Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1 | Changelog |
| 2 | ========= |
| 3 | |
Paul Kehrer | 5edac0c | 2018-11-11 21:21:16 -0500 | [diff] [blame] | 4 | .. _v2-5: |
| 5 | |
Paul Kehrer | 83aa36d | 2019-01-22 09:35:05 -0600 | [diff] [blame] | 6 | 2.5 - 2019-01-22 |
| 7 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 5edac0c | 2018-11-11 21:21:16 -0500 | [diff] [blame] | 8 | |
Paul Kehrer | 7e42282 | 2018-12-07 11:43:38 +0800 | [diff] [blame] | 9 | * **BACKWARDS INCOMPATIBLE:** :term:`U-label` strings were deprecated in |
| 10 | version 2.1, but this version removes the default ``idna`` dependency as |
| 11 | well. If you still need this deprecated path please install cryptography |
| 12 | with the ``idna`` extra: ``pip install cryptography[idna]``. |
Paul Kehrer | 3c68250 | 2018-12-10 12:13:31 +0800 | [diff] [blame] | 13 | * **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4. |
Paul Kehrer | 610ad37 | 2019-01-17 18:24:14 -0600 | [diff] [blame] | 14 | * Numerous classes and functions have been updated to allow :term:`bytes-like` |
| 15 | types for keying material and passwords, including symmetric algorithms, AEAD |
| 16 | ciphers, KDFs, loading asymmetric keys, and one time password classes. |
Paul Kehrer | 83aa36d | 2019-01-22 09:35:05 -0600 | [diff] [blame] | 17 | * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with |
| 18 | OpenSSL 1.1.1a. |
Paul Kehrer | d67fa82 | 2018-11-12 21:41:26 -0500 | [diff] [blame] | 19 | * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224` |
| 20 | and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using |
| 21 | OpenSSL 1.1.1. |
Paul Kehrer | 3065e16 | 2018-11-22 23:42:42 +0800 | [diff] [blame] | 22 | * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`, |
| 23 | :class:`~cryptography.hazmat.primitives.hashes.SHA3_256`, |
| 24 | :class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and |
| 25 | :class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL |
| 26 | 1.1.1. |
Paul Kehrer | f86696f | 2018-12-22 15:54:53 -0600 | [diff] [blame] | 27 | * Added support for :doc:`/hazmat/primitives/asymmetric/x448` when using |
| 28 | OpenSSL 1.1.1. |
Paul Kehrer | 5fe88ea | 2019-01-19 00:52:43 -0600 | [diff] [blame] | 29 | * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHAKE128` |
| 30 | and :class:`~cryptography.hazmat.primitives.hashes.SHAKE256` when using |
| 31 | OpenSSL 1.1.1. |
Paul Kehrer | e4e7b89 | 2018-11-29 11:51:38 +0800 | [diff] [blame] | 32 | * Added initial support for parsing PKCS12 files with |
| 33 | :func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates`. |
Paul Kehrer | eb3e2e0 | 2018-12-01 12:15:20 +0800 | [diff] [blame] | 34 | * Added support for :class:`~cryptography.x509.IssuingDistributionPoint`. |
Alex Gaynor | bef3114 | 2019-01-18 13:14:59 -0500 | [diff] [blame] | 35 | * Added ``rfc4514_string()`` method to |
| 36 | :meth:`x509.Name <cryptography.x509.Name.rfc4514_string>`, |
| 37 | :meth:`x509.RelativeDistinguishedName |
| 38 | <cryptography.x509.RelativeDistinguishedName.rfc4514_string>`, and |
| 39 | :meth:`x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_string>` |
| 40 | to format the name or component an :rfc:`4514` Distinguished Name string. |
Paul Kehrer | 4c5740a | 2018-12-12 08:08:27 +0800 | [diff] [blame] | 41 | * Added |
| 42 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`, |
| 43 | which immediately checks if the point is on the curve and supports compressed |
Paul Kehrer | 89e1e34 | 2018-12-12 10:35:27 +0800 | [diff] [blame] | 44 | points. Deprecated the previous method |
| 45 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. |
Paul Kehrer | 60f264b | 2019-01-10 15:37:03 -0800 | [diff] [blame] | 46 | * Added :attr:`~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm` |
| 47 | to ``OCSPResponse``. |
Paul Kehrer | c6c25c2 | 2019-01-14 21:50:17 -0600 | [diff] [blame] | 48 | * Updated :doc:`/hazmat/primitives/asymmetric/x25519` support to allow |
| 49 | additional serialization methods. Calling |
| 50 | :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes` |
| 51 | with no arguments has been deprecated. |
Paul Kehrer | a07b1f5 | 2019-01-20 15:02:59 -0600 | [diff] [blame] | 52 | * Added support for encoding compressed and uncompressed points via |
Paul Kehrer | 2de450a | 2019-01-20 17:24:41 -0600 | [diff] [blame] | 53 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. Deprecated the previous method |
| 54 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`. |
Paul Kehrer | 89e1e34 | 2018-12-12 10:35:27 +0800 | [diff] [blame] | 55 | |
Paul Kehrer | d67fa82 | 2018-11-12 21:41:26 -0500 | [diff] [blame] | 56 | |
Paul Kehrer | cd4de3c | 2018-11-21 11:42:41 +0800 | [diff] [blame] | 57 | .. _v2-4-2: |
| 58 | |
| 59 | 2.4.2 - 2018-11-21 |
| 60 | ~~~~~~~~~~~~~~~~~~ |
| 61 | |
| 62 | * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with |
| 63 | OpenSSL 1.1.0j. |
| 64 | |
Alex Gaynor | db08466 | 2018-11-11 19:50:10 -0500 | [diff] [blame] | 65 | .. _v2-4-1: |
| 66 | |
| 67 | 2.4.1 - 2018-11-11 |
| 68 | ~~~~~~~~~~~~~~~~~~ |
| 69 | |
| 70 | * Fixed a build breakage in our ``manylinux1`` wheels. |
| 71 | |
Paul Kehrer | 39a3efb | 2018-07-19 06:35:38 +0800 | [diff] [blame] | 72 | .. _v2-4: |
| 73 | |
Paul Kehrer | 5e52fdc | 2018-11-11 17:48:23 -0500 | [diff] [blame] | 74 | 2.4 - 2018-11-11 |
| 75 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 39a3efb | 2018-07-19 06:35:38 +0800 | [diff] [blame] | 76 | |
Paul Kehrer | 5555241 | 2018-10-20 09:02:19 +0800 | [diff] [blame] | 77 | * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.4.x. |
Alex Gaynor | 5a54f1a | 2018-08-31 10:46:20 -0400 | [diff] [blame] | 78 | * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no longer supported by |
| 79 | the OpenSSL project. At this time there is no time table for dropping |
| 80 | support, however we strongly encourage all users to upgrade or install |
| 81 | ``cryptography`` from a wheel. |
Alex Gaynor | 3d271fa | 2018-08-16 20:08:05 -0400 | [diff] [blame] | 82 | * Added initial :doc:`OCSP </x509/ocsp>` support. |
Alex Gaynor | dd6b78b | 2018-08-31 18:25:52 -0500 | [diff] [blame] | 83 | * Added support for :class:`~cryptography.x509.PrecertPoison`. |
Alex Gaynor | 3d271fa | 2018-08-16 20:08:05 -0400 | [diff] [blame] | 84 | |
Paul Kehrer | c11f424 | 2018-08-14 13:25:23 -0500 | [diff] [blame] | 85 | .. _v2-3-1: |
| 86 | |
| 87 | 2.3.1 - 2018-08-14 |
| 88 | ~~~~~~~~~~~~~~~~~~ |
| 89 | |
| 90 | * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with |
| 91 | OpenSSL 1.1.0i. |
| 92 | |
Paul Kehrer | b6400af | 2018-03-18 23:30:18 -0400 | [diff] [blame] | 93 | .. _v2-3: |
| 94 | |
Paul Kehrer | 0a846e2 | 2018-07-18 19:12:46 +0800 | [diff] [blame] | 95 | 2.3 - 2018-07-18 |
| 96 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | b6400af | 2018-03-18 23:30:18 -0400 | [diff] [blame] | 97 | |
Paul Kehrer | d4378e4 | 2018-07-17 21:49:03 +0800 | [diff] [blame] | 98 | * **SECURITY ISSUE:** |
| 99 | :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` |
| 100 | allowed tag truncation by default which can allow tag forgery in some cases. |
| 101 | The method now enforces the ``min_tag_length`` provided to the |
| 102 | :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. |
Paul Kehrer | 61114a2 | 2018-07-19 06:35:55 +0800 | [diff] [blame] | 103 | *CVE-2018-10903* |
Paul Kehrer | 4ee1cb9 | 2018-06-27 20:07:14 -0700 | [diff] [blame] | 104 | * Added support for Python 3.7. |
Paul Kehrer | 36ad98f | 2018-05-12 11:57:32 -0400 | [diff] [blame] | 105 | * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the |
| 106 | authenticated timestamp of a :doc:`Fernet </fernet>` token. |
Paul Kehrer | afdbfb1 | 2018-05-25 05:45:25 +0800 | [diff] [blame] | 107 | * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. |
| 108 | We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next |
| 109 | ``cryptography`` release. |
Paul Kehrer | 611fa5a | 2018-05-31 11:39:12 +0800 | [diff] [blame] | 110 | * Fixed multiple issues preventing ``cryptography`` from compiling against |
| 111 | LibreSSL 2.7.x. |
Paul Kehrer | 5d18740 | 2018-07-16 20:49:51 +0530 | [diff] [blame] | 112 | * Added |
| 113 | :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number` |
| 114 | for quick serial number searches in CRLs. |
Marti Raudsepp | 9e1873a | 2018-07-09 16:11:18 +0300 | [diff] [blame] | 115 | * The :class:`~cryptography.x509.RelativeDistinguishedName` class now |
| 116 | preserves the order of attributes. Duplicate attributes now raise an error |
| 117 | instead of silently discarding duplicates. |
Alex Gaynor | b09b9ec | 2018-07-15 20:48:57 -0400 | [diff] [blame] | 118 | * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and |
| 119 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` |
| 120 | now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if |
| 121 | the wrapped key is an invalid length, instead of ``ValueError``. |
Paul Kehrer | 36ad98f | 2018-05-12 11:57:32 -0400 | [diff] [blame] | 122 | |
Paul Kehrer | 67ddb8f | 2018-03-27 13:34:39 -0400 | [diff] [blame] | 123 | .. _v2-2-2: |
| 124 | |
| 125 | 2.2.2 - 2018-03-27 |
| 126 | ~~~~~~~~~~~~~~~~~~ |
| 127 | |
| 128 | * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with |
| 129 | OpenSSL 1.1.0h. |
| 130 | |
Alex Gaynor | a1e9ddc | 2018-03-20 22:05:01 -0400 | [diff] [blame] | 131 | .. _v2-2-1: |
| 132 | |
| 133 | 2.2.1 - 2018-03-20 |
| 134 | ~~~~~~~~~~~~~~~~~~ |
| 135 | |
| 136 | * Reverted a change to ``GeneralNames`` which prohibited having zero elements, |
| 137 | due to breakages. |
| 138 | * Fixed a bug in |
| 139 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` |
| 140 | that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was |
| 141 | zero. |
| 142 | |
| 143 | |
Paul Kehrer | 0d6831d | 2017-10-11 21:46:47 +0800 | [diff] [blame] | 144 | .. _v2-2: |
| 145 | |
Paul Kehrer | 4601fba | 2018-03-18 22:45:30 -0400 | [diff] [blame] | 146 | 2.2 - 2018-03-19 |
| 147 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 0d6831d | 2017-10-11 21:46:47 +0800 | [diff] [blame] | 148 | |
Paul Kehrer | 4cf6e78 | 2017-10-12 06:06:01 +0800 | [diff] [blame] | 149 | * **BACKWARDS INCOMPATIBLE:** Support for Python 2.6 has been dropped. |
Paul Kehrer | 858a429 | 2018-01-06 17:55:27 -0600 | [diff] [blame] | 150 | * Resolved a bug in ``HKDF`` that incorrectly constrained output size. |
Paul Kehrer | 17c8f12 | 2018-03-15 13:35:10 -0400 | [diff] [blame] | 151 | * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`, |
| 152 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and |
| 153 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to |
| 154 | support inter-operating with systems like German smart meters. |
Chris Wolfe | af6f990 | 2017-10-18 14:23:53 -0500 | [diff] [blame] | 155 | * Added token rotation support to :doc:`Fernet </fernet>` with |
| 156 | :meth:`~cryptography.fernet.MultiFernet.rotate`. |
Paul Kehrer | d6ad9fd | 2018-02-05 16:47:21 +0800 | [diff] [blame] | 157 | * Fixed a memory leak in |
| 158 | :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`. |
Paul Kehrer | cd6cf4a | 2018-03-18 22:06:13 -0400 | [diff] [blame] | 159 | * Added support for AES key wrapping with padding via |
| 160 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` |
| 161 | and |
| 162 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` |
| 163 | . |
