delta/python-packages/cryptography.git/src, branch private-key-serialization-docs github.com: pyca/cryptography.git X25519 Support (#3686) 2017-06-09T12:31:30+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-09T12:31:30+00:00 3e357f704008f38261aee011a9fe674dc43cc0ae * early days * sort of working * more things * remove private_bytes * public bytes, interface fix * load public keys * x25519 support basically done now * private_bytes is gone * some reminders * doctest this too * remove a thing that doesn't matter * x25519 supported checks * libressl has the NID, but a different API, so check for OpenSSL * pep8 * add missing coverage * update to use reasons * expand test a little * add changelog entry * review feedback 
* early days

* sort of working

* more things

* remove private_bytes

* public bytes, interface fix

* load public keys

* x25519 support basically done now

* private_bytes is gone

* some reminders

* doctest this too

* remove a thing that doesn't matter

* x25519 supported checks

* libressl has the NID, but a different API, so check for OpenSSL

* pep8

* add missing coverage

* update to use reasons

* expand test a little

* add changelog entry

* review feedback
ChaCha20Poly1305 support (#3680) 2017-06-08T04:08:57+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-08T04:08:57+00:00 7e53d911577881d87ce30291cef68e24f3c1b763 * chacha20poly1305 support * add chacha20poly1305 backend and some fixes * refactor * forgot to remove this * pep8 * review feedback and a lot of type/value checking * review feedback * raise unsupportedalgorithm when creating a ChaCha20Poly1305 object if it's not supported. * switch to ciphertext||tag * typo * remove a branch we don't need * review feedback * decrypts is *also* a word * use reasons 
* chacha20poly1305 support

* add chacha20poly1305 backend and some fixes

* refactor

* forgot to remove this

* pep8

* review feedback and a lot of type/value checking

* review feedback

* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object

if it's not supported.

* switch to ciphertext||tag

* typo

* remove a branch we don't need

* review feedback

* decrypts is *also* a word

* use reasons
bind even more evp (#3684) 2017-06-06T11:57:35+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-06T11:57:35+00:00 34036d649f3f666cbadba3b737e03daa55e86d20 * bind even more evp * oops 
* bind even more evp

* oops
bind EVP_PKEY_get1_tls_encodedpoint because X25519 (#3682) 2017-06-06T00:45:44+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-06T00:45:44+00:00 023eccfc044c2f6a377f22fe50227175aca6fb4c 






add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519 (#3681)
2017-06-05T11:04:54+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-06-05T11:04:54+00:00

580f434b341abdd53f4031a5a0066547cc3065f9

* add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519

* add a few more bindings we'll need for X25519





* add EVP_PKEY_keygen and EVP_PKEY_keygen_init for x25519/ed25519

* add a few more bindings we'll need for X25519







bind EVP_CTRL_AEAD even when on < 1.1.0 (#3679)
2017-06-05T02:42:16+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-06-05T02:42:16+00:00

a8ba6654c2c7835af0226a5e1be5bceae105f2f8












Refs #3461 -- parse SCTs from x.509 extension (#3480)
2017-06-04T17:36:58+00:00

Alex Gaynor
alex.gaynor@gmail.com

2017-06-04T17:36:58+00:00

6a0718faddbc7b6b57f86417f6daa468c18ea248

* Stub API for SCTs, feedback wanted

* grr, flake8

* finish up the __init__

* Initial implementation and tests

* write a test. it fails because computer

* get the tests passing and fix some TODOs

* changelog entry

* This can go now

* Put a skip in this test

* grump

* Removed unreachable code

* moved changelog to the correct section

* Use the deocrator for expressing requirements

* This needs f for the right entry_type

* coverage

* syntax error

* tests for coverage

* better sct eq tests

* docs

* technically correct, the most useless kind of correct

* typo and more details

* bug

* drop __eq__





* Stub API for SCTs, feedback wanted

* grr, flake8

* finish up the __init__

* Initial implementation and tests

* write a test. it fails because computer

* get the tests passing and fix some TODOs

* changelog entry

* This can go now

* Put a skip in this test

* grump

* Removed unreachable code

* moved changelog to the correct section

* Use the deocrator for expressing requirements

* This needs f for the right entry_type

* coverage

* syntax error

* tests for coverage

* better sct eq tests

* docs

* technically correct, the most useless kind of correct

* typo and more details

* bug

* drop __eq__







deprecate signer/verifier on asymmetric keys (#3663)
2017-06-04T03:11:55+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-06-04T03:11:55+00:00

1a5d70e876346653b3dfa2a95f188ef0eb92bd7d

* deprecate signer/verifier on asymmetric keys

* review feedback, switch deprecated_call to work around a bug





* deprecate signer/verifier on asymmetric keys

* review feedback, switch deprecated_call to work around a bug







make signature and verification contexts error better re: prehashed (#3658)
2017-06-02T17:51:09+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-06-02T17:51:09+00:00

26fcc5c24d7ef7e905181ba044447ed15746c73b

* make signature and verification contexts error better re: prehashed

* code review feedback





* make signature and verification contexts error better re: prehashed

* code review feedback







runtime detection of getentropy for macOS via weak-linking (#3650)
2017-05-31T01:56:15+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-05-31T01:56:15+00:00

b637aec1624e558b0e158064264a2523a4dcba31

* runtime detection of getentropy for macOS via weak-linking

In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!

* oops

* separate the enum

* okay just apple





* runtime detection of getentropy for macOS via weak-linking

In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!

* oops

* separate the enum

* okay just apple