Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 5e0da3aad87d3c7ee617ad354973a8f9b0ed956e / . / CHANGELOG.rst
blob: 85f84477988baa3012718f6899b79b26998f2e65 [file] [log] [blame]
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]1Changelog
2=========
3
Paul Kehrer506a2152015-05-26 08:01:18 -0500[diff] [blame]41.0 - `master`_
Paul Kehrerd5257ab2015-05-13 20:48:36 -0500[diff] [blame]5~~~~~~~~~~~~~~~~
6
7.. note:: This version is not yet released and is under active development.
8
Paul Kehrer68b3b1e2015-05-19 13:05:21 -0700[diff] [blame]9* Switched to the new `cffi`_ ``set_source`` out-of-line API mode for
10 compilation. This results in significantly faster imports and lowered
Paul Kehrer73f06c72015-06-07 23:17:39 -0500[diff] [blame]11 memory consumption. Due to this change we no longer support PyPy releases
12 older than 2.6 nor do we support any released version of PyPy3 (until a
13 version supporting cffi 1.0 comes out).
Andre Caronbeed2942015-05-18 13:47:36 -0400[diff] [blame]14* Support serialization of certificate signing requests using the
15 ``public_bytes`` method of
16 :class:`~cryptography.x509.CertificateSigningRequest`.
Andre Carona8aded62015-05-19 20:11:57 -0400[diff] [blame]17* Support serialization of certificates using the ``public_bytes`` method of
18 :class:`~cryptography.x509.Certificate`.
Jiangge Zhang764f6372015-06-05 18:01:22 +0800[diff] [blame]19* Add ``get_provisioning_uri`` method to
20 :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP` and
21 :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP` for generating
22 provisioning URIs.
Paul Kehrer66f380c2015-06-12 11:23:34 -0500[diff] [blame]23* Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash`
24 and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`.
Ian Cordascoab94b902015-06-17 08:28:02 -0500[diff] [blame]25* Raise a ``TypeError`` when passing objects that are not text as the value to
26 :class:`~cryptography.x509.NameAttribute`.
Andre Caron0ef595f2015-05-18 13:53:43 -0400[diff] [blame]27* Add support for creating certificate signing requests with
28 :class:`~cryptography.x509.CertificateSigningRequestBuilder`.
Andre Caronbeed2942015-05-18 13:47:36 -0400[diff] [blame]29
Paul Kehrer3bbda282015-07-09 09:48:23 -0500[diff] [blame]300.9.3 - 2015-07-09
31~~~~~~~~~~~~~~~~~~
32
33* Updated Windows wheels to be compiled against OpenSSL 1.0.2d.
34
Paul Kehrer7b411632015-07-03 18:07:41 -0500[diff] [blame]350.9.2 - 2015-07-04
36~~~~~~~~~~~~~~~~~~
37
38* Updated Windows wheels to be compiled against OpenSSL 1.0.2c.
39
Alex Gaynorc4bb7d52015-06-06 17:27:14 -0400[diff] [blame]400.9.1 - 2015-06-06
41~~~~~~~~~~~~~~~~~~
42
43* **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA
44 to verify signatures. Note that this only affects PyPy 2.6.0 and (presently
45 unreleased) CFFI versions greater than 1.1.0.
46
Paul Kehrerc486ed52015-05-13 17:59:31 -0500[diff] [blame]470.9 - 2015-05-13
48~~~~~~~~~~~~~~~~
Paul Kehrer8ce597b2015-03-09 00:01:17 -0500[diff] [blame]49
Paul Kehrer741fccb2015-04-14 10:22:25 -0400[diff] [blame]50* Removed support for Python 3.2. This version of Python is rarely used
51 and caused support headaches. Users affected by this should upgrade to 3.3+.
Alex Gaynor6e7f6222015-03-29 21:51:38 -0400[diff] [blame]52* Deprecated support for Python 2.6. At the time there is no time table for
53 actually dropping support, however we strongly encourage all users to upgrade
54 their Python, as Python 2.6 no longer receives support from the Python core
55 team.
Paul Kehrerebbeedf2015-05-08 18:13:14 -0500[diff] [blame]56* Add support for the
57 :class:`~cryptography.hazmat.primitives.asymmetric.ec.SECP256K1` elliptic
58 curve.
