Cryptography

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Elliptic Curve signature verification no longer
returns ``True`` on success. This brings it in line with the interface's
documentation, and our intent. The correct way to use
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify`
has always been to check whether or not
:class:`~cryptography.exceptions.InvalidSignature` was raised.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.7 and 10.8.
* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.3.
* Python 3.3 support has been deprecated, and will be removed in the next
``cryptography`` release.
* Add support for providing ``tag`` during
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` finalization via
:meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`.
* Fixed an issue preventing ``cryptography`` from compiling against
LibreSSL 2.5.x.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size`
as convenience methods for determining the bit size of a secret scalar for
the curve.
* Accessing an unrecognized extension marked critical on an X.509 object will
no longer raise an ``UnsupportedExtension`` exception, instead an
:class:`~cryptography.x509.UnrecognizedExtension` object will be returned.
This behavior was based on a poor reading of the RFC, unknown critical
extensions only need to be rejected on certificate verification.
* The CommonCrypto backend has been removed.
* MultiBackend has been removed.
* ``Whirlpool`` and ``RIPEMD160`` have been deprecated.


.. _v1-8-2:

~~~~~~~~~~~~~~~~~~

* Fixed a compilation bug affecting OpenSSL 1.1.0f.
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.


.. _v1-8-1:

~~~~~~~~~~~~~~~~~~

* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.


.. _v1-8:

~~~~~~~~~~~~~~~~

* Added support for Python 3.6.
* Windows and macOS wheels now link against OpenSSL 1.1.0.
* macOS wheels are no longer universal. This change significantly shrinks the
size of the wheels. Users on macOS 32-bit Python (if there are any) should
migrate to 64-bit or build their own packages.
* Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a
general performance increase when encoding/decoding ASN.1 structures. Also,
the ``pyasn1_modules`` test dependency is no longer required.
* Added support for
:meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey.public_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`.
* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
now require that ``password`` must be bytes if provided. Previously this
was documented but not enforced.
* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.


.. _v1-7-2:

~~~~~~~~~~~~~~~~~~

* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.


.. _v1-7-1:

~~~~~~~~~~~~~~~~~~

* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.


.. _v1-7: