[Python-modules-commits] [python-cryptography] 01/06: Import python-cryptography_1.9.orig.tar.gz
Tristan Seligmann
mithrandi at moszumanska.debian.org
Tue Jun 20 19:32:44 UTC 2017
This is an automated email from the git hooks/post-receive script.
mithrandi pushed a commit to branch master
in repository python-cryptography.
commit 4005c5bde2c5ec956629b7285630724490902d0e
Author: Tristan Seligmann <mithrandi at debian.org>
Date: Tue Jun 20 19:28:19 2017 +0200
Import python-cryptography_1.9.orig.tar.gz
---
AUTHORS.rst | 1 +
CHANGELOG.rst | 127 +++-
PKG-INFO | 13 +-
README.rst | 10 +-
docs/api-stability.rst | 4 +
docs/community.rst | 3 +-
docs/conf.py | 7 +-
docs/cryptography-docs.py | 21 +-
docs/development/c-bindings.rst | 11 +-
docs/development/getting-started.rst | 26 +-
docs/development/submitting-patches.rst | 2 +-
docs/development/test-vectors.rst | 41 +-
docs/doing-a-release.rst | 20 +-
docs/faq.rst | 63 +-
docs/fernet.rst | 12 +-
docs/hazmat/backends/commoncrypto.rst | 30 -
docs/hazmat/backends/index.rst | 10 +-
docs/hazmat/backends/interfaces.rst | 23 +-
docs/hazmat/backends/multibackend.rst | 45 --
docs/hazmat/backends/openssl.rst | 18 +-
docs/hazmat/bindings/commoncrypto.rst | 30 -
docs/hazmat/bindings/index.rst | 1 -
docs/hazmat/bindings/openssl.rst | 2 +-
docs/hazmat/primitives/asymmetric/dh.rst | 97 ++-
docs/hazmat/primitives/asymmetric/ec.rst | 65 ++-
docs/hazmat/primitives/asymmetric/index.rst | 3 -
.../hazmat/primitives/asymmetric/serialization.rst | 11 +-
docs/hazmat/primitives/cryptographic-hashes.rst | 43 +-
docs/hazmat/primitives/index.rst | 11 +-
docs/hazmat/primitives/interfaces.rst | 80 ---
.../hazmat/primitives/key-derivation-functions.rst | 11 +-
docs/hazmat/primitives/mac/cmac.rst | 4 +-
docs/hazmat/primitives/mac/hmac.rst | 4 +-
docs/hazmat/primitives/mac/index.rst | 32 +
docs/hazmat/primitives/padding.rst | 4 +-
docs/hazmat/primitives/symmetric-encryption.rst | 105 +++-
docs/index.rst | 70 +--
docs/installation.rst | 80 +--
docs/security.rst | 6 +-
docs/spelling_wordlist.txt | 2 +
docs/x509/certificate-transparency.rst | 79 +++
docs/x509/index.rst | 1 +
docs/x509/reference.rst | 35 +-
docs/x509/tutorial.rst | 21 +-
setup.cfg | 1 -
setup.py | 29 +-
src/_cffi_src/build_commoncrypto.py | 33 --
src/_cffi_src/build_openssl.py | 27 +-
src/_cffi_src/commoncrypto/__init__.py | 5 -
src/_cffi_src/commoncrypto/cf.py | 113 ----
src/_cffi_src/commoncrypto/common_cryptor.py | 99 ----
src/_cffi_src/commoncrypto/common_digest.py | 58 --
src/_cffi_src/commoncrypto/common_hmac.py | 37 --
.../commoncrypto/common_key_derivation.py | 39 --
.../commoncrypto/common_symmetric_key_wrap.py | 35 --
src/_cffi_src/commoncrypto/seccertificate.py | 23 -
src/_cffi_src/commoncrypto/secimport.py | 86 ---
src/_cffi_src/commoncrypto/secitem.py | 27 -
src/_cffi_src/commoncrypto/seckey.py | 24 -
src/_cffi_src/commoncrypto/seckeychain.py | 25 -
src/_cffi_src/commoncrypto/sectransform.py | 68 ---
src/_cffi_src/commoncrypto/sectrust.py | 39 --
src/_cffi_src/commoncrypto/secure_transport.py | 308 ----------
src/_cffi_src/openssl/aes.py | 15 -
src/_cffi_src/openssl/asn1.py | 8 +-
src/_cffi_src/openssl/bio.py | 2 +-
src/_cffi_src/openssl/callbacks.py | 69 +--
src/_cffi_src/openssl/cmac.py | 14 +-
src/_cffi_src/openssl/crypto.py | 48 +-
src/_cffi_src/openssl/cryptography.py | 51 +-
src/_cffi_src/openssl/ct.py | 96 +++
src/_cffi_src/openssl/dh.py | 135 ++++-
src/_cffi_src/openssl/dsa.py | 2 +-
src/_cffi_src/openssl/ec.py | 169 +-----
src/_cffi_src/openssl/ecdh.py | 11 -
src/_cffi_src/openssl/ecdsa.py | 32 -
src/_cffi_src/openssl/engine.py | 2 +-
src/_cffi_src/openssl/err.py | 8 +-
src/_cffi_src/openssl/evp.py | 25 +-
src/_cffi_src/openssl/hmac.py | 4 +-
src/_cffi_src/openssl/nid.py | 9 +
src/_cffi_src/openssl/osrandom_engine.py | 2 -
src/_cffi_src/openssl/pem.py | 9 +-
src/_cffi_src/openssl/rand.py | 2 +-
src/_cffi_src/openssl/rsa.py | 9 +-
src/_cffi_src/openssl/src/osrandom_engine.c | 8 +-
src/_cffi_src/openssl/src/osrandom_engine.h | 8 +-
src/_cffi_src/openssl/ssl.py | 175 ++----
src/_cffi_src/openssl/x509.py | 20 +-
src/_cffi_src/openssl/x509_vfy.py | 51 +-
src/_cffi_src/openssl/x509name.py | 2 +-
src/_cffi_src/openssl/x509v3.py | 8 +
src/_cffi_src/utils.py | 2 +-
src/cryptography.egg-info/PKG-INFO | 13 +-
src/cryptography.egg-info/SOURCES.txt | 41 +-
src/cryptography.egg-info/entry_points.txt | 1 -
src/cryptography.egg-info/requires.txt | 12 +-
src/cryptography/__about__.py | 4 +-
src/cryptography/__init__.py | 6 +
src/cryptography/hazmat/backends/__init__.py | 59 +-
.../hazmat/backends/commoncrypto/__init__.py | 10 -
.../hazmat/backends/commoncrypto/backend.py | 250 --------
.../hazmat/backends/commoncrypto/ciphers.py | 193 ------
.../hazmat/backends/commoncrypto/hashes.py | 55 --
.../hazmat/backends/commoncrypto/hmac.py | 59 --
src/cryptography/hazmat/backends/interfaces.py | 9 +-
src/cryptography/hazmat/backends/multibackend.py | 505 ----------------
.../hazmat/backends/openssl/backend.py | 416 +++++--------
.../hazmat/backends/openssl/ciphers.py | 102 ++--
src/cryptography/hazmat/backends/openssl/cmac.py | 4 +-
.../hazmat/backends/openssl/decode_asn1.py | 43 +-
src/cryptography/hazmat/backends/openssl/dh.py | 126 +++-
src/cryptography/hazmat/backends/openssl/dsa.py | 28 +-
src/cryptography/hazmat/backends/openssl/ec.py | 56 +-
.../hazmat/backends/openssl/encode_asn1.py | 7 +-
src/cryptography/hazmat/backends/openssl/hmac.py | 4 +-
src/cryptography/hazmat/backends/openssl/rsa.py | 47 +-
src/cryptography/hazmat/backends/openssl/utils.py | 21 -
src/cryptography/hazmat/backends/openssl/x509.py | 2 +-
.../hazmat/bindings/commoncrypto/__init__.py | 5 -
.../hazmat/bindings/commoncrypto/binding.py | 15 -
.../hazmat/bindings/openssl/_conditional.py | 210 +------
.../hazmat/bindings/openssl/binding.py | 67 +--
.../hazmat/primitives/asymmetric/dh.py | 25 +-
.../hazmat/primitives/asymmetric/ec.py | 14 +-
.../hazmat/primitives/asymmetric/rsa.py | 6 +-
.../hazmat/primitives/asymmetric/utils.py | 35 +-
.../hazmat/primitives/ciphers/__init__.py | 5 +-
src/cryptography/hazmat/primitives/ciphers/base.py | 46 +-
.../hazmat/primitives/ciphers/modes.py | 22 +-
src/cryptography/hazmat/primitives/cmac.py | 4 +-
src/cryptography/hazmat/primitives/hashes.py | 16 +
src/cryptography/hazmat/primitives/hmac.py | 4 +-
src/cryptography/hazmat/primitives/interfaces.py | 17 +
src/cryptography/hazmat/primitives/kdf/scrypt.py | 7 +
.../primitives/{interfaces/__init__.py => mac.py} | 0
src/cryptography/utils.py | 33 +-
src/cryptography/x509/__init__.py | 9 +
src/cryptography/x509/certificate_transparency.py | 46 ++
src/cryptography/x509/extensions.py | 40 +-
src/cryptography/x509/oid.py | 3 +
tests/conftest.py | 19 +-
tests/hazmat/backends/test_backendinit.py | 17 -
tests/hazmat/backends/test_commoncrypto.py | 54 --
tests/hazmat/backends/test_multibackend.py | 648 ---------------------
tests/hazmat/backends/test_openssl.py | 309 ++++------
tests/hazmat/backends/test_openssl_memleak.py | 191 ++++++
tests/hazmat/bindings/test_commoncrypto.py | 26 -
tests/hazmat/bindings/test_openssl.py | 47 +-
tests/hazmat/primitives/test_aes.py | 102 ++++
tests/hazmat/primitives/test_asym_utils.py | 3 +-
tests/hazmat/primitives/test_block.py | 13 +
tests/hazmat/primitives/test_cast5.py | 17 -
tests/hazmat/primitives/test_ciphers.py | 128 +++-
tests/hazmat/primitives/test_cmac.py | 15 +-
tests/hazmat/primitives/test_dh.py | 404 ++++++++++++-
tests/hazmat/primitives/test_ec.py | 11 +-
tests/hazmat/primitives/test_hashes.py | 11 -
tests/hazmat/primitives/test_hmac.py | 11 -
.../hazmat/primitives/test_mac.py | 20 +-
tests/hazmat/primitives/test_scrypt.py | 23 +-
tests/hazmat/primitives/test_serialization.py | 43 +-
tests/hazmat/primitives/utils.py | 7 +-
tests/test_utils.py | 45 +-
tests/test_x509.py | 68 +--
tests/test_x509_crlbuilder.py | 4 -
tests/test_x509_ext.py | 40 +-
tests/utils.py | 17 -
168 files changed, 3042 insertions(+), 5309 deletions(-)
diff --git a/AUTHORS.rst b/AUTHORS.rst
index 13e552d..4444bf5 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -36,3 +36,4 @@ PGP key fingerprints are enclosed in parentheses.
* Fraser Tweedale <ftweedal at redhat.com>
* Ofek Lev <ofekmeister at gmail.com> (FFB6 B92B 30B1 7848 546E 9912 972F E913 DAD5 A46E)
* Erik Daguerre <fallenwolf at wolfthefallen.com>
+* Aviv Palivoda <palaviv at gmail.com>
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index dd5e887..c0d1696 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,84 @@
Changelog
=========
+1.9 - 2017-05-29
+~~~~~~~~~~~~~~~~
+
+* **BACKWARDS INCOMPATIBLE:** Elliptic Curve signature verification no longer
+ returns ``True`` on success. This brings it in line with the interface's
+ documentation, and our intent. The correct way to use
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
+ has always been to check whether or not
+ :class:`~cryptography.exceptions.InvalidSignature` was raised.
+* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.7 and 10.8.
+* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.3.
+* Python 3.3 support has been deprecated, and will be removed in the next
+ ``cryptography`` release.
+* Add support for providing ``tag`` during
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` finalization via
+ :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`.
+* Fixed an issue preventing ``cryptography`` from compiling against
+ LibreSSL 2.5.x.
+* Added
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size`
+ and
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size`
+ as convenience methods for determining the bit size of a secret scalar for
+ the curve.
+* Accessing an unrecognized extension marked critical on an X.509 object will
+ no longer raise an ``UnsupportedExtension`` exception, instead an
+ :class:`~cryptography.x509.UnrecognizedExtension` object will be returned.
+ This behavior was based on a poor reading of the RFC, unknown critical
+ extensions only need to be rejected on certificate verification.
+* The CommonCrypto backend has been removed.
+* MultiBackend has been removed.
+* ``Whirlpool`` and ``RIPEMD160`` have been deprecated.
+
+1.8.2 - 2017-05-26
+~~~~~~~~~~~~~~~~~~
+
+* Fixed a compilation bug affecting OpenSSL 1.1.0f.
+* Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.
+
+1.8.1 - 2017-03-10
+~~~~~~~~~~~~~~~~~~
+
+* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.
+
+1.8 - 2017-03-09
+~~~~~~~~~~~~~~~~
+
+* Added support for Python 3.6.
+* Windows and macOS wheels now link against OpenSSL 1.1.0.
+* macOS wheels are no longer universal. This change significantly shrinks the
+ size of the wheels. Users on macOS 32-bit Python (if there are any) should
+ migrate to 64-bit or build their own packages.
+* Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a
+ general performance increase when encoding/decoding ASN.1 structures. Also,
+ the ``pyasn1_modules`` test dependency is no longer required.
+* Added support for
+ :meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on
+ :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`.
+* Added
+ :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes`
+ to
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`.
+* Added
+ :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes`
+ to
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization`.
+* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
+ and
+ :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
+ now require that ``password`` must be bytes if provided. Previously this
+ was documented but not enforced.
+* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.
+
+1.7.2 - 2017-01-27
+~~~~~~~~~~~~~~~~~~
+
+* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.
+
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
@@ -13,7 +91,7 @@ Changelog
* Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added support for Diffie-Hellman key exchange using
- :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange`
+ :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
* The OS random engine for OpenSSL has been rewritten to improve compatibility
with embedded Python and other edge cases. More information about this change
can be found in the
@@ -129,6 +207,9 @@ Changelog
and
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.verify`
methods to RSA keys.
+* Deprecated the ``serial`` attribute on
+ :class:`~cryptography.x509.Certificate`, in favor of
+ :attr:`~cryptography.x509.Certificate.serial_number`.
1.3.4 - 2016-06-03
@@ -430,9 +511,9 @@ Changelog
* :class:`~cryptography.x509.CertificatePolicies`
Note that unsupported extensions with the critical flag raise
- :class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions
- set to non-critical are silently ignored. Read the
- :doc:`X.509 documentation</x509/index>` for more information.
+ ``UnsupportedExtension`` while unsupported extensions set to non-critical are
+ silently ignored. Read the :doc:`X.509 documentation</x509/index>` for more
+ information.
0.8.2 - 2015-04-10
~~~~~~~~~~~~~~~~~~
@@ -456,7 +537,7 @@ Changelog
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factors`
* :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved
- from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.kdf`.
* Added support for parsing X.509 names. See the
:doc:`X.509 documentation</x509/index>` for more information.
@@ -510,33 +591,33 @@ Changelog
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`.
* :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and
:class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from
- :mod:`~cryptography.hazmat.primitives.interfaces` to
+ ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.hashes`.
* :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`,
:class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`,
:class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`,
:class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ were moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.ciphers`.
* :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`,
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`,
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag`
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ were moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.ciphers.modes`.
* :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved
- from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.padding`.
*
:class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`
- was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ was moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.padding`.
*
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
and
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ were moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric`.
* :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`,
@@ -544,7 +625,7 @@ Changelog
``DSAPrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and
``DSAPublicKeyWithNumbers`` were moved from
- :mod:`~cryptography.hazmat.primitives.interfaces` to
+ ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.dsa`
* :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`,
@@ -552,13 +633,13 @@ Changelog
``EllipticCurvePrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
and ``EllipticCurvePublicKeyWithNumbers``
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ were moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.ec`.
* :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
``RSAPrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and
``RSAPublicKeyWithNumbers`` were moved from
- :mod:`~cryptography.hazmat.primitives.interfaces` to
+ ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
0.7.2 - 2015-01-16
@@ -586,7 +667,7 @@ Changelog
:class:`~cryptography.fernet.MultiFernet`.
* More bit-lengths are now supported for ``p`` and ``q`` when loading DSA keys
from numbers.
-* Added :class:`~cryptography.hazmat.primitives.interfaces.MACContext` as a
+* Added :class:`~cryptography.hazmat.primitives.mac.MACContext` as a
common interface for CMAC and HMAC and deprecated ``CMACContext``.
* Added support for encoding and decoding :rfc:`6979` signatures in
:doc:`/hazmat/primitives/asymmetric/utils`.
@@ -656,15 +737,13 @@ Changelog
0.5.2 - 2014-07-09
~~~~~~~~~~~~~~~~~~
-* Add ``TraditionalOpenSSLSerializationBackend`` support to
- :doc:`/hazmat/backends/multibackend`.
+* Add ``TraditionalOpenSSLSerializationBackend`` support to ``multibackend``.
* Fix compilation error on OS X 10.8 (Mountain Lion).
0.5.1 - 2014-07-07
~~~~~~~~~~~~~~~~~~
-* Add ``PKCS8SerializationBackend`` support to
- :doc:`/hazmat/backends/multibackend`.
+* Add ``PKCS8SerializationBackend`` support to ``multibackend``.
0.5 - 2014-07-07
~~~~~~~~~~~~~~~~
@@ -682,7 +761,7 @@ Changelog
* Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support
for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on
- :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
+ ``commoncrypto`` and :doc:`/hazmat/backends/openssl`.
* Added ``AES`` :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`
support to the OpenSSL backend when linked against 0.9.8.
* Added ``PKCS8SerializationBackend`` and
@@ -692,7 +771,7 @@ Changelog
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
* Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support
for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on
- :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
+ ``commoncrypto`` and :doc:`/hazmat/backends/openssl`.
* Deprecated the concrete ``RSAPrivateKey`` class in favor of backend
specific providers of the
:class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
@@ -767,8 +846,8 @@ Changelog
0.2 - 2014-02-20
~~~~~~~~~~~~~~~~
-* Added :doc:`/hazmat/backends/commoncrypto`.
-* Added initial :doc:`/hazmat/bindings/commoncrypto`.
+* Added ``commoncrypto``.
+* Added initial ``commoncrypto``.
* Removed ``register_cipher_adapter`` method from
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`.
* Added support for the OpenSSL backend under Windows.
@@ -777,7 +856,7 @@ Changelog
available, such as CentOS.
* Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`.
* Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`.
-* Added :doc:`/hazmat/backends/multibackend`.
+* Added ``multibackend``.
* Set default random for the :doc:`/hazmat/backends/openssl` to the OS
random engine.
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`
diff --git a/PKG-INFO b/PKG-INFO
index 4409380..bc7e249 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,13 +1,13 @@
Metadata-Version: 1.1
Name: cryptography
-Version: 1.7.1
+Version: 1.9
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
Author-email: cryptography-dev at python.org
License: BSD or Apache License, Version 2.0
-Description: Cryptography
- ============
+Description: pyca/cryptography
+ =================
.. image:: https://img.shields.io/pypi/v/cryptography.svg
:target: https://pypi.python.org/pypi/cryptography/
@@ -26,10 +26,10 @@ Description: Cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
- standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
+ standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 5.3+.
- ``cryptography`` includes both high level recipes, and low level interfaces to
- common cryptographic algorithms such as symmetric ciphers, message digests and
+ ``cryptography`` includes both high level recipes and low level interfaces to
+ common cryptographic algorithms such as symmetric ciphers, message digests, and
key derivation functions. For example, to encrypt something with
``cryptography``'s high level symmetric encryption recipe:
@@ -89,6 +89,7 @@ Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
diff --git a/README.rst b/README.rst
index a58af53..e21fe48 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-Cryptography
-============
+pyca/cryptography
+=================
.. image:: https://img.shields.io/pypi/v/cryptography.svg
:target: https://pypi.python.org/pypi/cryptography/
@@ -18,10 +18,10 @@ Cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
-standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
+standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 5.3+.
-``cryptography`` includes both high level recipes, and low level interfaces to
-common cryptographic algorithms such as symmetric ciphers, message digests and
+``cryptography`` includes both high level recipes and low level interfaces to
+common cryptographic algorithms such as symmetric ciphers, message digests, and
key derivation functions. For example, to encrypt something with
``cryptography``'s high level symmetric encryption recipe:
diff --git a/docs/api-stability.rst b/docs/api-stability.rst
index 53669b0..7ba1d42 100644
--- a/docs/api-stability.rst
+++ b/docs/api-stability.rst
@@ -49,3 +49,7 @@ entirely. In that case, here's how the process will work:
In short, code that runs without warnings will always continue to work for a
period of two releases.
+
+From time to time, we may decide to deprecate an API that is particularly
+widely used. In these cases, we may decide to provide an extended deprecation
+period, at our discretion.
diff --git a/docs/community.rst b/docs/community.rst
index 2b7cdc6..da63765 100644
--- a/docs/community.rst
+++ b/docs/community.rst
@@ -9,8 +9,7 @@ You can find ``cryptography`` all over the web:
* `Documentation`_
* IRC: ``#cryptography-dev`` on ``irc.freenode.net``
-Wherever we interact, we strive to follow the `Python Community Code of
-Conduct`_.
+Wherever we interact, we adhere to the `Python Community Code of Conduct`_.
.. _`Mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
diff --git a/docs/conf.py b/docs/conf.py
index 85a569a..4539d48 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -71,7 +71,7 @@ master_doc = 'index'
# General information about the project.
project = 'Cryptography'
-copyright = '2013-2016, Individual Contributors'
+copyright = '2013-2017, Individual Contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -177,3 +177,8 @@ epub_theme = 'epub'
# Retry requests in the linkcheck builder so that we're resillient against
# transient network errors.
linkcheck_retries = 2
+
+linkcheck_ignore = [
+ # Certificate is issued by a Japanese CA that isn't publicly trusted
+ "https://www.cryptrec.go.jp",
+]
diff --git a/docs/cryptography-docs.py b/docs/cryptography-docs.py
index 6aa7847..56baf12 100644
--- a/docs/cryptography-docs.py
+++ b/docs/cryptography-docs.py
@@ -6,7 +6,7 @@ from __future__ import absolute_import, division, print_function
from docutils import nodes
-from sphinx.util.compat import Directive, make_admonition
+from sphinx.util.compat import Directive
DANGER_MESSAGE = """
@@ -29,20 +29,11 @@ class HazmatDirective(Directive):
if self.content:
message += DANGER_ALTERNATE.format(alternate=self.content[0])
- ad = make_admonition(
- Hazmat,
- self.name,
- [],
- self.options,
- nodes.paragraph("", message),
- self.lineno,
- self.content_offset,
- self.block_text,
- self.state,
- self.state_machine
- )
- ad[0].line = self.lineno
- return ad
+ content = nodes.paragraph("", message)
+ admonition_node = Hazmat("\n".join(content))
+ self.state.nested_parse(content, self.content_offset, admonition_node)
+ admonition_node.line = self.lineno
+ return [admonition_node]
class Hazmat(nodes.Admonition, nodes.Element):
diff --git a/docs/development/c-bindings.rst b/docs/development/c-bindings.rst
index cbd8fab..9388958 100644
--- a/docs/development/c-bindings.rst
+++ b/docs/development/c-bindings.rst
@@ -88,9 +88,10 @@ Adding constant, types, functions...
You can create bindings for any name that exists in some version of
the library you're binding against. However, the project also has to
-keep supporting older versions of the library. In order to achieve
-this, binding modules have ``CUSTOMIZATIONS`` and
-``CONDITIONAL_NAMES`` constants.
+keep supporting older versions of the library. In order to achieve this,
+binding modules have a ``CUSTOMIZATIONS`` constant, and there is a
+``CONDITIONAL_NAMES`` constants in
+``src/cryptography/hazmat/bindings/openssl/_conditional.py``.
