Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1 | Changelog |
| 2 | ========= |
| 3 | |
Paul Kehrer | ac904e3 | 2016-01-08 07:53:25 -0800 | [diff] [blame^] | 4 | 1.3 - `master`_ |
| 5 | ~~~~~~~~~~~~~~~ |
| 6 | |
| 7 | .. note:: This version is not yet released and is under active development. |
| 8 | |
Paul Kehrer | 577f95e | 2016-01-07 21:56:53 -0800 | [diff] [blame] | 9 | 1.2 - 2016-01-08 |
| 10 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | c5b430f | 2015-10-29 07:52:35 +0900 | [diff] [blame] | 11 | |
Paul Kehrer | 49bb756 | 2015-12-25 16:17:40 -0600 | [diff] [blame] | 12 | * **BACKWARDS INCOMPATIBLE:** |
| 13 | :class:`~cryptography.x509.RevokedCertificate` |
| 14 | :attr:`~cryptography.x509.RevokedCertificate.extensions` now uses extension |
| 15 | classes rather than returning raw values inside the |
| 16 | :class:`~cryptography.x509.Extension` |
| 17 | :attr:`~cryptography.x509.Extension.value`. The new classes |
| 18 | are: |
| 19 | |
| 20 | * :class:`~cryptography.x509.CertificateIssuer` |
Paul Kehrer | 7058ece | 2015-12-25 22:28:29 -0600 | [diff] [blame] | 21 | * :class:`~cryptography.x509.CRLReason` |
Paul Kehrer | 23c0bbc | 2015-12-25 22:35:19 -0600 | [diff] [blame] | 22 | * :class:`~cryptography.x509.InvalidityDate` |
Paul Kehrer | f23722a | 2015-12-31 15:56:56 -0600 | [diff] [blame] | 23 | * Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time there is no time |
| 24 | table for actually dropping support, however we strongly encourage all users |
| 25 | to upgrade, as those versions no longer receives support from the OpenSSL |
| 26 | project. |
Paul Kehrer | d91e7c1 | 2015-10-01 16:50:42 -0500 | [diff] [blame] | 27 | * The :class:`~cryptography.x509.Certificate` class now has |
| 28 | :attr:`~cryptography.x509.Certificate.signature` and |
Paul Kehrer | d289805 | 2015-11-03 22:00:41 +0900 | [diff] [blame] | 29 | :attr:`~cryptography.x509.Certificate.tbs_certificate_bytes` attributes. |
Paul Kehrer | 80dc752 | 2015-12-03 22:19:30 -0600 | [diff] [blame] | 30 | * The :class:`~cryptography.x509.CertificateSigningRequest` class now has |
| 31 | :attr:`~cryptography.x509.CertificateSigningRequest.signature` and |
| 32 | :attr:`~cryptography.x509.CertificateSigningRequest.tbs_certrequest_bytes` |
| 33 | attributes. |
Paul Kehrer | 18a9612 | 2015-12-21 11:14:34 -0600 | [diff] [blame] | 34 | * The :class:`~cryptography.x509.CertificateRevocationList` class now has |
| 35 | :attr:`~cryptography.x509.CertificateRevocationList.signature` and |
| 36 | :attr:`~cryptography.x509.CertificateRevocationList.tbs_certlist_bytes` |
| 37 | attributes. |
Paul Kehrer | 8b399b7 | 2015-12-02 22:53:40 -0600 | [diff] [blame] | 38 | * :class:`~cryptography.x509.NameConstraints` are now supported in the |
Paul Kehrer | 756d7d2 | 2015-12-02 23:45:42 -0600 | [diff] [blame] | 39 | :class:`~cryptography.x509.CertificateBuilder` and |
| 40 | :class:`~cryptography.x509.CertificateSigningRequestBuilder`. |
Paul Kehrer | 54a837d | 2015-12-20 23:42:32 -0600 | [diff] [blame] | 41 | * Support serialization of certificate revocation lists using the |
Paul Kehrer | 2d1d24d | 2015-12-21 09:23:52 -0600 | [diff] [blame] | 42 | :meth:`~cryptography.x509.CertificateRevocationList.public_bytes` method of |
Paul Kehrer | 54a837d | 2015-12-20 23:42:32 -0600 | [diff] [blame] | 43 | :class:`~cryptography.x509.CertificateRevocationList`. |
Paul Kehrer | 51f39cb | 2015-12-21 21:17:39 -0600 | [diff] [blame] | 44 | * Add support for parsing :class:`~cryptography.x509.CertificateRevocationList` |
| 45 | :meth:`~cryptography.x509.CertificateRevocationList.extensions` in the |
Paul Kehrer | 2587d30 | 2015-12-22 17:20:42 -0600 | [diff] [blame] | 46 | OpenSSL backend. The following extensions are currently supported: |
| 47 | |
| 48 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 49 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
Paul Kehrer | 3b95cd7 | 2015-12-22 21:40:20 -0600 | [diff] [blame] | 50 | * :class:`~cryptography.x509.CRLNumber` |
Paul Kehrer | 2587d30 | 2015-12-22 17:20:42 -0600 | [diff] [blame] | 51 | * :class:`~cryptography.x509.IssuerAlternativeName` |
Paul Kehrer | 09ad50c | 2015-12-26 13:59:27 -0600 | [diff] [blame] | 52 | * Added :class:`~cryptography.x509.CertificateRevocationListBuilder` and |
| 53 | :class:`~cryptography.x509.RevokedCertificateBuilder` to allow creation of |
| 54 | CRLs. |
Paul Kehrer | 58ddc11 | 2015-12-30 20:19:00 -0600 | [diff] [blame] | 55 | * Unrecognized non-critical X.509 extensions are now parsed into an |
| 56 | :class:`~cryptography.x509.UnrecognizedExtension` object. |
Paul Kehrer | d91e7c1 | 2015-10-01 16:50:42 -0500 | [diff] [blame] | 57 | |
Paul Kehrer | 869cfd9 | 2015-12-10 14:12:05 -0600 | [diff] [blame] | 58 | 1.1.2 - 2015-12-10 |
| 59 | ~~~~~~~~~~~~~~~~~~ |
| 60 | |
| 61 | * Fixed a SIGBUS crash with the OS X wheels caused by redefinition of a |
| 62 | method. |
| 63 | * Fixed a runtime error ``undefined symbol EC_GFp_nistp224_method`` that |
| 64 | occurred with some OpenSSL installations. |
| 65 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e. |
| 66 | |
Paul Kehrer | dcf40fc | 2015-11-18 22:11:36 -0600 | [diff] [blame] | 67 | 1.1.1 - 2015-11-19 |
| 68 | ~~~~~~~~~~~~~~~~~~ |
| 69 | |
| 70 | * Fixed several small bugs related to compiling the OpenSSL bindings with |
| 71 | unusual OpenSSL configurations. |
| 72 | * Resolved an issue where, depending on the method of installation and |
| 73 | which Python interpreter they were using, users on El Capitan (OS X 10.11) |
