* Bump pyo3 and lower MSRV (#5823)
* fix signature of EllipticCurvePublicKey.verify() (#5808)
The signature change was introduced in https://github.com/pyca/cryptography/pull/5729 but is inconsistent with respect to related methods, breaks backward compatibility and compatibility with the OpenSSL backend (and maybe other backends) when named arguments are used.
* Name: update get_attributes_for_oid return type (#5809)
`List` gives more power to the caller.
Note that `RelativeDistinguishedName`, the same function returns a `List`.
Is there a reason this was `Iterable` only for `Name`? If we don't want to
promise `List`, `Sequence` is another alternative.
* Start typing a bunch of stuff from x509 extensions (#5812)
* part 2 of typing x509 extensions (#5815)
* 3.4.5 changelog and version bump
* spelling
* fix a false positive from the latest clippy (#5813)
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Markus Wamser <wamserma@users.noreply.github.com>
Co-authored-by: Dan Halperin <dhalperi@users.noreply.github.com>
* Remove setuptools_rust from install requirement
setuptools_rust is only required for building cryptography.
Fixes: https://github.com/pyca/cryptography/issues/5778
Signed-off-by: Christian Heimes <cheimes@redhat.com>
* sdist needs setuptools_rust
Signed-off-by: Christian Heimes <cheimes@redhat.com>
* switch to xdist in tox for faster runs
* not using auto to avoid too many processes on local laptops
* we need to use pytest-cov to generate coverage properly now
* these env vars aren't present on no coverage builds
* tox changes
* Remove Python2 from CI and code that branched on it
* Update setup.py
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* remove
* review feedback
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* ssh.py contains load/serialize code.
* Add PrivateFormat.OpenSSH to .private_bytes() format.
* Add load_ssh_private_key().
* Use new code for PublicFormat.OpenSSH too.
* load_ssh_public_key() now supports reading signed public keys.
* Supported algorithms: rsa, dsa, ec, ed25519.
* Optional dependency on 'bcrypt' package via [ssh] extra
* drop python 3.4 support
Our dependencies have started dropping support so it is becoming
difficult to test. Additionally, Python 3.4 represents <2% of our
downloads, so taking on a large maintenance burden to maintain support
isn't a good use of limited time. Accordingly, we're dropping testing
infrastructure and migrating our abi3 wheels to py35+.
* use removed instead of dropped
* Remove non-test dependencies on asn1crypto.
cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.
Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:
from __future__ import absolute_import, division, print_function
import timeit
print(timeit.timeit(
"decode_dss_signature(sig)",
setup=r"""
from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
""",
number=10000))
Python 2.7:
asn1crypto: 0.25
_der.py: 0.098
Python 3.5:
asn1crypto: 0.17
_der.py: 0.10
* Remove test dependencies on asn1crypto.
The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.
* Add a read_single_element helper function.
The outermost read is a little tedious.
* Address flake8 warnings
* Fix test for long-form vs short-form lengths.
Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.
* Remove support for negative integers.
These never come up in valid signatures. Note, however, this does
change public API.
* Update src/cryptography/hazmat/primitives/asymmetric/utils.py
Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Review comments
* Avoid hardcoding the serialization of NULL in decode_asn1.py too.
* Drop setup.py test support.
It's fragile and relies on eggs. While our downstream redistributors don't love this (sorry!), it seems like the right tradeoff.
* Remove unused
* Added a changelog entry
* typo
* line length
* allow bytearrays for key/iv for symmetric encryption
* bump pypy/cffi requirements
* update docs, fix some tests
* old openssl is naught but pain
* revert a typo
* use trusty for old pypy
* better error msg again
* restore match
* update pytest config
pytest 3.8.0 was just released and officially deprecates some of the way
we do pytest marks. They introduced a new way to do this in 3.6 so this
PR switches to that mechanism and updates our minimum pytest requirement
* update the stubs
* also update wycheproof test config to remove deprecated paths
* don't need this any more
* test against python 3.7 for windows
* update docs to say we test on 3.7
* more succinct
* maybe make this actually work.
* link properly
* moar changes
