Merge branch 'master' into api-to-backend-in-one-easy-step

* master:
  Make use of currentmodule to maybe reduce redundant module definitions and also get source links.
  Enable the new read the docs theme, it's pretty.
  use is for identical object comparison
  add gcm constants and EVP_CIPHER_CTX_ctrl macro
  md5 is 128-bit. The person responsible for this mistake has been shot
  add test to verify api is being copied in hash
  When copying a hash, pass the api through to the new object

6 files changed, 61 insertions, 21 deletions

diff --git a/cryptography/bindings/openssl/evp.py b/cryptography/bindings/openssl/evp.py
index 41df1056..80980c6e 100644
--- a/cryptography/bindings/openssl/evp.py
+++ b/cryptography/bindings/openssl/evp.py
@@ -29,6 +29,9 @@ typedef struct evp_pkey_st {
 } EVP_PKEY;
 static const int EVP_PKEY_RSA;
 static const int EVP_PKEY_DSA;
+static const int EVP_CTRL_GCM_SET_IVLEN;
+static const int EVP_CTRL_GCM_GET_TAG;
+static const int EVP_CTRL_GCM_SET_TAG;
 """
 
 FUNCTIONS = """
@@ -84,4 +87,5 @@ MACROS = """
 int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *);
 int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *);
 """
diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py
index f3eccc6e..474dc167 100644
--- a/cryptography/primitives/hashes.py
+++ b/cryptography/primitives/hashes.py
@@ -40,7 +40,7 @@ class BaseHash(six.with_metaclass(abc.ABCMeta)):
         self._backend.update_hash_context(self._ctx, data)
 
     def copy(self):
-        return self.__class__(ctx=self._copy_ctx())
+        return self.__class__(api=self._api, ctx=self._copy_ctx())
 
     def digest(self):
         return self._backend.finalize_hash_context(self._copy_ctx(),
diff --git a/docs/conf.py b/docs/conf.py
index 16b1109e..a368ac70 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -248,3 +248,7 @@ texinfo_documents = [
 
 # Example configuration for intersphinx: refer to the Python standard library.
 intersphinx_mapping = {'http://docs.python.org/': None}
+
+
+# Enable the new ReadTheDocs theme
+RTD_NEW_THEME = True
diff --git a/docs/primitives/cryptographic-hashes.rst b/docs/primitives/cryptographic-hashes.rst
index aeb30f40..dcf21250 100644
--- a/docs/primitives/cryptographic-hashes.rst
+++ b/docs/primitives/cryptographic-hashes.rst
@@ -1,7 +1,9 @@
 Message Digests
 ===============
 
-.. class:: cryptography.primitives.hashes.BaseHash(data=None)
+.. currentmodule:: cryptography.primitives.hashes
+
+.. class:: BaseHash(data=None)
 
    Abstract base class that implements a common interface for all hash
    algorithms that follow here.
@@ -32,7 +34,7 @@ SHA-1
     NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications
     are strongly suggested to use SHA-2 over SHA-1.
 
-.. class:: cryptography.primitives.hashes.SHA1()
+.. class:: SHA1()
 
     SHA-1 is a cryptographic hash function standardized by NIST. It has a
     160-bit message digest.
@@ -40,22 +42,22 @@ SHA-1
 SHA-2 Family
 ~~~~~~~~~~~~
 
-.. class:: cryptography.primitives.hashes.SHA224()
+.. class:: SHA224()
 
     SHA-224 is a cryptographic hash function from the SHA-2 family and
     standardized by NIST. It has a 224-bit message digest.
 
-.. class:: cryptography.primitives.hashes.SHA256()
+.. class:: SHA256()
 
     SHA-256 is a cryptographic hash function from the SHA-2 family and
     standardized by NIST. It has a 256-bit message digest.
 
-.. class:: cryptography.primitives.hashes.SHA384()
+.. class:: SHA384()
 
     SHA-384 is a cryptographic hash function from the SHA-2 family and
     standardized by NIST. It has a 384-bit message digest.
 
-.. class:: cryptography.primitives.hashes.SHA512()
+.. class:: SHA512()
 
     SHA-512 is a cryptographic hash function from the SHA-2 family and
     standardized by NIST. It has a 512-bit message digest.
@@ -63,7 +65,7 @@ SHA-2 Family
 RIPEMD160
 ~~~~~~~~~
 
-.. class:: cryptography.primitives.hashes.RIPEMD160()
+.. class:: RIPEMD160()
 
     RIPEMD160 is a cryptographic hash function that is part of ISO/IEC
     10118-3:2004. It has a 160-bit message digest.
@@ -71,7 +73,7 @@ RIPEMD160
 Whirlpool
 ~~~~~~~~~
 
-.. class:: cryptography.primitives.hashes.Whirlpool()
+.. class:: Whirlpool()
 
     Whirlpool is a cryptographic hash function that is part of ISO/IEC
     10118-3:2004. It has a 512-bit message digest.
@@ -84,7 +86,7 @@ MD5
     MD5 is a deprecated hash algorithm that has practical known collision
     attacks. You are strongly discouraged from using it.
 
-.. class:: cryptography.primitives.hashes.MD5()
+.. class:: MD5()
 
-    MD5 is a deprecated cryptographic hash function. It has a 160-bit message
+    MD5 is a deprecated cryptographic hash function. It has a 128-bit message
     digest and has practical known collision attacks.
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst
index 9768246c..87e1e692 100644
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@@ -1,6 +1,8 @@
 Symmetric Encryption
 ====================
 
+.. currentmodule:: cryptography.primitives.block
+
 .. testsetup::
 
     import binascii
@@ -11,7 +13,7 @@ Symmetric Encryption
 Symmetric encryption is a way to encrypt (hide the plaintext value) material
 where the encrypter and decrypter both use the same key.
 
-.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)
+.. class:: BlockCipher(cipher, mode)
 
     Block ciphers work by encrypting content in chunks, often 64- or 128-bits.
     They combine an underlying algorithm (such as AES), with a mode (such as
@@ -43,7 +45,9 @@ where the encrypter and decrypter both use the same key.
             :class:`~cryptography.primitives.interfaces.CipherContext`
             provider.
 
-.. class:: cryptography.primitives.interfaces.CipherContext()
+.. currentmodule:: cryptography.primitives.interfaces
+
+.. class:: CipherContext()
 
     When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you
     will receive a return object conforming to the CipherContext interface. You
@@ -64,7 +68,9 @@ where the encrypter and decrypter both use the same key.
 Ciphers
 ~~~~~~~
 
-.. class:: cryptography.primitives.block.ciphers.AES(key)
+.. currentmodule:: cryptography.primitives.block.ciphers
+
+.. class:: AES(key)
 
     AES (Advanced Encryption Standard) is a block cipher standardized by NIST.
     AES is both fast, and cryptographically strong. It is a good default
@@ -73,7 +79,7 @@ Ciphers
     :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
                       This must be kept secret.
 
-.. class:: cryptography.primitives.block.ciphers.Camellia(key)
+.. class:: Camellia(key)
 
     Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.
     It is considered to have comparable security and performance to AES, but
@@ -83,7 +89,7 @@ Ciphers
                       This must be kept secret.
 
 
-.. class:: cryptography.primitives.block.ciphers.TripleDES(key)
+.. class:: TripleDES(key)
 
     Triple DES (Data Encryption Standard), sometimes refered to as 3DES, is a
     block cipher standardized by NIST. Triple DES has known cryptoanalytic
@@ -103,7 +109,9 @@ Ciphers
 Modes
 ~~~~~
 
-.. class:: cryptography.primitives.block.modes.CBC(initialization_vector)
+.. currentmodule:: cryptography.primitives.block.modes
+
+.. class:: CBC(initialization_vector)
 
     CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
     considered cryptographically strong.
@@ -117,7 +125,7 @@ Modes
                                         a given ``key``.
 
 
-.. class:: cryptography.primitives.block.modes.CTR(nonce)
+.. class:: CTR(nonce)
 
     .. warning::
 
@@ -135,7 +143,7 @@ Modes
                         with a given key. The nonce does not need to be kept
                         secret and may be included alongside the ciphertext.
 
-.. class:: cryptography.primitives.block.modes.OFB(initialization_vector)
+.. class:: OFB(initialization_vector)
 
     OFB (Output Feedback) is a mode of operation for block ciphers. It
     transforms a block cipher into a stream cipher.
@@ -148,7 +156,7 @@ Modes
                                         reuse an ``initialization_vector`` with
                                         a given ``key``.
 
-.. class:: cryptography.primitives.block.modes.CFB(initialization_vector)
+.. class:: CFB(initialization_vector)
 
     CFB (Cipher Feedback) is a mode of operation for block ciphers. It
     transforms a block cipher into a stream cipher.
@@ -171,7 +179,7 @@ Insecure Modes
     and existing applications should strongly consider migrating away.
 
 
-.. class:: cryptography.primitives.block.modes.ECB()
+.. class:: ECB()
 
     ECB (Electronic Code Book) is the simplest mode of operation for block
     ciphers. Each block of data is encrypted in the same way. This means
diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py
index 505f6c8a..7ddd1859 100644
--- a/tests/primitives/test_hashes.py
+++ b/tests/primitives/test_hashes.py
@@ -13,10 +13,14 @@
 
 from __future__ import absolute_import, division, print_function
 
+import pretend
+
 import pytest
 
 import six
 
+from cryptography.bindings import _default_api
+
 from cryptography.primitives import hashes
 
 from .utils import generate_base_hash_test
@@ -33,6 +37,24 @@ class TestBaseHash(object):
         assert isinstance(m.hexdigest(), str)
 
 
+class TestCopyHash(object):
+    def test_copy_api_object(self):
+        pretend_api = pretend.stub(copy_hash_context=lambda a: "copiedctx")
+        pretend_ctx = pretend.stub()
+        h = hashes.SHA1(api=pretend_api, ctx=pretend_ctx)
+        assert h._api is pretend_api
+        assert h.copy()._api is h._api
+
+
+class TestDefaultAPISHA1(object):
+    def test_default_api_creation(self):
+        """
+        This test assumes the presence of SHA1 in the default API.
+        """
+        h = hashes.SHA1()
+        assert h._api is _default_api
+
+
 class TestSHA1(object):
     test_SHA1 = generate_base_hash_test(
         hashes.SHA1,