Pycryptodome

++++++++++++++++++++++++++

New features
---------------
* By setting the PYCRYPTODOME_DISABLE_GMP environment variable,
the GMP library will not be used even if detected.
* Add support for Curve25519 / X25519.
* Add support for Curve448 / X448.
* Add attribute ``curve`` to EccPoint and EccXPoint classes,
with the canonical name of the curve.
* GH781: the label for the SP800_108_Counter KDF may now
contain zero bytes. Thanks to Julien Rische.
* GH814: RSA keys for PSS can be imported.

Resolved issues
---------------
* GH810: fixed negation of Ed25519 points.
* GH819: accept an RFC5916 ECPrivateKey even if it doesn't
contain any of the optional elements
(parameters [0] and publicKey[1]).

Other changes
-------------
* Remove support for Python 3.5.

++++++++++++++++++++++++++

New features
---------------
* Added support for TurboSHAKE128 and TurboSHAKE256.
* Added method ``Crypto.Hash.new()`` to generate a hash
object given a hash name.
* Added support for AES-GCM encryption of PBES2 and PKCS8
containers.
* Added support for SHA-2 and SHA-3 algorithms in PBKDF2
when creating PBES2 and PKCS8 containers.
* Export of RSA keys accepts the ``prot_params`` dictionary
as parameter to control the number of iterations for PBKDF2
and scrypt.
* C unit tests also run on non-x86 architectures.

Resolved issues
---------------
* GH787: Fixed autodetect logic for GCC 14 in combination with LTO.

++++++++++++++++++++++++++

Resolved issues
---------------
* Fixed a side-channel leakage with OAEP decryption that could be
exploited to carry out a Manger attack (CVE-2023-52323). Thanks to Hubert Kario.

++++++++++++++++++++++++++

New features
---------------
* The ``update()`` methods of TupleHash128 and TupleHash256 objects
can now hash multiple items (byte strings) at once.
Thanks to Sylvain Pelissier.
* Added support for ECDH, with ``Crypto.Protocol.DH``.

Resolved issues
---------------
* GH754: due to a bug in ``cffi``, do not use it on Windows with Python 3.12+.

++++++++++++++++++++++++++

New features
---------------
* Added support for DER BOOLEAN encodings.
* The library now compiles on Windows ARM64. Thanks to Niyas Sait.

Resolved issues
---------------
* GH722: ``nonce`` attribute was not correctly set for XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
* GH728: Workaround for a possible x86 emulator bug in Windows for ARM64.
* GH739: OID encoding for arc 2 didn't accept children larger than 39. Thanks to James.
* Correctly check that the scalar matches the point when importing an ECC private key.

++++++++++++++++++++++++++

New features
---------------
* Added support for the Counter Mode KDF defined in SP 800-108 Rev 1.
* Reduce the minimum tag length for the EAX cipher to 2 bytes.
* An RSA object has 4 new properties for the CRT coefficients:
``dp``, ``dq``, ``invq`` and ``invq`` (``invp`` is the same value
as the existing ``u``).

Resolved issues
---------------
* GH526: improved typing for ``RSA.construct``.
* GH534: reduced memory consumption when using a large number
of cipher objects.
* GH598: fixed missing error handling for ``Util.number.inverse``.
* GH629: improved typing for ``AES.new`` and the various
mode-specific types it returns. Thanks to Greg Werbin.
* GH653: added workaround for an alleged GCC compiler bug
that affected Ed25519 code compiled for AVX2.
* GH658: attribute ``curve`` of an ECC key was not always
the preferred curve name, as it used to be in v3.15.0
(independently of the curve name specified when generating
the key).
* GH637: fixed typing for legacy modules ``PKCS1_v1_5`` and ``PKCS1_PSS``,
as their ``verify()`` returned a boolean.
* GH664: with OCB mode, nonces of maximum length (15 bytes)
were actually used as 14 bytes nonces.
After this fix, data that was encrypted in past using the
(default) nonce length of 15 bytes can still be decrypted
by reducing the nonce to its first 14 bytes.
* GH705: improved typing for ``nonce``, ``iv``, and ``IV`` parameters
of cipher objects.

Other changes
-------------
* Build PyPy wheels only for versions 3.8 and 3.9, and not for 3.7 anymore.