1_private_key (line 37) | pub fn parse_pkcs1_private_key(
FILE: src/rust/cryptography-key-parsing/src/ec.rs
type EcPrivateKey (line 12) | pub(crate) struct EcPrivateKey<'a> {
function group_to_curve_oid (line 21) | pub(crate) fn group_to_curve_oid(
function ec_params_to_group (line 42) | pub(crate) fn ec_params_to_group(
function serialize_pkcs1_private_key (line 99) | pub fn serialize_pkcs1_private_key(
function parse_pkcs1_private_key (line 130) | pub fn parse_pkcs1_private_key(
FILE: src/rust/cryptography-key-parsing/src/lib.rs
constant MIN_DH_MODULUS_SIZE (line 18) | pub const MIN_DH_MODULUS_SIZE: u32 = 512;
type KeyParsingError (line 20) | pub enum KeyParsingError {
method from (line 41) | fn from(e: asn1::ParseError) -> KeyParsingError {
method from (line 47) | fn from(e: openssl::error::ErrorStack) -> KeyParsingError {
type KeyParsingResult (line 52) | pub type KeyParsingResult<T> = Result<T, KeyParsingError>;
type KeySerializationError (line 54) | pub enum KeySerializationError {
method from (line 61) | fn from(e: asn1::WriteError) -> KeySerializationError {
method from (line 67) | fn from(e: openssl::error::ErrorStack) -> KeySerializationError {
type KeySerializationResult (line 72) | pub type KeySerializationResult<T> = Result<T, KeySerializationError>;
function test_key_parsing_error_from (line 79) | fn test_key_parsing_error_from() {
function test_key_serialization_error_from_asn1_write_error (line 89) | fn test_key_serialization_error_from_asn1_write_error() {
function test_key_serialization_error_from_openssl_error_stack (line 98) | fn test_key_serialization_error_from_openssl_error_stack() {
FILE: src/rust/cryptography-key-parsing/src/pbe.rs
type EncryptionAlgorithm (line 7) | pub enum EncryptionAlgorithm {
method salt_length (line 13) | pub fn salt_length(&self) -> usize {
method algorithm_identifier (line 20) | pub fn algorithm_identifier<'a>(
method encrypt (line 75) | pub fn encrypt(
FILE: src/rust/cryptography-key-parsing/src/pem.rs
function decrypt_pem (line 16) | pub fn decrypt_pem<'a>(
constant ENCODE_CONFIG (line 70) | pub const ENCODE_CONFIG: pem::EncodeConfig =
function encrypt_pem (line 78) | pub fn encrypt_pem(
FILE: src/rust/cryptography-key-parsing/src/pkcs8.rs
type PrivateKeyInfo (line 17) | pub struct PrivateKeyInfo<'a> {
function parse_private_key (line 25) | pub fn parse_private_key(
function parse_dh_private_key (line 118) | fn parse_dh_private_key(
function pkcs12_pbe_decrypt (line 136) | fn pkcs12_pbe_decrypt(
function pkcs5_pbe_decrypt (line 167) | fn pkcs5_pbe_decrypt(
function parse_encrypted_private_key (line 192) | pub fn parse_encrypted_private_key(
function serialize_private_key (line 338) | pub fn serialize_private_key(
constant KDF_ITERATION_COUNT (line 463) | const KDF_ITERATION_COUNT: u64 = 2048;
function serialize_encrypted_private_key (line 465) | pub fn serialize_encrypted_private_key(
function test_serialize_private_key_unknown_key_type (line 496) | fn test_serialize_private_key_unknown_key_type() {
FILE: src/rust/cryptography-key-parsing/src/rsa.rs
type RsaPrivateKey (line 11) | pub(crate) struct RsaPrivateKey<'a> {
function parse_pkcs1_public_key (line 25) | pub fn parse_pkcs1_public_key(
function serialize_pkcs1_public_key (line 37) | pub fn serialize_pkcs1_public_key(
function serialize_pkcs1_private_key (line 50) | pub fn serialize_pkcs1_private_key(
function parse_pkcs1_private_key (line 77) | pub fn parse_pkcs1_private_key(
FILE: src/rust/cryptography-key-parsing/src/spki.rs
function parse_public_key (line 12) | pub fn parse_public_key(
function serialize_public_key (line 109) | pub fn serialize_public_key(
function test_serialize_public_key_unknown_key_type (line 239) | fn test_serialize_public_key_unknown_key_type() {
function test_serialize_public_key_unknown_curve (line 252) | fn test_serialize_public_key_unknown_curve() {
FILE: src/rust/cryptography-key-parsing/src/utils.rs
function is_dh (line 5) | pub(crate) fn is_dh(id: openssl::pkey::Id) -> bool {
FILE: src/rust/cryptography-openssl/build.rs
function main (line 8) | fn main() {
FILE: src/rust/cryptography-openssl/src/aead.rs
type AeadType (line 10) | pub enum AeadType {
method new (line 30) | pub fn new(aead: AeadType, key: &[u8]) -> OpenSSLResult<AeadCtx> {
method encrypt (line 51) | pub fn encrypt(
method decrypt (line 78) | pub fn decrypt(
FILE: src/rust/cryptography-openssl/src/cmac.rs
method new (line 27) | pub fn new(key: &[u8], cipher: &openssl::cipher::CipherRef) -> OpenSSLRe...
method update (line 44) | pub fn update(&mut self, data: &[u8]) -> OpenSSLResult<()> {
method finish (line 56) | pub fn finish(&mut self) -> OpenSSLResult<DigestBytes> {
method copy (line 66) | pub fn copy(&self) -> OpenSSLResult<Cmac> {
FILE: src/rust/cryptography-openssl/src/fips.rs
function is_enabled (line 26) | pub fn is_enabled() -> bool {
function enable (line 47) | pub fn enable() -> OpenSSLResult<()> {
FILE: src/rust/cryptography-openssl/src/hmac.rs
method new (line 32) | pub fn new(key: &[u8], md: openssl::hash::MessageDigest) -> OpenSSLResul...
method update (line 51) | pub fn update(&mut self, data: &[u8]) -> OpenSSLResult<()> {
method finish (line 59) | pub fn finish(&mut self) -> OpenSSLResult<DigestBytes> {
method copy (line 72) | pub fn copy(&self) -> OpenSSLResult<Hmac> {
type DigestBytes (line 82) | pub struct DigestBytes {
type Target (line 88) | type Target = [u8];
method deref (line 91) | fn deref(&self) -> &[u8] {
function test_digest_bytes (line 103) | fn test_digest_bytes() {
FILE: src/rust/cryptography-openssl/src/lib.rs
type OpenSSLResult (line 21) | pub type OpenSSLResult<T> = Result<T, openssl::error::ErrorStack>;
function cvt (line 24) | fn cvt(r: std::os::raw::c_int) -> Result<std::os::raw::c_int, openssl::e...
function cvt_p (line 33) | fn cvt_p<T>(r: *mut T) -> Result<*mut T, openssl::error::ErrorStack> {
function test_cvt (line 46) | fn test_cvt() {
FILE: src/rust/cryptography-openssl/src/poly1305.rs
type Poly1305State (line 9) | pub struct Poly1305State {
method new (line 18) | pub fn new(key: &[u8]) -> Poly1305State {
method update (line 38) | pub fn update(&mut self, data: &[u8]) {
method finalize (line 45) | pub fn finalize(&mut self, output: &mut [u8]) {
FILE: src/rust/cryptography-openssl/src/rand.rs
function rand_bytes (line 8) | pub fn rand_bytes(buf: &mut [u8]) -> OpenSSLResult<()> {
FILE: src/rust/cryptography-openssl/src/utils.rs
function bn_to_big_endian_bytes (line 7) | pub fn bn_to_big_endian_bytes(b: &openssl::bn::BigNumRef) -> OpenSSLResu...
FILE: src/rust/cryptography-x509-verification/src/certificate.rs
function cert_is_self_issued (line 9) | pub(crate) fn cert_is_self_issued(cert: &Certificate<'_>) -> bool {
function test_certificate_v1 (line 21) | fn test_certificate_v1() {
function ca_pem (line 28) | fn ca_pem() -> pem::Pem {
function test_certificate_ca (line 46) | fn test_certificate_ca() {
type PublicKeyErrorOps (line 53) | pub(crate) struct PublicKeyErrorOps {}
type Key (line 55) | type Key = ();
type Err (line 56) | type Err = ();
type CertificateExtra (line 57) | type CertificateExtra = ();
type PolicyExtra (line 58) | type PolicyExtra = ();
method public_key (line 60) | fn public_key(&self, _cert: &Certificate<'_>) -> Result<Self::Key, Self:...
method verify_signed_by (line 65) | fn verify_signed_by(
method clone_public_key (line 73) | fn clone_public_key(key: &Self::Key) -> Self::Key {
method clone_extra (line 77) | fn clone_extra(extra: &Self::CertificateExtra) -> Self::CertificateExtra {
function test_clone (line 83) | fn test_clone() {
function test_certificate_public_key_error (line 89) | fn test_certificate_public_key_error() {
function test_certificate_public_key_error_ops (line 97) | fn test_certificate_public_key_error_ops() {
FILE: src/rust/cryptography-x509-verification/src/lib.rs
type ValidationErrorKind (line 35) | pub enum ValidationErrorKind<'chain, B: CryptoOps> {
type ValidationError (line 46) | pub struct ValidationError<'chain, B: CryptoOps> {
function new (line 52) | pub fn new(kind: ValidationErrorKind<'chain, B>) -> Self {
function set_cert (line 56) | pub(crate) fn set_cert(mut self, cert: VerificationCertificate<'chain, B...
function certificate (line 61) | pub fn certificate(&self) -> Option<&VerificationCertificate<'chain, B>> {
type ValidationResult (line 66) | pub type ValidationResult<'chain, T, B> = Result<T, ValidationError<'cha...
function from (line 69) | fn from(value: asn1::ParseError) -> Self {
function from (line 75) | fn from(value: DuplicateExtensionsError) -> Self {
method fmt (line 84) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
type Budget (line 99) | struct Budget {
constant DEFAULT_NAME_CONSTRAINT_CHECK_LIMIT (line 105) | const DEFAULT_NAME_CONSTRAINT_CHECK_LIMIT: usize = 1 << 20;
method new (line 107) | fn new() -> Budget {
method name_constraint_check (line 113) | fn name_constraint_check<'chain, B: CryptoOps>(&mut self) -> Validatio...
type NameChain (line 124) | struct NameChain<'a, 'chain> {
function new (line 130) | fn new<B: CryptoOps>(
function evaluate_single_constraint (line 148) | fn evaluate_single_constraint<B: CryptoOps>(
function evaluate_constraints (line 223) | fn evaluate_constraints<B: CryptoOps>(
type Chain (line 269) | pub type Chain<'c, B> = Vec<VerificationCertificate<'c, B>>;
function verify (line 271) | pub fn verify<'chain, B: CryptoOps>(
type ChainBuilder (line 283) | struct ChainBuilder<'a, 'chain, B: CryptoOps> {
type ApplyNameConstraintStatus (line 293) | enum ApplyNameConstraintStatus {
method is_applied (line 299) | fn is_applied(&self) -> bool {
method is_match (line 303) | fn is_match(&self) -> bool {
function new (line 309) | fn new(
function potential_issuers (line 321) | fn potential_issuers(
function build_chain_inner (line 335) | fn build_chain_inner(
function build_chain (line 451) | fn build_chain(
function test_validationerror_display (line 489) | fn test_validationerror_display() {
FILE: src/rust/cryptography-x509-verification/src/ops.rs
type VerificationCertificate (line 9) | pub struct VerificationCertificate<'a, B: CryptoOps> {
function new (line 16) | pub fn new(cert: &'a Certificate<'a>, extra: B::CertificateExtra) -> Self {
function certificate (line 24) | pub fn certificate(&self) -> &Certificate<'a> {
function public_key (line 28) | pub fn public_key(&self, ops: &B) -> Result<&B::Key, B::Err> {
function extra (line 37) | pub fn extra(&self) -> &B::CertificateExtra {
function fmt (line 43) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
method eq (line 49) | fn eq(&self, other: &Self) -> bool {
method clone (line 56) | fn clone(&self) -> Self {
type CryptoOps (line 71) | pub trait CryptoOps {
method public_key (line 87) | fn public_key(&self, cert: &Certificate<'_>) -> Result<Self::Key, Self...