Let's say you want to enable quantum transmogrification. The upstream
library implements this as the following API::
@@ -183,9 +184,9 @@ Caveats
Sometimes, a set of loosely related features are added in the same
version, and it's impractical to create ``#ifdef`` statements for each
one. In that case, it may make sense to either check for a particular
-version. For example, to check for OpenSSL 1.0.0 or newer::
+version. For example, to check for OpenSSL 1.1.0 or newer::
- #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
Sometimes, the version of a library on a particular platform will have
features that you thought it wouldn't, based on its version.
diff --git a/docs/development/getting-started.rst b/docs/development/getting-started.rst
index dc55893..0d7c91e 100644
--- a/docs/development/getting-started.rst
+++ b/docs/development/getting-started.rst
@@ -30,8 +30,8 @@ to check spelling in the documentation.
You are now ready to run the tests and build the documentation.
-OpenSSL on OS X
-~~~~~~~~~~~~~~~
+OpenSSL on macOS
+~~~~~~~~~~~~~~~~
You must have installed `OpenSSL`_ via `Homebrew`_ or `MacPorts`_ and must set
``CFLAGS`` and ``LDFLAGS`` environment variables before installing the
@@ -41,12 +41,12 @@ For example, with `Homebrew`_:
.. code-block:: console
- $ env LDFLAGS="-L$(brew --prefix openssl)/lib" \
- CFLAGS="-I$(brew --prefix openssl)/include" \
+ $ env LDFLAGS="-L$(brew --prefix openssl at 1.1)/lib" \
+ CFLAGS="-I$(brew --prefix openssl at 1.1)/include" \
pip install --requirement ./dev-requirements.txt
Alternatively for a static build you can specify
-``CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1`` and ensure ``LDFLAGS`` points to the
+``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1`` and ensure ``LDFLAGS`` points to the
absolute path for the `OpenSSL`_ libraries before calling pip.
.. tip::
@@ -86,20 +86,6 @@ You may not have all the required Python versions installed, in which case you
will see one or more ``InterpreterNotFound`` errors.
-Explicit backend selection
---------------------------
-
-While testing you may want to run tests against a subset of the backends that
-cryptography supports. Explicit backend selection can be done via the
-``--backend`` flag. This flag should be passed to ``py.test`` with a comma
-delimited list of backend names.
-
-
-.. code-block:: console
-
- $ tox -- --backend=openssl
- $ py.test --backend=openssl,commoncrypto
-
Building documentation
----------------------
@@ -118,7 +104,7 @@ Use `tox`_ to build the documentation. For example:
The HTML documentation index can now be found at
``docs/_build/html/index.html``.
-.. _`Homebrew`: http://brew.sh
+.. _`Homebrew`: https://brew.sh
.. _`MacPorts`: https://www.macports.org
.. _`OpenSSL`: https://www.openssl.org
.. _`pytest`: https://pypi.python.org/pypi/pytest
diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst
index 63eed19..431673e 100644
--- a/docs/development/submitting-patches.rst
+++ b/docs/development/submitting-patches.rst
@@ -154,7 +154,7 @@ So, specifically:
* Use Sphinx parameter/attribute documentation `syntax`_.
-.. _`Write comments as complete sentences.`: http://nedbatchelder.com/blog/201401/comments_should_be_sentences.html
+.. _`Write comments as complete sentences.`: https://nedbatchelder.com/blog/201401/comments_should_be_sentences.html
.. _`syntax`: http://sphinx-doc.org/domains.html#info-field-lists
.. _`Studies have shown`: https://smartbear.com/SmartBear/media/pdfs/11_Best_Practices_for_Peer_Code_Review.pdf
.. _`our mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index fb72240..a1d8b11 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -96,7 +96,34 @@ Key exchange
* ``vectors/cryptography_vectors/asymmetric/DH/bad_exchange.txt`` contains
Diffie-Hellman vector pairs that were generated using OpenSSL
- DH_generate_parameters_ex and DH_generate_key.
+ ``DH_generate_parameters_ex`` and ``DH_generate_key``.
+
+* ``vectors/cryptography_vectors/asymmetric/DH/dhp.pem``,
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey.pem`` and
+ ``vectors/cryptography_vectors/asymmetric/DH/dhpub.pem`` contains
+ Diffie-Hellman parameters and key respectively. The keys were
+ generated using OpenSSL following `DHKE`_ guide.
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey.txt`` contains
+ all parameter in text.
+ ``vectors/cryptography_vectors/asymmetric/DH/dhp.der``,
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey.der`` and
+ ``vectors/cryptography_vectors/asymmetric/DH/dhpub.der`` contains
+ are the above parameters and keys in DER format.
+
+* ``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.pem``,
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.pem`` and
+ ``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.pem`` contains
+ Diffie-Hellman parameters and key respectively. The keys were
+ generated using OpenSSL following `DHKE`_ guide. When creating the
+ parameters we added the `-pkeyopt dh_rfc5114:2` option to use
+ RFC5114 2048 bit DH parameters with 224 bit subgroup.
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.txt`` contains
+ all parameter in text.
+ ``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.der``,
+ ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.der`` and
+ ``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.der`` contains
+ are the above parameters and keys in DER format.