Paul Kehrer | 4601fba | 2018-03-18 22:45:30 -0400 | [diff] [blame] | 164 | * Allow loading DSA keys with 224 bit ``q``. |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 165 | |
Paul Kehrer | 66460d8 | 2017-11-30 10:21:33 +0800 | [diff] [blame] | 166 | .. _v2-1-4: |
| 167 | |
| 168 | 2.1.4 - 2017-11-29 |
| 169 | ~~~~~~~~~~~~~~~~~~ |
| 170 | |
| 171 | * Added ``X509_up_ref`` for an upcoming ``pyOpenSSL`` release. |
| 172 | |
Alex Gaynor | b1f9a51 | 2017-11-02 16:09:07 -0400 | [diff] [blame] | 173 | .. _v2-1-3: |
| 174 | |
| 175 | 2.1.3 - 2017-11-02 |
| 176 | ~~~~~~~~~~~~~~~~~~ |
| 177 | |
| 178 | * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with |
| 179 | OpenSSL 1.1.0g. |
| 180 | |
Alex Gaynor | d3b9af6 | 2017-10-24 12:23:16 -0400 | [diff] [blame] | 181 | .. _v2-1-2: |
| 182 | |
| 183 | 2.1.2 - 2017-10-24 |
| 184 | ~~~~~~~~~~~~~~~~~~ |
| 185 | |
| 186 | * Corrected a bug with the ``manylinux1`` wheels where OpenSSL's stack was |
| 187 | marked executable. |
| 188 | |
Paul Kehrer | 0a42f4e | 2017-10-12 19:35:39 +0800 | [diff] [blame] | 189 | .. _v2-1-1: |
| 190 | |
| 191 | 2.1.1 - 2017-10-12 |
| 192 | ~~~~~~~~~~~~~~~~~~ |
| 193 | |
| 194 | * Fixed support for install with the system ``pip`` on Ubuntu 16.04. |
| 195 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 196 | .. _v2-1: |
| 197 | |
Paul Kehrer | 0ed0e7e | 2017-10-11 20:31:09 +0800 | [diff] [blame] | 198 | 2.1 - 2017-10-11 |
| 199 | ~~~~~~~~~~~~~~~~ |
Alex Gaynor | 9c521ee | 2017-07-17 14:59:03 -0400 | [diff] [blame] | 200 | |
Alex Gaynor | dd567cb | 2017-09-30 21:22:07 -0400 | [diff] [blame] | 201 | * **FINAL DEPRECATION** Python 2.6 support is deprecated, and will be removed |
| 202 | in the next release of ``cryptography``. |
Paul Kehrer | 0d6aaf4 | 2017-07-20 13:04:25 +0200 | [diff] [blame] | 203 | * **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and |
| 204 | ``UnsupportedExtension`` have been removed in accordance with our |
| 205 | :doc:`/api-stability` policy. |
Christian Heimes | a0022ea | 2017-10-17 04:56:01 +0200 | [diff] [blame] | 206 | * **BACKWARDS INCOMPATIBLE:** |
| 207 | :attr:`DNSName.value <cryptography.x509.DNSName.value>`, |
| 208 | :attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and |
| 209 | :attr:`UniformResourceIdentifier.value |
| 210 | <cryptography.x509.UniformResourceIdentifier.value>` |
| 211 | will now return an :term:`A-label` string when parsing a certificate |
| 212 | containing an internationalized domain name (IDN) or if the caller passed |
| 213 | a :term:`U-label` to the constructor. See below for additional deprecations |
| 214 | related to this change. |
Alex Gaynor | 4c41ab0 | 2017-08-23 20:33:01 -0400 | [diff] [blame] | 215 | * Installing ``cryptography`` now requires ``pip`` 6 or newer. |
Paul Kehrer | e885bd6 | 2017-10-11 20:29:23 +0800 | [diff] [blame] | 216 | * Deprecated passing :term:`U-label` strings to the |
| 217 | :class:`~cryptography.x509.DNSName`, |
| 218 | :class:`~cryptography.x509.UniformResourceIdentifier`, and |
| 219 | :class:`~cryptography.x509.RFC822Name` constructors. Instead, users should |
| 220 | pass values as :term:`A-label` strings with ``idna`` encoding if necessary. |
| 221 | This change will not affect anyone who is not processing internationalized |
| 222 | domains. |
Paul Kehrer | 62ebb42 | 2017-09-28 23:46:49 +0800 | [diff] [blame] | 223 | * Added support for |
| 224 | :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In |
| 225 | most cases users should choose |
| 226 | :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` |
| 227 | rather than using this unauthenticated form. |
Paul Kehrer | f944c40 | 2017-08-12 08:52:55 -0500 | [diff] [blame] | 228 | * Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid` |
| 229 | to :class:`~cryptography.x509.CertificateRevocationList`. |
Paul Kehrer | e2c1c0f | 2017-08-22 09:37:32 -0700 | [diff] [blame] | 230 | * Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and |
| 231 | :class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with |
| 232 | :class:`~cryptography.hazmat.primitives.hmac.HMAC`. |
Paul Kehrer | a397d75 | 2017-10-02 10:03:20 +0800 | [diff] [blame] | 233 | * Added support for |
| 234 | :class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` mode for |
| 235 | AES. |
Paul Kehrer | d4bde9c | 2017-09-09 07:03:50 +0800 | [diff] [blame] | 236 | * Added support for using labels with |
| 237 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using |
| 238 | OpenSSL 1.0.2 or greater. |
Paul Kehrer | 72c92f5 | 2017-09-26 10:23:24 +0800 | [diff] [blame] | 239 | * Improved compatibility with NSS when issuing certificates from an issuer |
| 240 | that has a subject with non-``UTF8String`` string types. |
Paul Kehrer | 5e3cc98 | 2017-09-22 21:29:36 +0800 | [diff] [blame] | 241 | * Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension. |
Paul Kehrer | 5d66966 | 2017-09-11 09:16:34 +0800 | [diff] [blame] | 242 | * Add support for the :class:`~cryptography.x509.TLSFeature` |
| 243 | extension. This is commonly used for enabling ``OCSP Must-Staple`` in |
| 244 | certificates. |
Paul Kehrer | b76bcf8 | 2017-09-24 08:44:12 +0800 | [diff] [blame] | 245 | * Add support for the :class:`~cryptography.x509.FreshestCRL` extension. |
Paul Kehrer | 0d6aaf4 | 2017-07-20 13:04:25 +0200 | [diff] [blame] | 246 | |
Paul Kehrer | ad294c6 | 2017-08-03 20:16:32 -0500 | [diff] [blame] | 247 | .. _v2-0-3: |
| 248 | |
| 249 | 2.0.3 - 2017-08-03 |
| 250 | ~~~~~~~~~~~~~~~~~~ |
| 251 | |
| 252 | * Fixed an issue with weak linking symbols when compiling on macOS |
| 253 | versions older than 10.12. |
| 254 | |
| 255 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 256 | .. _v2-0-2: |
| 257 | |
Paul Kehrer | 2bab0ac | 2017-07-27 06:03:27 -0500 | [diff] [blame] | 258 | 2.0.2 - 2017-07-27 |
| 259 | ~~~~~~~~~~~~~~~~~~ |
| 260 | |
| 261 | * Marked all symbols as hidden in the ``manylinux1`` wheel to avoid a |
| 262 | bug with symbol resolution in certain scenarios. |
| 263 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 264 | |
| 265 | .. _v2-0-1: |
| 266 | |
Paul Kehrer | dce57f6 | 2017-07-26 19:18:55 -0500 | [diff] [blame] | 267 | 2.0.1 - 2017-07-26 |
| 268 | ~~~~~~~~~~~~~~~~~~ |
| 269 | |
| 270 | * Fixed a compilation bug affecting OpenBSD. |
| 271 | * Altered the ``manylinux1`` wheels to statically link OpenSSL instead of |
| 272 | dynamically linking and bundling the shared object. This should resolve |
| 273 | crashes seen when using ``uwsgi`` or other binaries that link against |
| 274 | OpenSSL independently. |
| 275 | * Fixed the stack level for the ``signer`` and ``verifier`` warnings. |
| 276 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 277 | |
| 278 | .. _v2-0: |
| 279 | |
Paul Kehrer | 9799e58 | 2017-07-17 16:38:15 +0200 | [diff] [blame] | 280 | 2.0 - 2017-07-17 |
| 281 | ~~~~~~~~~~~~~~~~ |
Alex Gaynor | b90e8d8 | 2017-05-29 23:10:39 -0400 | [diff] [blame] | 282 | |
Paul Kehrer | e3a2fb2 | 2017-06-26 15:08:33 -1000 | [diff] [blame] | 283 | * **BACKWARDS INCOMPATIBLE:** Support for Python 3.3 has been dropped. |
Paul Kehrer | 85675fc | 2017-07-01 13:02:37 -0500 | [diff] [blame] | 284 | * We now ship ``manylinux1`` wheels linked against OpenSSL 1.1.0f. These wheels |
| 285 | will be automatically used with most Linux distributions if you are running |
| 286 | the latest pip. |
Paul Kehrer | 1a5d70e | 2017-06-03 17:11:55 -1000 | [diff] [blame] | 287 | * Deprecated the use of ``signer`` on |
| 288 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, |
| 289 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, |
| 290 | and |
| 291 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` |
| 292 | in favor of ``sign``. |
| 293 | * Deprecated the use of ``verifier`` on |
| 294 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, |
| 295 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, |
| 296 | and |
| 297 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` |
| 298 | in favor of ``verify``. |
Alex Gaynor | 6a0718f | 2017-06-04 13:36:58 -0400 | [diff] [blame] | 299 | * Added support for parsing |
| 300 | :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp` |
| 301 | objects from X.509 certificate extensions. |
Paul Kehrer | 7e53d91 | 2017-06-07 18:08:57 -1000 | [diff] [blame] | 302 | * Added support for |
| 303 | :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`. |
Paul Kehrer | 1a2e817 | 2017-07-16 16:46:13 +0200 | [diff] [blame] | 304 | * Added support for |
| 305 | :class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`. |
Paul Kehrer | a217358 | 2017-07-17 13:10:14 +0200 | [diff] [blame] | 306 | * Added |
| 307 | :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM`, a "one shot" |
| 308 | API for AES GCM encryption. |
Paul Kehrer | 3e357f7 | 2017-06-09 02:31:30 -1000 | [diff] [blame] | 309 | * Added support for :doc:`/hazmat/primitives/asymmetric/x25519`. |
Paul Kehrer | 361a9fc | 2017-06-24 10:12:04 -1000 | [diff] [blame] | 310 | * Added support for serializing and deserializing Diffie-Hellman parameters |
| 311 | with |
| 312 | :func:`~cryptography.hazmat.primitives.serialization.load_pem_parameters`, |
| 313 | :func:`~cryptography.hazmat.primitives.serialization.load_der_parameters`, |
| 314 | and |
Paul Kehrer | 2748e2e | 2017-06-24 13:20:15 -1000 | [diff] [blame] | 315 | :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters.parameter_bytes` |
Paul Kehrer | 361a9fc | 2017-06-24 10:12:04 -1000 | [diff] [blame] | 316 | . |
Alex Gaynor | 0c9aed9 | 2017-07-08 21:50:01 -0400 | [diff] [blame] | 317 | * The ``extensions`` attribute on :class:`~cryptography.x509.Certificate`, |
| 318 | :class:`~cryptography.x509.CertificateSigningRequest`, |
| 319 | :class:`~cryptography.x509.CertificateRevocationList`, and |
| 320 | :class:`~cryptography.x509.RevokedCertificate` now caches the computed |
| 321 | ``Extensions`` object. There should be no performance change, just a |
| 322 | performance improvement for programs accessing the ``extensions`` attribute |
| 323 | multiple times. |
Paul Kehrer | 1a5d70e | 2017-06-03 17:11:55 -1000 | [diff] [blame] | 324 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 325 | |
| 326 | .. _v1-9: |
| 327 | |
Paul Kehrer | 23ead43 | 2017-05-29 21:10:46 -0500 | [diff] [blame] | 328 | 1.9 - 2017-05-29 |
| 329 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | d0aad45 | 2017-03-10 08:36:18 -0400 | [diff] [blame] | 330 | |
Paul Kehrer | a55cc3b | 2017-05-27 18:00:44 -0500 | [diff] [blame] | 331 | * **BACKWARDS INCOMPATIBLE:** Elliptic Curve signature verification no longer |
Alex Gaynor | 5ca9946 | 2017-05-10 23:11:30 -0400 | [diff] [blame] | 332 | returns ``True`` on success. This brings it in line with the interface's |
| 333 | documentation, and our intent. The correct way to use |
| 334 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify` |
| 335 | has always been to check whether or not |
| 336 | :class:`~cryptography.exceptions.InvalidSignature` was raised. |
Alex Gaynor | 2240ba2 | 2017-05-20 13:23:15 -0700 | [diff] [blame] | 337 | * **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.7 and 10.8. |
Alex Gaynor | 6091e11 | 2017-05-23 20:31:03 -0700 | [diff] [blame] | 338 | * **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.3. |
Paul Kehrer | 66e1eb2 | 2017-05-25 15:56:57 -0500 | [diff] [blame] | 339 | * Python 3.3 support has been deprecated, and will be removed in the next |
Alex Gaynor | db51114 | 2017-05-22 20:53:47 -0700 | [diff] [blame] | 340 | ``cryptography`` release. |
Alex Gaynor | 2240ba2 | 2017-05-20 13:23:15 -0700 | [diff] [blame] | 341 | * Add support for providing ``tag`` during |
| 342 | :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` finalization via |
| 343 | :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`. |
Paul Kehrer | 6fcbebd | 2017-05-20 12:04:06 -0700 | [diff] [blame] | 344 | * Fixed an issue preventing ``cryptography`` from compiling against |
| 345 | LibreSSL 2.5.x. |
Paul Kehrer | 416f526 | 2017-05-23 23:38:59 -0700 | [diff] [blame] | 346 | * Added |
| 347 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size` |
| 348 | and |
| 349 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size` |
| 350 | as convenience methods for determining the bit size of a secret scalar for |
| 351 | the curve. |
Alex Gaynor | d08ddd5 | 2017-05-20 09:01:54 -0700 | [diff] [blame] | 352 | * Accessing an unrecognized extension marked critical on an X.509 object will |
| 353 | no longer raise an ``UnsupportedExtension`` exception, instead an |
| 354 | :class:`~cryptography.x509.UnrecognizedExtension` object will be returned. |
| 355 | This behavior was based on a poor reading of the RFC, unknown critical |
| 356 | extensions only need to be rejected on certificate verification. |
Paul Kehrer | 5103235 | 2017-05-20 10:09:02 -0700 | [diff] [blame] | 357 | * The CommonCrypto backend has been removed. |
Paul Kehrer | a4668c6 | 2017-05-20 13:25:47 -0700 | [diff] [blame] | 358 | * MultiBackend has been removed. |
Paul Kehrer | 70e8f90 | 2017-05-23 16:55:19 -0700 | [diff] [blame] | 359 | * ``Whirlpool`` and ``RIPEMD160`` have been deprecated. |
Paul Kehrer | 5fb1021 | 2017-05-02 12:04:53 -0500 | [diff] [blame] | 360 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 361 | |
| 362 | .. _v1-8-2: |
| 363 | |
Paul Kehrer | 139b25f | 2017-05-26 06:32:15 -0500 | [diff] [blame] | 364 | 1.8.2 - 2017-05-26 |
| 365 | ~~~~~~~~~~~~~~~~~~ |
| 366 | |
| 367 | * Fixed a compilation bug affecting OpenSSL 1.1.0f. |
| 368 | * Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f. |
Paul Kehrer | d0aad45 | 2017-03-10 08:36:18 -0400 | [diff] [blame] | 369 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 370 | |
| 371 | .. _v1-8-1: |
| 372 | |
Paul Kehrer | d0aad45 | 2017-03-10 08:36:18 -0400 | [diff] [blame] | 373 | 1.8.1 - 2017-03-10 |
| 374 | ~~~~~~~~~~~~~~~~~~ |
| 375 | |
| 376 | * Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2. |
| 377 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 378 | |
| 379 | .. _v1-8: |
| 380 | |
Paul Kehrer | 928e4ee | 2017-03-09 22:43:42 -0400 | [diff] [blame] | 381 | 1.8 - 2017-03-09 |
| 382 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | fad63fe | 2016-12-12 16:41:26 -0600 | [diff] [blame] | 383 | |
Alex Gaynor | 31b5d78 | 2016-12-23 12:20:36 -0500 | [diff] [blame] | 384 | * Added support for Python 3.6. |
Alex Gaynor | 5a05902 | 2017-02-11 10:05:34 -0500 | [diff] [blame] | 385 | * Windows and macOS wheels now link against OpenSSL 1.1.0. |
Paul Kehrer | e9dbbd8 | 2017-03-09 18:43:40 -0400 | [diff] [blame] | 386 | * macOS wheels are no longer universal. This change significantly shrinks the |
| 387 | size of the wheels. Users on macOS 32-bit Python (if there are any) should |
| 388 | migrate to 64-bit or build their own packages. |
Ofek Lev | 0e6a129 | 2017-02-08 00:09:41 -0500 | [diff] [blame] | 389 | * Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a |
| 390 | general performance increase when encoding/decoding ASN.1 structures. Also, |
| 391 | the ``pyasn1_modules`` test dependency is no longer required. |
Paul Kehrer | 9b34ca9 | 2017-02-16 22:20:38 -0600 | [diff] [blame] | 392 | * Added support for |
| 393 | :meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on |
| 394 | :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`. |
Aviv Palivoda | 1c7bd66 | 2017-02-08 06:38:42 +0200 | [diff] [blame] | 395 | * Added |
| 396 | :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes` |
| 397 | to |
| 398 | :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`. |
Aviv Palivoda | 1c7bd66 | 2017-02-08 06:38:42 +0200 | [diff] [blame] | 399 | * Added |
Paul Kehrer | 2748e2e | 2017-06-24 13:20:15 -1000 | [diff] [blame] | 400 | :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey.public_bytes` |
Aviv Palivoda | 1c7bd66 | 2017-02-08 06:38:42 +0200 | [diff] [blame] | 401 | to |
Paul Kehrer | 2748e2e | 2017-06-24 13:20:15 -1000 | [diff] [blame] | 402 | :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`. |
Paul Kehrer | 7a13085 | 2017-02-09 05:55:34 +0800 | [diff] [blame] | 403 | * :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` |
| 404 | and |
| 405 | :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` |
| 406 | now require that ``password`` must be bytes if provided. Previously this |
| 407 | was documented but not enforced. |
Paul Kehrer | 20fe2be | 2017-03-09 13:06:51 -0400 | [diff] [blame] | 408 | * Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`. |
Aviv Palivoda | 1c7bd66 | 2017-02-08 06:38:42 +0200 | [diff] [blame] | 409 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 410 | |
| 411 | .. _v1-7-2: |
| 412 | |
Paul Kehrer | c7a2e72 | 2017-01-28 17:45:57 +0900 | [diff] [blame] | 413 | 1.7.2 - 2017-01-27 |
| 414 | ~~~~~~~~~~~~~~~~~~ |
| 415 | |
| 416 | * Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k. |
| 417 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 418 | |
| 419 | .. _v1-7-1: |
| 420 | |
Paul Kehrer | c8f47ad | 2016-12-14 19:26:06 -0600 | [diff] [blame] | 421 | 1.7.1 - 2016-12-13 |
| 422 | ~~~~~~~~~~~~~~~~~~ |
| 423 | |
| 424 | * Fixed a regression in ``int_from_bytes`` where it failed to accept |
| 425 | ``bytearray``. |
Paul Kehrer | fad63fe | 2016-12-12 16:41:26 -0600 | [diff] [blame] | 426 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 427 | |
| 428 | .. _v1-7: |
| 429 | |
Paul Kehrer | 5df72e8 | 2016-12-12 12:06:09 -0600 | [diff] [blame] | 430 | 1.7 - 2016-12-12 |
| 431 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 0858591 | 2016-11-22 20:04:40 +0800 | [diff] [blame] | 432 | |
Alex Gaynor | 29b2ebc | 2016-11-22 09:25:17 -0500 | [diff] [blame] | 433 | * Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL |
| 434 | will need to upgrade. |
Aviv Palivoda | 495f21a | 2016-11-25 18:51:28 +0200 | [diff] [blame] | 435 | * Added support for Diffie-Hellman key exchange using |
Alex Gaynor | a9b8690 | 2017-05-24 15:01:14 -0700 | [diff] [blame] | 436 | :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. |
Paul Kehrer | a22964a | 2016-12-10 09:15:41 -0600 | [diff] [blame] | 437 | * The OS random engine for OpenSSL has been rewritten to improve compatibility |
| 438 | with embedded Python and other edge cases. More information about this change |
| 439 | can be found in the |
| 440 | `pull request <https://github.com/pyca/cryptography/pull/3229>`_. |
Paul Kehrer | 0858591 | 2016-11-22 20:04:40 +0800 | [diff] [blame] | 441 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 442 | |
| 443 | .. _v1-6: |
| 444 | |
Paul Kehrer | 4a2f36b | 2016-11-22 10:50:28 +0800 | [diff] [blame] | 445 | 1.6 - 2016-11-22 |
| 446 | ~~~~~~~~~~~~~~~~ |
Alex Gaynor | f25e63d | 2016-08-26 20:55:44 -0400 | [diff] [blame] | 447 | |
Alex Gaynor | 2e8725d | 2016-08-29 21:40:19 -0400 | [diff] [blame] | 448 | * Deprecated support for OpenSSL 1.0.0. Support will be removed in |
| 449 | ``cryptography`` 1.7. |
Paul Kehrer | 500850b | 2016-11-20 00:40:16 +0800 | [diff] [blame] | 450 | * Replaced the Python-based OpenSSL locking callbacks with a C version to fix |
| 451 | a potential deadlock that could occur if a garbage collection cycle occurred |
| 452 | while inside the lock. |
Paul Kehrer | 306ce51 | 2016-08-29 09:36:09 +0800 | [diff] [blame] | 453 | * Added support for :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and |
| 454 | :class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` when using OpenSSL |
| 455 | 1.1.0. |
Paul Kehrer | c7b29b8 | 2016-09-01 09:17:21 +0800 | [diff] [blame] | 456 | * Added |
| 457 | :attr:`~cryptography.x509.Certificate.signature_algorithm_oid` support to |
| 458 | :class:`~cryptography.x509.Certificate`. |
| 459 | * Added |
| 460 | :attr:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid` |
| 461 | support to :class:`~cryptography.x509.CertificateSigningRequest`. |
| 462 | * Added |
| 463 | :attr:`~cryptography.x509.CertificateRevocationList.signature_algorithm_oid` |
| 464 | support to :class:`~cryptography.x509.CertificateRevocationList`. |
Terry Chia | d8a27df | 2016-09-01 23:39:57 +0800 | [diff] [blame] | 465 | * Added support for :class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt` |
| 466 | when using OpenSSL 1.1.0. |
Paul Kehrer | 9977786 | 2016-11-15 07:34:55 +0800 | [diff] [blame] | 467 | * Added a workaround to improve compatibility with Python application bundling |
| 468 | tools like ``PyInstaller`` and ``cx_freeze``. |
Paul Kehrer | 8b89bcc | 2016-09-03 11:31:43 -0500 | [diff] [blame] | 469 | * Added support for generating a |
| 470 | :meth:`~cryptography.x509.random_serial_number`. |
Paul Kehrer | 3feeec8 | 2016-10-01 07:12:27 -0500 | [diff] [blame] | 471 | * Added support for encoding ``IPv4Network`` and ``IPv6Network`` in X.509 |
| 472 | certificates for use with :class:`~cryptography.x509.NameConstraints`. |
Paul Kehrer | 500850b | 2016-11-20 00:40:16 +0800 | [diff] [blame] | 473 | * Added :meth:`~cryptography.x509.Name.public_bytes` to |
| 474 | :class:`~cryptography.x509.Name`. |
Fraser Tweedale | 02467dd | 2016-11-07 15:54:04 +1000 | [diff] [blame] | 475 | * Added :class:`~cryptography.x509.RelativeDistinguishedName` |
| 476 | * :class:`~cryptography.x509.DistributionPoint` now accepts |
| 477 | :class:`~cryptography.x509.RelativeDistinguishedName` for |
| 478 | :attr:`~cryptography.x509.DistributionPoint.relative_name`. |
| 479 | Deprecated use of :class:`~cryptography.x509.Name` as |
| 480 | :attr:`~cryptography.x509.DistributionPoint.relative_name`. |
Fraser Tweedale | 01ee6f5 | 2016-11-12 01:28:56 +1000 | [diff] [blame] | 481 | * :class:`~cryptography.x509.Name` now accepts an iterable of |
| 482 | :class:`~cryptography.x509.RelativeDistinguishedName`. RDNs can |
| 483 | be accessed via the :attr:`~cryptography.x509.Name.rdns` |
| 484 | attribute. When constructed with an iterable of |
| 485 | :class:`~cryptography.x509.NameAttribute`, each attribute becomes |
| 486 | a single-valued RDN. |
Ofek Lev | c41b9d4 | 2016-11-11 20:07:11 -0500 | [diff] [blame] | 487 | * Added |
| 488 | :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`. |
Paul Kehrer | ec7fc46 | 2016-11-21 07:55:18 +0800 | [diff] [blame] | 489 | * Added support for signing and verifying RSA, DSA, and ECDSA signatures with |
Paul Kehrer | f555c74 | 2016-11-20 22:48:10 +0800 | [diff] [blame] | 490 | :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed` |
| 491 | digests. |
Terry Chia | d8a27df | 2016-09-01 23:39:57 +0800 | [diff] [blame] | 492 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 493 | |
| 494 | .. _v1-5-3: |
| 495 | |
Alex Gaynor | b94cacf | 2016-11-06 01:27:20 -0400 | [diff] [blame] | 496 | 1.5.3 - 2016-11-05 |
| 497 | ~~~~~~~~~~~~~~~~~~ |
| 498 | |
| 499 | * **SECURITY ISSUE**: Fixed a bug where ``HKDF`` would return an empty |
| 500 | byte-string if used with a ``length`` less than ``algorithm.digest_size``. |
Alex Gaynor | fb0e719 | 2016-11-09 19:51:09 -0500 | [diff] [blame] | 501 | Credit to **Markus Döring** for reporting the issue. *CVE-2016-9243* |
Alex Gaynor | b94cacf | 2016-11-06 01:27:20 -0400 | [diff] [blame] | 502 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 503 | |
| 504 | .. _v1-5-2: |
| 505 | |
Alex Gaynor | b4c087a | 2016-09-26 18:11:59 -0400 | [diff] [blame] | 506 | 1.5.2 - 2016-09-26 |
| 507 | ~~~~~~~~~~~~~~~~~~ |
| 508 | |
| 509 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j. |
Paul Kehrer | 306ce51 | 2016-08-29 09:36:09 +0800 | [diff] [blame] | 510 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 511 | |
| 512 | .. _v1-5-1: |
| 513 | |
Paul Kehrer | 08652e9 | 2016-09-22 22:47:50 -0500 | [diff] [blame] | 514 | 1.5.1 - 2016-09-22 |
| 515 | ~~~~~~~~~~~~~~~~~~ |
| 516 | |
| 517 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i. |
| 518 | * Resolved a ``UserWarning`` when used with cffi 1.8.3. |
| 519 | * Fixed a memory leak in name creation with X.509. |
| 520 | * Added a workaround for old versions of setuptools. |
| 521 | * Fixed an issue preventing ``cryptography`` from compiling against |
| 522 | OpenSSL 1.0.2i. |
| 523 | |
| 524 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 525 | |
| 526 | .. _v1-5: |
| 527 | |
Paul Kehrer | c0ee738 | 2016-08-26 22:59:49 +0800 | [diff] [blame] | 528 | 1.5 - 2016-08-26 |
| 529 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 67ea444 | 2016-06-04 12:00:54 -0700 | [diff] [blame] | 530 | |
Alex Gaynor | 17097bf | 2016-06-27 22:29:38 -0400 | [diff] [blame] | 531 | * Added |
| 532 | :func:`~cryptography.hazmat.primitives.asymmetric.padding.calculate_max_pss_salt_length`. |
Aviv Palivoda | f67429b | 2016-06-30 21:42:46 +0300 | [diff] [blame] | 533 | * Added "one shot" |
| 534 | :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign` |
| 535 | and |
| 536 | :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey.verify` |
| 537 | methods to DSA keys. |
Aviv Palivoda | 2120a8e | 2016-07-02 19:43:06 +0300 | [diff] [blame] | 538 | * Added "one shot" |
| 539 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign` |
| 540 | and |
| 541 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify` |
| 542 | methods to ECDSA keys. |
Maximilian Hils | 679a914 | 2016-07-31 16:43:19 -0700 | [diff] [blame] | 543 | * Switched back to the older callback model on Python 3.5 in order to mitigate |
| 544 | the locking callback problem with OpenSSL <1.1.0. |
InvalidInterrupt | 8e66ca6 | 2016-08-16 19:39:31 -0700 | [diff] [blame] | 545 | * :class:`~cryptography.x509.CertificateBuilder`, |
| 546 | :class:`~cryptography.x509.CertificateRevocationListBuilder`, and |
| 547 | :class:`~cryptography.x509.RevokedCertificateBuilder` now accept timezone |
| 548 | aware ``datetime`` objects as method arguments |
Paul Kehrer | 07ea3cd | 2016-08-26 21:48:24 +0800 | [diff] [blame] | 549 | * ``cryptography`` now supports OpenSSL 1.1.0 as a compilation target. |
Alex Gaynor | 17097bf | 2016-06-27 22:29:38 -0400 | [diff] [blame] | 550 | |
Paul Kehrer | 67ea444 | 2016-06-04 12:00:54 -0700 | [diff] [blame] | 551 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 552 | |
| 553 | .. _v1-4: |
| 554 | |
Paul Kehrer | 69365ce | 2016-06-04 09:57:11 -0700 | [diff] [blame] | 555 | 1.4 - 2016-06-04 |
| 556 | ~~~~~~~~~~~~~~~~ |
Alex Gaynor | f8c75fc | 2016-03-18 19:54:45 -0400 | [diff] [blame] | 557 | |
Paul Kehrer | 69365ce | 2016-06-04 09:57:11 -0700 | [diff] [blame] | 558 | * Support for OpenSSL 0.9.8 has been removed. Users on older versions of |
| 559 | OpenSSL will need to upgrade. |
Paul Kehrer | cb0fa2e | 2016-05-29 22:37:33 -0500 | [diff] [blame] | 560 | * Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC`. |
Alex Gaynor | 9498929 | 2016-06-03 13:04:26 -0700 | [diff] [blame] | 561 | * Added support for ``OpenSSH`` public key serialization. |
Paul Kehrer | 69365ce | 2016-06-04 09:57:11 -0700 | [diff] [blame] | 562 | * Added support for SHA-2 in RSA |
| 563 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using |
| 564 | OpenSSL 1.0.2 or greater. |
| 565 | * Added "one shot" |
| 566 | :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign` |
| 567 | and |
| 568 | :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.verify` |
| 569 | methods to RSA keys. |
Alex Gaynor | 401ac6f | 2017-02-17 08:23:22 -0500 | [diff] [blame] | 570 | * Deprecated the ``serial`` attribute on |
| 571 | :class:`~cryptography.x509.Certificate`, in favor of |
| 572 | :attr:`~cryptography.x509.Certificate.serial_number`. |
Paul Kehrer | 69365ce | 2016-06-04 09:57:11 -0700 | [diff] [blame] | 573 | |
Alex Gaynor | f8c75fc | 2016-03-18 19:54:45 -0400 | [diff] [blame] | 574 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 575 | |
| 576 | .. _v1-3-4: |
| 577 | |
Alex Gaynor | 5751515 | 2016-06-02 20:53:52 -0700 | [diff] [blame] | 578 | 1.3.4 - 2016-06-03 |
| 579 | ~~~~~~~~~~~~~~~~~~ |
| 580 | |
| 581 | * Added another OpenSSL function to the bindings to support an upcoming |
| 582 | ``pyOpenSSL`` release. |
| 583 | |
| 584 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 585 | |
| 586 | .. _v1-3-3: |
| 587 | |
Alex Gaynor | 5751515 | 2016-06-02 20:53:52 -0700 | [diff] [blame] | 588 | 1.3.3 - 2016-06-02 |
| 589 | ~~~~~~~~~~~~~~~~~~ |
| 590 | |
| 591 | * Added two new OpenSSL functions to the bindings to support an upcoming |
| 592 | ``pyOpenSSL`` release. |
| 593 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 594 | |
| 595 | .. _v1-3-2: |
| 596 | |
Paul Kehrer | bb8d69a | 2016-05-04 13:33:20 -0500 | [diff] [blame] | 597 | 1.3.2 - 2016-05-04 |
| 598 | ~~~~~~~~~~~~~~~~~~ |
| 599 | |
| 600 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h. |
| 601 | * Fixed an issue preventing ``cryptography`` from compiling against |
| 602 | LibreSSL 2.3.x. |
| 603 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 604 | |
| 605 | .. _v1-3-1: |
| 606 | |
Paul Kehrer | 81f4896 | 2016-03-21 17:46:53 -0400 | [diff] [blame] | 607 | 1.3.1 - 2016-03-21 |
| 608 | ~~~~~~~~~~~~~~~~~~ |
| 609 | |
| 610 | * Fixed a bug that caused an ``AttributeError`` when using ``mock`` to patch |
| 611 | some ``cryptography`` modules. |
| 612 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 613 | |
| 614 | .. _v1-3: |
| 615 | |
Paul Kehrer | c969461 | 2016-03-17 20:31:44 -0400 | [diff] [blame] | 616 | 1.3 - 2016-03-18 |
| 617 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | ac904e3 | 2016-01-08 07:53:25 -0800 | [diff] [blame] | 618 | |
Cédric Krier | bf0f464 | 2016-02-26 18:40:20 +0100 | [diff] [blame] | 619 | * Added support for padding ANSI X.923 with |
| 620 | :class:`~cryptography.hazmat.primitives.padding.ANSIX923`. |
Alex Gaynor | be6dd9b | 2016-01-22 17:12:14 -0500 | [diff] [blame] | 621 | * Deprecated support for OpenSSL 0.9.8. Support will be removed in |
| 622 | ``cryptography`` 1.4. |
Paul Kehrer | dba49b9 | 2016-03-13 20:15:53 -0400 | [diff] [blame] | 623 | * Added support for the :class:`~cryptography.x509.PolicyConstraints` |
| 624 | X.509 extension including both parsing and generation using |
| 625 | :class:`~cryptography.x509.CertificateBuilder` and |
| 626 | :class:`~cryptography.x509.CertificateSigningRequestBuilder`. |
Paul Kehrer | 1573212 | 2016-03-06 20:58:26 -0430 | [diff] [blame] | 627 | * Added :attr:`~cryptography.x509.CertificateSigningRequest.is_signature_valid` |
| 628 | to :class:`~cryptography.x509.CertificateSigningRequest`. |
Alex Gaynor | af50366 | 2016-03-05 10:40:50 -0500 | [diff] [blame] | 629 | * Fixed an intermittent ``AssertionError`` when performing an RSA decryption on |
| 630 | an invalid ciphertext, ``ValueError`` is now correctly raised in all cases. |
Paul Kehrer | 61ff356 | 2016-03-11 22:51:27 -0400 | [diff] [blame] | 631 | * Added |
| 632 | :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`. |
Alex Gaynor | be6dd9b | 2016-01-22 17:12:14 -0500 | [diff] [blame] | 633 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 634 | |
| 635 | .. _v1-2-3: |
| 636 | |
Alex Gaynor | 287ab1b | 2016-03-01 22:15:55 -0500 | [diff] [blame] | 637 | 1.2.3 - 2016-03-01 |
| 638 | ~~~~~~~~~~~~~~~~~~ |
| 639 | |
| 640 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2g. |
| 641 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 642 | |
| 643 | .. _v1-2-2: |
| 644 | |
Paul Kehrer | 2c6b8d0 | 2016-01-29 13:36:40 -0600 | [diff] [blame] | 645 | 1.2.2 - 2016-01-29 |
| 646 | ~~~~~~~~~~~~~~~~~~ |
| 647 | |
| 648 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2f. |
| 649 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 650 | |
| 651 | .. _v1-2-1: |
| 652 | |
Paul Kehrer | 56ea7b8 | 2016-01-08 11:53:20 -0800 | [diff] [blame] | 653 | 1.2.1 - 2016-01-08 |
| 654 | ~~~~~~~~~~~~~~~~~~ |
| 655 | |
| 656 | * Reverts a change to an OpenSSL ``EVP_PKEY`` object that caused errors with |
| 657 | ``pyOpenSSL``. |
| 658 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 659 | |
| 660 | .. _v1-2: |
| 661 | |
Paul Kehrer | 577f95e | 2016-01-07 21:56:53 -0800 | [diff] [blame] | 662 | 1.2 - 2016-01-08 |
| 663 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | c5b430f | 2015-10-29 07:52:35 +0900 | [diff] [blame] | 664 | |
Paul Kehrer | 49bb756 | 2015-12-25 16:17:40 -0600 | [diff] [blame] | 665 | * **BACKWARDS INCOMPATIBLE:** |
| 666 | :class:`~cryptography.x509.RevokedCertificate` |
| 667 | :attr:`~cryptography.x509.RevokedCertificate.extensions` now uses extension |
| 668 | classes rather than returning raw values inside the |
| 669 | :class:`~cryptography.x509.Extension` |
| 670 | :attr:`~cryptography.x509.Extension.value`. The new classes |
| 671 | are: |
| 672 | |
| 673 | * :class:`~cryptography.x509.CertificateIssuer` |
Paul Kehrer | 7058ece | 2015-12-25 22:28:29 -0600 | [diff] [blame] | 674 | * :class:`~cryptography.x509.CRLReason` |
Paul Kehrer | 23c0bbc | 2015-12-25 22:35:19 -0600 | [diff] [blame] | 675 | * :class:`~cryptography.x509.InvalidityDate` |
Paul Kehrer | f23722a | 2015-12-31 15:56:56 -0600 | [diff] [blame] | 676 | * Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time there is no time |
| 677 | table for actually dropping support, however we strongly encourage all users |
Paul Kehrer | 0509ec2 | 2016-01-08 07:56:17 -0800 | [diff] [blame] | 678 | to upgrade, as those versions no longer receive support from the OpenSSL |
Paul Kehrer | f23722a | 2015-12-31 15:56:56 -0600 | [diff] [blame] | 679 | project. |
Paul Kehrer | d91e7c1 | 2015-10-01 16:50:42 -0500 | [diff] [blame] | 680 | * The :class:`~cryptography.x509.Certificate` class now has |
| 681 | :attr:`~cryptography.x509.Certificate.signature` and |
Paul Kehrer | d289805 | 2015-11-03 22:00:41 +0900 | [diff] [blame] | 682 | :attr:`~cryptography.x509.Certificate.tbs_certificate_bytes` attributes. |
Paul Kehrer | 80dc752 | 2015-12-03 22:19:30 -0600 | [diff] [blame] | 683 | * The :class:`~cryptography.x509.CertificateSigningRequest` class now has |
| 684 | :attr:`~cryptography.x509.CertificateSigningRequest.signature` and |
| 685 | :attr:`~cryptography.x509.CertificateSigningRequest.tbs_certrequest_bytes` |
| 686 | attributes. |
Paul Kehrer | 18a9612 | 2015-12-21 11:14:34 -0600 | [diff] [blame] | 687 | * The :class:`~cryptography.x509.CertificateRevocationList` class now has |
| 688 | :attr:`~cryptography.x509.CertificateRevocationList.signature` and |
| 689 | :attr:`~cryptography.x509.CertificateRevocationList.tbs_certlist_bytes` |
| 690 | attributes. |
