Cryptography

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1g.

.. _v2-9:

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for LibreSSL 2.6.x has been removed.
* Removed support for calling
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
with no arguments, as per our deprecation policy. You must now pass
``encoding`` and ``format``.
* **BACKWARDS INCOMPATIBLE:** Reversed the order in which
:meth:`~cryptography.x509.Name.rfc4514_string` returns the RDNs
as required by :rfc:`4514`.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1f.
* Added support for parsing
:attr:`~cryptography.x509.ocsp.OCSPResponse.single_extensions` in an OCSP
response.
* :class:`~cryptography.x509.NameAttribute` values can now be empty strings.

.. _v2-8:

~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1d.
* Added support for Python 3.8.
* Added class methods
:meth:`Poly1305.generate_tag
<cryptography.hazmat.primitives.poly1305.Poly1305.generate_tag>`
and
:meth:`Poly1305.verify_tag
<cryptography.hazmat.primitives.poly1305.Poly1305.verify_tag>`
for Poly1305 sign and verify operations.
* Deprecated support for OpenSSL 1.0.1. Support will be removed in
``cryptography`` 2.9.
* We now ship ``manylinux2010`` wheels in addition to our ``manylinux1``
wheels.
* Added support for ``ed25519`` and ``ed448`` keys in the
:class:`~cryptography.x509.CertificateBuilder`,
:class:`~cryptography.x509.CertificateSigningRequestBuilder`,
:class:`~cryptography.x509.CertificateRevocationListBuilder` and
:class:`~cryptography.x509.ocsp.OCSPResponseBuilder`.
* ``cryptography`` no longer depends on ``asn1crypto``.
* :class:`~cryptography.x509.FreshestCRL` is now allowed as a
:class:`~cryptography.x509.CertificateRevocationList` extension.

.. _v2-7:

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Removed the
``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and
``HMAC`` APIs have not changed, but they are no longer registered as
``MACContext`` instances.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1c.
* Removed support for running our tests with ``setup.py test``. Users
interested in running our tests can continue to follow the directions in our
:doc:`development documentation</development/getting-started>`.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with ``Encoding.OpenSSH`` and ``PublicFormat.OpenSSH``
in
:meth:`Ed25519PublicKey.public_bytes
<cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>`
.
* Correctly allow passing a ``SubjectKeyIdentifier`` to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an ``Extension`` object. The documentation always
required ``SubjectKeyIdentifier`` but the implementation previously
required an ``Extension``.

.. _v2-6-1:

~~~~~~~~~~~~~~~~~~

* Resolved an error in our build infrastructure that broke our Python3 wheels
for macOS and Linux.

.. _v2-6:

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Removed
``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature``
and
``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``,
which had been deprecated for nearly 4 years. Use
:func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`
and
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`
instead.
* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``,
which had been deprecated for nearly 3 years. Use
:attr:`~cryptography.x509.Certificate.serial_number` instead.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1b.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed448` when using
OpenSSL 1.1.1b or newer.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed25519` when using
OpenSSL 1.1.1b or newer.
* :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can
now load ``ed25519`` public keys.
* Add support for easily mapping an object identifier to its elliptic curve
class via
:func:`~cryptography.hazmat.primitives.asymmetric.ec.get_curve_for_oid`.
* Add support for OpenSSL when compiled with the ``no-engine``
(``OPENSSL_NO_ENGINE``) flag.

.. _v2-5: