From laa at kamstrup.com  Fri May  5 02:43:08 2017
From: laa at kamstrup.com (Lars Alex Pedersen)
Date: Fri, 5 May 2017 06:43:08 +0000
Subject: [Cryptography-dev] Cross compiling wrong ELF class: ELFCLASS32
Message-ID: <943EEADB13F8624DA5F1F646AD8B111D01F860AFF0@Exchange2010.kamstrup.dk>

Hope that someone can lead me in the right direction. Trying to cross
compile python3-cryptography for an ARM architecture on a x64 host and ends
up with:

ImportError:
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/_cffi_backend.cpython-35m-arm-linux
-gnueabi.so: wrong ELF class: ELFCLASS32

Looks like _cffi_backend.cpython-35m-arm-linux-gnueabi.so if correct but
somehow used by a 64bit python during some step?

------------------------------------
target: python3-cryptography.compile
------------------------------------

Installed
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg
Searching for pycparser
Reading https://pypi.python.org/simple/pycparser/
Best match: pycparser 2.17
Downloading
https://pypi.python.org/packages/be/64/1bb257ffb17d01f4a38d7ce686809a736837a
d4371bcc5c42ba7a715c3ac/pycparser-2.17.tar.gz#md5=ca98dcb50bc1276f230118f6af
5a40c7
Processing pycparser-2.17.tar.gz
Writing /tmp/easy_install-3h983a01/pycparser-2.17/setup.cfg
Running pycparser-2.17/setup.py -q bdist_egg --dist-dir
/tmp/easy_install-3h983a01/pycparser-2.17/egg-dist-tmp-g_kj1xdg
warning: no previously-included files matching 'yacctab.*' found under
directory 'tests'
warning: no previously-included files matching 'lextab.*' found under
directory 'tests'
warning: no previously-included files matching 'yacctab.*' found under
directory 'examples'
warning: no previously-included files matching 'lextab.*' found under
directory 'examples'
zip_safe flag not set; analyzing archive contents...
pycparser.ply.__pycache__.yacc.cpython-35: module references __file__
pycparser.ply.__pycache__.yacc.cpython-35: module MAY be using
inspect.getsourcefile
pycparser.ply.__pycache__.yacc.cpython-35: module MAY be using inspect.stack
pycparser.ply.__pycache__.ygen.cpython-35: module references __file__
pycparser.ply.__pycache__.lex.cpython-35: module references __file__
pycparser.ply.__pycache__.lex.cpython-35: module MAY be using
inspect.getsourcefile
creating
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs/pycparser-2.17-py3.5.egg
Extracting pycparser-2.17-py3.5.egg to
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs

Installed
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs/pycparser-2.17-py3.5.egg
Traceback (most recent call last):
  File "setup.py", line 335, in <module>
    **keywords_with_side_effects(sys.argv)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/sysroot-host/lib/python3.5/di
stutils/core.py", line 108, in setup
    _setup_distribution = dist = klass(attrs)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/sysroot-host/lib/python3.5/si
te-packages/setuptools/dist.py", line 272, in __init__
    _Distribution.__init__(self,attrs)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/sysroot-host/lib/python3.5/di
stutils/dist.py", line 281, in __init__
    self.finalize_options()
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/sysroot-host/lib/python3.5/si
te-packages/setuptools/dist.py", line 327, in finalize_options
    ep.load()(self, ep.name, value)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/cffi/setuptools_ext.py", line 188,
in cffi_modules
    add_cffi_module(dist, cffi_module)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/cffi/setuptools_ext.py", line 49,
in add_cffi_module
    execfile(build_file_name, mod_vars)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/cffi/setuptools_ext.py", line 25,
in execfile
    exec(code, glob, glob)
  File "src/_cffi_src/build_openssl.py", line 94, in <module>
    extra_link_args=extra_link_args(compiler_type()),
  File "src/_cffi_src/utils.py", line 61, in build_ffi_for_binding
    extra_link_args=extra_link_args,
  File "src/_cffi_src/utils.py", line 69, in build_ffi
    ffi = FFI()
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/cffi/api.py", line 46, in __init__
    import _cffi_backend as backend
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/_cffi_backend.py", line 7, in
<module>
    __bootstrap__()
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8
.1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/_cffi_backend.py", line 6, in
__bootstrap__
    imp.load_dynamic(__name__,__file__)
  File
"/home/laa/git/penguin/ptxdist/platform-tqma28/sysroot-host/lib/python3.5/im
p.py", line 342, in load_dynamic
    return _load(spec)
ImportError:
/home/laa/git/penguin/ptxdist/platform-tqma28/build-target/cryptography-1.8.
1/.eggs/cffi-1.10.0-py3.5-linux2-arm.egg/_cffi_backend.cpython-35m-arm-linux
-gnueabi.so: wrong ELF class: ELFCLASS32
/usr/local/lib/ptxdist-2016.08.0/rules/post/ptxd_make_world_compile.make:21:
recipe for target
'/home/laa/git/penguin/ptxdist/platform-tqma28/state/python3-cryptography.co
mpile' failed
make: ***
[/home/laa/git/penguin/ptxdist/platform-tqma28/state/python3-cryptography.co
mpile] Error 1


