Changes:
3.8.1 (4 April 2019)
+++++++++++++++++++++++
New features
------------
* Add support for loading PEM files encrypted with AES192-CBC, AES256-CBC, and AES256-GCM.
* When importing ECC keys, ignore EC PARAMS section that was included by some openssl commands.
Resolved issues
---------------
* repr() did not work for ``ECC.EccKey``.
* Fix installation in development mode.
* Minimal length for Blowfish cipher is 32 bits, not 40 bits.
* Various updates to docs.
3.8.0 (23 March 2019)
+++++++++++++++++++++++
New features
------------
* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* ``EccKey`` has new methods ``size_in_bits()`` and ``size_in_bytes()``.
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.
Resolved issues
---------------
* DER objects were not rejected if their length field had a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* ASN.1 Object IDs did not allow the value 0 in the path.
Breaks in compatibility
-----------------------
* ``point_at_infinity()`` becomes an instance method for ``Crypto.PublicKey.ECC.EccKey``, from a static one.
3.7.3 (19 January 2019)
+++++++++++++++++++++++
Resolved issues
---------------
* GH#258: False positive on PSS signatures when externally provided salt is too long.
* Include type stub files for ``Crypto.IO`` and ``Crypto.Util``.
3.7.2 (26 November 2018)
++++++++++++++++++++++++
Resolved issues
---------------
* GH#242: Fixed compilation problem on ARM platforms.
3.7.1 (25 November 2018)
++++++++++++++++++++++++
New features
------------
* Added type stubs to enable static type checking with mypy. Thanks to Michael Nix.
* New ``update_after_digest`` flag for CMAC.
Resolved issues
---------------
* GH#232: Fixed problem with gcc 4.x when compiling ``ghash_clmul.c``.
* GH#238: Incorrect digest value produced by CMAC after cloning the object.
* Method ``update()`` of an EAX cipher object was returning the underlying CMAC object,
instead of the EAX object itself.
* Method ``update()`` of a CMAC object was not throwing an exception after the digest
was computed (with ``digest()`` or ``verify()``).
3.7.0 (27 October 2018)
+++++++++++++++++++++++
New features
------------
* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``,
``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package).
``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``)
where the result must be stored.
This requires less memory for very large payloads; it is also more efficient when
encrypting (or decrypting) several small payloads.
Resolved issues
---------------
* GH#266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction.
Breaks in compatibility
-----------------------
* Drop support for Python 3.3.
* Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``.
* With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code.
3.6.6 (17 August 2018)
++++++++++++++++++++++
Resolved issues
---------------
* GH#198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).
3.6.5 (12 August 2018)
++++++++++++++++++++++
Resolved issues
---------------
* GH#187: Fixed incorrect AES encryption/decryption with AES acceleration on x86
due to gcc's optimization and strict aliasing rules.
* GH#188: More prime number candidates than necessary where discarded as composite
due to the limited way D values were searched in the Lucas test.
* Fixed ResouceWarnings and DeprecationWarnings.
* Workaround for Python 3.7.0 bug on Windows (https://bugs.python.org/issue34108).
b5e225c849