Pycryptodome

+++++++++++++++++++++++

New features
------------

* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* ``EccKey`` has new methods ``size_in_bits()`` and ``size_in_bytes()``.
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.

Resolved issues
---------------

* DER objects were not rejected if their length field had a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* ASN.1 Object IDs did not allow the value 0 in the path.

Breaks in compatibility
-----------------------

* ``point_at_infinity()`` becomes an instance method for ``Crypto.PublicKey.ECC.EccKey``, from a static one.

+++++++++++++++++++++++

Resolved issues
---------------

* GH258: False positive on PSS signatures when externally provided salt is too long.
* Include type stub files for ``Crypto.IO`` and ``Crypto.Util``.

++++++++++++++++++++++++

Resolved issues
---------------

* GH242: Fixed compilation problem on ARM platforms.

++++++++++++++++++++++++

New features
------------

* Added type stubs to enable static type checking with mypy. Thanks to Michael Nix.
* New ``update_after_digest`` flag for CMAC.

Resolved issues
---------------

* GH232: Fixed problem with gcc 4.x when compiling ``ghash_clmul.c``.
* GH238: Incorrect digest value produced by CMAC after cloning the object.
* Method ``update()`` of an EAX cipher object was returning the underlying CMAC object,
instead of the EAX object itself.
* Method ``update()`` of a CMAC object was not throwing an exception after the digest
was computed (with ``digest()`` or ``verify()``).

+++++++++++++++++++++++

New features
------------

* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``,
``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package).
``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``)
where the result must be stored.
This requires less memory for very large payloads; it is also more efficient when
encrypting (or decrypting) several small payloads.

Resolved issues
---------------

* GH266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction.

Breaks in compatibility
-----------------------

* Drop support for Python 3.3.
* Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``.
* With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code.

++++++++++++++++++++++

Resolved issues
---------------

* GH198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).