Pycryptodome

+++++++++++++++++++++++

Resolved issues
---------------

* GH258: False positive on PSS signatures when externally provided salt is too long.
* Include type stub files for ``Crypto.IO`` and ``Crypto.Util``.

++++++++++++++++++++++++

Resolved issues
---------------

* GH242: Fixed compilation problem on ARM platforms.

++++++++++++++++++++++++

New features
------------

* Added type stubs to enable static type checking with mypy. Thanks to Michael Nix.
* New ``update_after_digest`` flag for CMAC.

Resolved issues
---------------

* GH232: Fixed problem with gcc 4.x when compiling ``ghash_clmul.c``.
* GH238: Incorrect digest value produced by CMAC after cloning the object.
* Method ``update()`` of an EAX cipher object was returning the underlying CMAC object,
instead of the EAX object itself.
* Method ``update()`` of a CMAC object was not throwing an exception after the digest
was computed (with ``digest()`` or ``verify()``).

+++++++++++++++++++++++

New features
------------

* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``,
``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package).
``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``)
where the result must be stored.
This requires less memory for very large payloads; it is also more efficient when
encrypting (or decrypting) several small payloads.

Resolved issues
---------------

* GH266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction.

Breaks in compatibility
-----------------------

* Drop support for Python 3.3.
* Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``.
* With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code.

++++++++++++++++++++++

Resolved issues
---------------

* GH198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).

++++++++++++++++++++++

Resolved issues
---------------

* GH187: Fixed incorrect AES encryption/decryption with AES acceleration on x86
due to gcc's optimization and strict aliasing rules.
* GH188: More prime number candidates than necessary where discarded as composite
due to the limited way D values were searched in the Lucas test.
* Fixed ResouceWarnings and DeprecationWarnings.
* Workaround for Python 3.7.0 bug on Windows (https://bugs.python.org/issue34108).