From paul.l.kehrer at gmail.com Tue Apr 26 11:25:44 2022 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Tue, 26 Apr 2022 10:25:44 -0500 Subject: [Cryptography-dev] PyCA cryptography 37.0.0 released Message-ID: PyCA cryptography 37.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.6+, and PyPy3. Changelog (https://cryptography.io/en/latest/changelog/#v37-0-0): * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. * Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography. * Added limited support for distinguished names containing a bit string. * We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition. * This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream. * Added support for multiple OCSPSingleResponse in a OCSPResponse. * Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms. * TripleDES is disabled in FIPS mode. * Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates() * Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit). * Added support for AESSIV when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates. * Added support for parsing RFC 4514 strings with from_rfc4514_string(). * Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known. * Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm. * Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. -Paul Kehrer (reaperhulk) From paul.l.kehrer at gmail.com Wed Apr 27 18:50:24 2022 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Wed, 27 Apr 2022 17:50:24 -0500 Subject: [Cryptography-dev] PyCA cryptography 37.0.1 released Message-ID: PyCA cryptography 37.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.6+, and PyPy3. Changelog (https://cryptography.io/en/latest/changelog/#v37-0-1): * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography. -Paul Kehrer (reaperhulk)