Removing faulty application - figenc - [RADIOACTIVE] rsa and symmetric key encryption scripts and executables

commit 2dfad803f0a5bc536cca6b5083a6df6fd248d209
parent 60a87abb70d58e230fa2adb898629d1267ca180e
Author: therealFIGBERT <naomi@Naomis-MacBook-Air.local>
Date:   Sun, 30 Jun 2019 16:35:48 -0700

Removing faulty application

Diffstat:
D MacOS/FigENC_MacOS.app/Contents/Info.plist  | 0 
D MacOS/FigENC_MacOS.app/Contents/MacOS/FigENC MacOS  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/AppIcon.icns  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/AppSettings.plist  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/MainMenu.nib  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/decrypt.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/encrypt.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/enum.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/initiate_key.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__about__.py  | 23 -----------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__init__.py  | 16 ----------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__about__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/exceptions.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/fernet.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/utils.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/exceptions.py  | 58 ----------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/fernet.py  | 171 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__init__.py  | 11 -----------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/_oid.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/_oid.py  | 67 -------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__init__.py  | 18 ------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/interfaces.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/interfaces.py  | 395 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__init__.py  | 10 ----------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/aead.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/backend.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ciphers.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/cmac.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/decode_asn1.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dh.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dsa.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ec.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed25519.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed448.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/encode_asn1.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hashes.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hmac.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ocsp.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/poly1305.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/rsa.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/utils.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x25519.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x448.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x509.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/aead.py  | 161 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/backend.py  | 2445 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ciphers.py  | 229 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/cmac.py  | 81 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/decode_asn1.py  | 899 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dh.py  | 280 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dsa.py  | 268 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ec.py  | 340 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed25519.py  | 151 ------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed448.py  | 154 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/encode_asn1.py  | 657 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hashes.py  | 78 ------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hmac.py  | 74 --------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ocsp.py  | 381 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/poly1305.py  | 60 ------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/rsa.py  | 478 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/utils.py  | 69 ---------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x25519.py  | 149 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x448.py  | 123 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x509.py  | 546 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__init__.py  | 5 -----
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_constant_time.abi3.so  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_openssl.abi3.so  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_padding.abi3.so  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__init__.py  | 5 -----
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/_conditional.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/binding.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/_conditional.py  | 434 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/binding.py  | 197 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__init__.py  | 5 -----
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/cmac.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/constant_time.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hashes.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hmac.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/keywrap.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/padding.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/poly1305.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__init__.py  | 40 ----------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dh.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dsa.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ec.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed25519.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed448.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/padding.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/rsa.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/utils.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x25519.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x448.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dh.py  | 212 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dsa.py  | 254 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ec.py  | 500 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed25519.py  | 84 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed448.py  | 79 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/padding.py  | 79 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/rsa.py  | 368 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/utils.py  | 38 --------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x25519.py  | 73 -------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x448.py  | 73 -------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__init__.py  | 21 ---------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__pycache__/aead.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__pycache__/algorithms.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__pycache__/base.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/__pycache__/modes.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/aead.py  | 188 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/algorithms.py  | 167 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/base.py  | 235 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/ciphers/modes.py  | 218 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/cmac.py  | 64 ----------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/constant_time.py  | 35 -----------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/hashes.py  | 255 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/hmac.py  | 66 ------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__init__.py  | 26 --------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/concatkdf.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/hkdf.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/kbkdf.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/pbkdf2.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/scrypt.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/__pycache__/x963kdf.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/concatkdf.py  | 124 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/hkdf.py  | 110 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/kbkdf.py  | 145 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/pbkdf2.py  | 56 --------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/scrypt.py  | 63 ---------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/kdf/x963kdf.py  | 68 --------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/keywrap.py  | 154 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/padding.py  | 200 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/poly1305.py  | 43 -------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/__init__.py  | 26 --------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/__pycache__/base.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/__pycache__/pkcs12.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/__pycache__/ssh.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/base.py  | 82 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/pkcs12.py  | 9 ---------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/serialization/ssh.py  | 153 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/__init__.py  | 9 ---------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/__pycache__/hotp.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/__pycache__/totp.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/__pycache__/utils.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/hotp.py  | 68 --------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/totp.py  | 40 ----------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/twofactor/utils.py  | 30 ------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/utils.py  | 173 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__init__.py  | 189 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/__init__.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/base.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/certificate_transparency.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/extensions.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/general_name.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/name.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/ocsp.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/__pycache__/oid.cpython-37.pyc  | 0 
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/base.py  | 753 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/certificate_transparency.py  | 46 ----------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/extensions.py  | 1654 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/general_name.py  | 360 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/name.py  | 259 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/ocsp.py  | 422 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/x509/oid.py  | 226 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/decrypt.py  | 41 -----------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/encrypt.py  | 39 ---------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/enum.py  | 910 -------------------------------------------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/initiate_key.py  | 46 ----------------------------------------------
D MacOS/FigENC_MacOS.app/Contents/Resources/script  | 139 -------------------------------------------------------------------------------
A MacOS/__pycache__/decrypt.cpython-37.pyc  | 0 
A MacOS/__pycache__/encrypt.cpython-37.pyc  | 0 
A MacOS/__pycache__/initiate_key.cpython-37.pyc  | 0

182 files changed, 0 insertions(+), 18750 deletions(-)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Info.plist b/MacOS/FigENC_MacOS.app/Contents/Info.plist
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/MacOS/FigENC MacOS b/MacOS/FigENC_MacOS.app/Contents/MacOS/FigENC MacOS
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/AppIcon.icns b/MacOS/FigENC_MacOS.app/Contents/Resources/AppIcon.icns
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/AppSettings.plist b/MacOS/FigENC_MacOS.app/Contents/Resources/AppSettings.plist
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/MainMenu.nib b/MacOS/FigENC_MacOS.app/Contents/Resources/MainMenu.nib
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/decrypt.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/decrypt.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/encrypt.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/encrypt.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/enum.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/enum.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/initiate_key.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/__pycache__/initiate_key.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__about__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__about__.py
@@ -1,23 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-__all__ = [
-    "__title__", "__summary__", "__uri__", "__version__", "__author__",
-    "__email__", "__license__", "__copyright__",
-]
-
-__title__ = "cryptography"
-__summary__ = ("cryptography is a package which provides cryptographic recipes"
-               " and primitives to Python developers.")
-__uri__ = "https://github.com/pyca/cryptography"
-
-__version__ = "2.7"
-
-__author__ = "The cryptography developers"
-__email__ = "cryptography-dev@python.org"
-
-__license__ = "BSD or Apache License, Version 2.0"
-__copyright__ = "Copyright 2013-2017 {}".format(__author__)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__init__.py
@@ -1,16 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography.__about__ import (
-    __author__, __copyright__, __email__, __license__, __summary__, __title__,
-    __uri__, __version__
-)
-
-
-__all__ = [
-    "__title__", "__summary__", "__uri__", "__version__", "__author__",
-    "__email__", "__license__", "__copyright__",
-]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__about__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__about__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/exceptions.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/exceptions.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/fernet.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/fernet.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/utils.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/__pycache__/utils.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/exceptions.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/exceptions.py
@@ -1,58 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from enum import Enum
-
-
-class _Reasons(Enum):
-    BACKEND_MISSING_INTERFACE = 0
-    UNSUPPORTED_HASH = 1
-    UNSUPPORTED_CIPHER = 2
-    UNSUPPORTED_PADDING = 3
-    UNSUPPORTED_MGF = 4
-    UNSUPPORTED_PUBLIC_KEY_ALGORITHM = 5
-    UNSUPPORTED_ELLIPTIC_CURVE = 6
-    UNSUPPORTED_SERIALIZATION = 7
-    UNSUPPORTED_X509 = 8
-    UNSUPPORTED_EXCHANGE_ALGORITHM = 9
-    UNSUPPORTED_DIFFIE_HELLMAN = 10
-    UNSUPPORTED_MAC = 11
-
-
-class UnsupportedAlgorithm(Exception):
-    def __init__(self, message, reason=None):
-        super(UnsupportedAlgorithm, self).__init__(message)
-        self._reason = reason
-
-
-class AlreadyFinalized(Exception):
-    pass
-
-
-class AlreadyUpdated(Exception):
-    pass
-
-
-class NotYetFinalized(Exception):
-    pass
-
-
-class InvalidTag(Exception):
-    pass
-
-
-class InvalidSignature(Exception):
-    pass
-
-
-class InternalError(Exception):
-    def __init__(self, msg, err_code):
-        super(InternalError, self).__init__(msg)
-        self.err_code = err_code
-
-
-class InvalidKey(Exception):
-    pass
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/fernet.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/fernet.py
@@ -1,171 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import base64
-import binascii
-import os
-import struct
-import time
-
-import six
-
-from cryptography import utils
-from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes, padding
-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
-from cryptography.hazmat.primitives.hmac import HMAC
-
-
-class InvalidToken(Exception):
-    pass
-
-
-_MAX_CLOCK_SKEW = 60
-
-
-class Fernet(object):
-    def __init__(self, key, backend=None):
-        if backend is None:
-            backend = default_backend()
-
-        key = base64.urlsafe_b64decode(key)
-        if len(key) != 32:
-            raise ValueError(
-                "Fernet key must be 32 url-safe base64-encoded bytes."
-            )
-
-        self._signing_key = key[:16]
-        self._encryption_key = key[16:]
-        self._backend = backend
-
-    @classmethod
-    def generate_key(cls):
-        return base64.urlsafe_b64encode(os.urandom(32))
-
-    def encrypt(self, data):
-        current_time = int(time.time())
-        iv = os.urandom(16)
-        return self._encrypt_from_parts(data, current_time, iv)
-
-    def _encrypt_from_parts(self, data, current_time, iv):
-        utils._check_bytes("data", data)
-
-        padder = padding.PKCS7(algorithms.AES.block_size).padder()
-        padded_data = padder.update(data) + padder.finalize()
-        encryptor = Cipher(
-            algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
-        ).encryptor()
-        ciphertext = encryptor.update(padded_data) + encryptor.finalize()
-
-        basic_parts = (
-            b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext
-        )
-
-        h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
-        h.update(basic_parts)
-        hmac = h.finalize()
-        return base64.urlsafe_b64encode(basic_parts + hmac)
-
-    def decrypt(self, token, ttl=None):
-        timestamp, data = Fernet._get_unverified_token_data(token)
-        return self._decrypt_data(data, timestamp, ttl)
-
-    def extract_timestamp(self, token):
-        timestamp, data = Fernet._get_unverified_token_data(token)
-        # Verify the token was not tampered with.
-        self._verify_signature(data)
-        return timestamp
-
-    @staticmethod
-    def _get_unverified_token_data(token):
-        utils._check_bytes("token", token)
-        try:
-            data = base64.urlsafe_b64decode(token)
-        except (TypeError, binascii.Error):
-            raise InvalidToken
-
-        if not data or six.indexbytes(data, 0) != 0x80:
-            raise InvalidToken
-
-        try:
-            timestamp, = struct.unpack(">Q", data[1:9])
-        except struct.error:
-            raise InvalidToken
-        return timestamp, data
-
-    def _verify_signature(self, data):
-        h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
-        h.update(data[:-32])
-        try:
-            h.verify(data[-32:])
-        except InvalidSignature:
-            raise InvalidToken
-
-    def _decrypt_data(self, data, timestamp, ttl):
-        current_time = int(time.time())
-        if ttl is not None:
-            if timestamp + ttl < current_time:
-                raise InvalidToken
-
-            if current_time + _MAX_CLOCK_SKEW < timestamp:
-                raise InvalidToken
-
-        self._verify_signature(data)
-
-        iv = data[9:25]
-        ciphertext = data[25:-32]
-        decryptor = Cipher(
-            algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
-        ).decryptor()
-        plaintext_padded = decryptor.update(ciphertext)
-        try:
-            plaintext_padded += decryptor.finalize()
-        except ValueError:
-            raise InvalidToken
-        unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
-
-        unpadded = unpadder.update(plaintext_padded)
-        try:
-            unpadded += unpadder.finalize()
-        except ValueError:
-            raise InvalidToken
-        return unpadded
-
-
-class MultiFernet(object):
-    def __init__(self, fernets):
-        fernets = list(fernets)
-        if not fernets:
-            raise ValueError(
-                "MultiFernet requires at least one Fernet instance"
-            )
-        self._fernets = fernets
-
-    def encrypt(self, msg):
-        return self._fernets[0].encrypt(msg)
-
-    def rotate(self, msg):
-        timestamp, data = Fernet._get_unverified_token_data(msg)
-        for f in self._fernets:
-            try:
-                p = f._decrypt_data(data, timestamp, None)
-                break
-            except InvalidToken:
-                pass
-        else:
-            raise InvalidToken
-
-        iv = os.urandom(16)
-        return self._fernets[0]._encrypt_from_parts(p, timestamp, iv)
-
-    def decrypt(self, msg, ttl=None):
-        for f in self._fernets:
-            try:
-                return f.decrypt(msg, ttl)
-            except InvalidToken:
-                pass
-        raise InvalidToken
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__init__.py
@@ -1,11 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-"""
-Hazardous Materials
-
-This is a "Hazardous Materials" module. You should ONLY use it if you're
-100% absolutely sure that you know what you're doing because this module
-is full of land mines, dragons, and dinosaurs with laser guns.
-"""
-from __future__ import absolute_import, division, print_function
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/_oid.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/__pycache__/_oid.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/_oid.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/_oid.py
@@ -1,67 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-
-
-class ObjectIdentifier(object):
-    def __init__(self, dotted_string):
-        self._dotted_string = dotted_string
-
-        nodes = self._dotted_string.split(".")
-        intnodes = []
-
-        # There must be at least 2 nodes, the first node must be 0..2, and
-        # if less than 2, the second node cannot have a value outside the
-        # range 0..39.  All nodes must be integers.
-        for node in nodes:
-            try:
-                intnodes.append(int(node, 0))
-            except ValueError:
-                raise ValueError(
-                    "Malformed OID: %s (non-integer nodes)" % (
-                        self._dotted_string))
-
-        if len(nodes) < 2:
-            raise ValueError(
-                "Malformed OID: %s (insufficient number of nodes)" % (
-                    self._dotted_string))
-
-        if intnodes[0] > 2:
-            raise ValueError(
-                "Malformed OID: %s (first node outside valid range)" % (
-                    self._dotted_string))
-
-        if intnodes[0] < 2 and intnodes[1] >= 40:
-            raise ValueError(
-                "Malformed OID: %s (second node outside valid range)" % (
-                    self._dotted_string))
-
-    def __eq__(self, other):
-        if not isinstance(other, ObjectIdentifier):
-            return NotImplemented
-
-        return self.dotted_string == other.dotted_string
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __repr__(self):
-        return "<ObjectIdentifier(oid={}, name={})>".format(
-            self.dotted_string,
-            self._name
-        )
-
-    def __hash__(self):
-        return hash(self.dotted_string)
-
-    @property
-    def _name(self):
-        # Lazy import to avoid an import cycle
-        from cryptography.x509.oid import _OID_NAMES
-        return _OID_NAMES.get(self, "Unknown OID")
-
-    dotted_string = utils.read_only_property("_dotted_string")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__init__.py
@@ -1,18 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-_default_backend = None
-
-
-def default_backend():
-    global _default_backend
-
-    if _default_backend is None:
-        from cryptography.hazmat.backends.openssl.backend import backend
-        _default_backend = backend
-
-    return _default_backend
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/interfaces.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/__pycache__/interfaces.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/interfaces.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/interfaces.py
@@ -1,395 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-
-@six.add_metaclass(abc.ABCMeta)
-class CipherBackend(object):
-    @abc.abstractmethod
-    def cipher_supported(self, cipher, mode):
-        """
-        Return True if the given cipher and mode are supported.
-        """
-
-    @abc.abstractmethod
-    def create_symmetric_encryption_ctx(self, cipher, mode):
-        """
-        Get a CipherContext that can be used for encryption.
-        """
-
-    @abc.abstractmethod
-    def create_symmetric_decryption_ctx(self, cipher, mode):
-        """
-        Get a CipherContext that can be used for decryption.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class HashBackend(object):
-    @abc.abstractmethod
-    def hash_supported(self, algorithm):
-        """
-        Return True if the hash algorithm is supported by this backend.
-        """
-
-    @abc.abstractmethod
-    def create_hash_ctx(self, algorithm):
-        """
-        Create a HashContext for calculating a message digest.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class HMACBackend(object):
-    @abc.abstractmethod
-    def hmac_supported(self, algorithm):
-        """
-        Return True if the hash algorithm is supported for HMAC by this
-        backend.
-        """
-
-    @abc.abstractmethod
-    def create_hmac_ctx(self, key, algorithm):
-        """
-        Create a context for calculating a message authentication code.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class CMACBackend(object):
-    @abc.abstractmethod
-    def cmac_algorithm_supported(self, algorithm):
-        """
-        Returns True if the block cipher is supported for CMAC by this backend
-        """
-
-    @abc.abstractmethod
-    def create_cmac_ctx(self, algorithm):
-        """
-        Create a context for calculating a message authentication code.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class PBKDF2HMACBackend(object):
-    @abc.abstractmethod
-    def pbkdf2_hmac_supported(self, algorithm):
-        """
-        Return True if the hash algorithm is supported for PBKDF2 by this
-        backend.
-        """
-
-    @abc.abstractmethod
-    def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
-                           key_material):
-        """
-        Return length bytes derived from provided PBKDF2 parameters.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RSABackend(object):
-    @abc.abstractmethod
-    def generate_rsa_private_key(self, public_exponent, key_size):
-        """
-        Generate an RSAPrivateKey instance with public_exponent and a modulus
-        of key_size bits.
-        """
-
-    @abc.abstractmethod
-    def rsa_padding_supported(self, padding):
-        """
-        Returns True if the backend supports the given padding options.
-        """
-
-    @abc.abstractmethod
-    def generate_rsa_parameters_supported(self, public_exponent, key_size):
-        """
-        Returns True if the backend supports the given parameters for key
-        generation.
-        """
-
-    @abc.abstractmethod
-    def load_rsa_private_numbers(self, numbers):
-        """
-        Returns an RSAPrivateKey provider.
-        """
-
-    @abc.abstractmethod
-    def load_rsa_public_numbers(self, numbers):
-        """
-        Returns an RSAPublicKey provider.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSABackend(object):
-    @abc.abstractmethod
-    def generate_dsa_parameters(self, key_size):
-        """
-        Generate a DSAParameters instance with a modulus of key_size bits.
-        """
-
-    @abc.abstractmethod
-    def generate_dsa_private_key(self, parameters):
-        """
-        Generate a DSAPrivateKey instance with parameters as a DSAParameters
-        object.
-        """
-
-    @abc.abstractmethod
-    def generate_dsa_private_key_and_parameters(self, key_size):
-        """
-        Generate a DSAPrivateKey instance using key size only.
-        """
-
-    @abc.abstractmethod
-    def dsa_hash_supported(self, algorithm):
-        """
-        Return True if the hash algorithm is supported by the backend for DSA.
-        """
-
-    @abc.abstractmethod
-    def dsa_parameters_supported(self, p, q, g):
-        """
-        Return True if the parameters are supported by the backend for DSA.
-        """
-
-    @abc.abstractmethod
-    def load_dsa_private_numbers(self, numbers):
-        """
-        Returns a DSAPrivateKey provider.
-        """
-
-    @abc.abstractmethod
-    def load_dsa_public_numbers(self, numbers):
-        """
-        Returns a DSAPublicKey provider.
-        """
-
-    @abc.abstractmethod
-    def load_dsa_parameter_numbers(self, numbers):
-        """
-        Returns a DSAParameters provider.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurveBackend(object):
-    @abc.abstractmethod
-    def elliptic_curve_signature_algorithm_supported(
-        self, signature_algorithm, curve
-    ):
-        """
-        Returns True if the backend supports the named elliptic curve with the
-        specified signature algorithm.
-        """
-
-    @abc.abstractmethod
-    def elliptic_curve_supported(self, curve):
-        """
-        Returns True if the backend supports the named elliptic curve.
-        """
-
-    @abc.abstractmethod
-    def generate_elliptic_curve_private_key(self, curve):
-        """
-        Return an object conforming to the EllipticCurvePrivateKey interface.
-        """
-
-    @abc.abstractmethod
-    def load_elliptic_curve_public_numbers(self, numbers):
-        """
-        Return an EllipticCurvePublicKey provider using the given numbers.
-        """
-
-    @abc.abstractmethod
-    def load_elliptic_curve_private_numbers(self, numbers):
-        """
-        Return an EllipticCurvePrivateKey provider using the given numbers.
-        """
-
-    @abc.abstractmethod
-    def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve):
-        """
-        Returns whether the exchange algorithm is supported by this backend.
-        """
-
-    @abc.abstractmethod
-    def derive_elliptic_curve_private_key(self, private_value, curve):
-        """
-        Compute the private key given the private value and curve.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class PEMSerializationBackend(object):
-    @abc.abstractmethod
-    def load_pem_private_key(self, data, password):
-        """
-        Loads a private key from PEM encoded data, using the provided password
-        if the data is encrypted.
-        """
-
-    @abc.abstractmethod
-    def load_pem_public_key(self, data):
-        """
-        Loads a public key from PEM encoded data.
-        """
-
-    @abc.abstractmethod
-    def load_pem_parameters(self, data):
-        """
-        Load encryption parameters from PEM encoded data.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DERSerializationBackend(object):
-    @abc.abstractmethod
-    def load_der_private_key(self, data, password):
-        """
-        Loads a private key from DER encoded data. Uses the provided password
-        if the data is encrypted.
-        """
-
-    @abc.abstractmethod
-    def load_der_public_key(self, data):
-        """
-        Loads a public key from DER encoded data.
-        """
-
-    @abc.abstractmethod
-    def load_der_parameters(self, data):
-        """
-        Load encryption parameters from DER encoded data.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class X509Backend(object):
-    @abc.abstractmethod
-    def load_pem_x509_certificate(self, data):
-        """
-        Load an X.509 certificate from PEM encoded data.
-        """
-
-    @abc.abstractmethod
-    def load_der_x509_certificate(self, data):
-        """
-        Load an X.509 certificate from DER encoded data.
-        """
-
-    @abc.abstractmethod
-    def load_der_x509_csr(self, data):
-        """
-        Load an X.509 CSR from DER encoded data.
-        """
-
-    @abc.abstractmethod
-    def load_pem_x509_csr(self, data):
-        """
-        Load an X.509 CSR from PEM encoded data.
-        """
-
-    @abc.abstractmethod
-    def create_x509_csr(self, builder, private_key, algorithm):
-        """
-        Create and sign an X.509 CSR from a CSR builder object.
-        """
-
-    @abc.abstractmethod
-    def create_x509_certificate(self, builder, private_key, algorithm):
-        """
-        Create and sign an X.509 certificate from a CertificateBuilder object.
-        """
-
-    @abc.abstractmethod
-    def create_x509_crl(self, builder, private_key, algorithm):
-        """
-        Create and sign an X.509 CertificateRevocationList from a
-        CertificateRevocationListBuilder object.
-        """
-
-    @abc.abstractmethod
-    def create_x509_revoked_certificate(self, builder):
-        """
-        Create a RevokedCertificate object from a RevokedCertificateBuilder
-        object.
-        """
-
-    @abc.abstractmethod
-    def x509_name_bytes(self, name):
-        """
-        Compute the DER encoded bytes of an X509 Name object.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DHBackend(object):
-    @abc.abstractmethod
-    def generate_dh_parameters(self, generator, key_size):
-        """
-        Generate a DHParameters instance with a modulus of key_size bits.
-        Using the given generator. Often 2 or 5.
-        """
-
-    @abc.abstractmethod
-    def generate_dh_private_key(self, parameters):
-        """
-        Generate a DHPrivateKey instance with parameters as a DHParameters
-        object.
-        """
-
-    @abc.abstractmethod
-    def generate_dh_private_key_and_parameters(self, generator, key_size):
-        """
-        Generate a DHPrivateKey instance using key size only.
-        Using the given generator. Often 2 or 5.
-        """
-
-    @abc.abstractmethod
-    def load_dh_private_numbers(self, numbers):
-        """
-        Load a DHPrivateKey from DHPrivateNumbers
-        """
-
-    @abc.abstractmethod
-    def load_dh_public_numbers(self, numbers):
-        """
-        Load a DHPublicKey from DHPublicNumbers.
-        """
-
-    @abc.abstractmethod
-    def load_dh_parameter_numbers(self, numbers):
-        """
-        Load DHParameters from DHParameterNumbers.
-        """
-
-    @abc.abstractmethod
-    def dh_parameters_supported(self, p, g, q=None):
-        """
-        Returns whether the backend supports DH with these parameter values.
-        """
-
-    @abc.abstractmethod
-    def dh_x942_serialization_supported(self):
-        """
-        Returns True if the backend supports the serialization of DH objects
-        with subgroup order (q).
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class ScryptBackend(object):
-    @abc.abstractmethod
-    def derive_scrypt(self, key_material, salt, length, n, r, p):
-        """
-        Return bytes derived from provided Scrypt parameters.
-        """
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__init__.py
@@ -1,10 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography.hazmat.backends.openssl.backend import backend
-
-
-__all__ = ["backend"]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/aead.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/aead.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/backend.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/backend.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ciphers.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ciphers.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/cmac.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/cmac.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/decode_asn1.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/decode_asn1.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dh.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dh.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dsa.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/dsa.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ec.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ec.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed25519.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed25519.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed448.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ed448.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/encode_asn1.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/encode_asn1.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hashes.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hashes.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hmac.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/hmac.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ocsp.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/ocsp.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/poly1305.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/poly1305.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/rsa.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/rsa.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/utils.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/utils.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x25519.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x25519.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x448.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x448.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x509.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/__pycache__/x509.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/aead.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/aead.py
@@ -1,161 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography.exceptions import InvalidTag
-
-
-_ENCRYPT = 1
-_DECRYPT = 0
-
-
-def _aead_cipher_name(cipher):
-    from cryptography.hazmat.primitives.ciphers.aead import (
-        AESCCM, AESGCM, ChaCha20Poly1305
-    )
-    if isinstance(cipher, ChaCha20Poly1305):
-        return b"chacha20-poly1305"
-    elif isinstance(cipher, AESCCM):
-        return "aes-{}-ccm".format(len(cipher._key) * 8).encode("ascii")
-    else:
-        assert isinstance(cipher, AESGCM)
-        return "aes-{}-gcm".format(len(cipher._key) * 8).encode("ascii")
-
-
-def _aead_setup(backend, cipher_name, key, nonce, tag, tag_len, operation):
-    evp_cipher = backend._lib.EVP_get_cipherbyname(cipher_name)
-    backend.openssl_assert(evp_cipher != backend._ffi.NULL)
-    ctx = backend._lib.EVP_CIPHER_CTX_new()
-    ctx = backend._ffi.gc(ctx, backend._lib.EVP_CIPHER_CTX_free)
-    res = backend._lib.EVP_CipherInit_ex(
-        ctx, evp_cipher,
-        backend._ffi.NULL,
-        backend._ffi.NULL,
-        backend._ffi.NULL,
-        int(operation == _ENCRYPT)
-    )
-    backend.openssl_assert(res != 0)
-    res = backend._lib.EVP_CIPHER_CTX_set_key_length(ctx, len(key))
-    backend.openssl_assert(res != 0)
-    res = backend._lib.EVP_CIPHER_CTX_ctrl(
-        ctx, backend._lib.EVP_CTRL_AEAD_SET_IVLEN, len(nonce),
-        backend._ffi.NULL
-    )
-    backend.openssl_assert(res != 0)
-    if operation == _DECRYPT:
-        res = backend._lib.EVP_CIPHER_CTX_ctrl(
-            ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, len(tag), tag
-        )
-        backend.openssl_assert(res != 0)
-    else:
-        res = backend._lib.EVP_CIPHER_CTX_ctrl(
-            ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, tag_len, backend._ffi.NULL
-        )
-
-    nonce_ptr = backend._ffi.from_buffer(nonce)
-    key_ptr = backend._ffi.from_buffer(key)
-    res = backend._lib.EVP_CipherInit_ex(
-        ctx,
-        backend._ffi.NULL,
-        backend._ffi.NULL,
-        key_ptr,
-        nonce_ptr,
-        int(operation == _ENCRYPT)
-    )
-    backend.openssl_assert(res != 0)
-    return ctx
-
-
-def _set_length(backend, ctx, data_len):
-    intptr = backend._ffi.new("int *")
-    res = backend._lib.EVP_CipherUpdate(
-        ctx,
-        backend._ffi.NULL,
-        intptr,
-        backend._ffi.NULL,
-        data_len
-    )
-    backend.openssl_assert(res != 0)
-
-
-def _process_aad(backend, ctx, associated_data):
-    outlen = backend._ffi.new("int *")
-    res = backend._lib.EVP_CipherUpdate(
-        ctx, backend._ffi.NULL, outlen, associated_data, len(associated_data)
-    )
-    backend.openssl_assert(res != 0)
-
-
-def _process_data(backend, ctx, data):
-    outlen = backend._ffi.new("int *")
-    buf = backend._ffi.new("unsigned char[]", len(data))
-    res = backend._lib.EVP_CipherUpdate(ctx, buf, outlen, data, len(data))
-    backend.openssl_assert(res != 0)
-    return backend._ffi.buffer(buf, outlen[0])[:]
-
-
-def _encrypt(backend, cipher, nonce, data, associated_data, tag_length):
-    from cryptography.hazmat.primitives.ciphers.aead import AESCCM
-    cipher_name = _aead_cipher_name(cipher)
-    ctx = _aead_setup(
-        backend, cipher_name, cipher._key, nonce, None, tag_length, _ENCRYPT
-    )
-    # CCM requires us to pass the length of the data before processing anything
-    # However calling this with any other AEAD results in an error
-    if isinstance(cipher, AESCCM):
-        _set_length(backend, ctx, len(data))
-
-    _process_aad(backend, ctx, associated_data)
-    processed_data = _process_data(backend, ctx, data)
-    outlen = backend._ffi.new("int *")
-    res = backend._lib.EVP_CipherFinal_ex(ctx, backend._ffi.NULL, outlen)
-    backend.openssl_assert(res != 0)
-    backend.openssl_assert(outlen[0] == 0)
-    tag_buf = backend._ffi.new("unsigned char[]", tag_length)
-    res = backend._lib.EVP_CIPHER_CTX_ctrl(
-        ctx, backend._lib.EVP_CTRL_AEAD_GET_TAG, tag_length, tag_buf
-    )
-    backend.openssl_assert(res != 0)
-    tag = backend._ffi.buffer(tag_buf)[:]
-
-    return processed_data + tag
-
-
-def _decrypt(backend, cipher, nonce, data, associated_data, tag_length):
-    from cryptography.hazmat.primitives.ciphers.aead import AESCCM
-    if len(data) < tag_length:
-        raise InvalidTag
-    tag = data[-tag_length:]
-    data = data[:-tag_length]
-    cipher_name = _aead_cipher_name(cipher)
-    ctx = _aead_setup(
-        backend, cipher_name, cipher._key, nonce, tag, tag_length, _DECRYPT
-    )
-    # CCM requires us to pass the length of the data before processing anything
-    # However calling this with any other AEAD results in an error
-    if isinstance(cipher, AESCCM):
-        _set_length(backend, ctx, len(data))
-
-    _process_aad(backend, ctx, associated_data)
-    # CCM has a different error path if the tag doesn't match. Errors are
-    # raised in Update and Final is irrelevant.
-    if isinstance(cipher, AESCCM):
-        outlen = backend._ffi.new("int *")
-        buf = backend._ffi.new("unsigned char[]", len(data))
-        res = backend._lib.EVP_CipherUpdate(ctx, buf, outlen, data, len(data))
-        if res != 1:
-            backend._consume_errors()
-            raise InvalidTag
-
-        processed_data = backend._ffi.buffer(buf, outlen[0])[:]
-    else:
-        processed_data = _process_data(backend, ctx, data)
-        outlen = backend._ffi.new("int *")
-        res = backend._lib.EVP_CipherFinal_ex(ctx, backend._ffi.NULL, outlen)
-        if res == 0:
-            backend._consume_errors()
-            raise InvalidTag
-
-    return processed_data
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/backend.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/backend.py
@@ -1,2445 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import base64
-import collections
-import contextlib
-import itertools
-from contextlib import contextmanager
-
-import asn1crypto.core
-
-import six
-from six.moves import range
-
-from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.backends.interfaces import (
-    CMACBackend, CipherBackend, DERSerializationBackend, DHBackend, DSABackend,
-    EllipticCurveBackend, HMACBackend, HashBackend, PBKDF2HMACBackend,
-    PEMSerializationBackend, RSABackend, ScryptBackend, X509Backend
-)
-from cryptography.hazmat.backends.openssl import aead
-from cryptography.hazmat.backends.openssl.ciphers import _CipherContext
-from cryptography.hazmat.backends.openssl.cmac import _CMACContext
-from cryptography.hazmat.backends.openssl.decode_asn1 import (
-    _CRL_ENTRY_REASON_ENUM_TO_CODE, _Integers
-)
-from cryptography.hazmat.backends.openssl.dh import (
-    _DHParameters, _DHPrivateKey, _DHPublicKey, _dh_params_dup
-)
-from cryptography.hazmat.backends.openssl.dsa import (
-    _DSAParameters, _DSAPrivateKey, _DSAPublicKey
-)
-from cryptography.hazmat.backends.openssl.ec import (
-    _EllipticCurvePrivateKey, _EllipticCurvePublicKey
-)
-from cryptography.hazmat.backends.openssl.ed25519 import (
-    _Ed25519PrivateKey, _Ed25519PublicKey
-)
-from cryptography.hazmat.backends.openssl.ed448 import (
-    _ED448_KEY_SIZE, _Ed448PrivateKey, _Ed448PublicKey
-)
-from cryptography.hazmat.backends.openssl.encode_asn1 import (
-    _CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
-    _CRL_EXTENSION_ENCODE_HANDLERS, _EXTENSION_ENCODE_HANDLERS,
-    _OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERS,
-    _OCSP_REQUEST_EXTENSION_ENCODE_HANDLERS,
-    _encode_asn1_int_gc, _encode_asn1_str_gc, _encode_name_gc, _txt2obj_gc,
-)
-from cryptography.hazmat.backends.openssl.hashes import _HashContext
-from cryptography.hazmat.backends.openssl.hmac import _HMACContext
-from cryptography.hazmat.backends.openssl.ocsp import (
-    _OCSPRequest, _OCSPResponse
-)
-from cryptography.hazmat.backends.openssl.poly1305 import (
-    _POLY1305_KEY_SIZE, _Poly1305Context
-)
-from cryptography.hazmat.backends.openssl.rsa import (
-    _RSAPrivateKey, _RSAPublicKey
-)
-from cryptography.hazmat.backends.openssl.x25519 import (
-    _X25519PrivateKey, _X25519PublicKey
-)
-from cryptography.hazmat.backends.openssl.x448 import (
-    _X448PrivateKey, _X448PublicKey
-)
-from cryptography.hazmat.backends.openssl.x509 import (
-    _Certificate, _CertificateRevocationList,
-    _CertificateSigningRequest, _RevokedCertificate
-)
-from cryptography.hazmat.bindings.openssl import binding
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, rsa
-from cryptography.hazmat.primitives.asymmetric.padding import (
-    MGF1, OAEP, PKCS1v15, PSS
-)
-from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, ARC4, Blowfish, CAST5, Camellia, ChaCha20, IDEA, SEED, TripleDES
-)
-from cryptography.hazmat.primitives.ciphers.modes import (
-    CBC, CFB, CFB8, CTR, ECB, GCM, OFB, XTS
-)
-from cryptography.hazmat.primitives.kdf import scrypt
-from cryptography.hazmat.primitives.serialization import ssh
-from cryptography.x509 import ocsp
-
-
-_MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
-
-
-@utils.register_interface(CipherBackend)
-@utils.register_interface(CMACBackend)
-@utils.register_interface(DERSerializationBackend)
-@utils.register_interface(DHBackend)
-@utils.register_interface(DSABackend)
-@utils.register_interface(EllipticCurveBackend)
-@utils.register_interface(HashBackend)
-@utils.register_interface(HMACBackend)
-@utils.register_interface(PBKDF2HMACBackend)
-@utils.register_interface(RSABackend)
-@utils.register_interface(PEMSerializationBackend)
-@utils.register_interface(X509Backend)
-@utils.register_interface_if(
-    binding.Binding().lib.Cryptography_HAS_SCRYPT, ScryptBackend
-)
-class Backend(object):
-    """
-    OpenSSL API binding interfaces.
-    """
-    name = "openssl"
-
-    def __init__(self):
-        self._binding = binding.Binding()
-        self._ffi = self._binding.ffi
-        self._lib = self._binding.lib
-
-        self._cipher_registry = {}
-        self._register_default_ciphers()
-        self.activate_osrandom_engine()
-        self._dh_types = [self._lib.EVP_PKEY_DH]
-        if self._lib.Cryptography_HAS_EVP_PKEY_DHX:
-            self._dh_types.append(self._lib.EVP_PKEY_DHX)
-
-    def openssl_assert(self, ok):
-        return binding._openssl_assert(self._lib, ok)
-
-    def activate_builtin_random(self):
-        if self._lib.Cryptography_HAS_ENGINE:
-            # Obtain a new structural reference.
-            e = self._lib.ENGINE_get_default_RAND()
-            if e != self._ffi.NULL:
-                self._lib.ENGINE_unregister_RAND(e)
-                # Reset the RNG to use the new engine.
-                self._lib.RAND_cleanup()
-                # decrement the structural reference from get_default_RAND
-                res = self._lib.ENGINE_finish(e)
-                self.openssl_assert(res == 1)
-
-    @contextlib.contextmanager
-    def _get_osurandom_engine(self):
-        # Fetches an engine by id and returns it. This creates a structural
-        # reference.
-        e = self._lib.ENGINE_by_id(self._lib.Cryptography_osrandom_engine_id)
-        self.openssl_assert(e != self._ffi.NULL)
-        # Initialize the engine for use. This adds a functional reference.
-        res = self._lib.ENGINE_init(e)
-        self.openssl_assert(res == 1)
-
-        try:
-            yield e
-        finally:
-            # Decrement the structural ref incremented by ENGINE_by_id.
-            res = self._lib.ENGINE_free(e)
-            self.openssl_assert(res == 1)
-            # Decrement the functional ref incremented by ENGINE_init.
-            res = self._lib.ENGINE_finish(e)
-            self.openssl_assert(res == 1)
-
-    def activate_osrandom_engine(self):
-        if self._lib.Cryptography_HAS_ENGINE:
-            # Unregister and free the current engine.
-            self.activate_builtin_random()
-            with self._get_osurandom_engine() as e:
-                # Set the engine as the default RAND provider.
-                res = self._lib.ENGINE_set_default_RAND(e)
-                self.openssl_assert(res == 1)
-            # Reset the RNG to use the new engine.
-            self._lib.RAND_cleanup()
-
-    def osrandom_engine_implementation(self):
-        buf = self._ffi.new("char[]", 64)
-        with self._get_osurandom_engine() as e:
-            res = self._lib.ENGINE_ctrl_cmd(e, b"get_implementation",
-                                            len(buf), buf,
-                                            self._ffi.NULL, 0)
-            self.openssl_assert(res > 0)
-        return self._ffi.string(buf).decode('ascii')
-
-    def openssl_version_text(self):
-        """
-        Friendly string name of the loaded OpenSSL library. This is not
-        necessarily the same version as it was compiled against.
-
-        Example: OpenSSL 1.0.1e 11 Feb 2013
-        """
-        return self._ffi.string(
-            self._lib.OpenSSL_version(self._lib.OPENSSL_VERSION)
-        ).decode("ascii")
-
-    def openssl_version_number(self):
-        return self._lib.OpenSSL_version_num()
-
-    def create_hmac_ctx(self, key, algorithm):
-        return _HMACContext(self, key, algorithm)
-
-    def _evp_md_from_algorithm(self, algorithm):
-        if algorithm.name == "blake2b" or algorithm.name == "blake2s":
-            alg = "{}{}".format(
-                algorithm.name, algorithm.digest_size * 8
-            ).encode("ascii")
-        else:
-            alg = algorithm.name.encode("ascii")
-
-        evp_md = self._lib.EVP_get_digestbyname(alg)
-        return evp_md
-
-    def _evp_md_non_null_from_algorithm(self, algorithm):
-        evp_md = self._evp_md_from_algorithm(algorithm)
-        self.openssl_assert(evp_md != self._ffi.NULL)
-        return evp_md
-
-    def hash_supported(self, algorithm):
-        evp_md = self._evp_md_from_algorithm(algorithm)
-        return evp_md != self._ffi.NULL
-
-    def hmac_supported(self, algorithm):
-        return self.hash_supported(algorithm)
-
-    def create_hash_ctx(self, algorithm):
-        return _HashContext(self, algorithm)
-
-    def cipher_supported(self, cipher, mode):
-        try:
-            adapter = self._cipher_registry[type(cipher), type(mode)]
-        except KeyError:
-            return False
-        evp_cipher = adapter(self, cipher, mode)
-        return self._ffi.NULL != evp_cipher
-
-    def register_cipher_adapter(self, cipher_cls, mode_cls, adapter):
-        if (cipher_cls, mode_cls) in self._cipher_registry:
-            raise ValueError("Duplicate registration for: {} {}.".format(
-                cipher_cls, mode_cls)
-            )
-        self._cipher_registry[cipher_cls, mode_cls] = adapter
-
-    def _register_default_ciphers(self):
-        for mode_cls in [CBC, CTR, ECB, OFB, CFB, CFB8, GCM]:
-            self.register_cipher_adapter(
-                AES,
-                mode_cls,
-                GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}")
-            )
-        for mode_cls in [CBC, CTR, ECB, OFB, CFB]:
-            self.register_cipher_adapter(
-                Camellia,
-                mode_cls,
-                GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}")
-            )
-        for mode_cls in [CBC, CFB, CFB8, OFB]:
-            self.register_cipher_adapter(
-                TripleDES,
-                mode_cls,
-                GetCipherByName("des-ede3-{mode.name}")
-            )
-        self.register_cipher_adapter(
-            TripleDES,
-            ECB,
-            GetCipherByName("des-ede3")
-        )
-        for mode_cls in [CBC, CFB, OFB, ECB]:
-            self.register_cipher_adapter(
-                Blowfish,
-                mode_cls,
-                GetCipherByName("bf-{mode.name}")
-            )
-        for mode_cls in [CBC, CFB, OFB, ECB]:
-            self.register_cipher_adapter(
-                SEED,
-                mode_cls,
-                GetCipherByName("seed-{mode.name}")
-            )
-        for cipher_cls, mode_cls in itertools.product(
-            [CAST5, IDEA],
-            [CBC, OFB, CFB, ECB],
-        ):
-            self.register_cipher_adapter(
-                cipher_cls,
-                mode_cls,
-                GetCipherByName("{cipher.name}-{mode.name}")
-            )
-        self.register_cipher_adapter(
-            ARC4,
-            type(None),
-            GetCipherByName("rc4")
-        )
-        self.register_cipher_adapter(
-            ChaCha20,
-            type(None),
-            GetCipherByName("chacha20")
-        )
-        self.register_cipher_adapter(AES, XTS, _get_xts_cipher)
-
-    def create_symmetric_encryption_ctx(self, cipher, mode):
-        return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
-
-    def create_symmetric_decryption_ctx(self, cipher, mode):
-        return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT)
-
-    def pbkdf2_hmac_supported(self, algorithm):
-        return self.hmac_supported(algorithm)
-
-    def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
-                           key_material):
-        buf = self._ffi.new("unsigned char[]", length)
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-        key_material_ptr = self._ffi.from_buffer(key_material)
-        res = self._lib.PKCS5_PBKDF2_HMAC(
-            key_material_ptr,
-            len(key_material),
-            salt,
-            len(salt),
-            iterations,
-            evp_md,
-            length,
-            buf
-        )
-        self.openssl_assert(res == 1)
-        return self._ffi.buffer(buf)[:]
-
-    def _consume_errors(self):
-        return binding._consume_errors(self._lib)
-
-    def _bn_to_int(self, bn):
-        assert bn != self._ffi.NULL
-
-        if not six.PY2:
-            # Python 3 has constant time from_bytes, so use that.
-            bn_num_bytes = self._lib.BN_num_bytes(bn)
-            bin_ptr = self._ffi.new("unsigned char[]", bn_num_bytes)
-            bin_len = self._lib.BN_bn2bin(bn, bin_ptr)
-            # A zero length means the BN has value 0
-            self.openssl_assert(bin_len >= 0)
-            val = int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big")
-            if self._lib.BN_is_negative(bn):
-                val = -val
-            return val
-        else:
-            # Under Python 2 the best we can do is hex()
-            hex_cdata = self._lib.BN_bn2hex(bn)
-            self.openssl_assert(hex_cdata != self._ffi.NULL)
-            hex_str = self._ffi.string(hex_cdata)
-            self._lib.OPENSSL_free(hex_cdata)
-            return int(hex_str, 16)
-
-    def _int_to_bn(self, num, bn=None):
-        """
-        Converts a python integer to a BIGNUM. The returned BIGNUM will not
-        be garbage collected (to support adding them to structs that take
-        ownership of the object). Be sure to register it for GC if it will
-        be discarded after use.
-        """
-        assert bn is None or bn != self._ffi.NULL
-
-        if bn is None:
-            bn = self._ffi.NULL
-
-        if not six.PY2:
-            # Python 3 has constant time to_bytes, so use that.
-
-            binary = num.to_bytes(int(num.bit_length() / 8.0 + 1), "big")
-            bn_ptr = self._lib.BN_bin2bn(binary, len(binary), bn)
-            self.openssl_assert(bn_ptr != self._ffi.NULL)
-            return bn_ptr
-
-        else:
-            # Under Python 2 the best we can do is hex(), [2:] removes the 0x
-            # prefix.
-            hex_num = hex(num).rstrip("L")[2:].encode("ascii")
-            bn_ptr = self._ffi.new("BIGNUM **")
-            bn_ptr[0] = bn
-            res = self._lib.BN_hex2bn(bn_ptr, hex_num)
-            self.openssl_assert(res != 0)
-            self.openssl_assert(bn_ptr[0] != self._ffi.NULL)
-            return bn_ptr[0]
-
-    def generate_rsa_private_key(self, public_exponent, key_size):
-        rsa._verify_rsa_parameters(public_exponent, key_size)
-
-        rsa_cdata = self._lib.RSA_new()
-        self.openssl_assert(rsa_cdata != self._ffi.NULL)
-        rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-
-        bn = self._int_to_bn(public_exponent)
-        bn = self._ffi.gc(bn, self._lib.BN_free)
-
-        res = self._lib.RSA_generate_key_ex(
-            rsa_cdata, key_size, bn, self._ffi.NULL
-        )
-        self.openssl_assert(res == 1)
-        evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
-
-        return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
-
-    def generate_rsa_parameters_supported(self, public_exponent, key_size):
-        return (public_exponent >= 3 and public_exponent & 1 != 0 and
-                key_size >= 512)
-
-    def load_rsa_private_numbers(self, numbers):
-        rsa._check_private_key_components(
-            numbers.p,
-            numbers.q,
-            numbers.d,
-            numbers.dmp1,
-            numbers.dmq1,
-            numbers.iqmp,
-            numbers.public_numbers.e,
-            numbers.public_numbers.n
-        )
-        rsa_cdata = self._lib.RSA_new()
-        self.openssl_assert(rsa_cdata != self._ffi.NULL)
-        rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-        p = self._int_to_bn(numbers.p)
-        q = self._int_to_bn(numbers.q)
-        d = self._int_to_bn(numbers.d)
-        dmp1 = self._int_to_bn(numbers.dmp1)
-        dmq1 = self._int_to_bn(numbers.dmq1)
-        iqmp = self._int_to_bn(numbers.iqmp)
-        e = self._int_to_bn(numbers.public_numbers.e)
-        n = self._int_to_bn(numbers.public_numbers.n)
-        res = self._lib.RSA_set0_factors(rsa_cdata, p, q)
-        self.openssl_assert(res == 1)
-        res = self._lib.RSA_set0_key(rsa_cdata, n, e, d)
-        self.openssl_assert(res == 1)
-        res = self._lib.RSA_set0_crt_params(rsa_cdata, dmp1, dmq1, iqmp)
-        self.openssl_assert(res == 1)
-        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
-        self.openssl_assert(res == 1)
-        evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
-
-        return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
-
-    def load_rsa_public_numbers(self, numbers):
-        rsa._check_public_key_components(numbers.e, numbers.n)
-        rsa_cdata = self._lib.RSA_new()
-        self.openssl_assert(rsa_cdata != self._ffi.NULL)
-        rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-        e = self._int_to_bn(numbers.e)
-        n = self._int_to_bn(numbers.n)
-        res = self._lib.RSA_set0_key(rsa_cdata, n, e, self._ffi.NULL)
-        self.openssl_assert(res == 1)
-        evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
-
-        return _RSAPublicKey(self, rsa_cdata, evp_pkey)
-
-    def _create_evp_pkey_gc(self):
-        evp_pkey = self._lib.EVP_PKEY_new()
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-        return evp_pkey
-
-    def _rsa_cdata_to_evp_pkey(self, rsa_cdata):
-        evp_pkey = self._create_evp_pkey_gc()
-        res = self._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata)
-        self.openssl_assert(res == 1)
-        return evp_pkey
-
-    def _bytes_to_bio(self, data):
-        """
-        Return a _MemoryBIO namedtuple of (BIO, char*).
-
-        The char* is the storage for the BIO and it must stay alive until the
-        BIO is finished with.
-        """
-        data_ptr = self._ffi.from_buffer(data)
-        bio = self._lib.BIO_new_mem_buf(
-            data_ptr, len(data)
-        )
-        self.openssl_assert(bio != self._ffi.NULL)
-
-        return _MemoryBIO(self._ffi.gc(bio, self._lib.BIO_free), data_ptr)
-
-    def _create_mem_bio_gc(self):
-        """
-        Creates an empty memory BIO.
-        """
-        bio_method = self._lib.BIO_s_mem()
-        self.openssl_assert(bio_method != self._ffi.NULL)
-        bio = self._lib.BIO_new(bio_method)
-        self.openssl_assert(bio != self._ffi.NULL)
-        bio = self._ffi.gc(bio, self._lib.BIO_free)
-        return bio
-
-    def _read_mem_bio(self, bio):
-        """
-        Reads a memory BIO. This only works on memory BIOs.
-        """
-        buf = self._ffi.new("char **")
-        buf_len = self._lib.BIO_get_mem_data(bio, buf)
-        self.openssl_assert(buf_len > 0)
-        self.openssl_assert(buf[0] != self._ffi.NULL)
-        bio_data = self._ffi.buffer(buf[0], buf_len)[:]
-        return bio_data
-
-    def _evp_pkey_to_private_key(self, evp_pkey):
-        """
-        Return the appropriate type of PrivateKey given an evp_pkey cdata
-        pointer.
-        """
-
-        key_type = self._lib.EVP_PKEY_id(evp_pkey)
-
-        if key_type == self._lib.EVP_PKEY_RSA:
-            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
-            self.openssl_assert(rsa_cdata != self._ffi.NULL)
-            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-            return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
-        elif key_type == self._lib.EVP_PKEY_DSA:
-            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
-            self.openssl_assert(dsa_cdata != self._ffi.NULL)
-            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
-            return _DSAPrivateKey(self, dsa_cdata, evp_pkey)
-        elif key_type == self._lib.EVP_PKEY_EC:
-            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
-            self.openssl_assert(ec_cdata != self._ffi.NULL)
-            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
-            return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
-        elif key_type in self._dh_types:
-            dh_cdata = self._lib.EVP_PKEY_get1_DH(evp_pkey)
-            self.openssl_assert(dh_cdata != self._ffi.NULL)
-            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-            return _DHPrivateKey(self, dh_cdata, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_ED25519", None):
-            # EVP_PKEY_ED25519 is not present in OpenSSL < 1.1.1
-            return _Ed25519PrivateKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_X448", None):
-            # EVP_PKEY_X448 is not present in OpenSSL < 1.1.1
-            return _X448PrivateKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_X25519", None):
-            # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.0
-            return _X25519PrivateKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None):
-            # EVP_PKEY_ED448 is not present in OpenSSL < 1.1.1
-            return _Ed448PrivateKey(self, evp_pkey)
-        else:
-            raise UnsupportedAlgorithm("Unsupported key type.")
-
-    def _evp_pkey_to_public_key(self, evp_pkey):
-        """
-        Return the appropriate type of PublicKey given an evp_pkey cdata
-        pointer.
-        """
-
-        key_type = self._lib.EVP_PKEY_id(evp_pkey)
-
-        if key_type == self._lib.EVP_PKEY_RSA:
-            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
-            self.openssl_assert(rsa_cdata != self._ffi.NULL)
-            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-            return _RSAPublicKey(self, rsa_cdata, evp_pkey)
-        elif key_type == self._lib.EVP_PKEY_DSA:
-            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
-            self.openssl_assert(dsa_cdata != self._ffi.NULL)
-            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
-            return _DSAPublicKey(self, dsa_cdata, evp_pkey)
-        elif key_type == self._lib.EVP_PKEY_EC:
-            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
-            self.openssl_assert(ec_cdata != self._ffi.NULL)
-            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
-            return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
-        elif key_type in self._dh_types:
-            dh_cdata = self._lib.EVP_PKEY_get1_DH(evp_pkey)
-            self.openssl_assert(dh_cdata != self._ffi.NULL)
-            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-            return _DHPublicKey(self, dh_cdata, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_ED25519", None):
-            # EVP_PKEY_ED25519 is not present in OpenSSL < 1.1.1
-            return _Ed25519PublicKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_X448", None):
-            # EVP_PKEY_X448 is not present in OpenSSL < 1.1.1
-            return _X448PublicKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_X25519", None):
-            # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.0
-            return _X25519PublicKey(self, evp_pkey)
-        elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None):
-            # EVP_PKEY_X25519 is not present in OpenSSL < 1.1.1
-            return _Ed448PublicKey(self, evp_pkey)
-        else:
-            raise UnsupportedAlgorithm("Unsupported key type.")
-
-    def _oaep_hash_supported(self, algorithm):
-        if self._lib.Cryptography_HAS_RSA_OAEP_MD:
-            return isinstance(
-                algorithm, (
-                    hashes.SHA1,
-                    hashes.SHA224,
-                    hashes.SHA256,
-                    hashes.SHA384,
-                    hashes.SHA512,
-                )
-            )
-        else:
-            return isinstance(algorithm, hashes.SHA1)
-
-    def rsa_padding_supported(self, padding):
-        if isinstance(padding, PKCS1v15):
-            return True
-        elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
-            return self.hash_supported(padding._mgf._algorithm)
-        elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
-            return (
-                self._oaep_hash_supported(padding._mgf._algorithm) and
-                self._oaep_hash_supported(padding._algorithm) and
-                (
-                    (padding._label is None or len(padding._label) == 0) or
-                    self._lib.Cryptography_HAS_RSA_OAEP_LABEL == 1
-                )
-            )
-        else:
-            return False
-
-    def generate_dsa_parameters(self, key_size):
-        if key_size not in (1024, 2048, 3072):
-            raise ValueError("Key size must be 1024 or 2048 or 3072 bits.")
-
-        ctx = self._lib.DSA_new()
-        self.openssl_assert(ctx != self._ffi.NULL)
-        ctx = self._ffi.gc(ctx, self._lib.DSA_free)
-
-        res = self._lib.DSA_generate_parameters_ex(
-            ctx, key_size, self._ffi.NULL, 0,
-            self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-        )
-
-        self.openssl_assert(res == 1)
-
-        return _DSAParameters(self, ctx)
-
-    def generate_dsa_private_key(self, parameters):
-        ctx = self._lib.DSAparams_dup(parameters._dsa_cdata)
-        self.openssl_assert(ctx != self._ffi.NULL)
-        ctx = self._ffi.gc(ctx, self._lib.DSA_free)
-        self._lib.DSA_generate_key(ctx)
-        evp_pkey = self._dsa_cdata_to_evp_pkey(ctx)
-
-        return _DSAPrivateKey(self, ctx, evp_pkey)
-
-    def generate_dsa_private_key_and_parameters(self, key_size):
-        parameters = self.generate_dsa_parameters(key_size)
-        return self.generate_dsa_private_key(parameters)
-
-    def _dsa_cdata_set_values(self, dsa_cdata, p, q, g, pub_key, priv_key):
-        res = self._lib.DSA_set0_pqg(dsa_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-        res = self._lib.DSA_set0_key(dsa_cdata, pub_key, priv_key)
-        self.openssl_assert(res == 1)
-
-    def load_dsa_private_numbers(self, numbers):
-        dsa._check_dsa_private_numbers(numbers)
-        parameter_numbers = numbers.public_numbers.parameter_numbers
-
-        dsa_cdata = self._lib.DSA_new()
-        self.openssl_assert(dsa_cdata != self._ffi.NULL)
-        dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
-
-        p = self._int_to_bn(parameter_numbers.p)
-        q = self._int_to_bn(parameter_numbers.q)
-        g = self._int_to_bn(parameter_numbers.g)
-        pub_key = self._int_to_bn(numbers.public_numbers.y)
-        priv_key = self._int_to_bn(numbers.x)
-        self._dsa_cdata_set_values(dsa_cdata, p, q, g, pub_key, priv_key)
-
-        evp_pkey = self._dsa_cdata_to_evp_pkey(dsa_cdata)
-
-        return _DSAPrivateKey(self, dsa_cdata, evp_pkey)
-
-    def load_dsa_public_numbers(self, numbers):
-        dsa._check_dsa_parameters(numbers.parameter_numbers)
-        dsa_cdata = self._lib.DSA_new()
-        self.openssl_assert(dsa_cdata != self._ffi.NULL)
-        dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
-
-        p = self._int_to_bn(numbers.parameter_numbers.p)
-        q = self._int_to_bn(numbers.parameter_numbers.q)
-        g = self._int_to_bn(numbers.parameter_numbers.g)
-        pub_key = self._int_to_bn(numbers.y)
-        priv_key = self._ffi.NULL
-        self._dsa_cdata_set_values(dsa_cdata, p, q, g, pub_key, priv_key)
-
-        evp_pkey = self._dsa_cdata_to_evp_pkey(dsa_cdata)
-
-        return _DSAPublicKey(self, dsa_cdata, evp_pkey)
-
-    def load_dsa_parameter_numbers(self, numbers):
-        dsa._check_dsa_parameters(numbers)
-        dsa_cdata = self._lib.DSA_new()
-        self.openssl_assert(dsa_cdata != self._ffi.NULL)
-        dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
-
-        p = self._int_to_bn(numbers.p)
-        q = self._int_to_bn(numbers.q)
-        g = self._int_to_bn(numbers.g)
-        res = self._lib.DSA_set0_pqg(dsa_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-
-        return _DSAParameters(self, dsa_cdata)
-
-    def _dsa_cdata_to_evp_pkey(self, dsa_cdata):
-        evp_pkey = self._create_evp_pkey_gc()
-        res = self._lib.EVP_PKEY_set1_DSA(evp_pkey, dsa_cdata)
-        self.openssl_assert(res == 1)
-        return evp_pkey
-
-    def dsa_hash_supported(self, algorithm):
-        return self.hash_supported(algorithm)
-
-    def dsa_parameters_supported(self, p, q, g):
-        return True
-
-    def cmac_algorithm_supported(self, algorithm):
-        return self.cipher_supported(
-            algorithm, CBC(b"\x00" * algorithm.block_size)
-        )
-
-    def create_cmac_ctx(self, algorithm):
-        return _CMACContext(self, algorithm)
-
-    def create_x509_csr(self, builder, private_key, algorithm):
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError('Algorithm must be a registered hash algorithm.')
-
-        if (
-            isinstance(algorithm, hashes.MD5) and not
-            isinstance(private_key, rsa.RSAPrivateKey)
-        ):
-            raise ValueError(
-                "MD5 is not a supported hash algorithm for EC/DSA CSRs"
-            )
-
-        # Resolve the signature algorithm.
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-
-        # Create an empty request.
-        x509_req = self._lib.X509_REQ_new()
-        self.openssl_assert(x509_req != self._ffi.NULL)
-        x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free)
-
-        # Set x509 version.
-        res = self._lib.X509_REQ_set_version(x509_req, x509.Version.v1.value)
-        self.openssl_assert(res == 1)
-
-        # Set subject name.
-        res = self._lib.X509_REQ_set_subject_name(
-            x509_req, _encode_name_gc(self, builder._subject_name)
-        )
-        self.openssl_assert(res == 1)
-
-        # Set subject public key.
-        public_key = private_key.public_key()
-        res = self._lib.X509_REQ_set_pubkey(
-            x509_req, public_key._evp_pkey
-        )
-        self.openssl_assert(res == 1)
-
-        # Add extensions.
-        sk_extension = self._lib.sk_X509_EXTENSION_new_null()
-        self.openssl_assert(sk_extension != self._ffi.NULL)
-        sk_extension = self._ffi.gc(
-            sk_extension,
-            lambda x: self._lib.sk_X509_EXTENSION_pop_free(
-                x, self._ffi.addressof(
-                    self._lib._original_lib, "X509_EXTENSION_free"
-                )
-            )
-        )
-        # Don't GC individual extensions because the memory is owned by
-        # sk_extensions and will be freed along with it.
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=sk_extension,
-            add_func=self._lib.sk_X509_EXTENSION_insert,
-            gc=False
-        )
-        res = self._lib.X509_REQ_add_extensions(x509_req, sk_extension)
-        self.openssl_assert(res == 1)
-
-        # Sign the request using the requester's private key.
-        res = self._lib.X509_REQ_sign(
-            x509_req, private_key._evp_pkey, evp_md
-        )
-        if res == 0:
-            errors = self._consume_errors()
-            self.openssl_assert(
-                errors[0]._lib_reason_match(
-                    self._lib.ERR_LIB_RSA,
-                    self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
-                )
-            )
-
-            raise ValueError("Digest too big for RSA key")
-
-        return _CertificateSigningRequest(self, x509_req)
-
-    def create_x509_certificate(self, builder, private_key, algorithm):
-        if not isinstance(builder, x509.CertificateBuilder):
-            raise TypeError('Builder type mismatch.')
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError('Algorithm must be a registered hash algorithm.')
-
-        if (
-            isinstance(algorithm, hashes.MD5) and not
-            isinstance(private_key, rsa.RSAPrivateKey)
-        ):
-            raise ValueError(
-                "MD5 is not a supported hash algorithm for EC/DSA certificates"
-            )
-
-        # Resolve the signature algorithm.
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-
-        # Create an empty certificate.
-        x509_cert = self._lib.X509_new()
-        x509_cert = self._ffi.gc(x509_cert, backend._lib.X509_free)
-
-        # Set the x509 version.
-        res = self._lib.X509_set_version(x509_cert, builder._version.value)
-        self.openssl_assert(res == 1)
-
-        # Set the subject's name.
-        res = self._lib.X509_set_subject_name(
-            x509_cert, _encode_name_gc(self, builder._subject_name)
-        )
-        self.openssl_assert(res == 1)
-
-        # Set the subject's public key.
-        res = self._lib.X509_set_pubkey(
-            x509_cert, builder._public_key._evp_pkey
-        )
-        self.openssl_assert(res == 1)
-
-        # Set the certificate serial number.
-        serial_number = _encode_asn1_int_gc(self, builder._serial_number)
-        res = self._lib.X509_set_serialNumber(x509_cert, serial_number)
-        self.openssl_assert(res == 1)
-
-        # Set the "not before" time.
-        self._set_asn1_time(
-            self._lib.X509_get_notBefore(x509_cert), builder._not_valid_before
-        )
-
-        # Set the "not after" time.
-        self._set_asn1_time(
-            self._lib.X509_get_notAfter(x509_cert), builder._not_valid_after
-        )
-
-        # Add extensions.
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=x509_cert,
-            add_func=self._lib.X509_add_ext,
-            gc=True
-        )
-
-        # Set the issuer name.
-        res = self._lib.X509_set_issuer_name(
-            x509_cert, _encode_name_gc(self, builder._issuer_name)
-        )
-        self.openssl_assert(res == 1)
-
-        # Sign the certificate with the issuer's private key.
-        res = self._lib.X509_sign(
-            x509_cert, private_key._evp_pkey, evp_md
-        )
-        if res == 0:
-            errors = self._consume_errors()
-            self.openssl_assert(
-                errors[0]._lib_reason_match(
-                    self._lib.ERR_LIB_RSA,
-                    self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
-                )
-            )
-            raise ValueError("Digest too big for RSA key")
-
-        return _Certificate(self, x509_cert)
-
-    def _set_asn1_time(self, asn1_time, time):
-        if time.year >= 2050:
-            asn1_str = time.strftime('%Y%m%d%H%M%SZ').encode('ascii')
-        else:
-            asn1_str = time.strftime('%y%m%d%H%M%SZ').encode('ascii')
-        res = self._lib.ASN1_TIME_set_string(asn1_time, asn1_str)
-        self.openssl_assert(res == 1)
-
-    def _create_asn1_time(self, time):
-        asn1_time = self._lib.ASN1_TIME_new()
-        self.openssl_assert(asn1_time != self._ffi.NULL)
-        asn1_time = self._ffi.gc(asn1_time, self._lib.ASN1_TIME_free)
-        self._set_asn1_time(asn1_time, time)
-        return asn1_time
-
-    def create_x509_crl(self, builder, private_key, algorithm):
-        if not isinstance(builder, x509.CertificateRevocationListBuilder):
-            raise TypeError('Builder type mismatch.')
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError('Algorithm must be a registered hash algorithm.')
-
-        if (
-            isinstance(algorithm, hashes.MD5) and not
-            isinstance(private_key, rsa.RSAPrivateKey)
-        ):
-            raise ValueError(
-                "MD5 is not a supported hash algorithm for EC/DSA CRLs"
-            )
-
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-
-        # Create an empty CRL.
-        x509_crl = self._lib.X509_CRL_new()
-        x509_crl = self._ffi.gc(x509_crl, backend._lib.X509_CRL_free)
-
-        # Set the x509 CRL version. We only support v2 (integer value 1).
-        res = self._lib.X509_CRL_set_version(x509_crl, 1)
-        self.openssl_assert(res == 1)
-
-        # Set the issuer name.
-        res = self._lib.X509_CRL_set_issuer_name(
-            x509_crl, _encode_name_gc(self, builder._issuer_name)
-        )
-        self.openssl_assert(res == 1)
-
-        # Set the last update time.
-        last_update = self._create_asn1_time(builder._last_update)
-        res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
-        self.openssl_assert(res == 1)
-
-        # Set the next update time.
-        next_update = self._create_asn1_time(builder._next_update)
-        res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
-        self.openssl_assert(res == 1)
-
-        # Add extensions.
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_CRL_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=x509_crl,
-            add_func=self._lib.X509_CRL_add_ext,
-            gc=True
-        )
-
-        # add revoked certificates
-        for revoked_cert in builder._revoked_certificates:
-            # Duplicating because the X509_CRL takes ownership and will free
-            # this memory when X509_CRL_free is called.
-            revoked = self._lib.Cryptography_X509_REVOKED_dup(
-                revoked_cert._x509_revoked
-            )
-            self.openssl_assert(revoked != self._ffi.NULL)
-            res = self._lib.X509_CRL_add0_revoked(x509_crl, revoked)
-            self.openssl_assert(res == 1)
-
-        res = self._lib.X509_CRL_sign(
-            x509_crl, private_key._evp_pkey, evp_md
-        )
-        if res == 0:
-            errors = self._consume_errors()
-            self.openssl_assert(
-                errors[0]._lib_reason_match(
-                    self._lib.ERR_LIB_RSA,
-                    self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
-                )
-            )
-            raise ValueError("Digest too big for RSA key")
-
-        return _CertificateRevocationList(self, x509_crl)
-
-    def _create_x509_extensions(self, extensions, handlers, x509_obj,
-                                add_func, gc):
-        for i, extension in enumerate(extensions):
-            x509_extension = self._create_x509_extension(
-                handlers, extension
-            )
-            self.openssl_assert(x509_extension != self._ffi.NULL)
-
-            if gc:
-                x509_extension = self._ffi.gc(
-                    x509_extension, self._lib.X509_EXTENSION_free
-                )
-            res = add_func(x509_obj, x509_extension, i)
-            self.openssl_assert(res >= 1)
-
-    def _create_raw_x509_extension(self, extension, value):
-        obj = _txt2obj_gc(self, extension.oid.dotted_string)
-        return self._lib.X509_EXTENSION_create_by_OBJ(
-            self._ffi.NULL, obj, 1 if extension.critical else 0, value
-        )
-
-    def _create_x509_extension(self, handlers, extension):
-        if isinstance(extension.value, x509.UnrecognizedExtension):
-            value = _encode_asn1_str_gc(self, extension.value.value)
-            return self._create_raw_x509_extension(extension, value)
-        elif isinstance(extension.value, x509.TLSFeature):
-            asn1 = _Integers([x.value for x in extension.value]).dump()
-            value = _encode_asn1_str_gc(self, asn1)
-            return self._create_raw_x509_extension(extension, value)
-        elif isinstance(extension.value, x509.PrecertPoison):
-            asn1 = asn1crypto.core.Null().dump()
-            value = _encode_asn1_str_gc(self, asn1)
-            return self._create_raw_x509_extension(extension, value)
-        else:
-            try:
-                encode = handlers[extension.oid]
-            except KeyError:
-                raise NotImplementedError(
-                    'Extension not supported: {}'.format(extension.oid)
-                )
-
-            ext_struct = encode(self, extension.value)
-            nid = self._lib.OBJ_txt2nid(
-                extension.oid.dotted_string.encode("ascii")
-            )
-            backend.openssl_assert(nid != self._lib.NID_undef)
-            return self._lib.X509V3_EXT_i2d(
-                nid, 1 if extension.critical else 0, ext_struct
-            )
-
-    def create_x509_revoked_certificate(self, builder):
-        if not isinstance(builder, x509.RevokedCertificateBuilder):
-            raise TypeError('Builder type mismatch.')
-
-        x509_revoked = self._lib.X509_REVOKED_new()
-        self.openssl_assert(x509_revoked != self._ffi.NULL)
-        x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free)
-        serial_number = _encode_asn1_int_gc(self, builder._serial_number)
-        res = self._lib.X509_REVOKED_set_serialNumber(
-            x509_revoked, serial_number
-        )
-        self.openssl_assert(res == 1)
-        rev_date = self._create_asn1_time(builder._revocation_date)
-        res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date)
-        self.openssl_assert(res == 1)
-        # add CRL entry extensions
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=x509_revoked,
-            add_func=self._lib.X509_REVOKED_add_ext,
-            gc=True
-        )
-        return _RevokedCertificate(self, None, x509_revoked)
-
-    def load_pem_private_key(self, data, password):
-        return self._load_key(
-            self._lib.PEM_read_bio_PrivateKey,
-            self._evp_pkey_to_private_key,
-            data,
-            password,
-        )
-
-    def load_pem_public_key(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        evp_pkey = self._lib.PEM_read_bio_PUBKEY(
-            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-        )
-        if evp_pkey != self._ffi.NULL:
-            evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-            return self._evp_pkey_to_public_key(evp_pkey)
-        else:
-            # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
-            # need to check to see if it is a pure PKCS1 RSA public key (not
-            # embedded in a subjectPublicKeyInfo)
-            self._consume_errors()
-            res = self._lib.BIO_reset(mem_bio.bio)
-            self.openssl_assert(res == 1)
-            rsa_cdata = self._lib.PEM_read_bio_RSAPublicKey(
-                mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-            )
-            if rsa_cdata != self._ffi.NULL:
-                rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-                evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
-                return _RSAPublicKey(self, rsa_cdata, evp_pkey)
-            else:
-                self._handle_key_loading_error()
-
-    def load_pem_parameters(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        # only DH is supported currently
-        dh_cdata = self._lib.PEM_read_bio_DHparams(
-            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL)
-        if dh_cdata != self._ffi.NULL:
-            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-            return _DHParameters(self, dh_cdata)
-        else:
-            self._handle_key_loading_error()
-
-    def load_der_private_key(self, data, password):
-        # OpenSSL has a function called d2i_AutoPrivateKey that in theory
-        # handles this automatically, however it doesn't handle encrypted
-        # private keys. Instead we try to load the key two different ways.
-        # First we'll try to load it as a traditional key.
-        bio_data = self._bytes_to_bio(data)
-        key = self._evp_pkey_from_der_traditional_key(bio_data, password)
-        if key:
-            return self._evp_pkey_to_private_key(key)
-        else:
-            # Finally we try to load it with the method that handles encrypted
-            # PKCS8 properly.
-            return self._load_key(
-                self._lib.d2i_PKCS8PrivateKey_bio,
-                self._evp_pkey_to_private_key,
-                data,
-                password,
-            )
-
-    def _evp_pkey_from_der_traditional_key(self, bio_data, password):
-        key = self._lib.d2i_PrivateKey_bio(bio_data.bio, self._ffi.NULL)
-        if key != self._ffi.NULL:
-            key = self._ffi.gc(key, self._lib.EVP_PKEY_free)
-            if password is not None:
-                raise TypeError(
-                    "Password was given but private key is not encrypted."
-                )
-
-            return key
-        else:
-            self._consume_errors()
-            return None
-
-    def load_der_public_key(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
-        if evp_pkey != self._ffi.NULL:
-            evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-            return self._evp_pkey_to_public_key(evp_pkey)
-        else:
-            # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
-            # need to check to see if it is a pure PKCS1 RSA public key (not
-            # embedded in a subjectPublicKeyInfo)
-            self._consume_errors()
-            res = self._lib.BIO_reset(mem_bio.bio)
-            self.openssl_assert(res == 1)
-            rsa_cdata = self._lib.d2i_RSAPublicKey_bio(
-                mem_bio.bio, self._ffi.NULL
-            )
-            if rsa_cdata != self._ffi.NULL:
-                rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
-                evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
-                return _RSAPublicKey(self, rsa_cdata, evp_pkey)
-            else:
-                self._handle_key_loading_error()
-
-    def load_der_parameters(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        dh_cdata = self._lib.d2i_DHparams_bio(
-            mem_bio.bio, self._ffi.NULL
-        )
-        if dh_cdata != self._ffi.NULL:
-            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-            return _DHParameters(self, dh_cdata)
-        elif self._lib.Cryptography_HAS_EVP_PKEY_DHX:
-            # We check to see if the is dhx.
-            self._consume_errors()
-            res = self._lib.BIO_reset(mem_bio.bio)
-            self.openssl_assert(res == 1)
-            dh_cdata = self._lib.Cryptography_d2i_DHxparams_bio(
-                mem_bio.bio, self._ffi.NULL
-            )
-            if dh_cdata != self._ffi.NULL:
-                dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-                return _DHParameters(self, dh_cdata)
-
-        self._handle_key_loading_error()
-
-    def load_pem_x509_certificate(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509 = self._lib.PEM_read_bio_X509(
-            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-        )
-        if x509 == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError(
-                "Unable to load certificate. See https://cryptography.io/en/la"
-                "test/faq/#why-can-t-i-import-my-pem-file for more details."
-            )
-
-        x509 = self._ffi.gc(x509, self._lib.X509_free)
-        return _Certificate(self, x509)
-
-    def load_der_x509_certificate(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509 = self._lib.d2i_X509_bio(mem_bio.bio, self._ffi.NULL)
-        if x509 == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Unable to load certificate")
-
-        x509 = self._ffi.gc(x509, self._lib.X509_free)
-        return _Certificate(self, x509)
-
-    def load_pem_x509_crl(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509_crl = self._lib.PEM_read_bio_X509_CRL(
-            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-        )
-        if x509_crl == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError(
-                "Unable to load CRL. See https://cryptography.io/en/la"
-                "test/faq/#why-can-t-i-import-my-pem-file for more details."
-            )
-
-        x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free)
-        return _CertificateRevocationList(self, x509_crl)
-
-    def load_der_x509_crl(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509_crl = self._lib.d2i_X509_CRL_bio(mem_bio.bio, self._ffi.NULL)
-        if x509_crl == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Unable to load CRL")
-
-        x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free)
-        return _CertificateRevocationList(self, x509_crl)
-
-    def load_pem_x509_csr(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509_req = self._lib.PEM_read_bio_X509_REQ(
-            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
-        )
-        if x509_req == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError(
-                "Unable to load request. See https://cryptography.io/en/la"
-                "test/faq/#why-can-t-i-import-my-pem-file for more details."
-            )
-
-        x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free)
-        return _CertificateSigningRequest(self, x509_req)
-
-    def load_der_x509_csr(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        x509_req = self._lib.d2i_X509_REQ_bio(mem_bio.bio, self._ffi.NULL)
-        if x509_req == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Unable to load request")
-
-        x509_req = self._ffi.gc(x509_req, self._lib.X509_REQ_free)
-        return _CertificateSigningRequest(self, x509_req)
-
-    def _load_key(self, openssl_read_func, convert_func, data, password):
-        mem_bio = self._bytes_to_bio(data)
-
-        userdata = self._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *")
-        if password is not None:
-            utils._check_byteslike("password", password)
-            password_ptr = self._ffi.from_buffer(password)
-            userdata.password = password_ptr
-            userdata.length = len(password)
-
-        evp_pkey = openssl_read_func(
-            mem_bio.bio,
-            self._ffi.NULL,
-            self._ffi.addressof(
-                self._lib._original_lib, "Cryptography_pem_password_cb"
-            ),
-            userdata,
-        )
-
-        if evp_pkey == self._ffi.NULL:
-            if userdata.error != 0:
-                errors = self._consume_errors()
-                self.openssl_assert(errors)
-                if userdata.error == -1:
-                    raise TypeError(
-                        "Password was not given but private key is encrypted"
-                    )
-                else:
-                    assert userdata.error == -2
-                    raise ValueError(
-                        "Passwords longer than {} bytes are not supported "
-                        "by this backend.".format(userdata.maxsize - 1)
-                    )
-            else:
-                self._handle_key_loading_error()
-
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-
-        if password is not None and userdata.called == 0:
-            raise TypeError(
-                "Password was given but private key is not encrypted.")
-
-        assert (
-            (password is not None and userdata.called == 1) or
-            password is None
-        )
-
-        return convert_func(evp_pkey)
-
-    def _handle_key_loading_error(self):
-        errors = self._consume_errors()
-
-        if not errors:
-            raise ValueError("Could not deserialize key data.")
-
-        elif (
-            errors[0]._lib_reason_match(
-                self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
-            ) or errors[0]._lib_reason_match(
-                self._lib.ERR_LIB_PKCS12,
-                self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR
-            )
-        ):
-            raise ValueError("Bad decrypt. Incorrect password?")
-
-        elif (
-            errors[0]._lib_reason_match(
-                self._lib.ERR_LIB_EVP, self._lib.EVP_R_UNKNOWN_PBE_ALGORITHM
-            ) or errors[0]._lib_reason_match(
-                self._lib.ERR_LIB_PEM, self._lib.PEM_R_UNSUPPORTED_ENCRYPTION
-            )
-        ):
-            raise UnsupportedAlgorithm(
-                "PEM data is encrypted with an unsupported cipher",
-                _Reasons.UNSUPPORTED_CIPHER
-            )
-
-        elif any(
-            error._lib_reason_match(
-                self._lib.ERR_LIB_EVP,
-                self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM
-            )
-            for error in errors
-        ):
-            raise ValueError("Unsupported public key algorithm.")
-
-        else:
-            assert errors[0].lib in (
-                self._lib.ERR_LIB_EVP,
-                self._lib.ERR_LIB_PEM,
-                self._lib.ERR_LIB_ASN1,
-            )
-            raise ValueError("Could not deserialize key data.")
-
-    def elliptic_curve_supported(self, curve):
-        try:
-            curve_nid = self._elliptic_curve_to_nid(curve)
-        except UnsupportedAlgorithm:
-            curve_nid = self._lib.NID_undef
-
-        group = self._lib.EC_GROUP_new_by_curve_name(curve_nid)
-
-        if group == self._ffi.NULL:
-            errors = self._consume_errors()
-            self.openssl_assert(
-                curve_nid == self._lib.NID_undef or
-                errors[0]._lib_reason_match(
-                    self._lib.ERR_LIB_EC,
-                    self._lib.EC_R_UNKNOWN_GROUP
-                )
-            )
-            return False
-        else:
-            self.openssl_assert(curve_nid != self._lib.NID_undef)
-            self._lib.EC_GROUP_free(group)
-            return True
-
-    def elliptic_curve_signature_algorithm_supported(
-        self, signature_algorithm, curve
-    ):
-        # We only support ECDSA right now.
-        if not isinstance(signature_algorithm, ec.ECDSA):
-            return False
-
-        return self.elliptic_curve_supported(curve)
-
-    def generate_elliptic_curve_private_key(self, curve):
-        """
-        Generate a new private key on the named curve.
-        """
-
-        if self.elliptic_curve_supported(curve):
-            ec_cdata = self._ec_key_new_by_curve(curve)
-
-            res = self._lib.EC_KEY_generate_key(ec_cdata)
-            self.openssl_assert(res == 1)
-
-            evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
-
-            return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
-        else:
-            raise UnsupportedAlgorithm(
-                "Backend object does not support {}.".format(curve.name),
-                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
-            )
-
-    def load_elliptic_curve_private_numbers(self, numbers):
-        public = numbers.public_numbers
-
-        ec_cdata = self._ec_key_new_by_curve(public.curve)
-
-        private_value = self._ffi.gc(
-            self._int_to_bn(numbers.private_value), self._lib.BN_clear_free
-        )
-        res = self._lib.EC_KEY_set_private_key(ec_cdata, private_value)
-        self.openssl_assert(res == 1)
-
-        ec_cdata = self._ec_key_set_public_key_affine_coordinates(
-            ec_cdata, public.x, public.y)
-
-        evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
-
-        return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
-
-    def load_elliptic_curve_public_numbers(self, numbers):
-        ec_cdata = self._ec_key_new_by_curve(numbers.curve)
-        ec_cdata = self._ec_key_set_public_key_affine_coordinates(
-            ec_cdata, numbers.x, numbers.y)
-        evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
-
-        return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
-
-    def load_elliptic_curve_public_bytes(self, curve, point_bytes):
-        ec_cdata = self._ec_key_new_by_curve(curve)
-        group = self._lib.EC_KEY_get0_group(ec_cdata)
-        self.openssl_assert(group != self._ffi.NULL)
-        point = self._lib.EC_POINT_new(group)
-        self.openssl_assert(point != self._ffi.NULL)
-        point = self._ffi.gc(point, self._lib.EC_POINT_free)
-        with self._tmp_bn_ctx() as bn_ctx:
-            res = self._lib.EC_POINT_oct2point(
-                group, point, point_bytes, len(point_bytes), bn_ctx
-            )
-            if res != 1:
-                self._consume_errors()
-                raise ValueError("Invalid public bytes for the given curve")
-
-        res = self._lib.EC_KEY_set_public_key(ec_cdata, point)
-        self.openssl_assert(res == 1)
-        evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
-        return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
-
-    def derive_elliptic_curve_private_key(self, private_value, curve):
-        ec_cdata = self._ec_key_new_by_curve(curve)
-
-        get_func, group = self._ec_key_determine_group_get_func(ec_cdata)
-
-        point = self._lib.EC_POINT_new(group)
-        self.openssl_assert(point != self._ffi.NULL)
-        point = self._ffi.gc(point, self._lib.EC_POINT_free)
-
-        value = self._int_to_bn(private_value)
-        value = self._ffi.gc(value, self._lib.BN_clear_free)
-
-        with self._tmp_bn_ctx() as bn_ctx:
-            res = self._lib.EC_POINT_mul(group, point, value, self._ffi.NULL,
-                                         self._ffi.NULL, bn_ctx)
-            self.openssl_assert(res == 1)
-
-            bn_x = self._lib.BN_CTX_get(bn_ctx)
-            bn_y = self._lib.BN_CTX_get(bn_ctx)
-
-            res = get_func(group, point, bn_x, bn_y, bn_ctx)
-            self.openssl_assert(res == 1)
-
-        res = self._lib.EC_KEY_set_public_key(ec_cdata, point)
-        self.openssl_assert(res == 1)
-        private = self._int_to_bn(private_value)
-        private = self._ffi.gc(private, self._lib.BN_clear_free)
-        res = self._lib.EC_KEY_set_private_key(ec_cdata, private)
-        self.openssl_assert(res == 1)
-
-        evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
-
-        return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
-
-    def _ec_key_new_by_curve(self, curve):
-        curve_nid = self._elliptic_curve_to_nid(curve)
-        ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
-        self.openssl_assert(ec_cdata != self._ffi.NULL)
-        return self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
-
-    def load_der_ocsp_request(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        request = self._lib.d2i_OCSP_REQUEST_bio(mem_bio.bio, self._ffi.NULL)
-        if request == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Unable to load OCSP request")
-
-        request = self._ffi.gc(request, self._lib.OCSP_REQUEST_free)
-        return _OCSPRequest(self, request)
-
-    def load_der_ocsp_response(self, data):
-        mem_bio = self._bytes_to_bio(data)
-        response = self._lib.d2i_OCSP_RESPONSE_bio(mem_bio.bio, self._ffi.NULL)
-        if response == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Unable to load OCSP response")
-
-        response = self._ffi.gc(response, self._lib.OCSP_RESPONSE_free)
-        return _OCSPResponse(self, response)
-
-    def create_ocsp_request(self, builder):
-        ocsp_req = self._lib.OCSP_REQUEST_new()
-        self.openssl_assert(ocsp_req != self._ffi.NULL)
-        ocsp_req = self._ffi.gc(ocsp_req, self._lib.OCSP_REQUEST_free)
-        cert, issuer, algorithm = builder._request
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-        certid = self._lib.OCSP_cert_to_id(
-            evp_md, cert._x509, issuer._x509
-        )
-        self.openssl_assert(certid != self._ffi.NULL)
-        onereq = self._lib.OCSP_request_add0_id(ocsp_req, certid)
-        self.openssl_assert(onereq != self._ffi.NULL)
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=ocsp_req,
-            add_func=self._lib.OCSP_REQUEST_add_ext,
-            gc=True,
-        )
-        return _OCSPRequest(self, ocsp_req)
-
-    def _create_ocsp_basic_response(self, builder, private_key, algorithm):
-        basic = self._lib.OCSP_BASICRESP_new()
-        self.openssl_assert(basic != self._ffi.NULL)
-        basic = self._ffi.gc(basic, self._lib.OCSP_BASICRESP_free)
-        evp_md = self._evp_md_non_null_from_algorithm(
-            builder._response._algorithm
-        )
-        certid = self._lib.OCSP_cert_to_id(
-            evp_md, builder._response._cert._x509,
-            builder._response._issuer._x509
-        )
-        self.openssl_assert(certid != self._ffi.NULL)
-        certid = self._ffi.gc(certid, self._lib.OCSP_CERTID_free)
-        if builder._response._revocation_reason is None:
-            reason = -1
-        else:
-            reason = _CRL_ENTRY_REASON_ENUM_TO_CODE[
-                builder._response._revocation_reason
-            ]
-        if builder._response._revocation_time is None:
-            rev_time = self._ffi.NULL
-        else:
-            rev_time = self._create_asn1_time(
-                builder._response._revocation_time
-            )
-
-        next_update = self._ffi.NULL
-        if builder._response._next_update is not None:
-            next_update = self._create_asn1_time(
-                builder._response._next_update
-            )
-
-        this_update = self._create_asn1_time(builder._response._this_update)
-
-        res = self._lib.OCSP_basic_add1_status(
-            basic,
-            certid,
-            builder._response._cert_status.value,
-            reason,
-            rev_time,
-            this_update,
-            next_update
-        )
-        self.openssl_assert(res != self._ffi.NULL)
-        # okay, now sign the basic structure
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-        responder_cert, responder_encoding = builder._responder_id
-        flags = self._lib.OCSP_NOCERTS
-        if responder_encoding is ocsp.OCSPResponderEncoding.HASH:
-            flags |= self._lib.OCSP_RESPID_KEY
-
-        if builder._certs is not None:
-            for cert in builder._certs:
-                res = self._lib.OCSP_basic_add1_cert(basic, cert._x509)
-                self.openssl_assert(res == 1)
-
-        self._create_x509_extensions(
-            extensions=builder._extensions,
-            handlers=_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERS,
-            x509_obj=basic,
-            add_func=self._lib.OCSP_BASICRESP_add_ext,
-            gc=True,
-        )
-
-        res = self._lib.OCSP_basic_sign(
-            basic, responder_cert._x509, private_key._evp_pkey,
-            evp_md, self._ffi.NULL, flags
-        )
-        if res != 1:
-            errors = self._consume_errors()
-            self.openssl_assert(
-                errors[0]._lib_reason_match(
-                    self._lib.ERR_LIB_X509,
-                    self._lib.X509_R_KEY_VALUES_MISMATCH
-                )
-            )
-            raise ValueError("responder_cert must be signed by private_key")
-
-        return basic
-
-    def create_ocsp_response(self, response_status, builder, private_key,
-                             algorithm):
-        if response_status is ocsp.OCSPResponseStatus.SUCCESSFUL:
-            basic = self._create_ocsp_basic_response(
-                builder, private_key, algorithm
-            )
-        else:
-            basic = self._ffi.NULL
-
-        ocsp_resp = self._lib.OCSP_response_create(
-            response_status.value, basic
-        )
-        self.openssl_assert(ocsp_resp != self._ffi.NULL)
-        ocsp_resp = self._ffi.gc(ocsp_resp, self._lib.OCSP_RESPONSE_free)
-        return _OCSPResponse(self, ocsp_resp)
-
-    def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve):
-        return (
-            self.elliptic_curve_supported(curve) and
-            isinstance(algorithm, ec.ECDH)
-        )
-
-    def _ec_cdata_to_evp_pkey(self, ec_cdata):
-        evp_pkey = self._create_evp_pkey_gc()
-        res = self._lib.EVP_PKEY_set1_EC_KEY(evp_pkey, ec_cdata)
-        self.openssl_assert(res == 1)
-        return evp_pkey
-
-    def _elliptic_curve_to_nid(self, curve):
-        """
-        Get the NID for a curve name.
-        """
-
-        curve_aliases = {
-            "secp192r1": "prime192v1",
-            "secp256r1": "prime256v1"
-        }
-
-        curve_name = curve_aliases.get(curve.name, curve.name)
-
-        curve_nid = self._lib.OBJ_sn2nid(curve_name.encode())
-        if curve_nid == self._lib.NID_undef:
-            raise UnsupportedAlgorithm(
-                "{} is not a supported elliptic curve".format(curve.name),
-                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
-            )
-        return curve_nid
-
-    @contextmanager
-    def _tmp_bn_ctx(self):
-        bn_ctx = self._lib.BN_CTX_new()
-        self.openssl_assert(bn_ctx != self._ffi.NULL)
-        bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free)
-        self._lib.BN_CTX_start(bn_ctx)
-        try:
-            yield bn_ctx
-        finally:
-            self._lib.BN_CTX_end(bn_ctx)
-
-    def _ec_key_determine_group_get_func(self, ctx):
-        """
-        Given an EC_KEY determine the group and what function is required to
-        get point coordinates.
-        """
-        self.openssl_assert(ctx != self._ffi.NULL)
-
-        nid_two_field = self._lib.OBJ_sn2nid(b"characteristic-two-field")
-        self.openssl_assert(nid_two_field != self._lib.NID_undef)
-
-        group = self._lib.EC_KEY_get0_group(ctx)
-        self.openssl_assert(group != self._ffi.NULL)
-
-        method = self._lib.EC_GROUP_method_of(group)
-        self.openssl_assert(method != self._ffi.NULL)
-
-        nid = self._lib.EC_METHOD_get_field_type(method)
-        self.openssl_assert(nid != self._lib.NID_undef)
-
-        if nid == nid_two_field and self._lib.Cryptography_HAS_EC2M:
-            get_func = self._lib.EC_POINT_get_affine_coordinates_GF2m
-        else:
-            get_func = self._lib.EC_POINT_get_affine_coordinates_GFp
-
-        assert get_func
-
-        return get_func, group
-
-    def _ec_key_set_public_key_affine_coordinates(self, ctx, x, y):
-        """
-        Sets the public key point in the EC_KEY context to the affine x and y
-        values.
-        """
-
-        if x < 0 or y < 0:
-            raise ValueError(
-                "Invalid EC key. Both x and y must be non-negative."
-            )
-
-        x = self._ffi.gc(self._int_to_bn(x), self._lib.BN_free)
-        y = self._ffi.gc(self._int_to_bn(y), self._lib.BN_free)
-        res = self._lib.EC_KEY_set_public_key_affine_coordinates(ctx, x, y)
-        if res != 1:
-            self._consume_errors()
-            raise ValueError("Invalid EC key.")
-
-        return ctx
-
-    def _private_key_bytes(self, encoding, format, encryption_algorithm,
-                           evp_pkey, cdata):
-        if not isinstance(format, serialization.PrivateFormat):
-            raise TypeError(
-                "format must be an item from the PrivateFormat enum"
-            )
-
-        # X9.62 encoding is only valid for EC public keys
-        if encoding is serialization.Encoding.X962:
-            raise ValueError("X9.62 format is only valid for EC public keys")
-
-        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
-        # Ed448 keys. We capture those cases before this method is called so if
-        # we see those enum values here it means the caller has passed them to
-        # a key that doesn't support raw type
-        if format is serialization.PrivateFormat.Raw:
-            raise ValueError("raw format is invalid with this key or encoding")
-
-        if encoding is serialization.Encoding.Raw:
-            raise ValueError("raw encoding is invalid with this key or format")
-
-        if not isinstance(encryption_algorithm,
-                          serialization.KeySerializationEncryption):
-            raise TypeError(
-                "Encryption algorithm must be a KeySerializationEncryption "
-                "instance"
-            )
-
-        if isinstance(encryption_algorithm, serialization.NoEncryption):
-            password = b""
-            passlen = 0
-            evp_cipher = self._ffi.NULL
-        elif isinstance(encryption_algorithm,
-                        serialization.BestAvailableEncryption):
-            # This is a curated value that we will update over time.
-            evp_cipher = self._lib.EVP_get_cipherbyname(
-                b"aes-256-cbc"
-            )
-            password = encryption_algorithm.password
-            passlen = len(password)
-            if passlen > 1023:
-                raise ValueError(
-                    "Passwords longer than 1023 bytes are not supported by "
-                    "this backend"
-                )
-        else:
-            raise ValueError("Unsupported encryption type")
-
-        key_type = self._lib.EVP_PKEY_id(evp_pkey)
-        if encoding is serialization.Encoding.PEM:
-            if format is serialization.PrivateFormat.PKCS8:
-                write_bio = self._lib.PEM_write_bio_PKCS8PrivateKey
-                key = evp_pkey
-            else:
-                assert format is serialization.PrivateFormat.TraditionalOpenSSL
-                if key_type == self._lib.EVP_PKEY_RSA:
-                    write_bio = self._lib.PEM_write_bio_RSAPrivateKey
-                elif key_type == self._lib.EVP_PKEY_DSA:
-                    write_bio = self._lib.PEM_write_bio_DSAPrivateKey
-                else:
-                    assert key_type == self._lib.EVP_PKEY_EC
-                    write_bio = self._lib.PEM_write_bio_ECPrivateKey
-
-                key = cdata
-        elif encoding is serialization.Encoding.DER:
-            if format is serialization.PrivateFormat.TraditionalOpenSSL:
-                if not isinstance(
-                    encryption_algorithm, serialization.NoEncryption
-                ):
-                    raise ValueError(
-                        "Encryption is not supported for DER encoded "
-                        "traditional OpenSSL keys"
-                    )
-
-                return self._private_key_bytes_traditional_der(key_type, cdata)
-            else:
-                assert format is serialization.PrivateFormat.PKCS8
-                write_bio = self._lib.i2d_PKCS8PrivateKey_bio
-                key = evp_pkey
-        else:
-            raise TypeError("encoding must be Encoding.PEM or Encoding.DER")
-
-        bio = self._create_mem_bio_gc()
-        res = write_bio(
-            bio,
-            key,
-            evp_cipher,
-            password,
-            passlen,
-            self._ffi.NULL,
-            self._ffi.NULL
-        )
-        self.openssl_assert(res == 1)
-        return self._read_mem_bio(bio)
-
-    def _private_key_bytes_traditional_der(self, key_type, cdata):
-        if key_type == self._lib.EVP_PKEY_RSA:
-            write_bio = self._lib.i2d_RSAPrivateKey_bio
-        elif key_type == self._lib.EVP_PKEY_EC:
-            write_bio = self._lib.i2d_ECPrivateKey_bio
-        else:
-            self.openssl_assert(key_type == self._lib.EVP_PKEY_DSA)
-            write_bio = self._lib.i2d_DSAPrivateKey_bio
-
-        bio = self._create_mem_bio_gc()
-        res = write_bio(bio, cdata)
-        self.openssl_assert(res == 1)
-        return self._read_mem_bio(bio)
-
-    def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
-        if not isinstance(encoding, serialization.Encoding):
-            raise TypeError("encoding must be an item from the Encoding enum")
-
-        # Compressed/UncompressedPoint are only valid for EC keys and those
-        # cases are handled by the ECPublicKey public_bytes method before this
-        # method is called
-        if format in (serialization.PublicFormat.UncompressedPoint,
-                      serialization.PublicFormat.CompressedPoint):
-            raise ValueError("Point formats are not valid for this key type")
-
-        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
-        # Ed448 keys. We capture those cases before this method is called so if
-        # we see those enum values here it means the caller has passed them to
-        # a key that doesn't support raw type
-        if format is serialization.PublicFormat.Raw:
-            raise ValueError("raw format is invalid with this key or encoding")
-
-        if encoding is serialization.Encoding.Raw:
-            raise ValueError("raw encoding is invalid with this key or format")
-
-        if (
-            format is serialization.PublicFormat.OpenSSH or
-            encoding is serialization.Encoding.OpenSSH
-        ):
-            if (
-                format is not serialization.PublicFormat.OpenSSH or
-                encoding is not serialization.Encoding.OpenSSH
-            ):
-                raise ValueError(
-                    "OpenSSH format must be used with OpenSSH encoding"
-                )
-            return self._openssh_public_key_bytes(key)
-        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
-            if encoding is serialization.Encoding.PEM:
-                write_bio = self._lib.PEM_write_bio_PUBKEY
-            else:
-                assert encoding is serialization.Encoding.DER
-                write_bio = self._lib.i2d_PUBKEY_bio
-
-            key = evp_pkey
-        elif format is serialization.PublicFormat.PKCS1:
-            # Only RSA is supported here.
-            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
-            if encoding is serialization.Encoding.PEM:
-                write_bio = self._lib.PEM_write_bio_RSAPublicKey
-            else:
-                assert encoding is serialization.Encoding.DER
-                write_bio = self._lib.i2d_RSAPublicKey_bio
-
-            key = cdata
-        else:
-            raise TypeError(
-                "format must be an item from the PublicFormat enum"
-            )
-
-        bio = self._create_mem_bio_gc()
-        res = write_bio(bio, key)
-        self.openssl_assert(res == 1)
-        return self._read_mem_bio(bio)
-
-    def _openssh_public_key_bytes(self, key):
-        if isinstance(key, rsa.RSAPublicKey):
-            public_numbers = key.public_numbers()
-            return b"ssh-rsa " + base64.b64encode(
-                ssh._ssh_write_string(b"ssh-rsa") +
-                ssh._ssh_write_mpint(public_numbers.e) +
-                ssh._ssh_write_mpint(public_numbers.n)
-            )
-        elif isinstance(key, dsa.DSAPublicKey):
-            public_numbers = key.public_numbers()
-            parameter_numbers = public_numbers.parameter_numbers
-            return b"ssh-dss " + base64.b64encode(
-                ssh._ssh_write_string(b"ssh-dss") +
-                ssh._ssh_write_mpint(parameter_numbers.p) +
-                ssh._ssh_write_mpint(parameter_numbers.q) +
-                ssh._ssh_write_mpint(parameter_numbers.g) +
-                ssh._ssh_write_mpint(public_numbers.y)
-            )
-        elif isinstance(key, ed25519.Ed25519PublicKey):
-            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
-                                         serialization.PublicFormat.Raw)
-            return b"ssh-ed25519 " + base64.b64encode(
-                ssh._ssh_write_string(b"ssh-ed25519") +
-                ssh._ssh_write_string(raw_bytes)
-            )
-        elif isinstance(key, ec.EllipticCurvePublicKey):
-            public_numbers = key.public_numbers()
-            try:
-                curve_name = {
-                    ec.SECP256R1: b"nistp256",
-                    ec.SECP384R1: b"nistp384",
-                    ec.SECP521R1: b"nistp521",
-                }[type(public_numbers.curve)]
-            except KeyError:
-                raise ValueError(
-                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
-                    "supported by the SSH public key format"
-                )
-
-            point = key.public_bytes(
-                serialization.Encoding.X962,
-                serialization.PublicFormat.UncompressedPoint
-            )
-            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
-                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
-                ssh._ssh_write_string(curve_name) +
-                ssh._ssh_write_string(point)
-            )
-        else:
-            raise ValueError(
-                "OpenSSH encoding is not supported for this key type"
-            )
-
-    def _parameter_bytes(self, encoding, format, cdata):
-        if encoding is serialization.Encoding.OpenSSH:
-            raise TypeError(
-                "OpenSSH encoding is not supported"
-            )
-
-        # Only DH is supported here currently.
-        q = self._ffi.new("BIGNUM **")
-        self._lib.DH_get0_pqg(cdata,
-                              self._ffi.NULL,
-                              q,
-                              self._ffi.NULL)
-        if encoding is serialization.Encoding.PEM:
-            if q[0] != self._ffi.NULL:
-                write_bio = self._lib.PEM_write_bio_DHxparams
-            else:
-                write_bio = self._lib.PEM_write_bio_DHparams
-        elif encoding is serialization.Encoding.DER:
-            if q[0] != self._ffi.NULL:
-                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
-            else:
-                write_bio = self._lib.i2d_DHparams_bio
-        else:
-            raise TypeError("encoding must be an item from the Encoding enum")
-
-        bio = self._create_mem_bio_gc()
-        res = write_bio(bio, cdata)
-        self.openssl_assert(res == 1)
-        return self._read_mem_bio(bio)
-
-    def generate_dh_parameters(self, generator, key_size):
-        if key_size < 512:
-            raise ValueError("DH key_size must be at least 512 bits")
-
-        if generator not in (2, 5):
-            raise ValueError("DH generator must be 2 or 5")
-
-        dh_param_cdata = self._lib.DH_new()
-        self.openssl_assert(dh_param_cdata != self._ffi.NULL)
-        dh_param_cdata = self._ffi.gc(dh_param_cdata, self._lib.DH_free)
-
-        res = self._lib.DH_generate_parameters_ex(
-            dh_param_cdata,
-            key_size,
-            generator,
-            self._ffi.NULL
-        )
-        self.openssl_assert(res == 1)
-
-        return _DHParameters(self, dh_param_cdata)
-
-    def _dh_cdata_to_evp_pkey(self, dh_cdata):
-        evp_pkey = self._create_evp_pkey_gc()
-        res = self._lib.EVP_PKEY_set1_DH(evp_pkey, dh_cdata)
-        self.openssl_assert(res == 1)
-        return evp_pkey
-
-    def generate_dh_private_key(self, parameters):
-        dh_key_cdata = _dh_params_dup(parameters._dh_cdata, self)
-
-        res = self._lib.DH_generate_key(dh_key_cdata)
-        self.openssl_assert(res == 1)
-
-        evp_pkey = self._dh_cdata_to_evp_pkey(dh_key_cdata)
-
-        return _DHPrivateKey(self, dh_key_cdata, evp_pkey)
-
-    def generate_dh_private_key_and_parameters(self, generator, key_size):
-        return self.generate_dh_private_key(
-            self.generate_dh_parameters(generator, key_size))
-
-    def load_dh_private_numbers(self, numbers):
-        parameter_numbers = numbers.public_numbers.parameter_numbers
-
-        dh_cdata = self._lib.DH_new()
-        self.openssl_assert(dh_cdata != self._ffi.NULL)
-        dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-
-        p = self._int_to_bn(parameter_numbers.p)
-        g = self._int_to_bn(parameter_numbers.g)
-
-        if parameter_numbers.q is not None:
-            q = self._int_to_bn(parameter_numbers.q)
-        else:
-            q = self._ffi.NULL
-
-        pub_key = self._int_to_bn(numbers.public_numbers.y)
-        priv_key = self._int_to_bn(numbers.x)
-
-        res = self._lib.DH_set0_pqg(dh_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-
-        res = self._lib.DH_set0_key(dh_cdata, pub_key, priv_key)
-        self.openssl_assert(res == 1)
-
-        codes = self._ffi.new("int[]", 1)
-        res = self._lib.Cryptography_DH_check(dh_cdata, codes)
-        self.openssl_assert(res == 1)
-
-        # DH_check will return DH_NOT_SUITABLE_GENERATOR if p % 24 does not
-        # equal 11 when the generator is 2 (a quadratic nonresidue).
-        # We want to ignore that error because p % 24 == 23 is also fine.
-        # Specifically, g is then a quadratic residue. Within the context of
-        # Diffie-Hellman this means it can only generate half the possible
-        # values. That sounds bad, but quadratic nonresidues leak a bit of
-        # the key to the attacker in exchange for having the full key space
-        # available. See: https://crypto.stackexchange.com/questions/12961
-        if codes[0] != 0 and not (
-            parameter_numbers.g == 2 and
-            codes[0] ^ self._lib.DH_NOT_SUITABLE_GENERATOR == 0
-        ):
-            raise ValueError(
-                "DH private numbers did not pass safety checks."
-            )
-
-        evp_pkey = self._dh_cdata_to_evp_pkey(dh_cdata)
-
-        return _DHPrivateKey(self, dh_cdata, evp_pkey)
-
-    def load_dh_public_numbers(self, numbers):
-        dh_cdata = self._lib.DH_new()
-        self.openssl_assert(dh_cdata != self._ffi.NULL)
-        dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-
-        parameter_numbers = numbers.parameter_numbers
-
-        p = self._int_to_bn(parameter_numbers.p)
-        g = self._int_to_bn(parameter_numbers.g)
-
-        if parameter_numbers.q is not None:
-            q = self._int_to_bn(parameter_numbers.q)
-        else:
-            q = self._ffi.NULL
-
-        pub_key = self._int_to_bn(numbers.y)
-
-        res = self._lib.DH_set0_pqg(dh_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-
-        res = self._lib.DH_set0_key(dh_cdata, pub_key, self._ffi.NULL)
-        self.openssl_assert(res == 1)
-
-        evp_pkey = self._dh_cdata_to_evp_pkey(dh_cdata)
-
-        return _DHPublicKey(self, dh_cdata, evp_pkey)
-
-    def load_dh_parameter_numbers(self, numbers):
-        dh_cdata = self._lib.DH_new()
-        self.openssl_assert(dh_cdata != self._ffi.NULL)
-        dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-
-        p = self._int_to_bn(numbers.p)
-        g = self._int_to_bn(numbers.g)
-
-        if numbers.q is not None:
-            q = self._int_to_bn(numbers.q)
-        else:
-            q = self._ffi.NULL
-
-        res = self._lib.DH_set0_pqg(dh_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-
-        return _DHParameters(self, dh_cdata)
-
-    def dh_parameters_supported(self, p, g, q=None):
-        dh_cdata = self._lib.DH_new()
-        self.openssl_assert(dh_cdata != self._ffi.NULL)
-        dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
-
-        p = self._int_to_bn(p)
-        g = self._int_to_bn(g)
-
-        if q is not None:
-            q = self._int_to_bn(q)
-        else:
-            q = self._ffi.NULL
-
-        res = self._lib.DH_set0_pqg(dh_cdata, p, q, g)
-        self.openssl_assert(res == 1)
-
-        codes = self._ffi.new("int[]", 1)
-        res = self._lib.Cryptography_DH_check(dh_cdata, codes)
-        self.openssl_assert(res == 1)
-
-        return codes[0] == 0
-
-    def dh_x942_serialization_supported(self):
-        return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1
-
-    def x509_name_bytes(self, name):
-        x509_name = _encode_name_gc(self, name)
-        pp = self._ffi.new("unsigned char **")
-        res = self._lib.i2d_X509_NAME(x509_name, pp)
-        self.openssl_assert(pp[0] != self._ffi.NULL)
-        pp = self._ffi.gc(
-            pp, lambda pointer: self._lib.OPENSSL_free(pointer[0])
-        )
-        self.openssl_assert(res > 0)
-        return self._ffi.buffer(pp[0], res)[:]
-
-    def x25519_load_public_bytes(self, data):
-        # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can
-        # switch this to EVP_PKEY_new_raw_public_key
-        if len(data) != 32:
-            raise ValueError("An X25519 public key is 32 bytes long")
-
-        evp_pkey = self._create_evp_pkey_gc()
-        res = self._lib.EVP_PKEY_set_type(evp_pkey, self._lib.NID_X25519)
-        backend.openssl_assert(res == 1)
-        res = self._lib.EVP_PKEY_set1_tls_encodedpoint(
-            evp_pkey, data, len(data)
-        )
-        backend.openssl_assert(res == 1)
-        return _X25519PublicKey(self, evp_pkey)
-
-    def x25519_load_private_bytes(self, data):
-        # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can
-        # switch this to EVP_PKEY_new_raw_private_key and drop the
-        # zeroed_bytearray garbage.
-        # OpenSSL only has facilities for loading PKCS8 formatted private
-        # keys using the algorithm identifiers specified in
-        # https://tools.ietf.org/html/draft-ietf-curdle-pkix-09.
-        # This is the standard PKCS8 prefix for a 32 byte X25519 key.
-        # The form is:
-        #    0:d=0  hl=2 l=  46 cons: SEQUENCE
-        #    2:d=1  hl=2 l=   1 prim: INTEGER           :00
-        #    5:d=1  hl=2 l=   5 cons: SEQUENCE
-        #    7:d=2  hl=2 l=   3 prim: OBJECT            :1.3.101.110
-        #    12:d=1  hl=2 l=  34 prim: OCTET STRING      (the key)
-        # Of course there's a bit more complexity. In reality OCTET STRING
-        # contains an OCTET STRING of length 32! So the last two bytes here
-        # are \x04\x20, which is an OCTET STRING of length 32.
-        if len(data) != 32:
-            raise ValueError("An X25519 private key is 32 bytes long")
-
-        pkcs8_prefix = b'0.\x02\x01\x000\x05\x06\x03+en\x04"\x04 '
-        with self._zeroed_bytearray(48) as ba:
-            ba[0:16] = pkcs8_prefix
-            ba[16:] = data
-            bio = self._bytes_to_bio(ba)
-            evp_pkey = backend._lib.d2i_PrivateKey_bio(bio.bio, self._ffi.NULL)
-
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-        self.openssl_assert(
-            self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_X25519
-        )
-        return _X25519PrivateKey(self, evp_pkey)
-
-    def _evp_pkey_keygen_gc(self, nid):
-        evp_pkey_ctx = self._lib.EVP_PKEY_CTX_new_id(nid, self._ffi.NULL)
-        self.openssl_assert(evp_pkey_ctx != self._ffi.NULL)
-        evp_pkey_ctx = self._ffi.gc(evp_pkey_ctx, self._lib.EVP_PKEY_CTX_free)
-        res = self._lib.EVP_PKEY_keygen_init(evp_pkey_ctx)
-        self.openssl_assert(res == 1)
-        evp_ppkey = self._ffi.new("EVP_PKEY **")
-        res = self._lib.EVP_PKEY_keygen(evp_pkey_ctx, evp_ppkey)
-        self.openssl_assert(res == 1)
-        self.openssl_assert(evp_ppkey[0] != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_ppkey[0], self._lib.EVP_PKEY_free)
-        return evp_pkey
-
-    def x25519_generate_key(self):
-        evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X25519)
-        return _X25519PrivateKey(self, evp_pkey)
-
-    def x25519_supported(self):
-        return self._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
-
-    def x448_load_public_bytes(self, data):
-        if len(data) != 56:
-            raise ValueError("An X448 public key is 56 bytes long")
-
-        evp_pkey = self._lib.EVP_PKEY_new_raw_public_key(
-            self._lib.NID_X448, self._ffi.NULL, data, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-        return _X448PublicKey(self, evp_pkey)
-
-    def x448_load_private_bytes(self, data):
-        if len(data) != 56:
-            raise ValueError("An X448 private key is 56 bytes long")
-
-        data_ptr = self._ffi.from_buffer(data)
-        evp_pkey = self._lib.EVP_PKEY_new_raw_private_key(
-            self._lib.NID_X448, self._ffi.NULL, data_ptr, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-        return _X448PrivateKey(self, evp_pkey)
-
-    def x448_generate_key(self):
-        evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X448)
-        return _X448PrivateKey(self, evp_pkey)
-
-    def x448_supported(self):
-        return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-
-    def ed25519_supported(self):
-        return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B
-
-    def ed25519_load_public_bytes(self, data):
-        utils._check_bytes("data", data)
-
-        if len(data) != ed25519._ED25519_KEY_SIZE:
-            raise ValueError("An Ed25519 public key is 32 bytes long")
-
-        evp_pkey = self._lib.EVP_PKEY_new_raw_public_key(
-            self._lib.NID_ED25519, self._ffi.NULL, data, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-
-        return _Ed25519PublicKey(self, evp_pkey)
-
-    def ed25519_load_private_bytes(self, data):
-        if len(data) != ed25519._ED25519_KEY_SIZE:
-            raise ValueError("An Ed25519 private key is 32 bytes long")
-
-        utils._check_byteslike("data", data)
-        data_ptr = self._ffi.from_buffer(data)
-        evp_pkey = self._lib.EVP_PKEY_new_raw_private_key(
-            self._lib.NID_ED25519, self._ffi.NULL, data_ptr, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-
-        return _Ed25519PrivateKey(self, evp_pkey)
-
-    def ed25519_generate_key(self):
-        evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_ED25519)
-        return _Ed25519PrivateKey(self, evp_pkey)
-
-    def ed448_supported(self):
-        return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B
-
-    def ed448_load_public_bytes(self, data):
-        utils._check_bytes("data", data)
-        if len(data) != _ED448_KEY_SIZE:
-            raise ValueError("An Ed448 public key is 57 bytes long")
-
-        evp_pkey = self._lib.EVP_PKEY_new_raw_public_key(
-            self._lib.NID_ED448, self._ffi.NULL, data, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-
-        return _Ed448PublicKey(self, evp_pkey)
-
-    def ed448_load_private_bytes(self, data):
-        utils._check_byteslike("data", data)
-        if len(data) != _ED448_KEY_SIZE:
-            raise ValueError("An Ed448 private key is 57 bytes long")
-
-        data_ptr = self._ffi.from_buffer(data)
-        evp_pkey = self._lib.EVP_PKEY_new_raw_private_key(
-            self._lib.NID_ED448, self._ffi.NULL, data_ptr, len(data)
-        )
-        self.openssl_assert(evp_pkey != self._ffi.NULL)
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-
-        return _Ed448PrivateKey(self, evp_pkey)
-
-    def ed448_generate_key(self):
-        evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_ED448)
-        return _Ed448PrivateKey(self, evp_pkey)
-
-    def derive_scrypt(self, key_material, salt, length, n, r, p):
-        buf = self._ffi.new("unsigned char[]", length)
-        key_material_ptr = self._ffi.from_buffer(key_material)
-        res = self._lib.EVP_PBE_scrypt(
-            key_material_ptr, len(key_material), salt, len(salt), n, r, p,
-            scrypt._MEM_LIMIT, buf, length
-        )
-        if res != 1:
-            errors = self._consume_errors()
-            if not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111:
-                # This error is only added to the stack in 1.1.1+
-                self.openssl_assert(
-                    errors[0]._lib_reason_match(
-                        self._lib.ERR_LIB_EVP,
-                        self._lib.ERR_R_MALLOC_FAILURE
-                    ) or
-                    errors[0]._lib_reason_match(
-                        self._lib.ERR_LIB_EVP,
-                        self._lib.EVP_R_MEMORY_LIMIT_EXCEEDED
-                    )
-                )
-
-            # memory required formula explained here:
-            # https://blog.filippo.io/the-scrypt-parameters/
-            min_memory = 128 * n * r // (1024**2)
-            raise MemoryError(
-                "Not enough memory to derive key. These parameters require"
-                " {} MB of memory.".format(min_memory)
-            )
-        return self._ffi.buffer(buf)[:]
-
-    def aead_cipher_supported(self, cipher):
-        cipher_name = aead._aead_cipher_name(cipher)
-        return (
-            self._lib.EVP_get_cipherbyname(cipher_name) != self._ffi.NULL
-        )
-
-    @contextlib.contextmanager
-    def _zeroed_bytearray(self, length):
-        """
-        This method creates a bytearray, which we copy data into (hopefully
-        also from a mutable buffer that can be dynamically erased!), and then
-        zero when we're done.
-        """
-        ba = bytearray(length)
-        try:
-            yield ba
-        finally:
-            self._zero_data(ba, length)
-
-    def _zero_data(self, data, length):
-        # We clear things this way because at the moment we're not
-        # sure of a better way that can guarantee it overwrites the
-        # memory of a bytearray and doesn't just replace the underlying char *.
-        for i in range(length):
-            data[i] = 0
-
-    @contextlib.contextmanager
-    def _zeroed_null_terminated_buf(self, data):
-        """
-        This method takes bytes, which can be a bytestring or a mutable
-        buffer like a bytearray, and yields a null-terminated version of that
-        data. This is required because PKCS12_parse doesn't take a length with
-        its password char * and ffi.from_buffer doesn't provide null
-        termination. So, to support zeroing the data via bytearray we
-        need to build this ridiculous construct that copies the memory, but
-        zeroes it after use.
-        """
-        if data is None:
-            yield self._ffi.NULL
-        else:
-            data_len = len(data)
-            buf = self._ffi.new("char[]", data_len + 1)
-            self._ffi.memmove(buf, data, data_len)
-            try:
-                yield buf
-            finally:
-                # Cast to a uint8_t * so we can assign by integer
-                self._zero_data(self._ffi.cast("uint8_t *", buf), data_len)
-
-    def load_key_and_certificates_from_pkcs12(self, data, password):
-        if password is not None:
-            utils._check_byteslike("password", password)
-
-        bio = self._bytes_to_bio(data)
-        p12 = self._lib.d2i_PKCS12_bio(bio.bio, self._ffi.NULL)
-        if p12 == self._ffi.NULL:
-            self._consume_errors()
-            raise ValueError("Could not deserialize PKCS12 data")
-
-        p12 = self._ffi.gc(p12, self._lib.PKCS12_free)
-        evp_pkey_ptr = self._ffi.new("EVP_PKEY **")
-        x509_ptr = self._ffi.new("X509 **")
-        sk_x509_ptr = self._ffi.new("Cryptography_STACK_OF_X509 **")
-        with self._zeroed_null_terminated_buf(password) as password_buf:
-            res = self._lib.PKCS12_parse(
-                p12, password_buf, evp_pkey_ptr, x509_ptr, sk_x509_ptr
-            )
-
-        if res == 0:
-            self._consume_errors()
-            raise ValueError("Invalid password or PKCS12 data")
-
-        cert = None
-        key = None
-        additional_certificates = []
-
-        if evp_pkey_ptr[0] != self._ffi.NULL:
-            evp_pkey = self._ffi.gc(evp_pkey_ptr[0], self._lib.EVP_PKEY_free)
-            key = self._evp_pkey_to_private_key(evp_pkey)
-
-        if x509_ptr[0] != self._ffi.NULL:
-            x509 = self._ffi.gc(x509_ptr[0], self._lib.X509_free)
-            cert = _Certificate(self, x509)
-
-        if sk_x509_ptr[0] != self._ffi.NULL:
-            sk_x509 = self._ffi.gc(sk_x509_ptr[0], self._lib.sk_X509_free)
-            num = self._lib.sk_X509_num(sk_x509_ptr[0])
-            for i in range(num):
-                x509 = self._lib.sk_X509_value(sk_x509, i)
-                x509 = self._ffi.gc(x509, self._lib.X509_free)
-                self.openssl_assert(x509 != self._ffi.NULL)
-                additional_certificates.append(_Certificate(self, x509))
-
-        return (key, cert, additional_certificates)
-
-    def poly1305_supported(self):
-        return self._lib.Cryptography_HAS_POLY1305 == 1
-
-    def create_poly1305_ctx(self, key):
-        utils._check_byteslike("key", key)
-        if len(key) != _POLY1305_KEY_SIZE:
-            raise ValueError("A poly1305 key is 32 bytes long")
-
-        return _Poly1305Context(self, key)
-
-
-class GetCipherByName(object):
-    def __init__(self, fmt):
-        self._fmt = fmt
-
-    def __call__(self, backend, cipher, mode):
-        cipher_name = self._fmt.format(cipher=cipher, mode=mode).lower()
-        return backend._lib.EVP_get_cipherbyname(cipher_name.encode("ascii"))
-
-
-def _get_xts_cipher(backend, cipher, mode):
-    cipher_name = "aes-{}-xts".format(cipher.key_size // 2)
-    return backend._lib.EVP_get_cipherbyname(cipher_name.encode("ascii"))
-
-
-backend = Backend()
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ciphers.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ciphers.py
@@ -1,229 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import ciphers
-from cryptography.hazmat.primitives.ciphers import modes
-
-
-@utils.register_interface(ciphers.CipherContext)
-@utils.register_interface(ciphers.AEADCipherContext)
-@utils.register_interface(ciphers.AEADEncryptionContext)
-@utils.register_interface(ciphers.AEADDecryptionContext)
-class _CipherContext(object):
-    _ENCRYPT = 1
-    _DECRYPT = 0
-
-    def __init__(self, backend, cipher, mode, operation):
-        self._backend = backend
-        self._cipher = cipher
-        self._mode = mode
-        self._operation = operation
-        self._tag = None
-
-        if isinstance(self._cipher, ciphers.BlockCipherAlgorithm):
-            self._block_size_bytes = self._cipher.block_size // 8
-        else:
-            self._block_size_bytes = 1
-
-        ctx = self._backend._lib.EVP_CIPHER_CTX_new()
-        ctx = self._backend._ffi.gc(
-            ctx, self._backend._lib.EVP_CIPHER_CTX_free
-        )
-
-        registry = self._backend._cipher_registry
-        try:
-            adapter = registry[type(cipher), type(mode)]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "cipher {} in {} mode is not supported "
-                "by this backend.".format(
-                    cipher.name, mode.name if mode else mode),
-                _Reasons.UNSUPPORTED_CIPHER
-            )
-
-        evp_cipher = adapter(self._backend, cipher, mode)
-        if evp_cipher == self._backend._ffi.NULL:
-            msg = "cipher {0.name} ".format(cipher)
-            if mode is not None:
-                msg += "in {0.name} mode ".format(mode)
-            msg += (
-                "is not supported by this backend (Your version of OpenSSL "
-                "may be too old. Current version: {}.)"
-            ).format(self._backend.openssl_version_text())
-            raise UnsupportedAlgorithm(msg, _Reasons.UNSUPPORTED_CIPHER)
-
-        if isinstance(mode, modes.ModeWithInitializationVector):
-            iv_nonce = self._backend._ffi.from_buffer(
-                mode.initialization_vector
-            )
-        elif isinstance(mode, modes.ModeWithTweak):
-            iv_nonce = self._backend._ffi.from_buffer(mode.tweak)
-        elif isinstance(mode, modes.ModeWithNonce):
-            iv_nonce = self._backend._ffi.from_buffer(mode.nonce)
-        elif isinstance(cipher, modes.ModeWithNonce):
-            iv_nonce = self._backend._ffi.from_buffer(cipher.nonce)
-        else:
-            iv_nonce = self._backend._ffi.NULL
-        # begin init with cipher and operation type
-        res = self._backend._lib.EVP_CipherInit_ex(ctx, evp_cipher,
-                                                   self._backend._ffi.NULL,
-                                                   self._backend._ffi.NULL,
-                                                   self._backend._ffi.NULL,
-                                                   operation)
-        self._backend.openssl_assert(res != 0)
-        # set the key length to handle variable key ciphers
-        res = self._backend._lib.EVP_CIPHER_CTX_set_key_length(
-            ctx, len(cipher.key)
-        )
-        self._backend.openssl_assert(res != 0)
-        if isinstance(mode, modes.GCM):
-            res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
-                ctx, self._backend._lib.EVP_CTRL_AEAD_SET_IVLEN,
-                len(iv_nonce), self._backend._ffi.NULL
-            )
-            self._backend.openssl_assert(res != 0)
-            if mode.tag is not None:
-                res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
-                    ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
-                    len(mode.tag), mode.tag
-                )
-                self._backend.openssl_assert(res != 0)
-                self._tag = mode.tag
-            elif (
-                self._operation == self._DECRYPT and
-                self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-                not self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-            ):
-                raise NotImplementedError(
-                    "delayed passing of GCM tag requires OpenSSL >= 1.0.2."
-                    " To use this feature please update OpenSSL"
-                )
-
-        # pass key/iv
-        res = self._backend._lib.EVP_CipherInit_ex(
-            ctx,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            self._backend._ffi.from_buffer(cipher.key),
-            iv_nonce,
-            operation
-        )
-        self._backend.openssl_assert(res != 0)
-        # We purposely disable padding here as it's handled higher up in the
-        # API.
-        self._backend._lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
-        self._ctx = ctx
-
-    def update(self, data):
-        buf = bytearray(len(data) + self._block_size_bytes - 1)
-        n = self.update_into(data, buf)
-        return bytes(buf[:n])
-
-    def update_into(self, data, buf):
-        if len(buf) < (len(data) + self._block_size_bytes - 1):
-            raise ValueError(
-                "buffer must be at least {} bytes for this "
-                "payload".format(len(data) + self._block_size_bytes - 1)
-            )
-
-        buf = self._backend._ffi.cast(
-            "unsigned char *", self._backend._ffi.from_buffer(buf)
-        )
-        outlen = self._backend._ffi.new("int *")
-        res = self._backend._lib.EVP_CipherUpdate(
-            self._ctx, buf, outlen,
-            self._backend._ffi.from_buffer(data), len(data)
-        )
-        self._backend.openssl_assert(res != 0)
-        return outlen[0]
-
-    def finalize(self):
-        # OpenSSL 1.0.1 on Ubuntu 12.04 (and possibly other distributions)
-        # appears to have a bug where you must make at least one call to update
-        # even if you are only using authenticate_additional_data or the
-        # GCM tag will be wrong. An (empty) call to update resolves this
-        # and is harmless for all other versions of OpenSSL.
-        if isinstance(self._mode, modes.GCM):
-            self.update(b"")
-
-        if (
-            self._operation == self._DECRYPT and
-            isinstance(self._mode, modes.ModeWithAuthenticationTag) and
-            self.tag is None
-        ):
-            raise ValueError(
-                "Authentication tag must be provided when decrypting."
-            )
-
-        buf = self._backend._ffi.new("unsigned char[]", self._block_size_bytes)
-        outlen = self._backend._ffi.new("int *")
-        res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
-        if res == 0:
-            errors = self._backend._consume_errors()
-
-            if not errors and isinstance(self._mode, modes.GCM):
-                raise InvalidTag
-
-            self._backend.openssl_assert(
-                errors[0]._lib_reason_match(
-                    self._backend._lib.ERR_LIB_EVP,
-                    self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
-                )
-            )
-            raise ValueError(
-                "The length of the provided data is not a multiple of "
-                "the block length."
-            )
-
-        if (isinstance(self._mode, modes.GCM) and
-           self._operation == self._ENCRYPT):
-            tag_buf = self._backend._ffi.new(
-                "unsigned char[]", self._block_size_bytes
-            )
-            res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
-                self._ctx, self._backend._lib.EVP_CTRL_AEAD_GET_TAG,
-                self._block_size_bytes, tag_buf
-            )
-            self._backend.openssl_assert(res != 0)
-            self._tag = self._backend._ffi.buffer(tag_buf)[:]
-
-        res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
-        self._backend.openssl_assert(res == 1)
-        return self._backend._ffi.buffer(buf)[:outlen[0]]
-
-    def finalize_with_tag(self, tag):
-        if (
-            self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-            not self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        ):
-            raise NotImplementedError(
-                "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
-                "method please update OpenSSL"
-            )
-        if len(tag) < self._mode._min_tag_length:
-            raise ValueError(
-                "Authentication tag must be {} bytes or longer.".format(
-                    self._mode._min_tag_length)
-            )
-        res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
-            self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
-            len(tag), tag
-        )
-        self._backend.openssl_assert(res != 0)
-        self._tag = tag
-        return self.finalize()
-
-    def authenticate_additional_data(self, data):
-        outlen = self._backend._ffi.new("int *")
-        res = self._backend._lib.EVP_CipherUpdate(
-            self._ctx, self._backend._ffi.NULL, outlen,
-            self._backend._ffi.from_buffer(data), len(data)
-        )
-        self._backend.openssl_assert(res != 0)
-
-    tag = utils.read_only_property("_tag")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/cmac.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/cmac.py
@@ -1,81 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-from cryptography import utils
-from cryptography.exceptions import (
-    InvalidSignature, UnsupportedAlgorithm, _Reasons
-)
-from cryptography.hazmat.primitives import constant_time
-from cryptography.hazmat.primitives.ciphers.modes import CBC
-
-
-class _CMACContext(object):
-    def __init__(self, backend, algorithm, ctx=None):
-        if not backend.cmac_algorithm_supported(algorithm):
-            raise UnsupportedAlgorithm("This backend does not support CMAC.",
-                                       _Reasons.UNSUPPORTED_CIPHER)
-
-        self._backend = backend
-        self._key = algorithm.key
-        self._algorithm = algorithm
-        self._output_length = algorithm.block_size // 8
-
-        if ctx is None:
-            registry = self._backend._cipher_registry
-            adapter = registry[type(algorithm), CBC]
-
-            evp_cipher = adapter(self._backend, algorithm, CBC)
-
-            ctx = self._backend._lib.CMAC_CTX_new()
-
-            self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
-            ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free)
-
-            key_ptr = self._backend._ffi.from_buffer(self._key)
-            res = self._backend._lib.CMAC_Init(
-                ctx, key_ptr, len(self._key),
-                evp_cipher, self._backend._ffi.NULL
-            )
-            self._backend.openssl_assert(res == 1)
-
-        self._ctx = ctx
-
-    algorithm = utils.read_only_property("_algorithm")
-
-    def update(self, data):
-        res = self._backend._lib.CMAC_Update(self._ctx, data, len(data))
-        self._backend.openssl_assert(res == 1)
-
-    def finalize(self):
-        buf = self._backend._ffi.new("unsigned char[]", self._output_length)
-        length = self._backend._ffi.new("size_t *", self._output_length)
-        res = self._backend._lib.CMAC_Final(
-            self._ctx, buf, length
-        )
-        self._backend.openssl_assert(res == 1)
-
-        self._ctx = None
-
-        return self._backend._ffi.buffer(buf)[:]
-
-    def copy(self):
-        copied_ctx = self._backend._lib.CMAC_CTX_new()
-        copied_ctx = self._backend._ffi.gc(
-            copied_ctx, self._backend._lib.CMAC_CTX_free
-        )
-        res = self._backend._lib.CMAC_CTX_copy(
-            copied_ctx, self._ctx
-        )
-        self._backend.openssl_assert(res == 1)
-        return _CMACContext(
-            self._backend, self._algorithm, ctx=copied_ctx
-        )
-
-    def verify(self, signature):
-        digest = self.finalize()
-        if not constant_time.bytes_eq(digest, signature):
-            raise InvalidSignature("Signature did not match digest.")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/decode_asn1.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -1,899 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import datetime
-import ipaddress
-
-import asn1crypto.core
-
-import six
-
-from cryptography import x509
-from cryptography.x509.extensions import _TLS_FEATURE_TYPE_TO_ENUM
-from cryptography.x509.name import _ASN1_TYPE_TO_ENUM
-from cryptography.x509.oid import (
-    CRLEntryExtensionOID, CertificatePoliciesOID, ExtensionOID,
-    OCSPExtensionOID,
-)
-
-
-class _Integers(asn1crypto.core.SequenceOf):
-    _child_spec = asn1crypto.core.Integer
-
-
-def _obj2txt(backend, obj):
-    # Set to 80 on the recommendation of
-    # https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values
-    #
-    # But OIDs longer than this occur in real life (e.g. Active
-    # Directory makes some very long OIDs).  So we need to detect
-    # and properly handle the case where the default buffer is not
-    # big enough.
-    #
-    buf_len = 80
-    buf = backend._ffi.new("char[]", buf_len)
-
-    # 'res' is the number of bytes that *would* be written if the
-    # buffer is large enough.  If 'res' > buf_len - 1, we need to
-    # alloc a big-enough buffer and go again.
-    res = backend._lib.OBJ_obj2txt(buf, buf_len, obj, 1)
-    if res > buf_len - 1:  # account for terminating null byte
-        buf_len = res + 1
-        buf = backend._ffi.new("char[]", buf_len)
-        res = backend._lib.OBJ_obj2txt(buf, buf_len, obj, 1)
-    backend.openssl_assert(res > 0)
-    return backend._ffi.buffer(buf, res)[:].decode()
-
-
-def _decode_x509_name_entry(backend, x509_name_entry):
-    obj = backend._lib.X509_NAME_ENTRY_get_object(x509_name_entry)
-    backend.openssl_assert(obj != backend._ffi.NULL)
-    data = backend._lib.X509_NAME_ENTRY_get_data(x509_name_entry)
-    backend.openssl_assert(data != backend._ffi.NULL)
-    value = _asn1_string_to_utf8(backend, data)
-    oid = _obj2txt(backend, obj)
-    type = _ASN1_TYPE_TO_ENUM[data.type]
-
-    return x509.NameAttribute(x509.ObjectIdentifier(oid), value, type)
-
-
-def _decode_x509_name(backend, x509_name):
-    count = backend._lib.X509_NAME_entry_count(x509_name)
-    attributes = []
-    prev_set_id = -1
-    for x in range(count):
-        entry = backend._lib.X509_NAME_get_entry(x509_name, x)
-        attribute = _decode_x509_name_entry(backend, entry)
-        set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry)
-        if set_id != prev_set_id:
-            attributes.append(set([attribute]))
-        else:
-            # is in the same RDN a previous entry
-            attributes[-1].add(attribute)
-        prev_set_id = set_id
-
-    return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
-
-
-def _decode_general_names(backend, gns):
-    num = backend._lib.sk_GENERAL_NAME_num(gns)
-    names = []
-    for i in range(num):
-        gn = backend._lib.sk_GENERAL_NAME_value(gns, i)
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        names.append(_decode_general_name(backend, gn))
-
-    return names
-
-
-def _decode_general_name(backend, gn):
-    if gn.type == backend._lib.GEN_DNS:
-        # Convert to bytes and then decode to utf8. We don't use
-        # asn1_string_to_utf8 here because it doesn't properly convert
-        # utf8 from ia5strings.
-        data = _asn1_string_to_bytes(backend, gn.d.dNSName).decode("utf8")
-        # We don't use the constructor for DNSName so we can bypass validation
-        # This allows us to create DNSName objects that have unicode chars
-        # when a certificate (against the RFC) contains them.
-        return x509.DNSName._init_without_validation(data)
-    elif gn.type == backend._lib.GEN_URI:
-        # Convert to bytes and then decode to utf8. We don't use
-        # asn1_string_to_utf8 here because it doesn't properly convert
-        # utf8 from ia5strings.
-        data = _asn1_string_to_bytes(
-            backend, gn.d.uniformResourceIdentifier
-        ).decode("utf8")
-        # We don't use the constructor for URI so we can bypass validation
-        # This allows us to create URI objects that have unicode chars
-        # when a certificate (against the RFC) contains them.
-        return x509.UniformResourceIdentifier._init_without_validation(data)
-    elif gn.type == backend._lib.GEN_RID:
-        oid = _obj2txt(backend, gn.d.registeredID)
-        return x509.RegisteredID(x509.ObjectIdentifier(oid))
-    elif gn.type == backend._lib.GEN_IPADD:
-        data = _asn1_string_to_bytes(backend, gn.d.iPAddress)
-        data_len = len(data)
-        if data_len == 8 or data_len == 32:
-            # This is an IPv4 or IPv6 Network and not a single IP. This
-            # type of data appears in Name Constraints. Unfortunately,
-            # ipaddress doesn't support packed bytes + netmask. Additionally,
-            # IPv6Network can only handle CIDR rather than the full 16 byte
-            # netmask. To handle this we convert the netmask to integer, then
-            # find the first 0 bit, which will be the prefix. If another 1
-            # bit is present after that the netmask is invalid.
-            base = ipaddress.ip_address(data[:data_len // 2])
-            netmask = ipaddress.ip_address(data[data_len // 2:])
-            bits = bin(int(netmask))[2:]
-            prefix = bits.find('0')
-            # If no 0 bits are found it is a /32 or /128
-            if prefix == -1:
-                prefix = len(bits)
-
-            if "1" in bits[prefix:]:
-                raise ValueError("Invalid netmask")
-
-            ip = ipaddress.ip_network(base.exploded + u"/{}".format(prefix))
-        else:
-            ip = ipaddress.ip_address(data)
-
-        return x509.IPAddress(ip)
-    elif gn.type == backend._lib.GEN_DIRNAME:
-        return x509.DirectoryName(
-            _decode_x509_name(backend, gn.d.directoryName)
-        )
-    elif gn.type == backend._lib.GEN_EMAIL:
-        # Convert to bytes and then decode to utf8. We don't use
-        # asn1_string_to_utf8 here because it doesn't properly convert
-        # utf8 from ia5strings.
-        data = _asn1_string_to_bytes(backend, gn.d.rfc822Name).decode("utf8")
-        # We don't use the constructor for RFC822Name so we can bypass
-        # validation. This allows us to create RFC822Name objects that have
-        # unicode chars when a certificate (against the RFC) contains them.
-        return x509.RFC822Name._init_without_validation(data)
-    elif gn.type == backend._lib.GEN_OTHERNAME:
-        type_id = _obj2txt(backend, gn.d.otherName.type_id)
-        value = _asn1_to_der(backend, gn.d.otherName.value)
-        return x509.OtherName(x509.ObjectIdentifier(type_id), value)
-    else:
-        # x400Address or ediPartyName
-        raise x509.UnsupportedGeneralNameType(
-            "{} is not a supported type".format(
-                x509._GENERAL_NAMES.get(gn.type, gn.type)
-            ),
-            gn.type
-        )
-
-
-def _decode_ocsp_no_check(backend, ext):
-    return x509.OCSPNoCheck()
-
-
-def _decode_crl_number(backend, ext):
-    asn1_int = backend._ffi.cast("ASN1_INTEGER *", ext)
-    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
-    return x509.CRLNumber(_asn1_integer_to_int(backend, asn1_int))
-
-
-def _decode_delta_crl_indicator(backend, ext):
-    asn1_int = backend._ffi.cast("ASN1_INTEGER *", ext)
-    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
-    return x509.DeltaCRLIndicator(_asn1_integer_to_int(backend, asn1_int))
-
-
-class _X509ExtensionParser(object):
-    def __init__(self, ext_count, get_ext, handlers):
-        self.ext_count = ext_count
-        self.get_ext = get_ext
-        self.handlers = handlers
-
-    def parse(self, backend, x509_obj):
-        extensions = []
-        seen_oids = set()
-        for i in range(self.ext_count(backend, x509_obj)):
-            ext = self.get_ext(backend, x509_obj, i)
-            backend.openssl_assert(ext != backend._ffi.NULL)
-            crit = backend._lib.X509_EXTENSION_get_critical(ext)
-            critical = crit == 1
-            oid = x509.ObjectIdentifier(
-                _obj2txt(backend, backend._lib.X509_EXTENSION_get_object(ext))
-            )
-            if oid in seen_oids:
-                raise x509.DuplicateExtension(
-                    "Duplicate {} extension found".format(oid), oid
-                )
-
-            # These OIDs are only supported in OpenSSL 1.1.0+ but we want
-            # to support them in all versions of OpenSSL so we decode them
-            # ourselves.
-            if oid == ExtensionOID.TLS_FEATURE:
-                data = backend._lib.X509_EXTENSION_get_data(ext)
-                parsed = _Integers.load(_asn1_string_to_bytes(backend, data))
-                value = x509.TLSFeature(
-                    [_TLS_FEATURE_TYPE_TO_ENUM[x.native] for x in parsed]
-                )
-                extensions.append(x509.Extension(oid, critical, value))
-                seen_oids.add(oid)
-                continue
-            elif oid == ExtensionOID.PRECERT_POISON:
-                data = backend._lib.X509_EXTENSION_get_data(ext)
-                parsed = asn1crypto.core.Null.load(
-                    _asn1_string_to_bytes(backend, data)
-                )
-                assert parsed == asn1crypto.core.Null()
-                extensions.append(x509.Extension(
-                    oid, critical, x509.PrecertPoison()
-                ))
-                seen_oids.add(oid)
-                continue
-
-            try:
-                handler = self.handlers[oid]
-            except KeyError:
-                # Dump the DER payload into an UnrecognizedExtension object
-                data = backend._lib.X509_EXTENSION_get_data(ext)
-                backend.openssl_assert(data != backend._ffi.NULL)
-                der = backend._ffi.buffer(data.data, data.length)[:]
-                unrecognized = x509.UnrecognizedExtension(oid, der)
-                extensions.append(
-                    x509.Extension(oid, critical, unrecognized)
-                )
-            else:
-                ext_data = backend._lib.X509V3_EXT_d2i(ext)
-                if ext_data == backend._ffi.NULL:
-                    backend._consume_errors()
-                    raise ValueError(
-                        "The {} extension is invalid and can't be "
-                        "parsed".format(oid)
-                    )
-
-                value = handler(backend, ext_data)
-                extensions.append(x509.Extension(oid, critical, value))
-
-            seen_oids.add(oid)
-
-        return x509.Extensions(extensions)
-
-
-def _decode_certificate_policies(backend, cp):
-    cp = backend._ffi.cast("Cryptography_STACK_OF_POLICYINFO *", cp)
-    cp = backend._ffi.gc(cp, backend._lib.CERTIFICATEPOLICIES_free)
-
-    num = backend._lib.sk_POLICYINFO_num(cp)
-    certificate_policies = []
-    for i in range(num):
-        qualifiers = None
-        pi = backend._lib.sk_POLICYINFO_value(cp, i)
-        oid = x509.ObjectIdentifier(_obj2txt(backend, pi.policyid))
-        if pi.qualifiers != backend._ffi.NULL:
-            qnum = backend._lib.sk_POLICYQUALINFO_num(pi.qualifiers)
-            qualifiers = []
-            for j in range(qnum):
-                pqi = backend._lib.sk_POLICYQUALINFO_value(
-                    pi.qualifiers, j
-                )
-                pqualid = x509.ObjectIdentifier(
-                    _obj2txt(backend, pqi.pqualid)
-                )
-                if pqualid == CertificatePoliciesOID.CPS_QUALIFIER:
-                    cpsuri = backend._ffi.buffer(
-                        pqi.d.cpsuri.data, pqi.d.cpsuri.length
-                    )[:].decode('ascii')
-                    qualifiers.append(cpsuri)
-                else:
-                    assert pqualid == CertificatePoliciesOID.CPS_USER_NOTICE
-                    user_notice = _decode_user_notice(
-                        backend, pqi.d.usernotice
-                    )
-                    qualifiers.append(user_notice)
-
-        certificate_policies.append(
-            x509.PolicyInformation(oid, qualifiers)
-        )
-
-    return x509.CertificatePolicies(certificate_policies)
-
-
-def _decode_user_notice(backend, un):
-    explicit_text = None
-    notice_reference = None
-
-    if un.exptext != backend._ffi.NULL:
-        explicit_text = _asn1_string_to_utf8(backend, un.exptext)
-
-    if un.noticeref != backend._ffi.NULL:
-        organization = _asn1_string_to_utf8(
-            backend, un.noticeref.organization
-        )
-
-        num = backend._lib.sk_ASN1_INTEGER_num(
-            un.noticeref.noticenos
-        )
-        notice_numbers = []
-        for i in range(num):
-            asn1_int = backend._lib.sk_ASN1_INTEGER_value(
-                un.noticeref.noticenos, i
-            )
-            notice_num = _asn1_integer_to_int(backend, asn1_int)
-            notice_numbers.append(notice_num)
-
-        notice_reference = x509.NoticeReference(
-            organization, notice_numbers
-        )
-
-    return x509.UserNotice(notice_reference, explicit_text)
-
-
-def _decode_basic_constraints(backend, bc_st):
-    basic_constraints = backend._ffi.cast("BASIC_CONSTRAINTS *", bc_st)
-    basic_constraints = backend._ffi.gc(
-        basic_constraints, backend._lib.BASIC_CONSTRAINTS_free
-    )
-    # The byte representation of an ASN.1 boolean true is \xff. OpenSSL
-    # chooses to just map this to its ordinal value, so true is 255 and
-    # false is 0.
-    ca = basic_constraints.ca == 255
-    path_length = _asn1_integer_to_int_or_none(
-        backend, basic_constraints.pathlen
-    )
-
-    return x509.BasicConstraints(ca, path_length)
-
-
-def _decode_subject_key_identifier(backend, asn1_string):
-    asn1_string = backend._ffi.cast("ASN1_OCTET_STRING *", asn1_string)
-    asn1_string = backend._ffi.gc(
-        asn1_string, backend._lib.ASN1_OCTET_STRING_free
-    )
-    return x509.SubjectKeyIdentifier(
-        backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
-    )
-
-
-def _decode_authority_key_identifier(backend, akid):
-    akid = backend._ffi.cast("AUTHORITY_KEYID *", akid)
-    akid = backend._ffi.gc(akid, backend._lib.AUTHORITY_KEYID_free)
-    key_identifier = None
-    authority_cert_issuer = None
-
-    if akid.keyid != backend._ffi.NULL:
-        key_identifier = backend._ffi.buffer(
-            akid.keyid.data, akid.keyid.length
-        )[:]
-
-    if akid.issuer != backend._ffi.NULL:
-        authority_cert_issuer = _decode_general_names(
-            backend, akid.issuer
-        )
-
-    authority_cert_serial_number = _asn1_integer_to_int_or_none(
-        backend, akid.serial
-    )
-
-    return x509.AuthorityKeyIdentifier(
-        key_identifier, authority_cert_issuer, authority_cert_serial_number
-    )
-
-
-def _decode_authority_information_access(backend, aia):
-    aia = backend._ffi.cast("Cryptography_STACK_OF_ACCESS_DESCRIPTION *", aia)
-    aia = backend._ffi.gc(
-        aia,
-        lambda x: backend._lib.sk_ACCESS_DESCRIPTION_pop_free(
-            x, backend._ffi.addressof(
-                backend._lib._original_lib, "ACCESS_DESCRIPTION_free"
-            )
-        )
-    )
-    num = backend._lib.sk_ACCESS_DESCRIPTION_num(aia)
-    access_descriptions = []
-    for i in range(num):
-        ad = backend._lib.sk_ACCESS_DESCRIPTION_value(aia, i)
-        backend.openssl_assert(ad.method != backend._ffi.NULL)
-        oid = x509.ObjectIdentifier(_obj2txt(backend, ad.method))
-        backend.openssl_assert(ad.location != backend._ffi.NULL)
-        gn = _decode_general_name(backend, ad.location)
-        access_descriptions.append(x509.AccessDescription(oid, gn))
-
-    return x509.AuthorityInformationAccess(access_descriptions)
-
-
-def _decode_key_usage(backend, bit_string):
-    bit_string = backend._ffi.cast("ASN1_BIT_STRING *", bit_string)
-    bit_string = backend._ffi.gc(bit_string, backend._lib.ASN1_BIT_STRING_free)
-    get_bit = backend._lib.ASN1_BIT_STRING_get_bit
-    digital_signature = get_bit(bit_string, 0) == 1
-    content_commitment = get_bit(bit_string, 1) == 1
-    key_encipherment = get_bit(bit_string, 2) == 1
-    data_encipherment = get_bit(bit_string, 3) == 1
-    key_agreement = get_bit(bit_string, 4) == 1
-    key_cert_sign = get_bit(bit_string, 5) == 1
-    crl_sign = get_bit(bit_string, 6) == 1
-    encipher_only = get_bit(bit_string, 7) == 1
-    decipher_only = get_bit(bit_string, 8) == 1
-    return x509.KeyUsage(
-        digital_signature,
-        content_commitment,
-        key_encipherment,
-        data_encipherment,
-        key_agreement,
-        key_cert_sign,
-        crl_sign,
-        encipher_only,
-        decipher_only
-    )
-
-
-def _decode_general_names_extension(backend, gns):
-    gns = backend._ffi.cast("GENERAL_NAMES *", gns)
-    gns = backend._ffi.gc(gns, backend._lib.GENERAL_NAMES_free)
-    general_names = _decode_general_names(backend, gns)
-    return general_names
-
-
-def _decode_subject_alt_name(backend, ext):
-    return x509.SubjectAlternativeName(
-        _decode_general_names_extension(backend, ext)
-    )
-
-
-def _decode_issuer_alt_name(backend, ext):
-    return x509.IssuerAlternativeName(
-        _decode_general_names_extension(backend, ext)
-    )
-
-
-def _decode_name_constraints(backend, nc):
-    nc = backend._ffi.cast("NAME_CONSTRAINTS *", nc)
-    nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free)
-    permitted = _decode_general_subtrees(backend, nc.permittedSubtrees)
-    excluded = _decode_general_subtrees(backend, nc.excludedSubtrees)
-    return x509.NameConstraints(
-        permitted_subtrees=permitted, excluded_subtrees=excluded
-    )
-
-
-def _decode_general_subtrees(backend, stack_subtrees):
-    if stack_subtrees == backend._ffi.NULL:
-        return None
-
-    num = backend._lib.sk_GENERAL_SUBTREE_num(stack_subtrees)
-    subtrees = []
-
-    for i in range(num):
-        obj = backend._lib.sk_GENERAL_SUBTREE_value(stack_subtrees, i)
-        backend.openssl_assert(obj != backend._ffi.NULL)
-        name = _decode_general_name(backend, obj.base)
-        subtrees.append(name)
-
-    return subtrees
-
-
-def _decode_issuing_dist_point(backend, idp):
-    idp = backend._ffi.cast("ISSUING_DIST_POINT *", idp)
-    idp = backend._ffi.gc(idp, backend._lib.ISSUING_DIST_POINT_free)
-    if idp.distpoint != backend._ffi.NULL:
-        full_name, relative_name = _decode_distpoint(backend, idp.distpoint)
-    else:
-        full_name = None
-        relative_name = None
-
-    only_user = idp.onlyuser == 255
-    only_ca = idp.onlyCA == 255
-    indirect_crl = idp.indirectCRL == 255
-    only_attr = idp.onlyattr == 255
-    if idp.onlysomereasons != backend._ffi.NULL:
-        only_some_reasons = _decode_reasons(backend, idp.onlysomereasons)
-    else:
-        only_some_reasons = None
-
-    return x509.IssuingDistributionPoint(
-        full_name, relative_name, only_user, only_ca, only_some_reasons,
-        indirect_crl, only_attr
-    )
-
-
-def _decode_policy_constraints(backend, pc):
-    pc = backend._ffi.cast("POLICY_CONSTRAINTS *", pc)
-    pc = backend._ffi.gc(pc, backend._lib.POLICY_CONSTRAINTS_free)
-
-    require_explicit_policy = _asn1_integer_to_int_or_none(
-        backend, pc.requireExplicitPolicy
-    )
-    inhibit_policy_mapping = _asn1_integer_to_int_or_none(
-        backend, pc.inhibitPolicyMapping
-    )
-
-    return x509.PolicyConstraints(
-        require_explicit_policy, inhibit_policy_mapping
-    )
-
-
-def _decode_extended_key_usage(backend, sk):
-    sk = backend._ffi.cast("Cryptography_STACK_OF_ASN1_OBJECT *", sk)
-    sk = backend._ffi.gc(sk, backend._lib.sk_ASN1_OBJECT_free)
-    num = backend._lib.sk_ASN1_OBJECT_num(sk)
-    ekus = []
-
-    for i in range(num):
-        obj = backend._lib.sk_ASN1_OBJECT_value(sk, i)
-        backend.openssl_assert(obj != backend._ffi.NULL)
-        oid = x509.ObjectIdentifier(_obj2txt(backend, obj))
-        ekus.append(oid)
-
-    return x509.ExtendedKeyUsage(ekus)
-
-
-_DISTPOINT_TYPE_FULLNAME = 0
-_DISTPOINT_TYPE_RELATIVENAME = 1
-
-
-def _decode_dist_points(backend, cdps):
-    cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
-    cdps = backend._ffi.gc(cdps, backend._lib.CRL_DIST_POINTS_free)
-
-    num = backend._lib.sk_DIST_POINT_num(cdps)
-    dist_points = []
-    for i in range(num):
-        full_name = None
-        relative_name = None
-        crl_issuer = None
-        reasons = None
-        cdp = backend._lib.sk_DIST_POINT_value(cdps, i)
-        if cdp.reasons != backend._ffi.NULL:
-            reasons = _decode_reasons(backend, cdp.reasons)
-
-        if cdp.CRLissuer != backend._ffi.NULL:
-            crl_issuer = _decode_general_names(backend, cdp.CRLissuer)
-
-        # Certificates may have a crl_issuer/reasons and no distribution
-        # point so make sure it's not null.
-        if cdp.distpoint != backend._ffi.NULL:
-            full_name, relative_name = _decode_distpoint(
-                backend, cdp.distpoint
-            )
-
-        dist_points.append(
-            x509.DistributionPoint(
-                full_name, relative_name, reasons, crl_issuer
-            )
-        )
-
-    return dist_points
-
-
-# ReasonFlags ::= BIT STRING {
-#      unused                  (0),
-#      keyCompromise           (1),
-#      cACompromise            (2),
-#      affiliationChanged      (3),
-#      superseded              (4),
-#      cessationOfOperation    (5),
-#      certificateHold         (6),
-#      privilegeWithdrawn      (7),
-#      aACompromise            (8) }
-_REASON_BIT_MAPPING = {
-    1: x509.ReasonFlags.key_compromise,
-    2: x509.ReasonFlags.ca_compromise,
-    3: x509.ReasonFlags.affiliation_changed,
-    4: x509.ReasonFlags.superseded,
-    5: x509.ReasonFlags.cessation_of_operation,
-    6: x509.ReasonFlags.certificate_hold,
-    7: x509.ReasonFlags.privilege_withdrawn,
-    8: x509.ReasonFlags.aa_compromise,
-}
-
-
-def _decode_reasons(backend, reasons):
-    # We will check each bit from RFC 5280
-    enum_reasons = []
-    for bit_position, reason in six.iteritems(_REASON_BIT_MAPPING):
-        if backend._lib.ASN1_BIT_STRING_get_bit(reasons, bit_position):
-            enum_reasons.append(reason)
-
-    return frozenset(enum_reasons)
-
-
-def _decode_distpoint(backend, distpoint):
-    if distpoint.type == _DISTPOINT_TYPE_FULLNAME:
-        full_name = _decode_general_names(backend, distpoint.name.fullname)
-        return full_name, None
-
-    # OpenSSL code doesn't test for a specific type for
-    # relativename, everything that isn't fullname is considered
-    # relativename.  Per RFC 5280:
-    #
-    # DistributionPointName ::= CHOICE {
-    #      fullName                [0]      GeneralNames,
-    #      nameRelativeToCRLIssuer [1]      RelativeDistinguishedName }
-    rns = distpoint.name.relativename
-    rnum = backend._lib.sk_X509_NAME_ENTRY_num(rns)
-    attributes = set()
-    for i in range(rnum):
-        rn = backend._lib.sk_X509_NAME_ENTRY_value(
-            rns, i
-        )
-        backend.openssl_assert(rn != backend._ffi.NULL)
-        attributes.add(
-            _decode_x509_name_entry(backend, rn)
-        )
-
-    relative_name = x509.RelativeDistinguishedName(attributes)
-
-    return None, relative_name
-
-
-def _decode_crl_distribution_points(backend, cdps):
-    dist_points = _decode_dist_points(backend, cdps)
-    return x509.CRLDistributionPoints(dist_points)
-
-
-def _decode_freshest_crl(backend, cdps):
-    dist_points = _decode_dist_points(backend, cdps)
-    return x509.FreshestCRL(dist_points)
-
-
-def _decode_inhibit_any_policy(backend, asn1_int):
-    asn1_int = backend._ffi.cast("ASN1_INTEGER *", asn1_int)
-    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
-    skip_certs = _asn1_integer_to_int(backend, asn1_int)
-    return x509.InhibitAnyPolicy(skip_certs)
-
-
-def _decode_precert_signed_certificate_timestamps(backend, asn1_scts):
-    from cryptography.hazmat.backends.openssl.x509 import (
-        _SignedCertificateTimestamp
-    )
-    asn1_scts = backend._ffi.cast("Cryptography_STACK_OF_SCT *", asn1_scts)
-    asn1_scts = backend._ffi.gc(asn1_scts, backend._lib.SCT_LIST_free)
-
-    scts = []
-    for i in range(backend._lib.sk_SCT_num(asn1_scts)):
-        sct = backend._lib.sk_SCT_value(asn1_scts, i)
-
-        scts.append(_SignedCertificateTimestamp(backend, asn1_scts, sct))
-    return x509.PrecertificateSignedCertificateTimestamps(scts)
-
-
-#    CRLReason ::= ENUMERATED {
-#        unspecified             (0),
-#        keyCompromise           (1),
-#        cACompromise            (2),
-#        affiliationChanged      (3),
-#        superseded              (4),
-#        cessationOfOperation    (5),
-#        certificateHold         (6),
-#             -- value 7 is not used
-#        removeFromCRL           (8),
-#        privilegeWithdrawn      (9),
-#        aACompromise           (10) }
-_CRL_ENTRY_REASON_CODE_TO_ENUM = {
-    0: x509.ReasonFlags.unspecified,
-    1: x509.ReasonFlags.key_compromise,
-    2: x509.ReasonFlags.ca_compromise,
-    3: x509.ReasonFlags.affiliation_changed,
-    4: x509.ReasonFlags.superseded,
-    5: x509.ReasonFlags.cessation_of_operation,
-    6: x509.ReasonFlags.certificate_hold,
-    8: x509.ReasonFlags.remove_from_crl,
-    9: x509.ReasonFlags.privilege_withdrawn,
-    10: x509.ReasonFlags.aa_compromise,
-}
-
-
-_CRL_ENTRY_REASON_ENUM_TO_CODE = {
-    x509.ReasonFlags.unspecified: 0,
-    x509.ReasonFlags.key_compromise: 1,
-    x509.ReasonFlags.ca_compromise: 2,
-    x509.ReasonFlags.affiliation_changed: 3,
-    x509.ReasonFlags.superseded: 4,
-    x509.ReasonFlags.cessation_of_operation: 5,
-    x509.ReasonFlags.certificate_hold: 6,
-    x509.ReasonFlags.remove_from_crl: 8,
-    x509.ReasonFlags.privilege_withdrawn: 9,
-    x509.ReasonFlags.aa_compromise: 10
-}
-
-
-def _decode_crl_reason(backend, enum):
-    enum = backend._ffi.cast("ASN1_ENUMERATED *", enum)
-    enum = backend._ffi.gc(enum, backend._lib.ASN1_ENUMERATED_free)
-    code = backend._lib.ASN1_ENUMERATED_get(enum)
-
-    try:
-        return x509.CRLReason(_CRL_ENTRY_REASON_CODE_TO_ENUM[code])
-    except KeyError:
-        raise ValueError("Unsupported reason code: {}".format(code))
-
-
-def _decode_invalidity_date(backend, inv_date):
-    generalized_time = backend._ffi.cast(
-        "ASN1_GENERALIZEDTIME *", inv_date
-    )
-    generalized_time = backend._ffi.gc(
-        generalized_time, backend._lib.ASN1_GENERALIZEDTIME_free
-    )
-    return x509.InvalidityDate(
-        _parse_asn1_generalized_time(backend, generalized_time)
-    )
-
-
-def _decode_cert_issuer(backend, gns):
-    gns = backend._ffi.cast("GENERAL_NAMES *", gns)
-    gns = backend._ffi.gc(gns, backend._lib.GENERAL_NAMES_free)
-    general_names = _decode_general_names(backend, gns)
-    return x509.CertificateIssuer(general_names)
-
-
-def _asn1_to_der(backend, asn1_type):
-    buf = backend._ffi.new("unsigned char **")
-    res = backend._lib.i2d_ASN1_TYPE(asn1_type, buf)
-    backend.openssl_assert(res >= 0)
-    backend.openssl_assert(buf[0] != backend._ffi.NULL)
-    buf = backend._ffi.gc(
-        buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0])
-    )
-    return backend._ffi.buffer(buf[0], res)[:]
-
-
-def _asn1_integer_to_int(backend, asn1_int):
-    bn = backend._lib.ASN1_INTEGER_to_BN(asn1_int, backend._ffi.NULL)
-    backend.openssl_assert(bn != backend._ffi.NULL)
-    bn = backend._ffi.gc(bn, backend._lib.BN_free)
-    return backend._bn_to_int(bn)
-
-
-def _asn1_integer_to_int_or_none(backend, asn1_int):
-    if asn1_int == backend._ffi.NULL:
-        return None
-    else:
-        return _asn1_integer_to_int(backend, asn1_int)
-
-
-def _asn1_string_to_bytes(backend, asn1_string):
-    return backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
-
-
-def _asn1_string_to_ascii(backend, asn1_string):
-    return _asn1_string_to_bytes(backend, asn1_string).decode("ascii")
-
-
-def _asn1_string_to_utf8(backend, asn1_string):
-    buf = backend._ffi.new("unsigned char **")
-    res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string)
-    if res == -1:
-        raise ValueError(
-            "Unsupported ASN1 string type. Type: {}".format(asn1_string.type)
-        )
-
-    backend.openssl_assert(buf[0] != backend._ffi.NULL)
-    buf = backend._ffi.gc(
-        buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0])
-    )
-    return backend._ffi.buffer(buf[0], res)[:].decode('utf8')
-
-
-def _parse_asn1_time(backend, asn1_time):
-    backend.openssl_assert(asn1_time != backend._ffi.NULL)
-    generalized_time = backend._lib.ASN1_TIME_to_generalizedtime(
-        asn1_time, backend._ffi.NULL
-    )
-    if generalized_time == backend._ffi.NULL:
-        raise ValueError(
-            "Couldn't parse ASN.1 time as generalizedtime {!r}".format(
-                _asn1_string_to_bytes(backend, asn1_time)
-            )
-        )
-
-    generalized_time = backend._ffi.gc(
-        generalized_time, backend._lib.ASN1_GENERALIZEDTIME_free
-    )
-    return _parse_asn1_generalized_time(backend, generalized_time)
-
-
-def _parse_asn1_generalized_time(backend, generalized_time):
-    time = _asn1_string_to_ascii(
-        backend, backend._ffi.cast("ASN1_STRING *", generalized_time)
-    )
-    return datetime.datetime.strptime(time, "%Y%m%d%H%M%SZ")
-
-
-def _decode_nonce(backend, nonce):
-    nonce = backend._ffi.cast("ASN1_OCTET_STRING *", nonce)
-    nonce = backend._ffi.gc(nonce, backend._lib.ASN1_OCTET_STRING_free)
-    return x509.OCSPNonce(_asn1_string_to_bytes(backend, nonce))
-
-
-_EXTENSION_HANDLERS_NO_SCT = {
-    ExtensionOID.BASIC_CONSTRAINTS: _decode_basic_constraints,
-    ExtensionOID.SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier,
-    ExtensionOID.KEY_USAGE: _decode_key_usage,
-    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
-    ExtensionOID.EXTENDED_KEY_USAGE: _decode_extended_key_usage,
-    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
-    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
-        _decode_authority_information_access
-    ),
-    ExtensionOID.CERTIFICATE_POLICIES: _decode_certificate_policies,
-    ExtensionOID.CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points,
-    ExtensionOID.FRESHEST_CRL: _decode_freshest_crl,
-    ExtensionOID.OCSP_NO_CHECK: _decode_ocsp_no_check,
-    ExtensionOID.INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
-    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
-    ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints,
-    ExtensionOID.POLICY_CONSTRAINTS: _decode_policy_constraints,
-}
-_EXTENSION_HANDLERS = _EXTENSION_HANDLERS_NO_SCT.copy()
-_EXTENSION_HANDLERS[
-    ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS
-] = _decode_precert_signed_certificate_timestamps
-
-
-_REVOKED_EXTENSION_HANDLERS = {
-    CRLEntryExtensionOID.CRL_REASON: _decode_crl_reason,
-    CRLEntryExtensionOID.INVALIDITY_DATE: _decode_invalidity_date,
-    CRLEntryExtensionOID.CERTIFICATE_ISSUER: _decode_cert_issuer,
-}
-
-_CRL_EXTENSION_HANDLERS = {
-    ExtensionOID.CRL_NUMBER: _decode_crl_number,
-    ExtensionOID.DELTA_CRL_INDICATOR: _decode_delta_crl_indicator,
-    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
-    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
-    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
-        _decode_authority_information_access
-    ),
-    ExtensionOID.ISSUING_DISTRIBUTION_POINT: _decode_issuing_dist_point,
-}
-
-_OCSP_REQ_EXTENSION_HANDLERS = {
-    OCSPExtensionOID.NONCE: _decode_nonce,
-}
-
-_OCSP_BASICRESP_EXTENSION_HANDLERS = {
-    OCSPExtensionOID.NONCE: _decode_nonce,
-}
-
-_CERTIFICATE_EXTENSION_PARSER_NO_SCT = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i),
-    handlers=_EXTENSION_HANDLERS_NO_SCT
-)
-
-_CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i),
-    handlers=_EXTENSION_HANDLERS
-)
-
-_CSR_EXTENSION_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.sk_X509_EXTENSION_num(x),
-    get_ext=lambda backend, x, i: backend._lib.sk_X509_EXTENSION_value(x, i),
-    handlers=_EXTENSION_HANDLERS
-)
-
-_REVOKED_CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.X509_REVOKED_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.X509_REVOKED_get_ext(x, i),
-    handlers=_REVOKED_EXTENSION_HANDLERS,
-)
-
-_CRL_EXTENSION_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.X509_CRL_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.X509_CRL_get_ext(x, i),
-    handlers=_CRL_EXTENSION_HANDLERS,
-)
-
-_OCSP_REQ_EXT_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.OCSP_REQUEST_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.OCSP_REQUEST_get_ext(x, i),
-    handlers=_OCSP_REQ_EXTENSION_HANDLERS,
-)
-
-_OCSP_BASICRESP_EXT_PARSER = _X509ExtensionParser(
-    ext_count=lambda backend, x: backend._lib.OCSP_BASICRESP_get_ext_count(x),
-    get_ext=lambda backend, x, i: backend._lib.OCSP_BASICRESP_get_ext(x, i),
-    handlers=_OCSP_BASICRESP_EXTENSION_HANDLERS,
-)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dh.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dh.py
@@ -1,280 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import dh
-
-
-def _dh_params_dup(dh_cdata, backend):
-    lib = backend._lib
-    ffi = backend._ffi
-
-    param_cdata = lib.DHparams_dup(dh_cdata)
-    backend.openssl_assert(param_cdata != ffi.NULL)
-    param_cdata = ffi.gc(param_cdata, lib.DH_free)
-    if lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102:
-        # In OpenSSL versions < 1.0.2 or libressl DHparams_dup don't copy q
-        q = ffi.new("BIGNUM **")
-        lib.DH_get0_pqg(dh_cdata, ffi.NULL, q, ffi.NULL)
-        q_dup = lib.BN_dup(q[0])
-        res = lib.DH_set0_pqg(param_cdata, ffi.NULL, q_dup, ffi.NULL)
-        backend.openssl_assert(res == 1)
-
-    return param_cdata
-
-
-def _dh_cdata_to_parameters(dh_cdata, backend):
-    param_cdata = _dh_params_dup(dh_cdata, backend)
-    return _DHParameters(backend, param_cdata)
-
-
-@utils.register_interface(dh.DHParametersWithSerialization)
-class _DHParameters(object):
-    def __init__(self, backend, dh_cdata):
-        self._backend = backend
-        self._dh_cdata = dh_cdata
-
-    def parameter_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        if q[0] == self._backend._ffi.NULL:
-            q_val = None
-        else:
-            q_val = self._backend._bn_to_int(q[0])
-        return dh.DHParameterNumbers(
-            p=self._backend._bn_to_int(p[0]),
-            g=self._backend._bn_to_int(g[0]),
-            q=q_val
-        )
-
-    def generate_private_key(self):
-        return self._backend.generate_dh_private_key(self)
-
-    def parameter_bytes(self, encoding, format):
-        if format is not serialization.ParameterFormat.PKCS3:
-            raise ValueError(
-                "Only PKCS3 serialization is supported"
-            )
-        if not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX:
-            q = self._backend._ffi.new("BIGNUM **")
-            self._backend._lib.DH_get0_pqg(self._dh_cdata,
-                                           self._backend._ffi.NULL,
-                                           q,
-                                           self._backend._ffi.NULL)
-            if q[0] != self._backend._ffi.NULL:
-                raise UnsupportedAlgorithm(
-                    "DH X9.42 serialization is not supported",
-                    _Reasons.UNSUPPORTED_SERIALIZATION)
-
-        return self._backend._parameter_bytes(
-            encoding,
-            format,
-            self._dh_cdata
-        )
-
-
-def _handle_dh_compute_key_error(errors, backend):
-    lib = backend._lib
-
-    backend.openssl_assert(
-        errors[0]._lib_reason_match(
-            lib.ERR_LIB_DH, lib.DH_R_INVALID_PUBKEY
-        )
-    )
-
-    raise ValueError("Public key value is invalid for this exchange.")
-
-
-def _get_dh_num_bits(backend, dh_cdata):
-    p = backend._ffi.new("BIGNUM **")
-    backend._lib.DH_get0_pqg(dh_cdata, p,
-                             backend._ffi.NULL,
-                             backend._ffi.NULL)
-    backend.openssl_assert(p[0] != backend._ffi.NULL)
-    return backend._lib.BN_num_bits(p[0])
-
-
-@utils.register_interface(dh.DHPrivateKeyWithSerialization)
-class _DHPrivateKey(object):
-    def __init__(self, backend, dh_cdata, evp_pkey):
-        self._backend = backend
-        self._dh_cdata = dh_cdata
-        self._evp_pkey = evp_pkey
-        self._key_size_bytes = self._backend._lib.DH_size(dh_cdata)
-
-    @property
-    def key_size(self):
-        return _get_dh_num_bits(self._backend, self._dh_cdata)
-
-    def private_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        if q[0] == self._backend._ffi.NULL:
-            q_val = None
-        else:
-            q_val = self._backend._bn_to_int(q[0])
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        priv_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_key(self._dh_cdata, pub_key, priv_key)
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(priv_key[0] != self._backend._ffi.NULL)
-        return dh.DHPrivateNumbers(
-            public_numbers=dh.DHPublicNumbers(
-                parameter_numbers=dh.DHParameterNumbers(
-                    p=self._backend._bn_to_int(p[0]),
-                    g=self._backend._bn_to_int(g[0]),
-                    q=q_val
-                ),
-                y=self._backend._bn_to_int(pub_key[0])
-            ),
-            x=self._backend._bn_to_int(priv_key[0])
-        )
-
-    def exchange(self, peer_public_key):
-
-        buf = self._backend._ffi.new("unsigned char[]", self._key_size_bytes)
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_key(peer_public_key._dh_cdata, pub_key,
-                                       self._backend._ffi.NULL)
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        res = self._backend._lib.DH_compute_key(
-            buf,
-            pub_key[0],
-            self._dh_cdata
-        )
-
-        if res == -1:
-            errors = self._backend._consume_errors()
-            return _handle_dh_compute_key_error(errors, self._backend)
-        else:
-            self._backend.openssl_assert(res >= 1)
-
-            key = self._backend._ffi.buffer(buf)[:res]
-            pad = self._key_size_bytes - len(key)
-
-            if pad > 0:
-                key = (b"\x00" * pad) + key
-
-            return key
-
-    def public_key(self):
-        dh_cdata = _dh_params_dup(self._dh_cdata, self._backend)
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_key(self._dh_cdata,
-                                       pub_key, self._backend._ffi.NULL)
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        pub_key_dup = self._backend._lib.BN_dup(pub_key[0])
-        self._backend.openssl_assert(pub_key_dup != self._backend._ffi.NULL)
-
-        res = self._backend._lib.DH_set0_key(dh_cdata,
-                                             pub_key_dup,
-                                             self._backend._ffi.NULL)
-        self._backend.openssl_assert(res == 1)
-        evp_pkey = self._backend._dh_cdata_to_evp_pkey(dh_cdata)
-        return _DHPublicKey(self._backend, dh_cdata, evp_pkey)
-
-    def parameters(self):
-        return _dh_cdata_to_parameters(self._dh_cdata, self._backend)
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        if format is not serialization.PrivateFormat.PKCS8:
-            raise ValueError(
-                "DH private keys support only PKCS8 serialization"
-            )
-        if not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX:
-            q = self._backend._ffi.new("BIGNUM **")
-            self._backend._lib.DH_get0_pqg(self._dh_cdata,
-                                           self._backend._ffi.NULL,
-                                           q,
-                                           self._backend._ffi.NULL)
-            if q[0] != self._backend._ffi.NULL:
-                raise UnsupportedAlgorithm(
-                    "DH X9.42 serialization is not supported",
-                    _Reasons.UNSUPPORTED_SERIALIZATION)
-
-        return self._backend._private_key_bytes(
-            encoding,
-            format,
-            encryption_algorithm,
-            self._evp_pkey,
-            self._dh_cdata
-        )
-
-
-@utils.register_interface(dh.DHPublicKeyWithSerialization)
-class _DHPublicKey(object):
-    def __init__(self, backend, dh_cdata, evp_pkey):
-        self._backend = backend
-        self._dh_cdata = dh_cdata
-        self._evp_pkey = evp_pkey
-        self._key_size_bits = _get_dh_num_bits(self._backend, self._dh_cdata)
-
-    @property
-    def key_size(self):
-        return self._key_size_bits
-
-    def public_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_pqg(self._dh_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        if q[0] == self._backend._ffi.NULL:
-            q_val = None
-        else:
-            q_val = self._backend._bn_to_int(q[0])
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DH_get0_key(self._dh_cdata,
-                                       pub_key, self._backend._ffi.NULL)
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        return dh.DHPublicNumbers(
-            parameter_numbers=dh.DHParameterNumbers(
-                p=self._backend._bn_to_int(p[0]),
-                g=self._backend._bn_to_int(g[0]),
-                q=q_val
-            ),
-            y=self._backend._bn_to_int(pub_key[0])
-        )
-
-    def parameters(self):
-        return _dh_cdata_to_parameters(self._dh_cdata, self._backend)
-
-    def public_bytes(self, encoding, format):
-        if format is not serialization.PublicFormat.SubjectPublicKeyInfo:
-            raise ValueError(
-                "DH public keys support only "
-                "SubjectPublicKeyInfo serialization"
-            )
-
-        if not self._backend._lib.Cryptography_HAS_EVP_PKEY_DHX:
-            q = self._backend._ffi.new("BIGNUM **")
-            self._backend._lib.DH_get0_pqg(self._dh_cdata,
-                                           self._backend._ffi.NULL,
-                                           q,
-                                           self._backend._ffi.NULL)
-            if q[0] != self._backend._ffi.NULL:
-                raise UnsupportedAlgorithm(
-                    "DH X9.42 serialization is not supported",
-                    _Reasons.UNSUPPORTED_SERIALIZATION)
-
-        return self._backend._public_key_bytes(
-            encoding,
-            format,
-            self,
-            self._evp_pkey,
-            None
-        )
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dsa.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/dsa.py
@@ -1,268 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.backends.openssl.utils import (
-    _calculate_digest_and_algorithm, _check_not_prehashed,
-    _warn_sign_verify_deprecated
-)
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import (
-    AsymmetricSignatureContext, AsymmetricVerificationContext, dsa
-)
-
-
-def _dsa_sig_sign(backend, private_key, data):
-    sig_buf_len = backend._lib.DSA_size(private_key._dsa_cdata)
-    sig_buf = backend._ffi.new("unsigned char[]", sig_buf_len)
-    buflen = backend._ffi.new("unsigned int *")
-
-    # The first parameter passed to DSA_sign is unused by OpenSSL but
-    # must be an integer.
