[Python-modules-commits] [python-cryptography] 12/14: Import python-cryptography_2.1.3.orig.tar.gz
Tristan Seligmann
mithrandi at moszumanska.debian.org
Fri Nov 17 08:31:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
mithrandi pushed a commit to branch master
in repository python-cryptography.
commit 214ab8fa3243ed392b8e62af7b9be810273abf91
Author: Tristan Seligmann <mithrandi at debian.org>
Date: Fri Nov 17 08:48:45 2017 +0200
Import python-cryptography_2.1.3.orig.tar.gz
---
CHANGELOG.rst | 237 +++++
PKG-INFO | 3 +-
docs/cryptography-docs.py | 4 +
docs/development/test-vectors.rst | 33 +-
docs/docutils.conf | 2 +
docs/doing-a-release.rst | 2 +-
docs/faq.rst | 9 +
docs/glossary.rst | 20 +
docs/hazmat/backends/interfaces.rst | 2 +-
docs/hazmat/primitives/aead.rst | 6 +-
docs/hazmat/primitives/asymmetric/dsa.rst | 6 +-
docs/hazmat/primitives/asymmetric/ec.rst | 22 +-
docs/hazmat/primitives/asymmetric/rsa.rst | 10 +-
.../hazmat/primitives/key-derivation-functions.rst | 6 +-
docs/hazmat/primitives/padding.rst | 8 +-
docs/hazmat/primitives/symmetric-encryption.rst | 142 ++-
docs/hazmat/primitives/twofactor.rst | 25 +-
docs/installation.rst | 6 +-
docs/security.rst | 16 +-
docs/spelling_wordlist.txt | 7 +
docs/x509/reference.rst | 168 +++-
docs/x509/tutorial.rst | 8 +-
setup.py | 27 +-
src/_cffi_src/build_openssl.py | 1 +
src/_cffi_src/openssl/cryptography.py | 6 +-
src/_cffi_src/openssl/fips.py | 28 +
src/_cffi_src/openssl/ocsp.py | 2 +
src/_cffi_src/openssl/rsa.py | 10 +
src/_cffi_src/openssl/ssl.py | 2 +
src/_cffi_src/openssl/x509.py | 4 +-
src/_cffi_src/openssl/x509_vfy.py | 4 +-
src/cryptography.egg-info/PKG-INFO | 3 +-
src/cryptography.egg-info/SOURCES.txt | 16 +-
src/cryptography.egg-info/requires.txt | 14 +-
src/cryptography/__about__.py | 2 +-
src/cryptography/__init__.py | 2 +-
.../hazmat/backends/openssl/backend.py | 46 +-
.../hazmat/backends/openssl/ciphers.py | 4 +
.../hazmat/backends/openssl/decode_asn1.py | 135 +--
.../hazmat/backends/openssl/encode_asn1.py | 57 +-
src/cryptography/hazmat/backends/openssl/hmac.py | 7 +-
src/cryptography/hazmat/backends/openssl/rsa.py | 143 ++-
src/cryptography/hazmat/backends/openssl/x509.py | 16 +
.../hazmat/bindings/openssl/_conditional.py | 15 +
src/cryptography/hazmat/primitives/ciphers/aead.py | 4 +-
.../hazmat/primitives/ciphers/algorithms.py | 27 +-
.../hazmat/primitives/ciphers/modes.py | 59 +-
src/cryptography/hazmat/primitives/hashes.py | 30 -
src/cryptography/hazmat/primitives/interfaces.py | 17 -
src/cryptography/hazmat/primitives/kdf/kbkdf.py | 4 +-
src/cryptography/hazmat/primitives/keywrap.py | 53 +-
src/cryptography/utils.py | 1 +
src/cryptography/x509/__init__.py | 25 +-
src/cryptography/x509/base.py | 6 +
src/cryptography/x509/extensions.py | 219 ++++-
src/cryptography/x509/general_name.py | 134 ++-
src/cryptography/x509/name.py | 46 +-
src/cryptography/x509/oid.py | 4 +
tests/hazmat/backends/test_openssl.py | 50 +-
tests/hazmat/primitives/test_aes.py | 36 +-
tests/hazmat/primitives/test_chacha20.py | 60 ++
tests/hazmat/primitives/test_ciphers.py | 24 +
tests/hazmat/primitives/test_ec.py | 1 -
tests/hazmat/primitives/test_hash_vectors.py | 46 +-
tests/hazmat/primitives/test_hashes.py | 26 -
tests/hazmat/primitives/test_hmac_vectors.py | 36 +-
tests/hazmat/primitives/test_mac.py | 15 -
tests/hazmat/primitives/test_rsa.py | 131 ++-
tests/hazmat/primitives/test_scrypt.py | 1 -
tests/hazmat/primitives/utils.py | 12 -
