- update to 45.0.5:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.1.
* Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
is not considered secure, and is supported only for backwards
compatibility.)
* Fixed decrypting PKCS#8 files encrypted with long salts (this
impacts keys encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
While wildly insecure, this remains prevalent.
* Fixed using mypy with cryptography on older versions of
Python.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.0.
* Support for Python 3.7 is deprecated and will be removed in
the next cryptography release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0,
from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores
in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
2.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using
AES-256 as the content algorithm, in addition to AES-128.
* BACKWARDS INCOMPATIBLE: Made SSH private key loading more
consistent with other private key loading: :func:`~cryptograp
hy.hazmat.primitives.serialization.load_ssh_private_key` now
OBS-URL: https://build.opensuse.org/request/show/1292428
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=102
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.1.
* Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
is not considered secure, and is supported only for backwards
compatibility.)
* Fixed decrypting PKCS#8 files encrypted with long salts (this
impacts keys encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
While wildly insecure, this remains prevalent.
* Fixed using mypy with cryptography on older versions of
Python.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.0.
* Support for Python 3.7 is deprecated and will be removed in
the next cryptography release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0,
from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores
in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
2.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using
AES-256 as the content algorithm, in addition to AES-128.
* BACKWARDS INCOMPATIBLE: Made SSH private key loading more
consistent with other private key loading: :func:`~cryptograp
hy.hazmat.primitives.serialization.load_ssh_private_key` now
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=249
- Update to version 44.0.0:
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
OBS-URL: https://build.opensuse.org/request/show/1242838
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=98
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=238
- update to 43.0.0:
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/request/show/1189786
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=91
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=220
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
OBS-URL: https://build.opensuse.org/request/show/1149625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=86
- update to 41.0.5:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL``
release.
parameters in X.509 certificates, which are
* Fixed error when using py2app to build an application with a cryptography dependency.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
- split tests in a multibuild variant to optimize rebuild time a bit
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
- drop disable-RustExtension.patch: building rust extension now
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
signature.
* wheels compiled with OpenSSL 1.1.1h.
- Removed support for calling public_bytes() with no arguments, as per
* BACKWARDS INCOMPATIBLE:
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
which had been deprecated for nearly 4 years. Use encode_dss_signature()
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
* Add support for easily mapping an object identifier to its elliptic curve
* Add support for OpenSSL when compiled with the no-engine
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
but this version removes the default idna dependency as well. If you still
need this deprecated path please install cryptography with the idna extra:
* Numerous classes and functions have been updated to allow bytes-like
types for keying material and passwords, including symmetric algorithms,
* Added rfc4514_string() method to x509.Name,
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
OBS-URL: https://build.opensuse.org/request/show/1124982
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=84
- update to 41.0.2:
* Fixed bugs in creating and parsing SSH certificates where
critical options with values were handled incorrectly.
Certificates are now created correctly and parsing accepts
correct values as well as the previously generated
invalid forms with a warning. In the next release, support
for parsing these invalid forms will be removed.
- remove patch remove_python_3_6_deprecation_warning.patch as the
warning was already removed upstream
- Add no-pytest_benchmark.patch, which remove dependency on
pytest-benchmark and coveralls (We don't need no benchmarking
and coverage measurement; bsc#1213005).
OBS-URL: https://build.opensuse.org/request/show/1098185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=79
- update to 41.0.1 (bsc#1212568):
* Temporarily allow invalid ECDSA signature algorithm
parameters in X.509 certificates, which are
generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private
keys.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than
1.1.1d has been removed. Users on older version of
OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been
removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL <
3.6.
* Updated the minimum supported Rust version (MSRV) to 1.56.0,
from 1.48.0.
* Added support for the
:class:`~cryptography.x509.OCSPAcceptableResponses`
OCSP extension.
* Added support for the
:class:`~cryptography.x509.MSCertificateTemplate`
proprietary Microsoft certificate extension.
* Implemented support for equality checks on all asymmetric
public key types.
* Added support for ``aes256-gcm@openssh.com`` encrypted keys
in :func:`~cryptography.hazmat.primitives.serialization.load_ssh
_private_key`.
* Added support for obtaining X.509 certificate signature
algorithm parameters (including PSS)
OBS-URL: https://build.opensuse.org/request/show/1095411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=78
- update to 40.0.1:
* Support for Python 3.6 is deprecated and will be removed in
the next release.
* Deprecated the current minimum supported Rust version (MSRV)
of 1.48.0. In the next release we will raise MSRV to 1.56.0.
Users with the latest ``pip`` will typically get a wheel
and not need Rust installed
* Deprecated support for OpenSSL less than 1.1.1d. The next
release of ``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_s
sh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_s
sh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP
ublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP
rivateKey`.
* Added support for parsing SSH certificates in addition to
public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_s
sh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_s
sh_public_key` continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCe
rtificateBuilder`.
OBS-URL: https://build.opensuse.org/request/show/1074512
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=74
- update to 39.0.0:
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
minimum LibreSSL version is 3.5.0. Going forward our policy is to support
versions of LibreSSL that are available in versions of OpenBSD that are
still receiving security support.
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
``from_encoded_point`` methods on
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
which had been deprecated for several years.
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
should be used instead.
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
:class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
PKCS7 has been removed.
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will
change
the way we link OpenSSL. This will only impact users who build
``cryptography`` from source (i.e., not from a ``wheel``), and specify their
own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
variables will no longer be respected. Instead, users will need to
configure their builds `as documented here`_.
* Added support for disabling the legacy provider in OpenSSL 3.0.x
* Added support for disabling RSA key validation checks when loading RSA
keys via
~cryptography.hazmat.primitives.serialization.load_pem_private_key
OBS-URL: https://build.opensuse.org/request/show/1056761
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=70
- update to 38.0.1:
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
seen in large CRLs).
* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
latest ``pip`` to ensure this doesn't cause issues downloading wheels on
their platform. We now ship ``manylinux_2_28`` wheels for users on new
enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
Users with the latest ``pip`` will typically get a wheel and not need Rust
installed, but check :doc:`/installation` for documentation on installing a
newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
that the ``Extension`` ``critical`` field must be correctly encoded DER. See
`the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
details.
* Added two new OpenSSL functions to the bindings to support an upcoming
``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
:class:`~cryptography.x509.CertificateSigningRequest` values, it is now
enforced that the ``version`` value in the input must be valid according to
the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
other X.509 builders is deprecated and support will be removed in the next
version.
* Added additional APIs to
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
OBS-URL: https://build.opensuse.org/request/show/1007100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=67
- update to 37.0.2:
* Fixed an issue where parsing an encrypted private key with the public
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
than raising an error.
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
removed again in the future, so ``pyOpenSSL`` users should still upgrade
to the latest version of that package when they upgrade ``cryptography``.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
The new minimum LibreSSL version is 3.1+.
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
from the public key and private key classes. These methods were originally
deprecated in version 2.0, but had an extended deprecation timeline due
to usage. Any remaining users should transition to ``sign`` and ``verify``.
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
the OpenSSL project. The next release of ``cryptography`` will be the last
to support compiling with OpenSSL 1.1.0.
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
Python core team. Support for Python 3.6 will be removed in a future
``cryptography`` release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
In the next release we will raise MSRV to 1.48.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
OBS-URL: https://build.opensuse.org/request/show/978871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=64
- update to 36.0.0:
* FINAL DEPRECATION Support for verifier and signer on our asymmetric key
classes was deprecated in version 2.1. These functions had an extended
deprecation due to usage, however the next version of cryptography will
drop support. Users should migrate to sign and verify.
* The entire X.509 layer is now written in Rust. This allows alternate
asymmetric key implementations that can support cloud key management
services or hardware security modules provided they implement the necessary
interface (for example: EllipticCurvePrivateKey).
* Deprecated the backend argument for all functions.
* Added support for AESOCB3.
* Added support for iterating over arbitrary request attributes.
* Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
favor of get_attribute_for_oid() on the new Attributes object.
* Fixed handling of PEM files to allow loading when certificate and key are
in the same file.
* Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText.
* Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by RFC 5280 so a deprecation warning will be raised
whenever they are encountered. A future version of cryptography will drop
support for parsing them.
* Added support for parsing PKCS12 files with friendly names for all
certificates with load_pkcs12(), which will return an object of type
PKCS12KeyAndCertificates.
* rfc4514_string() and related methods now have an optional
attr_name_overrides parameter to supply custom OID to name mappings, which
can be used to match vendor-specific extensions.
* BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
address fields as E in rfc4514_string() methods from version 35.0.
* The previous behavior can be restored with:
OBS-URL: https://build.opensuse.org/request/show/934527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=57
- update to 3.3.0
- BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
due to low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
- BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
- BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
- Updated Windows, macOS, and manylinux wheels to be compiled
with OpenSSL 1.1.1i.
- Python 2 support is deprecated in cryptography. This is the
last release that will support Python 2.
- Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
- Remove unnecessary dependency virtualenv.
OBS-URL: https://build.opensuse.org/request/show/854279
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=52
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch
* Removed support for passing an Extension instance
to from_issuer_subject_key_identifier(), as per our deprecation policy.
* Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
* Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
OBS-URL: https://build.opensuse.org/request/show/823211
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=50
- update to 2.7
* BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
The CMAC and HMAC APIs have not changed, but they are no longer registered
as MACContext instances.
* Removed support for running our tests with setup.py test.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
* Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an Extension object.
- Simplify the test execution to be more understandable
OBS-URL: https://build.opensuse.org/request/show/707591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=47
- Update to 2.4.1:
* Dropped support for LibreSSL 2.4.x.
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
longer supported by the OpenSSL project. At this time there
is no time table for dropping support, however we strongly
encourage all users to upgrade or install cryptography from
a wheel.
* Added initial :doc:`OCSP </x509/ocsp>` support.
* Added support for cryptography.x509.PrecertPoison.
OBS-URL: https://build.opensuse.org/request/show/659254
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=43
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls
- Update to upstream release 2.2.1:
* Reverted a change to GeneralNames which prohibited having zero elements,
due to breakages.
* Fixed a bug in
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
* BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
* Resolved a bug in HKDF that incorrectly constrained output size.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
:meth:`~cryptography.fernet.MultiFernet.rotate`.
* Fixed a memory leak in
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for AES key wrapping with padding via
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
* Allow loading DSA keys with 224 bit q.
OBS-URL: https://build.opensuse.org/request/show/591618
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=38
oid sha256:66027fde33c455f0cb3d01f7daba90d0e8a87378f1b48bcc5cb23bc2fb9c98bb
size 2651262
oid sha256:bf99c9e48b00d21870a3579e7c84eb32889dee6c82848be97e0b2408091194a7
size 2652902
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