Paul Kehrer | 8b399b7 | 2015-12-02 22:53:40 -0600 | [diff] [blame] | 691 | * :class:`~cryptography.x509.NameConstraints` are now supported in the |
Paul Kehrer | 756d7d2 | 2015-12-02 23:45:42 -0600 | [diff] [blame] | 692 | :class:`~cryptography.x509.CertificateBuilder` and |
| 693 | :class:`~cryptography.x509.CertificateSigningRequestBuilder`. |
Paul Kehrer | 54a837d | 2015-12-20 23:42:32 -0600 | [diff] [blame] | 694 | * Support serialization of certificate revocation lists using the |
Paul Kehrer | 2d1d24d | 2015-12-21 09:23:52 -0600 | [diff] [blame] | 695 | :meth:`~cryptography.x509.CertificateRevocationList.public_bytes` method of |
Paul Kehrer | 54a837d | 2015-12-20 23:42:32 -0600 | [diff] [blame] | 696 | :class:`~cryptography.x509.CertificateRevocationList`. |
Paul Kehrer | 51f39cb | 2015-12-21 21:17:39 -0600 | [diff] [blame] | 697 | * Add support for parsing :class:`~cryptography.x509.CertificateRevocationList` |
| 698 | :meth:`~cryptography.x509.CertificateRevocationList.extensions` in the |
Paul Kehrer | 2587d30 | 2015-12-22 17:20:42 -0600 | [diff] [blame] | 699 | OpenSSL backend. The following extensions are currently supported: |
| 700 | |
| 701 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 702 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
Paul Kehrer | 3b95cd7 | 2015-12-22 21:40:20 -0600 | [diff] [blame] | 703 | * :class:`~cryptography.x509.CRLNumber` |
Paul Kehrer | 2587d30 | 2015-12-22 17:20:42 -0600 | [diff] [blame] | 704 | * :class:`~cryptography.x509.IssuerAlternativeName` |
Paul Kehrer | 09ad50c | 2015-12-26 13:59:27 -0600 | [diff] [blame] | 705 | * Added :class:`~cryptography.x509.CertificateRevocationListBuilder` and |
| 706 | :class:`~cryptography.x509.RevokedCertificateBuilder` to allow creation of |
| 707 | CRLs. |
Paul Kehrer | 58ddc11 | 2015-12-30 20:19:00 -0600 | [diff] [blame] | 708 | * Unrecognized non-critical X.509 extensions are now parsed into an |
| 709 | :class:`~cryptography.x509.UnrecognizedExtension` object. |
Paul Kehrer | d91e7c1 | 2015-10-01 16:50:42 -0500 | [diff] [blame] | 710 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 711 | |
| 712 | .. _v1-1-2: |
| 713 | |
Paul Kehrer | 869cfd9 | 2015-12-10 14:12:05 -0600 | [diff] [blame] | 714 | 1.1.2 - 2015-12-10 |
| 715 | ~~~~~~~~~~~~~~~~~~ |
| 716 | |
| 717 | * Fixed a SIGBUS crash with the OS X wheels caused by redefinition of a |
| 718 | method. |
| 719 | * Fixed a runtime error ``undefined symbol EC_GFp_nistp224_method`` that |
| 720 | occurred with some OpenSSL installations. |
| 721 | * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e. |
| 722 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 723 | |
| 724 | .. _v1-1-1: |
| 725 | |
Paul Kehrer | dcf40fc | 2015-11-18 22:11:36 -0600 | [diff] [blame] | 726 | 1.1.1 - 2015-11-19 |
| 727 | ~~~~~~~~~~~~~~~~~~ |
| 728 | |
| 729 | * Fixed several small bugs related to compiling the OpenSSL bindings with |
| 730 | unusual OpenSSL configurations. |
| 731 | * Resolved an issue where, depending on the method of installation and |
| 732 | which Python interpreter they were using, users on El Capitan (OS X 10.11) |
| 733 | may have seen an ``InternalError`` on import. |
| 734 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 735 | |
| 736 | .. _v1-1: |
| 737 | |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 738 | 1.1 - 2015-10-28 |
| 739 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | bff54ef | 2015-08-12 08:47:34 -0500 | [diff] [blame] | 740 | |
Alex Gaynor | 39d38b9 | 2015-10-17 16:44:15 -0400 | [diff] [blame] | 741 | * Added support for Elliptic Curve Diffie-Hellman with |
Alex Gaynor | d294989 | 2015-10-17 16:45:55 -0400 | [diff] [blame] | 742 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`. |
Alex Gaynor | ace036d | 2015-09-24 20:23:08 -0400 | [diff] [blame] | 743 | * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. |
Paul Kehrer | 8735548 | 2015-10-21 20:27:44 -0500 | [diff] [blame] | 744 | * Added support for parsing certificate revocation lists (CRLs) using |
| 745 | :func:`~cryptography.x509.load_pem_x509_crl` and |
| 746 | :func:`~cryptography.x509.load_der_x509_crl`. |
Paul Kehrer | 0d76a2e | 2015-05-17 13:36:13 -0700 | [diff] [blame] | 747 | * Add support for AES key wrapping with |
| 748 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and |
| 749 | :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`. |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 750 | * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`. |
Paul Kehrer | 1a1b115 | 2015-10-28 09:33:05 +0900 | [diff] [blame] | 751 | * Add support for encoding and decoding elliptic curve points to a byte string |
| 752 | form using |
| 753 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point` |
| 754 | and |
| 755 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. |
Paul Kehrer | e9ac027 | 2015-10-28 15:48:01 +0900 | [diff] [blame] | 756 | * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`. |
| 757 | * :class:`~cryptography.x509.CertificatePolicies` are now supported in the |
| 758 | :class:`~cryptography.x509.CertificateBuilder`. |
| 759 | * ``countryName`` is now encoded as a ``PrintableString`` when creating subject |
| 760 | and issuer distinguished names with the Certificate and CSR builder classes. |
Paul Kehrer | 1a1b115 | 2015-10-28 09:33:05 +0900 | [diff] [blame] | 761 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 762 | |
| 763 | .. _v1-0-2: |
| 764 | |
Paul Kehrer | 8addede | 2015-09-26 22:57:35 -0500 | [diff] [blame] | 765 | 1.0.2 - 2015-09-27 |
| 766 | ~~~~~~~~~~~~~~~~~~ |
| 767 | * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use |
| 768 | of assertions to check response codes where our tests could not trigger a |
| 769 | failure. However, when Python is run with ``-O`` these asserts are optimized |
| 770 | away. If a user ran Python with this flag and got an invalid response code |
| 771 | this could result in undefined behavior or worse. Accordingly, all response |
| 772 | checks from the OpenSSL backend have been converted from ``assert`` |
| 773 | to a true function call. Credit **Emilia Käsper (Google Security Team)** |
| 774 | for the report. |
| 775 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 776 | |
| 777 | .. _v1-0-1: |
| 778 | |
Paul Kehrer | 2f6b169 | 2015-09-05 20:58:52 -0500 | [diff] [blame] | 779 | 1.0.1 - 2015-09-05 |
| 780 | ~~~~~~~~~~~~~~~~~~ |
| 781 | |
| 782 | * We now ship OS X wheels that statically link OpenSSL by default. When |
| 783 | installing a wheel on OS X 10.10+ (and using a Python compiled against the |
| 784 | 10.10 SDK) users will no longer need to compile. See :doc:`/installation` for |
| 785 | alternate installation methods if required. |
| 786 | * Set the default string mask to UTF-8 in the OpenSSL backend to resolve |
| 787 | character encoding issues with older versions of OpenSSL. |
| 788 | * Several new OpenSSL bindings have been added to support a future pyOpenSSL |
| 789 | release. |
| 790 | * Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+. |
Paul Kehrer | bff54ef | 2015-08-12 08:47:34 -0500 | [diff] [blame] | 791 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 792 | |
| 793 | .. _v1-0: |
| 794 | |
Paul Kehrer | 55ab805 | 2015-08-11 18:22:55 -0500 | [diff] [blame] | 795 | 1.0 - 2015-08-12 |
Paul Kehrer | d5257ab | 2015-05-13 20:48:36 -0500 | [diff] [blame] | 796 | ~~~~~~~~~~~~~~~~ |
| 797 | |
Paul Kehrer | 68b3b1e | 2015-05-19 13:05:21 -0700 | [diff] [blame] | 798 | * Switched to the new `cffi`_ ``set_source`` out-of-line API mode for |
| 799 | compilation. This results in significantly faster imports and lowered |
Paul Kehrer | 73f06c7 | 2015-06-07 23:17:39 -0500 | [diff] [blame] | 800 | memory consumption. Due to this change we no longer support PyPy releases |
| 801 | older than 2.6 nor do we support any released version of PyPy3 (until a |
| 802 | version supporting cffi 1.0 comes out). |
Paul Kehrer | 60cc9ef | 2015-08-04 19:29:52 +0100 | [diff] [blame] | 803 | * Fix parsing of OpenSSH public keys that have spaces in comments. |
Andre Caron | beed294 | 2015-05-18 13:47:36 -0400 | [diff] [blame] | 804 | * Support serialization of certificate signing requests using the |
| 805 | ``public_bytes`` method of |
| 806 | :class:`~cryptography.x509.CertificateSigningRequest`. |
Andre Caron | a8aded6 | 2015-05-19 20:11:57 -0400 | [diff] [blame] | 807 | * Support serialization of certificates using the ``public_bytes`` method of |
| 808 | :class:`~cryptography.x509.Certificate`. |
Jiangge Zhang | 764f637 | 2015-06-05 18:01:22 +0800 | [diff] [blame] | 809 | * Add ``get_provisioning_uri`` method to |
| 810 | :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP` and |
| 811 | :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP` for generating |
| 812 | provisioning URIs. |
Paul Kehrer | 66f380c | 2015-06-12 11:23:34 -0500 | [diff] [blame] | 813 | * Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` |
| 814 | and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`. |
Ian Cordasco | ab94b90 | 2015-06-17 08:28:02 -0500 | [diff] [blame] | 815 | * Raise a ``TypeError`` when passing objects that are not text as the value to |
| 816 | :class:`~cryptography.x509.NameAttribute`. |
Paul Kehrer | 44171a2 | 2015-08-01 21:21:26 +0100 | [diff] [blame] | 817 | * Add support for :class:`~cryptography.x509.OtherName` as a general name |
| 818 | type. |
| 819 | * Added new X.509 extension support in :class:`~cryptography.x509.Certificate` |
| 820 | The following new extensions are now supported: |
| 821 | |
| 822 | * :class:`~cryptography.x509.OCSPNoCheck` |
| 823 | * :class:`~cryptography.x509.InhibitAnyPolicy` |
| 824 | * :class:`~cryptography.x509.IssuerAlternativeName` |
| 825 | * :class:`~cryptography.x509.NameConstraints` |
| 826 | |
| 827 | * Extension support was added to |
| 828 | :class:`~cryptography.x509.CertificateSigningRequest`. |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 829 | * Add support for creating signed certificates with |
| 830 | :class:`~cryptography.x509.CertificateBuilder`. This includes support for |
Paul Kehrer | e0ecfdc | 2015-08-06 10:53:15 +0100 | [diff] [blame] | 831 | the following extensions: |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 832 | |
| 833 | * :class:`~cryptography.x509.BasicConstraints` |
| 834 | * :class:`~cryptography.x509.SubjectAlternativeName` |
Paul Kehrer | e0ecfdc | 2015-08-06 10:53:15 +0100 | [diff] [blame] | 835 | * :class:`~cryptography.x509.KeyUsage` |
| 836 | * :class:`~cryptography.x509.ExtendedKeyUsage` |
| 837 | * :class:`~cryptography.x509.SubjectKeyIdentifier` |
| 838 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
| 839 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 840 | * :class:`~cryptography.x509.CRLDistributionPoints` |
Paul Kehrer | 683d4d8 | 2015-08-06 23:13:45 +0100 | [diff] [blame] | 841 | * :class:`~cryptography.x509.InhibitAnyPolicy` |
Paul Kehrer | 2dfd9da | 2015-08-10 21:30:23 -0500 | [diff] [blame] | 842 | * :class:`~cryptography.x509.IssuerAlternativeName` |
| 843 | * :class:`~cryptography.x509.OCSPNoCheck` |
Ian Cordasco | 46479d0 | 2015-08-03 08:30:20 -0500 | [diff] [blame] | 844 | |
Paul Kehrer | 91e385d | 2015-08-08 22:50:28 -0500 | [diff] [blame] | 845 | * Add support for creating certificate signing requests with |
| 846 | :class:`~cryptography.x509.CertificateSigningRequestBuilder`. This includes |
| 847 | support for the same extensions supported in the ``CertificateBuilder``. |
Paul Kehrer | 31c5c33 | 2015-08-10 11:59:38 -0500 | [diff] [blame] | 848 | * Deprecate ``encode_rfc6979_signature`` and ``decode_rfc6979_signature`` in |
| 849 | favor of |
| 850 | :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature` |
| 851 | and |
| 852 | :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. |
| 853 | |
Paul Kehrer | 91e385d | 2015-08-08 22:50:28 -0500 | [diff] [blame] | 854 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 855 | |
| 856 | .. _v0-9-3: |
| 857 | |
Paul Kehrer | 3bbda28 | 2015-07-09 09:48:23 -0500 | [diff] [blame] | 858 | 0.9.3 - 2015-07-09 |
| 859 | ~~~~~~~~~~~~~~~~~~ |
| 860 | |
| 861 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2d. |
| 862 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 863 | |
| 864 | .. _v0-9-2: |
| 865 | |
Paul Kehrer | 7b41163 | 2015-07-03 18:07:41 -0500 | [diff] [blame] | 866 | 0.9.2 - 2015-07-04 |
| 867 | ~~~~~~~~~~~~~~~~~~ |
| 868 | |
| 869 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2c. |
| 870 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 871 | |
| 872 | .. _v0-9-1: |
| 873 | |
Alex Gaynor | c4bb7d5 | 2015-06-06 17:27:14 -0400 | [diff] [blame] | 874 | 0.9.1 - 2015-06-06 |
| 875 | ~~~~~~~~~~~~~~~~~~ |
| 876 | |
| 877 | * **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA |
| 878 | to verify signatures. Note that this only affects PyPy 2.6.0 and (presently |
| 879 | unreleased) CFFI versions greater than 1.1.0. |
| 880 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 881 | |
| 882 | .. _v0-9: |
| 883 | |
Paul Kehrer | c486ed5 | 2015-05-13 17:59:31 -0500 | [diff] [blame] | 884 | 0.9 - 2015-05-13 |
| 885 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 8ce597b | 2015-03-09 00:01:17 -0500 | [diff] [blame] | 886 | |
Paul Kehrer | 741fccb | 2015-04-14 10:22:25 -0400 | [diff] [blame] | 887 | * Removed support for Python 3.2. This version of Python is rarely used |
| 888 | and caused support headaches. Users affected by this should upgrade to 3.3+. |
Alex Gaynor | 6e7f622 | 2015-03-29 21:51:38 -0400 | [diff] [blame] | 889 | * Deprecated support for Python 2.6. At the time there is no time table for |
| 890 | actually dropping support, however we strongly encourage all users to upgrade |
| 891 | their Python, as Python 2.6 no longer receives support from the Python core |
| 892 | team. |
Paul Kehrer | ebbeedf | 2015-05-08 18:13:14 -0500 | [diff] [blame] | 893 | * Add support for the |
| 894 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.SECP256K1` elliptic |
| 895 | curve. |
Alex Gaynor | 5d27d4d | 2015-04-04 14:56:02 -0500 | [diff] [blame] | 896 | * Fixed compilation when using an OpenSSL which was compiled with the |
| 897 | ``no-comp`` (``OPENSSL_NO_COMP``) option. |
Paul Kehrer | a2c4865 | 2015-03-10 15:48:37 -0500 | [diff] [blame] | 898 | * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` |
| 899 | serialization of public keys using the ``public_bytes`` method of |
Paul Kehrer | 1955ebf | 2015-03-10 08:38:57 -0500 | [diff] [blame] | 900 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`, |
| 901 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`, |
| 902 | and |
Paul Kehrer | a2c4865 | 2015-03-10 15:48:37 -0500 | [diff] [blame] | 903 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. |
Paul Kehrer | 919a5b2 | 2015-03-14 13:15:17 -0500 | [diff] [blame] | 904 | * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` |
| 905 | serialization of private keys using the ``private_bytes`` method of |
| 906 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`, |
| 907 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`, |
| 908 | and |
| 909 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. |
Paul Kehrer | a1a1f23 | 2015-03-15 15:34:35 -0500 | [diff] [blame] | 910 | * Add support for parsing X.509 certificate signing requests (CSRs) with |
Paul Kehrer | 1effb6e | 2015-03-30 15:05:59 -0500 | [diff] [blame] | 911 | :func:`~cryptography.x509.load_pem_x509_csr` and |
| 912 | :func:`~cryptography.x509.load_der_x509_csr`. |
Paul Kehrer | d14dcc5 | 2015-04-14 14:21:21 -0400 | [diff] [blame] | 913 | * Moved ``cryptography.exceptions.InvalidToken`` to |
| 914 | :class:`cryptography.hazmat.primitives.twofactor.InvalidToken` and deprecated |
| 915 | the old location. This was moved to minimize confusion between this exception |
| 916 | and :class:`cryptography.fernet.InvalidToken`. |
Paul Kehrer | aeb7720 | 2015-05-13 11:52:38 -0500 | [diff] [blame] | 917 | * Added support for X.509 extensions in :class:`~cryptography.x509.Certificate` |
| 918 | objects. The following extensions are supported as of this release: |
| 919 | |
| 920 | * :class:`~cryptography.x509.BasicConstraints` |
| 921 | * :class:`~cryptography.x509.AuthorityKeyIdentifier` |
| 922 | * :class:`~cryptography.x509.SubjectKeyIdentifier` |
| 923 | * :class:`~cryptography.x509.KeyUsage` |
| 924 | * :class:`~cryptography.x509.SubjectAlternativeName` |
| 925 | * :class:`~cryptography.x509.ExtendedKeyUsage` |
| 926 | * :class:`~cryptography.x509.CRLDistributionPoints` |
| 927 | * :class:`~cryptography.x509.AuthorityInformationAccess` |
| 928 | * :class:`~cryptography.x509.CertificatePolicies` |
| 929 | |
| 930 | Note that unsupported extensions with the critical flag raise |
Alex Gaynor | d08ddd5 | 2017-05-20 09:01:54 -0700 | [diff] [blame] | 931 | ``UnsupportedExtension`` while unsupported extensions set to non-critical are |
| 932 | silently ignored. Read the :doc:`X.509 documentation</x509/index>` for more |
| 933 | information. |
Paul Kehrer | 1955ebf | 2015-03-10 08:38:57 -0500 | [diff] [blame] | 934 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 935 | |
| 936 | .. _v0-8-2: |
| 937 | |
Paul Kehrer | 33906b8 | 2015-04-10 21:00:08 -0400 | [diff] [blame] | 938 | 0.8.2 - 2015-04-10 |
| 939 | ~~~~~~~~~~~~~~~~~~ |
| 940 | |
| 941 | * Fixed a race condition when initializing the OpenSSL or CommonCrypto backends |
| 942 | in a multi-threaded scenario. |
| 943 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 944 | |
| 945 | .. _v0-8-1: |
| 946 | |
Paul Kehrer | 41a750c | 2015-03-19 22:46:23 -0500 | [diff] [blame] | 947 | 0.8.1 - 2015-03-20 |
| 948 | ~~~~~~~~~~~~~~~~~~ |
| 949 | |
| 950 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2a. |
| 951 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 952 | |
| 953 | .. _v0-8: |
| 954 | |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 955 | 0.8 - 2015-03-08 |
| 956 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 08120d7 | 2014-12-17 21:37:58 -0600 | [diff] [blame] | 957 | |
Alex Gaynor | 5d66ca5 | 2014-12-25 18:39:39 -0800 | [diff] [blame] | 958 | * :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can |
| 959 | now load elliptic curve public keys. |
Paul Kehrer | 836b830 | 2015-01-18 09:42:58 -0600 | [diff] [blame] | 960 | * Added |
Paul Kehrer | 8802a5b | 2015-02-13 12:06:57 -0600 | [diff] [blame] | 961 | :attr:`~cryptography.x509.Certificate.signature_hash_algorithm` support to |
Paul Kehrer | b0a8039 | 2015-02-11 23:39:49 -0600 | [diff] [blame] | 962 | :class:`~cryptography.x509.Certificate`. |
| 963 | * Added |
Paul Kehrer | 836b830 | 2015-01-18 09:42:58 -0600 | [diff] [blame] | 964 | :func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factors` |
Paul Kehrer | 48402ff | 2015-02-16 15:31:52 -0600 | [diff] [blame] | 965 | * :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 966 | from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 48402ff | 2015-02-16 15:31:52 -0600 | [diff] [blame] | 967 | :mod:`~cryptography.hazmat.primitives.kdf`. |
Paul Kehrer | 719d536 | 2015-01-01 20:03:52 -0600 | [diff] [blame] | 968 | * Added support for parsing X.509 names. See the |
Alex Gaynor | 5e0da3a | 2015-07-12 10:35:56 -0500 | [diff] [blame] | 969 | :doc:`X.509 documentation</x509/index>` for more information. |
Paul Kehrer | 99a249d | 2015-01-04 15:55:22 -0600 | [diff] [blame] | 970 | * Added |
| 971 | :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` to |
| 972 | support loading of DER encoded private keys and |
| 973 | :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` to |
| 974 | support loading DER encoded public keys. |
Steven McDonald | 27e6b9c | 2015-02-18 16:37:03 +1100 | [diff] [blame] | 975 | * Fixed building against LibreSSL, a compile-time substitute for OpenSSL. |
Paul Kehrer | 77f540d | 2015-02-20 12:53:04 -0600 | [diff] [blame] | 976 | * FreeBSD 9.2 was removed from the continuous integration system. |
Paul Kehrer | f28dd45 | 2015-03-05 10:22:59 -0600 | [diff] [blame] | 977 | * Updated Windows wheels to be compiled against OpenSSL 1.0.2. |
Paul Kehrer | 7bfa22e | 2015-03-04 13:48:30 -0600 | [diff] [blame] | 978 | * :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` |
| 979 | and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` |
Paul Kehrer | 791afc0 | 2015-03-05 14:29:28 -0600 | [diff] [blame] | 980 | now support PKCS1 RSA public keys (in addition to the previous support for |
Paul Kehrer | 7bfa22e | 2015-03-04 13:48:30 -0600 | [diff] [blame] | 981 | SubjectPublicKeyInfo format for RSA, EC, and DSA). |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 982 | * Added |
Paul Kehrer | 59e5c86 | 2015-03-02 10:36:50 -0600 | [diff] [blame] | 983 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 984 | and deprecated ``EllipticCurvePrivateKeyWithNumbers``. |
Paul Kehrer | 59e5c86 | 2015-03-02 10:36:50 -0600 | [diff] [blame] | 985 | * Added |
| 986 | :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes` |
| 987 | to |
| 988 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. |
| 989 | * Added |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 990 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 991 | and deprecated ``RSAPrivateKeyWithNumbers``. |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 992 | * Added |
Paul Kehrer | 223a8f0 | 2015-02-28 18:54:10 -0600 | [diff] [blame] | 993 | :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes` |
Paul Kehrer | f83e25c | 2015-02-21 18:34:00 -0600 | [diff] [blame] | 994 | to |
| 995 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`. |
Paul Kehrer | ec34263 | 2015-03-01 16:53:58 -0600 | [diff] [blame] | 996 | * Added |
| 997 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 998 | and deprecated ``DSAPrivateKeyWithNumbers``. |
Paul Kehrer | ec34263 | 2015-03-01 16:53:58 -0600 | [diff] [blame] | 999 | * Added |
| 1000 | :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes` |
| 1001 | to |
| 1002 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`. |
Paul Kehrer | 3f157e0 | 2015-02-28 11:31:06 -0600 | [diff] [blame] | 1003 | * Added |
| 1004 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1005 | and deprecated ``RSAPublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 1006 | * Added ``public_bytes`` to |
Paul Kehrer | 3f157e0 | 2015-02-28 11:31:06 -0600 | [diff] [blame] | 1007 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`. |
Paul Kehrer | 419615b | 2015-03-05 21:01:16 -0600 | [diff] [blame] | 1008 | * Added |
| 1009 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1010 | and deprecated ``EllipticCurvePublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 1011 | * Added ``public_bytes`` to |
Paul Kehrer | 419615b | 2015-03-05 21:01:16 -0600 | [diff] [blame] | 1012 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. |