| 74 | may have seen an ``InternalError`` on import. |
| 75 | |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 76 | 1.1 - 2015-10-28 |
| 77 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | bff54ef | 2015-08-12 08:47:34 -0500 | [diff] [blame] | 78 | |
Alex Gaynor | 39d38b9 | 2015-10-17 16:44:15 -0400 | [diff] [blame] | 79 | * Added support for Elliptic Curve Diffie-Hellman with |
Alex Gaynor | d294989 | 2015-10-17 16:45:55 -0400 | [diff] [blame] | 80 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`. |
Alex Gaynor | ace036d | 2015-09-24 20:23:08 -0400 | [diff] [blame] | 81 | * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. |
Paul Kehrer | 8735548 | 2015-10-21 20:27:44 -0500 | [diff] [blame] | 82 | * Added support for parsing certificate revocation lists (CRLs) using |
| 83 | :func:`~cryptography.x509.load_pem_x509_crl` and |
| 84 | :func:`~cryptography.x509.load_der_x509_crl`. |
Paul Kehrer | 0d76a2e | 2015-05-17 13:36:13 -0700 | [diff] [blame] | 85 | * Add support for AES key wrapping with |
| 86 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and |
| 87 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`. |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 88 | * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`. |
Paul Kehrer | 1a1b115 | 2015-10-28 09:33:05 +0900 | [diff] [blame] | 89 | * Add support for encoding and decoding elliptic curve points to a byte string |
| 90 | form using |
| 91 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point` |
| 92 | and |
| 93 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 94 | * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`. |
| 95 | * :class:`~cryptography.x509.CertificatePolicies` are now supported in the |
| 96 | :class:`~cryptography.x509.CertificateBuilder`. |
| 97 | * ``countryName`` is now encoded as a ``PrintableString`` when creating subject |
| 98 | and issuer distinguished names with the Certificate and CSR builder classes. |
Paul Kehrer | 1a1b115 | 2015-10-28 09:33:05 +0900 | [diff] [blame] | 99 | |
Paul Kehrer | 8addede | 2015-09-26 22:57:35 -0500 | [diff] [blame] | 100 | 1.0.2 - 2015-09-27 |
| 101 | ~~~~~~~~~~~~~~~~~~ |
| 102 | * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use |
| 103 | of assertions to check response codes where our tests could not trigger a |
| 104 | failure. However, when Python is run with ``-O`` these asserts are optimized |
| 105 | away. If a user ran Python with this flag and got an invalid response code |
| 106 | this could result in undefined behavior or worse. Accordingly, all response |
| 107 | checks from the OpenSSL backend have been converted from ``assert`` |
| 108 | to a true function call. Credit **Emilia Käsper (Google Security Team)** |
| 109 | for the report. |
| 110 | |
Paul Kehrer | 2f6b169 | 2015-09-05 20:58:52 -0500 | [diff] [blame] | 111 | 1.0.1 - 2015-09-05 |
| 112 | ~~~~~~~~~~~~~~~~~~ |
| 113 | |
| 114 | * We now ship OS X wheels that statically link OpenSSL by default. When |
| 115 | installing a wheel on OS X 10.10+ (and using a Python compiled against the |
| 116 | 10.10 SDK) users will no longer need to compile. See :doc:`/installation` for |
| 117 | alternate installation methods if required. |
| 118 | * Set the default string mask to UTF-8 in the OpenSSL backend to resolve |
| 119 | character encoding issues with older versions of OpenSSL. |
| 120 | * Several new OpenSSL bindings have been added to support a future pyOpenSSL |
| 121 | release. |
| 122 | * Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+. |
Paul Kehrer | bff54ef | 2015-08-12 08:47:34 -0500 | [diff] [blame] | 123 | |
Paul Kehrer | 55ab805 | 2015-08-11 18:22:55 -0500 | [diff] [blame] | 124 | 1.0 - 2015-08-12 |
Paul Kehrer | d5257ab | 2015-05-13 20:48:36 -0500 | [diff] [blame] | 125 | ~~~~~~~~~~~~~~~~ |
| 126 | |
Paul Kehrer | 68b3b1e | 2015-05-19 13:05:21 -0700 | [diff] [blame] | 127 | * Switched to the new `cffi`_ ``set_source`` out-of-line API mode for |
| 128 | compilation. This results in significantly faster imports and lowered |
Paul Kehrer | 73f06c7 | 2015-06-07 23:17:39 -0500 | [diff] [blame] | 129 | memory consumption. Due to this change we no longer support PyPy releases |
| 130 | older than 2.6 nor do we support any released version of PyPy3 (until a |
| 131 | version supporting cffi 1.0 comes out). |
Paul Kehrer | 60cc9ef | 2015-08-04 19:29:52 +0100 | [diff] [blame] | 132 | * Fix parsing of OpenSSH public keys that have spaces in comments. |
Andre Caron | beed294 | 2015-05-18 13:47:36 -0400 | [diff] [blame] | 133 | * Support serialization of certificate signing requests using the |
| 134 | ``public_bytes`` method of |
| 135 | :class:`~cryptography.x509.CertificateSigningRequest`. |
Andre Caron | a8aded6 | 2015-05-19 20:11:57 -0400 | [diff] [blame] | 136 | * Support serialization of certificates using the ``public_bytes`` method of |
| 137 | :class:`~cryptography.x509.Certificate`. |
Jiangge Zhang | 764f637 | 2015-06-05 18:01:22 +0800 | [diff] [blame] | 138 | * Add ``get_provisioning_uri`` method to |
| 139 | :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP` and |
| 140 | :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP` for generating |
| 141 | provisioning URIs. |
Paul Kehrer | 66f380c | 2015-06-12 11:23:34 -0500 | [diff] [blame] | 142 | * Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` |
| 143 | and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`. |
Ian Cordasco | ab94b90 | 2015-06-17 08:28:02 -0500 | [diff] [blame] | 144 | * Raise a ``TypeError`` when passing objects that are not text as the value to |
| 145 | :class:`~cryptography.x509.NameAttribute`. |
Paul Kehrer | 44171a2 | 2015-08-01 21:21:26 +0100 | [diff] [blame] | 146 | * Add support for :class:`~cryptography.x509.OtherName` as a general name |
| 147 | type. |
| 148 | * Added new X.509 extension support in :class:`~cryptography.x509.Certificate` |
| 149 | The following new extensions are now supported: |
| 150 | |
| 151 | * :class:`~cryptography.x509.OCSPNoCheck` |
| 152 | * :class:`~cryptography.x509.InhibitAnyPolicy` |
| 153 | * :class:`~cryptography.x509.IssuerAlternativeName` |
| 154 | * :class:`~cryptography.x509.NameConstraints` |
| 155 | |
| 156 | * Extension support was added to |
| 157 | :class:`~cryptography.x509.CertificateSigningRequest`. |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 158 | * Add support for creating signed certificates with |
| 159 | :class:`~cryptography.x509.CertificateBuilder`. This includes support for |
Paul Kehrer | e0ecfdc | 2015-08-06 10:53:15 +0100 | [diff] [blame] | 160 | the following extensions: |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 161 | |
| 162 | * :class:`~cryptography.x509.BasicConstraints` |
| 163 | * :class:`~cryptography.x509.SubjectAlternativeName` |
Paul Kehrer | e0ecfdc | 2015-08-06 10:53:15 +0100 | [diff] [blame] | 164 | * :class:`~cryptography.x509.KeyUsage` |
| 165 | * :class:`~cryptography.x509.ExtendedKeyUsage` |
| 166 | * :class:`~cryptography.x509.SubjectKeyIdentifier` |
| 167 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
| 168 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 169 | * :class:`~cryptography.x509.CRLDistributionPoints` |
Paul Kehrer | 683d4d8 | 2015-08-06 23:13:45 +0100 | [diff] [blame] | 170 | * :class:`~cryptography.x509.InhibitAnyPolicy` |
Paul Kehrer | 2dfd9da | 2015-08-10 21:30:23 -0500 | [diff] [blame] | 171 | * :class:`~cryptography.x509.IssuerAlternativeName` |
| 172 | * :class:`~cryptography.x509.OCSPNoCheck` |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 173 | |
Paul Kehrer | 91e385d | 2015-08-08 22:50:28 -0500 | [diff] [blame] | 174 | * Add support for creating certificate signing requests with |
| 175 | :class:`~cryptography.x509.CertificateSigningRequestBuilder`. This includes |
| 176 | support for the same extensions supported in the ``CertificateBuilder``. |
Paul Kehrer | 31c5c33 | 2015-08-10 11:59:38 -0500 | [diff] [blame] | 177 | * Deprecate ``encode_rfc6979_signature`` and ``decode_rfc6979_signature`` in |
| 178 | favor of |
| 179 | :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature` |
| 180 | and |
| 181 | :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. |
| 182 | |
Paul Kehrer | 91e385d | 2015-08-08 22:50:28 -0500 | [diff] [blame] | 183 | |
Paul Kehrer | 3bbda28 | 2015-07-09 09:48:23 -0500 | [diff] [blame] | 184 | 0.9.3 - 2015-07-09 |
| 185 | ~~~~~~~~~~~~~~~~~~ |
| 186 | |
| 187 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2d. |
| 188 | |
Paul Kehrer | 7b41163 | 2015-07-03 18:07:41 -0500 | [diff] [blame] | 189 | 0.9.2 - 2015-07-04 |
| 190 | ~~~~~~~~~~~~~~~~~~ |
| 191 | |
| 192 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2c. |
| 193 | |
Alex Gaynor | c4bb7d5 | 2015-06-06 17:27:14 -0400 | [diff] [blame] | 194 | 0.9.1 - 2015-06-06 |
| 195 | ~~~~~~~~~~~~~~~~~~ |
| 196 | |
| 197 | * **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA |
| 198 | to verify signatures. Note that this only affects PyPy 2.6.0 and (presently |
| 199 | unreleased) CFFI versions greater than 1.1.0. |
| 200 | |
Paul Kehrer | c486ed5 | 2015-05-13 17:59:31 -0500 | [diff] [blame] | 201 | 0.9 - 2015-05-13 |
| 202 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 8ce597b | 2015-03-09 00:01:17 -0500 | [diff] [blame] | 203 | |
Paul Kehrer | 741fccb | 2015-04-14 10:22:25 -0400 | [diff] [blame] | 204 | * Removed support for Python 3.2. This version of Python is rarely used |
| 205 | and caused support headaches. Users affected by this should upgrade to 3.3+. |
Alex Gaynor | 6e7f622 | 2015-03-29 21:51:38 -0400 | [diff] [blame] | 206 | * Deprecated support for Python 2.6. At the time there is no time table for |
| 207 | actually dropping support, however we strongly encourage all users to upgrade |
| 208 | their Python, as Python 2.6 no longer receives support from the Python core |
| 209 | team. |
Paul Kehrer | ebbeedf | 2015-05-08 18:13:14 -0500 | [diff] [blame] | 210 | * Add support for the |
| 211 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.SECP256K1` elliptic |
| 212 | curve. |
Alex Gaynor | 5d27d4d | 2015-04-04 14:56:02 -0500 | [diff] [blame] | 213 | * Fixed compilation when using an OpenSSL which was compiled with the |
| 214 | ``no-comp`` (``OPENSSL_NO_COMP``) option. |
Paul Kehrer | a2c4865 | 2015-03-10 15:48:37 -0500 | [diff] [blame] | 215 | * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` |
| 216 | serialization of public keys using the ``public_bytes`` method of |
Paul Kehrer | 1955ebf | 2015-03-10 08:38:57 -0500 | [diff] [blame] | 217 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`, |
| 218 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`, |
| 219 | and |
Paul Kehrer | a2c4865 | 2015-03-10 15:48:37 -0500 | [diff] [blame] | 220 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. |
Paul Kehrer | 919a5b2 | 2015-03-14 13:15:17 -0500 | [diff] [blame] | 221 | * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` |