Alex Gaynor5d27d4d2015-04-04 14:56:02 -0500[diff] [blame]59* Fixed compilation when using an OpenSSL which was compiled with the
60 ``no-comp`` (``OPENSSL_NO_COMP``) option.
Paul Kehrera2c48652015-03-10 15:48:37 -0500[diff] [blame]61* Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
62 serialization of public keys using the ``public_bytes`` method of
Paul Kehrer1955ebf2015-03-10 08:38:57 -0500[diff] [blame]63 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`,
64 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`,
65 and
Paul Kehrera2c48652015-03-10 15:48:37 -0500[diff] [blame]66 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`.
Paul Kehrer919a5b22015-03-14 13:15:17 -0500[diff] [blame]67* Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
68 serialization of private keys using the ``private_bytes`` method of
69 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`,
70 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`,
71 and
72 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`.
Paul Kehrera1a1f232015-03-15 15:34:35 -0500[diff] [blame]73* Add support for parsing X.509 certificate signing requests (CSRs) with
Paul Kehrer1effb6e2015-03-30 15:05:59 -0500[diff] [blame]74 :func:`~cryptography.x509.load_pem_x509_csr` and
75 :func:`~cryptography.x509.load_der_x509_csr`.
Paul Kehrerd14dcc52015-04-14 14:21:21 -0400[diff] [blame]76* Moved ``cryptography.exceptions.InvalidToken`` to
77 :class:`cryptography.hazmat.primitives.twofactor.InvalidToken` and deprecated
78 the old location. This was moved to minimize confusion between this exception
79 and :class:`cryptography.fernet.InvalidToken`.
Paul Kehreraeb77202015-05-13 11:52:38 -0500[diff] [blame]80* Added support for X.509 extensions in :class:`~cryptography.x509.Certificate`
81 objects. The following extensions are supported as of this release:
82
83 * :class:`~cryptography.x509.BasicConstraints`
84 * :class:`~cryptography.x509.AuthorityKeyIdentifier`
85 * :class:`~cryptography.x509.SubjectKeyIdentifier`
86 * :class:`~cryptography.x509.KeyUsage`
87 * :class:`~cryptography.x509.SubjectAlternativeName`
88 * :class:`~cryptography.x509.ExtendedKeyUsage`
89 * :class:`~cryptography.x509.CRLDistributionPoints`
90 * :class:`~cryptography.x509.AuthorityInformationAccess`
91 * :class:`~cryptography.x509.CertificatePolicies`
92
93 Note that unsupported extensions with the critical flag raise
94 :class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions
95 set to non-critical are silently ignored. Read the
Alex Gaynor5e0da3a2015-07-12 10:35:56 -0500[diff] [blame^]96 :doc:`X.509 documentation</x509/index>` for more information.
Paul Kehrer1955ebf2015-03-10 08:38:57 -0500[diff] [blame]97
Paul Kehrer33906b82015-04-10 21:00:08 -0400[diff] [blame]980.8.2 - 2015-04-10
99~~~~~~~~~~~~~~~~~~
100
101* Fixed a race condition when initializing the OpenSSL or CommonCrypto backends
102 in a multi-threaded scenario.
103
Paul Kehrer41a750c2015-03-19 22:46:23 -0500[diff] [blame]1040.8.1 - 2015-03-20
105~~~~~~~~~~~~~~~~~~
106
107* Updated Windows wheels to be compiled against OpenSSL 1.0.2a.
108
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]1090.8 - 2015-03-08
110~~~~~~~~~~~~~~~~
Paul Kehrer08120d72014-12-17 21:37:58 -0600[diff] [blame]111
Alex Gaynor5d66ca52014-12-25 18:39:39 -0800[diff] [blame]112* :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can
113 now load elliptic curve public keys.
Paul Kehrer836b8302015-01-18 09:42:58 -0600[diff] [blame]114* Added
Paul Kehrer8802a5b2015-02-13 12:06:57 -0600[diff] [blame]115 :attr:`~cryptography.x509.Certificate.signature_hash_algorithm` support to
Paul Kehrerb0a80392015-02-11 23:39:49 -0600[diff] [blame]116 :class:`~cryptography.x509.Certificate`.
