delta/python-packages/cryptography.git/tests, branch private-key-serialization-docs github.com: pyca/cryptography.git X25519 Support (#3686) 2017-06-09T12:31:30+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-09T12:31:30+00:00 3e357f704008f38261aee011a9fe674dc43cc0ae * early days * sort of working * more things * remove private_bytes * public bytes, interface fix * load public keys * x25519 support basically done now * private_bytes is gone * some reminders * doctest this too * remove a thing that doesn't matter * x25519 supported checks * libressl has the NID, but a different API, so check for OpenSSL * pep8 * add missing coverage * update to use reasons * expand test a little * add changelog entry * review feedback 
* early days

* sort of working

* more things

* remove private_bytes

* public bytes, interface fix

* load public keys

* x25519 support basically done now

* private_bytes is gone

* some reminders

* doctest this too

* remove a thing that doesn't matter

* x25519 supported checks

* libressl has the NID, but a different API, so check for OpenSSL

* pep8

* add missing coverage

* update to use reasons

* expand test a little

* add changelog entry

* review feedback
ChaCha20Poly1305 support (#3680) 2017-06-08T04:08:57+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-08T04:08:57+00:00 7e53d911577881d87ce30291cef68e24f3c1b763 * chacha20poly1305 support * add chacha20poly1305 backend and some fixes * refactor * forgot to remove this * pep8 * review feedback and a lot of type/value checking * review feedback * raise unsupportedalgorithm when creating a ChaCha20Poly1305 object if it's not supported. * switch to ciphertext||tag * typo * remove a branch we don't need * review feedback * decrypts is *also* a word * use reasons 
* chacha20poly1305 support

* add chacha20poly1305 backend and some fixes

* refactor

* forgot to remove this

* pep8

* review feedback and a lot of type/value checking

* review feedback

* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object

if it's not supported.

* switch to ciphertext||tag

* typo

* remove a branch we don't need

* review feedback

* decrypts is *also* a word

* use reasons
Refs #3461 -- parse SCTs from x.509 extension (#3480) 2017-06-04T17:36:58+00:00 Alex Gaynor alex.gaynor@gmail.com 2017-06-04T17:36:58+00:00 6a0718faddbc7b6b57f86417f6daa468c18ea248 * Stub API for SCTs, feedback wanted * grr, flake8 * finish up the __init__ * Initial implementation and tests * write a test. it fails because computer * get the tests passing and fix some TODOs * changelog entry * This can go now * Put a skip in this test * grump * Removed unreachable code * moved changelog to the correct section * Use the deocrator for expressing requirements * This needs f for the right entry_type * coverage * syntax error * tests for coverage * better sct eq tests * docs * technically correct, the most useless kind of correct * typo and more details * bug * drop __eq__ 
* Stub API for SCTs, feedback wanted

* grr, flake8

* finish up the __init__

* Initial implementation and tests

* write a test. it fails because computer

* get the tests passing and fix some TODOs

* changelog entry

* This can go now

* Put a skip in this test

* grump

* Removed unreachable code

* moved changelog to the correct section

* Use the deocrator for expressing requirements

* This needs f for the right entry_type

* coverage

* syntax error

* tests for coverage

* better sct eq tests

* docs

* technically correct, the most useless kind of correct

* typo and more details

* bug

* drop __eq__
deprecate signer/verifier on asymmetric keys (#3663) 2017-06-04T03:11:55+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-06-04T03:11:55+00:00 1a5d70e876346653b3dfa2a95f188ef0eb92bd7d * deprecate signer/verifier on asymmetric keys * review feedback, switch deprecated_call to work around a bug 
* deprecate signer/verifier on asymmetric keys

* review feedback, switch deprecated_call to work around a bug
call check_backend_support directly from backend fixture (#3666) 2017-06-04T02:02:50+00:00 Alex Gaynor alex.gaynor@gmail.com 2017-06-04T02:02:50+00:00 e6055fbfb2b1b7b00b361615d4c665c6e9fc0b6d 






Switched our backend to be a normal fixture in tests (#3665)
2017-06-04T00:38:22+00:00

Alex Gaynor
alex.gaynor@gmail.com

2017-06-04T00:38:22+00:00

133a17971af3c40ff935be5c74ba2542cebbea30












make signature and verification contexts error better re: prehashed (#3658)
2017-06-02T17:51:09+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-06-02T17:51:09+00:00

26fcc5c24d7ef7e905181ba044447ed15746c73b

* make signature and verification contexts error better re: prehashed

* code review feedback





* make signature and verification contexts error better re: prehashed

* code review feedback







Enlarge _oid2txt buffer to handle larger OIDs (#3612)
2017-05-29T21:33:20+00:00

Fraser Tweedale
frase@frase.id.au

2017-05-29T21:33:20+00:00

d607dd7e5bc5c08854ec0c9baff70ba4a35be36f

The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs).  If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.




The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs).  If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.






move MACContext to mac.py and eliminate interfaces.py (#3631)
2017-05-29T15:13:35+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-05-29T15:13:35+00:00

7bc36865fcdb1057a4d2925d28f688c5590d6eaf

* move MACContext to mac.py and eliminate interfaces.py finally

* improve title

* re-add and deprecate interfaces.MACContext

* use pytest.warns instead of deprecated_call

The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then





* move MACContext to mac.py and eliminate interfaces.py finally

* improve title

* re-add and deprecate interfaces.MACContext

* use pytest.warns instead of deprecated_call

The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then







fix libressl error/refactor some error handling (#3609)
2017-05-26T04:05:00+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-05-26T04:05:00+00:00

d36bef0b744d79b209b13f87fb9c943e4091a2c5

* add libre so I can see the error

* add the libre error needed and refactor error handling a bit

We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion

* fix a typo, probably an unneeded branch

* review feedback

* refactor tests to support libressl

insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none

* better assert, fix flake8





* add libre so I can see the error

* add the libre error needed and refactor error handling a bit

We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion

* fix a typo, probably an unneeded branch

* review feedback

* refactor tests to support libressl

insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none

* better assert, fix flake8