+
X.509
~~~~~
@@ -127,6 +154,11 @@ X.509
* ``alternate-rsa-sha1-oid.pem`` - A certificate from an
`unknown signature OID`_ Mozilla bug that uses an alternate signature OID for
RSA with SHA1.
+* ``badssl-sct.pem`` - A certificate with the certificate transparency signed
+ certificate timestamp extension.
+* ``bigoid.pem`` - A certificate with a rather long OID in the
+ Certificate Policies extension. We need to make sure we can parse
+ long OIDs.
Custom X.509 Vectors
~~~~~~~~~~~~~~~~~~~~
@@ -444,7 +476,7 @@ header format (substituting the correct information):
.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/
.. _`CRYPTREC`: https://www.cryptrec.go.jp
.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
-.. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+.. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
@@ -459,8 +491,8 @@ header format (substituting the correct information):
.. _`GnuTLS example keys`: https://gitlab.com/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b
.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
.. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE
-.. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html
-.. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
+.. _`Ed25519 website`: https://ed25519.cr.yp.to/software.html
+.. _`NIST SP-800-38B`: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
.. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
@@ -471,3 +503,4 @@ header format (substituting the correct information):
.. _`test/evptests.txt`: https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt
.. _`unknown signature OID`: https://bugzilla.mozilla.org/show_bug.cgi?id=405966
.. _`botan`: https://github.com/randombit/botan/blob/57789bdfc55061002b2727d0b32587612829a37c/src/tests/data/pubkey/dh.vec
+.. _`DHKE`: https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 0feb59b..da25d45 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -6,24 +6,20 @@ Doing a release of ``cryptography`` requires a few steps.
Verifying and upgrading OpenSSL version
---------------------------------------
-The release process uses a static build for Windows and OS X wheels. Check that
-the Windows and OS X Jenkins builders have the latest version of OpenSSL
+The release process uses a static build for Windows and macOS wheels. Check
+that the Windows and macOS Jenkins builders have the latest version of OpenSSL
installed before performing the release. If they do not:
Upgrading Windows
~~~~~~~~~~~~~~~~~
-Run the ``openssl-release`` Jenkins job, then copy the resulting artifacts to
-the Windows builders and unzip them in the root of the file system.
+Run the ``openssl-release-1.1`` Jenkins job, then copy the resulting artifacts
+to the Windows builders and unzip them in the root of the file system.
-Upgrading OS X
-~~~~~~~~~~~~~~
+Upgrading macOS
+~~~~~~~~~~~~~~~
-``brew update`` and then ``brew upgrade openssl --universal --build-bottle`` to
-build a universal library (32-bit and 64-bit) compatible with all Intel Macs.
-This can be confirmed by using
-``lipo -info /usr/local/opt/openssl/lib/libssl.dylib`` to see the available
-architectures.
+Run the ``update-brew-openssl`` Jenkins job.
Bumping the version number
--------------------------
@@ -45,7 +41,7 @@ The commit that merged the version number bump is now the official release
commit for this release. You will need to have ``gpg`` installed and a ``gpg``
key in order to do a release. Once this has happened:
-* Run ``invoke release {version}``.
+* Run ``python release.py {version}``.
The release should now be available on PyPI and a tag should be available in
the repository.
diff --git a/docs/faq.rst b/docs/faq.rst
index 76117a9..bc6fc25 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -14,21 +14,42 @@ to NaCl.
If you prefer NaCl's design, we highly recommend `PyNaCl`_.
-Compiling ``cryptography`` on OS X produces a ``fatal error: 'openssl/aes.h' file not found`` error
----------------------------------------------------------------------------------------------------
-
-This happens because OS X 10.11 no longer includes a copy of OpenSSL.
+Why use ``cryptography``?
+-------------------------
+
+If you've done cryptographic work in Python before you have likely encountered
+other libraries in Python such as *M2Crypto*, *PyCrypto*, or *PyOpenSSL*. In
+building ``cryptography`` we wanted to address a few issues we observed in the
+legacy libraries:
+
+* Extremely error prone APIs and insecure defaults.
+* Use of poor implementations of algorithms (i.e. ones with known side-channel
+ attacks).
+* Lack of maintenance.
+* Lack of high level APIs.
+* Lack of PyPy and Python 3 support.
+* Poor introspectability and thus poor testability.
+* Absence of algorithms such as
+ :class:`AES-GCM <cryptography.hazmat.primitives.ciphers.modes.GCM>` and
+ :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`.
+
+Compiling ``cryptography`` on macOS produces a ``fatal error: 'openssl/aes.h' file not found`` error
+----------------------------------------------------------------------------------------------------
+
+This happens because macOS 10.11 no longer includes a copy of OpenSSL.
``cryptography`` now provides wheels which include a statically linked copy of
OpenSSL. You're seeing this error because your copy of pip is too old to find
our wheel files. Upgrade your copy of pip with ``pip install -U pip`` and then
try install ``cryptography`` again.
+If you are using PyPy, we do not currently ship ``cryptography`` wheels for
+PyPy. You will need to install your own copy of OpenSSL -- we recommend using
+Homebrew.
