diff options
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | docs/glossary.rst | 8 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 13 | ||||
| -rw-r--r-- | docs/spelling_wordlist.txt | 1 | ||||
| -rw-r--r-- | docs/x509.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/__about__.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 15 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/x509.py | 14 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_dh.py | 15 | ||||
| -rw-r--r-- | tox.ini | 3 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/__about__.py | 2 |
11 files changed, 42 insertions, 35 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 07d903c1..88ff1962 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,7 +1,7 @@ Changelog ========= -0.10 - `master`_ +1.0 - `master`_ ~~~~~~~~~~~~~~~~ .. note:: This version is not yet released and is under active development. diff --git a/docs/glossary.rst b/docs/glossary.rst index dc6f3ebf..202fa2de 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -64,3 +64,11 @@ Glossary text This type corresponds to ``unicode`` on Python 2 and ``str`` on Python 3. This is equivalent to ``six.text_type``. + + nonce + A nonce is a **n**\ umber used **once**. Nonces are used in many + cryptographic protocols. Generally, a nonce does not have to be secret + or unpredictable, but it must be unique. A nonce is often a random + or pseudo-random number (see :doc:`Random number generation + </random-numbers>`). Since a nonce does not have to be unpredictable, + it can also take a form of a counter. diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 47486895..309c6fd0 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -240,7 +240,7 @@ Modes **This mode does not require padding.** - :param bytes nonce: Should be :doc:`random bytes </random-numbers>`. It is + :param bytes nonce: Should be unique, a :term:`nonce`. It is critical to never reuse a ``nonce`` with a given key. Any reuse of a nonce with the same key compromises the security of every message encrypted with that key. Must be the same number of bytes as the @@ -305,12 +305,11 @@ Modes **This mode does not require padding.** - :param bytes initialization_vector: Must be :doc:`random bytes - </random-numbers>`. They do not need to be kept secret and they can be - included in a transmitted message. NIST `recommends a 96-bit IV - length`_ for performance critical situations but it can be up to - 2\ :sup:`64` - 1 bits. Do not reuse an ``initialization_vector`` with a - given ``key``. + :param bytes initialization_vector: Must be unique, a :term:`nonce`. + They do not need to be kept secret and they can be included in a + transmitted message. NIST `recommends a 96-bit IV length`_ for + performance critical situations but it can be up to 2\ :sup:`64` - 1 + bits. Do not reuse an ``initialization_vector`` with a given ``key``. .. note:: diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index badb500c..81510134 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -40,6 +40,7 @@ multi naïve namespace namespaces +Nonces online paddings pickleable diff --git a/docs/x509.rst b/docs/x509.rst index 23a70f45..11ea279b 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -803,7 +803,7 @@ X.509 Extensions .. class:: OCSPNoCheck - .. versionadded:: 0.10 + .. versionadded:: 1.0 This presence of this extension indicates that an OCSP client can trust a responder for the lifetime of the responder's certificate. CAs issuing diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py index 359cd819..9c28be2e 100644 --- a/src/cryptography/__about__.py +++ b/src/cryptography/__about__.py @@ -14,7 +14,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes" " and primitives to Python developers.") __uri__ = "https://github.com/pyca/cryptography" -__version__ = "0.10.dev1" +__version__ = "1.0.dev1" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index c7d2d154..f46dd1b7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -1,15 +1,6 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. from __future__ import absolute_import, division, print_function diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index 3eb70176..e0f42fbb 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -311,9 +311,14 @@ int i2d_EC_PUBKEY(EC_KEY *, unsigned char **); EC_KEY *d2i_EC_PUBKEY(EC_KEY **, const unsigned char **, long); EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); +EC_KEY *d2i_ECPrivateKey(EC_KEY **, const unsigned char **, long); EC_KEY *d2i_ECPrivateKey_bio(BIO *, EC_KEY **); +int i2d_ECPrivateKey(EC_KEY *, unsigned char **); int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); +EC_KEY *o2i_ECPublicKey(EC_KEY **, const unsigned char **, long); +int i2o_ECPublicKey(EC_KEY *, unsigned char **); + // declared in safestack int sk_ASN1_OBJECT_num(Cryptography_STACK_OF_ASN1_OBJECT *); ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int); @@ -330,8 +335,13 @@ int (*i2d_EC_PUBKEY)(EC_KEY *, unsigned char **) = NULL; EC_KEY *(*d2i_EC_PUBKEY)(EC_KEY **, const unsigned char **, long) = NULL; EC_KEY *(*d2i_EC_PUBKEY_bio)(BIO *, EC_KEY **) = NULL; int (*i2d_EC_PUBKEY_bio)(BIO *, EC_KEY *) = NULL; +EC_KEY *(*d2i_ECPrivateKey)(EC_KEY **, const unsigned char **, long) = NULL; EC_KEY *(*d2i_ECPrivateKey_bio)(BIO *, EC_KEY **) = NULL; +int (*i2d_ECPrivateKey)(EC_KEY *, unsigned char **) = NULL; int (*i2d_ECPrivateKey_bio)(BIO *, EC_KEY *) = NULL; + +EC_KEY *(*o2i_ECPublicKey)(EC_KEY **, const unsigned char **, long) = NULL; +int (*i2o_ECPublicKey)(EC_KEY *, unsigned char **) = NULL; #endif """ @@ -341,7 +351,11 @@ CONDITIONAL_NAMES = { "d2i_EC_PUBKEY", "d2i_EC_PUBKEY_bio", "i2d_EC_PUBKEY_bio", + "d2i_ECPrivateKey", "d2i_ECPrivateKey_bio", + "i2d_ECPrivateKey", "i2d_ECPrivateKey_bio", + "i2o_ECPublicKey", + "o2i_ECPublicKey", ] } diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index 115f3d8c..d8869de9 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -1,15 +1,6 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. from __future__ import absolute_import, division, print_function @@ -11,6 +11,7 @@ deps = ./vectors passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH commands = + python -c "from cryptography.hazmat.backends.openssl.backend import backend; print(backend.openssl_version_text())" # We use parallel mode and then combine here so that coverage.py will take # the paths like .tox/py34/lib/python3.4/site-packages/cryptography/__init__.py # and collapse them into src/cryptography/__init__.py. @@ -46,12 +47,14 @@ commands = # coverage.py on pypy. [testenv:pypy] commands = + python -c "from cryptography.hazmat.backends.openssl.backend import backend; print(backend.openssl_version_text())" py.test --capture=no --strict {posargs} # Temporarily disable coverage on pypy3 because of performance problems with # coverage.py on pypy3. [testenv:pypy3] commands = + python -c "from cryptography.hazmat.backends.openssl.backend import backend; print(backend.openssl_version_text())" py.test --capture=no --strict {posargs} [testenv:pep8] diff --git a/vectors/cryptography_vectors/__about__.py b/vectors/cryptography_vectors/__about__.py index f796fc37..a8199ced 100644 --- a/vectors/cryptography_vectors/__about__.py +++ b/vectors/cryptography_vectors/__about__.py @@ -14,7 +14,7 @@ __summary__ = "Test vectors for the cryptography package." __uri__ = "https://github.com/pyca/cryptography" -__version__ = "0.10.dev1" +__version__ = "1.0.dev1" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" |