| 222 | serialization of private keys using the ``private_bytes`` method of |
| 223 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`, |
| 224 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`, |
| 225 | and |
| 226 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. |
Paul Kehrer | a1a1f23 | 2015-03-15 15:34:35 -0500 | [diff] [blame] | 227 | * Add support for parsing X.509 certificate signing requests (CSRs) with |
Paul Kehrer | 1effb6e | 2015-03-30 15:05:59 -0500 | [diff] [blame] | 228 | :func:`~cryptography.x509.load_pem_x509_csr` and |
| 229 | :func:`~cryptography.x509.load_der_x509_csr`. |
Paul Kehrer | d14dcc5 | 2015-04-14 14:21:21 -0400 | [diff] [blame] | 230 | * Moved ``cryptography.exceptions.InvalidToken`` to |
| 231 | :class:`cryptography.hazmat.primitives.twofactor.InvalidToken` and deprecated |
| 232 | the old location. This was moved to minimize confusion between this exception |
| 233 | and :class:`cryptography.fernet.InvalidToken`. |
Paul Kehrer | aeb7720 | 2015-05-13 11:52:38 -0500 | [diff] [blame] | 234 | * Added support for X.509 extensions in :class:`~cryptography.x509.Certificate` |
| 235 | objects. The following extensions are supported as of this release: |
| 236 | |
| 237 | * :class:`~cryptography.x509.BasicConstraints` |
| 238 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
| 239 | * :class:`~cryptography.x509.SubjectKeyIdentifier` |
| 240 | * :class:`~cryptography.x509.KeyUsage` |
| 241 | * :class:`~cryptography.x509.SubjectAlternativeName` |
| 242 | * :class:`~cryptography.x509.ExtendedKeyUsage` |
| 243 | * :class:`~cryptography.x509.CRLDistributionPoints` |
| 244 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 245 | * :class:`~cryptography.x509.CertificatePolicies` |
| 246 | |
| 247 | Note that unsupported extensions with the critical flag raise |
| 248 | :class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions |
| 249 | set to non-critical are silently ignored. Read the |
Alex Gaynor | 5e0da3a | 2015-07-12 10:35:56 -0500 | [diff] [blame] | 250 | :doc:`X.509 documentation</x509/index>` for more information. |
Paul Kehrer | 1955ebf | 2015-03-10 08:38:57 -0500 | [diff] [blame] | 251 | |
Paul Kehrer | 33906b8 | 2015-04-10 21:00:08 -0400 | [diff] [blame] | 252 | 0.8.2 - 2015-04-10 |
| 253 | ~~~~~~~~~~~~~~~~~~ |
| 254 | |
| 255 | * Fixed a race condition when initializing the OpenSSL or CommonCrypto backends |
| 256 | in a multi-threaded scenario. |
| 257 | |
Paul Kehrer | 41a750c | 2015-03-19 22:46:23 -0500 | [diff] [blame] | 258 | 0.8.1 - 2015-03-20 |
| 259 | ~~~~~~~~~~~~~~~~~~ |
| 260 | |
| 261 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2a. |
| 262 | |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 263 | 0.8 - 2015-03-08 |
| 264 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 08120d7 | 2014-12-17 21:37:58 -0600 | [diff] [blame] | 265 | |
Alex Gaynor | 5d66ca5 | 2014-12-25 18:39:39 -0800 | [diff] [blame] | 266 | * :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can |
| 267 | now load elliptic curve public keys. |
Paul Kehrer | 836b830 | 2015-01-18 09:42:58 -0600 | [diff] [blame] | 268 | * Added |
Paul Kehrer | 8802a5b | 2015-02-13 12:06:57 -0600 | [diff] [blame] | 269 | :attr:`~cryptography.x509.Certificate.signature_hash_algorithm` support to |
Paul Kehrer | b0a8039 | 2015-02-11 23:39:49 -0600 | [diff] [blame] | 270 | :class:`~cryptography.x509.Certificate`. |
| 271 | * Added |
Paul Kehrer | 836b830 | 2015-01-18 09:42:58 -0600 | [diff] [blame] | 272 | :func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factors` |
Paul Kehrer | 48402ff | 2015-02-16 15:31:52 -0600 | [diff] [blame] | 273 | * :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved |
| 274 | from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 275 | :mod:`~cryptography.hazmat.primitives.kdf`. |
Paul Kehrer | 719d536 | 2015-01-01 20:03:52 -0600 | [diff] [blame] | 276 | * Added support for parsing X.509 names. See the |
Alex Gaynor | 5e0da3a | 2015-07-12 10:35:56 -0500 | [diff] [blame] | 277 | :doc:`X.509 documentation</x509/index>` for more information. |
Paul Kehrer | 99a249d | 2015-01-04 15:55:22 -0600 | [diff] [blame] | 278 | * Added |
| 279 | :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` to |
| 280 | support loading of DER encoded private keys and |
| 281 | :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` to |
| 282 | support loading DER encoded public keys. |
Steven McDonald | 27e6b9c | 2015-02-18 16:37:03 +1100 | [diff] [blame] | 283 | * Fixed building against LibreSSL, a compile-time substitute for OpenSSL. |
Paul Kehrer | 77f540d | 2015-02-20 12:53:04 -0600 | [diff] [blame] | 284 | * FreeBSD 9.2 was removed from the continuous integration system. |
Paul Kehrer | f28dd45 | 2015-03-05 10:22:59 -0600 | [diff] [blame] | 285 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2. |
Paul Kehrer | 7bfa22e | 2015-03-04 13:48:30 -0600 | [diff] [blame] | 286 | * :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` |
| 287 | and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` |
Paul Kehrer | 791afc0 | 2015-03-05 14:29:28 -0600 | [diff] [blame] | 288 | now support PKCS1 RSA public keys (in addition to the previous support for |
Paul Kehrer | 7bfa22e | 2015-03-04 13:48:30 -0600 | [diff] [blame] | 289 | SubjectPublicKeyInfo format for RSA, EC, and DSA). |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 290 | * Added |
Paul Kehrer | 59e5c86 | 2015-03-02 10:36:50 -0600 | [diff] [blame] | 291 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 292 | and deprecated ``EllipticCurvePrivateKeyWithNumbers``. |
