[Python-modules-commits] [python-cryptography] 04/08: Import python-cryptography_1.5.orig.tar.gz
Tristan Seligmann
mithrandi at moszumanska.debian.org
Fri Aug 26 17:58:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
mithrandi pushed a commit to branch master
in repository python-cryptography.
commit f92eaca22c831692c6c1f28488e68b771373d818
Author: Tristan Seligmann <mithrandi at debian.org>
Date: Fri Aug 26 18:29:12 2016 +0200
Import python-cryptography_1.5.orig.tar.gz
---
AUTHORS.rst | 2 +
CHANGELOG.rst | 24 ++
PKG-INFO | 2 +-
docs/development/submitting-patches.rst | 5 +
docs/doing-a-release.rst | 2 +
docs/faq.rst | 10 +-
docs/hazmat/backends/interfaces.rst | 195 ++++++-------
docs/hazmat/backends/openssl.rst | 5 +-
docs/hazmat/bindings/openssl.rst | 3 +-
docs/hazmat/primitives/asymmetric/dh.rst | 5 +-
docs/hazmat/primitives/asymmetric/dsa.rst | 138 +++++----
docs/hazmat/primitives/asymmetric/ec.rst | 81 ++++--
docs/hazmat/primitives/asymmetric/rsa.rst | 116 ++++----
.../hazmat/primitives/asymmetric/serialization.rst | 32 ++-
docs/hazmat/primitives/cryptographic-hashes.rst | 4 +-
.../hazmat/primitives/key-derivation-functions.rst | 64 ++---
docs/hazmat/primitives/keywrap.rst | 4 +-
docs/hazmat/primitives/mac/cmac.rst | 14 +-
docs/hazmat/primitives/mac/hmac.rst | 8 +-
docs/hazmat/primitives/padding.rst | 12 +-
docs/hazmat/primitives/symmetric-encryption.rst | 12 +-
docs/hazmat/primitives/twofactor.rst | 36 ++-
docs/installation.rst | 12 +-
docs/spelling_wordlist.txt | 23 +-
docs/x509/reference.rst | 4 +-
setup.py | 3 +-
src/_cffi_src/build_commoncrypto.py | 1 +
src/_cffi_src/build_openssl.py | 20 +-
src/_cffi_src/commoncrypto/secure_transport.py | 308 +++++++++++++++++++++
src/_cffi_src/openssl/aes.py | 29 +-
src/_cffi_src/openssl/asn1.py | 12 +-
src/_cffi_src/openssl/bio.py | 7 +-
src/_cffi_src/openssl/callbacks.py | 5 +-
src/_cffi_src/openssl/cmac.py | 9 +-
src/_cffi_src/openssl/cms.py | 12 +-
src/_cffi_src/openssl/conf.py | 24 ++
src/_cffi_src/openssl/crypto.py | 16 +-
src/_cffi_src/openssl/cryptography.py | 64 +++++
src/_cffi_src/openssl/dh.py | 78 ++++++
src/_cffi_src/openssl/dsa.py | 53 ++--
src/_cffi_src/openssl/ec.py | 4 +-
src/_cffi_src/openssl/err.py | 58 +---
src/_cffi_src/openssl/evp.py | 122 +++-----
src/_cffi_src/openssl/hmac.py | 69 +----
src/_cffi_src/openssl/nid.py | 12 -
src/_cffi_src/openssl/rand.py | 9 +-
src/_cffi_src/openssl/rsa.py | 67 ++---
src/_cffi_src/openssl/ssl.py | 128 ++-------
src/_cffi_src/openssl/x509.py | 144 ++++------
src/_cffi_src/openssl/x509_vfy.py | 62 +----
src/_cffi_src/openssl/x509name.py | 32 ++-
src/_cffi_src/openssl/x509v3.py | 29 +-
src/_cffi_src/utils.py | 7 +-
src/cryptography.egg-info/PKG-INFO | 2 +-
src/cryptography.egg-info/SOURCES.txt | 3 +
src/cryptography.egg-info/requires.txt | 3 +-
src/cryptography/__about__.py | 2 +-
.../hazmat/backends/commoncrypto/backend.py | 7 +-
.../hazmat/backends/openssl/backend.py | 196 +++----------
.../hazmat/backends/openssl/ciphers.py | 14 +-
.../hazmat/backends/openssl/decode_asn1.py | 56 +---
src/cryptography/hazmat/backends/openssl/dsa.py | 58 +---
src/cryptography/hazmat/backends/openssl/ec.py | 10 +
.../hazmat/backends/openssl/encode_asn1.py | 15 +-
src/cryptography/hazmat/backends/openssl/hmac.py | 14 +-
src/cryptography/hazmat/backends/openssl/rsa.py | 182 +-----------
src/cryptography/hazmat/backends/openssl/x509.py | 8 +-