tests/utils.py | 3 +
tests/x509/__init__.py | 0
tests/{ => x509}/test_x509.py | 679 +++++++-------
tests/{ => x509}/test_x509_crlbuilder.py | 9 +-
tests/{ => x509}/test_x509_ext.py | 976 ++++++++++++++++++---
tests/{ => x509}/test_x509_revokedcertbuilder.py | 0
76 files changed, 2930 insertions(+), 1090 deletions(-)
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cbd9326..cf68365 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,18 +1,99 @@
Changelog
=========
+
+.. _v2-1-3:
+
+2.1.3 - 2017-11-02
+~~~~~~~~~~~~~~~~~~
+
+* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
+ OpenSSL 1.1.0g.
+
+.. _v2-1-2:
+
+2.1.2 - 2017-10-24
+~~~~~~~~~~~~~~~~~~
+
+* Corrected a bug with the ``manylinux1`` wheels where OpenSSL's stack was
+ marked executable.
+
+.. _v2-1-1:
+
+2.1.1 - 2017-10-12
+~~~~~~~~~~~~~~~~~~
+
+* Fixed support for install with the system ``pip`` on Ubuntu 16.04.
+
+.. _v2-1:
+
+2.1 - 2017-10-11
+~~~~~~~~~~~~~~~~
+
+* **FINAL DEPRECATION** Python 2.6 support is deprecated, and will be removed
+ in the next release of ``cryptography``.
+* **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and
+ ``UnsupportedExtension`` have been removed in accordance with our
+ :doc:`/api-stability` policy.
+* **BACKWARDS INCOMPATIBLE:** :attr:`~cryptography.x509.DNSName.value`,
+ :attr:`~cryptography.x509.RFC822Name.value`, and
+ :attr:`~cryptography.x509.UniformResourceIdentifier.value` will now return
+ an :term:`A-label` string when parsing a certificate containing an
+ internationalized domain name (IDN) or if the caller passed a :term:`U-label`
+ to the constructor. See below for additional deprecations related to this
+ change.
+* Installing ``cryptography`` now requires ``pip`` 6 or newer.
+* Deprecated passing :term:`U-label` strings to the
+ :class:`~cryptography.x509.DNSName`,
+ :class:`~cryptography.x509.UniformResourceIdentifier`, and
+ :class:`~cryptography.x509.RFC822Name` constructors. Instead, users should
+ pass values as :term:`A-label` strings with ``idna`` encoding if necessary.
+ This change will not affect anyone who is not processing internationalized
+ domains.
+* Added support for
+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In
+ most cases users should choose
+ :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
+ rather than using this unauthenticated form.
+* Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid`
+ to :class:`~cryptography.x509.CertificateRevocationList`.
+* Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
+ :class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with
+ :class:`~cryptography.hazmat.primitives.hmac.HMAC`.
+* Added support for
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` mode for
+ AES.
+* Added support for using labels with
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using
+ OpenSSL 1.0.2 or greater.
+* Improved compatibility with NSS when issuing certificates from an issuer
+ that has a subject with non-``UTF8String`` string types.
+* Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension.
+* Add support for the :class:`~cryptography.x509.TLSFeature`
+ extension. This is commonly used for enabling ``OCSP Must-Staple`` in
+ certificates.
+* Add support for the :class:`~cryptography.x509.FreshestCRL` extension.
+
+.. _v2-0-3:
+
2.0.3 - 2017-08-03
~~~~~~~~~~~~~~~~~~
* Fixed an issue with weak linking symbols when compiling on macOS
versions older than 10.12.