Paul Kehrer | 59e5c86 | 2015-03-02 10:36:50 -0600 | [diff] [blame] | 293 | * Added |
| 294 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes` |
| 295 | to |
| 296 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. |
| 297 | * Added |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 298 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 299 | and deprecated ``RSAPrivateKeyWithNumbers``. |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 300 | * Added |
Paul Kehrer | 223a8f0 | 2015-02-28 18:54:10 -0600 | [diff] [blame] | 301 | :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes` |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 302 | to |
| 303 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`. |
Paul Kehrer | ec34263 | 2015-03-01 16:53:58 -0600 | [diff] [blame] | 304 | * Added |
| 305 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 306 | and deprecated ``DSAPrivateKeyWithNumbers``. |
Paul Kehrer | ec34263 | 2015-03-01 16:53:58 -0600 | [diff] [blame] | 307 | * Added |
| 308 | :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes` |
| 309 | to |
| 310 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`. |
Paul Kehrer | 3f157e0 | 2015-02-28 11:31:06 -0600 | [diff] [blame] | 311 | * Added |
| 312 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 313 | and deprecated ``RSAPublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 314 | * Added ``public_bytes`` to |
Paul Kehrer | 3f157e0 | 2015-02-28 11:31:06 -0600 | [diff] [blame] | 315 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`. |
Paul Kehrer | 419615b | 2015-03-05 21:01:16 -0600 | [diff] [blame] | 316 | * Added |
| 317 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 318 | and deprecated ``EllipticCurvePublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 319 | * Added ``public_bytes`` to |
Paul Kehrer | 419615b | 2015-03-05 21:01:16 -0600 | [diff] [blame] | 320 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. |
Paul Kehrer | 26006c5 | 2015-03-08 18:27:11 -0500 | [diff] [blame] | 321 | * Added |
| 322 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 323 | and deprecated ``DSAPublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 324 | * Added ``public_bytes`` to |
Paul Kehrer | 26006c5 | 2015-03-08 18:27:11 -0500 | [diff] [blame] | 325 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`. |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 326 | * :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and |
| 327 | :class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from |
| 328 | :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 329 | :mod:`~cryptography.hazmat.primitives.hashes`. |
| 330 | * :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`, |
| 331 | :class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`, |
| 332 | :class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`, |
| 333 | :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and |
| 334 | :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm` |
| 335 | were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 336 | :mod:`~cryptography.hazmat.primitives.ciphers`. |
| 337 | * :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`, |
| 338 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`, |
| 339 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and |
| 340 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag` |
| 341 | were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 342 | :mod:`~cryptography.hazmat.primitives.ciphers.modes`. |
| 343 | * :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved |
| 344 | from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 345 | :mod:`~cryptography.hazmat.primitives.padding`. |
| 346 | * |
| 347 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding` |
| 348 | was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 349 | :mod:`~cryptography.hazmat.primitives.asymmetric.padding`. |
| 350 | * |
| 351 | :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` |
| 352 | and |
| 353 | :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` |
| 354 | were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 355 | :mod:`~cryptography.hazmat.primitives.asymmetric`. |
| 356 | * :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`, |
| 357 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`, |
| 358 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 359 | ``DSAPrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 360 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 361 | ``DSAPublicKeyWithNumbers`` were moved from |
| 362 | :mod:`~cryptography.hazmat.primitives.interfaces` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 363 | :mod:`~cryptography.hazmat.primitives.asymmetric.dsa` |
| 364 | * :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`, |
| 365 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`, |
| 366 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 367 | ``EllipticCurvePrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 368 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 369 | and ``EllipticCurvePublicKeyWithNumbers`` |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 370 | were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to |
| 371 | :mod:`~cryptography.hazmat.primitives.asymmetric.ec`. |
| 372 | * :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 373 | ``RSAPrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 374 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 375 | ``RSAPublicKeyWithNumbers`` were moved from |
| 376 | :mod:`~cryptography.hazmat.primitives.interfaces` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 377 | :mod:`~cryptography.hazmat.primitives.asymmetric.rsa`. |
Alex Gaynor | 5d66ca5 | 2014-12-25 18:39:39 -0800 | [diff] [blame] | 378 | |
Paul Kehrer | 72572f9 | 2015-01-16 08:10:12 -0600 | [diff] [blame] | 379 | 0.7.2 - 2015-01-16 |
| 380 | ~~~~~~~~~~~~~~~~~~ |
| 381 | |
| 382 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1l. |
| 383 | * ``enum34`` is no longer installed on Python 3.4, where it is included in |
| 384 | the standard library. |
| 385 | * Added a new function to the OpenSSL bindings to support additional |
| 386 | functionality in pyOpenSSL. |
| 387 | |
Paul Kehrer | 842e58a | 2014-12-28 15:17:39 -0700 | [diff] [blame] | 388 | 0.7.1 - 2014-12-28 |
| 389 | ~~~~~~~~~~~~~~~~~~ |
| 390 | |
| 391 | * Fixed an issue preventing compilation on platforms where ``OPENSSL_NO_SSL3`` |
| 392 | was defined. |
| 393 | |
Paul Kehrer | e813509 | 2014-12-17 14:20:40 -0600 | [diff] [blame] | 394 | 0.7 - 2014-12-17 |
| 395 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 9868133 | 2014-09-29 21:43:57 -0500 | [diff] [blame] | 396 | |
Alex Gaynor | df6a5cd | 2014-11-07 09:36:47 -0300 | [diff] [blame] | 397 | * Cryptography has been relicensed from the Apache Software License, Version |
| 398 | 2.0, to being available under *either* the Apache Software License, Version |
| 399 | 2.0, or the BSD license. |
Alex Gaynor | 4c82513 | 2014-10-20 21:27:08 -0700 | [diff] [blame] | 400 | * Added key-rotation support to :doc:`Fernet </fernet>` with |
| 401 | :class:`~cryptography.fernet.MultiFernet`. |
Paul Kehrer | 214d91d | 2014-12-18 07:20:04 -0600 | [diff] [blame] | 402 | * More bit-lengths are now supported for ``p`` and ``q`` when loading DSA keys |
Alex Gaynor | a438e83 | 2014-10-19 19:47:05 -0700 | [diff] [blame] | 403 | from numbers. |
Terry Chia | ff5ec86 | 2014-10-20 12:15:22 +0800 | [diff] [blame] | 404 | * Added :class:`~cryptography.hazmat.primitives.interfaces.MACContext` as a |
Paul Kehrer | ebee006 | 2015-03-07 12:34:33 -0600 | [diff] [blame] | 405 | common interface for CMAC and HMAC and deprecated ``CMACContext``. |
Paul Kehrer | b3a3e5c | 2014-11-27 11:27:32 -1000 | [diff] [blame] | 406 | * Added support for encoding and decoding :rfc:`6979` signatures in |
| 407 | :doc:`/hazmat/primitives/asymmetric/utils`. |
Mark Adams | 78a7d1c | 2014-12-12 23:13:12 -0600 | [diff] [blame] | 408 | * Added |
Alex Gaynor | 993b85a | 2014-12-15 10:42:45 -0800 | [diff] [blame] | 409 | :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to |
Paul Kehrer | e813509 | 2014-12-17 14:20:40 -0600 | [diff] [blame] | 410 | support the loading of OpenSSH public keys (:rfc:`4253`). Only RSA and DSA |
| 411 | keys are currently supported. |
Paul Kehrer | e76cd27 | 2014-12-14 19:00:51 -0600 | [diff] [blame] | 412 | * Added initial support for X.509 certificate parsing. See the |
Alex Gaynor | 5e0da3a | 2015-07-12 10:35:56 -0500 | [diff] [blame] | 413 | :doc:`X.509 documentation</x509/index>` for more information. |
Terry Chia | c7c82f3 | 2014-10-20 12:15:22 +0800 | [diff] [blame] | 414 | |
Paul Kehrer | 555b150 | 2014-10-15 23:24:57 -0500 | [diff] [blame] | 415 | 0.6.1 - 2014-10-15 |
| 416 | ~~~~~~~~~~~~~~~~~~ |
| 417 | |
| 418 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1j. |
| 419 | * Fixed an issue where OpenSSL 1.0.1j changed the errors returned by some |
| 420 | functions. |
| 421 | * Added our license file to the ``cryptography-vectors`` package. |
| 422 | * Implemented DSA hash truncation support (per FIPS 186-3) in the OpenSSL |
| 423 | backend. This works around an issue in 1.0.0, 1.0.0a, and 1.0.0b where |
| 424 | truncation was not implemented. |
| 425 | |
Paul Kehrer | c3f11d8 | 2014-09-29 20:31:15 -0500 | [diff] [blame] | 426 | 0.6 - 2014-09-29 |
| 427 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 1757fe3 | 2014-07-07 22:29:23 -0500 | [diff] [blame] | 428 | |
Alex Gaynor | ef82334 | 2014-09-27 12:04:22 -0400 | [diff] [blame] | 429 | * Added |
| 430 | :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` to |
| 431 | ease loading private keys, and |
| 432 | :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` to |
| 433 | support loading public keys. |
Alex Gaynor | 1658f94 | 2014-07-08 00:02:37 -0700 | [diff] [blame] | 434 | * Removed the, deprecated in 0.4, support for the ``salt_length`` argument to |
| 435 | the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` |
| 436 | constructor. The ``salt_length`` should be passed to |
| 437 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead. |
Paul Kehrer | f4fbf39 | 2014-08-21 08:36:49 -1000 | [diff] [blame] | 438 | * Fix compilation on OS X Yosemite. |
Paul Kehrer | 77e95a0 | 2014-09-25 12:28:07 -0500 | [diff] [blame] | 439 | * Deprecated ``elliptic_curve_private_key_from_numbers`` and |
| 440 | ``elliptic_curve_public_key_from_numbers`` in favor of |
| 441 | ``load_elliptic_curve_private_numbers`` and |
| 442 | ``load_elliptic_curve_public_numbers`` on |
| 443 | :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 444 | * Added ``EllipticCurvePrivateKeyWithNumbers`` and |
| 445 | ``EllipticCurvePublicKeyWithNumbers`` support. |
Paul Kehrer | f378e40 | 2014-09-27 11:28:42 -0500 | [diff] [blame] | 446 | * Work around three GCM related bugs in CommonCrypto and OpenSSL. |
