Cryptography

~~~~~~~~~~~~~~~~~~~


* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
``cryptography`` links OpenSSL has changed. This only impacts users who
build ``cryptography`` from source (i.e., not from a ``wheel``), and
specify their own version of OpenSSL. For those users, the ``CFLAGS``,
``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS``
environment variables are no longer valid. Instead, users need to configure
their builds `as documented here`_.
* Support for Python 3.6 is deprecated and will be removed in the next
release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0.
In the next release we will raise MSRV to 1.56.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated support for OpenSSL less than 1.1.1d. The next release of
``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
* The minimum supported version of PyPy3 is now 7.3.10.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
* Added support for parsing SSH certificates in addition to public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`.
* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to
:class:`~cryptography.x509.Certificate`.
* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that
:class:`~cryptography.x509.DNSName` constraints do not contain any ``*``
wildcards.
* Removed many unused CFFI OpenSSL bindings. This will not impact you unless
you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that
these have never been considered a stable, supported, public API by
``cryptography``, this note is included as a courtesy.
* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of
``ValueError`` if an unsupported hash algorithm is passed.
* Added public union type aliases for type hinting:

* Asymmetric types:
:const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`.
* SSH keys:
:const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`.
* PKCS12:
:const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes`
* PKCS7:
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`,
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`.
* Two-factor:
:const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes`

* Deprecated previously undocumented but not private type aliases in the
``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new
ones above.


.. _v39-0-2:

~~~~~~~~~~~~~~~~~~~

* Fixed a bug where the content type header was not properly encoded for
PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding.


.. _v39-0-1:

~~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.

.. _v39-0-0:

~~~~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
minimum LibreSSL version is 3.5.0. Going forward our policy is to support
versions of LibreSSL that are available in versions of OpenBSD that are
still receiving security support.
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
``from_encoded_point`` methods on
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
which had been deprecated for several years.
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
should be used instead.
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
:class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
PKCS7 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS
users must upgrade to 10.12 or newer.
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change
the way we link OpenSSL. This will only impact users who build
``cryptography`` from source (i.e., not from a ``wheel``), and specify their
own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
variables will no longer be respected. Instead, users will need to
configure their builds `as documented here`_.
* Added support for
:ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`.
* Added support for disabling RSA key validation checks when loading RSA
keys via
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
and
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`.
This speeds up key loading but is :term:`unsafe` if you are loading potentially
attacker supplied keys.
* Significantly improved performance for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
when repeatedly calling ``encrypt`` or ``decrypt`` with the same key.
* Added support for creating OCSP requests with precomputed hashes using
:meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
* Added support for loading multiple PEM-encoded X.509 certificates from
a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.

.. _v38-0-4:

~~~~~~~~~~~~~~~~~~~

* Fixed compilation when using LibreSSL 3.6.0.
* Fixed error when using ``py2app`` to build an application with a
``cryptography`` dependency.

.. _v38-0-3:

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
which resolves *CVE-2022-3602* and *CVE-2022-3786*.

.. _v38-0-2: