From 90ae866e0a83ef92ce2b2e7c58ccb86e79f3bee8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:21:00 -0600 Subject: add hmac_supported method to backend. Previously we were implicitly assuming that if a hash was supported then its hmac equivalent was as well. --- docs/hazmat/backends/interfaces.rst | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'docs/hazmat/backends') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index b524943d..45fbaf09 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -126,12 +126,23 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using cryptographic hash functions as message authentication codes. + .. method:: hmac_supported(algorithm) + + Check if the specified ``algorithm`` is supported by this backend. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: ``True`` if the specified ``algorithm`` is supported for HMAC + by this backend, otherwise ``False``. + .. method:: create_hmac_ctx(algorithm) Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` -- cgit v1.2.3 From 4f776c495cfef4dd29023cb7bb035612d1e53916 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:25:54 -0600 Subject: fix erroneous indent and add abstractmethod to HMACBackend --- docs/hazmat/backends/interfaces.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/hazmat/backends') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 45fbaf09..5b6cd64d 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -141,8 +141,8 @@ A specific ``backend`` may provide one or more of these interfaces. Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` -- cgit v1.2.3 From 8f42fe4e86267c4dee696707ac08371a1aa2531a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 13:15:52 -0800 Subject: Slightly reorganize and cleanuip the backend docs --- docs/hazmat/backends/index.rst | 24 ++++++++++++------------ docs/hazmat/backends/openssl.rst | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'docs/hazmat/backends') diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index a89cf0d5..06951281 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -1,17 +1,10 @@ .. hazmat:: -Bindings +Backends ======== -.. toctree:: - :maxdepth: 1 - - openssl - interfaces - - -Getting a Backend Provider -~~~~~~~~~~~~~~~~~~~~~~~~~~ +Getting a Backend +----------------- .. currentmodule:: cryptography.hazmat.backends @@ -19,8 +12,7 @@ Getting a Backend Provider the widest number of supported cryptographic algorithms as well as supporting platform specific implementations. -You can get the default backend by calling -:func:`~default_backend`. +You can get the default backend by calling :func:`~default_backend`. The default backend will change over time as we implement new backends and the libraries we use in those backends changes. @@ -32,3 +24,11 @@ the libraries we use in those backends changes. :class:`~interfaces.CipherBackend`, :class:`~interfaces.HashBackend`, and :class:`~interfaces.HMACBackend`. +Individual Backends +------------------- + +.. toctree:: + :maxdepth: 1 + + openssl + interfaces diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 12fbff04..5e51c75e 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -1,7 +1,7 @@ .. hazmat:: -OpenSSL -======= +OpenSSL Backend +=============== These are `CFFI`_ bindings to the `OpenSSL`_ C library. -- cgit v1.2.3 From e68d73e37be57774246165a5d5263c89825e0864 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Tue, 31 Dec 2013 14:00:38 +0000 Subject: Document compiling OpenSSL to avoid conflicts --- docs/hazmat/backends/openssl.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'docs/hazmat/backends') diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 5e51c75e..99b327d9 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -21,5 +21,32 @@ These are `CFFI`_ bindings to the `OpenSSL`_ C library. and access constants. +Using your own OpenSSL on Linux +------------------------------- + +Python links to OpenSSL for its own purposes and this can sometimes cause +problems when you wish to use a different version of OpenSSL with cryptography. +If you want to use cryptography with your own build of OpenSSL you will need to +make sure that the build is configured correctly so that your version of +OpenSSL doesn't conflict with Python's. + +The options you need to add allow the linker to identify every symbol correctly +even when multiple versions of the library are linked into the same program. If +you are using your distribution's source packages these will probably be +patched in for you already, otherwise you'll need to use options something like +this when configuring OpenSSL:: + + ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared + +You'll also need to generate your own ``openssl.ld`` file. For example:: + + OPENSSL_1.0.1F_CUSTOM { + global: + *; + }; + +You should replace the version string on the first line as appropriate for your +build. + .. _`CFFI`: https://cffi.readthedocs.org/ .. _`OpenSSL`: https://www.openssl.org/ -- cgit v1.2.3