.../hazmat/bindings/openssl/_conditional.py | 115 --------
.../hazmat/bindings/openssl/binding.py | 16 +-
.../hazmat/primitives/asymmetric/dsa.py | 12 +
.../hazmat/primitives/asymmetric/ec.py | 12 +
.../hazmat/primitives/asymmetric/padding.py | 12 +
.../hazmat/primitives/asymmetric/rsa.py | 6 +-
.../hazmat/primitives/twofactor/hotp.py | 5 +-
.../hazmat/primitives/twofactor/totp.py | 5 +-
src/cryptography/x509/base.py | 41 ++-
src/cryptography/x509/extensions.py | 72 ++---
src/cryptography/x509/name.py | 4 +
tests/hazmat/backends/test_openssl.py | 67 ++---
tests/hazmat/bindings/test_openssl.py | 25 +-
tests/hazmat/primitives/test_dsa.py | 20 ++
tests/hazmat/primitives/test_ec.py | 22 ++
tests/hazmat/primitives/test_rsa.py | 7 +-
tests/hazmat/primitives/twofactor/test_hotp.py | 4 +
tests/hazmat/primitives/utils.py | 5 +
tests/test_x509.py | 119 +++++++-
tests/test_x509_crlbuilder.py | 42 ++-
tests/test_x509_ext.py | 152 +++++++++-
tests/test_x509_revokedcertbuilder.py | 49 +++-
89 files changed, 1860 insertions(+), 1719 deletions(-)
diff --git a/AUTHORS.rst b/AUTHORS.rst
index 8e95ca3..50bdcd5 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -29,3 +29,5 @@ PGP key fingerprints are enclosed in parentheses.
* Phoebe Queen <foibey at gmail.com> (10D4 7741 AB65 50F4 B264 3888 DA40 201A 072B C1FA)
* Google Inc.
* Amaury Forgeot d'Arc <amauryfa at google.com>
+* Dirkjan Ochtman <dirkjan at ochtman.nl> (25BB BAC1 13C1 BFD5 AA59 4A4C 9F96 B929 3038 0381)
+* Maximilian Hils <max at maximilianhils.com>
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 1aa2131..6aeba4f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,30 @@
Changelog
=========
+1.5 - 2016-08-26
+~~~~~~~~~~~~~~~~
+
+* Added
+ :func:`~cryptography.hazmat.primitives.asymmetric.padding.calculate_max_pss_salt_length`.
+* Added "one shot"
+ :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign`
+ and
+ :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey.verify`
+ methods to DSA keys.
+* Added "one shot"
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`
+ and
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
+ methods to ECDSA keys.
+* Switched back to the older callback model on Python 3.5 in order to mitigate
+ the locking callback problem with OpenSSL <1.1.0.
+* :class:`~cryptography.x509.CertificateBuilder`,
+ :class:`~cryptography.x509.CertificateRevocationListBuilder`, and
+ :class:`~cryptography.x509.RevokedCertificateBuilder` now accept timezone
+ aware ``datetime`` objects as method arguments
+* ``cryptography`` now supports OpenSSL 1.1.0 as a compilation target.
+
+
1.4 - 2016-06-04
~~~~~~~~~~~~~~~~
diff --git a/PKG-INFO b/PKG-INFO
index ee73ee7..570d7a5 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: cryptography
-Version: 1.4
+Version: 1.5
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst
index 475e703..63eed19 100644
--- a/docs/development/submitting-patches.rst
+++ b/docs/development/submitting-patches.rst
@@ -126,6 +126,11 @@ should begin with the "Hazardous Materials" warning:
.. hazmat::
+Always prefer terminology that is most broadly accepted. For example:
+
+* When referring to class instances use "an instance of ``Foo``"
+ instead of "a ``Foo`` provider".
+
When referring to a hypothetical individual (such as "a person receiving an
encrypted message") use gender neutral pronouns (they/them/their).