+
+.. _v2-0-2:
+
2.0.2 - 2017-07-27
~~~~~~~~~~~~~~~~~~
* Marked all symbols as hidden in the ``manylinux1`` wheel to avoid a
bug with symbol resolution in certain scenarios.
+
+.. _v2-0-1:
+
2.0.1 - 2017-07-26
~~~~~~~~~~~~~~~~~~
@@ -23,6 +104,9 @@ Changelog
OpenSSL independently.
* Fixed the stack level for the ``signer`` and ``verifier`` warnings.
+
+.. _v2-0:
+
2.0 - 2017-07-17
~~~~~~~~~~~~~~~~
@@ -68,6 +152,9 @@ Changelog
performance improvement for programs accessing the ``extensions`` attribute
multiple times.
+
+.. _v1-9:
+
1.9 - 2017-05-29
~~~~~~~~~~~~~~~~
@@ -101,17 +188,26 @@ Changelog
* MultiBackend has been removed.
* ``Whirlpool`` and ``RIPEMD160`` have been deprecated.
+
+.. _v1-8-2:
+
1.8.2 - 2017-05-26
~~~~~~~~~~~~~~~~~~
* Fixed a compilation bug affecting OpenSSL 1.1.0f.
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.
+
+.. _v1-8-1:
+
1.8.1 - 2017-03-10
~~~~~~~~~~~~~~~~~~
* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.
+
+.. _v1-8:
+
1.8 - 2017-03-09
~~~~~~~~~~~~~~~~
@@ -141,17 +237,26 @@ Changelog
was documented but not enforced.
* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.
+
+.. _v1-7-2:
+
1.7.2 - 2017-01-27
~~~~~~~~~~~~~~~~~~
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.
+
+.. _v1-7-1:
+
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.
+
+.. _v1-7:
+
1.7 - 2016-12-12
~~~~~~~~~~~~~~~~
@@ -164,6 +269,9 @@ Changelog
can be found in the
`pull request <https://github.com/pyca/cryptography/pull/3229>`_.
+
+.. _v1-6:
+
1.6 - 2016-11-22
~~~~~~~~~~~~~~~~
@@ -212,6 +320,9 @@ Changelog
:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
digests.
+
+.. _v1-5-3:
+
1.5.3 - 2016-11-05
~~~~~~~~~~~~~~~~~~
@@ -219,11 +330,17 @@ Changelog
byte-string if used with a ``length`` less than ``algorithm.digest_size``.
Credit to **Markus Döring** for reporting the issue. *CVE-2016-9243*
+
+.. _v1-5-2:
+
1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.
+
+.. _v1-5-1:
+
1.5.1 - 2016-09-22
~~~~~~~~~~~~~~~~~~
@@ -235,6 +352,9 @@ Changelog
OpenSSL 1.0.2i.
+
+.. _v1-5:
+
1.5 - 2016-08-26
~~~~~~~~~~~~~~~~
@@ -259,6 +379,9 @@ Changelog
* ``cryptography`` now supports OpenSSL 1.1.0 as a compilation target.
+
+.. _v1-4:
+
1.4 - 2016-06-04
~~~~~~~~~~~~~~~~
@@ -279,6 +402,9 @@ Changelog
:attr:`~cryptography.x509.Certificate.serial_number`.
+
+.. _v1-3-4:
+
1.3.4 - 2016-06-03
~~~~~~~~~~~~~~~~~~
@@ -286,12 +412,18 @@ Changelog
``pyOpenSSL`` release.
+
+.. _v1-3-3:
+
1.3.3 - 2016-06-02
~~~~~~~~~~~~~~~~~~
* Added two new OpenSSL functions to the bindings to support an upcoming
``pyOpenSSL`` release.
+
+.. _v1-3-2:
+
1.3.2 - 2016-05-04
~~~~~~~~~~~~~~~~~~
@@ -299,12 +431,18 @@ Changelog
* Fixed an issue preventing ``cryptography`` from compiling against
LibreSSL 2.3.x.
