aboutsummaryrefslogtreecommitdiffstats
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* Add serialisation output examples (#4286)Коренберг Марк2018-06-261-0/+24
|
* Make AuthorityKeyIdentifier docs reflect reality (#4252)Thom Dixon2018-05-181-1/+1
| | | The `AuthorityKeyIdentifier.authority_cert_issuer` docs state that it returns a `Name` instance, but it [actually returns a list of `GeneralName` instances or `None`](https://github.com/pyca/cryptography/blob/master/src/cryptography/x509/extensions.py#L157).
* remove block size as a required part of HashAlgorithm (#4249)Paul Kehrer2018-05-161-6/+0
| | | | | | Internal block size isn't a particularly useful piece of information and constructions like SHA3 make it even harder to determine what that really means. Accordingly, we're removing it from the interface (but leaving it on all existing hashes)
* Add SHA512/224 and SHA512/256 test vectors from NIST CAVP (#4237)Paul Kehrer2018-05-141-1/+1
|
* Use pytest instead of py.test per upstream recommendation, #dropthedot (#4236)Ville Skyttä2018-05-131-1/+1
| | | | http://blog.pytest.org/2016/whats-new-in-pytest-30/ https://twitter.com/hashtag/dropthedot
* switch to py3 on docs job (#4230)Paul Kehrer2018-05-1211-47/+48
| | | | | | * switch to py3 on docs job * somehow unicode isn't a word
* Fixed some confusing type descriptions in docs (#4231)Alex Gaynor2018-05-121-4/+1
|
* Add support for extracting timestamp from a Fernet token (#4229)Paul Kehrer2018-05-121-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add API for retrieving the seconds-to-expiry for the token, given a TTL. * Process PR feedback: * Do compute the TTL, but just the age of the token. The caller can decided what to do next. * Factored out the HMAC signature verification to a separate function. * Fixed a copy&paste mistake in the test cases * Tests cleanup. * `struct` no longer needed * Document `def age()` * typo in `age()` documentation * token, not data * remove test for TTL expiry that is already covered by the parameterized `test_invalid()`. * let's call this extract_timestamp and just return timestamp * review comments * it's UNIX I know this
* Use a checklist for bumping openssl version (#4221)Alex Gaynor2018-05-091-19/+7
| | | | | | | | * Use a checklist for bumping openssl version * words * empty commit to retrigger jenkins
* add SHA3 and SHAKE vectors (#4213)Paul Kehrer2018-05-091-0/+2
| | | These can be used when OpenSSL 1.1.1 is released
* Updated pip wheel option in installation script. (#4212)Justin Holmes2018-04-301-1/+1
|
* Update URLs for new pypi! (#4194)Alex Gaynor2018-04-162-6/+6
| | | | | | | | * Update URLs for new pypi! * trailing slash * grump
* Fixed links to sphinx docs (#4182)Alex Gaynor2018-04-011-1/+1
|
* updated link to sphinx docs (#4181)Alex Gaynor2018-04-011-1/+1
|
* Added badtime.pem vector (#4179)Joshua Crowgey2018-03-301-0/+2
| | | | | | | | * Added badtime.pem vector In connection with forthcoming PR to fix #4158 * shortened line, corrected and->and
* add botan's AESKWP vectors reformatted for our NIST loader (#4159)Paul Kehrer2018-03-201-0/+2
|
* implement AES KW with padding (RFC 5649) (#3880)Paul Kehrer2018-03-181-0/+39
| | | | | | | | | | | | | | | | | | * implement AES KW with padding (RFC 5649) fixes #3791 * oops, 2.2 * make sure this is the right valueerror * more match * make key padding easier to read * review feedback * review feedback
* Brainpool curves (#4129)Paul Kehrer2018-03-151-0/+22
| | | | | | | | | | | | | | | | | | * added brainpool ec-curves key_length >= 256bit * limit brainpool curves to the set that appear required + docs * oops * typos all around me * add brainpool ECDH kex tests * switch to using rfc 7027 vectors * review feedback * empty commits are the best
* brainpool vectors from rfc 7027 (#4143)Paul Kehrer2018-03-152-0/+3
|
* Document motivation for a KDF after key-exchange (#4005) (#4124)Jeremy Lainé2018-03-053-5/+64
|
* switch RSA OAEP examples to use SHA256 (#4117)Paul Kehrer2018-02-221-4/+4
|
* Reorder this to reflect Alex's Opinions On What Is Good (#4115)Alex Gaynor2018-02-221-2/+2
|
* fixed docs with latest sphinx (#4107)Alex Gaynor2018-02-131-2/+1
|
* Add a Versioning section to the API stability docs (#4027)David Tucker2018-01-072-4/+21
|
* Fixed import path in go script (#4075)Alex Gaynor2018-01-061-1/+1
|
* add 1200 byte HKDF test vector and a generator/verifier for it (#4074)Paul Kehrer2018-01-064-2/+140
| | | | | | | | * add 1200 byte HKDF test vector and a generator/verifier for it * exit non-zero when failing * ugh
* Drop conda workaround from installation docs (#4073)Alex Gaynor2018-01-061-23/+0
| | | I don't think it's relevant anymore
* DH interfaces existed in 0.9 but we didn't implement until 1.7 (#4068)Paul Kehrer2018-01-051-9/+7
| | | | | | * DH interfaces existed in 0.9 but we didn't implement until 1.7 * sigh empty
* grammar nit, use a comma here (#4066)Alex Gaynor2017-12-291-1/+1
|
* Add import default backend (#4061)Pablo Lefort2017-12-201-0/+1
| | | | | | * Add import default backend * Revert blank line in
* remove whirlpool vectors since we no longer support whirlpool (#4054)Paul Kehrer2017-12-101-2/+0
|
* Don't use whirlpool as an example (#4053)Alex Gaynor2017-12-111-1/+1
| | | | | Both because it's weirdo crypto, but also because we don't even support it. Adhere to our documented policy of using good crypto for all examples
* Use a different warning class so users get warnings (#4014)Alex Gaynor2017-11-111-2/+2
| | | | | | | | | | | | * Use a different warning class so users get warnings * fixed tests * do our own warning class * typo * flake8