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 0087ec5..0feb59b 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -76,6 +76,7 @@ Post-release tasks
* Update the version number to the next major (e.g. ``0.5.dev1``) in
``cryptography/__about__.py`` and
``vectors/cryptography_vectors/__about__.py``.
+* Close the `milestone`_ for the previous release on GitHub.
* Add new :doc:`/changelog` entry with next version and note that it is under
active development
* Send a pull request with these items
@@ -85,5 +86,6 @@ Post-release tasks
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
release.
+.. _`milestone`: https://github.com/pyca/cryptography/milestones
.. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`python-announce`: https://mail.python.org/mailman/listinfo/python-announce-list
diff --git a/docs/faq.rst b/docs/faq.rst
index 76dc4f3..2ddc5db 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -40,8 +40,8 @@ If you have no other libraries using OpenSSL in your process, or they do not
appear to be at fault, it's possible that this is a bug in ``cryptography``.
Please file an `issue`_ with instructions on how to reproduce it.
-Importing cryptography causes a ``RuntimeError`` about OpenSSL 0.9.8
---------------------------------------------------------------------
+Installing cryptography with OpenSSL 0.9.8 fails
+------------------------------------------------
The OpenSSL project has dropped support for the 0.9.8 release series. Since it
is no longer receiving security patches from upstream, ``cryptography`` is also
@@ -49,9 +49,9 @@ dropping support for it. To fix this issue you should upgrade to a newer
version of OpenSSL (1.0.1 or later). This may require you to upgrade to a newer
operating system.
-For the 1.4 release, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_098``
-environment variable. Please note that this is *temporary* and will be removed
-in ``cryptography`` 1.5.
+In ``cryptography`` 1.4, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_098``
+environment variable. Please note that this is *temporary* and is removed in
+``cryptography`` 1.5.
.. _`NaCl`: https://nacl.cr.yp.to/
.. _`PyNaCl`: https://pynacl.readthedocs.io
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 83ec6f1..14f72cf 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -29,11 +29,11 @@ A specific ``backend`` may provide one or more of these interfaces.
Check if a ``cipher`` and ``mode`` combination is supported by
this backend.
- :param cipher: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`
- provider.
- :param mode: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode` provider.
+ :param cipher: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`.
+
+ :param mode: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`.
:returns: ``True`` if the specified ``cipher`` and ``mode`` combination
is supported by this backend, otherwise ``False``
@@ -46,11 +46,11 @@ A specific ``backend`` may provide one or more of these interfaces.
can be used for encrypting data with the symmetric ``cipher`` using
the given ``mode``.
- :param cipher: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`
- provider.
- :param mode: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode` provider.
+ :param cipher: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`.
+
+ :param mode: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`.
:returns:
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`
@@ -65,11 +65,11 @@ A specific ``backend`` may provide one or more of these interfaces.
can be used for decrypting data with the symmetric ``cipher`` using
the given ``mode``.
- :param cipher: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`
- provider.
- :param mode: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode` provider.
+ :param cipher: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`.
+
+ :param mode: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`.
:returns:
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`
@@ -90,9 +90,8 @@ A specific ``backend`` may provide one or more of these interfaces.
Check if the specified ``algorithm`` is supported by this backend.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns: ``True`` if the specified ``algorithm`` is supported by this
backend, otherwise ``False``.
@@ -104,9 +103,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:class:`~cryptography.hazmat.primitives.hashes.HashContext` that
uses the specified ``algorithm`` to calculate a message digest.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns:
:class:`~cryptography.hazmat.primitives.hashes.HashContext`
@@ -126,9 +124,8 @@ A specific ``backend`` may provide one or more of these interfaces.
Check if the specified ``algorithm`` is supported by this backend.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns: ``True`` if the specified ``algorithm`` is supported for HMAC
by this backend, otherwise ``False``.
@@ -142,9 +139,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:param bytes key: Secret key as ``bytes``.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns:
:class:`~cryptography.hazmat.primitives.hashes.HashContext`
@@ -158,9 +154,9 @@ A specific ``backend`` may provide one or more of these interfaces.
.. method:: cmac_algorithm_supported(algorithm)
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`.
+
:return: Returns True if the block cipher is supported for CMAC by this backend
.. method:: create_cmac_ctx(algorithm)
@@ -169,9 +165,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:class:`~cryptography.hazmat.primitives.interfaces.MACContext` that
uses the specified ``algorithm`` to calculate a message authentication code.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`.
