Merge branch 'master' into pbkdf2-commoncrypto

* master:
  a bit more language work + changelog changes for pbkdf2hmac
  one more style fix
  a few typo fixes, capitalization, etc
  switch to private attributes in pbkdf2hmac
  expand docs to talk more about the purposes of KDFs
  update docs re: PBKDF2HMAC iterations
  add test for null char replacement
  Added installation section to index.rst
  called -> used
  quotes inside, diff examples
  Expose this method because probably someone will need it eventually
  fix spacing, remove versionadded since HashAlgorithm was in 0.1
  document HashAlgorithm
  Added canonical installation document with details about various platforms, fixes #519
  update docs for pbkdf2
  Add bindings for X509_REQ_get_extensions.
  add Konstantinos Koukopoulos to AUTHORS.rst
  review fixes
  doc updates based on review

Conflicts:
	docs/changelog.rst

2 files changed, 10 insertions, 9 deletions

diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index 840254a2..e4021a12 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -119,6 +119,7 @@ int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *);
 int X509_REQ_verify(X509_REQ *, EVP_PKEY *);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *);
 int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *);
+X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *);
 int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long);
 
 int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
@@ -165,6 +166,7 @@ int X509_set_serialNumber(X509 *, ASN1_INTEGER *);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *);
 int X509_STORE_add_cert(X509_STORE *, X509 *);
+int X509_verify_cert(X509_STORE_CTX *);
 """
 
 MACROS = """
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index fec1d5c2..71b88211 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -30,8 +30,8 @@ class PBKDF2HMAC(object):
                 "{0} is not supported for PBKDF2 by this backend".format(
                     algorithm.name)
             )
-        self._called = False
-        self.algorithm = algorithm
+        self._used = False
+        self._algorithm = algorithm
         self._length = length
         if isinstance(salt, six.text_type):
             raise TypeError(
@@ -39,14 +39,13 @@ class PBKDF2HMAC(object):
                 "material."
             )
         self._salt = salt
-        self.iterations = iterations
+        self._iterations = iterations
         self._backend = backend
 
     def derive(self, key_material):
-        if self._called:
-            raise AlreadyFinalized("PBKDF2 instances can only be called once")
-        else:
-            self._called = True
+        if self._used:
+            raise AlreadyFinalized("PBKDF2 instances can only be used once")
+        self._used = True
 
         if isinstance(key_material, six.text_type):
             raise TypeError(
@@ -54,10 +53,10 @@ class PBKDF2HMAC(object):
                 "material."
             )
         return self._backend.derive_pbkdf2_hmac(
-            self.algorithm,
+            self._algorithm,
             self._length,
             self._salt,
-            self.iterations,
+            self._iterations,
             key_material
         )