-    res = backend._lib.DSA_sign(
-        0, data, len(data), sig_buf, buflen, private_key._dsa_cdata
-    )
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(buflen[0])
-
-    return backend._ffi.buffer(sig_buf)[:buflen[0]]
-
-
-def _dsa_sig_verify(backend, public_key, signature, data):
-    # The first parameter passed to DSA_verify is unused by OpenSSL but
-    # must be an integer.
-    res = backend._lib.DSA_verify(
-        0, data, len(data), signature, len(signature), public_key._dsa_cdata
-    )
-
-    if res != 1:
-        backend._consume_errors()
-        raise InvalidSignature
-
-
-@utils.register_interface(AsymmetricVerificationContext)
-class _DSAVerificationContext(object):
-    def __init__(self, backend, public_key, signature, algorithm):
-        self._backend = backend
-        self._public_key = public_key
-        self._signature = signature
-        self._algorithm = algorithm
-
-        self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
-    def update(self, data):
-        self._hash_ctx.update(data)
-
-    def verify(self):
-        data_to_verify = self._hash_ctx.finalize()
-
-        _dsa_sig_verify(
-            self._backend, self._public_key, self._signature, data_to_verify
-        )
-
-
-@utils.register_interface(AsymmetricSignatureContext)
-class _DSASignatureContext(object):
-    def __init__(self, backend, private_key, algorithm):
-        self._backend = backend
-        self._private_key = private_key
-        self._algorithm = algorithm
-        self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
-    def update(self, data):
-        self._hash_ctx.update(data)
-
-    def finalize(self):
-        data_to_sign = self._hash_ctx.finalize()
-        return _dsa_sig_sign(self._backend, self._private_key, data_to_sign)
-
-
-@utils.register_interface(dsa.DSAParametersWithNumbers)
-class _DSAParameters(object):
-    def __init__(self, backend, dsa_cdata):
-        self._backend = backend
-        self._dsa_cdata = dsa_cdata
-
-    def parameter_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(q[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        return dsa.DSAParameterNumbers(
-            p=self._backend._bn_to_int(p[0]),
-            q=self._backend._bn_to_int(q[0]),
-            g=self._backend._bn_to_int(g[0])
-        )
-
-    def generate_private_key(self):
-        return self._backend.generate_dsa_private_key(self)
-
-
-@utils.register_interface(dsa.DSAPrivateKeyWithSerialization)
-class _DSAPrivateKey(object):
-    def __init__(self, backend, dsa_cdata, evp_pkey):
-        self._backend = backend
-        self._dsa_cdata = dsa_cdata
-        self._evp_pkey = evp_pkey
-
-        p = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_pqg(
-            dsa_cdata, p, self._backend._ffi.NULL, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(p[0] != backend._ffi.NULL)
-        self._key_size = self._backend._lib.BN_num_bits(p[0])
-
-    key_size = utils.read_only_property("_key_size")
-
-    def signer(self, signature_algorithm):
-        _warn_sign_verify_deprecated()
-        _check_not_prehashed(signature_algorithm)
-        return _DSASignatureContext(self._backend, self, signature_algorithm)
-
-    def private_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        priv_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(q[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        self._backend._lib.DSA_get0_key(self._dsa_cdata, pub_key, priv_key)
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(priv_key[0] != self._backend._ffi.NULL)
-        return dsa.DSAPrivateNumbers(
-            public_numbers=dsa.DSAPublicNumbers(
-                parameter_numbers=dsa.DSAParameterNumbers(
-                    p=self._backend._bn_to_int(p[0]),
-                    q=self._backend._bn_to_int(q[0]),
-                    g=self._backend._bn_to_int(g[0])
-                ),
-                y=self._backend._bn_to_int(pub_key[0])
-            ),
-            x=self._backend._bn_to_int(priv_key[0])
-        )
-
-    def public_key(self):
-        dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata)
-        self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL)
-        dsa_cdata = self._backend._ffi.gc(
-            dsa_cdata, self._backend._lib.DSA_free
-        )
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_key(
-            self._dsa_cdata, pub_key, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        pub_key_dup = self._backend._lib.BN_dup(pub_key[0])
-        res = self._backend._lib.DSA_set0_key(
-            dsa_cdata, pub_key_dup, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(res == 1)
-        evp_pkey = self._backend._dsa_cdata_to_evp_pkey(dsa_cdata)
-        return _DSAPublicKey(self._backend, dsa_cdata, evp_pkey)
-
-    def parameters(self):
-        dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata)
-        self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL)
-        dsa_cdata = self._backend._ffi.gc(
-            dsa_cdata, self._backend._lib.DSA_free
-        )
-        return _DSAParameters(self._backend, dsa_cdata)
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        return self._backend._private_key_bytes(
-            encoding,
-            format,
-            encryption_algorithm,
-            self._evp_pkey,
-            self._dsa_cdata
-        )
-
-    def sign(self, data, algorithm):
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, algorithm
-        )
-        return _dsa_sig_sign(self._backend, self, data)
-
-
-@utils.register_interface(dsa.DSAPublicKeyWithSerialization)
-class _DSAPublicKey(object):
-    def __init__(self, backend, dsa_cdata, evp_pkey):
-        self._backend = backend
-        self._dsa_cdata = dsa_cdata
-        self._evp_pkey = evp_pkey
-        p = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_pqg(
-            dsa_cdata, p, self._backend._ffi.NULL, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(p[0] != backend._ffi.NULL)
-        self._key_size = self._backend._lib.BN_num_bits(p[0])
-
-    key_size = utils.read_only_property("_key_size")
-
-    def verifier(self, signature, signature_algorithm):
-        _warn_sign_verify_deprecated()
-        utils._check_bytes("signature", signature)
-
-        _check_not_prehashed(signature_algorithm)
-        return _DSAVerificationContext(
-            self._backend, self, signature, signature_algorithm
-        )
-
-    def public_numbers(self):
-        p = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        g = self._backend._ffi.new("BIGNUM **")
-        pub_key = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(q[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(g[0] != self._backend._ffi.NULL)
-        self._backend._lib.DSA_get0_key(
-            self._dsa_cdata, pub_key, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
-        return dsa.DSAPublicNumbers(
-            parameter_numbers=dsa.DSAParameterNumbers(
-                p=self._backend._bn_to_int(p[0]),
-                q=self._backend._bn_to_int(q[0]),
-                g=self._backend._bn_to_int(g[0])
-            ),
-            y=self._backend._bn_to_int(pub_key[0])
-        )
-
-    def parameters(self):
-        dsa_cdata = self._backend._lib.DSAparams_dup(self._dsa_cdata)
-        dsa_cdata = self._backend._ffi.gc(
-            dsa_cdata, self._backend._lib.DSA_free
-        )
-        return _DSAParameters(self._backend, dsa_cdata)
-
-    def public_bytes(self, encoding, format):
-        if format is serialization.PublicFormat.PKCS1:
-            raise ValueError(
-                "DSA public keys do not support PKCS1 serialization"
-            )
-
-        return self._backend._public_key_bytes(
-            encoding,
-            format,
-            self,
-            self._evp_pkey,
-            None
-        )
-
-    def verify(self, signature, data, algorithm):
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, algorithm
-        )
-        return _dsa_sig_verify(self._backend, self, signature, data)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ec.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ec.py
@@ -1,340 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-from cryptography.exceptions import (
-    InvalidSignature, UnsupportedAlgorithm, _Reasons
-)
-from cryptography.hazmat.backends.openssl.utils import (
-    _calculate_digest_and_algorithm, _check_not_prehashed,
-    _warn_sign_verify_deprecated
-)
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import (
-    AsymmetricSignatureContext, AsymmetricVerificationContext, ec
-)
-
-
-def _check_signature_algorithm(signature_algorithm):
-    if not isinstance(signature_algorithm, ec.ECDSA):
-        raise UnsupportedAlgorithm(
-            "Unsupported elliptic curve signature algorithm.",
-            _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
-
-
-def _ec_key_curve_sn(backend, ec_key):
-    group = backend._lib.EC_KEY_get0_group(ec_key)
-    backend.openssl_assert(group != backend._ffi.NULL)
-
-    nid = backend._lib.EC_GROUP_get_curve_name(group)
-    # The following check is to find EC keys with unnamed curves and raise
-    # an error for now.
-    if nid == backend._lib.NID_undef:
-        raise NotImplementedError(
-            "ECDSA certificates with unnamed curves are unsupported "
-            "at this time"
-        )
-
-    curve_name = backend._lib.OBJ_nid2sn(nid)
-    backend.openssl_assert(curve_name != backend._ffi.NULL)
-
-    sn = backend._ffi.string(curve_name).decode('ascii')
-    return sn
-
-
-def _mark_asn1_named_ec_curve(backend, ec_cdata):
-    """
-    Set the named curve flag on the EC_KEY. This causes OpenSSL to
-    serialize EC keys along with their curve OID which makes
-    deserialization easier.
-    """
-
-    backend._lib.EC_KEY_set_asn1_flag(
-        ec_cdata, backend._lib.OPENSSL_EC_NAMED_CURVE
-    )
-
-
-def _sn_to_elliptic_curve(backend, sn):
-    try:
-        return ec._CURVE_TYPES[sn]()
-    except KeyError:
-        raise UnsupportedAlgorithm(
-            "{} is not a supported elliptic curve".format(sn),
-            _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
-        )
-
-
-def _ecdsa_sig_sign(backend, private_key, data):
-    max_size = backend._lib.ECDSA_size(private_key._ec_key)
-    backend.openssl_assert(max_size > 0)
-
-    sigbuf = backend._ffi.new("unsigned char[]", max_size)
-    siglen_ptr = backend._ffi.new("unsigned int[]", 1)
-    res = backend._lib.ECDSA_sign(
-        0, data, len(data), sigbuf, siglen_ptr, private_key._ec_key
-    )
-    backend.openssl_assert(res == 1)
-    return backend._ffi.buffer(sigbuf)[:siglen_ptr[0]]
-
-
-def _ecdsa_sig_verify(backend, public_key, signature, data):
-    res = backend._lib.ECDSA_verify(
-        0, data, len(data), signature, len(signature), public_key._ec_key
-    )
-    if res != 1:
-        backend._consume_errors()
-        raise InvalidSignature
-
-
-@utils.register_interface(AsymmetricSignatureContext)
-class _ECDSASignatureContext(object):
-    def __init__(self, backend, private_key, algorithm):
-        self._backend = backend
-        self._private_key = private_key
-        self._digest = hashes.Hash(algorithm, backend)
-
-    def update(self, data):
-        self._digest.update(data)
-
-    def finalize(self):
-        digest = self._digest.finalize()
-
-        return _ecdsa_sig_sign(self._backend, self._private_key, digest)
-
-
-@utils.register_interface(AsymmetricVerificationContext)
-class _ECDSAVerificationContext(object):
-    def __init__(self, backend, public_key, signature, algorithm):
-        self._backend = backend
-        self._public_key = public_key
-        self._signature = signature
-        self._digest = hashes.Hash(algorithm, backend)
-
-    def update(self, data):
-        self._digest.update(data)
-
-    def verify(self):
-        digest = self._digest.finalize()
-        _ecdsa_sig_verify(
-            self._backend, self._public_key, self._signature, digest
-        )
-
-
-@utils.register_interface(ec.EllipticCurvePrivateKeyWithSerialization)
-class _EllipticCurvePrivateKey(object):
-    def __init__(self, backend, ec_key_cdata, evp_pkey):
-        self._backend = backend
-        _mark_asn1_named_ec_curve(backend, ec_key_cdata)
-        self._ec_key = ec_key_cdata
-        self._evp_pkey = evp_pkey
-
-        sn = _ec_key_curve_sn(backend, ec_key_cdata)
-        self._curve = _sn_to_elliptic_curve(backend, sn)
-
-    curve = utils.read_only_property("_curve")
-
-    @property
-    def key_size(self):
-        return self.curve.key_size
-
-    def signer(self, signature_algorithm):
-        _warn_sign_verify_deprecated()
-        _check_signature_algorithm(signature_algorithm)
-        _check_not_prehashed(signature_algorithm.algorithm)
-        return _ECDSASignatureContext(
-            self._backend, self, signature_algorithm.algorithm
-        )
-
-    def exchange(self, algorithm, peer_public_key):
-        if not (
-            self._backend.elliptic_curve_exchange_algorithm_supported(
-                algorithm, self.curve
-            )
-        ):
-            raise UnsupportedAlgorithm(
-                "This backend does not support the ECDH algorithm.",
-                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
-            )
-
-        if peer_public_key.curve.name != self.curve.name:
-            raise ValueError(
-                "peer_public_key and self are not on the same curve"
-            )
-
-        group = self._backend._lib.EC_KEY_get0_group(self._ec_key)
-        z_len = (self._backend._lib.EC_GROUP_get_degree(group) + 7) // 8
-        self._backend.openssl_assert(z_len > 0)
-        z_buf = self._backend._ffi.new("uint8_t[]", z_len)
-        peer_key = self._backend._lib.EC_KEY_get0_public_key(
-            peer_public_key._ec_key
-        )
-
-        r = self._backend._lib.ECDH_compute_key(
-            z_buf, z_len, peer_key, self._ec_key, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(r > 0)
-        return self._backend._ffi.buffer(z_buf)[:z_len]
-
-    def public_key(self):
-        group = self._backend._lib.EC_KEY_get0_group(self._ec_key)
-        self._backend.openssl_assert(group != self._backend._ffi.NULL)
-
-        curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group)
-
-        public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid)
-        self._backend.openssl_assert(public_ec_key != self._backend._ffi.NULL)
-        public_ec_key = self._backend._ffi.gc(
-            public_ec_key, self._backend._lib.EC_KEY_free
-        )
-
-        point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
-        self._backend.openssl_assert(point != self._backend._ffi.NULL)
-
-        res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point)
-        self._backend.openssl_assert(res == 1)
-
-        evp_pkey = self._backend._ec_cdata_to_evp_pkey(public_ec_key)
-
-        return _EllipticCurvePublicKey(self._backend, public_ec_key, evp_pkey)
-
-    def private_numbers(self):
-        bn = self._backend._lib.EC_KEY_get0_private_key(self._ec_key)
-        private_value = self._backend._bn_to_int(bn)
-        return ec.EllipticCurvePrivateNumbers(
-            private_value=private_value,
-            public_numbers=self.public_key().public_numbers()
-        )
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        return self._backend._private_key_bytes(
-            encoding,
-            format,
-            encryption_algorithm,
-            self._evp_pkey,
-            self._ec_key
-        )
-
-    def sign(self, data, signature_algorithm):
-        _check_signature_algorithm(signature_algorithm)
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, signature_algorithm._algorithm
-        )
-        return _ecdsa_sig_sign(self._backend, self, data)
-
-
-@utils.register_interface(ec.EllipticCurvePublicKeyWithSerialization)
-class _EllipticCurvePublicKey(object):
-    def __init__(self, backend, ec_key_cdata, evp_pkey):
-        self._backend = backend
-        _mark_asn1_named_ec_curve(backend, ec_key_cdata)
-        self._ec_key = ec_key_cdata
-        self._evp_pkey = evp_pkey
-
-        sn = _ec_key_curve_sn(backend, ec_key_cdata)
-        self._curve = _sn_to_elliptic_curve(backend, sn)
-
-    curve = utils.read_only_property("_curve")
-
-    @property
-    def key_size(self):
-        return self.curve.key_size
-
-    def verifier(self, signature, signature_algorithm):
-        _warn_sign_verify_deprecated()
-        utils._check_bytes("signature", signature)
-
-        _check_signature_algorithm(signature_algorithm)
-        _check_not_prehashed(signature_algorithm.algorithm)
-        return _ECDSAVerificationContext(
-            self._backend, self, signature, signature_algorithm.algorithm
-        )
-
-    def public_numbers(self):
-        get_func, group = (
-            self._backend._ec_key_determine_group_get_func(self._ec_key)
-        )
-        point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
-        self._backend.openssl_assert(point != self._backend._ffi.NULL)
-
-        with self._backend._tmp_bn_ctx() as bn_ctx:
-            bn_x = self._backend._lib.BN_CTX_get(bn_ctx)
-            bn_y = self._backend._lib.BN_CTX_get(bn_ctx)
-
-            res = get_func(group, point, bn_x, bn_y, bn_ctx)
-            self._backend.openssl_assert(res == 1)
-
-            x = self._backend._bn_to_int(bn_x)
-            y = self._backend._bn_to_int(bn_y)
-
-        return ec.EllipticCurvePublicNumbers(
-            x=x,
-            y=y,
-            curve=self._curve
-        )
-
-    def _encode_point(self, format):
-        if format is serialization.PublicFormat.CompressedPoint:
-            conversion = self._backend._lib.POINT_CONVERSION_COMPRESSED
-        else:
-            assert format is serialization.PublicFormat.UncompressedPoint
-            conversion = self._backend._lib.POINT_CONVERSION_UNCOMPRESSED
-
-        group = self._backend._lib.EC_KEY_get0_group(self._ec_key)
-        self._backend.openssl_assert(group != self._backend._ffi.NULL)
-        point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
-        self._backend.openssl_assert(point != self._backend._ffi.NULL)
-        with self._backend._tmp_bn_ctx() as bn_ctx:
-            buflen = self._backend._lib.EC_POINT_point2oct(
-                group, point, conversion, self._backend._ffi.NULL, 0, bn_ctx
-            )
-            self._backend.openssl_assert(buflen > 0)
-            buf = self._backend._ffi.new("char[]", buflen)
-            res = self._backend._lib.EC_POINT_point2oct(
-                group, point, conversion, buf, buflen, bn_ctx
-            )
-            self._backend.openssl_assert(buflen == res)
-
-        return self._backend._ffi.buffer(buf)[:]
-
-    def public_bytes(self, encoding, format):
-        if format is serialization.PublicFormat.PKCS1:
-            raise ValueError(
-                "EC public keys do not support PKCS1 serialization"
-            )
-
-        if (
-            encoding is serialization.Encoding.X962 or
-            format is serialization.PublicFormat.CompressedPoint or
-            format is serialization.PublicFormat.UncompressedPoint
-        ):
-            if (
-                encoding is not serialization.Encoding.X962 or
-                format not in (
-                    serialization.PublicFormat.CompressedPoint,
-                    serialization.PublicFormat.UncompressedPoint
-                )
-            ):
-                raise ValueError(
-                    "X962 encoding must be used with CompressedPoint or "
-                    "UncompressedPoint format"
-                )
-
-            return self._encode_point(format)
-        else:
-            return self._backend._public_key_bytes(
-                encoding,
-                format,
-                self,
-                self._evp_pkey,
-                None
-            )
-
-    def verify(self, signature, data, signature_algorithm):
-        _check_signature_algorithm(signature_algorithm)
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, signature_algorithm._algorithm
-        )
-        _ecdsa_sig_verify(self._backend, self, signature, data)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed25519.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed25519.py
@@ -1,151 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import exceptions, utils
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric.ed25519 import (
-    Ed25519PrivateKey, Ed25519PublicKey, _ED25519_KEY_SIZE, _ED25519_SIG_SIZE
-)
-
-
-@utils.register_interface(Ed25519PublicKey)
-class _Ed25519PublicKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_bytes(self, encoding, format):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                encoding is not serialization.Encoding.Raw or
-                format is not serialization.PublicFormat.Raw
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw"
-                )
-
-            return self._raw_public_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PublicFormat.SubjectPublicKeyInfo
-        ):
-            raise ValueError(
-                "format must be SubjectPublicKeyInfo when encoding is PEM or "
-                "DER"
-            )
-
-        return self._backend._public_key_bytes(
-            encoding, format, self, self._evp_pkey, None
-        )
-
-    def _raw_public_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _ED25519_KEY_SIZE)[:]
-
-    def verify(self, signature, data):
-        evp_md_ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
-        evp_md_ctx = self._backend._ffi.gc(
-            evp_md_ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_DigestVerifyInit(
-            evp_md_ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._evp_pkey
-        )
-        self._backend.openssl_assert(res == 1)
-        res = self._backend._lib.EVP_DigestVerify(
-            evp_md_ctx, signature, len(signature), data, len(data)
-        )
-        if res != 1:
-            self._backend._consume_errors()
-            raise exceptions.InvalidSignature
-
-
-@utils.register_interface(Ed25519PrivateKey)
-class _Ed25519PrivateKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_key(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE)
-        public_bytes = self._backend._ffi.buffer(buf)[:]
-        return self._backend.ed25519_load_public_bytes(public_bytes)
-
-    def sign(self, data):
-        evp_md_ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
-        evp_md_ctx = self._backend._ffi.gc(
-            evp_md_ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_DigestSignInit(
-            evp_md_ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._evp_pkey
-        )
-        self._backend.openssl_assert(res == 1)
-        buf = self._backend._ffi.new("unsigned char[]", _ED25519_SIG_SIZE)
-        buflen = self._backend._ffi.new("size_t *", len(buf))
-        res = self._backend._lib.EVP_DigestSign(
-            evp_md_ctx, buf, buflen, data, len(data)
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED25519_SIG_SIZE)
-        return self._backend._ffi.buffer(buf, buflen[0])[:]
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                format is not serialization.PrivateFormat.Raw or
-                encoding is not serialization.Encoding.Raw or not
-                isinstance(encryption_algorithm, serialization.NoEncryption)
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw "
-                    "and encryption_algorithm must be NoEncryption"
-                )
-
-            return self._raw_private_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PrivateFormat.PKCS8
-        ):
-            raise ValueError(
-                "format must be PKCS8 when encoding is PEM or DER"
-            )
-
-        return self._backend._private_key_bytes(
-            encoding, format, encryption_algorithm, self._evp_pkey, None
-        )
-
-    def _raw_private_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED25519_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED25519_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_private_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED25519_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _ED25519_KEY_SIZE)[:]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed448.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ed448.py
@@ -1,154 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import exceptions, utils
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric.ed448 import (
-    Ed448PrivateKey, Ed448PublicKey
-)
-
-_ED448_KEY_SIZE = 57
-_ED448_SIG_SIZE = 114
-
-
-@utils.register_interface(Ed448PublicKey)
-class _Ed448PublicKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_bytes(self, encoding, format):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                encoding is not serialization.Encoding.Raw or
-                format is not serialization.PublicFormat.Raw
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw"
-                )
-
-            return self._raw_public_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PublicFormat.SubjectPublicKeyInfo
-        ):
-            raise ValueError(
-                "format must be SubjectPublicKeyInfo when encoding is PEM or "
-                "DER"
-            )
-
-        return self._backend._public_key_bytes(
-            encoding, format, self, self._evp_pkey, None
-        )
-
-    def _raw_public_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]
-
-    def verify(self, signature, data):
-        evp_md_ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
-        evp_md_ctx = self._backend._ffi.gc(
-            evp_md_ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_DigestVerifyInit(
-            evp_md_ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._evp_pkey
-        )
-        self._backend.openssl_assert(res == 1)
-        res = self._backend._lib.EVP_DigestVerify(
-            evp_md_ctx, signature, len(signature), data, len(data)
-        )
-        if res != 1:
-            self._backend._consume_errors()
-            raise exceptions.InvalidSignature
-
-
-@utils.register_interface(Ed448PrivateKey)
-class _Ed448PrivateKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_key(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
-        public_bytes = self._backend._ffi.buffer(buf)[:]
-        return self._backend.ed448_load_public_bytes(public_bytes)
-
-    def sign(self, data):
-        evp_md_ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
-        evp_md_ctx = self._backend._ffi.gc(
-            evp_md_ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_DigestSignInit(
-            evp_md_ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._evp_pkey
-        )
-        self._backend.openssl_assert(res == 1)
-        buf = self._backend._ffi.new("unsigned char[]", _ED448_SIG_SIZE)
-        buflen = self._backend._ffi.new("size_t *", len(buf))
-        res = self._backend._lib.EVP_DigestSign(
-            evp_md_ctx, buf, buflen, data, len(data)
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED448_SIG_SIZE)
-        return self._backend._ffi.buffer(buf, buflen[0])[:]
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                format is not serialization.PrivateFormat.Raw or
-                encoding is not serialization.Encoding.Raw or not
-                isinstance(encryption_algorithm, serialization.NoEncryption)
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw "
-                    "and encryption_algorithm must be NoEncryption"
-                )
-
-            return self._raw_private_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PrivateFormat.PKCS8
-        ):
-            raise ValueError(
-                "format must be PKCS8 when encoding is PEM or DER"
-            )
-
-        return self._backend._private_key_bytes(
-            encoding, format, encryption_algorithm, self._evp_pkey, None
-        )
-
-    def _raw_private_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_private_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/encode_asn1.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -1,657 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import calendar
-import ipaddress
-
-import six
-
-from cryptography import utils, x509
-from cryptography.hazmat.backends.openssl.decode_asn1 import (
-    _CRL_ENTRY_REASON_ENUM_TO_CODE, _DISTPOINT_TYPE_FULLNAME,
-    _DISTPOINT_TYPE_RELATIVENAME
-)
-from cryptography.x509.name import _ASN1Type
-from cryptography.x509.oid import (
-    CRLEntryExtensionOID, ExtensionOID, OCSPExtensionOID,
-)
-
-
-def _encode_asn1_int(backend, x):
-    """
-    Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER
-    will not be garbage collected (to support adding them to structs that take
-    ownership of the object). Be sure to register it for GC if it will be
-    discarded after use.
-
-    """
-    # Convert Python integer to OpenSSL "bignum" in case value exceeds
-    # machine's native integer limits (note: `int_to_bn` doesn't automatically
-    # GC).
-    i = backend._int_to_bn(x)
-    i = backend._ffi.gc(i, backend._lib.BN_free)
-
-    # Wrap in an ASN.1 integer.  Don't GC -- as documented.
-    i = backend._lib.BN_to_ASN1_INTEGER(i, backend._ffi.NULL)
-    backend.openssl_assert(i != backend._ffi.NULL)
-    return i
-
-
-def _encode_asn1_int_gc(backend, x):
-    i = _encode_asn1_int(backend, x)
-    i = backend._ffi.gc(i, backend._lib.ASN1_INTEGER_free)
-    return i
-
-
-def _encode_asn1_str(backend, data):
-    """
-    Create an ASN1_OCTET_STRING from a Python byte string.
-    """
-    s = backend._lib.ASN1_OCTET_STRING_new()
-    res = backend._lib.ASN1_OCTET_STRING_set(s, data, len(data))
-    backend.openssl_assert(res == 1)
-    return s
-
-
-def _encode_asn1_utf8_str(backend, string):
-    """
-    Create an ASN1_UTF8STRING from a Python unicode string.
-    This object will be an ASN1_STRING with UTF8 type in OpenSSL and
-    can be decoded with ASN1_STRING_to_UTF8.
-    """
-    s = backend._lib.ASN1_UTF8STRING_new()
-    res = backend._lib.ASN1_STRING_set(
-        s, string.encode("utf8"), len(string.encode("utf8"))
-    )
-    backend.openssl_assert(res == 1)
-    return s
-
-
-def _encode_asn1_str_gc(backend, data):
-    s = _encode_asn1_str(backend, data)
-    s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free)
-    return s
-
-
-def _encode_inhibit_any_policy(backend, inhibit_any_policy):
-    return _encode_asn1_int_gc(backend, inhibit_any_policy.skip_certs)
-
-
-def _encode_name(backend, name):
-    """
-    The X509_NAME created will not be gc'd. Use _encode_name_gc if needed.
-    """
-    subject = backend._lib.X509_NAME_new()
-    for rdn in name.rdns:
-        set_flag = 0  # indicate whether to add to last RDN or create new RDN
-        for attribute in rdn:
-            name_entry = _encode_name_entry(backend, attribute)
-            # X509_NAME_add_entry dups the object so we need to gc this copy
-            name_entry = backend._ffi.gc(
-                name_entry, backend._lib.X509_NAME_ENTRY_free
-            )
-            res = backend._lib.X509_NAME_add_entry(
-                subject, name_entry, -1, set_flag)
-            backend.openssl_assert(res == 1)
-            set_flag = -1
-    return subject
-
-
-def _encode_name_gc(backend, attributes):
-    subject = _encode_name(backend, attributes)
-    subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free)
-    return subject
-
-
-def _encode_sk_name_entry(backend, attributes):
-    """
-    The sk_X509_NAME_ENTRY created will not be gc'd.
-    """
-    stack = backend._lib.sk_X509_NAME_ENTRY_new_null()
-    for attribute in attributes:
-        name_entry = _encode_name_entry(backend, attribute)
-        res = backend._lib.sk_X509_NAME_ENTRY_push(stack, name_entry)
-        backend.openssl_assert(res >= 1)
-    return stack
-
-
-def _encode_name_entry(backend, attribute):
-    if attribute._type is _ASN1Type.BMPString:
-        value = attribute.value.encode('utf_16_be')
-    else:
-        value = attribute.value.encode('utf8')
-
-    obj = _txt2obj_gc(backend, attribute.oid.dotted_string)
-
-    name_entry = backend._lib.X509_NAME_ENTRY_create_by_OBJ(
-        backend._ffi.NULL, obj, attribute._type.value, value, len(value)
-    )
-    return name_entry
-
-
-def _encode_crl_number_delta_crl_indicator(backend, ext):
-    return _encode_asn1_int_gc(backend, ext.crl_number)
-
-
-def _encode_issuing_dist_point(backend, ext):
-    idp = backend._lib.ISSUING_DIST_POINT_new()
-    backend.openssl_assert(idp != backend._ffi.NULL)
-    idp = backend._ffi.gc(idp, backend._lib.ISSUING_DIST_POINT_free)
-    idp.onlyuser = 255 if ext.only_contains_user_certs else 0
-    idp.onlyCA = 255 if ext.only_contains_ca_certs else 0
-    idp.indirectCRL = 255 if ext.indirect_crl else 0
-    idp.onlyattr = 255 if ext.only_contains_attribute_certs else 0
-    if ext.only_some_reasons:
-        idp.onlysomereasons = _encode_reasonflags(
-            backend, ext.only_some_reasons
-        )
-
-    if ext.full_name:
-        idp.distpoint = _encode_full_name(backend, ext.full_name)
-
-    if ext.relative_name:
-        idp.distpoint = _encode_relative_name(backend, ext.relative_name)
-
-    return idp
-
-
-def _encode_crl_reason(backend, crl_reason):
-    asn1enum = backend._lib.ASN1_ENUMERATED_new()
-    backend.openssl_assert(asn1enum != backend._ffi.NULL)
-    asn1enum = backend._ffi.gc(asn1enum, backend._lib.ASN1_ENUMERATED_free)
-    res = backend._lib.ASN1_ENUMERATED_set(
-        asn1enum, _CRL_ENTRY_REASON_ENUM_TO_CODE[crl_reason.reason]
-    )
-    backend.openssl_assert(res == 1)
-
-    return asn1enum
-
-
-def _encode_invalidity_date(backend, invalidity_date):
-    time = backend._lib.ASN1_GENERALIZEDTIME_set(
-        backend._ffi.NULL, calendar.timegm(
-            invalidity_date.invalidity_date.timetuple()
-        )
-    )
-    backend.openssl_assert(time != backend._ffi.NULL)
-    time = backend._ffi.gc(time, backend._lib.ASN1_GENERALIZEDTIME_free)
-
-    return time
-
-
-def _encode_certificate_policies(backend, certificate_policies):
-    cp = backend._lib.sk_POLICYINFO_new_null()
-    backend.openssl_assert(cp != backend._ffi.NULL)
-    cp = backend._ffi.gc(cp, backend._lib.sk_POLICYINFO_free)
-    for policy_info in certificate_policies:
-        pi = backend._lib.POLICYINFO_new()
-        backend.openssl_assert(pi != backend._ffi.NULL)
-        res = backend._lib.sk_POLICYINFO_push(cp, pi)
-        backend.openssl_assert(res >= 1)
-        oid = _txt2obj(backend, policy_info.policy_identifier.dotted_string)
-        pi.policyid = oid
-        if policy_info.policy_qualifiers:
-            pqis = backend._lib.sk_POLICYQUALINFO_new_null()
-            backend.openssl_assert(pqis != backend._ffi.NULL)
-            for qualifier in policy_info.policy_qualifiers:
-                pqi = backend._lib.POLICYQUALINFO_new()
-                backend.openssl_assert(pqi != backend._ffi.NULL)
-                res = backend._lib.sk_POLICYQUALINFO_push(pqis, pqi)
-                backend.openssl_assert(res >= 1)
-                if isinstance(qualifier, six.text_type):
-                    pqi.pqualid = _txt2obj(
-                        backend, x509.OID_CPS_QUALIFIER.dotted_string
-                    )
-                    pqi.d.cpsuri = _encode_asn1_str(
-                        backend,
-                        qualifier.encode("ascii"),
-                    )
-                else:
-                    assert isinstance(qualifier, x509.UserNotice)
-                    pqi.pqualid = _txt2obj(
-                        backend, x509.OID_CPS_USER_NOTICE.dotted_string
-                    )
-                    un = backend._lib.USERNOTICE_new()
-                    backend.openssl_assert(un != backend._ffi.NULL)
-                    pqi.d.usernotice = un
-                    if qualifier.explicit_text:
-                        un.exptext = _encode_asn1_utf8_str(
-                            backend, qualifier.explicit_text
-                        )
-
-                    un.noticeref = _encode_notice_reference(
-                        backend, qualifier.notice_reference
-                    )
-
-            pi.qualifiers = pqis
-
-    return cp
-
-
-def _encode_notice_reference(backend, notice):
-    if notice is None:
-        return backend._ffi.NULL
-    else:
-        nr = backend._lib.NOTICEREF_new()
-        backend.openssl_assert(nr != backend._ffi.NULL)
-        # organization is a required field
-        nr.organization = _encode_asn1_utf8_str(backend, notice.organization)
-
-        notice_stack = backend._lib.sk_ASN1_INTEGER_new_null()
-        nr.noticenos = notice_stack
-        for number in notice.notice_numbers:
-            num = _encode_asn1_int(backend, number)
-            res = backend._lib.sk_ASN1_INTEGER_push(notice_stack, num)
-            backend.openssl_assert(res >= 1)
-
-        return nr
-
-
-def _txt2obj(backend, name):
-    """
-    Converts a Python string with an ASN.1 object ID in dotted form to a
-    ASN1_OBJECT.
-    """
-    name = name.encode('ascii')
-    obj = backend._lib.OBJ_txt2obj(name, 1)
-    backend.openssl_assert(obj != backend._ffi.NULL)
-    return obj
-
-
-def _txt2obj_gc(backend, name):
-    obj = _txt2obj(backend, name)
-    obj = backend._ffi.gc(obj, backend._lib.ASN1_OBJECT_free)
-    return obj
-
-
-def _encode_ocsp_nocheck(backend, ext):
-    # Doesn't need to be GC'd
-    return backend._lib.ASN1_NULL_new()
-
-
-def _encode_key_usage(backend, key_usage):
-    set_bit = backend._lib.ASN1_BIT_STRING_set_bit
-    ku = backend._lib.ASN1_BIT_STRING_new()
-    ku = backend._ffi.gc(ku, backend._lib.ASN1_BIT_STRING_free)
-    res = set_bit(ku, 0, key_usage.digital_signature)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 1, key_usage.content_commitment)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 2, key_usage.key_encipherment)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 3, key_usage.data_encipherment)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 4, key_usage.key_agreement)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 5, key_usage.key_cert_sign)
-    backend.openssl_assert(res == 1)
-    res = set_bit(ku, 6, key_usage.crl_sign)
-    backend.openssl_assert(res == 1)
-    if key_usage.key_agreement:
-        res = set_bit(ku, 7, key_usage.encipher_only)
-        backend.openssl_assert(res == 1)
-        res = set_bit(ku, 8, key_usage.decipher_only)
-        backend.openssl_assert(res == 1)
-    else:
-        res = set_bit(ku, 7, 0)
-        backend.openssl_assert(res == 1)
-        res = set_bit(ku, 8, 0)
-        backend.openssl_assert(res == 1)
-
-    return ku
-
-
-def _encode_authority_key_identifier(backend, authority_keyid):
-    akid = backend._lib.AUTHORITY_KEYID_new()
-    backend.openssl_assert(akid != backend._ffi.NULL)
-    akid = backend._ffi.gc(akid, backend._lib.AUTHORITY_KEYID_free)
-    if authority_keyid.key_identifier is not None:
-        akid.keyid = _encode_asn1_str(
-            backend,
-            authority_keyid.key_identifier,
-        )
-
-    if authority_keyid.authority_cert_issuer is not None:
-        akid.issuer = _encode_general_names(
-            backend, authority_keyid.authority_cert_issuer
-        )
-
-    if authority_keyid.authority_cert_serial_number is not None:
-        akid.serial = _encode_asn1_int(
-            backend, authority_keyid.authority_cert_serial_number
-        )
-
-    return akid
-
-
-def _encode_basic_constraints(backend, basic_constraints):
-    constraints = backend._lib.BASIC_CONSTRAINTS_new()
-    constraints = backend._ffi.gc(
-        constraints, backend._lib.BASIC_CONSTRAINTS_free
-    )
-    constraints.ca = 255 if basic_constraints.ca else 0
-    if basic_constraints.ca and basic_constraints.path_length is not None:
-        constraints.pathlen = _encode_asn1_int(
-            backend, basic_constraints.path_length
-        )
-
-    return constraints
-
-
-def _encode_authority_information_access(backend, authority_info_access):
-    aia = backend._lib.sk_ACCESS_DESCRIPTION_new_null()
-    backend.openssl_assert(aia != backend._ffi.NULL)
-    aia = backend._ffi.gc(
-        aia,
-        lambda x: backend._lib.sk_ACCESS_DESCRIPTION_pop_free(
-            x, backend._ffi.addressof(
-                backend._lib._original_lib, "ACCESS_DESCRIPTION_free"
-            )
-        )
-    )
-    for access_description in authority_info_access:
-        ad = backend._lib.ACCESS_DESCRIPTION_new()
-        method = _txt2obj(
-            backend, access_description.access_method.dotted_string
-        )
-        _encode_general_name_preallocated(
-            backend, access_description.access_location, ad.location
-        )
-        ad.method = method
-        res = backend._lib.sk_ACCESS_DESCRIPTION_push(aia, ad)
-        backend.openssl_assert(res >= 1)
-
-    return aia
-
-
-def _encode_general_names(backend, names):
-    general_names = backend._lib.GENERAL_NAMES_new()
-    backend.openssl_assert(general_names != backend._ffi.NULL)
-    for name in names:
-        gn = _encode_general_name(backend, name)
-        res = backend._lib.sk_GENERAL_NAME_push(general_names, gn)
-        backend.openssl_assert(res != 0)
-
-    return general_names
-
-
-def _encode_alt_name(backend, san):
-    general_names = _encode_general_names(backend, san)
-    general_names = backend._ffi.gc(
-        general_names, backend._lib.GENERAL_NAMES_free
-    )
-    return general_names
-
-
-def _encode_subject_key_identifier(backend, ski):
-    return _encode_asn1_str_gc(backend, ski.digest)
-
-
-def _encode_general_name(backend, name):
-    gn = backend._lib.GENERAL_NAME_new()
-    _encode_general_name_preallocated(backend, name, gn)
-    return gn
-
-
-def _encode_general_name_preallocated(backend, name, gn):
-    if isinstance(name, x509.DNSName):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        gn.type = backend._lib.GEN_DNS
-
-        ia5 = backend._lib.ASN1_IA5STRING_new()
-        backend.openssl_assert(ia5 != backend._ffi.NULL)
-        # ia5strings are supposed to be ITU T.50 but to allow round-tripping
-        # of broken certs that encode utf8 we'll encode utf8 here too.
-        value = name.value.encode("utf8")
-
-        res = backend._lib.ASN1_STRING_set(ia5, value, len(value))
-        backend.openssl_assert(res == 1)
-        gn.d.dNSName = ia5
-    elif isinstance(name, x509.RegisteredID):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        gn.type = backend._lib.GEN_RID
-        obj = backend._lib.OBJ_txt2obj(
-            name.value.dotted_string.encode('ascii'), 1
-        )
-        backend.openssl_assert(obj != backend._ffi.NULL)
-        gn.d.registeredID = obj
-    elif isinstance(name, x509.DirectoryName):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        dir_name = _encode_name(backend, name.value)
-        gn.type = backend._lib.GEN_DIRNAME
-        gn.d.directoryName = dir_name
-    elif isinstance(name, x509.IPAddress):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        if isinstance(name.value, ipaddress.IPv4Network):
-            packed = (
-                name.value.network_address.packed +
-                utils.int_to_bytes(((1 << 32) - name.value.num_addresses), 4)
-            )
-        elif isinstance(name.value, ipaddress.IPv6Network):
-            packed = (
-                name.value.network_address.packed +
-                utils.int_to_bytes((1 << 128) - name.value.num_addresses, 16)
-            )
-        else:
-            packed = name.value.packed
-        ipaddr = _encode_asn1_str(backend, packed)
-        gn.type = backend._lib.GEN_IPADD
-        gn.d.iPAddress = ipaddr
-    elif isinstance(name, x509.OtherName):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        other_name = backend._lib.OTHERNAME_new()
-        backend.openssl_assert(other_name != backend._ffi.NULL)
-
-        type_id = backend._lib.OBJ_txt2obj(
-            name.type_id.dotted_string.encode('ascii'), 1
-        )
-        backend.openssl_assert(type_id != backend._ffi.NULL)
-        data = backend._ffi.new("unsigned char[]", name.value)
-        data_ptr_ptr = backend._ffi.new("unsigned char **")
-        data_ptr_ptr[0] = data
-        value = backend._lib.d2i_ASN1_TYPE(
-            backend._ffi.NULL, data_ptr_ptr, len(name.value)
-        )
-        if value == backend._ffi.NULL:
-            backend._consume_errors()
-            raise ValueError("Invalid ASN.1 data")
-        other_name.type_id = type_id
-        other_name.value = value
-        gn.type = backend._lib.GEN_OTHERNAME
-        gn.d.otherName = other_name
-    elif isinstance(name, x509.RFC822Name):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        # ia5strings are supposed to be ITU T.50 but to allow round-tripping
-        # of broken certs that encode utf8 we'll encode utf8 here too.
-        data = name.value.encode("utf8")
-        asn1_str = _encode_asn1_str(backend, data)
-        gn.type = backend._lib.GEN_EMAIL
-        gn.d.rfc822Name = asn1_str
-    elif isinstance(name, x509.UniformResourceIdentifier):
-        backend.openssl_assert(gn != backend._ffi.NULL)
-        # ia5strings are supposed to be ITU T.50 but to allow round-tripping
-        # of broken certs that encode utf8 we'll encode utf8 here too.