:returns:
:class:`~cryptography.hazmat.primitives.interfaces.MACContext`
@@ -192,18 +187,16 @@ A specific ``backend`` may provide one or more of these interfaces.
Check if the specified ``algorithm`` is supported by this backend.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns: ``True`` if the specified ``algorithm`` is supported for
PBKDF2 HMAC by this backend, otherwise ``False``.
.. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material)
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:param int length: The desired length of the derived key. Maximum is
(2\ :sup:`32` - 1) * ``algorithm.digest_size``
@@ -235,9 +228,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:param int key_size: The length in bits of the modulus. Should be
at least 2048.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`.
:raises ValueError: If the public_exponent is not valid.
@@ -245,9 +237,8 @@ A specific ``backend`` may provide one or more of these interfaces.
Check if the specified ``padding`` is supported by the backend.
- :param padding: An instance of an
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`
- provider.
+ :param padding: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`.
:returns: ``True`` if the specified ``padding`` is supported by this
backend, otherwise ``False``.
@@ -266,7 +257,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param numbers: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
- :returns: A provider of
+ :returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`.
:raises ValueError: This is raised when the values of ``p``, ``q``,
@@ -281,7 +272,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param numbers: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
- :returns: A provider of
+ :returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
:raises ValueError: This is raised when the values of
@@ -307,24 +298,19 @@ A specific ``backend`` may provide one or more of these interfaces.
support for larger key sizes specified in FIPS 186-3 and are still
restricted to only the 1024-bit keys specified in FIPS 186-2.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`.
.. method:: generate_dsa_private_key(parameters)
- :param parameters: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
- provider.
+ :param parameters: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
:raises ValueError: This is raised if the key size is not one of 1024,
- 2048, or 3072. It is also raised when OpenSSL is older than version
- 1.0.0 and the key size is larger than 1024; older OpenSSL versions
- do not support keys larger than 1024 bits.
+ 2048, or 3072.
.. method:: generate_dsa_private_key_and_parameters(key_size)
@@ -335,18 +321,16 @@ A specific ``backend`` may provide one or more of these interfaces.
support for larger key sizes specified in FIPS 186-3 and are still
restricted to only the 1024-bit keys specified in FIPS 186-2.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
:raises ValueError: This is raised if the key size is not supported
by the backend.
.. method:: dsa_hash_supported(algorithm)
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
:returns: ``True`` if the specified ``algorithm`` is supported by this
backend, otherwise ``False``.
@@ -367,7 +351,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param numbers: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`.
- :returns: A provider of
+ :returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
@@ -378,7 +362,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param numbers: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`.
- :returns: A provider of
+ :returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
@@ -389,7 +373,7 @@ A specific ``backend`` may provide one or more of these interfaces.
:param numbers: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`.
- :returns: A provider of
+ :returns: An instance of
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
@@ -402,49 +386,41 @@ A specific ``backend`` may provide one or more of these interfaces.
.. method:: elliptic_curve_supported(curve)
- :param curve: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
- provider.
+ :param curve: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`.
:returns: True if the elliptic curve is supported by this backend.
.. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve)
- :param signature_algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`
- provider.
+ :param signature_algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`.
- :param curve: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
- provider.
+ :param curve: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`.
:returns: True if the signature algorithm and curve are supported by this backend.
.. method:: generate_elliptic_curve_private_key(curve)
- :param curve: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
- provider.
+ :param curve: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`.
.. method:: load_elliptic_curve_private_numbers(numbers)
- :param numbers: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateNumbers`
- provider.
+ :param numbers: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateNumbers`.
- :returns: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
- provider.
+ :returns: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`.
.. method:: load_elliptic_curve_public_numbers(numbers)
- :param numbers: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`
- provider.
+ :param numbers: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`.
- :returns: An instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
- provider.
+ :returns: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`.
.. class:: PEMSerializationBackend
@@ -610,29 +586,25 @@ A specific ``backend`` may provide one or more of these interfaces.
:param int key_size: The bit length of the prime modulus to generate.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`.
:raises ValueError: If ``key_size`` is not at least 512.
.. method:: generate_dh_private_key(parameters)
- :param parameters: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
- provider.
