* early days
* sort of working
* more things
* remove private_bytes
* public bytes, interface fix
* load public keys
* x25519 support basically done now
* private_bytes is gone
* some reminders
* doctest this too
* remove a thing that doesn't matter
* x25519 supported checks
* libressl has the NID, but a different API, so check for OpenSSL
* pep8
* add missing coverage
* update to use reasons
* expand test a little
* add changelog entry
* review feedback
* chacha20poly1305 support
* add chacha20poly1305 backend and some fixes
* refactor
* forgot to remove this
* pep8
* review feedback and a lot of type/value checking
* review feedback
* raise unsupportedalgorithm when creating a ChaCha20Poly1305 object
if it's not supported.
* switch to ciphertext||tag
* typo
* remove a branch we don't need
* review feedback
* decrypts is *also* a word
* use reasons
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
* runtime detection of getentropy for macOS via weak-linking
In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!
* oops
* separate the enum
* okay just apple
* add a jenkinsfile for building wheels
* remove scripts we don't need now
* still do the list of installed items on the mac builder
* build 2.6, don't bother with 2.7 ucs4 on mac, simplify batch
The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs). If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.
* move MACContext to mac.py and eliminate interfaces.py finally
* improve title
* re-add and deprecate interfaces.MACContext
* use pytest.warns instead of deprecated_call
The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then