+
Starting ``cryptography`` using ``mod_wsgi`` produces an ``InternalError`` during a call in ``_register_osrandom_engine``
-------------------------------------------------------------------------------------------------------------------------
-This happens because ``mod_wsgi`` uses sub-interpreters, which can cause a
-problem during initialization of the OpenSSL backend. To resolve this set the
-`WSGIApplicationGroup`_ to ``%{GLOBAL}`` in the ``mod_wsgi`` configuration.
+Upgrade to the latest ``cryptography`` and this issue should be resolved.
``cryptography`` raised an ``InternalError`` and I'm not sure what to do?
-------------------------------------------------------------------------
@@ -40,27 +61,19 @@ If you have no other libraries using OpenSSL in your process, or they do not
appear to be at fault, it's possible that this is a bug in ``cryptography``.
Please file an `issue`_ with instructions on how to reproduce it.
-Importing cryptography causes a ``RuntimeError`` about OpenSSL 1.0.0
---------------------------------------------------------------------
-
-The OpenSSL project has dropped support for the 1.0.0 release series. Since it
-is no longer receiving security patches from upstream, ``cryptography`` is also
-dropping support for it. To fix this issue you should upgrade to a newer
-version of OpenSSL (1.0.1 or later). This may require you to upgrade to a newer
-operating system.
+Installing ``cryptography`` fails with ``ImportError: No module named setuptools_ext``
+--------------------------------------------------------------------------------------
-For the 1.7 release, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_100``
-environment variable. Please note that this is *temporary* and will be removed
-in ``cryptography`` 1.8.
+Your ``cffi`` package is out of date. ``pip install -U cffi`` to update it.
-Installing cryptography with OpenSSL 0.9.8 fails
-------------------------------------------------
+Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails
+---------------------------------------------------------
-The OpenSSL project has dropped support for the 0.9.8 release series. Since it
-is no longer receiving security patches from upstream, ``cryptography`` is also
-dropping support for it. To fix this issue you should upgrade to a newer
-version of OpenSSL (1.0.1 or later). This may require you to upgrade to a newer
-operating system.
+The OpenSSL project has dropped support for the 0.9.8 and 1.0.0 release series.
+Since they are no longer receiving security patches from upstream,
+``cryptography`` is also dropping support for them. To fix this issue you
+should upgrade to a newer version of OpenSSL (1.0.1 or later). This may require
+you to upgrade to a newer operating system.
.. _`NaCl`: https://nacl.cr.yp.to/
.. _`PyNaCl`: https://pynacl.readthedocs.io
diff --git a/docs/fernet.rst b/docs/fernet.rst
index a2bab32..65f70cf 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -113,7 +113,7 @@ Using passwords with Fernet
It is possible to use passwords with Fernet. To do this, you need to run the
password through a key derivation function such as
:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`, bcrypt or
-scrypt.
+:class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`.
.. doctest::
@@ -145,7 +145,7 @@ to derive the same key from the password in the future.
The iteration count used should be adjusted to be as high as your server can
tolerate. A good default is at least 100,000 iterations which is what Django
-`recommends`_ in 2014.
+recommended in 2014.
Implementation
--------------
@@ -163,7 +163,13 @@ Specifically it uses:
For complete details consult the `specification`_.
+Limitations
+-----------
+
+Fernet is ideal for encrypting data that easily fits in memory. As a design
+feature it does not expose unauthenticated bytes. Unfortunately, this makes it
+generally unsuitable for very large files at this time.
+
.. _`Fernet`: https://github.com/fernet/spec/
.. _`specification`: https://github.com/fernet/spec/blob/master/Spec.md
-.. _`recommends`: https://github.com/django/django/blob/master/django/utils/crypto.py#L148
diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst
deleted file mode 100644
index a6eb490..0000000
--- a/docs/hazmat/backends/commoncrypto.rst
+++ /dev/null
@@ -1,30 +0,0 @@
-.. hazmat::
-
-CommonCrypto backend
-====================
-
-The `CommonCrypto`_ C library provided by Apple on OS X and iOS. The
-CommonCrypto backend is only supported on OS X versions 10.8 and above.
-
-.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend
-
-.. versionadded:: 0.2
-
-.. data:: cryptography.hazmat.backends.commoncrypto.backend
-
- This is the exposed API for the CommonCrypto backend.
-
- It implements the following interfaces:
-
- * :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
- * :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
- * :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
- * :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
-
- It has one additional public attribute.
-
- .. attribute:: name
-
- The string name of this backend: ``"commoncrypto"``
-
-.. _`CommonCrypto`: https://developer.apple.com/library/content/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html#//apple_ref/doc/uid/TP40011172-CH9-SW10
diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst
index aec7a1e..a8a1ff3 100644
--- a/docs/hazmat/backends/index.rst
+++ b/docs/hazmat/backends/index.rst
@@ -8,15 +8,11 @@ Getting a backend
.. currentmodule:: cryptography.hazmat.backends
... 11995 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-cryptography.git
More information about the Python-modules-commits
mailing list