[update to 2.3] fix encoding BMPString in x509 name entries (#4321)

Alex Gaynor (36):
      Revert "don't allow GeneralNames to be an empty list (#4128)" (#4161)
      forward port 2.2.1 changelog (#4167)
      updated link to sphinx docs (#4181)
      Fixed links to sphinx docs (#4182)
      Remove version number from an error message so that it makes sense (#4188)
      temporarily fix tests (#4195)
      Update URLs for new pypi! (#4194)
      Remove CDN purging, the new PyPI does the right thing (#4198)
      Revert #4195 (#4201)
      Remove setup.py branch (#4203)
      bump openssl version in travis (#4204)
      Remove cffi branch for pypy that's not needed (#4209)
      update link to draft rfc (#4214)
      Use a checklist for bumping openssl version (#4221)
      fixed variable name to be correct (#4226)
      Fixed some confusing type descriptions in docs (#4231)
      Run no longer used debugging output from travis (#4233)
      Remove macOS travis stuff, we don't intend to reenable it (#4244)
      satisfy shellcheck (#4247)
      Only send coverage for tox builds, in prep for #4228 (#4248)
      Fixes #4228 -- move downstream builders to travis (#4250)
      Removes branches in bindings for various OpenSSL 1.1.0 prereleases (#4269)
      Test certbot with OpenSSL 1.1.0 (#4278)
      Correct pass bytes; refs #4289 (#4291)
      Correctly pass bytes; refs #4289 (#4290)
      Perform an OPENSSL_cleanup before checking the heap in our memleak tests (#4293)
      Fixes #4242 -- added an additional assert to make this test more resillient (#4308)
      Don't change the cwd in travis scripts (#4309)
      Make the docs clearer on why truncated tags are a bad idea (#4312)
      Make our locking setup function compy with our style guide (#4316)
      Convert a pair of asserts to use openssl_assert (#4318)
      bump to latest libressl versions (#4329)
      Change the exception we raise in keywrap unwrapping on invalid length (#4337)
      Refs #3331 -- added initial wycheproof integration, starting with x25519, rsa, and keywrap (#4310)
      Refs #3331 -- integrated wycheproof ECDSA tests (#4341)
      Refs #3331 -- integrated wycheproof ECDH tests (#4354)

Amaury Forgeot d'Arc (1):
      Add Session functions, necessary to implement new features in Python 3.6. (#4205)

David Benjamin (12):
      Remove unused BN bindings. (#4219)
      Fix some callback type signatures. (#4227)
      Check for CMAC_Init errors. (#4232)
      Remove unused BIO bindings. (#4220)
      Clean up unused EC bindings. (#4225)
      Remove some unused RAND bindings. (#4239)
      Fix some stuttering. (#4240)
      Validate the public/private halves of EC keys on import. (#4241)
      Remove some unused RSA bindings. (#4243)
      Remove ECDSA_sign_setup and *sign_ex bindings. (#4245)
      Cleanup unused err bindings. (#4246)
      Revert the const bits of #4220. (#4276)

Denis Lila (1):
      add custom extensions functions for openssl >=1.0.2 (#4202)

Eric Brown (2):
      Future proofing use of the six python version constants (#4238)
      Add testing support of Python 3.7 (#4305)

Jon Dufresne (1):
      Document project as stable and ready for use in production (#4284)

Joshua Crowgey (4):
      Added badtime.pem vector (#4179)
      Raise ve on bad gt (#4180)
      add X509_NAME_print_ex (#4174)
      adding name so that 1.3.6.1.4.1.11129.2.4.2 is no longer and 'Unknown OID' (#4218)

Justin Holmes (1):
      Updated pip wheel option in installation script. (#4212)

Marti Raudsepp (2):
      Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294)
      Make RelativeDistinguishedName preserve attribtue order (#4306)

Matt Bullock (2):
      simplify Jenkins test run taking advantage of aws/aws-encryption-sdk-python#46 (#4185)
      add downstream tests for awslabs/aws-dynamodb-encryption-python (#4280)

Paul Kehrer (42):
      open master for 2.3 (#4151)
      add botan's AESKWP vectors reformatted for our NIST loader (#4159)
      fix bug with n % 8 length wrapping on AESKWP (#4160)
      Add urllib3 to downstream tests (#4165)
      port changelog for 2.2.2 (#4172)
      update the NIST keywrap vectors (#4191)
      add SHA3 and SHAKE vectors (#4213)
      Add support for extracting timestamp from a Fernet token (#4229)
      switch to py3 on docs job (#4230)
      Add SHA512/224 and SHA512/256 test vectors from NIST CAVP (#4237)
      remove block size as a required part of HashAlgorithm (#4249)
      build and test libre on travis (#4256)
      deprecate pythons without hmac.compare_digest (#4261)
      parametrize a few things in test_ec (#4268)
      simplify and parametrize DSA tests (#4267)
      LibreSSL 2.7.x support (#4270)
      Add py37 (#4298)
      6 and 7 are right next to each other (#4302)
      since the generator order is 570 bits this should be 570 (#4307)
      set an OPENSSL_API_COMPAT level (#4313)
      reduce number of deprecated signer/verifier calls in test_rsa (#4314)
      document that an ECPublicNumbers object has some unexpected properties (#4319)
      fix encoding BMPString in x509 name entries (#4321)
      fix a memory leak when calling X25519PrivateKey.public_key() (#4326)
      we don't actually care about the errstack here, it's an invalid signature (#4325)
      don't install docs when we build openssls...and do it parallel (#4327)
      try compiling with asm for our custom openssl (#4328)
      raise valueerror for null x25519 derived keys (#4332)
      switch cryptography wheel builders back to pip wheel (#4334)
      document one shot AEAD length restrictions (#4322)
      add crl.get_revoked_certificate method (#4331)
      add DSA wycheproof tests (#4346)
      add aes cbc pkcs5 wycheproof tests (#4347)
      disallow implicit tag truncation with finalize_with_tag (#4342)
      add wycheproof tests for AES CMAC (#4344)
      add chacha20poly1305 wycheproof tests (#4345)
      raise ValueError on zero length GCM IV (#4348)
      also check iv length for GCM nonce in AEAD (#4350)
      min_tag_length is an int (#4351)
      add wycheproof gcm tests (#4349)
      improve skip msg when skipping an ECDH test in test_ec (#4355)
      bump version and changelog for 2.3 release (#4356)

Quinten Stokkink (1):
      Exposed OpenSSL prime methods (#4292)

Thierry Bastian (1):
      OpenSSL 1.0.2o has switched to winsock2 (#4184)

Thom Dixon (1):
      Make AuthorityKeyIdentifier docs reflect reality (#4252)

Tim D. Smith (1):
      Fix typo (#4178)

Tux (1):
      Expose OpenSSL constant time bignum arithmetic (#4200)

Ville Skyttä (1):
      Use pytest instead of py.test per upstream recommendation, #dropthedot (#4236)

Vladyslav Moisieienkov (1):
      Add clearer message when key type is not bytes (#4289)

dumol (1):
      Fixed build errors on HP-UX. (#4259)

Коренберг Марк (1):
      Add serialisation output examples (#4286)

Author: fenrus75

.gitignore

@@ -0,0 +1,12 @@
+.*~
+*~
+*.swp
+.repo-index
+*.log
+build.log.round*
+*.tar.*
+*.tgz
+!*.tar.*.*
+*.zip
+commitmsg
+results/

Makefile

@@ -1,5 +1,5 @@
 PKG_NAME := cryptography_vectors
-URL = http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.2.2.tar.gz
+URL = http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.3.tar.gz
 ARCHIVES = 
 