Paul Kehrer | 26006c5 | 2015-03-08 18:27:11 -0500 | [diff] [blame] | 1013 | * Added |
| 1014 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization` |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1015 | and deprecated ``DSAPublicKeyWithNumbers``. |
Paul Kehrer | 8ea90ef | 2015-07-04 16:26:58 -0500 | [diff] [blame] | 1016 | * Added ``public_bytes`` to |
Paul Kehrer | 26006c5 | 2015-03-08 18:27:11 -0500 | [diff] [blame] | 1017 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`. |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1018 | * :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and |
| 1019 | :class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1020 | ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1021 | :mod:`~cryptography.hazmat.primitives.hashes`. |
| 1022 | * :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`, |
| 1023 | :class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`, |
| 1024 | :class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`, |
| 1025 | :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and |
| 1026 | :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm` |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1027 | were moved from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1028 | :mod:`~cryptography.hazmat.primitives.ciphers`. |
| 1029 | * :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`, |
| 1030 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`, |
| 1031 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and |
| 1032 | :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag` |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1033 | were moved from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1034 | :mod:`~cryptography.hazmat.primitives.ciphers.modes`. |
| 1035 | * :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1036 | from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1037 | :mod:`~cryptography.hazmat.primitives.padding`. |
| 1038 | * |
| 1039 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding` |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1040 | was moved from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1041 | :mod:`~cryptography.hazmat.primitives.asymmetric.padding`. |
Paul Kehrer | 1a5d70e | 2017-06-03 17:11:55 -1000 | [diff] [blame] | 1042 | * ``AsymmetricSignatureContext`` and ``AsymmetricVerificationContext`` |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1043 | were moved from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 1a5d70e | 2017-06-03 17:11:55 -1000 | [diff] [blame] | 1044 | ``cryptography.hazmat.primitives.asymmetric``. |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1045 | * :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`, |
| 1046 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`, |
| 1047 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1048 | ``DSAPrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1049 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1050 | ``DSAPublicKeyWithNumbers`` were moved from |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1051 | ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1052 | :mod:`~cryptography.hazmat.primitives.asymmetric.dsa` |
| 1053 | * :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`, |
| 1054 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`, |
| 1055 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1056 | ``EllipticCurvePrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1057 | :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1058 | and ``EllipticCurvePublicKeyWithNumbers`` |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1059 | were moved from ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1060 | :mod:`~cryptography.hazmat.primitives.asymmetric.ec`. |
| 1061 | * :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1062 | ``RSAPrivateKeyWithNumbers``, |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1063 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and |
Paul Kehrer | c0dd53e | 2015-07-04 11:27:27 -0500 | [diff] [blame] | 1064 | ``RSAPublicKeyWithNumbers`` were moved from |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1065 | ``cryptography.hazmat.primitives.interfaces`` to |
Paul Kehrer | 5dc4b88 | 2015-03-08 18:19:50 -0500 | [diff] [blame] | 1066 | :mod:`~cryptography.hazmat.primitives.asymmetric.rsa`. |
Alex Gaynor | 5d66ca5 | 2014-12-25 18:39:39 -0800 | [diff] [blame] | 1067 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1068 | |
| 1069 | .. _v0-7-2: |
| 1070 | |
Paul Kehrer | 72572f9 | 2015-01-16 08:10:12 -0600 | [diff] [blame] | 1071 | 0.7.2 - 2015-01-16 |
| 1072 | ~~~~~~~~~~~~~~~~~~ |
| 1073 | |
| 1074 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1l. |
| 1075 | * ``enum34`` is no longer installed on Python 3.4, where it is included in |
| 1076 | the standard library. |
| 1077 | * Added a new function to the OpenSSL bindings to support additional |
| 1078 | functionality in pyOpenSSL. |
| 1079 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1080 | |
| 1081 | .. _v0-7-1: |
| 1082 | |
Paul Kehrer | 842e58a | 2014-12-28 15:17:39 -0700 | [diff] [blame] | 1083 | 0.7.1 - 2014-12-28 |
| 1084 | ~~~~~~~~~~~~~~~~~~ |
| 1085 | |
| 1086 | * Fixed an issue preventing compilation on platforms where ``OPENSSL_NO_SSL3`` |
| 1087 | was defined. |
| 1088 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1089 | |
| 1090 | .. _v0-7: |
| 1091 | |
Paul Kehrer | e813509 | 2014-12-17 14:20:40 -0600 | [diff] [blame] | 1092 | 0.7 - 2014-12-17 |
| 1093 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 9868133 | 2014-09-29 21:43:57 -0500 | [diff] [blame] | 1094 | |
Alex Gaynor | df6a5cd | 2014-11-07 09:36:47 -0300 | [diff] [blame] | 1095 | * Cryptography has been relicensed from the Apache Software License, Version |
| 1096 | 2.0, to being available under *either* the Apache Software License, Version |
| 1097 | 2.0, or the BSD license. |
Alex Gaynor | 4c82513 | 2014-10-20 21:27:08 -0700 | [diff] [blame] | 1098 | * Added key-rotation support to :doc:`Fernet </fernet>` with |
| 1099 | :class:`~cryptography.fernet.MultiFernet`. |
Paul Kehrer | 214d91d | 2014-12-18 07:20:04 -0600 | [diff] [blame] | 1100 | * More bit-lengths are now supported for ``p`` and ``q`` when loading DSA keys |
Alex Gaynor | a438e83 | 2014-10-19 19:47:05 -0700 | [diff] [blame] | 1101 | from numbers. |
Paul Kehrer | 7bc3686 | 2017-05-29 10:13:35 -0500 | [diff] [blame] | 1102 | * Added :class:`~cryptography.hazmat.primitives.mac.MACContext` as a |
Paul Kehrer | ebee006 | 2015-03-07 12:34:33 -0600 | [diff] [blame] | 1103 | common interface for CMAC and HMAC and deprecated ``CMACContext``. |
Paul Kehrer | b3a3e5c | 2014-11-27 11:27:32 -1000 | [diff] [blame] | 1104 | * Added support for encoding and decoding :rfc:`6979` signatures in |
| 1105 | :doc:`/hazmat/primitives/asymmetric/utils`. |
Mark Adams | 78a7d1c | 2014-12-12 23:13:12 -0600 | [diff] [blame] | 1106 | * Added |
Alex Gaynor | 993b85a | 2014-12-15 10:42:45 -0800 | [diff] [blame] | 1107 | :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to |
Paul Kehrer | e813509 | 2014-12-17 14:20:40 -0600 | [diff] [blame] | 1108 | support the loading of OpenSSH public keys (:rfc:`4253`). Only RSA and DSA |
| 1109 | keys are currently supported. |
Paul Kehrer | e76cd27 | 2014-12-14 19:00:51 -0600 | [diff] [blame] | 1110 | * Added initial support for X.509 certificate parsing. See the |
Alex Gaynor | 5e0da3a | 2015-07-12 10:35:56 -0500 | [diff] [blame] | 1111 | :doc:`X.509 documentation</x509/index>` for more information. |
Terry Chia | c7c82f3 | 2014-10-20 12:15:22 +0800 | [diff] [blame] | 1112 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1113 | |
| 1114 | .. _v0-6-1: |
| 1115 | |
Paul Kehrer | 555b150 | 2014-10-15 23:24:57 -0500 | [diff] [blame] | 1116 | 0.6.1 - 2014-10-15 |
| 1117 | ~~~~~~~~~~~~~~~~~~ |
| 1118 | |
| 1119 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1j. |
| 1120 | * Fixed an issue where OpenSSL 1.0.1j changed the errors returned by some |
| 1121 | functions. |
| 1122 | * Added our license file to the ``cryptography-vectors`` package. |
| 1123 | * Implemented DSA hash truncation support (per FIPS 186-3) in the OpenSSL |
| 1124 | backend. This works around an issue in 1.0.0, 1.0.0a, and 1.0.0b where |
| 1125 | truncation was not implemented. |
| 1126 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1127 | |
| 1128 | .. _v0-6: |
| 1129 | |
Paul Kehrer | c3f11d8 | 2014-09-29 20:31:15 -0500 | [diff] [blame] | 1130 | 0.6 - 2014-09-29 |
| 1131 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 1757fe3 | 2014-07-07 22:29:23 -0500 | [diff] [blame] | 1132 | |
Alex Gaynor | ef82334 | 2014-09-27 12:04:22 -0400 | [diff] [blame] | 1133 | * Added |
| 1134 | :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` to |
| 1135 | ease loading private keys, and |
| 1136 | :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` to |
| 1137 | support loading public keys. |
Alex Gaynor | 1658f94 | 2014-07-08 00:02:37 -0700 | [diff] [blame] | 1138 | * Removed the, deprecated in 0.4, support for the ``salt_length`` argument to |
| 1139 | the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` |
| 1140 | constructor. The ``salt_length`` should be passed to |
| 1141 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead. |
Paul Kehrer | f4fbf39 | 2014-08-21 08:36:49 -1000 | [diff] [blame] | 1142 | * Fix compilation on OS X Yosemite. |
Paul Kehrer | 77e95a0 | 2014-09-25 12:28:07 -0500 | [diff] [blame] | 1143 | * Deprecated ``elliptic_curve_private_key_from_numbers`` and |
| 1144 | ``elliptic_curve_public_key_from_numbers`` in favor of |
| 1145 | ``load_elliptic_curve_private_numbers`` and |
| 1146 | ``load_elliptic_curve_public_numbers`` on |
| 1147 | :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1148 | * Added ``EllipticCurvePrivateKeyWithNumbers`` and |
| 1149 | ``EllipticCurvePublicKeyWithNumbers`` support. |
Paul Kehrer | f378e40 | 2014-09-27 11:28:42 -0500 | [diff] [blame] | 1150 | * Work around three GCM related bugs in CommonCrypto and OpenSSL. |
Paul Kehrer | 4c77365 | 2014-09-27 11:26:02 -0500 | [diff] [blame] | 1151 | |
| 1152 | * On the CommonCrypto backend adding AAD but not subsequently calling update |
| 1153 | would return null tag bytes. |
| 1154 | |
| 1155 | * One the CommonCrypto backend a call to update without an empty add AAD call |
| 1156 | would return null ciphertext bytes. |
| 1157 | |
| 1158 | * On the OpenSSL backend with certain versions adding AAD only would give |
| 1159 | invalid tag bytes. |
| 1160 | |
| 1161 | * Support loading EC private keys from PEM. |
Alex Gaynor | 1658f94 | 2014-07-08 00:02:37 -0700 | [diff] [blame] | 1162 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1163 | |
| 1164 | .. _v0-5-4: |
| 1165 | |
Paul Kehrer | 01f0c67 | 2014-08-20 20:15:18 -1000 | [diff] [blame] | 1166 | 0.5.4 - 2014-08-20 |
| 1167 | ~~~~~~~~~~~~~~~~~~ |
| 1168 | |
| 1169 | * Added several functions to the OpenSSL bindings to support new |
| 1170 | functionality in pyOpenSSL. |
| 1171 | * Fixed a redefined constant causing compilation failure with Solaris 11.2. |
| 1172 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1173 | |
| 1174 | .. _v0-5-3: |
| 1175 | |
Paul Kehrer | 86cf5b1 | 2014-08-07 05:38:17 -1000 | [diff] [blame] | 1176 | 0.5.3 - 2014-08-06 |
| 1177 | ~~~~~~~~~~~~~~~~~~ |
| 1178 | |