117* Added
Paul Kehrer836b8302015-01-18 09:42:58 -0600[diff] [blame]118 :func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factors`
Paul Kehrer48402ff2015-02-16 15:31:52 -0600[diff] [blame]119* :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved
120 from :mod:`~cryptography.hazmat.primitives.interfaces` to
121 :mod:`~cryptography.hazmat.primitives.kdf`.
Paul Kehrer719d5362015-01-01 20:03:52 -0600[diff] [blame]122* Added support for parsing X.509 names. See the
Alex Gaynor5e0da3a2015-07-12 10:35:56 -0500[diff] [blame^]123 :doc:`X.509 documentation</x509/index>` for more information.
Paul Kehrer99a249d2015-01-04 15:55:22 -0600[diff] [blame]124* Added
125 :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` to
126 support loading of DER encoded private keys and
127 :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` to
128 support loading DER encoded public keys.
Steven McDonald27e6b9c2015-02-18 16:37:03 +1100[diff] [blame]129* Fixed building against LibreSSL, a compile-time substitute for OpenSSL.
Paul Kehrer77f540d2015-02-20 12:53:04 -0600[diff] [blame]130* FreeBSD 9.2 was removed from the continuous integration system.
Paul Kehrerf28dd452015-03-05 10:22:59 -0600[diff] [blame]131* Updated Windows wheels to be compiled against OpenSSL 1.0.2.
Paul Kehrer7bfa22e2015-03-04 13:48:30 -0600[diff] [blame]132* :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`
133 and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`
Paul Kehrer791afc02015-03-05 14:29:28 -0600[diff] [blame]134 now support PKCS1 RSA public keys (in addition to the previous support for
Paul Kehrer7bfa22e2015-03-04 13:48:30 -0600[diff] [blame]135 SubjectPublicKeyInfo format for RSA, EC, and DSA).
Paul Kehrerf83e25c2015-02-21 18:34:00 -0600[diff] [blame]136* Added
Paul Kehrer59e5c862015-03-02 10:36:50 -0600[diff] [blame]137 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]138 and deprecated ``EllipticCurvePrivateKeyWithNumbers``.
Paul Kehrer59e5c862015-03-02 10:36:50 -0600[diff] [blame]139* Added
140 :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes`
141 to
142 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`.
143* Added
Paul Kehrerf83e25c2015-02-21 18:34:00 -0600[diff] [blame]144 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]145 and deprecated ``RSAPrivateKeyWithNumbers``.
Paul Kehrerf83e25c2015-02-21 18:34:00 -0600[diff] [blame]146* Added
Paul Kehrer223a8f02015-02-28 18:54:10 -0600[diff] [blame]147 :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes`
Paul Kehrerf83e25c2015-02-21 18:34:00 -0600[diff] [blame]148 to
149 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`.
Paul Kehrerec342632015-03-01 16:53:58 -0600[diff] [blame]150* Added
151 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]152 and deprecated ``DSAPrivateKeyWithNumbers``.
Paul Kehrerec342632015-03-01 16:53:58 -0600[diff] [blame]153* Added
154 :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes`
155 to
156 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`.
Paul Kehrer3f157e02015-02-28 11:31:06 -0600[diff] [blame]157* Added
158 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]159 and deprecated ``RSAPublicKeyWithNumbers``.
Paul Kehrer8ea90ef2015-07-04 16:26:58 -0500[diff] [blame]160* Added ``public_bytes`` to
Paul Kehrer3f157e02015-02-28 11:31:06 -0600[diff] [blame]161 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`.
Paul Kehrer419615b2015-03-05 21:01:16 -0600[diff] [blame]162* Added
163 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]164 and deprecated ``EllipticCurvePublicKeyWithNumbers``.
Paul Kehrer8ea90ef2015-07-04 16:26:58 -0500[diff] [blame]165* Added ``public_bytes`` to
Paul Kehrer419615b2015-03-05 21:01:16 -0600[diff] [blame]166 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`.
Paul Kehrer26006c52015-03-08 18:27:11 -0500[diff] [blame]167* Added
168 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]169 and deprecated ``DSAPublicKeyWithNumbers``.
Paul Kehrer8ea90ef2015-07-04 16:26:58 -0500[diff] [blame]170* Added ``public_bytes`` to
Paul Kehrer26006c52015-03-08 18:27:11 -0500[diff] [blame]171 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`.
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]172* :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and
173 :class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from
174 :mod:`~cryptography.hazmat.primitives.interfaces` to
175 :mod:`~cryptography.hazmat.primitives.hashes`.
176* :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`,
177 :class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`,
178 :class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`,
179 :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and
180 :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
181 were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
182 :mod:`~cryptography.hazmat.primitives.ciphers`.
183* :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`,
184 :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`,
185 :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and
186 :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag`
187 were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
188 :mod:`~cryptography.hazmat.primitives.ciphers.modes`.
189* :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved
190 from :mod:`~cryptography.hazmat.primitives.interfaces` to
191 :mod:`~cryptography.hazmat.primitives.padding`.
192*
193 :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`
194 was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
195 :mod:`~cryptography.hazmat.primitives.asymmetric.padding`.
196*
197 :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
198 and
199 :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
200 were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
201 :mod:`~cryptography.hazmat.primitives.asymmetric`.
202* :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`,
203 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`,
204 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]205 ``DSAPrivateKeyWithNumbers``,
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]206 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]207 ``DSAPublicKeyWithNumbers`` were moved from
208 :mod:`~cryptography.hazmat.primitives.interfaces` to
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]209 :mod:`~cryptography.hazmat.primitives.asymmetric.dsa`
210* :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`,
211 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`,
212 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]213 ``EllipticCurvePrivateKeyWithNumbers``,
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]214 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]215 and ``EllipticCurvePublicKeyWithNumbers``
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]216 were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
217 :mod:`~cryptography.hazmat.primitives.asymmetric.ec`.
218* :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]219 ``RSAPrivateKeyWithNumbers``,
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]220 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and
Paul Kehrerc0dd53e2015-07-04 11:27:27 -0500[diff] [blame]221 ``RSAPublicKeyWithNumbers`` were moved from
222 :mod:`~cryptography.hazmat.primitives.interfaces` to
Paul Kehrer5dc4b882015-03-08 18:19:50 -0500[diff] [blame]223 :mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
Alex Gaynor5d66ca52014-12-25 18:39:39 -0800[diff] [blame]224
Paul Kehrer72572f92015-01-16 08:10:12 -0600[diff] [blame]2250.7.2 - 2015-01-16
226~~~~~~~~~~~~~~~~~~
227
228* Updated Windows wheels to be compiled against OpenSSL 1.0.1l.
229* ``enum34`` is no longer installed on Python 3.4, where it is included in
230 the standard library.
231* Added a new function to the OpenSSL bindings to support additional
232 functionality in pyOpenSSL.
233
Paul Kehrer842e58a2014-12-28 15:17:39 -0700[diff] [blame]2340.7.1 - 2014-12-28
235~~~~~~~~~~~~~~~~~~
236
237* Fixed an issue preventing compilation on platforms where ``OPENSSL_NO_SSL3``
238 was defined.
239
Paul Kehrere8135092014-12-17 14:20:40 -0600[diff] [blame]2400.7 - 2014-12-17
241~~~~~~~~~~~~~~~~
Paul Kehrer98681332014-09-29 21:43:57 -0500[diff] [blame]242
Alex Gaynordf6a5cd2014-11-07 09:36:47 -0300[diff] [blame]243* Cryptography has been relicensed from the Apache Software License, Version
244 2.0, to being available under *either* the Apache Software License, Version
245 2.0, or the BSD license.
Alex Gaynor4c825132014-10-20 21:27:08 -0700[diff] [blame]246* Added key-rotation support to :doc:`Fernet </fernet>` with
247 :class:`~cryptography.fernet.MultiFernet`.
Paul Kehrer214d91d2014-12-18 07:20:04 -0600[diff] [blame]248* More bit-lengths are now supported for ``p`` and ``q`` when loading DSA keys
Alex Gaynora438e832014-10-19 19:47:05 -0700[diff] [blame]249 from numbers.
Terry Chiaff5ec862014-10-20 12:15:22 +0800[diff] [blame]250* Added :class:`~cryptography.hazmat.primitives.interfaces.MACContext` as a
Paul Kehrerebee0062015-03-07 12:34:33 -0600[diff] [blame]251 common interface for CMAC and HMAC and deprecated ``CMACContext``.
Paul Kehrerb3a3e5c2014-11-27 11:27:32 -1000[diff] [blame]252* Added support for encoding and decoding :rfc:`6979` signatures in
253 :doc:`/hazmat/primitives/asymmetric/utils`.