+ :param parameters: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
.. method:: generate_dh_private_key_and_parameters(self, key_size)
:param int key_size: The bit length of the prime modulus to generate.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
:raises ValueError: If ``key_size`` is not at least 512.
@@ -642,9 +614,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateNumbers`
instance.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
when any backend specific criteria are not met.
@@ -655,9 +626,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
instance.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
when any backend specific criteria are not met.
@@ -668,9 +638,8 @@ A specific ``backend`` may provide one or more of these interfaces.
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
instance.
- :return: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
- provider.
+ :return: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
when any backend specific criteria are not met.
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst
index f488a8b..8bc7dac 100644
--- a/docs/hazmat/backends/openssl.rst
+++ b/docs/hazmat/backends/openssl.rst
@@ -3,9 +3,8 @@
OpenSSL backend
===============
-The `OpenSSL`_ C library. Cryptography supports version ``0.9.8e`` (present in
-Red Hat Enterprise Linux 5) and greater. Earlier versions may work but are
-**not tested or supported**.
+The `OpenSSL`_ C library. Cryptography supports OpenSSL version ``1.0.0`` and
+greater.
.. data:: cryptography.hazmat.backends.openssl.backend
diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst
index 8935093..8aef488 100644
--- a/docs/hazmat/bindings/openssl.rst
+++ b/docs/hazmat/bindings/openssl.rst
@@ -6,8 +6,7 @@ OpenSSL binding
.. currentmodule:: cryptography.hazmat.bindings.openssl.binding
These are `CFFI`_ bindings to the `OpenSSL`_ C library. Cryptography supports
-version ``0.9.8e`` (present in Red Hat Enterprise Linux 5) and greater. Earlier
-versions may work but are **not tested or supported**.
+OpenSSL version ``1.0.0`` and greater.
.. class:: cryptography.hazmat.bindings.openssl.binding.Binding()
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst
index f4e0de6..8cb6828 100644
--- a/docs/hazmat/primitives/asymmetric/dh.rst
+++ b/docs/hazmat/primitives/asymmetric/dh.rst
@@ -82,9 +82,8 @@ Key interfaces
Generate a DH private key. This method can be used to generate many
new private keys from a single set of parameters.
- :return: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
- provider.
+ :return: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
.. class:: DHParametersWithSerialization
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 1429cb0..126cdc2 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -24,12 +24,11 @@ Generation
specified in FIPS 186-3 and are still restricted to only the
1024-bit keys specified in FIPS 186-2.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- :return: A :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
- provider.
+ :return: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
@@ -41,19 +40,18 @@ Generation
Generate DSA parameters using the provided ``backend``.
- :param int key_size: The length of the modulus in bits. It should be
- either 1024, 2048 or 3072. For keys generated in 2015 this should
- be `at least 2048`_ (See page 41). Note that some applications
+ :param int key_size: The length of :attr:`~DSAParameterNumbers.q`. It
+ should be either 1024, 2048 or 3072. For keys generated in 2015 this
+ should be `at least 2048`_ (See page 41). Note that some applications
(such as SSH) have not yet gained support for larger key sizes
specified in FIPS 186-3 and are still restricted to only the
1024-bit keys specified in FIPS 186-2.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- :return: A :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
- provider.
+ :return: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
the provided ``backend`` does not implement
@@ -63,7 +61,7 @@ Signing
~~~~~~~
Using a :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
-provider.
+instance.
.. doctest::
@@ -79,6 +77,16 @@ provider.
>>> signer.update(data)
>>> signature = signer.finalize()
+There is a shortcut to sign sufficiently short messages directly:
+
+.. doctest::
+
+ >>> data = b"this is some data I'd like to sign"
+ >>> signature = private_key.sign(
+ ... data,
+ ... hashes.SHA256()
+ ... )
+
The ``signature`` is a ``bytes`` object, whose contents is DER encoded as
described in :rfc:`3279`. This can be decoded using
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
@@ -87,7 +95,7 @@ Verification
~~~~~~~~~~~~
Verification is performed using a
-:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` provider.
+:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` instance.
You can get a public key object with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
@@ -102,6 +110,16 @@ You can get a public key object with
>>> verifier.update(data)
>>> verifier.verify()
+There is a shortcut to verify sufficiently short messages directly:
+
+.. doctest::
+
+ >>> public_key.verify(
+ ... signature,
+ ... data,
+ ... hashes.SHA256()
+ ... )
+
``verifier()`` takes the signature in the same format as is returned by
``signer.finalize()``.