+
+.. _v1-3-1:
+
1.3.1 - 2016-03-21
~~~~~~~~~~~~~~~~~~
* Fixed a bug that caused an ``AttributeError`` when using ``mock`` to patch
some ``cryptography`` modules.
+
+.. _v1-3:
+
1.3 - 2016-03-18
~~~~~~~~~~~~~~~~
@@ -323,22 +461,34 @@ Changelog
* Added
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`.
+
+.. _v1-2-3:
+
1.2.3 - 2016-03-01
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2g.
+
+.. _v1-2-2:
+
1.2.2 - 2016-01-29
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2f.
+
+.. _v1-2-1:
+
1.2.1 - 2016-01-08
~~~~~~~~~~~~~~~~~~
* Reverts a change to an OpenSSL ``EVP_PKEY`` object that caused errors with
``pyOpenSSL``.
+
+.. _v1-2:
+
1.2 - 2016-01-08
~~~~~~~~~~~~~~~~
@@ -388,6 +538,9 @@ Changelog
* Unrecognized non-critical X.509 extensions are now parsed into an
:class:`~cryptography.x509.UnrecognizedExtension` object.
+
+.. _v1-1-2:
+
1.1.2 - 2015-12-10
~~~~~~~~~~~~~~~~~~
@@ -397,6 +550,9 @@ Changelog
occurred with some OpenSSL installations.
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e.
+
+.. _v1-1-1:
+
1.1.1 - 2015-11-19
~~~~~~~~~~~~~~~~~~
@@ -406,6 +562,9 @@ Changelog
which Python interpreter they were using, users on El Capitan (OS X 10.11)
may have seen an ``InternalError`` on import.
+
+.. _v1-1:
+
1.1 - 2015-10-28
~~~~~~~~~~~~~~~~
@@ -430,6 +589,9 @@ Changelog
* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
and issuer distinguished names with the Certificate and CSR builder classes.
+
+.. _v1-0-2:
+
1.0.2 - 2015-09-27
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
@@ -441,6 +603,9 @@ Changelog
to a true function call. Credit **Emilia Käsper (Google Security Team)**
for the report.
+
+.. _v1-0-1:
+
1.0.1 - 2015-09-05
~~~~~~~~~~~~~~~~~~
@@ -454,6 +619,9 @@ Changelog
release.
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
+
+.. _v1-0:
+
1.0 - 2015-08-12
~~~~~~~~~~~~~~~~
@@ -514,16 +682,25 @@ Changelog
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
+
+.. _v0-9-3:
+
0.9.3 - 2015-07-09
~~~~~~~~~~~~~~~~~~
* Updated Windows wheels to be compiled against OpenSSL 1.0.2d.
+
+.. _v0-9-2:
+
0.9.2 - 2015-07-04
~~~~~~~~~~~~~~~~~~
* Updated Windows wheels to be compiled against OpenSSL 1.0.2c.
+
+.. _v0-9-1:
+
0.9.1 - 2015-06-06
~~~~~~~~~~~~~~~~~~
@@ -531,6 +708,9 @@ Changelog
to verify signatures. Note that this only affects PyPy 2.6.0 and (presently
unreleased) CFFI versions greater than 1.1.0.
+
+.. _v0-9:
+
0.9 - 2015-05-13
~~~~~~~~~~~~~~~~
@@ -582,17 +762,26 @@ Changelog
silently ignored. Read the :doc:`X.509 documentation</x509/index>` for more
information.
+
+.. _v0-8-2:
+
0.8.2 - 2015-04-10
~~~~~~~~~~~~~~~~~~
* Fixed a race condition when initializing the OpenSSL or CommonCrypto backends
in a multi-threaded scenario.
+
+.. _v0-8-1:
+
0.8.1 - 2015-03-20
~~~~~~~~~~~~~~~~~~
* Updated Windows wheels to be compiled against OpenSSL 1.0.2a.
+
+.. _v0-8:
+
0.8 - 2015-03-08
~~~~~~~~~~~~~~~~
@@ -706,6 +895,9 @@ Changelog
``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
+
+.. _v0-7-2:
+
0.7.2 - 2015-01-16
~~~~~~~~~~~~~~~~~~
@@ -715,12 +907,18 @@ Changelog
* Added a new function to the OpenSSL bindings to support additional
functionality in pyOpenSSL.
