aboutsummaryrefslogtreecommitdiffstats
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* Fixed #3334 -- added Python 3.6 support (#3335)Alex Gaynor2016-12-231-2/+2
| | | | | | | | | | * Fixed #3334 -- added Python 3.6 support * install py36 * empty commit to retrigger travis * this is an impressively dumb typo
* add openssl_version_number & doc openssl_version_text (#3329)Paul Kehrer2016-12-211-0/+14
| | | | | | | | | | * add openssl_version_number & doc openssl_version_text fixes #3315 * more docs + actually assert on the test... * text
* We test the latest version of 1.1.0 (#3327)Alex Gaynor2016-12-181-1/+1
|
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-135-30/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* document DHBackend is implemented for OpenSSL (#3304)Paul Kehrer2016-12-111-0/+1
|
* Scrypt docs code example contradict RFC 7914 (#3302) (#3303)Nick Badger2016-12-102-12/+15
| | | | | | | | | | | | * Scrypt docs code example contradict RFC 7914 (#3302) * More secure example difficulty of parameter n in scrypt docs (#3302) * Change link text to scrypt paper (#3302) * Change link text to scrypt paper, part deux (#3302) * Add "logins" to spelling wordlist
* New osrandom_engine in C (#3229)Christian Heimes2016-12-092-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* Sierra is a thing (#3294)Alex Gaynor2016-12-021-2/+2
|
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-264-45/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* Error out on OpenSSL 1.0.0 by default (#3276)Alex Gaynor2016-11-222-6/+15
| | | | | | * Error out on OpenSSL 1.0.0 by default * what the heck
* update docs and changelog for prehashed support (#3268)Paul Kehrer2016-11-201-3/+15
|
* add support for prehashing in ECDSA sign/verify (#3267)Paul Kehrer2016-11-201-1/+5
| | | | | | * add support for prehashing in ECDSA sign/verify * move signature_algorithm check to its own function
* support prehashed sign/verify in DSA (#3266)Paul Kehrer2016-11-201-2/+12
|
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-202-2/+19
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* support prehashing in RSA sign (#3238)Paul Kehrer2016-11-202-1/+40
| | | | | | | | * support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
* add a few more OIDs (#3259)Paul Kehrer2016-11-191-0/+18
| | | pulled from #3244
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-182-5/+7
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* Random flake8 cleanups for the latest release (#3242)Alex Gaynor2016-11-155-0/+5
|
* Raise padding block_size limit to what is allowed by the specs. (#3108)Terry Chia2016-11-151-2/+2
| | | | | | | | | | | | | | | | | | | | * Raize padding block_size limit to what is allowed by the specs. * Add tests for raising padding limits. * Amend C code for padding check to use uint16_t instead of uint8_t. * Fix test to work in Python 3. * Fix typo. * Fix another typo. * Fix return type of the padding checks. * Change hypothesis test on padding. * Update comment.
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-132-0/+18
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* Turns out we shouldn't call it uniqueIdentifier (#3234)Paul Kehrer2016-11-121-1/+1
| | | http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
* add some new oids (#3233)Paul Kehrer2016-11-111-0/+12
| | | | | | * add some new oids * As Alex pointed out, it's streetAddress
* add alternate signature OID for RSA with SHA1 + test and vector (#3227)Paul Kehrer2016-11-112-0/+5
| | | | | | * add alternate signature OID for RSA with SHA1 + test and vector * mozilla is a proper noun leave me alone spellchecker
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-112-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-111-1/+20
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-071-1/+20
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* Last pass over fixing the links (#3224)Alex Gaynor2016-11-067-8/+7
|
* Update the commoncrypto links (#3223)Alex Gaynor2016-11-062-2/+2
|
* Use the canonical host for two urls on the OpenSSL website (#3219)Alex Gaynor2016-11-062-2/+2
|
* Link to our implementation of scrypt, now that we have it (#3189)Alex Gaynor2016-10-071-2/+2
|
* Update installation.rst (#3188)Matt Thomas2016-10-031-1/+1
| | | Update openssl https URL, otherwise a 302 result screws up the curl/tar steps and confusion ensues.
* EC samples for verifying a singature, + serialization (#3076)Alex Railean2016-09-252-0/+80
| | | | | | | | | | | | | | | | | | | | | | | | * first draft of verification and serialization * tweaks in the RST syntax * added example of deserialization * taking into account the returned value, so that doctests pass * adjusted rst syntax and indentation for code samples * removed print call * forgot to actually call splitlines * added missing argument when loading private key * added Deserialization to dictionary * made lines shorter to meet style requirements * applied requested changes in style
* Fixed #3143 -- added the mandatory serial number parameter (#3144)Alex Gaynor2016-09-091-0/+2
|
* Fix typo in `symmetric-encryption.rst` (#3138)Alex Chan2016-09-041-1/+1
|
* Clarified Windows development installation and docd upstream enchant bug (#3128)Nick Badger2016-09-032-6/+17
| | | | | | | | * Clarified Windows development installation and doc'd upstream enchant bug * Fixed whitespace problems * Fixed merge resolution mistake
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-031-8/+21
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
* Add bounds checking for Scrypt parameters. (#3130)Terry Chia2016-09-021-0/+3
| | | | | | | | | | * Add bounds checking for Scrypt parameters. * Pep8. * More PEP8. * Change wording.
* Scrypt Implementation (#3117)Terry Chia2016-09-014-0/+144
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* add support for signature_algorithm_oid to cert, CSR, and CRL (#3124)Paul Kehrer2016-08-311-0/+46
| | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
* some docs cleanups + changelog (#3122)Alex Gaynor2016-08-301-3/+2
|
* Mention that blake2 is not vulnerable to length-extension attacks (#3118)Alex Gaynor2016-08-292-1/+5
| | | | | | | | * Mention that blake2 is not vulnerable to length-extension attacks * SHA is sort of like a word, in the sense that I want the spellcheck to shut up about it * rephrase
* blake2b/blake2s support (#3116)Paul Kehrer2016-08-281-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | * blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
* Refs #3002 -- clearly document that OpenSSL 1.0 support will be removed in ↵Alex Gaynor2016-08-271-1/+1
| | | | the next release. (#3113)
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* Fix docs to clarify the less than 256 limit for Padding(). (#3099)Terry Chia2016-08-241-2/+2
| | | | | | * Fix docs to clarify the less than 256 limit. * Add "inclusive".
* Update example code to use recommended 160 bits (#3088)Dave Brondsema2016-08-161-2/+2
| | | I found the examples with `os.urandom(16)` generated URIs that Google Authenticator and Duo two-factor apps did not even recognize as supported. This increases the key to the recommended 160 bits, and the URIs now work with both of those apps.
* Update installation.rst (#3083)Akan Brown2016-08-081-1/+1
|
* Attempt to debug wacky failures on the docs build on OS X (#3085)Alex Gaynor2016-08-091-0/+7
| | | | | | | | | | | | | | | | * empty commit * only run this one build * try pinning this * why wasn't this installed? * revert this * english, how does it work? * roll back these changes
* Add recommendation about terminology (#3079)Gabriel Orisaka2016-08-021-0/+5
|
* Remove provider language from docs (#3072)Gabriel Orisaka2016-07-319-70/+56
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 05:47:31 +0000