@@ -137,13 +155,11 @@ Numbers
.. method:: parameters(backend)
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- :returns: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
- provider.
+ :returns: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`.
.. class:: DSAPublicNumbers(y, parameter_numbers)
@@ -166,13 +182,11 @@ Numbers
.. method:: public_key(backend)
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- :returns: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
- provider.
+ :returns: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`.
.. class:: DSAPrivateNumbers(x, public_numbers)
@@ -200,13 +214,11 @@ Numbers
.. method:: private_key(backend)
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- :returns: A new instance of a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
- provider.
+ :returns: A new instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
Key interfaces
~~~~~~~~~~~~~~
@@ -224,9 +236,8 @@ Key interfaces
Generate a DSA private key. This method can be used to generate many
new private keys from a single set of parameters.
- :return: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
- provider.
+ :return: An instance of
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
.. class:: DSAParametersWithNumbers
@@ -272,13 +283,11 @@ Key interfaces
The signature is formatted as DER-encoded bytes, as specified in
:rfc:`3279`.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
@@ -287,7 +296,21 @@ Key interfaces
:type: int
- The bit length of the modulus.
+ The bit length of :attr:`~DSAParameterNumbers.q`.
+
+ .. method:: sign(data, algorithm)
+
+ .. versionadded:: 1.5
+
+ Sign one block of data which can be verified later by others using the
+ public key.
+
+ :param bytes data: The message string to sign.
+
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
+
+ :return bytes: Signature.
.. class:: DSAPrivateKeyWithSerialization
@@ -344,7 +367,7 @@ Key interfaces
:type: int
- The bit length of the modulus.
+ The bit length of :attr:`~DSAParameterNumbers.q`.
.. method:: parameters()
@@ -362,13 +385,11 @@ Key interfaces
:param bytes signature: The signature to verify. DER encoded as
specified in :rfc:`3279`.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
@@ -400,6 +421,23 @@ Key interfaces
:return bytes: Serialized key.
+ .. method:: verify(signature, data, algorithm)
+
+ .. versionadded:: 1.5
+
+ Verify one block of data was signed by the private key
+ associated with this public key.
+
+ :param bytes signature: The signature to verify.
+
+ :param bytes data: The message string that was signed.
+
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
+
+ :raises cryptography.exceptions.InvalidSignature: If the signature does
+ not validate.
+
.. class:: DSAPublicKeyWithSerialization
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 2c59374..add5966 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -12,13 +12,12 @@ Elliptic curve cryptography
Generate a new private key on ``curve`` for use with ``backend``.
- :param curve: A :class:`EllipticCurve` provider.
+ :param curve: An instance of :class:`EllipticCurve`.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
- :returns: A new instance of a :class:`EllipticCurvePrivateKey` provider.
+ :returns: A new instance of :class:`EllipticCurvePrivateKey`.
Elliptic Curve Signature Algorithms
@@ -31,9 +30,8 @@ Elliptic Curve Signature Algorithms
The ECDSA signature algorithm first standardized in NIST publication
`FIPS 186-3`_, and later in `FIPS 186-4`_.
- :param algorithm: An instance of a
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
- provider.
+ :param algorithm: An instance of
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
.. doctest::
@@ -48,6 +46,16 @@ Elliptic Curve Signature Algorithms
>>> signer.update(b" to sign")
>>> signature = signer.finalize()
+ There is a shortcut to sign sufficiently short messages directly:
+
+ .. doctest::
+
+ >>> data = b"this is some data I'd like to sign"
+ >>> signature = private_key.sign(
+ ... data,
+ ... ec.ECDSA(hashes.SHA256())
+ ... )
+
The ``signature`` is a ``bytes`` object, whose contents is DER encoded as
described in :rfc:`3279`. This can be decoded using
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
@@ -78,12 +86,10 @@ Elliptic Curve Signature Algorithms
Convert a collection of numbers into a private key suitable for doing
actual cryptographic operations.
- :param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
- provider.
+ :param backend: An instance of
+ :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
- :returns: A new instance of a :class:`EllipticCurvePrivateKey`
- provider.
+ :returns: A new instance of :class:`EllipticCurvePrivateKey`.
... 6234 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-cryptography.git
More information about the Python-modules-commits
mailing list