Pycryptodome

++++++++++++++++++++++++++

Resolved issues
---------------
* GH512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was
occasionally generating primes larger than given the bit size. Thanks to Koki Takahashi.
* GH552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``.
* GH555: ``decrypt()`` method of a PKCS1v1.5 cipher returned a ``bytearray`` instead of ``bytes``.
* GH557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime.
This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``.
Thanks to Koki Takahashi.

New features
------------
* Added cSHAKE128 and cSHAKE256 (of SHA-3 family). Thanks to Michael Schaffner.
* GH558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by
`address sanitizers <https://github.com/google/sanitizers/issues/611>`_.
It is now possible to set the environment variable ``PYCRYPTDOME_DISABLE_DEEPBIND``
to drop that flag and allow security testing.

++++++++++++++++++++++++++

Resolved issues
---------------
* Output of ``Crypto.Util.number.long_to_bytes()`` was not always a multiple of ``blocksize``.

++++++++++++++++++++++++++

Resolved issues
---------------
* GH376: Fixed symbol conflict between different versions of ``libgmp``.
* GH481: Improved robustness of PKCS1v1.5 decryption against timing attacks.
* GH506 and GH509: Fixed segmentation faults on Apple M1 and other Aarch64 SoCs,
when the GMP library was accessed via ``ctypes``. Do not use GMP's own sscanf
and snprintf routines: instead, use simpler conversion routines.
* GH510: Workaround for ``cffi`` calling ``ctypes.util.find_library()``, which
invokes ``gcc`` and ``ld`` on Linux, considerably slowing down all imports.
On certain configurations, that may also leave temporary files behind.
* GH517: Fix RSAES-OAEP, as it didn't always fail when zero padding was incorrect.

New features
------------
* Added support for SHA-3 hash functions to HMAC.

Other changes
-------------
* The Windows wheels of Python 2.7 now require the VS2015 runtime to be installed in the system,
because Microsoft stopped distributing the VS2008 compiler in April 2021.
VS2008 was used to compile the Python 2.7 extensions.

++++++++++++++++++++++++

Other changes
-------------
* Python 3 wheels use ``abi3`` ABI tag.
* Remove Appveyor CI.

++++++++++++++++++++++++

Resolved issues
---------------
* Fixed a potential memory leak when initializing block ciphers.
* GH466: ``Crypto.Math.miller_rabin_test()`` was still using the system random
source and not the one provided as parameter.
* GH469: RSA objects have the method ``public_key()`` like ECC objects.
The old method ``publickey()`` is still available for backward compatibility.
* GH476: ``Crypto.Util.Padding.unpad()`` was raising an incorrect exception
in case of zero-length inputs. Thanks to Captainowie.
* GH491: better exception message when ``Counter.new()`` is called with an integer
``initial_value`` than doesn't fit into ``nbits`` bits.
* GH496: added missing ``block_size`` member for ECB cipher objects. Thanks to willem.
* GH500: ``nonce`` member of an XChaCha20 cipher object was not matching the original nonce.
Thanks to Charles Machalow.

Other changes
-------------
* The bulk of the test vectors have been moved to the separate
package ``pycryptodome-test-vectors``. As result, packages ``pycryptodome`` and
``pycryptodomex`` become significantly smaller (from 14MB to 3MB).
* Moved CI tests and build service from Travis CI to GitHub Actions.

Breaks in compatibility
-----------------------
* Drop support for Python 2.6 and 3.4.

+++++++++++++++++++++++

Resolved issues
---------------
* GH435: Fixed ``Crypto.Util.number.size`` for negative numbers.

New features
------------
* Build Python 3.9 wheels on Windows.