aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGELOG.rst
Commit message (Collapse)AuthorAgeFilesLines
...
* add changelog entry, fixes #3427 (#3435)Paul Kehrer2017-03-091-0/+1
|
* Fixed #3398 -- document the serial deprecation in the changelog (#3401)Alex Gaynor2017-02-171-0/+3
| | | | | | | | * Fixed #3398 -- document the serial deprecation in the changelog * fix * sigh, fix
* add support for update_into on CipherContext (#3190)Paul Kehrer2017-02-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add support for update_into on CipherContext This allows you to provide your own buffer (like recv_into) to improve performance when repeatedly calling encrypt/decrypt on large payloads. * another skip_if * more skip_if complexity * maybe do this right * correct number of args * coverage for the coverage gods * add a cffi minimum test tox target and travis builder This tests against macOS so we capture some commoncrypto branches * extra arg * need to actually install py35 * fix * coverage for GCM decrypt in CC * no longer relevant * 1.8 now * pep8 * dramatically simplify * update docs * remove unneeded test * changelog entry * test improvements * coverage fix * add some comments to example * move the comments to their own line * fix and move comment
* Fixed #3306 -- changelog entry for linking against OpenSSL 1.1.0 (#3389)Alex Gaynor2017-02-111-0/+1
|
* enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)Paul Kehrer2017-02-081-1/+5
| | | | | | | | | | * enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
* replace pyasn1 with asn1crypto (#3361)Ofek Lev2017-02-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | * replace pyasn1 with asn1crypto * allow trailing bytes * fix x509 test * update CHANGELOG.rst * fix assert * make asn1crypto code more idiomatic * find tag * final clean-up * leave trailing byte logic unchanged * document dependency change * spelling * fix spelling
* Dh serialization changelog (#3385)Aviv Palivoda2017-02-081-0/+10
| | | | | | * Add CHANGELOG entries for DH serialization * update AUTHORS
* port 1.7.2 changelog (#3371)Paul Kehrer2017-01-281-0/+5
|
* Fixed #3334 -- added Python 3.6 support (#3335)Alex Gaynor2016-12-231-0/+2
| | | | | | | | | | * Fixed #3334 -- added Python 3.6 support * install py36 * empty commit to retrigger travis * this is an impressively dumb typo
* 1.7.1 changelog port (#3320)Paul Kehrer2016-12-141-0/+5
| | | | | | * 1.7.1 changelog port * vim stop indenting when I don't want you to
* 1.8 begins (#3311)Paul Kehrer2016-12-121-0/+6
|
* 1.7 changelog date and version bump (#3310)Paul Kehrer2016-12-121-4/+2
| | | | | | * 1.7 changelog date and version bump * no wait the 12th
* add changelog entry for osrandom (#3298)Paul Kehrer2016-12-101-0/+4
|
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* Error out on OpenSSL 1.0.0 by default (#3276)Alex Gaynor2016-11-221-0/+2
| | | | | | * Error out on OpenSSL 1.0.0 by default * what the heck
* let's get rolling on 1.7! (#3274)Paul Kehrer2016-11-221-0/+6
|
* bump version and set changelog date for 1.6 release (#3271)Paul Kehrer2016-11-211-4/+2
|
* update docs and changelog for prehashed support (#3268)Paul Kehrer2016-11-201-1/+1
|
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-201-0/+3
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* Additions to the changelog for 1.6 (#3258)Paul Kehrer2016-11-191-1/+5
| | | | | | * Additions to the changelog for 1.6 * explain why
* workaround for application bundling tools (#3235)Paul Kehrer2016-11-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | * cx_freeze support for default_backend * updated tabing to spaces * corrected spacing * moved finding backend to backends __init__ * update to check to see if sys is frozen * corrected pep8 issues * update based on comments * changes to simplify, support testing, and improve comments * add changelog entry * right, coverage. I remember now. Time for some contortions. * updated with review feedback
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-131-0/+1
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* update CHANGELOG.rst & AUTHORS.rst (#3231)Ofek Lev2016-11-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * try ec.SECT283K1 * try ec.SECT571K1 * try ec.SECT409K1 * try ec.SECT283K1 * try ec.SECT233K1 * try ec.SECT163K1 * try ec.SECT571R1 * try ec.SECT409R1 * try ec.SECT283R1 * try ec.SECT233R1 * try ec.SECT163R2 * try ec.SECP521R1 * try ec.SECP256R1 * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period * update CHANGELOG.rst & AUTHORS.rst for https://github.com/pyca/cryptography/pull/3225 * added reST prefix * reduce line length
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-111-0/+6
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Include the CVE (#3228)Alex Gaynor2016-11-101-1/+1
|
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-071-0/+6
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* Forward port the 1.5.3 changelog (#3218)Alex Gaynor2016-11-061-0/+7
|
* support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)Paul Kehrer2016-10-011-0/+2
| | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage
* cherry pick the changelog for 1.5.2 (#3176)Alex Gaynor2016-09-261-0/+4
|
* port 1.5.1 changelog to master (#3166)Paul Kehrer2016-09-221-0/+11
|
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-031-0/+2
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
* Scrypt Implementation (#3117)Terry Chia2016-09-011-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* add support for signature_algorithm_oid to cert, CSR, and CRL (#3124)Paul Kehrer2016-08-311-0/+9
| | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
* some docs cleanups + changelog (#3122)Alex Gaynor2016-08-301-0/+2
|
* blake2b/blake2s support (#3116)Paul Kehrer2016-08-281-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | * blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
* Reopen master for 1.6 (#3112)Alex Gaynor2016-08-271-0/+5
|
* update changelog and bump version for 1.5 release (#3111)Paul Kehrer2016-08-261-4/+2
|
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* CertificateBuilder accepts aware datetimes for not_valid_after and ↵InvalidInterrupt2016-08-161-0/+4
| | | | | | | | | | | | | | | | | | | not_valid_before (#2920) * CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before These functions now accept aware datetimes and convert them to UTC * Added pytz to test requirements * Correct pep8 error and improve Changelog wording * Improve tests and clarify changelog message * Trim Changelog line length * Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes * Fix accidental changelog entry
* Update CHANGELOG.rst with #3063 (#3070)Maximilian Hils2016-07-311-0/+2
|
* One shot sign/verification ECDSA (#3029)Aviv Palivoda2016-07-021-0/+5
| | | | | | | | | | | | | | * Add sign and verify methods to ECDSA * Documented ECDSA sign/verify methods * Added CHANGELOG entry * Skipping test verify and sign if curve is not supported * Fixed typo in documentation return type * Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey
* One shot sign/verify DSA (#3003)Aviv Palivoda2016-06-301-0/+5
| | | | | | | | * Add sign and verify methods to DSA * Documented DSA sign/verify methods * Added CHANGELOG entry
* Fixed #3008 -- expose calculate max pss salt length (#3014)Alex Gaynor2016-06-271-0/+3
| | | | | | | | | | | | | | * Fixed #3008 -- expose calculate max pss salt length * Fixed a few mistakes in the docs * move all the code around * oops * write a unit test * versionadded + changelog
* reopen master for work on fifteenth release (#2964)Paul Kehrer2016-06-041-0/+6
|
* changelog and version bump (#2962)Paul Kehrer2016-06-041-6/+13
| | | | | | | | | | | | * changelog and version bump * typo, sigh * fine you win doc8 * it's a brand new day * add sign/verify for RSA to changelog
* SSH serialization for public keys (#2957)Alex Gaynor2016-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SSH serialization for public keys * name errors ahoy! * id, ego, superego * dsa support * EC support * Don't keyerror * Documentation OpenSSH * flake8 * fix * bytes bytes bytes * skip curve unsupported * bytes! * Move a function * reorganize code for coverage
* Forward port the changelog for 1.3.3 (#2949)Alex Gaynor2016-06-021-0/+13
| | | | | | * Forward port the changelog for 1.3.3 * 1.3.4 as well
* KBKDF cleanup (#2929)Paul Kehrer2016-05-291-0/+1
| | | | | | | | * unicode characters make everything angry * changelog entry and make skip msgs more informative * typo fix
* port 1.3.2 changelog to master (#2895)Paul Kehrer2016-05-041-0/+7
|
* Update URLs for new RTD domain (#2879)Alex Gaynor2016-04-281-1/+1
|