Best regards
Lars Alex Pedersen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3545 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170505/9046c97e/attachment.bin>

From readthedocs at readthedocs.org  Sun May 21 01:35:25 2017
From: readthedocs at readthedocs.org (Read the Docs)
Date: Sun, 21 May 2017 05:35:25 -0000
Subject: [Cryptography-dev] Failed: Cryptography (ae59061e)
Message-ID: <20170521053525.14060.26528@web02.servers.readthedocs.org>


Build Failed for Cryptography (latest)



You can find out more about this failure here:
https://readthedocs.org/projects/cryptography/builds/5450119/

If you have questions, a good place to start is the FAQ:
https://docs.readthedocs.org/en/latest/faq.html



Keep documenting,
Read the Docs
--
http://readthedocs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170521/25928cc3/attachment.html>

From rob.desbois at gmail.com  Mon May 22 12:22:52 2017
From: rob.desbois at gmail.com (Rob D)
Date: Mon, 22 May 2017 17:22:52 +0100
Subject: [Cryptography-dev] Set padding strategy to use in X.509 certificate
 signing
Message-ID: <CAC3iaoXmBPFiErq3XUbXFz9OsrT4dxvt5Qcbduuetn3pTdxHxw@mail.gmail.com>

I've been using the cryptography library to create a self-signed X.509
certificate, and had difficulty verifying the signature until I discovered
that sha256WithRSAEncryption also implies PKCS 1.5, rather than PSS.
I didn't expect this, as the docs recommend PSS everywhere, so I thought it
would naturally be selected by default.

Now I understand that I can verify the signature, but I cannot *choose* the
signing algorithm: CertificateBuilder.sign() only allows specification of
the *hashing* algorithm. Is the algorithm a choice made by the underlying
backend?

I'm guessing not, but is there a way to choose the signing algorithm to be
used?

Otherwise, when I'm verifying the signature, how do I determine the padding
strategy: do I have to embed a lookup table storing the padding name for a
given signing algorithm OID/name?

TIA -- rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170522/9d53551e/attachment.html>

From alex.gaynor at gmail.com  Mon May 22 13:02:45 2017
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Mon, 22 May 2017 13:02:45 -0400
Subject: [Cryptography-dev] Set padding strategy to use in X.509
 certificate signing
In-Reply-To: <CAC3iaoXmBPFiErq3XUbXFz9OsrT4dxvt5Qcbduuetn3pTdxHxw@mail.gmail.com>
References: <CAC3iaoXmBPFiErq3XUbXFz9OsrT4dxvt5Qcbduuetn3pTdxHxw@mail.gmail.com>
Message-ID: <CAFRnB2WhmzO40MuMqG=qTJfSsHHA9A59e1J6vitWcTY=aUrvYw@mail.gmail.com>

Unfortunately we don't have an API for this:
https://github.com/pyca/cryptography/issues/2850 tracks adding this.

Truth be told, I'm not totally sure the status of PSS signature
verification in X.509 libs, so I can't promise what platforms this will
work on, even after we figure this out.

Alex

On Mon, May 22, 2017 at 12:22 PM, Rob D <rob.desbois at gmail.com> wrote:

> I've been using the cryptography library to create a self-signed X.509
> certificate, and had difficulty verifying the signature until I discovered
> that sha256WithRSAEncryption also implies PKCS 1.5, rather than PSS.
> I didn't expect this, as the docs recommend PSS everywhere, so I thought
> it would naturally be selected by default.
>
> Now I understand that I can verify the signature, but I cannot *choose*
> the signing algorithm: CertificateBuilder.sign() only allows specification
> of the *hashing* algorithm. Is the algorithm a choice made by the
> underlying backend?
>
> I'm guessing not, but is there a way to choose the signing algorithm to be
> used?
>
> Otherwise, when I'm verifying the signature, how do I determine the
> padding strategy: do I have to embed a lookup table storing the padding
> name for a given signing algorithm OID/name?
>
> TIA -- rob
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>


-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170522/31560ae1/attachment.html>

From readthedocs at readthedocs.org  Wed May 24 01:54:09 2017
From: readthedocs at readthedocs.org (Read the Docs)
Date: Wed, 24 May 2017 05:54:09 -0000
Subject: [Cryptography-dev] Failed: Cryptography (latest)
Message-ID: <20170524055409.32643.3347@web03.servers.readthedocs.org>


Build Failed for Cryptography (latest)



You can find out more about this failure here:
https://readthedocs.org/projects/cryptography/builds/5464221/

If you have questions, a good place to start is the FAQ:
https://docs.readthedocs.org/en/latest/faq.html



Keep documenting,
Read the Docs
--
http://readthedocs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170524/46779885/attachment.html>

From readthedocs at readthedocs.org  Wed May 24 02:40:22 2017
From: readthedocs at readthedocs.org (Read the Docs)
Date: Wed, 24 May 2017 06:40:22 -0000
Subject: [Cryptography-dev] Failed: Cryptography (latest)
Message-ID: <20170524064022.23016.18999@web04.servers.readthedocs.org>


Build Failed for Cryptography (latest)



You can find out more about this failure here:
https://readthedocs.org/projects/cryptography/builds/5464388/

If you have questions, a good place to start is the FAQ:
https://docs.readthedocs.org/en/latest/faq.html



Keep documenting,
Read the Docs
--
http://readthedocs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170524/87db10ec/attachment.html>

From readthedocs at readthedocs.org  Thu May 25 16:57:57 2017
From: readthedocs at readthedocs.org (Read the Docs)
Date: Thu, 25 May 2017 20:57:57 -0000
Subject: [Cryptography-dev] Failed: Cryptography (latest)
Message-ID: <20170525205757.29013.92192@web04.servers.readthedocs.org>


Build Failed for Cryptography (latest)



You can find out more about this failure here:
https://readthedocs.org/projects/cryptography/builds/5473660/

If you have questions, a good place to start is the FAQ:
https://docs.readthedocs.org/en/latest/faq.html



Keep documenting,
Read the Docs
--
http://readthedocs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170525/16d6fcb3/attachment.html>

From paul.l.kehrer at gmail.com  Fri May 26 02:44:23 2017
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Fri, 26 May 2017 02:44:23 -0400
Subject: [Cryptography-dev] PyCA cryptography 1.8.2 released
Message-ID: <CABj5TKSJObbZt=kjgXmOk2UV0p-iq8kSOQhnXX-1CjcxxSz3Xg@mail.gmail.com>

PyCA cryptography 1.8.2 has been released to PyPI. This is a small bug fix
release to correct an issue with compilation on OpenSSL 1.1.0f.

Changelog:

* Fixed a compilation bug affecting OpenSSL 1.1.0f.
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.

-Paul Kehrer (reaperhulk)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170526/13547e69/attachment.html>

From readthedocs at readthedocs.org  Mon May 29 18:09:26 2017
From: readthedocs at readthedocs.org (Read the Docs)
Date: Mon, 29 May 2017 22:09:26 -0000
Subject: [Cryptography-dev] Failed: Cryptography (latest)
Message-ID: <20170529220926.23016.71993@web04.servers.readthedocs.org>


Build Failed for Cryptography (latest)



You can find out more about this failure here:
https://readthedocs.org/projects/cryptography/builds/5488698/

If you have questions, a good place to start is the FAQ:
https://docs.readthedocs.org/en/latest/faq.html



Keep documenting,
Read the Docs
--
http://readthedocs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170529/972eef9c/attachment.html>

From paul at victoly.com  Mon May 29 22:34:15 2017
From: paul at victoly.com (Paul Kehrer)
Date: Mon, 29 May 2017 19:34:15 -0700
Subject: [Cryptography-dev] PyCA cryptography 1.9 released
Message-ID: <CAKUsH6X_T4e6SOXgKgRLknOsv8qd74udtc=SL0G8Y9L_hnG-gg@mail.gmail.com>

PyCA cryptography 1.8 (and 1.8.1) has been released to PyPI.
cryptography includes both high level recipes and low level interfaces
to common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions. We support Python 2.6-2.7,
Python 3.3+, and PyPy.

Changelog:

* BACKWARDS INCOMPATIBLE: Elliptic Curve signature verification no
longer returns True on success. This brings it in line with the
interface?s documentation, and our intent. The correct way to use
verify() has always been to check whether or not InvalidSignature was
raised.
* BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.7 and 10.8.
* BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.3.
* Python 3.3 support has been deprecated, and will be removed in the
next cryptography release.
* Add support for providing tag during GCM finalization via finalize_with_tag().
* Fixed an issue preventing cryptography from compiling against LibreSSL 2.5.x.
* Added key_size convenience methods for determining the bit size of a
secret scalar for an elliptic curve.
* Accessing an unrecognized extension marked critical on an X.509
object will no longer raise an UnsupportedExtension exception, instead
an UnrecognizedExtension object will be returned. This behavior was
based on a poor reading of the RFC, unknown critical extensions only
need to be rejected on certificate verification.
* The CommonCrypto backend has been removed.
* MultiBackend has been removed.
* Whirlpool and RIPEMD160 have been deprecated.

Thanks to all the contributors for their hard work on this release!

-Paul Kehrer (reaperhulk)