method verify_signed_by (line 91) | fn verify_signed_by(&self, cert: &Certificate<'_>, key: &Self::Key) ->...
method clone_public_key (line 94) | fn clone_public_key(extra: &Self::Key) -> Self::Key;
method clone_extra (line 97) | fn clone_extra(extra: &Self::CertificateExtra) -> Self::CertificateExtra;
function v1_cert_pem (line 107) | pub(crate) fn v1_cert_pem() -> pem::Pem {
function epoch (line 124) | pub(crate) fn epoch() -> asn1::DateTime {
function cert (line 128) | pub(crate) fn cert(cert_pem: &pem::Pem) -> Certificate<'_> {
function test_verification_certificate_debug (line 133) | fn test_verification_certificate_debug() {
FILE: src/rust/cryptography-x509-verification/src/policy/extension.rs
type ExtensionPolicy (line 19) | pub struct ExtensionPolicy<'cb, B: CryptoOps> {
function new_permit_all (line 31) | pub fn new_permit_all() -> Self {
function new_default_webpki_ca (line 56) | pub fn new_default_webpki_ca() -> Self {
function new_default_webpki_ee (line 118) | pub fn new_default_webpki_ee() -> Self {
function permits (line 174) | pub(crate) fn permits<'chain>(
type Criticality (line 272) | pub enum Criticality {
method permits (line 282) | pub(crate) fn permits(&self, critical: bool) -> bool {
type PresentExtensionValidatorCallback (line 293) | pub type PresentExtensionValidatorCallback<'cb, B> = Arc<
type MaybeExtensionValidatorCallback (line 304) | pub type MaybeExtensionValidatorCallback<'cb, B> = Arc<
type ExtensionValidator (line 317) | pub enum ExtensionValidator<'cb, B: CryptoOps> {
function not_present (line 339) | pub(crate) fn not_present(oid: asn1::ObjectIdentifier) -> Self {
function present (line 343) | pub(crate) fn present(
function maybe_present (line 355) | pub(crate) fn maybe_present(
function permits (line 367) | pub(crate) fn permits<'chain>(
function basic_constraints (line 440) | pub(crate) fn basic_constraints<'chain, B: CryptoOps>(
function subject_alternative_name (line 458) | pub(crate) fn subject_alternative_name<'chain, B: CryptoOps>(
function extended_key_usage (line 485) | pub(crate) fn extended_key_usage<'chain, B: CryptoOps>(
function key_usage (line 511) | pub(crate) fn key_usage<'chain, B: CryptoOps>(
function authority_key_identifier (line 540) | pub(crate) fn authority_key_identifier<'chain, B: CryptoOps>(
function key_usage (line 583) | pub(crate) fn key_usage<'chain, B: CryptoOps>(
function name_constraints (line 599) | pub(crate) fn name_constraints<'chain, B: CryptoOps>(
function extended_key_usage (line 631) | pub(crate) fn extended_key_usage<'chain, B: CryptoOps>(
function authority_information_access (line 661) | pub(crate) fn authority_information_access<'chain, B: CryptoOps>(
function test_criticality_variants (line 692) | fn test_criticality_variants() {
function create_encoded_extension (line 706) | fn create_encoded_extension<T: SimpleAsn1Writable>(
function present_extension_validator (line 723) | fn present_extension_validator<'chain, B: CryptoOps>(
function test_extension_validator_present (line 732) | fn test_extension_validator_present() {
function maybe_extension_validator (line 773) | fn maybe_extension_validator<'chain, B: CryptoOps>(
function test_extension_validator_maybe (line 782) | fn test_extension_validator_maybe() {
function test_extension_validator_not_present (line 824) | fn test_extension_validator_not_present() {
function test_extension_validator_present_incorrect_criticality (line 862) | fn test_extension_validator_present_incorrect_criticality() {
function test_extension_validator_maybe_present_incorrect_criticality (line 902) | fn test_extension_validator_maybe_present_incorrect_criticality() {
FILE: src/rust/cryptography-x509-verification/src/policy/mod.rs
constant WEBPKI_MINIMUM_RSA_MODULUS (line 35) | const WEBPKI_MINIMUM_RSA_MODULUS: usize = 2048;
constant SPKI_RSA (line 40) | const SPKI_RSA: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant SPKI_SECP256R1 (line 46) | const SPKI_SECP256R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant SPKI_SECP384R1 (line 52) | const SPKI_SECP384R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant SPKI_SECP521R1 (line 58) | const SPKI_SECP521R1: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant RSASSA_PKCS1V15_SHA256 (line 78) | const RSASSA_PKCS1V15_SHA256: AlgorithmIdentifier<'_> = AlgorithmIdentif...
constant RSASSA_PKCS1V15_SHA384 (line 84) | const RSASSA_PKCS1V15_SHA384: AlgorithmIdentifier<'_> = AlgorithmIdentif...
constant RSASSA_PKCS1V15_SHA512 (line 90) | const RSASSA_PKCS1V15_SHA512: AlgorithmIdentifier<'_> = AlgorithmIdentif...
constant ECDSA_SHA256 (line 132) | const ECDSA_SHA256: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant ECDSA_SHA384 (line 138) | const ECDSA_SHA384: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant ECDSA_SHA512 (line 144) | const ECDSA_SHA512: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
constant DEFAULT_MAX_CHAIN_DEPTH (line 175) | const DEFAULT_MAX_CHAIN_DEPTH: u8 = 8;
type Subject (line 179) | pub enum Subject<'a> {
function subject_alt_name_matches (line 185) | fn subject_alt_name_matches(&self, general_name: &GeneralName<'_>) -> bo...
function matches (line 199) | pub fn matches(&self, san: &SubjectAlternativeName<'_>) -> bool {
type PolicyDefinition (line 205) | pub struct PolicyDefinition<'a, B: CryptoOps> {
function new (line 243) | fn new(
function client (line 301) | pub fn client(
function server (line 321) | pub fn server(
type Policy (line 341) | pub struct Policy<'a, B: CryptoOps> {
type Target (line 347) | type Target = PolicyDefinition<'a, B>;
method deref (line 349) | fn deref(&self) -> &Self::Target {
function new (line 355) | pub fn new(definition: &'a PolicyDefinition<'a, B>, extra: B::PolicyExtr...
function permits_basic (line 359) | fn permits_basic<'chain>(&self, cert: &Certificate<'_>) -> ValidationRes...
function permits_ca (line 422) | pub(crate) fn permits_ca<'chain>(
function permits_ee (line 468) | pub(crate) fn permits_ee<'chain>(
function valid_issuer (line 502) | pub(crate) fn valid_issuer<'chain>(
function permits_validity_date (line 578) | fn permits_validity_date<'chain, B: CryptoOps>(
function permits_subject_alternative_name (line 596) | fn permits_subject_alternative_name<'chain, B: CryptoOps>(
function test_webpki_permitted_spki_algorithms_canonical_encodings (line 637) | fn test_webpki_permitted_spki_algorithms_canonical_encodings() {
function test_webpki_permitted_signature_algorithms_canonical_encodings (line 664) | fn test_webpki_permitted_signature_algorithms_canonical_encodings() {
function test_subject_matches (line 739) | fn test_subject_matches() {
function test_validity_date (line 789) | fn test_validity_date() {
FILE: src/rust/cryptography-x509-verification/src/trust_store.rs
type Store (line 12) | pub struct Store<'a, B: CryptoOps> {
function new (line 18) | pub fn new(trusted: impl IntoIterator<Item = VerificationCertificate<'a,...
function contains (line 30) | pub fn contains(&self, cert: &VerificationCertificate<'a, B>) -> bool {
function get_by_subject (line 35) | pub fn get_by_subject(&self, subject: &Name<'a>) -> &[VerificationCertif...
function test_store (line 51) | fn test_store() {
FILE: src/rust/cryptography-x509-verification/src/types.rs
constant ATEXT_CHARS (line 11) | const ATEXT_CHARS: &str = "!#$%&'*+-/=?^_`{|}~";
type DNSName (line 31) | pub struct DNSName<'a>(asn1::IA5String<'a>);
function new (line 34) | pub fn new(value: &'a str) -> Option<Self> {
function as_str (line 62) | pub fn as_str(&self) -> &'a str {
function parent (line 73) | pub fn parent(&self) -> Option<Self> {
function rlabels (line 82) | fn rlabels(&self) -> impl Iterator<Item = &'_ str> {
function is_subdomain_of (line 87) | fn is_subdomain_of(&self, other: &DNSName<'_>) -> bool {
method eq (line 99) | fn eq(&self, other: &Self) -> bool {
type DNSPattern (line 117) | pub enum DNSPattern<'a> {
function new (line 123) | pub fn new(pat: &'a str) -> Option<Self> {
function matches (line 131) | pub fn matches(&self, name: &DNSName<'_>) -> bool {
function inner_name (line 148) | pub fn inner_name(&self) -> &DNSName<'a> {
type DNSConstraint (line 159) | pub struct DNSConstraint<'a>(DNSName<'a>);
function new (line 162) | pub fn new(pattern: &'a str) -> Option<Self> {
function matches (line 181) | pub fn matches(&self, name: &DNSName<'_>) -> bool {
type IPAddress (line 199) | pub struct IPAddress(IpAddr);
method from_str (line 206) | pub fn from_str(s: &str) -> Option<Self> {
method from_bytes (line 215) | pub fn from_bytes(b: &[u8]) -> Option<Self> {
method as_prefix (line 232) | pub fn as_prefix(&self) -> Option<u8> {
method mask (line 258) | pub fn mask(&self, prefix: u8) -> Self {
method from (line 285) | fn from(addr: IpAddr) -> Self {
type IPConstraint (line 291) | pub struct IPConstraint {
method from_bytes (line 308) | pub fn from_bytes(b: &[u8]) -> Option<Self> {
method matches (line 330) | pub fn matches(&self, addr: &IPAddress) -> bool {
type RFC822Name (line 345) | pub struct RFC822Name<'a> {
function new (line 351) | pub fn new(value: &'a str) -> Option<Self> {
type RFC822Constraint (line 382) | pub enum RFC822Constraint<'a> {
function new (line 395) | pub fn new(constraint: &'a str) -> Option<Self> {
function matches (line 405) | pub fn matches(&self, email: &RFC822Name<'_>) -> bool {
function test_dnsname_debug_trait (line 420) | fn test_dnsname_debug_trait() {
function test_dnsname_new (line 429) | fn test_dnsname_new() {
function test_dnsname_equality (line 479) | fn test_dnsname_equality() {
function test_dnsname_parent (line 497) | fn test_dnsname_parent() {
function test_dnsname_is_subdomain_of (line 510) | fn test_dnsname_is_subdomain_of() {
function test_dnspattern_new (line 537) | fn test_dnspattern_new() {
function test_dnspattern_matches (line 557) | fn test_dnspattern_matches() {
function test_dnsconstraint_new (line 581) | fn test_dnsconstraint_new() {
function test_dnsconstraint_matches (line 596) | fn test_dnsconstraint_matches() {
function test_ipaddress_from_str (line 611) | fn test_ipaddress_from_str() {
function test_ipaddress_from_bytes (line 616) | fn test_ipaddress_from_bytes() {
function test_ipaddress_as_prefix (line 634) | fn test_ipaddress_as_prefix() {
function test_ipaddress_mask (line 647) | fn test_ipaddress_mask() {
function test_ipconstraint_from_bytes (line 666) | fn test_ipconstraint_from_bytes() {
function test_ipconstraint_matches (line 702) | fn test_ipconstraint_matches() {
function test_rfc822name (line 733) | fn test_rfc822name() {
function test_rfc822constraint_new (line 790) | fn test_rfc822constraint_new() {
function test_rfc822constraint_matches (line 821) | fn test_rfc822constraint_matches() {
FILE: src/rust/cryptography-x509/src/certificate.rs
type Certificate (line 10) | pub struct Certificate<'a> {
function issuer (line 18) | pub fn issuer(&self) -> &NameReadable<'_> {
function subject (line 23) | pub fn subject(&self) -> &NameReadable<'_> {
function extensions (line 29) | pub fn extensions(&self) -> Result<Extensions<'a>, DuplicateExtensionsEr...
type SerialNumber (line 37) | pub type SerialNumber<'a> = asn1::BigInt<'a>;
type TbsCertificate (line 40) | pub struct TbsCertificate<'a> {
function extensions (line 61) | pub fn extensions(&self) -> Result<Extensions<'a>, DuplicateExtensionsEr...
type Validity (line 67) | pub struct Validity {
FILE: src/rust/cryptography-x509/src/common.rs
type AlgorithmIdentifier (line 10) | pub struct AlgorithmIdentifier<'a> {
function oid (line 17) | pub fn oid(&self) -> &asn1::ObjectIdentifier {
type AlgorithmParameters (line 23) | pub enum AlgorithmParameters<'a> {
type SubjectPublicKeyInfo (line 190) | pub struct SubjectPublicKeyInfo<'a> {
type Pkcs1RsaPublicKey (line 196) | pub struct Pkcs1RsaPublicKey<'a> {
type AttributeTypeValue (line 202) | pub struct AttributeTypeValue<'a> {
type AttributeValue (line 208) | pub enum AttributeValue<'a> {
function tag (line 218) | pub fn tag(&self) -> asn1::Tag {
type RawTlv (line 231) | pub struct RawTlv<'a> {
function new (line 237) | pub fn new(tag: asn1::Tag, value: &'a [u8]) -> Self {
function tag (line 241) | pub fn tag(&self) -> asn1::Tag {
function data (line 244) | pub fn data(&self) -> &'a [u8] {
function parse (line 249) | fn parse(parser: &mut asn1::Parser<'a>) -> asn1::ParseResult<Self> {
function can_parse (line 254) | fn can_parse(_tag: asn1::Tag) -> bool {
type Error (line 259) | type Error = asn1::WriteError;
function write (line 260) | fn write(&self, w: &mut asn1::Writer<'_>) -> asn1::WriteResult {
function encoded_length (line 266) | fn encoded_length(&self) -> Option<usize> {
type Time (line 273) | pub enum Time {
method as_datetime (line 279) | pub fn as_datetime(&self) -> &asn1::DateTime {
type Asn1ReadableOrWritable (line 288) | pub enum Asn1ReadableOrWritable<T, U> {
function new_read (line 294) | pub fn new_read(v: T) -> Self {
function new_write (line 298) | pub fn new_write(v: U) -> Self {
function unwrap_read (line 302) | pub fn unwrap_read(&self) -> &T {
constant TAG (line 313) | const TAG: asn1::Tag = T::TAG;
function parse_data (line 314) | fn parse_data(data: &'a [u8]) -> asn1::ParseResult<Self> {
type Error (line 324) | type Error = asn1::WriteError;
constant TAG (line 325) | const TAG: asn1::Tag = U::TAG;
function write_data (line 326) | fn write_data(&self, w: &mut asn1::WriteBuf) -> asn1::WriteResult {
function data_length (line 333) | fn data_length(&self) -> Option<usize> {
type Asn1Operation (line 341) | pub trait Asn1Operation {
type SequenceOfVec (line 355) | type SequenceOfVec<'a, T>
type SetOfVec (line 359) | type SetOfVec<'a, T>
type OwnedBitString (line 363) | type OwnedBitString<'a> = asn1::BitString<'a>;
type SequenceOfVec (line 366) | type SequenceOfVec<'a, T>
type SetOfVec (line 370) | type SetOfVec<'a, T>
type OwnedBitString (line 374) | type OwnedBitString<'a> = asn1::OwnedBitString;
type Asn1Read (line 351) | pub struct Asn1Read;
type Asn1Write (line 352) | pub struct Asn1Write;
type DssSignature (line 378) | pub struct DssSignature<'a> {
type DHParams (line 384) | pub struct DHParams<'a> {
type BasicDHParams (line 397) | pub struct BasicDHParams<'a> {
type DHXParams (line 412) | pub struct DHXParams<'a> {
constant PSS_SHA1_HASH_ALG (line 422) | pub const PSS_SHA1_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdentifi...
constant PSS_SHA256_HASH_ALG (line 428) | pub const PSS_SHA256_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdenti...
constant PSS_SHA384_HASH_ALG (line 433) | pub const PSS_SHA384_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdenti...
constant PSS_SHA512_HASH_ALG (line 438) | pub const PSS_SHA512_HASH_ALG: AlgorithmIdentifier<'_> = AlgorithmIdenti...
type MaskGenAlgorithm (line 447) | pub struct MaskGenAlgorithm<'a> {
constant PSS_SHA1_MASK_GEN_ALG (line 453) | pub const PSS_SHA1_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorithm {
constant PSS_SHA256_MASK_GEN_ALG (line 459) | pub const PSS_SHA256_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorit...
constant PSS_SHA384_MASK_GEN_ALG (line 464) | pub const PSS_SHA384_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorit...
constant PSS_SHA512_MASK_GEN_ALG (line 469) | pub const PSS_SHA512_MASK_GEN_ALG: MaskGenAlgorithm<'_> = MaskGenAlgorit...
type EcParameters (line 483) | pub enum EcParameters<'a> {
type SpecifiedECDomain (line 499) | pub struct SpecifiedECDomain<'a> {
type FieldID (line 514) | pub struct FieldID<'a> {
type FieldParameters (line 521) | pub enum FieldParameters<'a> {
type Curve (line 535) | pub struct Curve<'a> {
type RsaPssParameters (line 550) | pub struct RsaPssParameters<'a> {
type DssParams (line 582) | pub struct DssParams<'a> {
type PBES2Params (line 589) | pub struct PBES2Params<'a> {
constant HMAC_SHA1_ALG (line 594) | const HMAC_SHA1_ALG: AlgorithmIdentifier<'static> = AlgorithmIdentifier {
type PBKDF2Params (line 600) | pub struct PBKDF2Params<'a> {
type ScryptParams (line 612) | pub struct ScryptParams<'a> {
type PbeParams (line 622) | pub struct PbeParams {
type Pkcs12PbeParams (line 629) | pub struct Pkcs12PbeParams<'a> {
type Rc2CbcParams (line 635) | pub struct Rc2CbcParams {
type UnvalidatedVisibleString (line 643) | pub struct UnvalidatedVisibleString<'a>(pub &'a str);
function as_str (line 646) | pub fn as_str(&self) -> &'a str {
constant TAG (line 652) | const TAG: asn1::Tag = <asn1::VisibleString<'_> as asn1::SimpleAsn1Reada...
function parse_data (line 653) | fn parse_data(data: &'a [u8]) -> asn1::ParseResult<Self> {
type Error (line 662) | type Error = asn1::WriteError;
constant TAG (line 663) | const TAG: asn1::Tag = asn1::VisibleString::TAG;
function write_data (line 664) | fn write_data(&self, _: &mut asn1::WriteBuf) -> asn1::WriteResult {
function data_length (line 668) | fn data_length(&self) -> Option<usize> {
type Utf8StoredBMPString (line 674) | pub struct Utf8StoredBMPString<'a>(pub &'a str);
function new (line 677) | pub fn new(s: &'a str) -> Self {
type Error (line 683) | type Error = asn1::WriteError;
constant TAG (line 684) | const TAG: asn1::Tag = asn1::BMPString::TAG;
function write_data (line 685) | fn write_data(&self, writer: &mut asn1::WriteBuf) -> asn1::WriteResult {
function data_length (line 692) | fn data_length(&self) -> Option<usize> {
type WithTlv (line 698) | pub struct WithTlv<'a, T> {
function tlv (line 704) | pub fn tlv(&self) -> &asn1::Tlv<'a> {
type Target (line 710) | type Target = T;
function deref (line 712) | fn deref(&self) -> &Self::Target {
function parse (line 718) | fn parse(p: &mut asn1::Parser<'a>) -> asn1::ParseResult<Self> {
function can_parse (line 726) | fn can_parse(t: asn1::Tag) -> bool {
type Error (line 732) | type Error = T::Error;
function write (line 733) | fn write(&self, w: &mut asn1::Writer<'_>) -> Result<(), T::Error> {
function encoded_length (line 737) | fn encoded_length(&self) -> Option<usize> {
method eq (line 743) | fn eq(&self, other: &Self) -> bool {
function hash (line 749) | fn hash<H: std::hash::Hasher>(&self, state: &mut H) {
function test_unvalidated_visible_string_write (line 762) | fn test_unvalidated_visible_string_write() {
function test_asn1_readable_or_writable_unwrap_read (line 769) | fn test_asn1_readable_or_writable_unwrap_read() {
function test_asn1_readable_or_writable_write_read_data (line 774) | fn test_asn1_readable_or_writable_write_read_data() {
function test_raw_tlv_can_parse (line 780) | fn test_raw_tlv_can_parse() {
function test_with_raw_tlv_can_parse (line 786) | fn test_with_raw_tlv_can_parse() {
FILE: src/rust/cryptography-x509/src/crl.rs
type ReasonFlags (line 9) | pub type ReasonFlags<'a, Op> = Option<<Op as Asn1Operation>::OwnedBitStr...
type CertificateRevocationList (line 12) | pub struct CertificateRevocationList<'a> {
type RevokedCertificates (line 18) | pub type RevokedCertificates<'a> = Option<
type TBSCertList (line 26) | pub struct TBSCertList<'a> {
type RevokedCertificate (line 38) | pub struct RevokedCertificate<'a> {
type IssuingDistributionPoint (line 45) | pub struct IssuingDistributionPoint<'a, Op: Asn1Operation> {
type CRLReason (line 69) | pub type CRLReason = asn1::Enumerated;
FILE: src/rust/cryptography-x509/src/csr.rs
type Csr (line 8) | pub struct Csr<'a> {
type CertificationRequestInfo (line 15) | pub struct CertificationRequestInfo<'a> {
function get_extension_attribute (line 24) | pub fn get_extension_attribute(
function check_attribute_length (line 41) | pub fn check_attribute_length<'a>(
type Attributes (line 53) | pub type Attributes<'a> = common::Asn1ReadableOrWritable<
type Attribute (line 59) | pub struct Attribute<'a> {
FILE: src/rust/cryptography-x509/src/ec_constants.rs
constant P256_FIELD (line 7) | const P256_FIELD: FieldID<'static> = FieldID {
constant P256_CURVE_A (line 11) | const P256_CURVE_A: &[u8; 32] = b"\xff\xff\xff\xff\x00\x00\x00\x01\x00\x...
constant P256_CURVE_B (line 12) | const P256_CURVE_B: &[u8; 32] = b"\x5a\xc6\x35\xd8\xaa\x3a\x93\xe7\xb3\x...
constant P256_SEED (line 13) | const P256_SEED: asn1::BitString<'static> = asn1::BitString::new(
constant P256_UNCOMPRESSED_BASE (line 18) | const P256_UNCOMPRESSED_BASE: &[u8; 65] = b"\x04\x6b\x17\xd1\xf2\xe1\x2c...
constant P256_ORDER (line 19) | const P256_ORDER: asn1::BigUint<'static> = asn1::BigUint::new(b"\x00\xff...
constant P256_DOMAIN (line 21) | pub const P256_DOMAIN: SpecifiedECDomain<'static> = SpecifiedECDomain {
constant P256_DOMAIN_NO_SEED (line 34) | pub const P256_DOMAIN_NO_SEED: SpecifiedECDomain<'static> = SpecifiedECD...
constant P384_FIELD (line 47) | const P384_FIELD: FieldID<'static> = FieldID {
constant P384_CURVE_A (line 51) | const P384_CURVE_A: &[u8; 48] = b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\x...
constant P384_CURVE_B (line 52) | const P384_CURVE_B: &[u8; 48] = b"\xb3\x31\x2f\xa7\xe2\x3e\xe7\xe4\x98\x...
constant P384_SEED (line 53) | const P384_SEED: asn1::BitString<'static> = asn1::BitString::new(
constant P384_UNCOMPRESSED_BASE (line 58) | const P384_UNCOMPRESSED_BASE: &[u8; 97] = b"\x04\xaa\x87\xca\x22\xbe\x8b...
constant P384_ORDER (line 59) | const P384_ORDER: asn1::BigUint<'static> = asn1::BigUint::new(b"\x00\xff...
constant P384_DOMAIN (line 61) | pub const P384_DOMAIN: SpecifiedECDomain<'static> = SpecifiedECDomain {
constant P384_DOMAIN_NO_SEED (line 74) | pub const P384_DOMAIN_NO_SEED: SpecifiedECDomain<'static> = SpecifiedECD...
constant P521_FIELD (line 87) | const P521_FIELD: FieldID<'static> = FieldID {
constant P521_CURVE_A (line 91) | const P521_CURVE_A: &[u8; 66] = b"\x01\xff\xff\xff\xff\xff\xff\xff\xff\x...
constant P521_CURVE_B (line 92) | const P521_CURVE_B: &[u8; 66] = b"\x00\x51\x95\x3e\xb9\x61\x8e\x1c\x9a\x...
constant P521_SEED (line 93) | const P521_SEED: asn1::BitString<'static> = asn1::BitString::new(
constant P521_UNCOMPRESSED_BASE (line 98) | const P521_UNCOMPRESSED_BASE: &[u8; 133] = b"\x04\x00\xc6\x85\x8e\x06\xb...
constant P521_ORDER (line 99) | const P521_ORDER: asn1::BigUint<'static> = asn1::BigUint::new(b"\x01\xff...
constant P521_DOMAIN (line 101) | pub const P521_DOMAIN: SpecifiedECDomain<'static> = SpecifiedECDomain {
constant P521_DOMAIN_NO_SEED (line 114) | pub const P521_DOMAIN_NO_SEED: SpecifiedECDomain<'static> = SpecifiedECD...
FILE: src/rust/cryptography-x509/src/extensions.rs
type DuplicateExtensionsError (line 11) | pub struct DuplicateExtensionsError(pub asn1::ObjectIdentifier);
type RawExtensions (line 13) | pub type RawExtensions<'a> = common::Asn1ReadableOrWritable<
type Extensions (line 22) | pub struct Extensions<'a>(Option<RawExtensions<'a>>);
function from_raw_extensions (line 29) | pub fn from_raw_extensions(
function get_extension (line 50) | pub fn get_extension(&self, oid: &asn1::ObjectIdentifier) -> Option<Exte...
function as_raw (line 55) | pub fn as_raw(&self) -> Option<&RawExtensions<'a>> {
function iter (line 60) | pub fn iter(&self) -> impl Iterator<Item = Extension<'a>> {
type Extension (line 69) | pub struct Extension<'a> {
function value (line 77) | pub fn value<T: asn1::Asn1Readable<'a>>(&self) -> asn1::ParseResult<T> {
type PolicyConstraints (line 83) | pub struct PolicyConstraints {
type AccessDescription (line 91) | pub struct AccessDescription<'a> {
type SequenceOfAccessDescriptions (line 96) | pub type SequenceOfAccessDescriptions<'a, Op> =
type SequenceOfPolicyQualifiers (line 100) | type SequenceOfPolicyQualifiers<'a, Op> =
type PolicyInformation (line 104) | pub struct PolicyInformation<'a, Op: Asn1Operation + 'a> {
type PolicyQualifierInfo (line 110) | pub struct PolicyQualifierInfo<'a, Op: Asn1Operation> {
type Qualifier (line 116) | pub enum Qualifier<'a, Op: Asn1Operation> {
type UserNotice (line 122) | pub struct UserNotice<'a, Op: Asn1Operation> {
type NoticeReference (line 128) | pub struct NoticeReference<'a, Op: Asn1Operation> {
type DisplayText (line 136) | pub enum DisplayText<'a> {
type SequenceOfSubtrees (line 144) | pub type SequenceOfSubtrees<'a, Op> = <Op as Asn1Operation>::SequenceOfV...
type NameConstraints (line 147) | pub struct NameConstraints<'a, Op: Asn1Operation> {
type GeneralSubtree (line 156) | pub struct GeneralSubtree<'a> {
type MSCertificateTemplate (line 168) | pub struct MSCertificateTemplate {
type DistributionPoint (line 175) | pub struct DistributionPoint<'a, Op: Asn1Operation> {
type DistributionPointName (line 187) | pub enum DistributionPointName<'a, Op: Asn1Operation> {
type AuthorityKeyIdentifier (line 196) | pub struct AuthorityKeyIdentifier<'a, Op: Asn1Operation> {
type BasicConstraints (line 206) | pub struct BasicConstraints {
type SubjectAlternativeName (line 212) | pub type SubjectAlternativeName<'a> = asn1::SequenceOf<'a, name::General...
type IssuerAlternativeName (line 213) | pub type IssuerAlternativeName<'a> = asn1::SequenceOf<'a, name::GeneralN...
type ExtendedKeyUsage (line 214) | pub type ExtendedKeyUsage<'a> = asn1::SequenceOf<'a, asn1::ObjectIdentif...
type KeyUsage (line 216) | pub struct KeyUsage<'a>(asn1::BitString<'a>);
constant TAG (line 219) | const TAG: asn1::Tag = asn1::BitString::TAG;
function parse_data (line 221) | fn parse_data(data: &'a [u8]) -> asn1::ParseResult<Self> {
function is_zeroed (line 227) | pub fn is_zeroed(&self) -> bool {
function digital_signature (line 231) | pub fn digital_signature(&self) -> bool {
function content_commitment (line 235) | pub fn content_commitment(&self) -> bool {
function key_encipherment (line 239) | pub fn key_encipherment(&self) -> bool {
function data_encipherment (line 243) | pub fn data_encipherment(&self) -> bool {
function key_agreement (line 247) | pub fn key_agreement(&self) -> bool {
function key_cert_sign (line 251) | pub fn key_cert_sign(&self) -> bool {
function crl_sign (line 255) | pub fn crl_sign(&self) -> bool {
function encipher_only (line 259) | pub fn encipher_only(&self) -> bool {
function decipher_only (line 263) | pub fn decipher_only(&self) -> bool {
type NamingAuthority (line 269) | pub struct NamingAuthority<'a> {
type SequenceOfDisplayTexts (line 275) | type SequenceOfDisplayTexts<'a, Op> = <Op as Asn1Operation>::SequenceOfV...
type SequenceOfObjectIdentifiers (line 277) | type SequenceOfObjectIdentifiers<'a, Op> =
type ProfessionInfo (line 281) | pub struct ProfessionInfo<'a, Op: Asn1Operation> {
type Admission (line 291) | pub struct Admission<'a, Op: Asn1Operation + 'a> {
type Admissions (line 300) | pub struct Admissions<'a, Op: Asn1Operation> {
type PrivateKeyUsagePeriod (line 306) | pub struct PrivateKeyUsagePeriod {
function test_get_extension (line 319) | fn test_get_extension() {
function test_extensions_iter (line 343) | fn test_extensions_iter() {
function test_extension_value (line 365) | fn test_extension_value() {
function test_keyusage (line 382) | fn test_keyusage() {
FILE: src/rust/cryptography-x509/src/name.rs
type NameReadable (line 7) | pub type NameReadable<'a> = asn1::SequenceOf<'a, asn1::SetOf<'a, common:...
type Name (line 9) | pub type Name<'a> = common::Asn1ReadableOrWritable<
type UnvalidatedIA5String (line 27) | pub struct UnvalidatedIA5String<'a>(pub &'a str);
constant TAG (line 30) | const TAG: asn1::Tag = asn1::IA5String::TAG;
function parse_data (line 31) | fn parse_data(data: &'a [u8]) -> asn1::ParseResult<Self> {
type Error (line 39) | type Error = asn1::WriteError;
constant TAG (line 40) | const TAG: asn1::Tag = asn1::IA5String::TAG;
function write_data (line 41) | fn write_data(&self, dest: &mut asn1::WriteBuf) -> asn1::WriteResult {
function data_length (line 44) | fn data_length(&self) -> Option<usize> {
type OtherName (line 50) | pub struct OtherName<'a> {
type GeneralName (line 57) | pub enum GeneralName<'a> {
type SequenceOfGeneralName (line 89) | pub(crate) type SequenceOfGeneralName<'a, Op> =
FILE: src/rust/cryptography-x509/src/ocsp_req.rs
type TBSRequest (line 8) | pub struct TBSRequest<'a> {
type Request (line 23) | pub struct Request<'a> {
type CertID (line 30) | pub struct CertID<'a> {
type OCSPRequest (line 38) | pub struct OCSPRequest<'a> {
FILE: src/rust/cryptography-x509/src/ocsp_resp.rs
type OCSPResponse (line 9) | pub struct OCSPResponse<'a> {
type ResponseBytes (line 16) | pub struct ResponseBytes<'a> {
type Response (line 23) | pub enum Response<'a> {
type OCSPCerts (line 28) | pub type OCSPCerts<'a> = Option<
type BasicOCSPResponse (line 36) | pub struct BasicOCSPResponse<'a> {
type ResponseData (line 45) | pub struct ResponseData<'a> {
type ResponderId (line 60) | pub enum ResponderId<'a> {
type SingleResponse (line 68) | pub struct SingleResponse<'a> {
type CertStatus (line 79) | pub enum CertStatus {
type RevokedInfo (line 89) | pub struct RevokedInfo {
FILE: src/rust/cryptography-x509/src/oid.rs
constant EXTENSION_REQUEST_OID (line 6) | pub const EXTENSION_REQUEST_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant MS_EXTENSION_REQUEST (line 7) | pub const MS_EXTENSION_REQUEST: asn1::ObjectIdentifier =
constant MS_CERTIFICATE_TEMPLATE (line 9) | pub const MS_CERTIFICATE_TEMPLATE: asn1::ObjectIdentifier =
constant PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID (line 11) | pub const PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentif...
constant PRECERT_POISON_OID (line 13) | pub const PRECERT_POISON_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, ...
constant SIGNED_CERTIFICATE_TIMESTAMPS_OID (line 14) | pub const SIGNED_CERTIFICATE_TIMESTAMPS_OID: asn1::ObjectIdentifier =
constant AUTHORITY_INFORMATION_ACCESS_OID (line 16) | pub const AUTHORITY_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier =
constant SUBJECT_INFORMATION_ACCESS_OID (line 18) | pub const SUBJECT_INFORMATION_ACCESS_OID: asn1::ObjectIdentifier =
constant TLS_FEATURE_OID (line 20) | pub const TLS_FEATURE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, ...
constant CP_CPS_URI_OID (line 21) | pub const CP_CPS_URI_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1...
constant OCSP_BASIC_OID (line 22) | pub const OCSP_BASIC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1...
constant CP_USER_NOTICE_OID (line 23) | pub const CP_USER_NOTICE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, ...
constant NONCE_OID (line 24) | pub const NONCE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 5, ...
constant OCSP_NO_CHECK_OID (line 25) | pub const OCSP_NO_CHECK_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6...
constant SUBJECT_DIRECTORY_ATTRIBUTES_OID (line 26) | pub const SUBJECT_DIRECTORY_ATTRIBUTES_OID: asn1::ObjectIdentifier = asn...
constant SUBJECT_KEY_IDENTIFIER_OID (line 27) | pub const SUBJECT_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::oid...
constant KEY_USAGE_OID (line 28) | pub const KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, 15);
constant SUBJECT_ALTERNATIVE_NAME_OID (line 29) | pub const SUBJECT_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::o...
constant ISSUER_ALTERNATIVE_NAME_OID (line 30) | pub const ISSUER_ALTERNATIVE_NAME_OID: asn1::ObjectIdentifier = asn1::oi...
constant BASIC_CONSTRAINTS_OID (line 31) | pub const BASIC_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, ...
constant CRL_NUMBER_OID (line 32) | pub const CRL_NUMBER_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, ...
constant CRL_REASON_OID (line 33) | pub const CRL_REASON_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29, ...
constant INVALIDITY_DATE_OID (line 34) | pub const INVALIDITY_DATE_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5,...
constant DELTA_CRL_INDICATOR_OID (line 35) | pub const DELTA_CRL_INDICATOR_OID: asn1::ObjectIdentifier = asn1::oid!(2...
constant ISSUING_DISTRIBUTION_POINT_OID (line 36) | pub const ISSUING_DISTRIBUTION_POINT_OID: asn1::ObjectIdentifier = asn1:...
constant CERTIFICATE_ISSUER_OID (line 37) | pub const CERTIFICATE_ISSUER_OID: asn1::ObjectIdentifier = asn1::oid!(2,...
constant NAME_CONSTRAINTS_OID (line 38) | pub const NAME_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5...
constant CRL_DISTRIBUTION_POINTS_OID (line 39) | pub const CRL_DISTRIBUTION_POINTS_OID: asn1::ObjectIdentifier = asn1::oi...
constant CERTIFICATE_POLICIES_OID (line 40) | pub const CERTIFICATE_POLICIES_OID: asn1::ObjectIdentifier = asn1::oid!(...
constant AUTHORITY_KEY_IDENTIFIER_OID (line 41) | pub const AUTHORITY_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier = asn1::o...
constant POLICY_CONSTRAINTS_OID (line 42) | pub const POLICY_CONSTRAINTS_OID: asn1::ObjectIdentifier = asn1::oid!(2,...
constant EXTENDED_KEY_USAGE_OID (line 43) | pub const EXTENDED_KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2,...
constant FRESHEST_CRL_OID (line 44) | pub const FRESHEST_CRL_OID: asn1::ObjectIdentifier = asn1::oid!(2, 5, 29...
constant INHIBIT_ANY_POLICY_OID (line 45) | pub const INHIBIT_ANY_POLICY_OID: asn1::ObjectIdentifier = asn1::oid!(2,...
constant ACCEPTABLE_RESPONSES_OID (line 46) | pub const ACCEPTABLE_RESPONSES_OID: asn1::ObjectIdentifier =
constant ADMISSIONS_OID (line 48) | pub const ADMISSIONS_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 36, ...
constant PRIVATE_KEY_USAGE_PERIOD_OID (line 49) | pub const PRIVATE_KEY_USAGE_PERIOD_OID: asn1::ObjectIdentifier = asn1::o...
constant EC_OID (line 52) | pub const EC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10045, ...
constant EC_SECP192R1 (line 54) | pub const EC_SECP192R1: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 1...
constant EC_SECP224R1 (line 55) | pub const EC_SECP224R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0...
constant EC_SECP256R1 (line 56) | pub const EC_SECP256R1: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 1...
constant EC_SECP384R1 (line 57) | pub const EC_SECP384R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0...
constant EC_SECP521R1 (line 58) | pub const EC_SECP521R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0...
constant EC_SECP256K1 (line 60) | pub const EC_SECP256K1: asn1::ObjectIdentifier = asn1::oid!(1, 3, 132, 0...
constant EC_BRAINPOOLP256R1 (line 62) | pub const EC_BRAINPOOLP256R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, ...
constant EC_BRAINPOOLP384R1 (line 63) | pub const EC_BRAINPOOLP384R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, ...
constant EC_BRAINPOOLP512R1 (line 64) | pub const EC_BRAINPOOLP512R1: asn1::ObjectIdentifier = asn1::oid!(1, 3, ...
constant RSA_OID (line 66) | pub const RSA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549...
constant ECDSA_WITH_SHA224_OID (line 69) | pub const ECDSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant ECDSA_WITH_SHA256_OID (line 70) | pub const ECDSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant ECDSA_WITH_SHA384_OID (line 71) | pub const ECDSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant ECDSA_WITH_SHA512_OID (line 72) | pub const ECDSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant ECDSA_WITH_SHA3_224_OID (line 73) | pub const ECDSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier =
constant ECDSA_WITH_SHA3_256_OID (line 75) | pub const ECDSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier =
constant ECDSA_WITH_SHA3_384_OID (line 77) | pub const ECDSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier =
constant ECDSA_WITH_SHA3_512_OID (line 79) | pub const ECDSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier =
constant RSA_WITH_SHA1_OID (line 82) | pub const RSA_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 8...
constant RSA_WITH_SHA1_ALT_OID (line 83) | pub const RSA_WITH_SHA1_ALT_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant RSA_WITH_SHA224_OID (line 84) | pub const RSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2,...
constant RSA_WITH_SHA256_OID (line 85) | pub const RSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2,...
constant RSA_WITH_SHA384_OID (line 86) | pub const RSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2,...
constant RSA_WITH_SHA512_OID (line 87) | pub const RSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2,...
constant RSA_WITH_SHA3_224_OID (line 88) | pub const RSA_WITH_SHA3_224_OID: asn1::ObjectIdentifier =
constant RSA_WITH_SHA3_256_OID (line 90) | pub const RSA_WITH_SHA3_256_OID: asn1::ObjectIdentifier =
constant RSA_WITH_SHA3_384_OID (line 92) | pub const RSA_WITH_SHA3_384_OID: asn1::ObjectIdentifier =
constant RSA_WITH_SHA3_512_OID (line 94) | pub const RSA_WITH_SHA3_512_OID: asn1::ObjectIdentifier =
constant DSA_OID (line 97) | pub const DSA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10040,...
constant DSA_WITH_SHA224_OID (line 98) | pub const DSA_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16...
constant DSA_WITH_SHA256_OID (line 99) | pub const DSA_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16...
constant DSA_WITH_SHA384_OID (line 100) | pub const DSA_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16...
constant DSA_WITH_SHA512_OID (line 101) | pub const DSA_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16...
constant DH_OID (line 103) | pub const DH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 10046, ...
constant DH_KEY_AGREEMENT_OID (line 104) | pub const DH_KEY_AGREEMENT_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant X25519_OID (line 106) | pub const X25519_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 110);
constant X448_OID (line 107) | pub const X448_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 111);
constant ED25519_OID (line 109) | pub const ED25519_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 112);
constant ED448_OID (line 110) | pub const ED448_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 101, 113);
constant SHA1_OID (line 113) | pub const SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 14, 3, 2, ...
constant SHA224_OID (line 114) | pub const SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1,...
constant SHA256_OID (line 115) | pub const SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1,...
constant SHA384_OID (line 116) | pub const SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1,...
constant SHA512_OID (line 117) | pub const SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1,...
constant SHA3_224_OID (line 118) | pub const SHA3_224_OID: asn1::ObjectIdentifier =
constant SHA3_256_OID (line 120) | pub const SHA3_256_OID: asn1::ObjectIdentifier =
constant SHA3_384_OID (line 122) | pub const SHA3_384_OID: asn1::ObjectIdentifier =
constant SHA3_512_OID (line 124) | pub const SHA3_512_OID: asn1::ObjectIdentifier =
constant SHA3_224_NIST_OID (line 128) | pub const SHA3_224_NIST_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, ...
constant SHA3_256_NIST_OID (line 129) | pub const SHA3_256_NIST_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, ...
constant SHA3_384_NIST_OID (line 130) | pub const SHA3_384_NIST_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, ...
constant SHA3_512_NIST_OID (line 131) | pub const SHA3_512_NIST_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, ...
constant MGF1_OID (line 133) | pub const MGF1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 11354...
constant RSASSA_PSS_OID (line 134) | pub const RSASSA_PSS_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840,...
constant EKU_SERVER_AUTH_OID (line 137) | pub const EKU_SERVER_AUTH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3,...
constant EKU_CLIENT_AUTH_OID (line 138) | pub const EKU_CLIENT_AUTH_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3,...
constant EKU_CODE_SIGNING_OID (line 139) | pub const EKU_CODE_SIGNING_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3...
constant EKU_EMAIL_PROTECTION_OID (line 140) | pub const EKU_EMAIL_PROTECTION_OID: asn1::ObjectIdentifier = asn1::oid!(...
constant EKU_TIME_STAMPING_OID (line 141) | pub const EKU_TIME_STAMPING_OID: asn1::ObjectIdentifier = asn1::oid!(1, ...
constant EKU_OCSP_SIGNING_OID (line 142) | pub const EKU_OCSP_SIGNING_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3...
constant EKU_ANY_KEY_USAGE_OID (line 143) | pub const EKU_ANY_KEY_USAGE_OID: asn1::ObjectIdentifier = asn1::oid!(2, ...
constant EKU_CERTIFICATE_TRANSPARENCY_OID (line 144) | pub const EKU_CERTIFICATE_TRANSPARENCY_OID: asn1::ObjectIdentifier =
constant PBES2_OID (line 147) | pub const PBES2_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 1135...
constant PBKDF2_OID (line 148) | pub const PBKDF2_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113...
constant PBE_WITH_MD5_AND_DES_CBC (line 149) | pub const PBE_WITH_MD5_AND_DES_CBC: asn1::ObjectIdentifier = asn1::oid!(...
constant SCRYPT_OID (line 150) | pub const SCRYPT_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 4,...
constant PBE_WITH_SHA_AND_128_BIT_RC4 (line 152) | pub const PBE_WITH_SHA_AND_128_BIT_RC4: asn1::ObjectIdentifier =
constant PBE_WITH_SHA_AND_3KEY_TRIPLEDES_CBC (line 154) | pub const PBE_WITH_SHA_AND_3KEY_TRIPLEDES_CBC: asn1::ObjectIdentifier =
constant PBE_WITH_SHA_AND_40_BIT_RC2_CBC (line 156) | pub const PBE_WITH_SHA_AND_40_BIT_RC2_CBC: asn1::ObjectIdentifier =
constant AES_128_CBC_OID (line 159) | pub const AES_128_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 84...
constant AES_192_CBC_OID (line 160) | pub const AES_192_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 84...
constant AES_256_CBC_OID (line 161) | pub const AES_256_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 84...
constant DES_EDE3_CBC_OID (line 163) | pub const DES_EDE3_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 84...
constant RC2_CBC (line 165) | pub const RC2_CBC: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549...
constant HMAC_WITH_SHA1_OID (line 167) | pub const HMAC_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, ...
constant HMAC_WITH_SHA224_OID (line 168) | pub const HMAC_WITH_SHA224_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant HMAC_WITH_SHA256_OID (line 169) | pub const HMAC_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant HMAC_WITH_SHA384_OID (line 170) | pub const HMAC_WITH_SHA384_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant HMAC_WITH_SHA512_OID (line 171) | pub const HMAC_WITH_SHA512_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant PRIME_FIELD_OID (line 173) | pub const PRIME_FIELD_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840...
constant CHARACTERISTIC_TWO_FIELD_OID (line 174) | pub const CHARACTERISTIC_TWO_FIELD_OID: asn1::ObjectIdentifier = asn1::o...
FILE: src/rust/cryptography-x509/src/pkcs12.rs
constant CERT_BAG_OID (line 10) | pub const CERT_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 1...
constant KEY_BAG_OID (line 11) | pub const KEY_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 11...
constant SHROUDED_KEY_BAG_OID (line 12) | pub const SHROUDED_KEY_BAG_OID: asn1::ObjectIdentifier =
constant X509_CERTIFICATE_OID (line 14) | pub const X509_CERTIFICATE_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2...
constant FRIENDLY_NAME_OID (line 15) | pub const FRIENDLY_NAME_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 8...
constant LOCAL_KEY_ID_OID (line 16) | pub const LOCAL_KEY_ID_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 84...
constant JDK_TRUSTSTORE_USAGE (line 17) | pub const JDK_TRUSTSTORE_USAGE: asn1::ObjectIdentifier =
type Pfx (line 21) | pub struct Pfx<'a> {
type MacData (line 28) | pub struct MacData<'a> {
type SafeBag (line 36) | pub struct SafeBag<'a> {
type Attribute (line 44) | pub struct Attribute<'a> {
type AttributeSet (line 51) | pub enum AttributeSet<'a> {
type BagValue (line 63) | pub enum BagValue<'a> {
type CertBag (line 75) | pub struct CertBag<'a> {
type CertType (line 82) | pub enum CertType<'a> {
FILE: src/rust/cryptography-x509/src/pkcs7.rs
constant PKCS7_DATA_OID (line 7) | pub const PKCS7_DATA_OID: a
Copy disabled (too large)
Download .json
Condensed preview — 3001 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (92,838K chars).
[
{
"path": ".gitattributes",
"chars": 18,
"preview": "*.pem text eol=lf\n"
},
{
"path": ".github/ISSUE_TEMPLATE/openssl-release.md",
"chars": 549,
"preview": "- [ ] Windows, macOS, `manylinux`\n - [ ] Send a pull request to `pyca/infra` updating the [version and hash](https://"
},
{
"path": ".github/ISSUE_TEMPLATE.rst",
"chars": 920,
"preview": "If you're filing a bug (as opposed to a feature request), please try the\nfollowing things:\n\n* Check the FAQ to see if yo"
},
{
"path": ".github/actions/cache/action.yml",
"chars": 527,
"preview": "name: Cache\ndescription: Caches build data to speed builds\ninputs:\n key:\n description: 'extra cache key components'\n"
},
{
"path": ".github/actions/fetch-vectors/action.yml",
"chars": 805,
"preview": "name: Clone test vectors\ndescription: Clones the wycheproof and x509-limbo repositories\n\nruns:\n using: \"composite\"\n\n s"
},
{
"path": ".github/actions/upload-coverage/action.yml",
"chars": 679,
"preview": "name: Upload Coverage\ndescription: Upload coverage files\n\nruns:\n using: \"composite\"\n\n steps:\n - run: |\n COVE"
},
{
"path": ".github/actions/wheel-smoketest/action.yml",
"chars": 2977,
"preview": "name: Wheel Smoketest\ndescription: Tests a built cryptography wheel by installing it and verifying basic functionality\n\n"
},
{
"path": ".github/bin/build_openssl.sh",
"chars": 2777,
"preview": "#!/bin/bash\nset -e\nset -x\n\nif [[ \"${TYPE}\" == \"openssl\" ]]; then\n if [[ \"${VERSION}\" =~ ^[0-9a-f]{40}$ ]]; then\n git"
},
{
"path": ".github/bin/bump_dependency.py",
"chars": 6088,
"preview": "import argparse\nimport os\nimport re\nimport subprocess\nimport sys\nfrom datetime import datetime\n\n\ndef get_remote_commit_s"
},
{
"path": ".github/bin/bump_downstreams.sh",
"chars": 2970,
"preview": "#!/bin/bash\n\n# Extract downstream info from ci.yml using yq\nDOWNSTREAMS=$(yq '.jobs.linux-downstream.strategy.matrix.inc"
},
{
"path": ".github/bin/compare_benchmarks.py",
"chars": 1440,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": ".github/bin/merge_rust_coverage.py",
"chars": 4473,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": ".github/config/macos-pkg-choices-freethreaded.xml",
"chars": 448,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": ".github/dependabot.yml",
"chars": 867,
"preview": "version: 2\nenable-beta-ecosystems: true\n\nupdates:\n - package-ecosystem: \"github-actions\"\n directories:\n - \"/\"\n "
},
{
"path": ".github/downstream.d/aws-dynamodb-encryption-python.sh",
"chars": 372,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd aws-dynamodb-encryption-python\n uv pip install -e .\n "
},
{
"path": ".github/downstream.d/aws-encryption-sdk-python.sh",
"chars": 328,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd aws-encryption-sdk-python\n uv pip install -e .\n uv"
},
{
"path": ".github/downstream.d/certbot-josepy.sh",
"chars": 459,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd josepy\n curl -sSL https://install.python-poetry.org | pyt"
},
{
"path": ".github/downstream.d/certbot.sh",
"chars": 538,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd certbot\n uv pip install pip\n tools/pip_install.py "
},
{
"path": ".github/downstream.d/mitmproxy.sh",
"chars": 229,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd mitmproxy\n uv pip install -r <(uv export --locked) -e .\n "
},
{
"path": ".github/downstream.d/paramiko.sh",
"chars": 298,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd paramiko\n uv --version\n uv sync --inexact --active"
},
{
"path": ".github/downstream.d/pyopenssl-release.sh",
"chars": 213,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd pyopenssl\n uv pip install -e \".[test]\"\n ;;\n run"
},
{
"path": ".github/downstream.d/pyopenssl.sh",
"chars": 213,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd pyopenssl\n uv pip install -e \".[test]\"\n ;;\n run"
},
{
"path": ".github/downstream.d/scapy.sh",
"chars": 266,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd scapy\n uv pip install tox\n ;;\n run)\n cd "
},
{
"path": ".github/downstream.d/sigstore-python.sh",
"chars": 534,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n # NOTE: placed in /tmp to avoid inscrutable pytest failures\n "
},
{
"path": ".github/downstream.d/twisted.sh",
"chars": 245,
"preview": "#!/bin/bash -ex\n\ncase \"${1}\" in\n install)\n cd twisted\n uv pip install \".[all_non_platform]\"\n ;;\n"
},
{
"path": ".github/requirements/build-requirements.in",
"chars": 836,
"preview": "# Must be kept sync with build-system.requires at pyproject.toml\nsetuptools!=74.0.0\ncffi>=1.14; platform_python_implemen"
},
{
"path": ".github/requirements/build-requirements.txt",
"chars": 15511,
"preview": "# This file was autogenerated by uv via the following command:\n# uv pip compile --universal --python-version 3.9 --al"
},
{
"path": ".github/requirements/uv-requirements.in",
"chars": 3,
"preview": "uv\n"
},
{
"path": ".github/requirements/uv-requirements.txt",
"chars": 1845,
"preview": "# This file was autogenerated by uv via the following command:\n# uv pip compile --universal --python-version 3.8 --ge"
},
{
"path": ".github/workflows/auto-close-stale.yml",
"chars": 844,
"preview": "name: Auto-close stale issues\non:\n workflow_dispatch:\n schedule:\n - cron: '0 0 * * *'\n\njobs:\n auto-close:\n if: "
},
{
"path": ".github/workflows/benchmark.yml",
"chars": 2320,
"preview": "name: Benchmark\non:\n pull_request:\n paths:\n - \".github/workflows/benchmark.yml\"\n - \"src/**\"\n - \"tests"
},
{
"path": ".github/workflows/boring-open-awslc-bump.yml",
"chars": 2759,
"preview": "name: Bump BoringSSL, OpenSSL, AWS-LC\npermissions:\n contents: read\n\non:\n workflow_dispatch:\n schedule:\n # Run dail"
},
{
"path": ".github/workflows/ci.yml",
"chars": 26064,
"preview": "name: CI\non:\n pull_request: {}\n push:\n branches:\n - main\n - '*.*.x'\n\npermissions:\n contents: read\n\nconcu"
},
{
"path": ".github/workflows/downstream-version-bump.yml",
"chars": 1439,
"preview": "name: Bump downstream dependencies\npermissions:\n contents: read\n\non:\n workflow_dispatch:\n schedule:\n # Run daily\n "
},
{
"path": ".github/workflows/linkcheck.yml",
"chars": 1323,
"preview": "name: linkcheck\non:\n pull_request:\n paths:\n - docs/conf.py\n - .github/workflows/linkcheck.yml\n schedule:\n"
},
{
"path": ".github/workflows/lock.yml",
"chars": 430,
"preview": "name: Lock Issues\non:\n workflow_dispatch:\n schedule:\n - cron: '0 3 * * *'\n\njobs:\n lock:\n if: github.repository_"
},
{
"path": ".github/workflows/pypi-publish.yml",
"chars": 2414,
"preview": "name: Publish to PyPI\n\non:\n workflow_dispatch:\n inputs:\n run_id:\n description: The run of wheel-builder "
},
{
"path": ".github/workflows/wheel-builder.yml",
"chars": 19018,
"preview": "name: Wheel Builder\npermissions:\n contents: read\non:\n workflow_dispatch:\n inputs:\n version:\n descriptio"
},
{
"path": ".github/workflows/x509-limbo-version-bump.yml",
"chars": 2601,
"preview": "name: Bump x509-limbo and/or wycheproof\npermissions:\n contents: read\n\non:\n workflow_dispatch:\n schedule:\n # Run da"
},
{
"path": ".gitignore",
"chars": 157,
"preview": "__pycache__/\n_build/\nbuild/\ndist/\nhtmlcov/\n*.so\n.tox/\n.cache/\n.coverage\n*.egg-info/\n*.egg\n.eggs/\n*.py[cdo]\n.hypothesis/\n"
},
{
"path": ".readthedocs.yml",
"chars": 459,
"preview": "# https://docs.readthedocs.io/en/stable/config-file/v2.html#supported-settings\n\nversion: 2\n\nsphinx:\n # The config file "
},
{
"path": "CHANGELOG.rst",
"chars": 119601,
"preview": "Changelog\n=========\n\n.. _v47-0-0:\n\n47.0.0 - `main`_\n~~~~~~~~~~~~~~~~\n\n.. note:: This version is not yet released and is "
},
{
"path": "CONTRIBUTING.rst",
"chars": 666,
"preview": "Contributing to cryptography\n============================\n\nAs an open source project, cryptography welcomes contribution"
},
{
"path": "Cargo.toml",
"chars": 977,
"preview": "[workspace]\nresolver = \"2\"\nmembers = [\n \"src/rust/\",\n \"src/rust/cryptography-cffi\",\n \"src/rust/cryptography-cry"
},
{
"path": "LICENSE",
"chars": 197,
"preview": "This software is made available under the terms of *either* of the licenses\nfound in LICENSE.APACHE or LICENSE.BSD. Cont"
},
{
"path": "LICENSE.APACHE",
"chars": 11360,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "LICENSE.BSD",
"chars": 1532,
"preview": "Copyright (c) Individual contributors.\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or "
},
{
"path": "README.rst",
"chars": 2251,
"preview": "pyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi"
},
{
"path": "ci-constraints-requirements.txt",
"chars": 10476,
"preview": "# This file was autogenerated by uv via the following command:\n# uv pip compile --universal --python-version 3.8 --al"
},
{
"path": "docs/Makefile",
"chars": 5588,
"preview": "# Makefile for Sphinx documentation\n#\n\n# You can set these variables from the command line.\nSPHINXOPTS =\nSPHINXBUILD "
},
{
"path": "docs/_ext/cryptography-docs.py",
"chars": 1631,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/_ext/linkcode_res.py",
"chars": 3435,
"preview": "import importlib\nimport inspect\nimport os\nimport sys\n\nimport cryptography\n\n# -- Linkcode resolver ----------------------"
},
{
"path": "docs/_static/.keep",
"chars": 0,
"preview": ""
},
{
"path": "docs/_templates/layout.html",
"chars": 205,
"preview": "{% extends \"!layout.html\" %}\n{% block sidebartitle %}\n{{ super() }}\n<a href=\"https://github.com/pyca/cryptography\" style"
},
{
"path": "docs/api-stability.rst",
"chars": 3248,
"preview": "API stability\n=============\n\nFrom its first release, ``cryptography`` has had a strong API stability\npolicy.\n\nWhat does "
},
{
"path": "docs/changelog.rst",
"chars": 30,
"preview": ".. include:: ../CHANGELOG.rst\n"
},
{
"path": "docs/community.rst",
"chars": 589,
"preview": "Community\n=========\n\nYou can find ``cryptography`` all over the web:\n\n* `Mailing list`_\n* `Source code`_\n* `Issue tracke"
},
{
"path": "docs/conf.py",
"chars": 6456,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/c-bindings.rst",
"chars": 5932,
"preview": "C bindings\n==========\n\nC bindings are bindings to C libraries, using cffi_ whenever possible.\n\n.. _cffi: https://cffi.re"
},
{
"path": "docs/development/custom-vectors/aes-192-gcm-siv/generate_aes192gcmsiv.py",
"chars": 2828,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/Cargo.toml",
"chars": 141,
"preview": "[package]\nname = \"verify-aes192gcmsiv\"\nversion = \"0.1.0\"\nedition = \"2021\"\n\n[dependencies]\naes-gcm-siv = \"0.11.1\"\naes = \""
},
{
"path": "docs/development/custom-vectors/aes-192-gcm-siv/verify-aes192gcmsiv/src/main.rs",
"chars": 3518,
"preview": "use aes_gcm_siv::{\n aead::{Aead, KeyInit},\n AesGcmSiv, Nonce,\n};\n\nuse aes::Aes192;\nuse aes_gcm_siv::aead::generic_"
},
{
"path": "docs/development/custom-vectors/aes-192-gcm-siv.rst",
"chars": 954,
"preview": "AES-GCM-SIV vector creation\n===========================\n\nThis page documents the code that was used to generate the AES-"
},
{
"path": "docs/development/custom-vectors/arc4/generate_arc4.py",
"chars": 2435,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/arc4/verify_arc4.go",
"chars": 2634,
"preview": "package main\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"crypto/rc4\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n)\n\nfunc unhexl"
},
{
"path": "docs/development/custom-vectors/arc4.rst",
"chars": 840,
"preview": "ARC4 vector creation\n====================\n\nThis page documents the code that was used to generate the ARC4 test\nvectors "
},
{
"path": "docs/development/custom-vectors/cast5/generate_cast5.py",
"chars": 2252,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/cast5/verify_cast5.go",
"chars": 4029,
"preview": "package main\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"golang.org/x/crypto/cast5\"\n\t\"crypto/cipher\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"os\"\n\t\"st"
},
{
"path": "docs/development/custom-vectors/cast5.rst",
"chars": 996,
"preview": "CAST5 vector creation\n=====================\n\nThis page documents the code that was used to generate the CAST5 CBC, CFB, "
},
{
"path": "docs/development/custom-vectors/chacha20/generate_chacha20_overflow.py",
"chars": 1524,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/chacha20/verify_chacha20_overflow.py",
"chars": 2291,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/chacha20.rst",
"chars": 938,
"preview": "ChaCha20 vector creation\n========================\n\nThis page documents the code that was used to generate the vectors\nto"
},
{
"path": "docs/development/custom-vectors/hkdf/generate_hkdf.py",
"chars": 952,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/hkdf/verify_hkdf.go",
"chars": 1300,
"preview": "package main\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"golang.org/x/crypto/hkdf\"\n\t\"io\"\n\t\"os\""
},
{
"path": "docs/development/custom-vectors/hkdf.rst",
"chars": 755,
"preview": "HKDF vector creation\n====================\n\nThis page documents the code that was used to generate a longer\nHKDF test vec"
},
{
"path": "docs/development/custom-vectors/idea/generate_idea.py",
"chars": 1885,
"preview": "import binascii\n\nfrom cryptography.hazmat.primitives.ciphers import algorithms, base, modes\n\n\ndef encrypt(mode, key, iv,"
},
{
"path": "docs/development/custom-vectors/idea/verify_idea.py",
"chars": 997,
"preview": "import binascii\n\nimport botan\n\nfrom tests.utils import load_nist_vectors\n\nBLOCK_SIZE = 64\n\n\ndef encrypt(mode, key, iv, p"
},
{
"path": "docs/development/custom-vectors/idea.rst",
"chars": 949,
"preview": "IDEA vector creation\n=====================\n\nThis page documents the code that was used to generate the IDEA CBC, CFB, an"
},
{
"path": "docs/development/custom-vectors/rc2/genrc2.go",
"chars": 934,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"crypto/cipher\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"rc2sucks/rc2\"\n)\n\nfunc main() {\n\t// Generate\n\tc"
},
{
"path": "docs/development/custom-vectors/rc2/go.mod",
"chars": 27,
"preview": "module rc2sucks\n\ngo 1.21.7\n"
},
{
"path": "docs/development/custom-vectors/rc2/rc2/rc2.go",
"chars": 6626,
"preview": "// From https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.19.0:pkcs12/internal/rc2/rc2.go\n// Copyright 2015 The Go"
},
{
"path": "docs/development/custom-vectors/rc2.rst",
"chars": 871,
"preview": "RC2 vector creation\n===================\n\nThis page documents the code that was used to generate the RC2 CBC test vector."
},
{
"path": "docs/development/custom-vectors/rsa-oaep-sha2/VerifyRSAOAEPSHA2.java",
"chars": 14456,
"preview": "import java.io.BufferedReader;\nimport java.io.FileReader;\nimport java.io.IOException;\nimport java.math.BigInteger;\nimpor"
},
{
"path": "docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py",
"chars": 4265,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "docs/development/custom-vectors/rsa-oaep-sha2.rst",
"chars": 1711,
"preview": "RSA OAEP SHA2 vector creation\n=============================\n\nThis page documents the code that was used to generate the "
},
{
"path": "docs/development/custom-vectors/secp256k1/generate_secp256k1.py",
"chars": 2371,
"preview": "import hashlib\nimport os\nfrom binascii import hexlify\nfrom collections import defaultdict\n\nfrom ecdsa import SECP256k1, "
},
{
"path": "docs/development/custom-vectors/secp256k1/verify_secp256k1.py",
"chars": 1244,
"preview": "import os\n\nfrom cryptography.hazmat.primitives import hashes\nfrom cryptography.hazmat.primitives.asymmetric import ec\nfr"
},
{
"path": "docs/development/custom-vectors/secp256k1.rst",
"chars": 998,
"preview": "SECP256K1 vector creation\n=========================\n\nThis page documents the code that was used to generate the SECP256K"
},
{
"path": "docs/development/custom-vectors/seed/generate_seed.py",
"chars": 1715,
"preview": "import binascii\n\nfrom cryptography.hazmat.primitives.ciphers import algorithms, base, modes\n\n\ndef encrypt(mode, key, iv,"
},
{
"path": "docs/development/custom-vectors/seed/verify_seed.py",
"chars": 871,
"preview": "import binascii\n\nimport botan\n\nfrom tests.utils import load_nist_vectors\n\n\ndef encrypt(mode, key, iv, plaintext):\n en"
},
{
"path": "docs/development/custom-vectors/seed.rst",
"chars": 937,
"preview": "SEED vector creation\n=====================\n\nThis page documents the code that was used to generate the SEED CFB and OFB\n"
},
{
"path": "docs/development/getting-started.rst",
"chars": 1919,
"preview": "Getting started\n===============\n\nDevelopment dependencies\n------------------------\n\nWorking on ``cryptography`` requires"
},
{
"path": "docs/development/index.rst",
"chars": 565,
"preview": "Development\n===========\n\nAs an open source project, ``cryptography`` welcomes contributions of all\nforms. The sections b"
},
{
"path": "docs/development/reviewing-patches.rst",
"chars": 2121,
"preview": "Reviewing and merging patches\n=============================\n\nEveryone is encouraged to review open pull requests. We onl"
},
{
"path": "docs/development/submitting-patches.rst",
"chars": 5703,
"preview": "Submitting patches\n==================\n\n* Always make a new branch for your work.\n* Patches should be small to facilitate"
},
{
"path": "docs/development/test-vectors.rst",
"chars": 73982,
"preview": "Test vectors\n============\n\nTesting the correctness of the primitives implemented in ``cryptography``\nrequires trusted te"
},
{
"path": "docs/doing-a-release.rst",
"chars": 3812,
"preview": "Doing a release\n===============\n\nDoing a release of ``cryptography`` requires a few steps.\n\nSecurity Releases\n----------"
},
{
"path": "docs/exceptions.rst",
"chars": 853,
"preview": "Exceptions\n==========\n\n.. currentmodule:: cryptography.exceptions\n\n\n.. class:: UnsupportedAlgorithm\n\n Raised when the"
},
{
"path": "docs/faq.rst",
"chars": 10150,
"preview": "Frequently asked questions\n==========================\n\nWhat issues can you help with in your issue tracker?\n------------"
},
{
"path": "docs/fernet.rst",
"chars": 11772,
"preview": "Fernet (symmetric encryption)\n=============================\n\n.. currentmodule:: cryptography.fernet\n\nFernet guarantees t"
},
{
"path": "docs/glossary.rst",
"chars": 5773,
"preview": "Glossary\n========\n\n.. glossary::\n :sorted:\n\n plaintext\n User-readable data you care about.\n\n ciphertext\n"
},
{
"path": "docs/hazmat/decrepit/ciphers.rst",
"chars": 5232,
"preview": ".. hazmat::\n\n\nDecrepit Symmetric algorithms\n=============================\n\n.. module:: cryptography.hazmat.decrepit.ciph"
},
{
"path": "docs/hazmat/decrepit/index.rst",
"chars": 341,
"preview": ".. hazmat::\n\nDecrepit cryptography\n=====================\n\nThis module holds old, deprecated, and/or insecure cryptograph"
},
{
"path": "docs/hazmat/decrepit/modes.rst",
"chars": 1779,
"preview": ".. hazmat::\n\n\nDecrepit Cipher Modes\n=====================\n\n.. module:: cryptography.hazmat.decrepit.ciphers.modes\n\nThis "
},
{
"path": "docs/hazmat/primitives/aead.rst",
"chars": 38482,
"preview": ".. hazmat::\n\n\nAuthenticated encryption\n========================\n\n.. module:: cryptography.hazmat.primitives.ciphers.aead"
},
{
"path": "docs/hazmat/primitives/asymmetric/cloudhsm.rst",
"chars": 6900,
"preview": ".. hazmat::\n\nCloud KMS and HSM Asymmetric Keys\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n.. testsetup::\n\n \"\"\"\n We nee"
},
{
"path": "docs/hazmat/primitives/asymmetric/dh.rst",
"chars": 11950,
"preview": ".. hazmat::\n\nDiffie-Hellman key exchange\n===========================\n\n.. currentmodule:: cryptography.hazmat.primitives."
},
{
"path": "docs/hazmat/primitives/asymmetric/dsa.rst",
"chars": 12502,
"preview": ".. hazmat::\n\nDSA\n===\n\n.. module:: cryptography.hazmat.primitives.asymmetric.dsa\n\n.. note::\n\n DSA is a **legacy algori"
},
{
"path": "docs/hazmat/primitives/asymmetric/ec.rst",
"chars": 25422,
"preview": ".. hazmat::\n\nElliptic curve cryptography\n===========================\n\n.. module:: cryptography.hazmat.primitives.asymmet"
},
{
"path": "docs/hazmat/primitives/asymmetric/ed25519.rst",
"chars": 7961,
"preview": ".. hazmat::\n\nEd25519 signing\n===============\n\n.. currentmodule:: cryptography.hazmat.primitives.asymmetric.ed25519\n\n\nEd2"
},
{
"path": "docs/hazmat/primitives/asymmetric/ed448.rst",
"chars": 5480,
"preview": ".. hazmat::\n\nEd448 signing\n=============\n\n.. currentmodule:: cryptography.hazmat.primitives.asymmetric.ed448\n\n\nEd448 is "
},
{
"path": "docs/hazmat/primitives/asymmetric/index.rst",
"chars": 5126,
"preview": ".. hazmat::\n\nAsymmetric algorithms\n=====================\n\nAsymmetric cryptography is a branch of cryptography where a se"
},
{
"path": "docs/hazmat/primitives/asymmetric/rsa.rst",
"chars": 28212,
"preview": ".. hazmat::\n\nRSA\n===\n\n.. module:: cryptography.hazmat.primitives.asymmetric.rsa\n\n`RSA`_ is a `public-key`_ algorithm for"
},
{
"path": "docs/hazmat/primitives/asymmetric/serialization.rst",
"chars": 77245,
"preview": ".. hazmat::\n\nKey Serialization\n=================\n\n.. module:: cryptography.hazmat.primitives.serialization\n\n.. testsetup"
},
{
"path": "docs/hazmat/primitives/asymmetric/utils.rst",
"chars": 3360,
"preview": ".. hazmat::\n\nAsymmetric Utilities\n====================\n\n.. currentmodule:: cryptography.hazmat.primitives.asymmetric.uti"
},
{
"path": "docs/hazmat/primitives/asymmetric/x25519.rst",
"chars": 7862,
"preview": ".. hazmat::\n\nX25519 key exchange\n===================\n\n.. currentmodule:: cryptography.hazmat.primitives.asymmetric.x2551"
},
{
"path": "docs/hazmat/primitives/asymmetric/x448.rst",
"chars": 7709,
"preview": ".. hazmat::\n\nX448 key exchange\n===================\n\n.. currentmodule:: cryptography.hazmat.primitives.asymmetric.x448\n\n\n"
},
{
"path": "docs/hazmat/primitives/constant-time.rst",
"chars": 1569,
"preview": ".. hazmat::\n\nConstant time functions\n=======================\n\n.. currentmodule:: cryptography.hazmat.primitives.constant"
},
{
"path": "docs/hazmat/primitives/cryptographic-hashes.rst",
"chars": 13639,
"preview": ".. hazmat::\n\nMessage digests (Hashing)\n=========================\n\n.. module:: cryptography.hazmat.primitives.hashes\n\n.. "
},
{
"path": "docs/hazmat/primitives/hpke.rst",
"chars": 3857,
"preview": ".. hazmat::\n\nHPKE (Hybrid Public Key Encryption)\n===================================\n\n.. module:: cryptography.hazmat.pr"
},
{
"path": "docs/hazmat/primitives/index.rst",
"chars": 255,
"preview": ".. hazmat::\n\nPrimitives\n==========\n\n.. toctree::\n :maxdepth: 2\n\n aead\n asymmetric/index\n hpke\n constant-t"
},
{
"path": "docs/hazmat/primitives/key-derivation-functions.rst",
"chars": 71212,
"preview": ".. hazmat::\n\nKey derivation functions\n========================\n\n.. module:: cryptography.hazmat.primitives.kdf\n\nKey deri"
},
{
"path": "docs/hazmat/primitives/keywrap.rst",
"chars": 2224,
"preview": ".. hazmat::\n\n.. module:: cryptography.hazmat.primitives.keywrap\n\nKey wrapping\n============\n\nKey wrapping is a cryptograp"
},
{
"path": "docs/hazmat/primitives/mac/cmac.rst",
"chars": 3992,
"preview": ".. hazmat::\n\nCipher-based message authentication code (CMAC)\n===============================================\n\n.. current"
},
{
"path": "docs/hazmat/primitives/mac/hmac.rst",
"chars": 4195,
"preview": ".. hazmat::\n\nHash-based message authentication codes (HMAC)\n==============================================\n\n.. currentmo"
},
{
"path": "docs/hazmat/primitives/mac/index.rst",
"chars": 470,
"preview": ".. hazmat::\n\nMessage authentication codes\n============================\n\nWhile cryptography supports multiple MAC algorit"
},
{
"path": "docs/hazmat/primitives/mac/poly1305.rst",
"chars": 5142,
"preview": ".. hazmat::\n\nPoly1305\n========\n\n.. currentmodule:: cryptography.hazmat.primitives.poly1305\n\n.. testsetup::\n\n key = b\""
},
{
"path": "docs/hazmat/primitives/padding.rst",
"chars": 4512,
"preview": ".. hazmat::\n\nSymmetric Padding\n=================\n\n.. module:: cryptography.hazmat.primitives.padding\n\nPadding is a way t"
},
{
"path": "docs/hazmat/primitives/symmetric-encryption.rst",
"chars": 33993,
"preview": ".. hazmat:: /fernet\n\n\nSymmetric encryption\n====================\n\n.. module:: cryptography.hazmat.primitives.ciphers\n\nSym"
},
{
"path": "docs/hazmat/primitives/twofactor.rst",
"chars": 10210,
"preview": ".. hazmat::\n\nTwo-factor authentication\n=========================\n\n.. currentmodule:: cryptography.hazmat.primitives.twof"
},
{
"path": "docs/index.rst",
"chars": 2869,
"preview": "Welcome to ``pyca/cryptography``\n================================\n\n``cryptography`` includes both high level recipes and"
},
{
"path": "docs/installation.rst",
"chars": 12159,
"preview": "Installation\n============\n\nYou can install ``cryptography``:\n\n.. tab:: ``pip``\n\n .. code-block:: console\n\n $ p"
},
{
"path": "docs/limitations.rst",
"chars": 2243,
"preview": "Known security limitations\n==========================\n\nSecure memory wiping\n--------------------\n\n`Memory wiping`_ is us"
},
{
"path": "docs/make.bat",
"chars": 5108,
"preview": "@ECHO OFF\n\nREM Command file for Sphinx documentation\n\nif \"%SPHINXBUILD%\" == \"\" (\n\tset SPHINXBUILD=sphinx-build\n)\nset BUI"
},
{
"path": "docs/openssl.rst",
"chars": 1903,
"preview": "Use of OpenSSL\n==============\n\n``cryptography`` depends on the `OpenSSL`_ C library for all cryptographic\noperation. Ope"
},
{
"path": "docs/random-numbers.rst",
"chars": 1417,
"preview": "Random number generation\n========================\n\nWhen generating random data for use in cryptographic operations, such"
},
{
"path": "docs/security.rst",
"chars": 4274,
"preview": "Security\n========\n\nWe take the security of ``cryptography`` seriously. The following are a set of\npolicies we have adopt"
},
{
"path": "docs/spelling_wordlist.txt",
"chars": 1598,
"preview": "AArch\naccessor\naffine\nargon2\nargon2id\nAuthenticator\nauthenticator\nAVX\nbackend\nBackends\nbackends\nbcrypt\nBleichenbacher\nBl"
},
{
"path": "docs/statements/index.rst",
"chars": 157,
"preview": "Statements\n==========\n\nOccasional statements from the Python Cryptographic Authority about the project.\n\n.. toctree::\n "
},
{
"path": "docs/statements/state-of-openssl.rst",
"chars": 13399,
"preview": "===============================================\nThe State of OpenSSL for ``pyca/cryptography``\n========================="
},
{
"path": "docs/x509/certificate-transparency.rst",
"chars": 3413,
"preview": "Certificate Transparency\n========================\n\n.. currentmodule:: cryptography.x509.certificate_transparency\n\n`Certi"
},
{
"path": "docs/x509/index.rst",
"chars": 639,
"preview": "X.509\n=====\n\nX.509 is a standard for `public key infrastructure`_. ``cryptography``\nimplements X.509 in accordance with "
},
{
"path": "docs/x509/ocsp.rst",
"chars": 36970,
"preview": "OCSP\n====\n\n.. currentmodule:: cryptography.x509.ocsp\n\n.. testsetup::\n\n import base64\n pem_cert = b\"\"\"\n -----BEG"
},
{
"path": "docs/x509/reference.rst",
"chars": 148764,
"preview": "X.509 Reference\n===============\n\n.. currentmodule:: cryptography.x509\n\n.. testsetup::\n\n pem_crl_data = b\"\"\"\n -----"
},
{
"path": "docs/x509/tutorial.rst",
"chars": 14426,
"preview": "Tutorial\n========\n\nX.509 certificates are used to authenticate clients and servers. The most\ncommon use case is for web "
},
{
"path": "docs/x509/verification.rst",
"chars": 18665,
"preview": "X.509 Verification\n==================\n\n.. currentmodule:: cryptography.x509.verification\n\n.. module:: cryptography.x509."
},
{
"path": "noxfile.py",
"chars": 9946,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "pyproject.toml",
"chars": 6142,
"preview": "[build-system]\n# These requirements must be kept sync with the requirements in\n# ./.github/requirements/build-requiremen"
},
{
"path": "release.py",
"chars": 2702,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "src/_cffi_src/build_openssl.py",
"chars": 1571,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/__init__.py",
"chars": 180,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/asn1.py",
"chars": 1647,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/bignum.py",
"chars": 1143,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/bio.py",
"chars": 1277,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/crypto.py",
"chars": 657,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/cryptography.py",
"chars": 1578,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/dh.py",
"chars": 360,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/dsa.py",
"chars": 547,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/ec.py",
"chars": 575,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/engine.py",
"chars": 2613,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/err.py",
"chars": 1513,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/evp.py",
"chars": 1112,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/nid.py",
"chars": 397,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/objects.py",
"chars": 456,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/opensslv.py",
"chars": 555,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/pem.py",
"chars": 1096,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/rand.py",
"chars": 391,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/rsa.py",
"chars": 808,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/ssl.py",
"chars": 27241,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/x509.py",
"chars": 4330,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/x509_vfy.py",
"chars": 7400,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/x509name.py",
"chars": 1784,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/openssl/x509v3.py",
"chars": 1274,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/_cffi_src/utils.py",
"chars": 2405,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/__about__.py",
"chars": 450,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/__init__.py",
"chars": 762,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/exceptions.py",
"chars": 1087,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/fernet.py",
"chars": 6963,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/__init__.py",
"chars": 455,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/_oid.py",
"chars": 17240,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/asn1/__init__.py",
"chars": 704,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/asn1/asn1.py",
"chars": 13196,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/backends/__init__.py",
"chars": 361,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/backends/openssl/__init__.py",
"chars": 305,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/backends/openssl/backend.py",
"chars": 10130,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/__init__.py",
"chars": 180,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/__init__.pyi",
"chars": 2285,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/_openssl.pyi",
"chars": 228,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/asn1.pyi",
"chars": 354,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/declarative_asn1.pyi",
"chars": 3478,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/exceptions.pyi",
"chars": 640,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/ocsp.pyi",
"chars": 4020,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi",
"chars": 1502,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/aead.pyi",
"chars": 4582,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi",
"chars": 1315,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi",
"chars": 564,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/dh.pyi",
"chars": 1564,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi",
"chars": 1299,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
},
{
"path": "src/cryptography/hazmat/bindings/_rust/openssl/ec.pyi",
"chars": 1691,
"preview": "# This file is dual licensed under the terms of the Apache License, Version\n# 2.0, and the BSD License. See the LICENSE "
}
]
// ... and 2801 more files (download for full content)
About this extraction
This page contains the full source code of the pyca/cryptography GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 3001 files (86.2 MB), approximately 22.7M tokens, and a symbol index with 6572 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.