-        data = name.value.encode("utf8")
-        asn1_str = _encode_asn1_str(backend, data)
-        gn.type = backend._lib.GEN_URI
-        gn.d.uniformResourceIdentifier = asn1_str
-    else:
-        raise ValueError(
-            "{} is an unknown GeneralName type".format(name)
-        )
-
-
-def _encode_extended_key_usage(backend, extended_key_usage):
-    eku = backend._lib.sk_ASN1_OBJECT_new_null()
-    eku = backend._ffi.gc(eku, backend._lib.sk_ASN1_OBJECT_free)
-    for oid in extended_key_usage:
-        obj = _txt2obj(backend, oid.dotted_string)
-        res = backend._lib.sk_ASN1_OBJECT_push(eku, obj)
-        backend.openssl_assert(res >= 1)
-
-    return eku
-
-
-_CRLREASONFLAGS = {
-    x509.ReasonFlags.key_compromise: 1,
-    x509.ReasonFlags.ca_compromise: 2,
-    x509.ReasonFlags.affiliation_changed: 3,
-    x509.ReasonFlags.superseded: 4,
-    x509.ReasonFlags.cessation_of_operation: 5,
-    x509.ReasonFlags.certificate_hold: 6,
-    x509.ReasonFlags.privilege_withdrawn: 7,
-    x509.ReasonFlags.aa_compromise: 8,
-}
-
-
-def _encode_reasonflags(backend, reasons):
-    bitmask = backend._lib.ASN1_BIT_STRING_new()
-    backend.openssl_assert(bitmask != backend._ffi.NULL)
-    for reason in reasons:
-        res = backend._lib.ASN1_BIT_STRING_set_bit(
-            bitmask, _CRLREASONFLAGS[reason], 1
-        )
-        backend.openssl_assert(res == 1)
-
-    return bitmask
-
-
-def _encode_full_name(backend, full_name):
-    dpn = backend._lib.DIST_POINT_NAME_new()
-    backend.openssl_assert(dpn != backend._ffi.NULL)
-    dpn.type = _DISTPOINT_TYPE_FULLNAME
-    dpn.name.fullname = _encode_general_names(backend, full_name)
-    return dpn
-
-
-def _encode_relative_name(backend, relative_name):
-    dpn = backend._lib.DIST_POINT_NAME_new()
-    backend.openssl_assert(dpn != backend._ffi.NULL)
-    dpn.type = _DISTPOINT_TYPE_RELATIVENAME
-    dpn.name.relativename = _encode_sk_name_entry(backend, relative_name)
-    return dpn
-
-
-def _encode_cdps_freshest_crl(backend, cdps):
-    cdp = backend._lib.sk_DIST_POINT_new_null()
-    cdp = backend._ffi.gc(cdp, backend._lib.sk_DIST_POINT_free)
-    for point in cdps:
-        dp = backend._lib.DIST_POINT_new()
-        backend.openssl_assert(dp != backend._ffi.NULL)
-
-        if point.reasons:
-            dp.reasons = _encode_reasonflags(backend, point.reasons)
-
-        if point.full_name:
-            dp.distpoint = _encode_full_name(backend, point.full_name)
-
-        if point.relative_name:
-            dp.distpoint = _encode_relative_name(backend, point.relative_name)
-
-        if point.crl_issuer:
-            dp.CRLissuer = _encode_general_names(backend, point.crl_issuer)
-
-        res = backend._lib.sk_DIST_POINT_push(cdp, dp)
-        backend.openssl_assert(res >= 1)
-
-    return cdp
-
-
-def _encode_name_constraints(backend, name_constraints):
-    nc = backend._lib.NAME_CONSTRAINTS_new()
-    backend.openssl_assert(nc != backend._ffi.NULL)
-    nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free)
-    permitted = _encode_general_subtree(
-        backend, name_constraints.permitted_subtrees
-    )
-    nc.permittedSubtrees = permitted
-    excluded = _encode_general_subtree(
-        backend, name_constraints.excluded_subtrees
-    )
-    nc.excludedSubtrees = excluded
-
-    return nc
-
-
-def _encode_policy_constraints(backend, policy_constraints):
-    pc = backend._lib.POLICY_CONSTRAINTS_new()
-    backend.openssl_assert(pc != backend._ffi.NULL)
-    pc = backend._ffi.gc(pc, backend._lib.POLICY_CONSTRAINTS_free)
-    if policy_constraints.require_explicit_policy is not None:
-        pc.requireExplicitPolicy = _encode_asn1_int(
-            backend, policy_constraints.require_explicit_policy
-        )
-
-    if policy_constraints.inhibit_policy_mapping is not None:
-        pc.inhibitPolicyMapping = _encode_asn1_int(
-            backend, policy_constraints.inhibit_policy_mapping
-        )
-
-    return pc
-
-
-def _encode_general_subtree(backend, subtrees):
-    if subtrees is None:
-        return backend._ffi.NULL
-    else:
-        general_subtrees = backend._lib.sk_GENERAL_SUBTREE_new_null()
-        for name in subtrees:
-            gs = backend._lib.GENERAL_SUBTREE_new()
-            gs.base = _encode_general_name(backend, name)
-            res = backend._lib.sk_GENERAL_SUBTREE_push(general_subtrees, gs)
-            assert res >= 1
-
-        return general_subtrees
-
-
-def _encode_nonce(backend, nonce):
-    return _encode_asn1_str_gc(backend, nonce.nonce)
-
-
-_EXTENSION_ENCODE_HANDLERS = {
-    ExtensionOID.BASIC_CONSTRAINTS: _encode_basic_constraints,
-    ExtensionOID.SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier,
-    ExtensionOID.KEY_USAGE: _encode_key_usage,
-    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _encode_alt_name,
-    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _encode_alt_name,
-    ExtensionOID.EXTENDED_KEY_USAGE: _encode_extended_key_usage,
-    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier,
-    ExtensionOID.CERTIFICATE_POLICIES: _encode_certificate_policies,
-    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
-        _encode_authority_information_access
-    ),
-    ExtensionOID.CRL_DISTRIBUTION_POINTS: _encode_cdps_freshest_crl,
-    ExtensionOID.FRESHEST_CRL: _encode_cdps_freshest_crl,
-    ExtensionOID.INHIBIT_ANY_POLICY: _encode_inhibit_any_policy,
-    ExtensionOID.OCSP_NO_CHECK: _encode_ocsp_nocheck,
-    ExtensionOID.NAME_CONSTRAINTS: _encode_name_constraints,
-    ExtensionOID.POLICY_CONSTRAINTS: _encode_policy_constraints,
-}
-
-_CRL_EXTENSION_ENCODE_HANDLERS = {
-    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _encode_alt_name,
-    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier,
-    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
-        _encode_authority_information_access
-    ),
-    ExtensionOID.CRL_NUMBER: _encode_crl_number_delta_crl_indicator,
-    ExtensionOID.DELTA_CRL_INDICATOR: _encode_crl_number_delta_crl_indicator,
-    ExtensionOID.ISSUING_DISTRIBUTION_POINT: _encode_issuing_dist_point,
-}
-
-_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS = {
-    CRLEntryExtensionOID.CERTIFICATE_ISSUER: _encode_alt_name,
-    CRLEntryExtensionOID.CRL_REASON: _encode_crl_reason,
-    CRLEntryExtensionOID.INVALIDITY_DATE: _encode_invalidity_date,
-}
-
-_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERS = {
-    OCSPExtensionOID.NONCE: _encode_nonce,
-}
-
-_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERS = {
-    OCSPExtensionOID.NONCE: _encode_nonce,
-}
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hashes.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hashes.py
@@ -1,78 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import hashes
-
-
-@utils.register_interface(hashes.HashContext)
-class _HashContext(object):
-    def __init__(self, backend, algorithm, ctx=None):
-        self._algorithm = algorithm
-
-        self._backend = backend
-
-        if ctx is None:
-            ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-            ctx = self._backend._ffi.gc(
-                ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-            )
-            evp_md = self._backend._evp_md_from_algorithm(algorithm)
-            if evp_md == self._backend._ffi.NULL:
-                raise UnsupportedAlgorithm(
-                    "{} is not a supported hash on this backend.".format(
-                        algorithm.name),
-                    _Reasons.UNSUPPORTED_HASH
-                )
-            res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
-                                                       self._backend._ffi.NULL)
-            self._backend.openssl_assert(res != 0)
-
-        self._ctx = ctx
-
-    algorithm = utils.read_only_property("_algorithm")
-
-    def copy(self):
-        copied_ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        copied_ctx = self._backend._ffi.gc(
-            copied_ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_MD_CTX_copy_ex(copied_ctx, self._ctx)
-        self._backend.openssl_assert(res != 0)
-        return _HashContext(self._backend, self.algorithm, ctx=copied_ctx)
-
-    def update(self, data):
-        data_ptr = self._backend._ffi.from_buffer(data)
-        res = self._backend._lib.EVP_DigestUpdate(
-            self._ctx, data_ptr, len(data)
-        )
-        self._backend.openssl_assert(res != 0)
-
-    def finalize(self):
-        if isinstance(self.algorithm, hashes.ExtendableOutputFunction):
-            # extendable output functions use a different finalize
-            return self._finalize_xof()
-        else:
-            buf = self._backend._ffi.new("unsigned char[]",
-                                         self._backend._lib.EVP_MAX_MD_SIZE)
-            outlen = self._backend._ffi.new("unsigned int *")
-            res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen)
-            self._backend.openssl_assert(res != 0)
-            self._backend.openssl_assert(
-                outlen[0] == self.algorithm.digest_size
-            )
-            return self._backend._ffi.buffer(buf)[:outlen[0]]
-
-    def _finalize_xof(self):
-        buf = self._backend._ffi.new("unsigned char[]",
-                                     self.algorithm.digest_size)
-        res = self._backend._lib.EVP_DigestFinalXOF(
-            self._ctx, buf, self.algorithm.digest_size
-        )
-        self._backend.openssl_assert(res != 0)
-        return self._backend._ffi.buffer(buf)[:self.algorithm.digest_size]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hmac.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/hmac.py
@@ -1,74 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-from cryptography import utils
-from cryptography.exceptions import (
-    InvalidSignature, UnsupportedAlgorithm, _Reasons
-)
-from cryptography.hazmat.primitives import constant_time, hashes
-
-
-@utils.register_interface(hashes.HashContext)
-class _HMACContext(object):
-    def __init__(self, backend, key, algorithm, ctx=None):
-        self._algorithm = algorithm
-        self._backend = backend
-
-        if ctx is None:
-            ctx = self._backend._lib.Cryptography_HMAC_CTX_new()
-            self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
-            ctx = self._backend._ffi.gc(
-                ctx, self._backend._lib.Cryptography_HMAC_CTX_free
-            )
-            evp_md = self._backend._evp_md_from_algorithm(algorithm)
-            if evp_md == self._backend._ffi.NULL:
-                raise UnsupportedAlgorithm(
-                    "{} is not a supported hash on this backend".format(
-                        algorithm.name),
-                    _Reasons.UNSUPPORTED_HASH
-                )
-            key_ptr = self._backend._ffi.from_buffer(key)
-            res = self._backend._lib.HMAC_Init_ex(
-                ctx, key_ptr, len(key), evp_md, self._backend._ffi.NULL
-            )
-            self._backend.openssl_assert(res != 0)
-
-        self._ctx = ctx
-        self._key = key
-
-    algorithm = utils.read_only_property("_algorithm")
-
-    def copy(self):
-        copied_ctx = self._backend._lib.Cryptography_HMAC_CTX_new()
-        self._backend.openssl_assert(copied_ctx != self._backend._ffi.NULL)
-        copied_ctx = self._backend._ffi.gc(
-            copied_ctx, self._backend._lib.Cryptography_HMAC_CTX_free
-        )
-        res = self._backend._lib.HMAC_CTX_copy(copied_ctx, self._ctx)
-        self._backend.openssl_assert(res != 0)
-        return _HMACContext(
-            self._backend, self._key, self.algorithm, ctx=copied_ctx
-        )
-
-    def update(self, data):
-        data_ptr = self._backend._ffi.from_buffer(data)
-        res = self._backend._lib.HMAC_Update(self._ctx, data_ptr, len(data))
-        self._backend.openssl_assert(res != 0)
-
-    def finalize(self):
-        buf = self._backend._ffi.new("unsigned char[]",
-                                     self._backend._lib.EVP_MAX_MD_SIZE)
-        outlen = self._backend._ffi.new("unsigned int *")
-        res = self._backend._lib.HMAC_Final(self._ctx, buf, outlen)
-        self._backend.openssl_assert(res != 0)
-        self._backend.openssl_assert(outlen[0] == self.algorithm.digest_size)
-        return self._backend._ffi.buffer(buf)[:outlen[0]]
-
-    def verify(self, signature):
-        digest = self.finalize()
-        if not constant_time.bytes_eq(digest, signature):
-            raise InvalidSignature("Signature did not match digest.")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ocsp.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/ocsp.py
@@ -1,381 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import functools
-
-from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm
-from cryptography.hazmat.backends.openssl.decode_asn1 import (
-    _CRL_ENTRY_REASON_CODE_TO_ENUM, _OCSP_BASICRESP_EXT_PARSER,
-    _OCSP_REQ_EXT_PARSER, _asn1_integer_to_int,
-    _asn1_string_to_bytes, _decode_x509_name, _obj2txt,
-    _parse_asn1_generalized_time,
-)
-from cryptography.hazmat.backends.openssl.x509 import _Certificate
-from cryptography.hazmat.primitives import serialization
-from cryptography.x509.ocsp import (
-    OCSPCertStatus, OCSPRequest, OCSPResponse, OCSPResponseStatus,
-    _CERT_STATUS_TO_ENUM, _OIDS_TO_HASH, _RESPONSE_STATUS_TO_ENUM,
-)
-
-
-def _requires_successful_response(func):
-    @functools.wraps(func)
-    def wrapper(self, *args):
-        if self.response_status != OCSPResponseStatus.SUCCESSFUL:
-            raise ValueError(
-                "OCSP response status is not successful so the property "
-                "has no value"
-            )
-        else:
-            return func(self, *args)
-
-    return wrapper
-
-
-def _issuer_key_hash(backend, cert_id):
-    key_hash = backend._ffi.new("ASN1_OCTET_STRING **")
-    res = backend._lib.OCSP_id_get0_info(
-        backend._ffi.NULL, backend._ffi.NULL,
-        key_hash, backend._ffi.NULL, cert_id
-    )
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(key_hash[0] != backend._ffi.NULL)
-    return _asn1_string_to_bytes(backend, key_hash[0])
-
-
-def _issuer_name_hash(backend, cert_id):
-    name_hash = backend._ffi.new("ASN1_OCTET_STRING **")
-    res = backend._lib.OCSP_id_get0_info(
-        name_hash, backend._ffi.NULL,
-        backend._ffi.NULL, backend._ffi.NULL, cert_id
-    )
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(name_hash[0] != backend._ffi.NULL)
-    return _asn1_string_to_bytes(backend, name_hash[0])
-
-
-def _serial_number(backend, cert_id):
-    num = backend._ffi.new("ASN1_INTEGER **")
-    res = backend._lib.OCSP_id_get0_info(
-        backend._ffi.NULL, backend._ffi.NULL,
-        backend._ffi.NULL, num, cert_id
-    )
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(num[0] != backend._ffi.NULL)
-    return _asn1_integer_to_int(backend, num[0])
-
-
-def _hash_algorithm(backend, cert_id):
-    asn1obj = backend._ffi.new("ASN1_OBJECT **")
-    res = backend._lib.OCSP_id_get0_info(
-        backend._ffi.NULL, asn1obj,
-        backend._ffi.NULL, backend._ffi.NULL, cert_id
-    )
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(asn1obj[0] != backend._ffi.NULL)
-    oid = _obj2txt(backend, asn1obj[0])
-    try:
-        return _OIDS_TO_HASH[oid]
-    except KeyError:
-        raise UnsupportedAlgorithm(
-            "Signature algorithm OID: {} not recognized".format(oid)
-        )
-
-
-@utils.register_interface(OCSPResponse)
-class _OCSPResponse(object):
-    def __init__(self, backend, ocsp_response):
-        self._backend = backend
-        self._ocsp_response = ocsp_response
-        status = self._backend._lib.OCSP_response_status(self._ocsp_response)
-        self._backend.openssl_assert(status in _RESPONSE_STATUS_TO_ENUM)
-        self._status = _RESPONSE_STATUS_TO_ENUM[status]
-        if self._status is OCSPResponseStatus.SUCCESSFUL:
-            basic = self._backend._lib.OCSP_response_get1_basic(
-                self._ocsp_response
-            )
-            self._backend.openssl_assert(basic != self._backend._ffi.NULL)
-            self._basic = self._backend._ffi.gc(
-                basic, self._backend._lib.OCSP_BASICRESP_free
-            )
-            self._backend.openssl_assert(
-                self._backend._lib.OCSP_resp_count(self._basic) == 1
-            )
-            self._single = self._backend._lib.OCSP_resp_get0(self._basic, 0)
-            self._backend.openssl_assert(
-                self._single != self._backend._ffi.NULL
-            )
-            self._cert_id = self._backend._lib.OCSP_SINGLERESP_get0_id(
-                self._single
-            )
-            self._backend.openssl_assert(
-                self._cert_id != self._backend._ffi.NULL
-            )
-
-    response_status = utils.read_only_property("_status")
-
-    @property
-    @_requires_successful_response
-    def signature_algorithm_oid(self):
-        alg = self._backend._lib.OCSP_resp_get0_tbs_sigalg(self._basic)
-        self._backend.openssl_assert(alg != self._backend._ffi.NULL)
-        oid = _obj2txt(self._backend, alg.algorithm)
-        return x509.ObjectIdentifier(oid)
-
-    @property
-    @_requires_successful_response
-    def signature_hash_algorithm(self):
-        oid = self.signature_algorithm_oid
-        try:
-            return x509._SIG_OIDS_TO_HASH[oid]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "Signature algorithm OID:{} not recognized".format(oid)
-            )
-
-    @property
-    @_requires_successful_response
-    def signature(self):
-        sig = self._backend._lib.OCSP_resp_get0_signature(self._basic)
-        self._backend.openssl_assert(sig != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, sig)
-
-    @property
-    @_requires_successful_response
-    def tbs_response_bytes(self):
-        respdata = self._backend._lib.OCSP_resp_get0_respdata(self._basic)
-        self._backend.openssl_assert(respdata != self._backend._ffi.NULL)
-        pp = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.i2d_OCSP_RESPDATA(respdata, pp)
-        self._backend.openssl_assert(pp[0] != self._backend._ffi.NULL)
-        pp = self._backend._ffi.gc(
-            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
-        )
-        self._backend.openssl_assert(res > 0)
-        return self._backend._ffi.buffer(pp[0], res)[:]
-
-    @property
-    @_requires_successful_response
-    def certificates(self):
-        sk_x509 = self._backend._lib.OCSP_resp_get0_certs(self._basic)
-        num = self._backend._lib.sk_X509_num(sk_x509)
-        certs = []
-        for i in range(num):
-            x509 = self._backend._lib.sk_X509_value(sk_x509, i)
-            self._backend.openssl_assert(x509 != self._backend._ffi.NULL)
-            cert = _Certificate(self._backend, x509)
-            # We need to keep the OCSP response that the certificate came from
-            # alive until the Certificate object itself goes out of scope, so
-            # we give it a private reference.
-            cert._ocsp_resp = self
-            certs.append(cert)
-
-        return certs
-
-    @property
-    @_requires_successful_response
-    def responder_key_hash(self):
-        _, asn1_string = self._responder_key_name()
-        if asn1_string == self._backend._ffi.NULL:
-            return None
-        else:
-            return _asn1_string_to_bytes(self._backend, asn1_string)
-
-    @property
-    @_requires_successful_response
-    def responder_name(self):
-        x509_name, _ = self._responder_key_name()
-        if x509_name == self._backend._ffi.NULL:
-            return None
-        else:
-            return _decode_x509_name(self._backend, x509_name)
-
-    def _responder_key_name(self):
-        asn1_string = self._backend._ffi.new("ASN1_OCTET_STRING **")
-        x509_name = self._backend._ffi.new("X509_NAME **")
-        res = self._backend._lib.OCSP_resp_get0_id(
-            self._basic, asn1_string, x509_name
-        )
-        self._backend.openssl_assert(res == 1)
-        return x509_name[0], asn1_string[0]
-
-    @property
-    @_requires_successful_response
-    def produced_at(self):
-        produced_at = self._backend._lib.OCSP_resp_get0_produced_at(
-            self._basic
-        )
-        return _parse_asn1_generalized_time(self._backend, produced_at)
-
-    @property
-    @_requires_successful_response
-    def certificate_status(self):
-        status = self._backend._lib.OCSP_single_get0_status(
-            self._single,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-        )
-        self._backend.openssl_assert(status in _CERT_STATUS_TO_ENUM)
-        return _CERT_STATUS_TO_ENUM[status]
-
-    @property
-    @_requires_successful_response
-    def revocation_time(self):
-        if self.certificate_status is not OCSPCertStatus.REVOKED:
-            return None
-
-        asn1_time = self._backend._ffi.new("ASN1_GENERALIZEDTIME **")
-        self._backend._lib.OCSP_single_get0_status(
-            self._single,
-            self._backend._ffi.NULL,
-            asn1_time,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-        )
-        self._backend.openssl_assert(asn1_time[0] != self._backend._ffi.NULL)
-        return _parse_asn1_generalized_time(self._backend, asn1_time[0])
-
-    @property
-    @_requires_successful_response
-    def revocation_reason(self):
-        if self.certificate_status is not OCSPCertStatus.REVOKED:
-            return None
-
-        reason_ptr = self._backend._ffi.new("int *")
-        self._backend._lib.OCSP_single_get0_status(
-            self._single,
-            reason_ptr,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-        )
-        # If no reason is encoded OpenSSL returns -1
-        if reason_ptr[0] == -1:
-            return None
-        else:
-            self._backend.openssl_assert(
-                reason_ptr[0] in _CRL_ENTRY_REASON_CODE_TO_ENUM
-            )
-            return _CRL_ENTRY_REASON_CODE_TO_ENUM[reason_ptr[0]]
-
-    @property
-    @_requires_successful_response
-    def this_update(self):
-        asn1_time = self._backend._ffi.new("ASN1_GENERALIZEDTIME **")
-        self._backend._lib.OCSP_single_get0_status(
-            self._single,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            asn1_time,
-            self._backend._ffi.NULL,
-        )
-        self._backend.openssl_assert(asn1_time[0] != self._backend._ffi.NULL)
-        return _parse_asn1_generalized_time(self._backend, asn1_time[0])
-
-    @property
-    @_requires_successful_response
-    def next_update(self):
-        asn1_time = self._backend._ffi.new("ASN1_GENERALIZEDTIME **")
-        self._backend._lib.OCSP_single_get0_status(
-            self._single,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            self._backend._ffi.NULL,
-            asn1_time,
-        )
-        if asn1_time[0] != self._backend._ffi.NULL:
-            return _parse_asn1_generalized_time(self._backend, asn1_time[0])
-        else:
-            return None
-
-    @property
-    @_requires_successful_response
-    def issuer_key_hash(self):
-        return _issuer_key_hash(self._backend, self._cert_id)
-
-    @property
-    @_requires_successful_response
-    def issuer_name_hash(self):
-        return _issuer_name_hash(self._backend, self._cert_id)
-
-    @property
-    @_requires_successful_response
-    def hash_algorithm(self):
-        return _hash_algorithm(self._backend, self._cert_id)
-
-    @property
-    @_requires_successful_response
-    def serial_number(self):
-        return _serial_number(self._backend, self._cert_id)
-
-    @utils.cached_property
-    @_requires_successful_response
-    def extensions(self):
-        return _OCSP_BASICRESP_EXT_PARSER.parse(self._backend, self._basic)
-
-    def public_bytes(self, encoding):
-        if encoding is not serialization.Encoding.DER:
-            raise ValueError(
-                "The only allowed encoding value is Encoding.DER"
-            )
-
-        bio = self._backend._create_mem_bio_gc()
-        res = self._backend._lib.i2d_OCSP_RESPONSE_bio(
-            bio, self._ocsp_response
-        )
-        self._backend.openssl_assert(res > 0)
-        return self._backend._read_mem_bio(bio)
-
-
-@utils.register_interface(OCSPRequest)
-class _OCSPRequest(object):
-    def __init__(self, backend, ocsp_request):
-        if backend._lib.OCSP_request_onereq_count(ocsp_request) > 1:
-            raise NotImplementedError(
-                'OCSP request contains more than one request'
-            )
-        self._backend = backend
-        self._ocsp_request = ocsp_request
-        self._request = self._backend._lib.OCSP_request_onereq_get0(
-            self._ocsp_request, 0
-        )
-        self._backend.openssl_assert(self._request != self._backend._ffi.NULL)
-        self._cert_id = self._backend._lib.OCSP_onereq_get0_id(self._request)
-        self._backend.openssl_assert(self._cert_id != self._backend._ffi.NULL)
-
-    @property
-    def issuer_key_hash(self):
-        return _issuer_key_hash(self._backend, self._cert_id)
-
-    @property
-    def issuer_name_hash(self):
-        return _issuer_name_hash(self._backend, self._cert_id)
-
-    @property
-    def serial_number(self):
-        return _serial_number(self._backend, self._cert_id)
-
-    @property
-    def hash_algorithm(self):
-        return _hash_algorithm(self._backend, self._cert_id)
-
-    @utils.cached_property
-    def extensions(self):
-        return _OCSP_REQ_EXT_PARSER.parse(self._backend, self._ocsp_request)
-
-    def public_bytes(self, encoding):
-        if encoding is not serialization.Encoding.DER:
-            raise ValueError(
-                "The only allowed encoding value is Encoding.DER"
-            )
-
-        bio = self._backend._create_mem_bio_gc()
-        res = self._backend._lib.i2d_OCSP_REQUEST_bio(bio, self._ocsp_request)
-        self._backend.openssl_assert(res > 0)
-        return self._backend._read_mem_bio(bio)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/poly1305.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/poly1305.py
@@ -1,60 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.primitives import constant_time
-
-
-_POLY1305_TAG_SIZE = 16
-_POLY1305_KEY_SIZE = 32
-
-
-class _Poly1305Context(object):
-    def __init__(self, backend, key):
-        self._backend = backend
-
-        key_ptr = self._backend._ffi.from_buffer(key)
-        # This function copies the key into OpenSSL-owned memory so we don't
-        # need to retain it ourselves
-        evp_pkey = self._backend._lib.EVP_PKEY_new_raw_private_key(
-            self._backend._lib.NID_poly1305,
-            self._backend._ffi.NULL, key_ptr, len(key)
-        )
-        self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL)
-        self._evp_pkey = self._backend._ffi.gc(
-            evp_pkey, self._backend._lib.EVP_PKEY_free
-        )
-        ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
-        self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
-        self._ctx = self._backend._ffi.gc(
-            ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
-        )
-        res = self._backend._lib.EVP_DigestSignInit(
-            self._ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._evp_pkey
-        )
-        self._backend.openssl_assert(res == 1)
-
-    def update(self, data):
-        data_ptr = self._backend._ffi.from_buffer(data)
-        res = self._backend._lib.EVP_DigestSignUpdate(
-            self._ctx, data_ptr, len(data)
-        )
-        self._backend.openssl_assert(res != 0)
-
-    def finalize(self):
-        buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE)
-        outlen = self._backend._ffi.new("size_t *")
-        res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen)
-        self._backend.openssl_assert(res != 0)
-        self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE)
-        return self._backend._ffi.buffer(buf)[:outlen[0]]
-
-    def verify(self, tag):
-        mac = self.finalize()
-        if not constant_time.bytes_eq(mac, tag):
-            raise InvalidSignature("Value did not match computed tag.")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/rsa.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/rsa.py
@@ -1,478 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import math
-
-from cryptography import utils
-from cryptography.exceptions import (
-    InvalidSignature, UnsupportedAlgorithm, _Reasons
-)
-from cryptography.hazmat.backends.openssl.utils import (
-    _calculate_digest_and_algorithm, _check_not_prehashed,
-    _warn_sign_verify_deprecated
-)
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import (
-    AsymmetricSignatureContext, AsymmetricVerificationContext, rsa
-)
-from cryptography.hazmat.primitives.asymmetric.padding import (
-    AsymmetricPadding, MGF1, OAEP, PKCS1v15, PSS, calculate_max_pss_salt_length
-)
-from cryptography.hazmat.primitives.asymmetric.rsa import (
-    RSAPrivateKeyWithSerialization, RSAPublicKeyWithSerialization
-)
-
-
-def _get_rsa_pss_salt_length(pss, key, hash_algorithm):
-    salt = pss._salt_length
-
-    if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
-        return calculate_max_pss_salt_length(key, hash_algorithm)
-    else:
-        return salt
-
-
-def _enc_dec_rsa(backend, key, data, padding):
-    if not isinstance(padding, AsymmetricPadding):
-        raise TypeError("Padding must be an instance of AsymmetricPadding.")
-
-    if isinstance(padding, PKCS1v15):
-        padding_enum = backend._lib.RSA_PKCS1_PADDING
-    elif isinstance(padding, OAEP):
-        padding_enum = backend._lib.RSA_PKCS1_OAEP_PADDING
-
-        if not isinstance(padding._mgf, MGF1):
-            raise UnsupportedAlgorithm(
-                "Only MGF1 is supported by this backend.",
-                _Reasons.UNSUPPORTED_MGF
-            )
-
-        if not backend.rsa_padding_supported(padding):
-            raise UnsupportedAlgorithm(
-                "This combination of padding and hash algorithm is not "
-                "supported by this backend.",
-                _Reasons.UNSUPPORTED_PADDING
-            )
-
-    else:
-        raise UnsupportedAlgorithm(
-            "{} is not supported by this backend.".format(
-                padding.name
-            ),
-            _Reasons.UNSUPPORTED_PADDING
-        )
-
-    return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding)
-
-
-def _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding):
-    if isinstance(key, _RSAPublicKey):
-        init = backend._lib.EVP_PKEY_encrypt_init
-        crypt = backend._lib.EVP_PKEY_encrypt
-    else:
-        init = backend._lib.EVP_PKEY_decrypt_init
-        crypt = backend._lib.EVP_PKEY_decrypt
-
-    pkey_ctx = backend._lib.EVP_PKEY_CTX_new(
-        key._evp_pkey, backend._ffi.NULL
-    )
-    backend.openssl_assert(pkey_ctx != backend._ffi.NULL)
-    pkey_ctx = backend._ffi.gc(pkey_ctx, backend._lib.EVP_PKEY_CTX_free)
-    res = init(pkey_ctx)
-    backend.openssl_assert(res == 1)
-    res = backend._lib.EVP_PKEY_CTX_set_rsa_padding(
-        pkey_ctx, padding_enum)
-    backend.openssl_assert(res > 0)
-    buf_size = backend._lib.EVP_PKEY_size(key._evp_pkey)
-    backend.openssl_assert(buf_size > 0)
-    if (
-        isinstance(padding, OAEP) and
-        backend._lib.Cryptography_HAS_RSA_OAEP_MD
-    ):
-        mgf1_md = backend._evp_md_non_null_from_algorithm(
-            padding._mgf._algorithm)
-        res = backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1_md)
-        backend.openssl_assert(res > 0)
-        oaep_md = backend._evp_md_non_null_from_algorithm(padding._algorithm)
-        res = backend._lib.EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, oaep_md)
-        backend.openssl_assert(res > 0)
-
-    if (
-        isinstance(padding, OAEP) and
-        padding._label is not None and
-        len(padding._label) > 0
-    ):
-        # set0_rsa_oaep_label takes ownership of the char * so we need to
-        # copy it into some new memory
-        labelptr = backend._lib.OPENSSL_malloc(len(padding._label))
-        backend.openssl_assert(labelptr != backend._ffi.NULL)
-        backend._ffi.memmove(labelptr, padding._label, len(padding._label))
-        res = backend._lib.EVP_PKEY_CTX_set0_rsa_oaep_label(
-            pkey_ctx, labelptr, len(padding._label)
-        )
-        backend.openssl_assert(res == 1)
-
-    outlen = backend._ffi.new("size_t *", buf_size)
-    buf = backend._ffi.new("unsigned char[]", buf_size)
-    res = crypt(pkey_ctx, buf, outlen, data, len(data))
-    if res <= 0:
-        _handle_rsa_enc_dec_error(backend, key)
-
-    return backend._ffi.buffer(buf)[:outlen[0]]
-
-
-def _handle_rsa_enc_dec_error(backend, key):
-    errors = backend._consume_errors()
-    backend.openssl_assert(errors)
-    backend.openssl_assert(errors[0].lib == backend._lib.ERR_LIB_RSA)
-    if isinstance(key, _RSAPublicKey):
-        backend.openssl_assert(
-            errors[0].reason == backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE
-        )
-        raise ValueError(
-            "Data too long for key size. Encrypt less data or use a "
-            "larger key size."
-        )
-    else:
-        decoding_errors = [
-            backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01,
-            backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02,
-            backend._lib.RSA_R_OAEP_DECODING_ERROR,
-            # Though this error looks similar to the
-            # RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, this occurs on decrypts,
-            # rather than on encrypts
-            backend._lib.RSA_R_DATA_TOO_LARGE_FOR_MODULUS,
-        ]
-        if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR:
-            decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR)
-
-        backend.openssl_assert(errors[0].reason in decoding_errors)
-        raise ValueError("Decryption failed.")
-
-
-def _rsa_sig_determine_padding(backend, key, padding, algorithm):
-    if not isinstance(padding, AsymmetricPadding):
-        raise TypeError("Expected provider of AsymmetricPadding.")
-
-    pkey_size = backend._lib.EVP_PKEY_size(key._evp_pkey)
-    backend.openssl_assert(pkey_size > 0)
-
-    if isinstance(padding, PKCS1v15):
-        padding_enum = backend._lib.RSA_PKCS1_PADDING
-    elif isinstance(padding, PSS):
-        if not isinstance(padding._mgf, MGF1):
-            raise UnsupportedAlgorithm(
-                "Only MGF1 is supported by this backend.",
-                _Reasons.UNSUPPORTED_MGF
-            )
-
-        # Size of key in bytes - 2 is the maximum
-        # PSS signature length (salt length is checked later)
-        if pkey_size - algorithm.digest_size - 2 < 0:
-            raise ValueError("Digest too large for key size. Use a larger "
-                             "key or different digest.")
-
-        padding_enum = backend._lib.RSA_PKCS1_PSS_PADDING
-    else:
-        raise UnsupportedAlgorithm(
-            "{} is not supported by this backend.".format(padding.name),
-            _Reasons.UNSUPPORTED_PADDING
-        )
-
-    return padding_enum
-
-
-def _rsa_sig_setup(backend, padding, algorithm, key, data, init_func):
-    padding_enum = _rsa_sig_determine_padding(backend, key, padding, algorithm)
-    evp_md = backend._evp_md_non_null_from_algorithm(algorithm)
-    pkey_ctx = backend._lib.EVP_PKEY_CTX_new(key._evp_pkey, backend._ffi.NULL)
-    backend.openssl_assert(pkey_ctx != backend._ffi.NULL)
-    pkey_ctx = backend._ffi.gc(pkey_ctx, backend._lib.EVP_PKEY_CTX_free)
-    res = init_func(pkey_ctx)
-    backend.openssl_assert(res == 1)
-    res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md)
-    if res == 0:
-        backend._consume_errors()
-        raise UnsupportedAlgorithm(
-            "{} is not supported by this backend for RSA signing.".format(
-                algorithm.name
-            ),
-            _Reasons.UNSUPPORTED_HASH
-        )
-    res = backend._lib.EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding_enum)
-    backend.openssl_assert(res > 0)
-    if isinstance(padding, PSS):
-        res = backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
-            pkey_ctx, _get_rsa_pss_salt_length(padding, key, algorithm)
-        )
-        backend.openssl_assert(res > 0)
-
-        mgf1_md = backend._evp_md_non_null_from_algorithm(
-            padding._mgf._algorithm)
-        res = backend._lib.EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1_md)
-        backend.openssl_assert(res > 0)
-
-    return pkey_ctx
-
-
-def _rsa_sig_sign(backend, padding, algorithm, private_key, data):
-    pkey_ctx = _rsa_sig_setup(
-        backend, padding, algorithm, private_key, data,
-        backend._lib.EVP_PKEY_sign_init
-    )
-    buflen = backend._ffi.new("size_t *")
-    res = backend._lib.EVP_PKEY_sign(
-        pkey_ctx,
-        backend._ffi.NULL,
-        buflen,
-        data,
-        len(data)
-    )
-    backend.openssl_assert(res == 1)
-    buf = backend._ffi.new("unsigned char[]", buflen[0])
-    res = backend._lib.EVP_PKEY_sign(
-        pkey_ctx, buf, buflen, data, len(data))
-    if res != 1:
-        errors = backend._consume_errors()
-        backend.openssl_assert(errors[0].lib == backend._lib.ERR_LIB_RSA)
-        if (
-            errors[0].reason ==
-            backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE
-        ):
-            reason = ("Salt length too long for key size. Try using "
-                      "MAX_LENGTH instead.")
-        else:
-            backend.openssl_assert(
-                errors[0].reason ==
-                backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
-            )
-            reason = "Digest too large for key size. Use a larger key."
-        raise ValueError(reason)
-
-    return backend._ffi.buffer(buf)[:]
-
-
-def _rsa_sig_verify(backend, padding, algorithm, public_key, signature, data):
-    pkey_ctx = _rsa_sig_setup(
-        backend, padding, algorithm, public_key, data,
-        backend._lib.EVP_PKEY_verify_init
-    )
-    res = backend._lib.EVP_PKEY_verify(
-        pkey_ctx, signature, len(signature), data, len(data)
-    )
-    # The previous call can return negative numbers in the event of an
-    # error. This is not a signature failure but we need to fail if it
-    # occurs.
-    backend.openssl_assert(res >= 0)
-    if res == 0:
-        backend._consume_errors()
-        raise InvalidSignature
-
-
-@utils.register_interface(AsymmetricSignatureContext)
-class _RSASignatureContext(object):
-    def __init__(self, backend, private_key, padding, algorithm):
-        self._backend = backend
-        self._private_key = private_key
-
-        # We now call _rsa_sig_determine_padding in _rsa_sig_setup. However
-        # we need to make a pointless call to it here so we maintain the
-        # API of erroring on init with this context if the values are invalid.
-        _rsa_sig_determine_padding(backend, private_key, padding, algorithm)
-        self._padding = padding
-        self._algorithm = algorithm
-        self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
-    def update(self, data):
-        self._hash_ctx.update(data)
-
-    def finalize(self):
-        return _rsa_sig_sign(
-            self._backend,
-            self._padding,
-            self._algorithm,
-            self._private_key,
-            self._hash_ctx.finalize()
-        )
-
-
-@utils.register_interface(AsymmetricVerificationContext)
-class _RSAVerificationContext(object):
-    def __init__(self, backend, public_key, signature, padding, algorithm):
-        self._backend = backend
-        self._public_key = public_key
-        self._signature = signature
-        self._padding = padding
-        # We now call _rsa_sig_determine_padding in _rsa_sig_setup. However
-        # we need to make a pointless call to it here so we maintain the
-        # API of erroring on init with this context if the values are invalid.
-        _rsa_sig_determine_padding(backend, public_key, padding, algorithm)
-
-        padding = padding
-        self._algorithm = algorithm
-        self._hash_ctx = hashes.Hash(self._algorithm, self._backend)
-
-    def update(self, data):
-        self._hash_ctx.update(data)
-
-    def verify(self):
-        return _rsa_sig_verify(
-            self._backend,
-            self._padding,
-            self._algorithm,
-            self._public_key,
-            self._signature,
-            self._hash_ctx.finalize()
-        )
-
-
-@utils.register_interface(RSAPrivateKeyWithSerialization)
-class _RSAPrivateKey(object):
-    def __init__(self, backend, rsa_cdata, evp_pkey):
-        self._backend = backend
-        self._rsa_cdata = rsa_cdata
-        self._evp_pkey = evp_pkey
-
-        n = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.RSA_get0_key(
-            self._rsa_cdata, n, self._backend._ffi.NULL,
-            self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(n[0] != self._backend._ffi.NULL)
-        self._key_size = self._backend._lib.BN_num_bits(n[0])
-
-    key_size = utils.read_only_property("_key_size")
-
-    def signer(self, padding, algorithm):
-        _warn_sign_verify_deprecated()
-        _check_not_prehashed(algorithm)
-        return _RSASignatureContext(self._backend, self, padding, algorithm)
-
-    def decrypt(self, ciphertext, padding):
-        key_size_bytes = int(math.ceil(self.key_size / 8.0))
-        if key_size_bytes != len(ciphertext):
-            raise ValueError("Ciphertext length must be equal to key size.")
-
-        return _enc_dec_rsa(self._backend, self, ciphertext, padding)
-
-    def public_key(self):
-        ctx = self._backend._lib.RSAPublicKey_dup(self._rsa_cdata)
-        self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
-        ctx = self._backend._ffi.gc(ctx, self._backend._lib.RSA_free)
-        res = self._backend._lib.RSA_blinding_on(ctx, self._backend._ffi.NULL)
-        self._backend.openssl_assert(res == 1)
-        evp_pkey = self._backend._rsa_cdata_to_evp_pkey(ctx)
-        return _RSAPublicKey(self._backend, ctx, evp_pkey)
-
-    def private_numbers(self):
-        n = self._backend._ffi.new("BIGNUM **")
-        e = self._backend._ffi.new("BIGNUM **")
-        d = self._backend._ffi.new("BIGNUM **")
-        p = self._backend._ffi.new("BIGNUM **")
-        q = self._backend._ffi.new("BIGNUM **")
-        dmp1 = self._backend._ffi.new("BIGNUM **")
-        dmq1 = self._backend._ffi.new("BIGNUM **")
-        iqmp = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.RSA_get0_key(self._rsa_cdata, n, e, d)
-        self._backend.openssl_assert(n[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(e[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(d[0] != self._backend._ffi.NULL)
-        self._backend._lib.RSA_get0_factors(self._rsa_cdata, p, q)
-        self._backend.openssl_assert(p[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(q[0] != self._backend._ffi.NULL)
-        self._backend._lib.RSA_get0_crt_params(
-            self._rsa_cdata, dmp1, dmq1, iqmp
-        )
-        self._backend.openssl_assert(dmp1[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(dmq1[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(iqmp[0] != self._backend._ffi.NULL)
-        return rsa.RSAPrivateNumbers(
-            p=self._backend._bn_to_int(p[0]),
-            q=self._backend._bn_to_int(q[0]),
-            d=self._backend._bn_to_int(d[0]),
-            dmp1=self._backend._bn_to_int(dmp1[0]),
-            dmq1=self._backend._bn_to_int(dmq1[0]),
-            iqmp=self._backend._bn_to_int(iqmp[0]),
-            public_numbers=rsa.RSAPublicNumbers(
-                e=self._backend._bn_to_int(e[0]),
-                n=self._backend._bn_to_int(n[0]),
-            )
-        )
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        return self._backend._private_key_bytes(
-            encoding,
-            format,
-            encryption_algorithm,
-            self._evp_pkey,
-            self._rsa_cdata
-        )
-
-    def sign(self, data, padding, algorithm):
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, algorithm
-        )
-        return _rsa_sig_sign(self._backend, padding, algorithm, self, data)
-
-
-@utils.register_interface(RSAPublicKeyWithSerialization)
-class _RSAPublicKey(object):
-    def __init__(self, backend, rsa_cdata, evp_pkey):
-        self._backend = backend
-        self._rsa_cdata = rsa_cdata
-        self._evp_pkey = evp_pkey
-
-        n = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.RSA_get0_key(
-            self._rsa_cdata, n, self._backend._ffi.NULL,
-            self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(n[0] != self._backend._ffi.NULL)
-        self._key_size = self._backend._lib.BN_num_bits(n[0])
-
-    key_size = utils.read_only_property("_key_size")
-
-    def verifier(self, signature, padding, algorithm):
-        _warn_sign_verify_deprecated()
-        utils._check_bytes("signature", signature)
-
-        _check_not_prehashed(algorithm)
-        return _RSAVerificationContext(
-            self._backend, self, signature, padding, algorithm
-        )
-
-    def encrypt(self, plaintext, padding):
-        return _enc_dec_rsa(self._backend, self, plaintext, padding)
-
-    def public_numbers(self):
-        n = self._backend._ffi.new("BIGNUM **")
-        e = self._backend._ffi.new("BIGNUM **")
-        self._backend._lib.RSA_get0_key(
-            self._rsa_cdata, n, e, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(n[0] != self._backend._ffi.NULL)
-        self._backend.openssl_assert(e[0] != self._backend._ffi.NULL)
-        return rsa.RSAPublicNumbers(
-            e=self._backend._bn_to_int(e[0]),
-            n=self._backend._bn_to_int(n[0]),
-        )
-
-    def public_bytes(self, encoding, format):
-        return self._backend._public_key_bytes(
-            encoding,
-            format,
-            self,
-            self._evp_pkey,
-            self._rsa_cdata
-        )
-
-    def verify(self, signature, data, padding, algorithm):
-        data, algorithm = _calculate_digest_and_algorithm(
-            self._backend, data, algorithm
-        )
-        return _rsa_sig_verify(
-            self._backend, padding, algorithm, self, signature, data
-        )
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/utils.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/utils.py
@@ -1,69 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import warnings
-
-from cryptography import utils
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
-
-
-def _evp_pkey_derive(backend, evp_pkey, peer_public_key):
-    ctx = backend._lib.EVP_PKEY_CTX_new(evp_pkey, backend._ffi.NULL)
-    backend.openssl_assert(ctx != backend._ffi.NULL)
-    ctx = backend._ffi.gc(ctx, backend._lib.EVP_PKEY_CTX_free)
-    res = backend._lib.EVP_PKEY_derive_init(ctx)
-    backend.openssl_assert(res == 1)
-    res = backend._lib.EVP_PKEY_derive_set_peer(
-        ctx, peer_public_key._evp_pkey
-    )
-    backend.openssl_assert(res == 1)
-    keylen = backend._ffi.new("size_t *")
-    res = backend._lib.EVP_PKEY_derive(ctx, backend._ffi.NULL, keylen)
-    backend.openssl_assert(res == 1)
-    backend.openssl_assert(keylen[0] > 0)
-    buf = backend._ffi.new("unsigned char[]", keylen[0])
-    res = backend._lib.EVP_PKEY_derive(ctx, buf, keylen)
-    if res != 1:
-        raise ValueError(
-            "Null shared key derived from public/private pair."
