| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
* Modify DH/ECDH examples to be explicit for DHE/ECDHE
Also add note to DH docs that you should probably use ECDH
* give a reason
|
| |
|
|
|
|
| |
* re-add the why of cryptography to the faq with some small updates
* reorder the items a bit
|
| |
|
|
|
|
| |
* add some explicit instructions on determining key type in a cert
* can't call it a CSR
|
| | |
|
| |
|
|
|
|
| |
* Put the exchange method on the correct interface
* fixed links in docs
|
| | |
|
| |
|
|
|
| |
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS will now suppress link flags regardless
of platform. Additionally, CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL is
now the flag you need if you want to link against < 1.1.0 on windows.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
next release (#3566)
* Deprecate Python 3.3 support, with the intention of being removed in the next release
* whoops
|
| |
|
|
|
|
|
|
| |
* Replace release automation with click
* Fix
* fix
|
| |
|
|
|
|
|
|
| |
* remove multibackend
* oops
* goodbye pointless tests
|
| |
|
|
|
|
|
|
| |
* Dropped support for really old macOS
Fixes #3503
* literally, how does spelling
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* time to remove commoncrypto, fare thee well
* remove even more
* update the changelog
* remove more things
* don't need this function
* remove CAST5 CTR tests since that was only supported in commoncrypto
* assert a thing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't raise an UnsupportedExtension for critical extensions.
Fixes #2903
Fixes #2901
Fixes #3325
* Don't link
* Revert "Don't link"
This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6.
* fix
* Revert "Revert "Don't link""
This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed.
* fix
* Deprecate this
* Better changelog entry
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#3539)
* Document our real API for EC verification, not an accident
* formatting consistency
* fix the code itself
* fixed class name
* fixed a test too
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* postpone GCM authentication tag requirement until finalization
Add a .finalize_with_tag() variant of the .finalize() function of
the GCM context. At the same time, do not enforce the requirement
of supplying the tag with the mode ctor. This facilitates
streamed decryption when the MAC is appended to the ciphertext
and cannot be efficiently retrieved ahead of decryption.
According to the GCM spec (section 7.2: “Algorithm for the
Authenticated Decryption Function”), the tag itself is not needed
until the ciphertext has been decrypted.
Addresses #3380
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
* disallow delayed GCM tag passing for legacy OpenSSL
Old versions of Ubuntu supported by Cryptography ship a v1.0.1 of
OpenSSL which is no longer supported by upstream. This library
seems to cause erratic test failures with the delayed GCM tag
functionality which are not reproducible outside the CI.
Unfortunately OpenSSL v1.0.1 does not even document the required
API (``EVP_EncryptInit(3)``) so there is no by-the-book fix.
For backends of version 1.0.1 and earlier, verify the GCM tag
at the same stage as before.
Also, indicate to the user that late passing of GCM tags is
unsupported by throwing ``NotImplementedError`` for these backend
versions if
- the method ``finalize_with_tag()`` is invoked, or
- the mode ctor is called without passing a tag.
Unit tests have been adapted to account for different backend
versions.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Fixed #3489 -- document that we don't have wheels for pypy
* homebrew is a word
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Update symmetric-encryption.rst
Import default_backend so the example works out-of-the-box.
* Update symmetric-encryption.rst
* newline nit
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Stub API for SCTs, feedback wanted
* grr, flake8
* port this to being an ABC
* finish up the __init__
* Two necessary enums
* Roll this back
* Wrote some docs
* spell words correctly
* linky
* more details
* use the words UTC
* coverage
* Define MMD for the kids at some
* linky linky
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add captions to the split toctrees
this will render the table of contents with separators in the RTD
theme. right now, the table of contents is quite confusing on
the [RTD site][] - that is because there are 3 distinct `toctree`
directives, but no `:caption:` field. instead, there are headers in
the `index.rst` but those are not parsed by RTD.
[RTD site]: https://cryptography.io/en/latest/
by moving those headers in the `:caption:` field, we keep the heading,
but it will also be shown in the left table of contents on the RTD
site.
for an example of that pattern, see the [scrapy documentation][]. they
go even further by hiding the `toctree` elements completely and adding
explanations on every section, but this is out of scope here for now.
[scrapy documentation]: https://doc.scrapy.org/en/latest/index.html
* remove spurious backtics in caption
they do not work in that field, apparently.
|
| |
|
|
|
|
| |
* Refs #3461 -- added the OID for the SCT x.509 extension
* Version added
|
| |
|
|
|
|
| |
* Refs #3461 -- added a test vector with SCTs
* timestamp is a word
|
| |
|
|
|
|
| |
* Be on brand: it's macOS
* line wrap
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* it's called macOS and let's document openssl 1.1.0 installation on mac
* wrap that line
|
| |
|
| |
Also updates the doing a release documentation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for update_into on CipherContext
This allows you to provide your own buffer (like recv_into) to improve
performance when repeatedly calling encrypt/decrypt on large payloads.
* another skip_if
* more skip_if complexity
* maybe do this right
* correct number of args
* coverage for the coverage gods
* add a cffi minimum test tox target and travis builder
This tests against macOS so we capture some commoncrypto branches
* extra arg
* need to actually install py35
* fix
* coverage for GCM decrypt in CC
* no longer relevant
* 1.8 now
* pep8
* dramatically simplify
* update docs
* remove unneeded test
* changelog entry
* test improvements
* coverage fix
* add some comments to example
* move the comments to their own line
* fix and move comment
|
| | |
|
