From paul.l.kehrer at gmail.com Mon Jan 22 20:41:31 2024 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Mon, 22 Jan 2024 19:41:31 -0600 Subject: [Cryptography-dev] PyCA cryptography 42.0.0 released Message-ID: PyCA cryptography 42.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and PyPy3 7.3.10+. Changelog (https://cryptography.io/en/latest/changelog/#v42-0-0): * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7. * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() will now raise a ValueError rather than return an empty list. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * We now publish both py37 and py39 abi3 wheels. This should resolve some errors relating to initializing a module multiple times per process. * Support PSS for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument rsa_padding on the sign methods for CertificateSigningRequestBuilder and CertificateRevocationListBuilder. * Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via signature_algorithm_parameters(). * Added support for obtaining X.509 certificate revocation list signature algorithm parameters (including PSS) via signature_algorithm_parameters(). * Added mgf property to PSS. * Added algorithm and mgf properties to OAEP. * Added the following properties that return timezone-aware datetime objects: not_valid_before_utc(), not_valid_after_utc(), revocation_date_utc(), next_update_utc(), last_update_utc(). These are timezone-aware variants of existing properties that return na?ve datetime objects. * Deprecated the following properties that return na?ve datetime objects: not_valid_before(), not_valid_after(), revocation_date(), next_update(), last_update() in favor of the new timezone-aware variants mentioned above. * Added support for ChaCha20 on LibreSSL. * Added support for RSA PSS signatures in PKCS7 with add_signer(). * In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0. * Added support for AESGCMSIV when using OpenSSL 3.2.0+. * Added the X.509 path validation APIs for Certificate chains. These APIs should be considered unstable and not subject to our stability guarantees until documented as such in a future release. * Added support for SM4 GCM when using OpenSSL 3.0 or greater. -Paul Kehrer (reaperhulk) From paul.l.kehrer at gmail.com Wed Jan 24 21:48:46 2024 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Wed, 24 Jan 2024 18:48:46 -0800 Subject: [Cryptography-dev] PyCA cryptography 42.0.1 released Message-ID: PyCA cryptography 42.0.1 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and PyPy3 7.3.10+. Changelog (https://cryptography.io/en/latest/changelog/#v42-0-1): * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey.sign. * Resolved compatibility issue with loading certain RSA public keys in load_pem_public_key. -Paul Kehrer (reaperhulk) From paul.l.kehrer at gmail.com Tue Jan 30 12:39:25 2024 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Tue, 30 Jan 2024 11:39:25 -0600 Subject: [Cryptography-dev] PyCA cryptography 42.0.2 released Message-ID: PyCA cryptography 42.0.2 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and PyPy3 7.3.10+. Changelog (https://cryptography.io/en/latest/changelog/#v42-0-2): * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey.exchange(), X25519PrivateKey.exchange(), X448PrivateKey.exchange(), and DHPrivateKey.exchange(). -Paul Kehrer (reaperhulk)