-        )
-
-    return backend._ffi.buffer(buf, keylen[0])[:]
-
-
-def _calculate_digest_and_algorithm(backend, data, algorithm):
-    if not isinstance(algorithm, Prehashed):
-        hash_ctx = hashes.Hash(algorithm, backend)
-        hash_ctx.update(data)
-        data = hash_ctx.finalize()
-    else:
-        algorithm = algorithm._algorithm
-
-    if len(data) != algorithm.digest_size:
-        raise ValueError(
-            "The provided data must be the same length as the hash "
-            "algorithm's digest size."
-        )
-
-    return (data, algorithm)
-
-
-def _check_not_prehashed(signature_algorithm):
-    if isinstance(signature_algorithm, Prehashed):
-        raise TypeError(
-            "Prehashed is only supported in the sign and verify methods. "
-            "It cannot be used with signer or verifier."
-        )
-
-
-def _warn_sign_verify_deprecated():
-    warnings.warn(
-        "signer and verifier have been deprecated. Please use sign "
-        "and verify instead.",
-        utils.PersistentlyDeprecated2017,
-        stacklevel=3
-    )
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x25519.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x25519.py
@@ -1,149 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import warnings
-
-from cryptography import utils
-from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric.x25519 import (
-    X25519PrivateKey, X25519PublicKey
-)
-
-
-_X25519_KEY_SIZE = 32
-
-
-@utils.register_interface(X25519PublicKey)
-class _X25519PublicKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_bytes(self, encoding=None, format=None):
-        if encoding is None or format is None:
-            if encoding is not None or format is not None:
-                raise ValueError("Both encoding and format are required")
-            else:
-                warnings.warn(
-                    "public_bytes now requires encoding and format arguments. "
-                    "Support for calling without arguments will be removed in "
-                    "cryptography 2.7",
-                    utils.DeprecatedIn25,
-                )
-                encoding = serialization.Encoding.Raw
-                format = serialization.PublicFormat.Raw
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                encoding is not serialization.Encoding.Raw or
-                format is not serialization.PublicFormat.Raw
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw"
-                )
-
-            return self._raw_public_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PublicFormat.SubjectPublicKeyInfo
-        ):
-            raise ValueError(
-                "format must be SubjectPublicKeyInfo when encoding is PEM or "
-                "DER"
-            )
-
-        return self._backend._public_key_bytes(
-            encoding, format, self, self._evp_pkey, None
-        )
-
-    def _raw_public_bytes(self):
-        ucharpp = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.EVP_PKEY_get1_tls_encodedpoint(
-            self._evp_pkey, ucharpp
-        )
-        self._backend.openssl_assert(res == 32)
-        self._backend.openssl_assert(ucharpp[0] != self._backend._ffi.NULL)
-        data = self._backend._ffi.gc(
-            ucharpp[0], self._backend._lib.OPENSSL_free
-        )
-        return self._backend._ffi.buffer(data, res)[:]
-
-
-@utils.register_interface(X25519PrivateKey)
-class _X25519PrivateKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_key(self):
-        bio = self._backend._create_mem_bio_gc()
-        res = self._backend._lib.i2d_PUBKEY_bio(bio, self._evp_pkey)
-        self._backend.openssl_assert(res == 1)
-        evp_pkey = self._backend._lib.d2i_PUBKEY_bio(
-            bio, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL)
-        evp_pkey = self._backend._ffi.gc(
-            evp_pkey, self._backend._lib.EVP_PKEY_free
-        )
-        return _X25519PublicKey(self._backend, evp_pkey)
-
-    def exchange(self, peer_public_key):
-        if not isinstance(peer_public_key, X25519PublicKey):
-            raise TypeError("peer_public_key must be X25519PublicKey.")
-
-        return _evp_pkey_derive(
-            self._backend, self._evp_pkey, peer_public_key
-        )
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                format is not serialization.PrivateFormat.Raw or
-                encoding is not serialization.Encoding.Raw or not
-                isinstance(encryption_algorithm, serialization.NoEncryption)
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw "
-                    "and encryption_algorithm must be NoEncryption"
-                )
-
-            return self._raw_private_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PrivateFormat.PKCS8
-        ):
-            raise ValueError(
-                "format must be PKCS8 when encoding is PEM or DER"
-            )
-
-        return self._backend._private_key_bytes(
-            encoding, format, encryption_algorithm, self._evp_pkey, None
-        )
-
-    def _raw_private_bytes(self):
-        # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can
-        # switch this to EVP_PKEY_new_raw_private_key
-        # The trick we use here is serializing to a PKCS8 key and just
-        # using the last 32 bytes, which is the key itself.
-        bio = self._backend._create_mem_bio_gc()
-        res = self._backend._lib.i2d_PKCS8PrivateKey_bio(
-            bio, self._evp_pkey,
-            self._backend._ffi.NULL, self._backend._ffi.NULL,
-            0, self._backend._ffi.NULL, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(res == 1)
-        pkcs8 = self._backend._read_mem_bio(bio)
-        self._backend.openssl_assert(len(pkcs8) == 48)
-        return pkcs8[-_X25519_KEY_SIZE:]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x448.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x448.py
@@ -1,123 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from cryptography import utils
-from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric.x448 import (
-    X448PrivateKey, X448PublicKey
-)
-
-_X448_KEY_SIZE = 56
-
-
-@utils.register_interface(X448PublicKey)
-class _X448PublicKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_bytes(self, encoding, format):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                encoding is not serialization.Encoding.Raw or
-                format is not serialization.PublicFormat.Raw
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw"
-                )
-
-            return self._raw_public_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PublicFormat.SubjectPublicKeyInfo
-        ):
-            raise ValueError(
-                "format must be SubjectPublicKeyInfo when encoding is PEM or "
-                "DER"
-            )
-
-        return self._backend._public_key_bytes(
-            encoding, format, self, self._evp_pkey, None
-        )
-
-    def _raw_public_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _X448_KEY_SIZE)[:]
-
-
-@utils.register_interface(X448PrivateKey)
-class _X448PrivateKey(object):
-    def __init__(self, backend, evp_pkey):
-        self._backend = backend
-        self._evp_pkey = evp_pkey
-
-    def public_key(self):
-        buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_public_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE)
-        return self._backend.x448_load_public_bytes(buf)
-
-    def exchange(self, peer_public_key):
-        if not isinstance(peer_public_key, X448PublicKey):
-            raise TypeError("peer_public_key must be X448PublicKey.")
-
-        return _evp_pkey_derive(
-            self._backend, self._evp_pkey, peer_public_key
-        )
-
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        if (
-            encoding is serialization.Encoding.Raw or
-            format is serialization.PublicFormat.Raw
-        ):
-            if (
-                format is not serialization.PrivateFormat.Raw or
-                encoding is not serialization.Encoding.Raw or not
-                isinstance(encryption_algorithm, serialization.NoEncryption)
-            ):
-                raise ValueError(
-                    "When using Raw both encoding and format must be Raw "
-                    "and encryption_algorithm must be NoEncryption"
-                )
-
-            return self._raw_private_bytes()
-
-        if (
-            encoding in serialization._PEM_DER and
-            format is not serialization.PrivateFormat.PKCS8
-        ):
-            raise ValueError(
-                "format must be PKCS8 when encoding is PEM or DER"
-            )
-
-        return self._backend._private_key_bytes(
-            encoding, format, encryption_algorithm, self._evp_pkey, None
-        )
-
-    def _raw_private_bytes(self):
-        buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE)
-        buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE)
-        res = self._backend._lib.EVP_PKEY_get_raw_private_key(
-            self._evp_pkey, buf, buflen
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE)
-        return self._backend._ffi.buffer(buf, _X448_KEY_SIZE)[:]
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x509.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/backends/openssl/x509.py
@@ -1,546 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import datetime
-import operator
-
-from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm
-from cryptography.hazmat.backends.openssl.decode_asn1 import (
-    _CERTIFICATE_EXTENSION_PARSER, _CERTIFICATE_EXTENSION_PARSER_NO_SCT,
-    _CRL_EXTENSION_PARSER, _CSR_EXTENSION_PARSER,
-    _REVOKED_CERTIFICATE_EXTENSION_PARSER, _asn1_integer_to_int,
-    _asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_time
-)
-from cryptography.hazmat.backends.openssl.encode_asn1 import (
-    _encode_asn1_int_gc
-)
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
-
-
-@utils.register_interface(x509.Certificate)
-class _Certificate(object):
-    def __init__(self, backend, x509):
-        self._backend = backend
-        self._x509 = x509
-
-    def __repr__(self):
-        return "<Certificate(subject={}, ...)>".format(self.subject)
-
-    def __eq__(self, other):
-        if not isinstance(other, x509.Certificate):
-            return NotImplemented
-
-        res = self._backend._lib.X509_cmp(self._x509, other._x509)
-        return res == 0
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash(self.public_bytes(serialization.Encoding.DER))
-
-    def fingerprint(self, algorithm):
-        h = hashes.Hash(algorithm, self._backend)
-        h.update(self.public_bytes(serialization.Encoding.DER))
-        return h.finalize()
-
-    @property
-    def version(self):
-        version = self._backend._lib.X509_get_version(self._x509)
-        if version == 0:
-            return x509.Version.v1
-        elif version == 2:
-            return x509.Version.v3
-        else:
-            raise x509.InvalidVersion(
-                "{} is not a valid X509 version".format(version), version
-            )
-
-    @property
-    def serial_number(self):
-        asn1_int = self._backend._lib.X509_get_serialNumber(self._x509)
-        self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
-        return _asn1_integer_to_int(self._backend, asn1_int)
-
-    def public_key(self):
-        pkey = self._backend._lib.X509_get_pubkey(self._x509)
-        if pkey == self._backend._ffi.NULL:
-            # Remove errors from the stack.
-            self._backend._consume_errors()
-            raise ValueError("Certificate public key is of an unknown type")
-
-        pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free)
-
-        return self._backend._evp_pkey_to_public_key(pkey)
-
-    @property
-    def not_valid_before(self):
-        asn1_time = self._backend._lib.X509_get_notBefore(self._x509)
-        return _parse_asn1_time(self._backend, asn1_time)
-
-    @property
-    def not_valid_after(self):
-        asn1_time = self._backend._lib.X509_get_notAfter(self._x509)
-        return _parse_asn1_time(self._backend, asn1_time)
-
-    @property
-    def issuer(self):
-        issuer = self._backend._lib.X509_get_issuer_name(self._x509)
-        self._backend.openssl_assert(issuer != self._backend._ffi.NULL)
-        return _decode_x509_name(self._backend, issuer)
-
-    @property
-    def subject(self):
-        subject = self._backend._lib.X509_get_subject_name(self._x509)
-        self._backend.openssl_assert(subject != self._backend._ffi.NULL)
-        return _decode_x509_name(self._backend, subject)
-
-    @property
-    def signature_hash_algorithm(self):
-        oid = self.signature_algorithm_oid
-        try:
-            return x509._SIG_OIDS_TO_HASH[oid]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "Signature algorithm OID:{} not recognized".format(oid)
-            )
-
-    @property
-    def signature_algorithm_oid(self):
-        alg = self._backend._ffi.new("X509_ALGOR **")
-        self._backend._lib.X509_get0_signature(
-            self._backend._ffi.NULL, alg, self._x509
-        )
-        self._backend.openssl_assert(alg[0] != self._backend._ffi.NULL)
-        oid = _obj2txt(self._backend, alg[0].algorithm)
-        return x509.ObjectIdentifier(oid)
-
-    @utils.cached_property
-    def extensions(self):
-        if self._backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER:
-            return _CERTIFICATE_EXTENSION_PARSER.parse(
-                self._backend, self._x509
-            )
-        else:
-            return _CERTIFICATE_EXTENSION_PARSER_NO_SCT.parse(
-                self._backend, self._x509
-            )
-
-    @property
-    def signature(self):
-        sig = self._backend._ffi.new("ASN1_BIT_STRING **")
-        self._backend._lib.X509_get0_signature(
-            sig, self._backend._ffi.NULL, self._x509
-        )
-        self._backend.openssl_assert(sig[0] != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, sig[0])
-
-    @property
-    def tbs_certificate_bytes(self):
-        pp = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.i2d_re_X509_tbs(self._x509, pp)
-        self._backend.openssl_assert(res > 0)
-        pp = self._backend._ffi.gc(
-            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
-        )
-        return self._backend._ffi.buffer(pp[0], res)[:]
-
-    def public_bytes(self, encoding):
-        bio = self._backend._create_mem_bio_gc()
-        if encoding is serialization.Encoding.PEM:
-            res = self._backend._lib.PEM_write_bio_X509(bio, self._x509)
-        elif encoding is serialization.Encoding.DER:
-            res = self._backend._lib.i2d_X509_bio(bio, self._x509)
-        else:
-            raise TypeError("encoding must be an item from the Encoding enum")
-
-        self._backend.openssl_assert(res == 1)
-        return self._backend._read_mem_bio(bio)
-
-
-@utils.register_interface(x509.RevokedCertificate)
-class _RevokedCertificate(object):
-    def __init__(self, backend, crl, x509_revoked):
-        self._backend = backend
-        # The X509_REVOKED_value is a X509_REVOKED * that has
-        # no reference counting. This means when X509_CRL_free is
-        # called then the CRL and all X509_REVOKED * are freed. Since
-        # you can retain a reference to a single revoked certificate
-        # and let the CRL fall out of scope we need to retain a
-        # private reference to the CRL inside the RevokedCertificate
-        # object to prevent the gc from being called inappropriately.
-        self._crl = crl
-        self._x509_revoked = x509_revoked
-
-    @property
-    def serial_number(self):
-        asn1_int = self._backend._lib.X509_REVOKED_get0_serialNumber(
-            self._x509_revoked
-        )
-        self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
-        return _asn1_integer_to_int(self._backend, asn1_int)
-
-    @property
-    def revocation_date(self):
-        return _parse_asn1_time(
-            self._backend,
-            self._backend._lib.X509_REVOKED_get0_revocationDate(
-                self._x509_revoked
-            )
-        )
-
-    @utils.cached_property
-    def extensions(self):
-        return _REVOKED_CERTIFICATE_EXTENSION_PARSER.parse(
-            self._backend, self._x509_revoked
-        )
-
-
-@utils.register_interface(x509.CertificateRevocationList)
-class _CertificateRevocationList(object):
-    def __init__(self, backend, x509_crl):
-        self._backend = backend
-        self._x509_crl = x509_crl
-
-    def __eq__(self, other):
-        if not isinstance(other, x509.CertificateRevocationList):
-            return NotImplemented
-
-        res = self._backend._lib.X509_CRL_cmp(self._x509_crl, other._x509_crl)
-        return res == 0
-
-    def __ne__(self, other):
-        return not self == other
-
-    def fingerprint(self, algorithm):
-        h = hashes.Hash(algorithm, self._backend)
-        bio = self._backend._create_mem_bio_gc()
-        res = self._backend._lib.i2d_X509_CRL_bio(
-            bio, self._x509_crl
-        )
-        self._backend.openssl_assert(res == 1)
-        der = self._backend._read_mem_bio(bio)
-        h.update(der)
-        return h.finalize()
-
-    @utils.cached_property
-    def _sorted_crl(self):
-        # X509_CRL_get0_by_serial sorts in place, which breaks a variety of
-        # things we don't want to break (like iteration and the signature).
-        # Let's dupe it and sort that instead.
-        dup = self._backend._lib.X509_CRL_dup(self._x509_crl)
-        self._backend.openssl_assert(dup != self._backend._ffi.NULL)
-        dup = self._backend._ffi.gc(dup, self._backend._lib.X509_CRL_free)
-        return dup
-
-    def get_revoked_certificate_by_serial_number(self, serial_number):
-        revoked = self._backend._ffi.new("X509_REVOKED **")
-        asn1_int = _encode_asn1_int_gc(self._backend, serial_number)
-        res = self._backend._lib.X509_CRL_get0_by_serial(
-            self._sorted_crl, revoked, asn1_int
-        )
-        if res == 0:
-            return None
-        else:
-            self._backend.openssl_assert(
-                revoked[0] != self._backend._ffi.NULL
-            )
-            return _RevokedCertificate(
-                self._backend, self._sorted_crl, revoked[0]
-            )
-
-    @property
-    def signature_hash_algorithm(self):
-        oid = self.signature_algorithm_oid
-        try:
-            return x509._SIG_OIDS_TO_HASH[oid]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "Signature algorithm OID:{} not recognized".format(oid)
-            )
-
-    @property
-    def signature_algorithm_oid(self):
-        alg = self._backend._ffi.new("X509_ALGOR **")
-        self._backend._lib.X509_CRL_get0_signature(
-            self._x509_crl, self._backend._ffi.NULL, alg
-        )
-        self._backend.openssl_assert(alg[0] != self._backend._ffi.NULL)
-        oid = _obj2txt(self._backend, alg[0].algorithm)
-        return x509.ObjectIdentifier(oid)
-
-    @property
-    def issuer(self):
-        issuer = self._backend._lib.X509_CRL_get_issuer(self._x509_crl)
-        self._backend.openssl_assert(issuer != self._backend._ffi.NULL)
-        return _decode_x509_name(self._backend, issuer)
-
-    @property
-    def next_update(self):
-        nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
-        self._backend.openssl_assert(nu != self._backend._ffi.NULL)
-        return _parse_asn1_time(self._backend, nu)
-
-    @property
-    def last_update(self):
-        lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
-        self._backend.openssl_assert(lu != self._backend._ffi.NULL)
-        return _parse_asn1_time(self._backend, lu)
-
-    @property
-    def signature(self):
-        sig = self._backend._ffi.new("ASN1_BIT_STRING **")
-        self._backend._lib.X509_CRL_get0_signature(
-            self._x509_crl, sig, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(sig[0] != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, sig[0])
-
-    @property
-    def tbs_certlist_bytes(self):
-        pp = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.i2d_re_X509_CRL_tbs(self._x509_crl, pp)
-        self._backend.openssl_assert(res > 0)
-        pp = self._backend._ffi.gc(
-            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
-        )
-        return self._backend._ffi.buffer(pp[0], res)[:]
-
-    def public_bytes(self, encoding):
-        bio = self._backend._create_mem_bio_gc()
-        if encoding is serialization.Encoding.PEM:
-            res = self._backend._lib.PEM_write_bio_X509_CRL(
-                bio, self._x509_crl
-            )
-        elif encoding is serialization.Encoding.DER:
-            res = self._backend._lib.i2d_X509_CRL_bio(bio, self._x509_crl)
-        else:
-            raise TypeError("encoding must be an item from the Encoding enum")
-
-        self._backend.openssl_assert(res == 1)
-        return self._backend._read_mem_bio(bio)
-
-    def _revoked_cert(self, idx):
-        revoked = self._backend._lib.X509_CRL_get_REVOKED(self._x509_crl)
-        r = self._backend._lib.sk_X509_REVOKED_value(revoked, idx)
-        self._backend.openssl_assert(r != self._backend._ffi.NULL)
-        return _RevokedCertificate(self._backend, self, r)
-
-    def __iter__(self):
-        for i in range(len(self)):
-            yield self._revoked_cert(i)
-
-    def __getitem__(self, idx):
-        if isinstance(idx, slice):
-            start, stop, step = idx.indices(len(self))
-            return [self._revoked_cert(i) for i in range(start, stop, step)]
-        else:
-            idx = operator.index(idx)
-            if idx < 0:
-                idx += len(self)
-            if not 0 <= idx < len(self):
-                raise IndexError
-            return self._revoked_cert(idx)
-
-    def __len__(self):
-        revoked = self._backend._lib.X509_CRL_get_REVOKED(self._x509_crl)
-        if revoked == self._backend._ffi.NULL:
-            return 0
-        else:
-            return self._backend._lib.sk_X509_REVOKED_num(revoked)
-
-    @utils.cached_property
-    def extensions(self):
-        return _CRL_EXTENSION_PARSER.parse(self._backend, self._x509_crl)
-
-    def is_signature_valid(self, public_key):
-        if not isinstance(public_key, (dsa.DSAPublicKey, rsa.RSAPublicKey,
-                                       ec.EllipticCurvePublicKey)):
-            raise TypeError('Expecting one of DSAPublicKey, RSAPublicKey,'
-                            ' or EllipticCurvePublicKey.')
-        res = self._backend._lib.X509_CRL_verify(
-            self._x509_crl, public_key._evp_pkey
-        )
-
-        if res != 1:
-            self._backend._consume_errors()
-            return False
-
-        return True
-
-
-@utils.register_interface(x509.CertificateSigningRequest)
-class _CertificateSigningRequest(object):
-    def __init__(self, backend, x509_req):
-        self._backend = backend
-        self._x509_req = x509_req
-
-    def __eq__(self, other):
-        if not isinstance(other, _CertificateSigningRequest):
-            return NotImplemented
-
-        self_bytes = self.public_bytes(serialization.Encoding.DER)
-        other_bytes = other.public_bytes(serialization.Encoding.DER)
-        return self_bytes == other_bytes
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash(self.public_bytes(serialization.Encoding.DER))
-
-    def public_key(self):
-        pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req)
-        self._backend.openssl_assert(pkey != self._backend._ffi.NULL)
-        pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free)
-        return self._backend._evp_pkey_to_public_key(pkey)
-
-    @property
-    def subject(self):
-        subject = self._backend._lib.X509_REQ_get_subject_name(self._x509_req)
-        self._backend.openssl_assert(subject != self._backend._ffi.NULL)
-        return _decode_x509_name(self._backend, subject)
-
-    @property
-    def signature_hash_algorithm(self):
-        oid = self.signature_algorithm_oid
-        try:
-            return x509._SIG_OIDS_TO_HASH[oid]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "Signature algorithm OID:{} not recognized".format(oid)
-            )
-
-    @property
-    def signature_algorithm_oid(self):
-        alg = self._backend._ffi.new("X509_ALGOR **")
-        self._backend._lib.X509_REQ_get0_signature(
-            self._x509_req, self._backend._ffi.NULL, alg
-        )
-        self._backend.openssl_assert(alg[0] != self._backend._ffi.NULL)
-        oid = _obj2txt(self._backend, alg[0].algorithm)
-        return x509.ObjectIdentifier(oid)
-
-    @utils.cached_property
-    def extensions(self):
-        x509_exts = self._backend._lib.X509_REQ_get_extensions(self._x509_req)
-        x509_exts = self._backend._ffi.gc(
-            x509_exts,
-            lambda x: self._backend._lib.sk_X509_EXTENSION_pop_free(
-                x, self._backend._ffi.addressof(
-                    self._backend._lib._original_lib, "X509_EXTENSION_free"
-                )
-            )
-        )
-        return _CSR_EXTENSION_PARSER.parse(self._backend, x509_exts)
-
-    def public_bytes(self, encoding):
-        bio = self._backend._create_mem_bio_gc()
-        if encoding is serialization.Encoding.PEM:
-            res = self._backend._lib.PEM_write_bio_X509_REQ(
-                bio, self._x509_req
-            )
-        elif encoding is serialization.Encoding.DER:
-            res = self._backend._lib.i2d_X509_REQ_bio(bio, self._x509_req)
-        else:
-            raise TypeError("encoding must be an item from the Encoding enum")
-
-        self._backend.openssl_assert(res == 1)
-        return self._backend._read_mem_bio(bio)
-
-    @property
-    def tbs_certrequest_bytes(self):
-        pp = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.i2d_re_X509_REQ_tbs(self._x509_req, pp)
-        self._backend.openssl_assert(res > 0)
-        pp = self._backend._ffi.gc(
-            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
-        )
-        return self._backend._ffi.buffer(pp[0], res)[:]
-
-    @property
-    def signature(self):
-        sig = self._backend._ffi.new("ASN1_BIT_STRING **")
-        self._backend._lib.X509_REQ_get0_signature(
-            self._x509_req, sig, self._backend._ffi.NULL
-        )
-        self._backend.openssl_assert(sig[0] != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, sig[0])
-
-    @property
-    def is_signature_valid(self):
-        pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req)
-        self._backend.openssl_assert(pkey != self._backend._ffi.NULL)
-        pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free)
-        res = self._backend._lib.X509_REQ_verify(self._x509_req, pkey)
-
-        if res != 1:
-            self._backend._consume_errors()
-            return False
-
-        return True
-
-
-@utils.register_interface(
-    x509.certificate_transparency.SignedCertificateTimestamp
-)
-class _SignedCertificateTimestamp(object):
-    def __init__(self, backend, sct_list, sct):
-        self._backend = backend
-        # Keep the SCT_LIST that this SCT came from alive.
-        self._sct_list = sct_list
-        self._sct = sct
-
-    @property
-    def version(self):
-        version = self._backend._lib.SCT_get_version(self._sct)
-        assert version == self._backend._lib.SCT_VERSION_V1
-        return x509.certificate_transparency.Version.v1
-
-    @property
-    def log_id(self):
-        out = self._backend._ffi.new("unsigned char **")
-        log_id_length = self._backend._lib.SCT_get0_log_id(self._sct, out)
-        assert log_id_length >= 0
-        return self._backend._ffi.buffer(out[0], log_id_length)[:]
-
-    @property
-    def timestamp(self):
-        timestamp = self._backend._lib.SCT_get_timestamp(self._sct)
-        milliseconds = timestamp % 1000
-        return datetime.datetime.utcfromtimestamp(
-            timestamp // 1000
-        ).replace(microsecond=milliseconds * 1000)
-
-    @property
-    def entry_type(self):
-        entry_type = self._backend._lib.SCT_get_log_entry_type(self._sct)
-        # We currently only support loading SCTs from the X.509 extension, so
-        # we only have precerts.
-        assert entry_type == self._backend._lib.CT_LOG_ENTRY_TYPE_PRECERT
-        return x509.certificate_transparency.LogEntryType.PRE_CERTIFICATE
-
-    @property
-    def _signature(self):
-        ptrptr = self._backend._ffi.new("unsigned char **")
-        res = self._backend._lib.SCT_get0_signature(self._sct, ptrptr)
-        self._backend.openssl_assert(res > 0)
-        self._backend.openssl_assert(ptrptr[0] != self._backend._ffi.NULL)
-        return self._backend._ffi.buffer(ptrptr[0], res)[:]
-
-    def __hash__(self):
-        return hash(self._signature)
-
-    def __eq__(self, other):
-        if not isinstance(other, _SignedCertificateTimestamp):
-            return NotImplemented
-
-        return self._signature == other._signature
-
-    def __ne__(self, other):
-        return not self == other
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__init__.py
@@ -1,5 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_constant_time.abi3.so b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_constant_time.abi3.so
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_openssl.abi3.so b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_openssl.abi3.so
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_padding.abi3.so b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/_padding.abi3.so
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__init__.py
@@ -1,5 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/_conditional.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/_conditional.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/binding.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/__pycache__/binding.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/_conditional.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -1,434 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-
-def cryptography_has_ec2m():
-    return [
-        "EC_POINT_set_affine_coordinates_GF2m",
-        "EC_POINT_get_affine_coordinates_GF2m",
-        "EC_POINT_set_compressed_coordinates_GF2m",
-    ]
-
-
-def cryptography_has_ec_1_0_2():
-    return [
-        "EC_curve_nid2nist",
-    ]
-
-
-def cryptography_has_set_ecdh_auto():
-    return [
-        "SSL_CTX_set_ecdh_auto",
-    ]
-
-
-def cryptography_has_rsa_r_pkcs_decoding_error():
-    return [
-        "RSA_R_PKCS_DECODING_ERROR"
-    ]
-
-
-def cryptography_has_rsa_oaep_md():
-    return [
-        "EVP_PKEY_CTX_set_rsa_oaep_md",
-    ]
-
-
-def cryptography_has_rsa_oaep_label():
-    return [
-        "EVP_PKEY_CTX_set0_rsa_oaep_label",
-    ]
-
-
-def cryptography_has_ssl3_method():
-    return [
-        "SSLv3_method",
-        "SSLv3_client_method",
-        "SSLv3_server_method",
-    ]
-
-
-def cryptography_has_alpn():
-    return [
-        "SSL_CTX_set_alpn_protos",
-        "SSL_set_alpn_protos",
-        "SSL_CTX_set_alpn_select_cb",
-        "SSL_get0_alpn_selected",
-    ]
-
-
-def cryptography_has_compression():
-    return [
-        "SSL_get_current_compression",
-        "SSL_get_current_expansion",
-        "SSL_COMP_get_name",
-    ]
-
-
-def cryptography_has_get_server_tmp_key():
-    return [
-        "SSL_get_server_tmp_key",
-    ]
-
-
-def cryptography_has_102_verification_error_codes():
-    return [
-        'X509_V_ERR_SUITE_B_INVALID_VERSION',
-        'X509_V_ERR_SUITE_B_INVALID_ALGORITHM',
-        'X509_V_ERR_SUITE_B_INVALID_CURVE',
-        'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM',
-        'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED',
-        'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256',
-        'X509_V_ERR_HOSTNAME_MISMATCH',
-        'X509_V_ERR_EMAIL_MISMATCH',
-        'X509_V_ERR_IP_ADDRESS_MISMATCH'
-    ]
-
-
-def cryptography_has_102_verification_params():
-    return [
-        "X509_V_FLAG_SUITEB_128_LOS_ONLY",
-        "X509_V_FLAG_SUITEB_192_LOS",
-        "X509_V_FLAG_SUITEB_128_LOS",
-        "X509_VERIFY_PARAM_set1_host",
-        "X509_VERIFY_PARAM_set1_email",
-        "X509_VERIFY_PARAM_set1_ip",
-        "X509_VERIFY_PARAM_set1_ip_asc",
-        "X509_VERIFY_PARAM_set_hostflags",
-        "SSL_get0_param",
-        "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT",
-        "X509_CHECK_FLAG_NO_WILDCARDS",
-        "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS",
-        "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS",
-        "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS"
-    ]
-
-
-def cryptography_has_110_verification_params():
-    return [
-        "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT"
-    ]
-
-
-def cryptography_has_x509_v_flag_trusted_first():
-    return [
-        "X509_V_FLAG_TRUSTED_FIRST",
-    ]
-
-
-def cryptography_has_x509_v_flag_partial_chain():
-    return [
-        "X509_V_FLAG_PARTIAL_CHAIN",
-    ]
-
-
-def cryptography_has_set_cert_cb():
-    return [
-        "SSL_CTX_set_cert_cb",
-        "SSL_set_cert_cb",
-    ]
-
-
-def cryptography_has_ssl_st():
-    return [
-        "SSL_ST_BEFORE",
-        "SSL_ST_OK",
-        "SSL_ST_INIT",
-        "SSL_ST_RENEGOTIATE",
-    ]
-
-
-def cryptography_has_tls_st():
-    return [
-        "TLS_ST_BEFORE",
-        "TLS_ST_OK",
-    ]
-
-
-def cryptography_has_locking_callbacks():
-    return [
-        "Cryptography_setup_ssl_threads",
-    ]
-
-
-def cryptography_has_scrypt():
-    return [
-        "EVP_PBE_scrypt",
-    ]
-
-
-def cryptography_has_generic_dtls_method():
-    return [
-        "DTLS_method",
-        "DTLS_server_method",
-        "DTLS_client_method",
-        "SSL_OP_NO_DTLSv1",
-        "SSL_OP_NO_DTLSv1_2",
-        "DTLS_set_link_mtu",
-        "DTLS_get_link_min_mtu",
-    ]
-
-
-def cryptography_has_evp_pkey_dhx():
-    return [
-        "EVP_PKEY_DHX",
-    ]
-
-
-def cryptography_has_mem_functions():
-    return [
-        "Cryptography_CRYPTO_set_mem_functions",
-    ]
-
-
-def cryptography_has_sct():
-    return [
-        "SCT_get_version",
-        "SCT_get_log_entry_type",
-        "SCT_get0_log_id",
-        "SCT_get0_signature",
-        "SCT_get_timestamp",
-        "SCT_set_source",
-        "sk_SCT_num",
-        "sk_SCT_value",
-        "SCT_LIST_free",
-        "sk_SCT_push",
-        "sk_SCT_new_null",
-        "SCT_new",
-        "SCT_set1_log_id",
-        "SCT_set_timestamp",
-        "SCT_set_version",
-        "SCT_set_log_entry_type",
-    ]
-
-
-def cryptography_has_x509_store_ctx_get_issuer():
-    return [
-        "X509_STORE_get_get_issuer",
-        "X509_STORE_set_get_issuer",
-    ]
-
-
-def cryptography_has_x25519():
-    return [
-        "EVP_PKEY_X25519",
-        "NID_X25519",
-    ]
-
-
-def cryptography_has_x448():
-    return [
-        "EVP_PKEY_X448",
-        "NID_X448",
-    ]
-
-
-def cryptography_has_ed448():
-    return [
-        "EVP_PKEY_ED448",
-        "NID_ED448",
-    ]
-
-
-def cryptography_has_ed25519():
-    return [
-        "NID_ED25519",
-        "EVP_PKEY_ED25519",
-    ]
-
-
-def cryptography_has_poly1305():
-    return [
-        "NID_poly1305",
-        "EVP_PKEY_POLY1305",
-    ]
-
-
-def cryptography_has_oneshot_evp_digest_sign_verify():
-    return [
-        "EVP_DigestSign",
-        "EVP_DigestVerify",
-    ]
-
-
-def cryptography_has_evp_digestfinal_xof():
-    return [
-        "EVP_DigestFinalXOF",
-    ]
-
-
-def cryptography_has_evp_pkey_get_set_tls_encodedpoint():
-    return [
-        "EVP_PKEY_get1_tls_encodedpoint",
-        "EVP_PKEY_set1_tls_encodedpoint",
-    ]
-
-
-def cryptography_has_fips():
-    return [
-        "FIPS_set_mode",
-        "FIPS_mode",
-    ]
-
-
-def cryptography_has_ssl_sigalgs():
-    return [
-        "SSL_CTX_set1_sigalgs_list",
-        "SSL_get_sigalgs",
-    ]
-
-
-def cryptography_has_psk():
-    return [
-        "SSL_CTX_use_psk_identity_hint",
-        "SSL_CTX_set_psk_server_callback",
-        "SSL_CTX_set_psk_client_callback",
-    ]
-
-
-def cryptography_has_custom_ext():
-    return [
-        "SSL_CTX_add_client_custom_ext",
-        "SSL_CTX_add_server_custom_ext",
-        "SSL_extension_supported",
-    ]
-
-
-def cryptography_has_openssl_cleanup():
-    return [
-        "OPENSSL_cleanup",
-    ]
-
-
-def cryptography_has_cipher_details():
-    return [
-        "SSL_CIPHER_is_aead",
-        "SSL_CIPHER_get_cipher_nid",
-        "SSL_CIPHER_get_digest_nid",
-        "SSL_CIPHER_get_kx_nid",
-        "SSL_CIPHER_get_auth_nid",
-    ]
-
-
-def cryptography_has_tlsv13():
-    return [
-        "SSL_OP_NO_TLSv1_3",
-        "SSL_VERIFY_POST_HANDSHAKE",
-        "SSL_CTX_set_ciphersuites",
-        "SSL_verify_client_post_handshake",
-        "SSL_CTX_set_post_handshake_auth",
-        "SSL_set_post_handshake_auth",
-        "SSL_SESSION_get_max_early_data",
-        "SSL_write_early_data",
-        "SSL_read_early_data",
-        "SSL_CTX_set_max_early_data",
-    ]
-
-
-def cryptography_has_raw_key():
-    return [
-        "EVP_PKEY_new_raw_private_key",
-        "EVP_PKEY_new_raw_public_key",
-        "EVP_PKEY_get_raw_private_key",
-        "EVP_PKEY_get_raw_public_key",
-    ]
-
-
-def cryptography_has_evp_r_memory_limit_exceeded():
-    return [
-        "EVP_R_MEMORY_LIMIT_EXCEEDED",
-    ]
-
-
-def cryptography_has_engine():
-    return [
-        "ENGINE_by_id",
-        "ENGINE_init",
-        "ENGINE_finish",
-        "ENGINE_get_default_RAND",
-        "ENGINE_set_default_RAND",
-        "ENGINE_unregister_RAND",
-        "ENGINE_ctrl_cmd",
-        "ENGINE_free",
-        "ENGINE_get_name",
-        "Cryptography_add_osrandom_engine",
-    ]
-
-
-# This is a mapping of
-# {condition: function-returning-names-dependent-on-that-condition} so we can
-# loop over them and delete unsupported names at runtime. It will be removed
-# when cffi supports #if in cdef. We use functions instead of just a dict of
-# lists so we can use coverage to measure which are used.
-CONDITIONAL_NAMES = {
-    "Cryptography_HAS_EC2M": cryptography_has_ec2m,
-    "Cryptography_HAS_EC_1_0_2": cryptography_has_ec_1_0_2,
-    "Cryptography_HAS_SET_ECDH_AUTO": cryptography_has_set_ecdh_auto,
-    "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": (
-        cryptography_has_rsa_r_pkcs_decoding_error
-    ),
-    "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
-    "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
-    "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
-    "Cryptography_HAS_ALPN": cryptography_has_alpn,
-    "Cryptography_HAS_COMPRESSION": cryptography_has_compression,
-    "Cryptography_HAS_GET_SERVER_TMP_KEY": cryptography_has_get_server_tmp_key,
-    "Cryptography_HAS_102_VERIFICATION_ERROR_CODES": (
-        cryptography_has_102_verification_error_codes
-    ),
-    "Cryptography_HAS_102_VERIFICATION_PARAMS": (
-        cryptography_has_102_verification_params
-    ),
-    "Cryptography_HAS_110_VERIFICATION_PARAMS": (
-        cryptography_has_110_verification_params
-    ),
-    "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": (
-        cryptography_has_x509_v_flag_trusted_first
-    ),
-    "Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN": (
-        cryptography_has_x509_v_flag_partial_chain
-    ),
-    "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
-    "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
-    "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
-    "Cryptography_HAS_LOCKING_CALLBACKS": cryptography_has_locking_callbacks,
-    "Cryptography_HAS_SCRYPT": cryptography_has_scrypt,
-    "Cryptography_HAS_GENERIC_DTLS_METHOD": (
-        cryptography_has_generic_dtls_method
-    ),
-    "Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx,
-    "Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions,
-    "Cryptography_HAS_SCT": cryptography_has_sct,
-    "Cryptography_HAS_X509_STORE_CTX_GET_ISSUER": (
-        cryptography_has_x509_store_ctx_get_issuer
-    ),
-    "Cryptography_HAS_X25519": cryptography_has_x25519,
-    "Cryptography_HAS_X448": cryptography_has_x448,
-    "Cryptography_HAS_ED448": cryptography_has_ed448,
-    "Cryptography_HAS_ED25519": cryptography_has_ed25519,
-    "Cryptography_HAS_POLY1305": cryptography_has_poly1305,
-    "Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY": (
-        cryptography_has_oneshot_evp_digest_sign_verify
-    ),
-    "Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint": (
-        cryptography_has_evp_pkey_get_set_tls_encodedpoint
-    ),
-    "Cryptography_HAS_FIPS": cryptography_has_fips,
-    "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
-    "Cryptography_HAS_PSK": cryptography_has_psk,
-    "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
-    "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup,
-    "Cryptography_HAS_CIPHER_DETAILS": cryptography_has_cipher_details,
-    "Cryptography_HAS_TLSv1_3": cryptography_has_tlsv13,
-    "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key,
-    "Cryptography_HAS_EVP_DIGESTFINAL_XOF": (
-        cryptography_has_evp_digestfinal_xof
-    ),
-    "Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": (
-        cryptography_has_evp_r_memory_limit_exceeded
-    ),
-    "Cryptography_HAS_ENGINE": cryptography_has_engine,
-}
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/binding.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/bindings/openssl/binding.py
@@ -1,197 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import collections
-import threading
-import types
-import warnings
-
-import cryptography
-from cryptography import utils
-from cryptography.exceptions import InternalError
-from cryptography.hazmat.bindings._openssl import ffi, lib
-from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
-
-_OpenSSLErrorWithText = collections.namedtuple(
-    "_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"]
-)
-
-
-class _OpenSSLError(object):
-    def __init__(self, code, lib, func, reason):
-        self._code = code
-        self._lib = lib
-        self._func = func
-        self._reason = reason
-
-    def _lib_reason_match(self, lib, reason):
-        return lib == self.lib and reason == self.reason
-
-    code = utils.read_only_property("_code")
-    lib = utils.read_only_property("_lib")
-    func = utils.read_only_property("_func")
-    reason = utils.read_only_property("_reason")
-
-
-def _consume_errors(lib):
-    errors = []
-    while True:
-        code = lib.ERR_get_error()
-        if code == 0:
-            break
-
-        err_lib = lib.ERR_GET_LIB(code)
-        err_func = lib.ERR_GET_FUNC(code)
-        err_reason = lib.ERR_GET_REASON(code)
-
-        errors.append(_OpenSSLError(code, err_lib, err_func, err_reason))
-
-    return errors
-
-
-def _openssl_assert(lib, ok):
-    if not ok:
-        errors = _consume_errors(lib)
-        errors_with_text = []
-        for err in errors:
-            buf = ffi.new("char[]", 256)
-            lib.ERR_error_string_n(err.code, buf, len(buf))
-            err_text_reason = ffi.string(buf)
-
-            errors_with_text.append(
-                _OpenSSLErrorWithText(
-                    err.code, err.lib, err.func, err.reason, err_text_reason
-                )
-            )
-
-        raise InternalError(
-            "Unknown OpenSSL error. This error is commonly encountered when "
-            "another library is not cleaning up the OpenSSL error stack. If "
-            "you are using cryptography with another library that uses "
-            "OpenSSL try disabling it before reporting a bug. Otherwise "
-            "please file an issue at https://github.com/pyca/cryptography/"
-            "issues with information on how to reproduce "
-            "this. ({0!r})".format(errors_with_text),
-            errors_with_text
-        )
-
-
-def build_conditional_library(lib, conditional_names):
-    conditional_lib = types.ModuleType("lib")
-    conditional_lib._original_lib = lib
-    excluded_names = set()
-    for condition, names_cb in conditional_names.items():
-        if not getattr(lib, condition):
-            excluded_names.update(names_cb())
-
-    for attr in dir(lib):
-        if attr not in excluded_names:
-            setattr(conditional_lib, attr, getattr(lib, attr))
-
-    return conditional_lib
-
-
-class Binding(object):
-    """
-    OpenSSL API wrapper.
-    """
-    lib = None
-    ffi = ffi
-    _lib_loaded = False
-    _init_lock = threading.Lock()
-    _lock_init_lock = threading.Lock()
-
-    def __init__(self):
-        self._ensure_ffi_initialized()
-
-    @classmethod
-    def _register_osrandom_engine(cls):
-        # Clear any errors extant in the queue before we start. In many
-        # scenarios other things may be interacting with OpenSSL in the same
-        # process space and it has proven untenable to assume that they will
-        # reliably clear the error queue. Once we clear it here we will
-        # error on any subsequent unexpected item in the stack.