Mark Adams78a7d1c2014-12-12 23:13:12 -0600[diff] [blame]254* Added
Alex Gaynor993b85a2014-12-15 10:42:45 -0800[diff] [blame]255 :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to
Paul Kehrere8135092014-12-17 14:20:40 -0600[diff] [blame]256 support the loading of OpenSSH public keys (:rfc:`4253`). Only RSA and DSA
257 keys are currently supported.
Paul Kehrere76cd272014-12-14 19:00:51 -0600[diff] [blame]258* Added initial support for X.509 certificate parsing. See the
Alex Gaynor5e0da3a2015-07-12 10:35:56 -0500[diff] [blame^]259 :doc:`X.509 documentation</x509/index>` for more information.
Terry Chiac7c82f32014-10-20 12:15:22 +0800[diff] [blame]260
Paul Kehrer555b1502014-10-15 23:24:57 -0500[diff] [blame]2610.6.1 - 2014-10-15
262~~~~~~~~~~~~~~~~~~
263
264* Updated Windows wheels to be compiled against OpenSSL 1.0.1j.
265* Fixed an issue where OpenSSL 1.0.1j changed the errors returned by some
266 functions.
267* Added our license file to the ``cryptography-vectors`` package.
268* Implemented DSA hash truncation support (per FIPS 186-3) in the OpenSSL
269 backend. This works around an issue in 1.0.0, 1.0.0a, and 1.0.0b where
270 truncation was not implemented.
271
Paul Kehrerc3f11d82014-09-29 20:31:15 -0500[diff] [blame]2720.6 - 2014-09-29
273~~~~~~~~~~~~~~~~
Paul Kehrer1757fe32014-07-07 22:29:23 -0500[diff] [blame]274
Alex Gaynoref823342014-09-27 12:04:22 -0400[diff] [blame]275* Added
276 :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` to
277 ease loading private keys, and
278 :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` to
279 support loading public keys.
Alex Gaynor1658f942014-07-08 00:02:37 -0700[diff] [blame]280* Removed the, deprecated in 0.4, support for the ``salt_length`` argument to
281 the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
282 constructor. The ``salt_length`` should be passed to
283 :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead.
Paul Kehrerf4fbf392014-08-21 08:36:49 -1000[diff] [blame]284* Fix compilation on OS X Yosemite.
Paul Kehrer77e95a02014-09-25 12:28:07 -0500[diff] [blame]285* Deprecated ``elliptic_curve_private_key_from_numbers`` and
286 ``elliptic_curve_public_key_from_numbers`` in favor of
287 ``load_elliptic_curve_private_numbers`` and
288 ``load_elliptic_curve_public_numbers`` on
289 :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]290* Added ``EllipticCurvePrivateKeyWithNumbers`` and
291 ``EllipticCurvePublicKeyWithNumbers`` support.
Paul Kehrerf378e402014-09-27 11:28:42 -0500[diff] [blame]292* Work around three GCM related bugs in CommonCrypto and OpenSSL.
Paul Kehrer4c773652014-09-27 11:26:02 -0500[diff] [blame]293
294 * On the CommonCrypto backend adding AAD but not subsequently calling update
295 would return null tag bytes.
296
297 * One the CommonCrypto backend a call to update without an empty add AAD call
298 would return null ciphertext bytes.
299
300 * On the OpenSSL backend with certain versions adding AAD only would give
301 invalid tag bytes.
302
303* Support loading EC private keys from PEM.
Alex Gaynor1658f942014-07-08 00:02:37 -0700[diff] [blame]304
Paul Kehrer01f0c672014-08-20 20:15:18 -1000[diff] [blame]3050.5.4 - 2014-08-20
306~~~~~~~~~~~~~~~~~~
307
308* Added several functions to the OpenSSL bindings to support new
309 functionality in pyOpenSSL.
310* Fixed a redefined constant causing compilation failure with Solaris 11.2.
311
Paul Kehrer86cf5b12014-08-07 05:38:17 -1000[diff] [blame]3120.5.3 - 2014-08-06
313~~~~~~~~~~~~~~~~~~
314
315* Updated Windows wheels to be compiled against OpenSSL 1.0.1i.
