delta/python-packages/cryptography.git/docs, branch 3.3.x github.com: pyca/cryptography.git correct buffer overflows cause by integer overflow in openssl (#5747) 2021-02-07T16:36:56+00:00 Alex Gaynor alex.gaynor@gmail.com 2021-02-07T16:36:56+00:00 82b6ce28389f0a317bc55ba2091a74b346db7cae * correct buffer overflows cause by integer overflow in openssl frustratingly, there is no test for this -- that's because testing this requires allocating more memory than is available in CI. fixes #5615. * backport CI fixes * another CI backport 
* correct buffer overflows cause by integer overflow in openssl

frustratingly, there is no test for this -- that's because testing this
requires allocating more memory than is available in CI.

fixes #5615.

* backport CI fixes

* another CI backport
 Add support for RSA signature recovery (#5573) 2020-12-08T04:58:04+00:00 Zoltan Kelemen 39551158+misterzed88@users.noreply.github.com 2020-12-08T04:58:04+00:00 6693d55cbe05c98c9e1fe3a8b08639f5491a572a * Removed unused argument. * Added support for RSA signature recovery. * Syntatic corrections for passing pep8 tests. * Corrected typo. * Added test of invalid Prehashed parameter to RSA signature recover. * Renamed recover to a more descriptive name. * Extended RSA signature recovery with option to return full data (not only the digest part). * Added missing words to pass spell check. 
* Removed unused argument.

* Added support for RSA signature recovery.

* Syntatic corrections for passing pep8 tests.

* Corrected typo.

* Added test of invalid Prehashed parameter to RSA signature recover.

* Renamed recover to a more descriptive name.

* Extended RSA signature recovery with option to return full data (not
only the digest part).

* Added missing words to pass spell check.
 Document that PKCS1v1.5 is not constant time (#5600) 2020-12-07T04:12:44+00:00 Alex Gaynor alex.gaynor@gmail.com 2020-12-07T04:12:44+00:00 8686d524b7b890bcbe6132b774bd72a3ae37cf0d closes #5510 
closes #5510
 Document that Firefox doesn't support unencrypted pkcs12 (#5596) 2020-12-01T16:54:29+00:00 Alex Gaynor alex.gaynor@gmail.com 2020-12-01T16:54:29+00:00 2660f93eca71be5558cfcb9a120310636791e6ec 






disallow p less than 512-bit on DH (#5592)
2020-11-29T16:01:16+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2020-11-29T16:01:16+00:00

4645f02c25d7d336a6d922e428c72beb55fb04cb

* disallow p less than 512-bit on DH

OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere
that's practical for us. (Note that we do not enforce on deserializing
PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the
3.0.0 support branch we can test an error path)

* missing test

* black

* _MIN_MODULUS_SIZE is now a thing

* skip on fips




* disallow p less than 512-bit on DH

OpenSSL 3.0.0 enforces this so we'll go ahead and enforce it everywhere
that's practical for us. (Note that we do not enforce on deserializing
PKCS1/PKCS8 keys in < 3.0.0, but this PR adds a test so that in the
3.0.0 support branch we can test an error path)

* missing test

* black

* _MIN_MODULUS_SIZE is now a thing

* skip on fips






Reduce granularity of error msging when deserializing keys (#5588)
2020-11-26T19:07:25+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2020-11-26T19:07:25+00:00

ac4c22168f196921bfe00348250ff138e64bcd37

* Reduce granularity of error msging when deserializing keys

In OpenSSL 3.0 it is no longer possible to determine whether the reason
a key failed to deserialize is because of an unsupported cipher. Since
we want to be more resilient to OpenSSL error code instability we'll
just remove these paths.

* black

* changelog and update docs




* Reduce granularity of error msging when deserializing keys

In OpenSSL 3.0 it is no longer possible to determine whether the reason
a key failed to deserialize is because of an unsupported cipher. Since
we want to be more resilient to OpenSSL error code instability we'll
just remove these paths.

* black

* changelog and update docs






Polish up the fernet limitations language (#5577)
2020-11-19T19:07:47+00:00

Alex Gaynor
alex.gaynor@gmail.com

2020-11-19T19:07:47+00:00

239fddf2d97088251a5c5b1a5ee7306319776898












Remove two linkcheck ignores (#5570)
2020-11-13T17:25:43+00:00

Alex Gaynor
alex.gaynor@gmail.com

2020-11-13T17:25:43+00:00

488cd740bb9502af7faad79c0575c5454045e0d0












Don't tell people to use PGP, it's not good (#5543)
2020-11-01T16:55:52+00:00

Alex Gaynor
alex.gaynor@gmail.com

2020-11-01T16:55:52+00:00

d59b7c235b0f0819e3f7e4f01e351d4b2f385026












updated faq entry (#5541)
2020-10-31T23:09:07+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2020-10-31T23:09:07+00:00

81e5de8986abfb50a322fe1f3cccf319c77e5f6f

the error will be opensslv.h these days and we don't need to talk
specifically about macOS




the error will be opensslv.h these days and we don't need to talk
specifically about macOS