Paul Kehrer | 4c77365 | 2014-09-27 11:26:02 -0500 | [diff] [blame] | 447 | |
| 448 | * On the CommonCrypto backend adding AAD but not subsequently calling update |
| 449 | would return null tag bytes. |
| 450 | |
| 451 | * One the CommonCrypto backend a call to update without an empty add AAD call |
| 452 | would return null ciphertext bytes. |
| 453 | |
| 454 | * On the OpenSSL backend with certain versions adding AAD only would give |
| 455 | invalid tag bytes. |
| 456 | |
| 457 | * Support loading EC private keys from PEM. |
Alex Gaynor | 1658f94 | 2014-07-08 00:02:37 -0700 | [diff] [blame] | 458 | |
Paul Kehrer | 01f0c67 | 2014-08-20 20:15:18 -1000 | [diff] [blame] | 459 | 0.5.4 - 2014-08-20 |
| 460 | ~~~~~~~~~~~~~~~~~~ |
| 461 | |
| 462 | * Added several functions to the OpenSSL bindings to support new |
| 463 | functionality in pyOpenSSL. |
| 464 | * Fixed a redefined constant causing compilation failure with Solaris 11.2. |
| 465 | |
Paul Kehrer | 86cf5b1 | 2014-08-07 05:38:17 -1000 | [diff] [blame] | 466 | 0.5.3 - 2014-08-06 |
| 467 | ~~~~~~~~~~~~~~~~~~ |
| 468 | |
| 469 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1i. |
| 470 | |
Paul Kehrer | 2456e66 | 2014-07-09 19:51:32 -0500 | [diff] [blame] | 471 | 0.5.2 - 2014-07-09 |
| 472 | ~~~~~~~~~~~~~~~~~~ |
| 473 | |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 474 | * Add ``TraditionalOpenSSLSerializationBackend`` support to |
| 475 | :doc:`/hazmat/backends/multibackend`. |
Paul Kehrer | 2456e66 | 2014-07-09 19:51:32 -0500 | [diff] [blame] | 476 | * Fix compilation error on OS X 10.8 (Mountain Lion). |
| 477 | |
Paul Kehrer | f092d73 | 2014-07-07 19:42:15 -0500 | [diff] [blame] | 478 | 0.5.1 - 2014-07-07 |
| 479 | ~~~~~~~~~~~~~~~~~~ |
| 480 | |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 481 | * Add ``PKCS8SerializationBackend`` support to |
| 482 | :doc:`/hazmat/backends/multibackend`. |
Paul Kehrer | f092d73 | 2014-07-07 19:42:15 -0500 | [diff] [blame] | 483 | |
Paul Kehrer | 3c6a239 | 2014-07-07 08:29:07 -0500 | [diff] [blame] | 484 | 0.5 - 2014-07-07 |
| 485 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 50a0485 | 2014-05-03 08:57:13 -0500 | [diff] [blame] | 486 | |
Alex Gaynor | 8f1b8e8 | 2014-06-29 20:43:29 -0700 | [diff] [blame] | 487 | * **BACKWARDS INCOMPATIBLE:** |
| 488 | :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` no longer allows |
| 489 | truncation of tags by default. Previous versions of ``cryptography`` allowed |
| 490 | tags to be truncated by default, applications wishing to preserve this |
Alex Gaynor | 4efe61a | 2014-06-29 20:44:53 -0700 | [diff] [blame] | 491 | behavior (not recommended) can pass the ``min_tag_length`` argument. |
Paul Kehrer | 8987bcb | 2014-07-06 09:28:29 -0500 | [diff] [blame] | 492 | * Windows builds now statically link OpenSSL by default. When installing a |
Paul Kehrer | 3df9a31 | 2014-07-06 09:25:29 -0500 | [diff] [blame] | 493 | wheel on Windows you no longer need to install OpenSSL separately. Windows |
| 494 | users can switch between static and dynamic linking with an environment |
| 495 | variable. See :doc:`/installation` for more details. |
Paul Kehrer | 88bac25 | 2014-05-21 12:42:13 -0500 | [diff] [blame] | 496 | * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`. |
Paul Kehrer | 2a947c4 | 2014-05-15 17:22:08 -0400 | [diff] [blame] | 497 | * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support |
| 498 | for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and |
| 499 | :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on |
| 500 | :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 055f960 | 2014-05-20 23:21:26 -0500 | [diff] [blame] | 501 | * Added ``AES`` :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR` |
| 502 | support to the OpenSSL backend when linked against 0.9.8. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 503 | * Added ``PKCS8SerializationBackend`` and |
| 504 | ``TraditionalOpenSSLSerializationBackend`` support to the |
| 505 | :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 21fc582 | 2014-07-04 09:28:55 -0500 | [diff] [blame] | 506 | * Added :doc:`/hazmat/primitives/asymmetric/ec` and |
| 507 | :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. |
Paul Kehrer | d1bac5e | 2014-06-13 12:34:49 -0500 | [diff] [blame] | 508 | * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support |
| 509 | for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on |
| 510 | :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 511 | * Deprecated the concrete ``RSAPrivateKey`` class in favor of backend |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 512 | specific providers of the |
| 513 | :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 514 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 515 | * Deprecated the concrete ``RSAPublicKey`` in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 516 | providers of the |
| 517 | :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` |
| 518 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 519 | * Deprecated the concrete ``DSAPrivateKey`` class in favor of backend |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 520 | specific providers of the |
| 521 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` |
| 522 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 523 | * Deprecated the concrete ``DSAPublicKey`` class in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 524 | providers of the |