-        cls.lib.ERR_clear_error()
-        if cls.lib.Cryptography_HAS_ENGINE:
-            result = cls.lib.Cryptography_add_osrandom_engine()
-            _openssl_assert(cls.lib, result in (1, 2))
-
-    @classmethod
-    def _ensure_ffi_initialized(cls):
-        with cls._init_lock:
-            if not cls._lib_loaded:
-                cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
-                cls._lib_loaded = True
-                # initialize the SSL library
-                cls.lib.SSL_library_init()
-                # adds all ciphers/digests for EVP
-                cls.lib.OpenSSL_add_all_algorithms()
-                # loads error strings for libcrypto and libssl functions
-                cls.lib.SSL_load_error_strings()
-                cls._register_osrandom_engine()
-
-    @classmethod
-    def init_static_locks(cls):
-        with cls._lock_init_lock:
-            cls._ensure_ffi_initialized()
-            # Use Python's implementation if available, importing _ssl triggers
-            # the setup for this.
-            __import__("_ssl")
-
-            if (not cls.lib.Cryptography_HAS_LOCKING_CALLBACKS or
-                    cls.lib.CRYPTO_get_locking_callback() != cls.ffi.NULL):
-                return
-
-            # If nothing else has setup a locking callback already, we set up
-            # our own
-            res = lib.Cryptography_setup_ssl_threads()
-            _openssl_assert(cls.lib, res == 1)
-
-
-def _verify_openssl_version(lib):
-    if (
-        lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-        not lib.CRYPTOGRAPHY_IS_LIBRESSL
-    ):
-        warnings.warn(
-            "OpenSSL version 1.0.1 is no longer supported by the OpenSSL "
-            "project, please upgrade. A future version of cryptography will "
-            "drop support for it.",
-            utils.CryptographyDeprecationWarning
-        )
-
-
-def _verify_package_version(version):
-    # Occasionally we run into situations where the version of the Python
-    # package does not match the version of the shared object that is loaded.
-    # This may occur in environments where multiple versions of cryptography
-    # are installed and available in the python path. To avoid errors cropping
-    # up later this code checks that the currently imported package and the
-    # shared object that were loaded have the same version and raise an
-    # ImportError if they do not
-    so_package_version = ffi.string(lib.CRYPTOGRAPHY_PACKAGE_VERSION)
-    if version.encode("ascii") != so_package_version:
-        raise ImportError(
-            "The version of cryptography does not match the loaded "
-            "shared object. This can happen if you have multiple copies of "
-            "cryptography installed in your Python path. Please try creating "
-            "a new virtual environment to resolve this issue. "
-            "Loaded python version: {}, shared object version: {}".format(
-                version, so_package_version
-            )
-        )
-
-
-_verify_package_version(cryptography.__version__)
-
-# OpenSSL is not thread safe until the locks are initialized. We call this
-# method in module scope so that it executes with the import lock. On
-# Pythons < 3.4 this import lock is a global lock, which can prevent a race
-# condition registering the OpenSSL locks. On Python 3.4+ the import lock
-# is per module so this approach will not work.
-Binding.init_static_locks()
-
-_verify_openssl_version(Binding.lib)
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__init__.py
@@ -1,5 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/cmac.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/cmac.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/constant_time.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/constant_time.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hashes.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hashes.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hmac.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/hmac.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/keywrap.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/keywrap.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/padding.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/padding.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/poly1305.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/__pycache__/poly1305.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__init__.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__init__.py
@@ -1,40 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-
-@six.add_metaclass(abc.ABCMeta)
-class AsymmetricSignatureContext(object):
-    @abc.abstractmethod
-    def update(self, data):
-        """
-        Processes the provided bytes and returns nothing.
-        """
-
-    @abc.abstractmethod
-    def finalize(self):
-        """
-        Returns the signature as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class AsymmetricVerificationContext(object):
-    @abc.abstractmethod
-    def update(self, data):
-        """
-        Processes the provided bytes and returns nothing.
-        """
-
-    @abc.abstractmethod
-    def verify(self):
-        """
-        Raises an exception if the bytes provided to update do not match the
-        signature or the signature does not match the public key.
-        """
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/__init__.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/__init__.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dh.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dh.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dsa.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/dsa.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ec.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ec.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed25519.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed25519.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed448.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/ed448.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/padding.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/padding.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/rsa.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/rsa.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/utils.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/utils.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x25519.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x25519.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x448.cpython-37.pyc b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/__pycache__/x448.cpython-37.pyc
Binary files differ.
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dh.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dh.py
@@ -1,212 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography import utils
-
-
-def generate_parameters(generator, key_size, backend):
-    return backend.generate_dh_parameters(generator, key_size)
-
-
-class DHPrivateNumbers(object):
-    def __init__(self, x, public_numbers):
-        if not isinstance(x, six.integer_types):
-            raise TypeError("x must be an integer.")
-
-        if not isinstance(public_numbers, DHPublicNumbers):
-            raise TypeError("public_numbers must be an instance of "
-                            "DHPublicNumbers.")
-
-        self._x = x
-        self._public_numbers = public_numbers
-
-    def __eq__(self, other):
-        if not isinstance(other, DHPrivateNumbers):
-            return NotImplemented
-
-        return (
-            self._x == other._x and
-            self._public_numbers == other._public_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def private_key(self, backend):
-        return backend.load_dh_private_numbers(self)
-
-    public_numbers = utils.read_only_property("_public_numbers")
-    x = utils.read_only_property("_x")
-
-
-class DHPublicNumbers(object):
-    def __init__(self, y, parameter_numbers):
-        if not isinstance(y, six.integer_types):
-            raise TypeError("y must be an integer.")
-
-        if not isinstance(parameter_numbers, DHParameterNumbers):
-            raise TypeError(
-                "parameters must be an instance of DHParameterNumbers.")
-
-        self._y = y
-        self._parameter_numbers = parameter_numbers
-
-    def __eq__(self, other):
-        if not isinstance(other, DHPublicNumbers):
-            return NotImplemented
-
-        return (
-            self._y == other._y and
-            self._parameter_numbers == other._parameter_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def public_key(self, backend):
-        return backend.load_dh_public_numbers(self)
-
-    y = utils.read_only_property("_y")
-    parameter_numbers = utils.read_only_property("_parameter_numbers")
-
-
-class DHParameterNumbers(object):
-    def __init__(self, p, g, q=None):
-        if (
-            not isinstance(p, six.integer_types) or
-            not isinstance(g, six.integer_types)
-        ):
-            raise TypeError("p and g must be integers")
-        if q is not None and not isinstance(q, six.integer_types):
-            raise TypeError("q must be integer or None")
-
-        if g < 2:
-            raise ValueError("DH generator must be 2 or greater")
-
-        self._p = p
-        self._g = g
-        self._q = q
-
-    def __eq__(self, other):
-        if not isinstance(other, DHParameterNumbers):
-            return NotImplemented
-
-        return (
-            self._p == other._p and
-            self._g == other._g and
-            self._q == other._q
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def parameters(self, backend):
-        return backend.load_dh_parameter_numbers(self)
-
-    p = utils.read_only_property("_p")
-    g = utils.read_only_property("_g")
-    q = utils.read_only_property("_q")
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DHParameters(object):
-    @abc.abstractmethod
-    def generate_private_key(self):
-        """
-        Generates and returns a DHPrivateKey.
-        """
-
-    @abc.abstractmethod
-    def parameter_bytes(self, encoding, format):
-        """
-        Returns the parameters serialized as bytes.
-        """
-
-    @abc.abstractmethod
-    def parameter_numbers(self):
-        """
-        Returns a DHParameterNumbers.
-        """
-
-
-DHParametersWithSerialization = DHParameters
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DHPrivateKey(object):
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the prime modulus.
-        """
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The DHPublicKey associated with this private key.
-        """
-
-    @abc.abstractmethod
-    def parameters(self):
-        """
-        The DHParameters object associated with this private key.
-        """
-
-    @abc.abstractmethod
-    def exchange(self, peer_public_key):
-        """
-        Given peer's DHPublicKey, carry out the key exchange and
-        return shared key as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DHPrivateKeyWithSerialization(DHPrivateKey):
-    @abc.abstractmethod
-    def private_numbers(self):
-        """
-        Returns a DHPrivateNumbers.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        Returns the key serialized as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DHPublicKey(object):
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the prime modulus.
-        """
-
-    @abc.abstractmethod
-    def parameters(self):
-        """
-        The DHParameters object associated with this public key.
-        """
-
-    @abc.abstractmethod
-    def public_numbers(self):
-        """
-        Returns a DHPublicNumbers.
-        """
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        Returns the key serialized as bytes.
-        """
-
-
-DHPublicKeyWithSerialization = DHPublicKey
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dsa.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -1,254 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography import utils
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAParameters(object):
-    @abc.abstractmethod
-    def generate_private_key(self):
-        """
-        Generates and returns a DSAPrivateKey.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAParametersWithNumbers(DSAParameters):
-    @abc.abstractmethod
-    def parameter_numbers(self):
-        """
-        Returns a DSAParameterNumbers.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAPrivateKey(object):
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the prime modulus.
-        """
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The DSAPublicKey associated with this private key.
-        """
-
-    @abc.abstractmethod
-    def parameters(self):
-        """
-        The DSAParameters object associated with this private key.
-        """
-
-    @abc.abstractmethod
-    def signer(self, signature_algorithm):
-        """
-        Returns an AsymmetricSignatureContext used for signing data.
-        """
-
-    @abc.abstractmethod
-    def sign(self, data, algorithm):
-        """
-        Signs the data
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAPrivateKeyWithSerialization(DSAPrivateKey):
-    @abc.abstractmethod
-    def private_numbers(self):
-        """
-        Returns a DSAPrivateNumbers.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        Returns the key serialized as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAPublicKey(object):
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the prime modulus.
-        """
-
-    @abc.abstractmethod
-    def parameters(self):
-        """
-        The DSAParameters object associated with this public key.
-        """
-
-    @abc.abstractmethod
-    def verifier(self, signature, signature_algorithm):
-        """
-        Returns an AsymmetricVerificationContext used for signing data.
-        """
-
-    @abc.abstractmethod
-    def public_numbers(self):
-        """
-        Returns a DSAPublicNumbers.
-        """
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        Returns the key serialized as bytes.
-        """
-
-    @abc.abstractmethod
-    def verify(self, signature, data, algorithm):
-        """
-        Verifies the signature of the data.
-        """
-
-
-DSAPublicKeyWithSerialization = DSAPublicKey
-
-
-def generate_parameters(key_size, backend):
-    return backend.generate_dsa_parameters(key_size)
-
-
-def generate_private_key(key_size, backend):
-    return backend.generate_dsa_private_key_and_parameters(key_size)
-
-
-def _check_dsa_parameters(parameters):
-    if parameters.p.bit_length() not in [1024, 2048, 3072]:
-        raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
-    if parameters.q.bit_length() not in [160, 224, 256]:
-        raise ValueError("q must be exactly 160, 224, or 256 bits long")
-
-    if not (1 < parameters.g < parameters.p):
-        raise ValueError("g, p don't satisfy 1 < g < p.")
-
-
-def _check_dsa_private_numbers(numbers):
-    parameters = numbers.public_numbers.parameter_numbers
-    _check_dsa_parameters(parameters)
-    if numbers.x <= 0 or numbers.x >= parameters.q:
-        raise ValueError("x must be > 0 and < q.")
-
-    if numbers.public_numbers.y != pow(parameters.g, numbers.x, parameters.p):
-        raise ValueError("y must be equal to (g ** x % p).")
-
-
-class DSAParameterNumbers(object):
-    def __init__(self, p, q, g):
-        if (
-            not isinstance(p, six.integer_types) or
-            not isinstance(q, six.integer_types) or
-            not isinstance(g, six.integer_types)
-        ):
-            raise TypeError(
-                "DSAParameterNumbers p, q, and g arguments must be integers."
-            )
-
-        self._p = p
-        self._q = q
-        self._g = g
-
-    p = utils.read_only_property("_p")
-    q = utils.read_only_property("_q")
-    g = utils.read_only_property("_g")
-
-    def parameters(self, backend):
-        return backend.load_dsa_parameter_numbers(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, DSAParameterNumbers):
-            return NotImplemented
-
-        return self.p == other.p and self.q == other.q and self.g == other.g
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __repr__(self):
-        return (
-            "<DSAParameterNumbers(p={self.p}, q={self.q}, g={self.g})>".format(
-                self=self
-            )
-        )
-
-
-class DSAPublicNumbers(object):
-    def __init__(self, y, parameter_numbers):
-        if not isinstance(y, six.integer_types):
-            raise TypeError("DSAPublicNumbers y argument must be an integer.")
-
-        if not isinstance(parameter_numbers, DSAParameterNumbers):
-            raise TypeError(
-                "parameter_numbers must be a DSAParameterNumbers instance."
-            )
-
-        self._y = y
-        self._parameter_numbers = parameter_numbers
-
-    y = utils.read_only_property("_y")
-    parameter_numbers = utils.read_only_property("_parameter_numbers")
-
-    def public_key(self, backend):
-        return backend.load_dsa_public_numbers(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, DSAPublicNumbers):
-            return NotImplemented
-
-        return (
-            self.y == other.y and
-            self.parameter_numbers == other.parameter_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __repr__(self):
-        return (
-            "<DSAPublicNumbers(y={self.y}, "
-            "parameter_numbers={self.parameter_numbers})>".format(self=self)
-        )
-
-
-class DSAPrivateNumbers(object):
-    def __init__(self, x, public_numbers):
-        if not isinstance(x, six.integer_types):
-            raise TypeError("DSAPrivateNumbers x argument must be an integer.")
-
-        if not isinstance(public_numbers, DSAPublicNumbers):
-            raise TypeError(
-                "public_numbers must be a DSAPublicNumbers instance."
-            )
-        self._public_numbers = public_numbers
-        self._x = x
-
-    x = utils.read_only_property("_x")
-    public_numbers = utils.read_only_property("_public_numbers")
-
-    def private_key(self, backend):
-        return backend.load_dsa_private_numbers(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, DSAPrivateNumbers):
-            return NotImplemented
-
-        return (
-            self.x == other.x and self.public_numbers == other.public_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ec.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -1,500 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-import warnings
-
-import six
-
-from cryptography import utils
-from cryptography.hazmat._oid import ObjectIdentifier
-
-
-class EllipticCurveOID(object):
-    SECP192R1 = ObjectIdentifier("1.2.840.10045.3.1.1")
-    SECP224R1 = ObjectIdentifier("1.3.132.0.33")
-    SECP256K1 = ObjectIdentifier("1.3.132.0.10")
-    SECP256R1 = ObjectIdentifier("1.2.840.10045.3.1.7")
-    SECP384R1 = ObjectIdentifier("1.3.132.0.34")
-    SECP521R1 = ObjectIdentifier("1.3.132.0.35")
-    BRAINPOOLP256R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.7")
-    BRAINPOOLP384R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.11")
-    BRAINPOOLP512R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.13")
-    SECT163K1 = ObjectIdentifier("1.3.132.0.1")
-    SECT163R2 = ObjectIdentifier("1.3.132.0.15")
-    SECT233K1 = ObjectIdentifier("1.3.132.0.26")
-    SECT233R1 = ObjectIdentifier("1.3.132.0.27")
-    SECT283K1 = ObjectIdentifier("1.3.132.0.16")
-    SECT283R1 = ObjectIdentifier("1.3.132.0.17")
-    SECT409K1 = ObjectIdentifier("1.3.132.0.36")
-    SECT409R1 = ObjectIdentifier("1.3.132.0.37")
-    SECT571K1 = ObjectIdentifier("1.3.132.0.38")
-    SECT571R1 = ObjectIdentifier("1.3.132.0.39")
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurve(object):
-    @abc.abstractproperty
-    def name(self):
-        """
-        The name of the curve. e.g. secp256r1.
-        """
-
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        Bit size of a secret scalar for the curve.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurveSignatureAlgorithm(object):
-    @abc.abstractproperty
-    def algorithm(self):
-        """
-        The digest algorithm used with this signature.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurvePrivateKey(object):
-    @abc.abstractmethod
-    def signer(self, signature_algorithm):
-        """
-        Returns an AsymmetricSignatureContext used for signing data.
-        """
-
-    @abc.abstractmethod
-    def exchange(self, algorithm, peer_public_key):
-        """
-        Performs a key exchange operation using the provided algorithm with the
-        provided peer's public key.
-        """
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The EllipticCurvePublicKey for this private key.
-        """
-
-    @abc.abstractproperty
-    def curve(self):
-        """
-        The EllipticCurve that this key is on.
-        """
-
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        Bit size of a secret scalar for the curve.
-        """
-
-    @abc.abstractmethod
-    def sign(self, data, signature_algorithm):
-        """
-        Signs the data
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurvePrivateKeyWithSerialization(EllipticCurvePrivateKey):
-    @abc.abstractmethod
-    def private_numbers(self):
-        """
-        Returns an EllipticCurvePrivateNumbers.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        Returns the key serialized as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurvePublicKey(object):
-    @abc.abstractmethod
-    def verifier(self, signature, signature_algorithm):
-        """
-        Returns an AsymmetricVerificationContext used for signing data.
-        """
-
-    @abc.abstractproperty
-    def curve(self):
-        """
-        The EllipticCurve that this key is on.
-        """
-
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        Bit size of a secret scalar for the curve.
-        """
-
-    @abc.abstractmethod
-    def public_numbers(self):
-        """
-        Returns an EllipticCurvePublicNumbers.
-        """
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        Returns the key serialized as bytes.
-        """
-
-    @abc.abstractmethod
-    def verify(self, signature, data, signature_algorithm):
-        """
-        Verifies the signature of the data.
-        """
-
-    @classmethod
-    def from_encoded_point(cls, curve, data):
-        utils._check_bytes("data", data)
-
-        if not isinstance(curve, EllipticCurve):
-            raise TypeError("curve must be an EllipticCurve instance")
-
-        if len(data) == 0:
-            raise ValueError("data must not be an empty byte string")
-
-        if six.indexbytes(data, 0) not in [0x02, 0x03, 0x04]:
-            raise ValueError("Unsupported elliptic curve point type")
-
-        from cryptography.hazmat.backends.openssl.backend import backend
-        return backend.load_elliptic_curve_public_bytes(curve, data)
-
-
-EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey
-
-
-@utils.register_interface(EllipticCurve)
-class SECT571R1(object):
-    name = "sect571r1"
-    key_size = 570
-
-
-@utils.register_interface(EllipticCurve)
-class SECT409R1(object):
-    name = "sect409r1"
-    key_size = 409
-
-
-@utils.register_interface(EllipticCurve)
-class SECT283R1(object):
-    name = "sect283r1"
-    key_size = 283
-
-
-@utils.register_interface(EllipticCurve)
-class SECT233R1(object):
-    name = "sect233r1"
-    key_size = 233
-
-
-@utils.register_interface(EllipticCurve)
-class SECT163R2(object):
-    name = "sect163r2"
-    key_size = 163
-
-
-@utils.register_interface(EllipticCurve)
-class SECT571K1(object):
-    name = "sect571k1"
-    key_size = 571
-
-
-@utils.register_interface(EllipticCurve)
-class SECT409K1(object):
-    name = "sect409k1"
-    key_size = 409
-
-
-@utils.register_interface(EllipticCurve)
-class SECT283K1(object):
-    name = "sect283k1"
-    key_size = 283
-
-
-@utils.register_interface(EllipticCurve)
-class SECT233K1(object):
-    name = "sect233k1"
-    key_size = 233
-
-
-@utils.register_interface(EllipticCurve)
-class SECT163K1(object):
-    name = "sect163k1"
-    key_size = 163
-
-
-@utils.register_interface(EllipticCurve)
-class SECP521R1(object):
-    name = "secp521r1"
-    key_size = 521
-
-
-@utils.register_interface(EllipticCurve)
-class SECP384R1(object):
-    name = "secp384r1"
-    key_size = 384
-
-
-@utils.register_interface(EllipticCurve)
-class SECP256R1(object):
-    name = "secp256r1"
-    key_size = 256
-
-
-@utils.register_interface(EllipticCurve)
-class SECP256K1(object):
-    name = "secp256k1"
-    key_size = 256
-
-
-@utils.register_interface(EllipticCurve)
-class SECP224R1(object):
-    name = "secp224r1"
-    key_size = 224
-
-
-@utils.register_interface(EllipticCurve)
-class SECP192R1(object):
-    name = "secp192r1"
-    key_size = 192
-
-
-@utils.register_interface(EllipticCurve)
-class BrainpoolP256R1(object):
-    name = "brainpoolP256r1"
-    key_size = 256
-
-
-@utils.register_interface(EllipticCurve)
-class BrainpoolP384R1(object):
-    name = "brainpoolP384r1"
-    key_size = 384
-
-
-@utils.register_interface(EllipticCurve)
-class BrainpoolP512R1(object):
-    name = "brainpoolP512r1"
-    key_size = 512
-
-
-_CURVE_TYPES = {
-    "prime192v1": SECP192R1,
-    "prime256v1": SECP256R1,
-
-    "secp192r1": SECP192R1,
-    "secp224r1": SECP224R1,
-    "secp256r1": SECP256R1,
-    "secp384r1": SECP384R1,
-    "secp521r1": SECP521R1,
-    "secp256k1": SECP256K1,
-
-    "sect163k1": SECT163K1,
-    "sect233k1": SECT233K1,
-    "sect283k1": SECT283K1,
-    "sect409k1": SECT409K1,
-    "sect571k1": SECT571K1,
-
-    "sect163r2": SECT163R2,
-    "sect233r1": SECT233R1,
-    "sect283r1": SECT283R1,
-    "sect409r1": SECT409R1,
-    "sect571r1": SECT571R1,
-
-    "brainpoolP256r1": BrainpoolP256R1,
-    "brainpoolP384r1": BrainpoolP384R1,
-    "brainpoolP512r1": BrainpoolP512R1,
-}
-
-
-@utils.register_interface(EllipticCurveSignatureAlgorithm)
-class ECDSA(object):
-    def __init__(self, algorithm):
-        self._algorithm = algorithm
-
-    algorithm = utils.read_only_property("_algorithm")
-
-
-def generate_private_key(curve, backend):
-    return backend.generate_elliptic_curve_private_key(curve)
-
-
-def derive_private_key(private_value, curve, backend):
-    if not isinstance(private_value, six.integer_types):
-        raise TypeError("private_value must be an integer type.")
-
-    if private_value <= 0:
-        raise ValueError("private_value must be a positive integer.")
-
-    if not isinstance(curve, EllipticCurve):
-        raise TypeError("curve must provide the EllipticCurve interface.")
-
-    return backend.derive_elliptic_curve_private_key(private_value, curve)
-
-
-class EllipticCurvePublicNumbers(object):
-    def __init__(self, x, y, curve):
-        if (
-            not isinstance(x, six.integer_types) or
-            not isinstance(y, six.integer_types)
-        ):
-            raise TypeError("x and y must be integers.")
-
-        if not isinstance(curve, EllipticCurve):
-            raise TypeError("curve must provide the EllipticCurve interface.")
-
-        self._y = y
-        self._x = x
-        self._curve = curve
-
-    def public_key(self, backend):
-        return backend.load_elliptic_curve_public_numbers(self)
-
-    def encode_point(self):
-        warnings.warn(
-            "encode_point has been deprecated on EllipticCurvePublicNumbers"
-            " and will be removed in a future version. Please use "
-            "EllipticCurvePublicKey.public_bytes to obtain both "
-            "compressed and uncompressed point encoding.",
-            utils.DeprecatedIn25,
-            stacklevel=2,
-        )
-        # key_size is in bits. Convert to bytes and round up
-        byte_length = (self.curve.key_size + 7) // 8
-        return (
-            b'\x04' + utils.int_to_bytes(self.x, byte_length) +
-            utils.int_to_bytes(self.y, byte_length)
-        )
-
-    @classmethod
-    def from_encoded_point(cls, curve, data):
-        if not isinstance(curve, EllipticCurve):
-            raise TypeError("curve must be an EllipticCurve instance")
-
-        warnings.warn(
-            "Support for unsafe construction of public numbers from "
-            "encoded data will be removed in a future version. "
-            "Please use EllipticCurvePublicKey.from_encoded_point",
-            utils.DeprecatedIn25,
-            stacklevel=2,
-        )
-
-        if data.startswith(b'\x04'):
-            # key_size is in bits. Convert to bytes and round up
-            byte_length = (curve.key_size + 7) // 8
-            if len(data) == 2 * byte_length + 1:
-                x = utils.int_from_bytes(data[1:byte_length + 1], 'big')
-                y = utils.int_from_bytes(data[byte_length + 1:], 'big')
-                return cls(x, y, curve)
-            else:
-                raise ValueError('Invalid elliptic curve point data length')
-        else:
-            raise ValueError('Unsupported elliptic curve point type')
-
-    curve = utils.read_only_property("_curve")
-    x = utils.read_only_property("_x")
-    y = utils.read_only_property("_y")
-
-    def __eq__(self, other):
-        if not isinstance(other, EllipticCurvePublicNumbers):
-            return NotImplemented
-
-        return (
-            self.x == other.x and
-            self.y == other.y and
-            self.curve.name == other.curve.name and
-            self.curve.key_size == other.curve.key_size
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash((self.x, self.y, self.curve.name, self.curve.key_size))
-
-    def __repr__(self):
-        return (
-            "<EllipticCurvePublicNumbers(curve={0.curve.name}, x={0.x}, "
-            "y={0.y}>".format(self)
-        )
-
-
-class EllipticCurvePrivateNumbers(object):
-    def __init__(self, private_value, public_numbers):
-        if not isinstance(private_value, six.integer_types):
-            raise TypeError("private_value must be an integer.")
-
-        if not isinstance(public_numbers, EllipticCurvePublicNumbers):
-            raise TypeError(
-                "public_numbers must be an EllipticCurvePublicNumbers "
-                "instance."
-            )
-
-        self._private_value = private_value
-        self._public_numbers = public_numbers
-
-    def private_key(self, backend):
-        return backend.load_elliptic_curve_private_numbers(self)
-
-    private_value = utils.read_only_property("_private_value")
-    public_numbers = utils.read_only_property("_public_numbers")
-
-    def __eq__(self, other):
-        if not isinstance(other, EllipticCurvePrivateNumbers):
-            return NotImplemented
-
-        return (
-            self.private_value == other.private_value and
-            self.public_numbers == other.public_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash((self.private_value, self.public_numbers))
-
-
-class ECDH(object):
-    pass
-
-
-_OID_TO_CURVE = {
-    EllipticCurveOID.SECP192R1: SECP192R1,
-    EllipticCurveOID.SECP224R1: SECP224R1,
-    EllipticCurveOID.SECP256K1: SECP256K1,
-    EllipticCurveOID.SECP256R1: SECP256R1,
-    EllipticCurveOID.SECP384R1: SECP384R1,
-    EllipticCurveOID.SECP521R1: SECP521R1,
-    EllipticCurveOID.BRAINPOOLP256R1: BrainpoolP256R1,
-    EllipticCurveOID.BRAINPOOLP384R1: BrainpoolP384R1,
-    EllipticCurveOID.BRAINPOOLP512R1: BrainpoolP512R1,
-    EllipticCurveOID.SECT163K1: SECT163K1,
-    EllipticCurveOID.SECT163R2: SECT163R2,
-    EllipticCurveOID.SECT233K1: SECT233K1,
-    EllipticCurveOID.SECT233R1: SECT233R1,
-    EllipticCurveOID.SECT283K1: SECT283K1,
-    EllipticCurveOID.SECT283R1: SECT283R1,
-    EllipticCurveOID.SECT409K1: SECT409K1,
-    EllipticCurveOID.SECT409R1: SECT409R1,
-    EllipticCurveOID.SECT571K1: SECT571K1,
-    EllipticCurveOID.SECT571R1: SECT571R1,
-}
-
-
-def get_curve_for_oid(oid):
-    try:
-        return _OID_TO_CURVE[oid]
-    except KeyError:
-        raise LookupError(
-            "The provided object identifier has no matching elliptic "
-            "curve class"
-        )
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed25519.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed25519.py
@@ -1,84 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-
-
-_ED25519_KEY_SIZE = 32
-_ED25519_SIG_SIZE = 64
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Ed25519PublicKey(object):
-    @classmethod
-    def from_public_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-
-        return backend.ed25519_load_public_bytes(data)
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        The serialized bytes of the public key.
-        """
-
-    @abc.abstractmethod
-    def verify(self, signature, data):
-        """
-        Verify the signature.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Ed25519PrivateKey(object):
-    @classmethod
-    def generate(cls):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-
-        return backend.ed25519_generate_key()
-
-    @classmethod
-    def from_private_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed25519_supported():
-            raise UnsupportedAlgorithm(
-                "ed25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-
-        return backend.ed25519_load_private_bytes(data)
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The Ed25519PublicKey derived from the private key.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        The serialized bytes of the private key.
-        """
-
-    @abc.abstractmethod
-    def sign(self, data):
-        """
-        Signs the data.
-        """
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed448.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/ed448.py
@@ -1,79 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Ed448PublicKey(object):
-    @classmethod
-    def from_public_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed448_supported():
-            raise UnsupportedAlgorithm(
-                "ed448 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-
-        return backend.ed448_load_public_bytes(data)
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        The serialized bytes of the public key.
-        """
-
-    @abc.abstractmethod
-    def verify(self, signature, data):
-        """
-        Verify the signature.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Ed448PrivateKey(object):
-    @classmethod
-    def generate(cls):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed448_supported():
-            raise UnsupportedAlgorithm(
-                "ed448 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-        return backend.ed448_generate_key()
-
-    @classmethod
-    def from_private_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.ed448_supported():
-            raise UnsupportedAlgorithm(
-                "ed448 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM
-            )
-
-        return backend.ed448_load_private_bytes(data)
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The Ed448PublicKey derived from the private key.
-        """
-
-    @abc.abstractmethod
-    def sign(self, data):
-        """
-        Signs the data.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        The serialized bytes of the private key.
-        """
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/padding.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -1,79 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-import math
-
-import six
-
-from cryptography import utils
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import rsa
-
-
-@six.add_metaclass(abc.ABCMeta)
-class AsymmetricPadding(object):
-    @abc.abstractproperty
-    def name(self):
-        """
-        A string naming this padding (e.g. "PSS", "PKCS1").
-        """
-
-
-@utils.register_interface(AsymmetricPadding)
-class PKCS1v15(object):
-    name = "EMSA-PKCS1-v1_5"
-
-
-@utils.register_interface(AsymmetricPadding)
-class PSS(object):
-    MAX_LENGTH = object()
-    name = "EMSA-PSS"
-
-    def __init__(self, mgf, salt_length):
-        self._mgf = mgf
-
-        if (not isinstance(salt_length, six.integer_types) and
-                salt_length is not self.MAX_LENGTH):
-            raise TypeError("salt_length must be an integer.")
-
-        if salt_length is not self.MAX_LENGTH and salt_length < 0:
-            raise ValueError("salt_length must be zero or greater.")
-
-        self._salt_length = salt_length
-
-
-@utils.register_interface(AsymmetricPadding)
-class OAEP(object):
-    name = "EME-OAEP"
-
-    def __init__(self, mgf, algorithm, label):
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError("Expected instance of hashes.HashAlgorithm.")
-
-        self._mgf = mgf
-        self._algorithm = algorithm
-        self._label = label
-
-
-class MGF1(object):
-    MAX_LENGTH = object()
-
-    def __init__(self, algorithm):
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError("Expected instance of hashes.HashAlgorithm.")
-
-        self._algorithm = algorithm
-
-
-def calculate_max_pss_salt_length(key, hash_algorithm):
-    if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)):
-        raise TypeError("key must be an RSA public or private key")
-    # bit length - 1 per RFC 3447
-    emlen = int(math.ceil((key.key_size - 1) / 8.0))
-    salt_length = emlen - hash_algorithm.digest_size - 2
-    assert salt_length >= 0
-    return salt_length
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/rsa.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -1,368 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-try:
-    # Only available in math in 3.5+
-    from math import gcd
-except ImportError:
-    from fractions import gcd
-
-import six
-
-from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.backends.interfaces import RSABackend
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RSAPrivateKey(object):
-    @abc.abstractmethod
-    def signer(self, padding, algorithm):
-        """
-        Returns an AsymmetricSignatureContext used for signing data.
-        """
-
-    @abc.abstractmethod
-    def decrypt(self, ciphertext, padding):
-        """
-        Decrypts the provided ciphertext.
-        """
-
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the public modulus.
-        """
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The RSAPublicKey associated with this private key.
-        """
-
-    @abc.abstractmethod
-    def sign(self, data, padding, algorithm):
-        """
-        Signs the data.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RSAPrivateKeyWithSerialization(RSAPrivateKey):
-    @abc.abstractmethod
-    def private_numbers(self):
-        """
-        Returns an RSAPrivateNumbers.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        Returns the key serialized as bytes.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RSAPublicKey(object):
-    @abc.abstractmethod
-    def verifier(self, signature, padding, algorithm):
-        """
-        Returns an AsymmetricVerificationContext used for verifying signatures.
-        """
-
-    @abc.abstractmethod
-    def encrypt(self, plaintext, padding):
-        """
-        Encrypts the given plaintext.
-        """
-
-    @abc.abstractproperty
-    def key_size(self):
-        """
-        The bit length of the public modulus.
-        """
-
-    @abc.abstractmethod
-    def public_numbers(self):
-        """
-        Returns an RSAPublicNumbers
-        """
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding, format):
-        """
-        Returns the key serialized as bytes.
-        """
-
-    @abc.abstractmethod
-    def verify(self, signature, data, padding, algorithm):
-        """
-        Verifies the signature of the data.
-        """
-
-
-RSAPublicKeyWithSerialization = RSAPublicKey
-
-
-def generate_private_key(public_exponent, key_size, backend):
-    if not isinstance(backend, RSABackend):
-        raise UnsupportedAlgorithm(
-            "Backend object does not implement RSABackend.",
-            _Reasons.BACKEND_MISSING_INTERFACE
-        )
-
-    _verify_rsa_parameters(public_exponent, key_size)
-    return backend.generate_rsa_private_key(public_exponent, key_size)
-
-
-def _verify_rsa_parameters(public_exponent, key_size):
-    if public_exponent < 3:
-        raise ValueError("public_exponent must be >= 3.")
-
-    if public_exponent & 1 == 0:
-        raise ValueError("public_exponent must be odd.")
-
-    if key_size < 512:
-        raise ValueError("key_size must be at least 512-bits.")
-
-
-def _check_private_key_components(p, q, private_exponent, dmp1, dmq1, iqmp,
-                                  public_exponent, modulus):
-    if modulus < 3:
-        raise ValueError("modulus must be >= 3.")
-
-    if p >= modulus:
-        raise ValueError("p must be < modulus.")
-
-    if q >= modulus:
-        raise ValueError("q must be < modulus.")
-
-    if dmp1 >= modulus:
-        raise ValueError("dmp1 must be < modulus.")
-
-    if dmq1 >= modulus:
-        raise ValueError("dmq1 must be < modulus.")
-
-    if iqmp >= modulus:
-        raise ValueError("iqmp must be < modulus.")
-
-    if private_exponent >= modulus:
-        raise ValueError("private_exponent must be < modulus.")
-
-    if public_exponent < 3 or public_exponent >= modulus:
-        raise ValueError("public_exponent must be >= 3 and < modulus.")
-
-    if public_exponent & 1 == 0:
-        raise ValueError("public_exponent must be odd.")
-
-    if dmp1 & 1 == 0:
-        raise ValueError("dmp1 must be odd.")
-
-    if dmq1 & 1 == 0:
-        raise ValueError("dmq1 must be odd.")
-
-    if p * q != modulus:
-        raise ValueError("p*q must equal modulus.")
-
-
-def _check_public_key_components(e, n):
-    if n < 3:
-        raise ValueError("n must be >= 3.")
-
-    if e < 3 or e >= n:
-        raise ValueError("e must be >= 3 and < n.")
-
-    if e & 1 == 0:
-        raise ValueError("e must be odd.")
-
-
-def _modinv(e, m):
-    """
-    Modular Multiplicative Inverse. Returns x such that: (x*e) mod m == 1
-    """
-    x1, y1, x2, y2 = 1, 0, 0, 1
-    a, b = e, m
-    while b > 0:
-        q, r = divmod(a, b)
-        xn, yn = x1 - q * x2, y1 - q * y2
-        a, b, x1, y1, x2, y2 = b, r, x2, y2, xn, yn
-    return x1 % m
-
-
-def rsa_crt_iqmp(p, q):
-    """
-    Compute the CRT (q ** -1) % p value from RSA primes p and q.
-    """
-    return _modinv(q, p)
-
-
-def rsa_crt_dmp1(private_exponent, p):
-    """
-    Compute the CRT private_exponent % (p - 1) value from the RSA
-    private_exponent (d) and p.
-    """
-    return private_exponent % (p - 1)
-
-
-def rsa_crt_dmq1(private_exponent, q):
-    """
-    Compute the CRT private_exponent % (q - 1) value from the RSA
-    private_exponent (d) and q.
-    """
-    return private_exponent % (q - 1)
-
-
-# Controls the number of iterations rsa_recover_prime_factors will perform
-# to obtain the prime factors. Each iteration increments by 2 so the actual
-# maximum attempts is half this number.
-_MAX_RECOVERY_ATTEMPTS = 1000
-
-
-def rsa_recover_prime_factors(n, e, d):
-    """
-    Compute factors p and q from the private exponent d. We assume that n has
-    no more than two factors. This function is adapted from code in PyCrypto.
-    """
-    # See 8.2.2(i) in Handbook of Applied Cryptography.
-    ktot = d * e - 1
-    # The quantity d*e-1 is a multiple of phi(n), even,
-    # and can be represented as t*2^s.
-    t = ktot
-    while t % 2 == 0:
-        t = t // 2
-    # Cycle through all multiplicative inverses in Zn.
-    # The algorithm is non-deterministic, but there is a 50% chance
-    # any candidate a leads to successful factoring.
-    # See "Digitalized Signatures and Public Key Functions as Intractable
-    # as Factorization", M. Rabin, 1979
-    spotted = False
-    a = 2
-    while not spotted and a < _MAX_RECOVERY_ATTEMPTS:
-        k = t
-        # Cycle through all values a^{t*2^i}=a^k
-        while k < ktot:
-            cand = pow(a, k, n)
-            # Check if a^k is a non-trivial root of unity (mod n)
-            if cand != 1 and cand != (n - 1) and pow(cand, 2, n) == 1:
-                # We have found a number such that (cand-1)(cand+1)=0 (mod n).
-                # Either of the terms divides n.
-                p = gcd(cand + 1, n)
-                spotted = True
-                break
-            k *= 2
-        # This value was not any good... let's try another!
-        a += 2
-    if not spotted:
-        raise ValueError("Unable to compute factors p and q from exponent d.")
-    # Found !
-    q, r = divmod(n, p)
-    assert r == 0
-    p, q = sorted((p, q), reverse=True)
-    return (p, q)
-
-
-class RSAPrivateNumbers(object):
-    def __init__(self, p, q, d, dmp1, dmq1, iqmp,
-                 public_numbers):
-        if (
-            not isinstance(p, six.integer_types) or
-            not isinstance(q, six.integer_types) or
-            not isinstance(d, six.integer_types) or
-            not isinstance(dmp1, six.integer_types) or
-            not isinstance(dmq1, six.integer_types) or
-            not isinstance(iqmp, six.integer_types)
-        ):
-            raise TypeError(
-                "RSAPrivateNumbers p, q, d, dmp1, dmq1, iqmp arguments must"
-                " all be an integers."
-            )
-
-        if not isinstance(public_numbers, RSAPublicNumbers):
-            raise TypeError(
-                "RSAPrivateNumbers public_numbers must be an RSAPublicNumbers"
-                " instance."
-            )
-
-        self._p = p
-        self._q = q
-        self._d = d
-        self._dmp1 = dmp1
-        self._dmq1 = dmq1
-        self._iqmp = iqmp
-        self._public_numbers = public_numbers
-
-    p = utils.read_only_property("_p")
-    q = utils.read_only_property("_q")
-    d = utils.read_only_property("_d")
-    dmp1 = utils.read_only_property("_dmp1")
-    dmq1 = utils.read_only_property("_dmq1")
-    iqmp = utils.read_only_property("_iqmp")
-    public_numbers = utils.read_only_property("_public_numbers")
-
-    def private_key(self, backend):
-        return backend.load_rsa_private_numbers(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, RSAPrivateNumbers):
-            return NotImplemented
-
-        return (
-            self.p == other.p and
-            self.q == other.q and
-            self.d == other.d and
-            self.dmp1 == other.dmp1 and
-            self.dmq1 == other.dmq1 and
-            self.iqmp == other.iqmp and
-            self.public_numbers == other.public_numbers
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash((
-            self.p,
-            self.q,
-            self.d,
-            self.dmp1,
-            self.dmq1,
-            self.iqmp,
-            self.public_numbers,
-        ))
-
-
-class RSAPublicNumbers(object):
-    def __init__(self, e, n):
-        if (
-            not isinstance(e, six.integer_types) or
-            not isinstance(n, six.integer_types)
-        ):
-            raise TypeError("RSAPublicNumbers arguments must be integers.")
-
-        self._e = e
-        self._n = n
-
-    e = utils.read_only_property("_e")
-    n = utils.read_only_property("_n")
-
-    def public_key(self, backend):
-        return backend.load_rsa_public_numbers(self)
-
-    def __repr__(self):
-        return "<RSAPublicNumbers(e={0.e}, n={0.n})>".format(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, RSAPublicNumbers):
-            return NotImplemented
-
-        return self.e == other.e and self.n == other.n
-
-    def __ne__(self, other):
-        return not self == other
-
-    def __hash__(self):
-        return hash((self.e, self.n))
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/utils.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/utils.py
@@ -1,38 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from asn1crypto.algos import DSASignature
-
-import six
-
-from cryptography import utils
-from cryptography.hazmat.primitives import hashes
-
-
-def decode_dss_signature(signature):
-    data = DSASignature.load(signature, strict=True).native
-    return data['r'], data['s']
-
-
-def encode_dss_signature(r, s):
-    if (
-        not isinstance(r, six.integer_types) or
-        not isinstance(s, six.integer_types)
-    ):
-        raise ValueError("Both r and s must be integers")
-
-    return DSASignature({'r': r, 's': s}).dump()
-
-
-class Prehashed(object):
-    def __init__(self, algorithm):
-        if not isinstance(algorithm, hashes.HashAlgorithm):
-            raise TypeError("Expected instance of HashAlgorithm.")
-
-        self._algorithm = algorithm
-        self._digest_size = algorithm.digest_size
-
-    digest_size = utils.read_only_property("_digest_size")
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x25519.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x25519.py
@@ -1,73 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-
-
-@six.add_metaclass(abc.ABCMeta)
-class X25519PublicKey(object):
-    @classmethod
-    def from_public_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.x25519_supported():
-            raise UnsupportedAlgorithm(
-                "X25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
-            )
-
-        return backend.x25519_load_public_bytes(data)
-
-    @abc.abstractmethod
-    def public_bytes(self, encoding=None, format=None):
-        """
-        The serialized bytes of the public key.
-        """
-
-
-@six.add_metaclass(abc.ABCMeta)
-class X25519PrivateKey(object):
-    @classmethod
-    def generate(cls):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.x25519_supported():
-            raise UnsupportedAlgorithm(
-                "X25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
-            )
-        return backend.x25519_generate_key()
-
-    @classmethod
-    def from_private_bytes(cls, data):
-        from cryptography.hazmat.backends.openssl.backend import backend
-        if not backend.x25519_supported():
-            raise UnsupportedAlgorithm(
-                "X25519 is not supported by this version of OpenSSL.",
-                _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
-            )
-
-        return backend.x25519_load_private_bytes(data)
-
-    @abc.abstractmethod
-    def public_key(self):
-        """
-        The serialized bytes of the public key.
-        """
-
-    @abc.abstractmethod
-    def private_bytes(self, encoding, format, encryption_algorithm):
-        """
-        The serialized bytes of the private key.
-        """
-
-    @abc.abstractmethod
-    def exchange(self, peer_public_key):
-        """
-        Performs a key exchange operation using the provided peer's public key.
-        """
diff --git a/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x448.py b/MacOS/FigENC_MacOS.app/Contents/Resources/cryptography/hazmat/primitives/asymmetric/x448.py
@@ -1,73 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-import abc
-
-import six
-
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-
-
-@six.add_metaclass(abc.ABCMeta)
-class X448PublicKey(object):
-    @classmethod
<

	figenc [RADIOACTIVE] rsa and symmetric key encryption scripts and executables
	git clone git://git.figbert.com/figenc.git
	Log \| Files \| Refs \| README