 include ../common/Makefile.common

cryptography_vectors-2.3.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAltPLE0ACgkQI1rl8Sn5
+7Zjxngf6Ay0ZjiCrQEws069CLNUeXgzP9wV9mqUcdtY1+0FuvfEhfHZtSIK9u/Wt
+Lt/0GxfoumGZ0cXkSwRczJPr8GclIr+lDKLHHFcGofUJerK2JrkQH9QgSU09jQ0J
+IUtJqGm2oJVxTQ6ETzk9yh50DGyrj9j9UxtfygSh+QzQq5QgvpATG2OV9pw1sWBf
+YbtmRVDNPJnbCeCxCyq2Oh8nAhR21rJqszaJbQxlU0E1+VTRGyxbdw8a44JuPILL
+r4EG31UqNPkawIQpJfOCsYLLF5/vkD8dwS80oO+CkQET3iet2iMSL03yPMRUHWx8
+SN3qWYnorXOhPXGcVtEFxoAqMTgCXg==
+=1URy
+-----END PGP SIGNATURE-----

cryptography_vectors.spec

@@ -5,26 +5,35 @@
 # Source0 file verified with key 0x235AE5F129F9ED98 ([email protected])
 #
 Name     : cryptography_vectors
-Version  : 2.2.2
-Release  : 58
-URL      : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.2.2.tar.gz
-Source0  : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.2.2.tar.gz
-Source99 : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.2.2.tar.gz.asc
+Version  : 2.3
+Release  : 59
+URL      : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.3.tar.gz
+Source0  : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.3.tar.gz
+Source99 : http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.3.tar.gz.asc
 Summary  : Test vectors for the cryptography package.
 Group    : Development/Tools
 License  : Apache-2.0 BSD-3-Clause
 Requires: cryptography_vectors-python3
+Requires: cryptography_vectors-license
 Requires: cryptography_vectors-python
+BuildRequires : buildreq-distutils3
 BuildRequires : pbr
 BuildRequires : pip
-
 BuildRequires : python3-dev
 BuildRequires : setuptools
 
 %description
 This zip file contains sample test vectors (values) for the following functions defined in
 NIST SP 800-38F:
 
+%package license
+Summary: license components for the cryptography_vectors package.
+Group: Default
+
+%description license
+license components for the cryptography_vectors package.
+
+
 %package python
 Summary: python components for the cryptography_vectors package.
 Group: Default
@@ -44,18 +53,21 @@ python3 components for the cryptography_vectors package.
 
 
 %prep
-%setup -q -n cryptography_vectors-2.2.2
+%setup -q -n cryptography_vectors-2.3
 
 %build
 export http_proxy=http://127.0.0.1:9/
 export https_proxy=http://127.0.0.1:9/
 export no_proxy=localhost,127.0.0.1,0.0.0.0
 export LANG=C
-export SOURCE_DATE_EPOCH=1522355407
+export SOURCE_DATE_EPOCH=1532005886
 python3 setup.py build -b py3
 
 %install
 rm -rf %{buildroot}
+mkdir -p %{buildroot}/usr/share/doc/cryptography_vectors
+cp LICENSE.BSD %{buildroot}/usr/share/doc/cryptography_vectors/LICENSE.BSD
+cp LICENSE.APACHE %{buildroot}/usr/share/doc/cryptography_vectors/LICENSE.APACHE
 python3 -tt setup.py build -b py3 install --root=%{buildroot}
 echo ----[ mark ]----
 cat %{buildroot}/usr/lib/python3*/site-packages/*/requires.txt || :
@@ -64,6 +76,11 @@ echo ----[ mark ]----
 %files
 %defattr(-,root,root,-)
 
+%files license
+%defattr(-,root,root,-)
+/usr/share/doc/cryptography_vectors/LICENSE.APACHE
+/usr/share/doc/cryptography_vectors/LICENSE.BSD
+
 %files python
 %defattr(-,root,root,-)
 

options.conf

@@ -1,6 +1,6 @@
 [package]
 name = cryptography_vectors
-url = http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.2.2.tar.gz
+url = http://pypi.debian.net/cryptography_vectors/cryptography_vectors-2.3.tar.gz
 archives = 
 giturl = https://github.com/pyca/cryptography.git
 

release

@@ -1 +1 @@
-58
+59

upstream

@@ -1 +1 @@
-902bd2339c2ca02fde5568be34ba6db9ae21ac88/cryptography_vectors-2.2.2.tar.gz
+275e55bc76d74134c7e3e8ed733f2ca31c19286b/cryptography_vectors-2.3.tar.gz