| 525 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` |
| 526 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 527 | * Deprecated the concrete ``DSAParameters`` class in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 528 | providers of the |
| 529 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters` |
| 530 | interface. |
Paul Kehrer | f2fb02a | 2014-06-19 10:16:42 -0600 | [diff] [blame] | 531 | * Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and |
| 532 | ``create_rsa_verification_ctx`` on |
| 533 | :class:`~cryptography.hazmat.backends.interfaces.RSABackend`. |
Paul Kehrer | 1262be2 | 2014-06-26 16:16:50 -0600 | [diff] [blame] | 534 | * Deprecated ``create_dsa_signature_ctx`` and ``create_dsa_verification_ctx`` |
| 535 | on :class:`~cryptography.hazmat.backends.interfaces.DSABackend`. |
Paul Kehrer | bb91c81 | 2014-05-12 15:03:04 -0400 | [diff] [blame] | 536 | |
Paul Kehrer | 9586201 | 2014-05-01 16:48:05 -0500 | [diff] [blame] | 537 | 0.4 - 2014-05-03 |
| 538 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 3d4eb6e | 2014-03-27 16:27:31 -0500 | [diff] [blame] | 539 | |
Paul Kehrer | ba98745 | 2014-04-02 17:12:26 -0500 | [diff] [blame] | 540 | * Deprecated ``salt_length`` on |
| 541 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` and added it |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 542 | to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will |
Alex Gaynor | 2e49f21 | 2014-07-12 10:58:30 -0700 | [diff] [blame] | 543 | be removed from ``MGF1`` in two releases per our :doc:`/api-stability` |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 544 | policy. |
| 545 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED` |
| 546 | support. |
Ayrx | 9bea937 | 2014-04-22 21:00:34 +0800 | [diff] [blame] | 547 | * Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 548 | * Added decryption support to |
| 549 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 550 | and encryption support to |
| 551 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. |
Paul Kehrer | 80950e5 | 2014-05-01 16:48:55 -0500 | [diff] [blame] | 552 | * Added signature support to |
| 553 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` |
| 554 | and verification support to |
| 555 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`. |
Ayrx | 9bea937 | 2014-04-22 21:00:34 +0800 | [diff] [blame] | 556 | |
Paul Kehrer | 9c2a11b | 2014-03-27 13:16:57 -0500 | [diff] [blame] | 557 | 0.3 - 2014-03-27 |
| 558 | ~~~~~~~~~~~~~~~~ |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 559 | |
| 560 | * Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`. |
David Reid | eea08d9 | 2014-02-25 11:06:09 -0800 | [diff] [blame] | 561 | * Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`. |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 562 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` |
| 563 | support. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 564 | * Added signature support to |
| 565 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 566 | and verification support to |
| 567 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. |
Paul Kehrer | 1592e5b | 2014-03-27 14:29:38 -0500 | [diff] [blame] | 568 | * Moved test vectors to the new ``cryptography_vectors`` package. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 569 | |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 570 | 0.2.2 - 2014-03-03 |
| 571 | ~~~~~~~~~~~~~~~~~~ |
| 572 | |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 573 | * Removed a constant definition that was causing compilation problems with |
| 574 | specific versions of OpenSSL. |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 575 | |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 576 | 0.2.1 - 2014-02-22 |
| 577 | ~~~~~~~~~~~~~~~~~~ |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 578 | |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 579 | * Fix a bug where importing cryptography from multiple paths could cause |
| 580 | initialization to fail. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 581 | |
| 582 | 0.2 - 2014-02-20 |
| 583 | ~~~~~~~~~~~~~~~~ |
| 584 | |
| 585 | * Added :doc:`/hazmat/backends/commoncrypto`. |
| 586 | * Added initial :doc:`/hazmat/bindings/commoncrypto`. |
| 587 | * Removed ``register_cipher_adapter`` method from |
| 588 | :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`. |
| 589 | * Added support for the OpenSSL backend under Windows. |
| 590 | * Improved thread-safety for the OpenSSL backend. |
| 591 | * Fixed compilation on systems where OpenSSL's ``ec.h`` header is not |
| 592 | available, such as CentOS. |
| 593 | * Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`. |
| 594 | * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. |
| 595 | * Added :doc:`/hazmat/backends/multibackend`. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 596 | * Set default random for the :doc:`/hazmat/backends/openssl` to the OS |
| 597 | random engine. |
| 598 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5` |
| 599 | (CAST-128) support. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 600 | |
| 601 | 0.1 - 2014-01-08 |
| 602 | ~~~~~~~~~~~~~~~~ |
| 603 | |
| 604 | * Initial release. |
| 605 | |
Alex Stapleton | b9df278 | 2014-03-17 08:09:41 +0000 | [diff] [blame] | 606 | .. _`master`: https://github.com/pyca/cryptography/ |
Paul Kehrer | 68b3b1e | 2015-05-19 13:05:21 -0700 | [diff] [blame] | 607 | .. _`cffi`: https://cffi.readthedocs.org/en/latest/ |