+
+.. _v0-7-1:
+
0.7.1 - 2014-12-28
~~~~~~~~~~~~~~~~~~
* Fixed an issue preventing compilation on platforms where ``OPENSSL_NO_SSL3``
was defined.
+
+.. _v0-7:
+
0.7 - 2014-12-17
~~~~~~~~~~~~~~~~
@@ -742,6 +940,9 @@ Changelog
* Added initial support for X.509 certificate parsing. See the
:doc:`X.509 documentation</x509/index>` for more information.
+
+.. _v0-6-1:
+
0.6.1 - 2014-10-15
~~~~~~~~~~~~~~~~~~
@@ -753,6 +954,9 @@ Changelog
backend. This works around an issue in 1.0.0, 1.0.0a, and 1.0.0b where
truncation was not implemented.
+
+.. _v0-6:
+
0.6 - 2014-09-29
~~~~~~~~~~~~~~~~
@@ -786,6 +990,9 @@ Changelog
* Support loading EC private keys from PEM.
+
+.. _v0-5-4:
+
0.5.4 - 2014-08-20
~~~~~~~~~~~~~~~~~~
@@ -793,22 +1000,34 @@ Changelog
functionality in pyOpenSSL.
* Fixed a redefined constant causing compilation failure with Solaris 11.2.
+
+.. _v0-5-3:
+
0.5.3 - 2014-08-06
~~~~~~~~~~~~~~~~~~
* Updated Windows wheels to be compiled against OpenSSL 1.0.1i.
+
+.. _v0-5-2:
+
0.5.2 - 2014-07-09
~~~~~~~~~~~~~~~~~~
* Add ``TraditionalOpenSSLSerializationBackend`` support to ``multibackend``.
* Fix compilation error on OS X 10.8 (Mountain Lion).
+
+.. _v0-5-1:
+
0.5.1 - 2014-07-07
~~~~~~~~~~~~~~~~~~
* Add ``PKCS8SerializationBackend`` support to ``multibackend``.
+
+.. _v0-5:
+
0.5 - 2014-07-07
~~~~~~~~~~~~~~~~
@@ -862,6 +1081,9 @@ Changelog
* Deprecated ``create_dsa_signature_ctx`` and ``create_dsa_verification_ctx``
on :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
+
+.. _v0-4:
+
0.4 - 2014-05-03
~~~~~~~~~~~~~~~~
@@ -882,6 +1104,9 @@ Changelog
and verification support to
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`.
+
+.. _v0-3:
+
0.3 - 2014-03-27
~~~~~~~~~~~~~~~~
@@ -895,18 +1120,27 @@ Changelog
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
* Moved test vectors to the new ``cryptography_vectors`` package.
+
+.. _v0-2-2:
+
0.2.2 - 2014-03-03
~~~~~~~~~~~~~~~~~~
* Removed a constant definition that was causing compilation problems with
specific versions of OpenSSL.
+
+.. _v0-2-1:
+
0.2.1 - 2014-02-22
~~~~~~~~~~~~~~~~~~
* Fix a bug where importing cryptography from multiple paths could cause
initialization to fail.
+
+.. _v0-2:
+
0.2 - 2014-02-20
~~~~~~~~~~~~~~~~
@@ -926,6 +1160,9 @@ Changelog
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`
(CAST-128) support.
+
+.. _v0-1:
+
0.1 - 2014-01-08
~~~~~~~~~~~~~~~~
diff --git a/PKG-INFO b/PKG-INFO
index c74b094..65c830a 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,11 +1,12 @@
Metadata-Version: 1.1
Name: cryptography
-Version: 2.0.3
+Version: 2.1.3
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
Author-email: cryptography-dev at python.org
License: BSD or Apache License, Version 2.0
+Description-Content-Type: UNKNOWN
Description: pyca/cryptography
=================
diff --git a/docs/cryptography-docs.py b/docs/cryptography-docs.py
index 56baf12..238dd69 100644
--- a/docs/cryptography-docs.py
+++ b/docs/cryptography-docs.py
@@ -59,3 +59,7 @@ def setup(app):
latex=(latex_visit_hazmat_node, depart_hazmat_node),
)
app.add_directive("hazmat", HazmatDirective)
+
+ return {
+ "parallel_read_safe": True,
+ }
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index eb95a62..90f812b 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -36,6 +36,7 @@ Asymmetric ciphers
* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the
Ruby test suite.
* X25519 test vectors from :rfc:`7748`.
+* RSA OAEP with custom label from the `BoringSSL evp tests`_.
Custom asymmetric vectors
@@ -163,6 +164,16 @@ X.509
* ``bigoid.pem`` - A certificate with a rather long OID in the
Certificate Policies extension. We need to make sure we can parse
long OIDs.
+* ``wosign-bc-invalid.pem`` - A certificate issued by WoSign that contains
+ a basic constraints extension with CA set to false and a path length of zero
+ in violation of :rfc:`5280`.
+* ``tls-feature-ocsp-staple.pem`` - A certificate issued by Let's Encrypt that
+ contains a TLS Feature extension with the ``status_request`` feature
+ (commonly known as OCSP Must-Staple).
+* ``unique-identifier.pem`` - A certificate containing
+ a distinguished name with an ``x500UniqueIdentifier``.
+* ``utf8-dnsname.pem`` - A certificate containing non-ASCII characters in the
+ DNS name entries of the SAN extension.
Custom X.509 Vectors
~~~~~~~~~~~~~~~~~~~~
@@ -315,6 +326,8 @@ Custom X.509 Vectors
is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``).
* ``policy_constraints_explicit.pem`` - A self-signed certificate containing
a ``policyConstraints`` extension with a ``requireExplicitPolicy`` value.
+* ``freshestcrl.pem`` - A self-signed certificate containing a ``freshestCRL``
+ extension.
Custom X.509 Request Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -369,6 +382,18 @@ Custom X.509 Certificate Revocation List Vectors
* ``crl_ian_aia_aki.pem`` - Contains a CRL with ``IssuerAlternativeName``,
``AuthorityInformationAccess``, ``AuthorityKeyIdentifier`` and ``CRLNumber``
extensions.
+* ``valid_signature.pem`` - Contains a CRL with the public key which was used
+ to generate it.
+* ``invalid_signature.pem`` - Contains a CRL with the last signature byte
+ incremented by 1 to produce an invalid signature, and the public key which
+ was used to generate it.
+* ``crl_delta_crl_indicator.pem`` - Contains a CRL with the
+ ``DeltaCRLIndicator`` extension.
+
+Custom X.509 OCSP Test Vectors
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* ``x509/ocsp/req-sha1.der`` - An OCSP request containing a single request and
+ using SHA1 as the hash algorithm.
Hashes
~~~~~~
@@ -423,6 +448,7 @@ Symmetric ciphers
* CAST5 (ECB) from :rfc:`2144`.
* CAST5 (CBC, CFB, OFB) generated by this project.
See: :doc:`/development/custom-vectors/cast5`
+* ChaCha20 from :rfc:`7539`.
* ChaCha20Poly1305 from :rfc:`7539`, `OpenSSL's evpciph.txt`_, and the
`BoringSSL ChaCha20Poly1305 tests`_.
* IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_.
@@ -477,13 +503,14 @@ header format (substituting the correct information):
.. _`NIST`: https://www.nist.gov/
.. _`IETF`: https://www.ietf.org/
-.. _`NIST CAVP`: http://csrc.nist.gov/groups/STM/cavp/
+.. _`NIST CAVP`: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
.. _`Bruce Schneier's vectors`: https://www.schneier.com/code/vectors.txt
.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/
.. _`CRYPTREC`: https://www.cryptrec.go.jp
.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
.. _`OpenSSL's evpciph.txt`: https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt#L2362
.. _`BoringSSL ChaCha20Poly1305 tests`: https://boringssl.googlesource.com/boringssl/+/2e2a226ac9201ac411a84b5e79ac3a7333d8e1c9/crypto/cipher_extra/test/chacha20_poly1305_tests.txt
+.. _`BoringSSL evp tests`: https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt
.. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
@@ -500,8 +527,8 @@ header format (substituting the correct information):
.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
.. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE
.. _`Ed25519 website`: https://ed25519.cr.yp.to/software.html
-.. _`NIST SP-800-38B`: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
-.. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
+.. _`NIST SP-800-38B`: https://csrc.nist.gov/publications/detail/sp/800-38b/archive/2005-05-01
+.. _`NIST PKI Testing`: https://csrc.nist.gov/Projects/PKI-Testing
.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
diff --git a/docs/docutils.conf b/docs/docutils.conf
new file mode 100644
index 0000000..e0c3d47
--- /dev/null
+++ b/docs/docutils.conf
@@ -0,0 +1,2 @@
+[parsers]
+smart_quotes: no
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 5d96a49..b70744e 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -79,7 +79,7 @@ Post-release tasks
------------------
* Update the version number to the next major (e.g. ``0.5.dev1``) in
- ``cryptography/__about__.py`` and
+ ``src/cryptography/__about__.py`` and
``vectors/cryptography_vectors/__about__.py``.
* Close the `milestone`_ for the previous release on GitHub.
* Add new :doc:`/changelog` entry with next version and note that it is under
diff --git a/docs/faq.rst b/docs/faq.rst
index adf03d5..7133f0c 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -75,6 +75,15 @@ Installing ``cryptography`` fails with ``ImportError: No module named setuptools
Your ``cffi`` package is out of date. ``pip install -U cffi`` to update it.
+error: ``-Werror=sign-conversion``: No option ``-Wsign-conversion`` during installation
+---------------------------------------------------------------------------------------
+
+The compiler you are using is too old and not supported by ``cryptography``.
+Please upgrade to a more recent version. If you are running OpenBSD 6.1 or
+earlier the default compiler is extremely old. Use ``pkg_add`` to install a
+newer ``gcc`` and then install ``cryptography`` using
+``CC=/path/to/newer/gcc pip install cryptography``.
+
Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails
---------------------------------------------------------
diff --git a/docs/glossary.rst b/docs/glossary.rst
index a630878..ce08dba 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -79,5 +79,25 @@ Glossary
but does not allow access to the key itself. Typically an opaque key is
loaded from a `hardware security module`_ (HSM).
+ A-label
+ The ASCII compatible encoded (ACE) representation of an
+ internationalized (unicode) domain name. A-labels begin with the
+ prefix ``xn--``. To create an A-label from a unicode domain string use
+ a library like `idna`_.
+
+ bits
+ A bit is binary value -- a value that has only two possible states.
+ Typically binary values are represented visually as 0 or 1, but
+ remember that their actual value is not a printable character. A byte
+ on modern computers is 8 bits and represents 256 possible values. In
+ cryptographic applications when you see something say it requires a 128
+ bit key, you can calculate the number of bytes by dividing by 8. 128
+ divided by 8 is 16, so a 128 bit key is a 16 byte key.
+
+ U-label
+ The presentational unicode form of an internationalized domain
+ name. U-labels use unicode characters outside the ASCII range and
+ are encoded as A-labels when stored in certificates.
.. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module
+.. _`idna`: https://pypi.org/project/idna/
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 93eedbe..2c2d70e 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -266,7 +266,7 @@ A specific ``backend`` may provide one or more of these interfaces.
.. method:: load_rsa_public_numbers(numbers)
:param numbers: An instance of
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`.
:returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst
index b4e4eaf..7b01f74 100644
--- a/docs/hazmat/primitives/aead.rst
+++ b/docs/hazmat/primitives/aead.rst
@@ -122,7 +122,7 @@ also support providing integrity for associated data which is not encrypted.
passed directly to the ``decrypt`` method.
:param bytes nonce: NIST `recommends a 96-bit IV length`_ for best
- performance but it can be up to 2\ :sup:`64` - 1 bits.
+ performance but it can be up to 2\ :sup:`64` - 1 :term:`bits`.
**NEVER REUSE A NONCE** with a key.
:param bytes data: The data to encrypt.
:param bytes associated_data: Additional data that should be
@@ -136,7 +136,7 @@ also support providing integrity for associated data which is not encrypted.
``associated_data`` in decrypt or the integrity check will fail.
:param bytes nonce: NIST `recommends a 96-bit IV length`_ for best
- performance but it can be up to 2\ :sup:`64` - 1 bits.
+ performance but it can be up to 2\ :sup:`64` - 1 :term:`bits`.
**NEVER REUSE A NONCE** with a key.
:param bytes data: The data to decrypt (with tag appended).
:param bytes associated_data: Additional data to authenticate. Can be
@@ -231,4 +231,4 @@ also support providing integrity for associated data which is not encrypted.
when the ciphertext has been changed, but will also occur when the
key, nonce, or associated data are wrong.
-.. _`recommends a 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
+.. _`recommends a 96-bit IV length`: https://csrc.nist.gov/publications/detail/sp/800-38d/final
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index a608819..9da7273 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -17,8 +17,8 @@ Generation
Generate a DSA private key from the given key size. This function will
generate a new set of parameters and key in one step.
- :param int key_size: The length of the modulus in bits. It should be
- either 1024, 2048 or 3072. For keys generated in 2015 this should
+ :param int key_size: The length of the modulus in :term:`bits`. It should
+ be either 1024, 2048 or 3072. For keys generated in 2015 this should
be `at least 2048`_ (See page 41). Note that some applications
(such as SSH) have not yet gained support for larger key sizes
specified in FIPS 186-3 and are still restricted to only the
@@ -443,5 +443,5 @@ Key interfaces
.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
-.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
+.. _`FIPS 186-4`: https://csrc.nist.gov/publications/detail/fips/186/4/final
.. _`at least 2048`: http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 710c11c..0bb74c6 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -268,7 +268,7 @@ is faster than diffie-hellman`_.
.. note::
Curves with a size of `less than 224 bits`_ should not be used. You should
- strongly consider using curves of at least 224 bits.
+ strongly consider using curves of at least 224 :term:`bits`.
Generally the NIST prime field ("P") curves are significantly faster than the
other types suggested by NIST at both signing and verifying with ECDSA.
@@ -415,8 +415,8 @@ Key Interfaces
:type: int
- Size (in bits) of a secret scalar for the curve (as generated by
- :func:`generate_private_key`).
+ Size (in :term:`bits`) of a secret scalar for the curve (as generated
+ by :func:`generate_private_key`).
.. class:: EllipticCurveSignatureAlgorithm
@@ -490,8 +490,8 @@ Key Interfaces
:type: int
- Size (in bits) of a secret scalar for the curve (as generated by
- :func:`generate_private_key`).
+ Size (in :term:`bits`) of a secret scalar for the curve (as generated
+ by :func:`generate_private_key`).
.. class:: EllipticCurvePrivateKeyWithSerialization
@@ -593,8 +593,8 @@ Key Interfaces
:type: int
- Size (in bits) of a secret scalar for the curve (as generated by
- :func:`generate_private_key`).
+ Size (in :term:`bits`) of a secret scalar for the curve (as generated
+ by :func:`generate_private_key`).
.. class:: EllipticCurvePublicKeyWithSerialization
@@ -669,10 +669,10 @@ in PEM format.
... )
-.. _`FIPS 186-3`: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
-.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-.. _`800-56A`: http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
-.. _`800-56Ar2`: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
+.. _`FIPS 186-3`: https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf
+.. _`FIPS 186-4`: https://csrc.nist.gov/publications/detail/fips/186/4/final
+.. _`800-56A`: https://csrc.nist.gov/publications/detail/sp/800-56a/revised/archive/2007-03-14
+.. _`800-56Ar2`: https://csrc.nist.gov/publications/detail/sp/800-56a/rev-2/final
.. _`some concern`: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
.. _`less than 224 bits`: http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf
.. _`elliptic curve diffie-hellman is faster than diffie-hellman`: http://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1100&context=cseconfwork
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 97f68c3..607cebb 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -19,9 +19,9 @@ mathematical properties`_.
... 5945 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-cryptography.git
More information about the Python-modules-commits
mailing list