- update to 3.18.0:
* Added support for DER BOOLEAN encodings.
* The library now compiles on Windows ARM64. Thanks to Niyas
Sait.
* GH#722: ``nonce`` attribute was not correctly set for
XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
* GH#728: Workaround for a possible x86 emulator bug in Windows
for ARM64.
* GH#739: OID encoding for arc 2 didn't accept children larger
than 39. Thanks to James.
* Correctly check that the scalar matches the point when
importing an ECC private key.
OBS-URL: https://build.opensuse.org/request/show/1090246
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pycryptodome?expand=0&rev=25
* Added support for DER BOOLEAN encodings.
* The library now compiles on Windows ARM64. Thanks to Niyas
Sait.
* GH#722: ``nonce`` attribute was not correctly set for
XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
* GH#728: Workaround for a possible x86 emulator bug in Windows
for ARM64.
* GH#739: OID encoding for arc 2 didn't accept children larger
than 39. Thanks to James.
* Correctly check that the scalar matches the point when
importing an ECC private key.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=55
- Fix %%files to work with %pyproject_ style building.
- update to 3.17.0:
* Added support for the Counter Mode KDF defined in SP 800-108
Rev 1.
* Reduce the minimum tag length for the EAX cipher to 2 bytes.
* An RSA object has 4 new properties for the CRT coefficients:
``dp``, ``dq``, ``invq`` and ``invq`` (``invp`` is the same
value as the existing ``u``).
* GH#526: improved typing for ``RSA.construct``.
* GH#534: reduced memory consumption when using a large number
of cipher objects.
* GH#598: fixed missing error handling for
``Util.number.inverse``.
* GH#629: improved typing for ``AES.new`` and the various
mode-specific types it returns. Thanks to Greg Werbin.
* GH#653: added workaround for an alleged GCC compiler bug
that affected Ed25519 code compiled for AVX2.
* GH#658: attribute ``curve`` of an ECC key was not always
the preferred curve name, as it used to be in v3.15.0
(independently of the curve name specified when generating
the key).
* GH#637: fixed typing for legacy modules ``PKCS1_v1_5`` and
``PKCS1_PSS``, as their ``verify()`` returned a boolean.
* GH#664: with OCB mode, nonces of maximum length (15 bytes)
were actually used as 14 bytes nonces.
After this fix, data that was encrypted in past using the
(default) nonce length of 15 bytes can still be decrypted
by reducing the nonce to its first 14 bytes.
* GH#705: improved typing for ``nonce``, ``iv``, and ``IV``
parameters of cipher objects.
- update to 3.17.0:
* ++++++++++++++++++++++++++
* New features
* Added support for the Counter Mode KDF defined in SP 800-108
Rev 1.
* Reduce the minimum tag length for the EAX cipher to 2 bytes.
* An RSA object has 4 new properties for the CRT coefficients
* ``dp``, ``dq``, ``invq`` and ``invq`` (``invp`` is the same
value
* as the existing ``u``).
* Resolved issues
* GH#526: improved typing for ``RSA.construct``.
* GH#534: reduced memory consumption when using a large number
* of cipher objects.
* GH#598: fixed missing error handling for
``Util.number.inverse``.
* GH#629: improved typing for ``AES.new`` and the various
* mode-specific types it returns. Thanks to Greg Werbin.
* GH#653: added workaround for an alleged GCC compiler bug
* hat affected Ed25519 code compiled for AVX2.
* GH#658: attribute ``curve`` of an ECC key was not always
* he preferred curve name, as it used to be in v3.15.0
* independently of the curve name specified when generating
* he key).
* GH#637: fixed typing for legacy modules ``PKCS1_v1_5`` and
``PKCS1_PSS``,
* as their ``verify()`` returned a boolean.
* GH#664: with OCB mode, nonces of maximum length (15 bytes
* were actually used as 14 bytes nonces.
* After this fix, data that was encrypted in past using the
* default) nonce length of 15 bytes can still be decrypted
* by reducing the nonce to its first 14 bytes.
* GH#705: improved typing for ``nonce``, ``iv``, and ``IV``
parameters
* of cipher objects.
* Other changes
* Build PyPy wheels only for versions 3.8 and 3.9, and not for
3.7 anymore.
OBS-URL: https://build.opensuse.org/request/show/1085158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pycryptodome?expand=0&rev=24
* Added support for the Counter Mode KDF defined in SP 800-108
Rev 1.
* Reduce the minimum tag length for the EAX cipher to 2 bytes.
* An RSA object has 4 new properties for the CRT coefficients:
``dp``, ``dq``, ``invq`` and ``invq`` (``invp`` is the same
value as the existing ``u``).
* GH#526: improved typing for ``RSA.construct``.
* GH#534: reduced memory consumption when using a large number
of cipher objects.
* GH#598: fixed missing error handling for
``Util.number.inverse``.
* GH#629: improved typing for ``AES.new`` and the various
mode-specific types it returns. Thanks to Greg Werbin.
* GH#653: added workaround for an alleged GCC compiler bug
that affected Ed25519 code compiled for AVX2.
* GH#658: attribute ``curve`` of an ECC key was not always
the preferred curve name, as it used to be in v3.15.0
(independently of the curve name specified when generating
the key).
* GH#637: fixed typing for legacy modules ``PKCS1_v1_5`` and
``PKCS1_PSS``, as their ``verify()`` returned a boolean.
* GH#664: with OCB mode, nonces of maximum length (15 bytes)
were actually used as 14 bytes nonces.
After this fix, data that was encrypted in past using the
(default) nonce length of 15 bytes can still be decrypted
by reducing the nonce to its first 14 bytes.
* GH#705: improved typing for ``nonce``, ``iv``, and ``IV``
parameters of cipher objects.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=52
* GH#595: Fixed memory leak for GMP integers.
* Add support for curve NIST P-192.
* Add support for curve NIST P-224.
* GH#590: Fixed typing info for ``Crypto.PublicKey.ECC``.
* Relaxed ECDSA requirements for FIPS 186 signatures and accept any SHA-2 or
* SHA-3 hash. ``sign()`` and ``verify()`` will be performed even if the hash is stronger
than the ECC key.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=45
- update to 3.12.0:
* ECC keys in the SEC1 format can be exported and imported.
* Add support for KMAC128, KMAC256, TupleHash128, and TupleHash256 (NIST SP-800 185).
* Add support for KangarooTwelve.
* GH#563: An asymmetric key could not be imported as a ``memoryview``.
* GH#566: cSHAKE128/256 generated a wrong output for customization strings
* GH#582: CBC decryption generated the wrong plaintext when the input and the output were the same buffer.
OBS-URL: https://build.opensuse.org/request/show/939588
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pycryptodome?expand=0&rev=19
* ECC keys in the SEC1 format can be exported and imported.
* Add support for KMAC128, KMAC256, TupleHash128, and TupleHash256 (NIST SP-800 185).
* Add support for KangarooTwelve.
* GH#563: An asymmetric key could not be imported as a ``memoryview``.
* GH#566: cSHAKE128/256 generated a wrong output for customization strings
* GH#582: CBC decryption generated the wrong plaintext when the input and the output were the same buffer.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=44
- update to 3.11.0:
* GH#512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was
occasionally generating primes larger than given the bit size.
* GH#552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``.
* GH#555: ``decrypt()`` method of a PKCS#1v1.5 cipher returned a ``bytearray`` instead of ``bytes``.
* GH#557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime.
This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``.
* Added cSHAKE128 and cSHAKE256 (of SHA-3 family).
* GH#558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by
`address sanitizers <https://github.com/google/sanitizers/issues/611>`_.
It is now possible to set the environment variable ``PYCRYPTDOME_DISABLE_DEEPBIND``
to drop that flag and allow security testing.
OBS-URL: https://build.opensuse.org/request/show/925769
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pycryptodome?expand=0&rev=18
* GH#512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was
occasionally generating primes larger than given the bit size.
* GH#552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``.
* GH#555: ``decrypt()`` method of a PKCS#1v1.5 cipher returned a ``bytearray`` instead of ``bytes``.
* GH#557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime.
This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``.
* Added cSHAKE128 and cSHAKE256 (of SHA-3 family).
* GH#558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by
`address sanitizers <https://github.com/google/sanitizers/issues/611>`_.
It is now possible to set the environment variable ``PYCRYPTDOME_DISABLE_DEEPBIND``
to drop that flag and allow security testing.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=43
* Fixed a potential memory leak when initializing block ciphers.
* GH#466: ``Crypto.Math.miller_rabin_test()`` was still using the system random
source and not the one provided as parameter.
* GH#469: RSA objects have the method ``public_key()`` like ECC objects.
The old method ``publickey()`` is still available for backward compatibility.
* GH#476: ``Crypto.Util.Padding.unpad()`` was raising an incorrect exception
in case of zero-length inputs. Thanks to Captainowie.
* GH#491: better exception message when ``Counter.new()`` is called with an integer
``initial_value`` than doesn't fit into ``nbits`` bits.
* GH#496: added missing ``block_size`` member for ECB cipher objects. Thanks to willem.
* GH#500: ``nonce`` member of an XChaCha20 cipher object was not matching the original nonce.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=41
* GH#426: The Shamir's secret sharing implementation is not actually compatible with ``ssss``.
Added an optional parameter to enable interoperability.
* GH#427: Skip altogether loading of ``gmp.dll`` on Windows.
* GH#420: Fix incorrect CFB decryption when the input and the output are the same buffer.
* Speed up Shamir's secret sharing routines. Thanks to ncarve.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=37
- Update to 3.9.7
* Align stack of functions using SSE2 intrinsics to avoid crashes,
when compiled with gcc on 32-bit x86 platforms.
* Prevent key_to_english from creating invalid data when fed with
keys of length not multiple of 8.
* Fix blocking RSA signing/decryption when key has very small factor.
* fixed memory leak for operations that use memoryviews when cffi
is not installed.
* RSA OAEP decryption was not verifying that all PS bytes are zero.
* Fixed wrong ASN.1 OID for HMAC-SHA512 in PBE2.
OBS-URL: https://build.opensuse.org/request/show/786474
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=35
- Update to 3.9.2 (10 November 2019):
+ New features
* Add Python 3.8 wheels for Mac.
+ Resolved issues
* GH#308: Avoid allocating arrays of __m128i on the stack, to
cope with buggy compilers.
* GH#322: Remove blanket -O3 optimization for gcc and clang, to
cope with buggy compilers.
* GH#337: Fix typing stubs for signatures.
* GH#338: Deal with gcc installations that don't have
x86intrin.h.
- Update to version 3.9.1 (1 November 2019):
+ New features
* Add Python 3.8 wheels for Linux and Windows.
+ Resolved issues
* GH#328: minor speed-up when importing RSA.
- Add export LC_ALL=en_US.UTF-8 to %build, %install and %check to
fix the build on older distros
(as done from Thomas Bechtold in python-pycryptodomex)
- fix tarball: use the one from PyPI...
OBS-URL: https://build.opensuse.org/request/show/747244
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=33
* Add support for loading PEM files encrypted with AES256-CBC.
* Add support for XChaCha20 and XChaCha20-Poly1305 ciphers.
* Add support for bcrypt key derivation function (Crypto.Protocol.KDF.bcrypt).
* Add support for left multiplication of an EC point by a scalar.
* Add support for importing ECC and RSA keys in the new OpenSSH format.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=31
- Update to 3.8.1
* Add support for loading PEM files encrypted with AES192-CBC,
AES256-CBC, and AES256-GCM.
* When importing ECC keys, ignore EC PARAMS section that was
included by some openssl commands.
* repr() did not work for ECC.EccKey.
* Minimal length for Blowfish cipher is 32 bits, not 40 bits.
3.8.0
* Speed-up ECC performance. ECDSA is 33 times faster on the
NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* EccKey has new methods size_in_bits() and size_in_bytes().
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512
in PBE2/PBKDF2.
* DER objects were not rejected if their length field had
a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* point_at_infinity() becomes an instance method for
Crypto.PublicKey.ECC.EccKey, from a static one.
3.7.3
* GH#258: False positive on PSS signatures when externally
provided salt is too long.
OBS-URL: https://build.opensuse.org/request/show/702852
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=24
- Update to 3.7.2
- Resolved issues
* GH#242: Fixed compilation problem on ARM platforms.
- Update to 3.7.1
- New features
* Added type stubs to enable static type checking with mypy.
Thanks to Michael Nix.
* New ``update_after_digest`` flag for CMAC.
- Resolved issues
* GH#232: Fixed problem with gcc 4.x when compiling
``ghash_clmul.c``.
* GH#238: Incorrect digest value produced by CMAC after cloning
the object.
* Method ``update()`` of an EAX cipher object was returning the
underlying CMAC object, instead of the EAX object itself.
* Method ``update()`` of a CMAC object was not throwing an
exception after the digest was computed (with ``digest()`` or
``verify()``).
- checked in python-pycrytodomex as separate package on request of
Dirk Müller
- fixed source url
- Update to 3.7.0
- New features
* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers
for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter output for Crypto.Util.strxor.strxor,
OBS-URL: https://build.opensuse.org/request/show/660002
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pycryptodome?expand=0&rev=7
- Update to 3.7.2
- Resolved issues
* GH#242: Fixed compilation problem on ARM platforms.
- Update to 3.7.1
- New features
* Added type stubs to enable static type checking with mypy.
Thanks to Michael Nix.
* New ``update_after_digest`` flag for CMAC.
- Resolved issues
* GH#232: Fixed problem with gcc 4.x when compiling
``ghash_clmul.c``.
* GH#238: Incorrect digest value produced by CMAC after cloning
the object.
* Method ``update()`` of an EAX cipher object was returning the
underlying CMAC object, instead of the EAX object itself.
* Method ``update()`` of a CMAC object was not throwing an
exception after the digest was computed (with ``digest()`` or
``verify()``).
- checked in python-pycrytodomex as separate package on request of
Dirk Müller
- fixed source url
- Update to 3.7.0
- New features
* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers
for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter output for Crypto.Util.strxor.strxor,
OBS-URL: https://build.opensuse.org/request/show/652657
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=19
- Update to 3.6.6
- Resolved issues:
* Fix vulnerability on AESNI ECB with payloads smaller than
16 bytes.
- Update to 3.5.5
- Resolved issues
* Fixed incorrect AES encryption/decryption with AES
acceleration on x86 due to gcc’s optimization and strict
aliasing rules.
* More prime number candidates than necessary where discarded
as composite due to the limited way D values were searched
in the Lucas test.
* Fixed ResouceWarnings and DeprecationWarnings.
- Update to 3.5.4
- New features:
* Build Python 3.7 wheels on Linux, Windows and Mac.
- Resolved issues:
* More meaningful exceptions in case of mismatch in IV length
(CBC/OFB/CFB modes).
- version 3.6.6
OBS-URL: https://build.opensuse.org/request/show/633280
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=14
- Update to 3.6.3 (21 June 2018)
- Resolved issues
* GH#175: Fixed incorrect results for CTR encryption/decryption
with more than 8 blocks.
- Update to 3.6.2 (19 June 2018)
- New features
* ChaCha20 accepts 96 bit nonces (in addition to 64 bit nonces)
as defined in RFC7539.
* Accelerate AES-GCM on x86 using PCLMULQDQ instruction.
* Accelerate AES-ECB and AES-CTR on x86 by pipelining AESNI
instructions.
* As result of the two improvements above, on x86 (Broadwell):
- AES-ECB and AES-CTR are 3x faster
- AES-GCM is 9x faster
- Resolved issues
* On Windows, MPIR library was stilled pulled in if renamed to
``gmp.dll``.
- Breaks in compatibility
* In ``Crypto.Util.number``, functions ``floor_div`` and
``exact_div`` have been removed. Also, ``ceil_div`` is limited
to non-negative terms only.
- suggesting libgmp10 and python-cffi
- add license file tag
- version 3.6.3: new build derived from python-pycryptodome 3.6.3
OBS-URL: https://build.opensuse.org/request/show/620465
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pycryptodome?expand=0&rev=12