316
Paul Kehrer2456e662014-07-09 19:51:32 -0500[diff] [blame]3170.5.2 - 2014-07-09
318~~~~~~~~~~~~~~~~~~
319
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]320* Add ``TraditionalOpenSSLSerializationBackend`` support to
321 :doc:`/hazmat/backends/multibackend`.
Paul Kehrer2456e662014-07-09 19:51:32 -0500[diff] [blame]322* Fix compilation error on OS X 10.8 (Mountain Lion).
323
Paul Kehrerf092d732014-07-07 19:42:15 -0500[diff] [blame]3240.5.1 - 2014-07-07
325~~~~~~~~~~~~~~~~~~
326
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]327* Add ``PKCS8SerializationBackend`` support to
328 :doc:`/hazmat/backends/multibackend`.
Paul Kehrerf092d732014-07-07 19:42:15 -0500[diff] [blame]329
Paul Kehrer3c6a2392014-07-07 08:29:07 -0500[diff] [blame]3300.5 - 2014-07-07
331~~~~~~~~~~~~~~~~
Paul Kehrer50a04852014-05-03 08:57:13 -0500[diff] [blame]332
Alex Gaynor8f1b8e82014-06-29 20:43:29 -0700[diff] [blame]333* **BACKWARDS INCOMPATIBLE:**
334 :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` no longer allows
335 truncation of tags by default. Previous versions of ``cryptography`` allowed
336 tags to be truncated by default, applications wishing to preserve this
Alex Gaynor4efe61a2014-06-29 20:44:53 -0700[diff] [blame]337 behavior (not recommended) can pass the ``min_tag_length`` argument.
Paul Kehrer8987bcb2014-07-06 09:28:29 -0500[diff] [blame]338* Windows builds now statically link OpenSSL by default. When installing a
Paul Kehrer3df9a312014-07-06 09:25:29 -0500[diff] [blame]339 wheel on Windows you no longer need to install OpenSSL separately. Windows
340 users can switch between static and dynamic linking with an environment
341 variable. See :doc:`/installation` for more details.
Paul Kehrer88bac252014-05-21 12:42:13 -0500[diff] [blame]342* Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`.
Paul Kehrer2a947c42014-05-15 17:22:08 -0400[diff] [blame]343* Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support
344 for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and
345 :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on
346 :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
Paul Kehrer055f9602014-05-20 23:21:26 -0500[diff] [blame]347* Added ``AES`` :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`
348 support to the OpenSSL backend when linked against 0.9.8.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]349* Added ``PKCS8SerializationBackend`` and
350 ``TraditionalOpenSSLSerializationBackend`` support to the
351 :doc:`/hazmat/backends/openssl`.
Paul Kehrer21fc5822014-07-04 09:28:55 -0500[diff] [blame]352* Added :doc:`/hazmat/primitives/asymmetric/ec` and
353 :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
Paul Kehrerd1bac5e2014-06-13 12:34:49 -0500[diff] [blame]354* Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support
355 for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on
356 :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]357* Deprecated the concrete ``RSAPrivateKey`` class in favor of backend
Paul Kehrera10be692015-02-12 12:58:27 -0600[diff] [blame]358 specific providers of the
359 :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
360 interface.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]361* Deprecated the concrete ``RSAPublicKey`` in favor of backend specific
Paul Kehrera10be692015-02-12 12:58:27 -0600[diff] [blame]362 providers of the
363 :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
364 interface.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]365* Deprecated the concrete ``DSAPrivateKey`` class in favor of backend
Paul Kehrera10be692015-02-12 12:58:27 -0600[diff] [blame]366 specific providers of the
367 :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
368 interface.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]369* Deprecated the concrete ``DSAPublicKey`` class in favor of backend specific
Paul Kehrera10be692015-02-12 12:58:27 -0600[diff] [blame]370 providers of the
371 :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
372 interface.
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]373* Deprecated the concrete ``DSAParameters`` class in favor of backend specific
Paul Kehrera10be692015-02-12 12:58:27 -0600[diff] [blame]374 providers of the
375 :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
376 interface.
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]377* Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and
378 ``create_rsa_verification_ctx`` on
379 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`.