* Fixes #3947 -- remove the docutils.conf (#3995)Alex Gaynor2017-10-231-2/+0
| | | | | | * Fixes #3947 -- remove the docutils.conf * include minimum versions
* fixed #3986 -- properly use unicode for DNSName (#3988)Alex Gaynor2017-10-191-4/+4
|
* Add Multifernet.rotate method (#3979)Chris Wolfe2017-10-192-1/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add rotate method * add some more tests for the failure modes * start adding some documentation for the rotate method * operate on a single token at a time, leave lists to the caller * add versionadded add versionadded, drop rotate from class doctest * give rotate a doctest * single level, not aligned * add changelog for mf.rotate * show that, once rotated, the old fernet instance can no longer decrypt the token * add the instead of just the how * update docs to reflect removal of ttl from rotate * update tests * refactor internal methods so that we can extract the timestamp * implement rotate * update wordlist (case sensitive?) * lints * consistent naming * get_token_data/get_unverified_token_data -> better name * doc changes * use the static method, do not treat as imethod * move up to MultiFernet docs * add to authors * alter wording * monkeypatch time to make it less possible for the test to pass simply due to calls occuring in less than one second * set the time after encryption to make sure that the time is preserved as part of re-encryption
* add a faq entry for a message outdated pip/setuptools can output (#3971)Paul Kehrer2017-10-121-0/+7
| | | | | | * add a faq entry for a message outdated pip/setuptools can output * attention to detail is not my strong suit
* expunge python 2.6 (#3962)Paul Kehrer2017-10-112-8/+3
| | | | | | | | | | * expunge python 2.6 * how did THAT happen * remove another unsupported python from the tox envlist * hypothesis can now be unconditionally imported
* Update docs and changelog for URI, RFC822Name, and DNSName (#3955)Paul Kehrer2017-10-113-57/+44
| | | | | | | | | | | | | | | | * Update docs and changelog for URI, RFC822Name, and DNSName As of 2.1 we want users to pass A-label strings, but we still accept U-label strings and auto-encode on their behalf (with a deprecation warning). However, we do not return U-label in the value attribute so we are making a backwards incompatible change for users that utilize internationalized domain names. * language updates * add presentational to the word list * the linux dictionary is pathetic
* let's talk about bits baby (#3956)Paul Kehrer2017-10-118-57/+71
|
* Backwards incompatible change to DNSName (#3951)Paul Kehrer2017-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Backwards incompatible change to DNSName During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies DNSName to take three different types. U-label strings (which raises a deprecation warning), A-label strings (the new preferred type), and bytes (which are assumed to be decodable to unicode strings). The latter, while supported, is primarily intended for use by our parser and allows us to return the actual encoded data in a certificate even if it has not been properly encoded to A-label before the certificate is created. (Of course, if the certificate contains invalid utf8 sequences this will still fail, but let's handle one catastrophic failure at a time). * coverage * don't delete that asterisk from a test. it does things. * no bytes in DNSName. Private constructor for bypassing validation * test unicode in dnsname (yuck) * fix docs * empty commit, you disappoint me codecov * CI is the worst
* add utf8 DNSName x509 vector (#3952)Paul Kehrer2017-10-091-0/+2
|
* update security docs to indicate we staticaly link openssl on linux too (#3949)Alex Gaynor2017-10-051-4/+4
| | | | | | * update security docs to indicate we staticaly link openssl there too * spelling
* disable smart quotes in sphinx to workaround a spellchecker issue (#3946)Paul Kehrer2017-10-031-0/+2
| | | | This makes it so we don't have to pin sphinx while we wait for sphinxcontrib-spelling to properly handle smart quotes
* Add support for AES XTS (#3900)Paul Kehrer2017-10-012-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | * Add support for AES XTS We drop the non-byte aligned test vectors because according to NIST http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf "An implementation may support a data unit length that is not a multiple of 8 bits." OpenSSL does not support this, so we can't use those test vectors. * fix docs and pep8 * docs fix * the spellchecker is so frustrating * add note about AES 192 for XTS (it's not supported) * docs work * enforce key length on ECB mode in AES as well (thanks XTS) * a few more words about why we exclude some test vectors for XTS
* Declare that 2.1 is the last version to support Python 2.6 (#3944)Alex Gaynor2017-10-011-2/+2
| | | | | | * Declare that 2.1 is the last version to support Python 2.6 * It's the Final Countdown!
* add ChaCha20 support (#3919)Paul Kehrer2017-09-281-0/+49
| | | | | | | | | | * add ChaCha20 support * review feedback * 256 divided by 8 is what again? * ...
* Update the list of macOS versions we test on to match reality (#3942)Alex Gaynor2017-09-271-1/+1
|
* FreshestCRL extension support (#3937)Paul Kehrer2017-09-231-0/+23
| | | | | | | | | | * add freshest CRL support * add tests * add changelog * add tests for FreshestCRL generation
* support delta crl indicator extension (#3936)Paul Kehrer2017-09-221-0/+32
| | | This is an extension for CRLs