| 1179 | * Updated Windows wheels to be compiled against OpenSSL 1.0.1i. |
| 1180 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1181 | |
| 1182 | .. _v0-5-2: |
| 1183 | |
Paul Kehrer | 2456e66 | 2014-07-09 19:51:32 -0500 | [diff] [blame] | 1184 | 0.5.2 - 2014-07-09 |
| 1185 | ~~~~~~~~~~~~~~~~~~ |
| 1186 | |
Paul Kehrer | a4668c6 | 2017-05-20 13:25:47 -0700 | [diff] [blame] | 1187 | * Add ``TraditionalOpenSSLSerializationBackend`` support to ``multibackend``. |
Paul Kehrer | 2456e66 | 2014-07-09 19:51:32 -0500 | [diff] [blame] | 1188 | * Fix compilation error on OS X 10.8 (Mountain Lion). |
| 1189 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1190 | |
| 1191 | .. _v0-5-1: |
| 1192 | |
Paul Kehrer | f092d73 | 2014-07-07 19:42:15 -0500 | [diff] [blame] | 1193 | 0.5.1 - 2014-07-07 |
| 1194 | ~~~~~~~~~~~~~~~~~~ |
| 1195 | |
Paul Kehrer | a4668c6 | 2017-05-20 13:25:47 -0700 | [diff] [blame] | 1196 | * Add ``PKCS8SerializationBackend`` support to ``multibackend``. |
Paul Kehrer | f092d73 | 2014-07-07 19:42:15 -0500 | [diff] [blame] | 1197 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1198 | |
| 1199 | .. _v0-5: |
| 1200 | |
Paul Kehrer | 3c6a239 | 2014-07-07 08:29:07 -0500 | [diff] [blame] | 1201 | 0.5 - 2014-07-07 |
| 1202 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 50a0485 | 2014-05-03 08:57:13 -0500 | [diff] [blame] | 1203 | |
Alex Gaynor | 8f1b8e8 | 2014-06-29 20:43:29 -0700 | [diff] [blame] | 1204 | * **BACKWARDS INCOMPATIBLE:** |
| 1205 | :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` no longer allows |
| 1206 | truncation of tags by default. Previous versions of ``cryptography`` allowed |
| 1207 | tags to be truncated by default, applications wishing to preserve this |
Alex Gaynor | 4efe61a | 2014-06-29 20:44:53 -0700 | [diff] [blame] | 1208 | behavior (not recommended) can pass the ``min_tag_length`` argument. |
Paul Kehrer | 8987bcb | 2014-07-06 09:28:29 -0500 | [diff] [blame] | 1209 | * Windows builds now statically link OpenSSL by default. When installing a |
Paul Kehrer | 3df9a31 | 2014-07-06 09:25:29 -0500 | [diff] [blame] | 1210 | wheel on Windows you no longer need to install OpenSSL separately. Windows |
| 1211 | users can switch between static and dynamic linking with an environment |
| 1212 | variable. See :doc:`/installation` for more details. |
Paul Kehrer | 88bac25 | 2014-05-21 12:42:13 -0500 | [diff] [blame] | 1213 | * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`. |
Paul Kehrer | 2a947c4 | 2014-05-15 17:22:08 -0400 | [diff] [blame] | 1214 | * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support |
| 1215 | for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and |
| 1216 | :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on |
Paul Kehrer | 5103235 | 2017-05-20 10:09:02 -0700 | [diff] [blame] | 1217 | ``commoncrypto`` and :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 055f960 | 2014-05-20 23:21:26 -0500 | [diff] [blame] | 1218 | * Added ``AES`` :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR` |
| 1219 | support to the OpenSSL backend when linked against 0.9.8. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1220 | * Added ``PKCS8SerializationBackend`` and |
| 1221 | ``TraditionalOpenSSLSerializationBackend`` support to the |
| 1222 | :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 21fc582 | 2014-07-04 09:28:55 -0500 | [diff] [blame] | 1223 | * Added :doc:`/hazmat/primitives/asymmetric/ec` and |
| 1224 | :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. |
Paul Kehrer | d1bac5e | 2014-06-13 12:34:49 -0500 | [diff] [blame] | 1225 | * Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support |
| 1226 | for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on |
Paul Kehrer | 5103235 | 2017-05-20 10:09:02 -0700 | [diff] [blame] | 1227 | ``commoncrypto`` and :doc:`/hazmat/backends/openssl`. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1228 | * Deprecated the concrete ``RSAPrivateKey`` class in favor of backend |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 1229 | specific providers of the |
| 1230 | :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 1231 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1232 | * Deprecated the concrete ``RSAPublicKey`` in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 1233 | providers of the |
| 1234 | :class:`cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` |
| 1235 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1236 | * Deprecated the concrete ``DSAPrivateKey`` class in favor of backend |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 1237 | specific providers of the |
| 1238 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` |
| 1239 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1240 | * Deprecated the concrete ``DSAPublicKey`` class in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 1241 | providers of the |
| 1242 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` |
| 1243 | interface. |
Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 1244 | * Deprecated the concrete ``DSAParameters`` class in favor of backend specific |
Paul Kehrer | a10be69 | 2015-02-12 12:58:27 -0600 | [diff] [blame] | 1245 | providers of the |
| 1246 | :class:`cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters` |
| 1247 | interface. |
Paul Kehrer | f2fb02a | 2014-06-19 10:16:42 -0600 | [diff] [blame] | 1248 | * Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and |
| 1249 | ``create_rsa_verification_ctx`` on |
| 1250 | :class:`~cryptography.hazmat.backends.interfaces.RSABackend`. |
Paul Kehrer | 1262be2 | 2014-06-26 16:16:50 -0600 | [diff] [blame] | 1251 | * Deprecated ``create_dsa_signature_ctx`` and ``create_dsa_verification_ctx`` |
| 1252 | on :class:`~cryptography.hazmat.backends.interfaces.DSABackend`. |
Paul Kehrer | bb91c81 | 2014-05-12 15:03:04 -0400 | [diff] [blame] | 1253 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1254 | |
| 1255 | .. _v0-4: |
| 1256 | |
Paul Kehrer | 9586201 | 2014-05-01 16:48:05 -0500 | [diff] [blame] | 1257 | 0.4 - 2014-05-03 |
| 1258 | ~~~~~~~~~~~~~~~~ |
Paul Kehrer | 3d4eb6e | 2014-03-27 16:27:31 -0500 | [diff] [blame] | 1259 | |
Paul Kehrer | ba98745 | 2014-04-02 17:12:26 -0500 | [diff] [blame] | 1260 | * Deprecated ``salt_length`` on |
| 1261 | :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` and added it |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 1262 | to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will |
Alex Gaynor | 2e49f21 | 2014-07-12 10:58:30 -0700 | [diff] [blame] | 1263 | be removed from ``MGF1`` in two releases per our :doc:`/api-stability` |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 1264 | policy. |
| 1265 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED` |
| 1266 | support. |
Ayrx | 9bea937 | 2014-04-22 21:00:34 +0800 | [diff] [blame] | 1267 | * Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 1268 | * Added decryption support to |
| 1269 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 1270 | and encryption support to |
| 1271 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. |
Paul Kehrer | 80950e5 | 2014-05-01 16:48:55 -0500 | [diff] [blame] | 1272 | * Added signature support to |
| 1273 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` |
| 1274 | and verification support to |
| 1275 | :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`. |
Ayrx | 9bea937 | 2014-04-22 21:00:34 +0800 | [diff] [blame] | 1276 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1277 | |
| 1278 | .. _v0-3: |
| 1279 | |
Paul Kehrer | 9c2a11b | 2014-03-27 13:16:57 -0500 | [diff] [blame] | 1280 | 0.3 - 2014-03-27 |
| 1281 | ~~~~~~~~~~~~~~~~ |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1282 | |
| 1283 | * Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`. |
David Reid | eea08d9 | 2014-02-25 11:06:09 -0800 | [diff] [blame] | 1284 | * Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`. |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 1285 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` |
| 1286 | support. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 1287 | * Added signature support to |
| 1288 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` |
| 1289 | and verification support to |
| 1290 | :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. |
Paul Kehrer | 1592e5b | 2014-03-27 14:29:38 -0500 | [diff] [blame] | 1291 | * Moved test vectors to the new ``cryptography_vectors`` package. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1292 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1293 | |
| 1294 | .. _v0-2-2: |
| 1295 | |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 1296 | 0.2.2 - 2014-03-03 |
| 1297 | ~~~~~~~~~~~~~~~~~~ |
| 1298 | |
Alex Gaynor | 9963cb3 | 2014-07-12 09:35:33 -0700 | [diff] [blame] | 1299 | * Removed a constant definition that was causing compilation problems with |
| 1300 | specific versions of OpenSSL. |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 1301 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1302 | |
| 1303 | .. _v0-2-1: |
| 1304 | |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1305 | 0.2.1 - 2014-02-22 |
| 1306 | ~~~~~~~~~~~~~~~~~~ |
Paul Kehrer | 7f711ee | 2014-03-03 23:58:45 -0400 | [diff] [blame] | 1307 | |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 1308 | * Fix a bug where importing cryptography from multiple paths could cause |
| 1309 | initialization to fail. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1310 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1311 | |
| 1312 | .. _v0-2: |
| 1313 | |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1314 | 0.2 - 2014-02-20 |
| 1315 | ~~~~~~~~~~~~~~~~ |
| 1316 | |
Paul Kehrer | 5103235 | 2017-05-20 10:09:02 -0700 | [diff] [blame] | 1317 | * Added ``commoncrypto``. |
| 1318 | * Added initial ``commoncrypto``. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1319 | * Removed ``register_cipher_adapter`` method from |
| 1320 | :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`. |
| 1321 | * Added support for the OpenSSL backend under Windows. |
| 1322 | * Improved thread-safety for the OpenSSL backend. |
| 1323 | * Fixed compilation on systems where OpenSSL's ``ec.h`` header is not |
| 1324 | available, such as CentOS. |
| 1325 | * Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`. |
| 1326 | * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. |
Paul Kehrer | a4668c6 | 2017-05-20 13:25:47 -0700 | [diff] [blame] | 1327 | * Added ``multibackend``. |
Alex Gaynor | cd58b93 | 2014-05-01 23:11:06 -0700 | [diff] [blame] | 1328 | * Set default random for the :doc:`/hazmat/backends/openssl` to the OS |
| 1329 | random engine. |
| 1330 | * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5` |
| 1331 | (CAST-128) support. |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1332 | |
Christian Heimes | 765e771 | 2017-08-03 16:08:09 +0200 | [diff] [blame] | 1333 | |
| 1334 | .. _v0-1: |
| 1335 | |
Matthew Iversen | 69a6fad | 2014-02-25 02:10:44 +1100 | [diff] [blame] | 1336 | 0.1 - 2014-01-08 |
| 1337 | ~~~~~~~~~~~~~~~~ |
| 1338 | |
| 1339 | * Initial release. |
| 1340 | |
Alex Stapleton | b9df278 | 2014-03-17 08:09:41 +0000 | [diff] [blame] | 1341 | .. _`master`: https://github.com/pyca/cryptography/ |
Alex Gaynor | 988df9b | 2016-04-28 10:57:16 -0400 | [diff] [blame] | 1342 | .. _`cffi`: https://cffi.readthedocs.io/ |