Paul Kehrer1262be22014-06-26 16:16:50 -0600[diff] [blame]380* Deprecated ``create_dsa_signature_ctx`` and ``create_dsa_verification_ctx``
381 on :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
Paul Kehrerbb91c812014-05-12 15:03:04 -0400[diff] [blame]382
Paul Kehrer95862012014-05-01 16:48:05 -0500[diff] [blame]3830.4 - 2014-05-03
384~~~~~~~~~~~~~~~~
Paul Kehrer3d4eb6e2014-03-27 16:27:31 -0500[diff] [blame]385
Paul Kehrerba987452014-04-02 17:12:26 -0500[diff] [blame]386* Deprecated ``salt_length`` on
387 :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` and added it
Alex Gaynor9963cb32014-07-12 09:35:33 -0700[diff] [blame]388 to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will
Alex Gaynor2e49f212014-07-12 10:58:30 -0700[diff] [blame]389 be removed from ``MGF1`` in two releases per our :doc:`/api-stability`
Alex Gaynor9963cb32014-07-12 09:35:33 -0700[diff] [blame]390 policy.
391* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`
392 support.
Ayrx9bea9372014-04-22 21:00:34 +0800[diff] [blame]393* Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`.
Alex Gaynorcd58b932014-05-01 23:11:06 -0700[diff] [blame]394* Added decryption support to
395 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
396 and encryption support to
397 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
Paul Kehrer80950e52014-05-01 16:48:55 -0500[diff] [blame]398* Added signature support to
399 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
400 and verification support to
401 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`.
Ayrx9bea9372014-04-22 21:00:34 +0800[diff] [blame]402
Paul Kehrer9c2a11b2014-03-27 13:16:57 -0500[diff] [blame]4030.3 - 2014-03-27
404~~~~~~~~~~~~~~~~
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]405
406* Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`.
David Reideea08d92014-02-25 11:06:09 -0800[diff] [blame]407* Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`.
Alex Gaynor9963cb32014-07-12 09:35:33 -0700[diff] [blame]408* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`
409 support.
Alex Gaynorcd58b932014-05-01 23:11:06 -0700[diff] [blame]410* Added signature support to
411 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
412 and verification support to
413 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
Paul Kehrer1592e5b2014-03-27 14:29:38 -0500[diff] [blame]414* Moved test vectors to the new ``cryptography_vectors`` package.
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]415
Paul Kehrer7f711ee2014-03-03 23:58:45 -0400[diff] [blame]4160.2.2 - 2014-03-03
417~~~~~~~~~~~~~~~~~~
418
Alex Gaynor9963cb32014-07-12 09:35:33 -0700[diff] [blame]419* Removed a constant definition that was causing compilation problems with
420 specific versions of OpenSSL.
Paul Kehrer7f711ee2014-03-03 23:58:45 -0400[diff] [blame]421
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]4220.2.1 - 2014-02-22
423~~~~~~~~~~~~~~~~~~
Paul Kehrer7f711ee2014-03-03 23:58:45 -0400[diff] [blame]424
Alex Gaynorcd58b932014-05-01 23:11:06 -0700[diff] [blame]425* Fix a bug where importing cryptography from multiple paths could cause
426 initialization to fail.
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]427
4280.2 - 2014-02-20
429~~~~~~~~~~~~~~~~
430
431* Added :doc:`/hazmat/backends/commoncrypto`.
432* Added initial :doc:`/hazmat/bindings/commoncrypto`.
433* Removed ``register_cipher_adapter`` method from
434 :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`.
435* Added support for the OpenSSL backend under Windows.
436* Improved thread-safety for the OpenSSL backend.
437* Fixed compilation on systems where OpenSSL's ``ec.h`` header is not
438 available, such as CentOS.
439* Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`.
440* Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`.
441* Added :doc:`/hazmat/backends/multibackend`.
Alex Gaynorcd58b932014-05-01 23:11:06 -0700[diff] [blame]442* Set default random for the :doc:`/hazmat/backends/openssl` to the OS
443 random engine.
444* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`
445 (CAST-128) support.
Matthew Iversen69a6fad2014-02-25 02:10:44 +1100[diff] [blame]446
4470.1 - 2014-01-08
448~~~~~~~~~~~~~~~~
449
450* Initial release.
451
Alex Stapletonb9df2782014-03-17 08:09:41 +0000[diff] [blame]452.. _`master`: https://github.com/pyca/cryptography/
Paul Kehrer68b3b1e2015-05-19 13:05:21 -0700[diff] [blame]453.. _`cffi`: https://cffi.readthedocs.org/en/latest/