Update pycryptodome to 3.21.0

[pyup-bot]

This PR updates pycryptodome from 3.9.9 to 3.21.0.

Changelog

### 3.21.0 ``` ++++++++++++++++++++++++++ New features --------------- * By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected. * Add support for Curve25519 / X25519. * Add support for Curve448 / X448. * Add attribute ``curve`` to EccPoint and EccXPoint classes, with the canonical name of the curve. * GH781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische. * GH814: RSA keys for PSS can be imported. Resolved issues --------------- * GH810: fixed negation of Ed25519 points. * GH819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]). Other changes ------------- * Remove support for Python 3.5. ``` ### 3.20.0 ``` ++++++++++++++++++++++++++ New features --------------- * Added support for TurboSHAKE128 and TurboSHAKE256. * Added method ``Crypto.Hash.new()`` to generate a hash object given a hash name. * Added support for AES-GCM encryption of PBES2 and PKCS8 containers. * Added support for SHA-2 and SHA-3 algorithms in PBKDF2 when creating PBES2 and PKCS8 containers. * Export of RSA keys accepts the ``prot_params`` dictionary as parameter to control the number of iterations for PBKDF2 and scrypt. * C unit tests also run on non-x86 architectures. Resolved issues --------------- * GH787: Fixed autodetect logic for GCC 14 in combination with LTO. ``` ### 3.19.1 ``` ++++++++++++++++++++++++++ Resolved issues --------------- * Fixed a side-channel leakage with OAEP decryption that could be exploited to carry out a Manger attack (CVE-2023-52323). Thanks to Hubert Kario. ``` ### 3.19.0 ``` ++++++++++++++++++++++++++ New features --------------- * The ``update()`` methods of TupleHash128 and TupleHash256 objects can now hash multiple items (byte strings) at once. Thanks to Sylvain Pelissier. * Added support for ECDH, with ``Crypto.Protocol.DH``. Resolved issues --------------- * GH754: due to a bug in ``cffi``, do not use it on Windows with Python 3.12+. ``` ### 3.18.0 ``` ++++++++++++++++++++++++++ New features --------------- * Added support for DER BOOLEAN encodings. * The library now compiles on Windows ARM64. Thanks to Niyas Sait. Resolved issues --------------- * GH722: ``nonce`` attribute was not correctly set for XChaCha20_Poly1305 ciphers. Thanks to Liam Haber. * GH728: Workaround for a possible x86 emulator bug in Windows for ARM64. * GH739: OID encoding for arc 2 didn't accept children larger than 39. Thanks to James. * Correctly check that the scalar matches the point when importing an ECC private key. ``` ### 3.17.0 ``` ++++++++++++++++++++++++++ New features --------------- * Added support for the Counter Mode KDF defined in SP 800-108 Rev 1. * Reduce the minimum tag length for the EAX cipher to 2 bytes. * An RSA object has 4 new properties for the CRT coefficients: ``dp``, ``dq``, ``invq`` and ``invq`` (``invp`` is the same value as the existing ``u``). Resolved issues --------------- * GH526: improved typing for ``RSA.construct``. * GH534: reduced memory consumption when using a large number of cipher objects. * GH598: fixed missing error handling for ``Util.number.inverse``. * GH629: improved typing for ``AES.new`` and the various mode-specific types it returns. Thanks to Greg Werbin. * GH653: added workaround for an alleged GCC compiler bug that affected Ed25519 code compiled for AVX2. * GH658: attribute ``curve`` of an ECC key was not always the preferred curve name, as it used to be in v3.15.0 (independently of the curve name specified when generating the key). * GH637: fixed typing for legacy modules ``PKCS1_v1_5`` and ``PKCS1_PSS``, as their ``verify()`` returned a boolean. * GH664: with OCB mode, nonces of maximum length (15 bytes) were actually used as 14 bytes nonces. After this fix, data that was encrypted in past using the (default) nonce length of 15 bytes can still be decrypted by reducing the nonce to its first 14 bytes. * GH705: improved typing for ``nonce``, ``iv``, and ``IV`` parameters of cipher objects. Other changes ------------- * Build PyPy wheels only for versions 3.8 and 3.9, and not for 3.7 anymore. ``` ### 3.16.0 ``` ++++++++++++++++++++++++++ New features ------------ * Build wheels for musl Linux. Thanks to Ben Raz. Resolved issues --------------- * GH639: ARC4 now also works with 'keys' as short as 8 bits. * GH669: fix segfaults when running in a manylinux2010 i686 image. ``` ### 3.15.0 ``` ++++++++++++++++++++++++++ New features ------------ * Add support for curves Ed25519 and Ed448, including export and import of keys. * Add support for EdDSA signatures. * Add support for Asymmetric Key Packages (RFC5958) to import private keys. Resolved issues --------------- * GH620: for ``Crypto.Util.number.getPrime`` , do not sequentially scan numbers searching for a prime. ``` ### 3.14.1 ``` ++++++++++++++++++++++++++ Resolved issues --------------- * GH595: Fixed memory leak for GMP integers. Thanks to Witalij Siebert and Pablo Quílez. ``` ### 3.14.0 ``` ++++++++++++++++++++++++++ New features ------------ * Add support for curve NIST P-192. ``` ### 3.13.0 ``` ++++++++++++++++++++++++++ New features ------------ * Add support for curve NIST P-224. Resolved issues --------------- * GH590: Fixed typing info for ``Crypto.PublicKey.ECC``. Other changes ------------- * Relaxed ECDSA requirements for FIPS 186 signatures and accept any SHA-2 or SHA-3 hash. ``sign()`` and ``verify()`` will be performed even if the hash is stronger than the ECC key. ``` ### 3.12.0 ``` ++++++++++++++++++++++++++ New features ------------ * ECC keys in the SEC1 format can be exported and imported. * Add support for KMAC128, KMAC256, TupleHash128, and TupleHash256 (NIST SP-800 185). * Add support for KangarooTwelve. Resolved issues --------------- * GH563: An asymmetric key could not be imported as a ``memoryview``. * GH566: cSHAKE128/256 generated a wrong output for customization strings longer than 255 bytes. * GH582: CBC decryption generated the wrong plaintext when the input and the output were the same buffer. Thanks to Michael K. Ashburn. ``` ### 3.11.0 ``` ++++++++++++++++++++++++++ Resolved issues --------------- * GH512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was occasionally generating primes larger than given the bit size. Thanks to Koki Takahashi. * GH552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``. * GH555: ``decrypt()`` method of a PKCS1v1.5 cipher returned a ``bytearray`` instead of ``bytes``. * GH557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime. This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``. Thanks to Koki Takahashi. New features ------------ * Added cSHAKE128 and cSHAKE256 (of SHA-3 family). Thanks to Michael Schaffner. * GH558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by `address sanitizers <https://github.com/google/sanitizers/issues/611>`_. It is now possible to set the environment variable ``PYCRYPTDOME_DISABLE_DEEPBIND`` to drop that flag and allow security testing. ``` ### 3.10.4 ``` ++++++++++++++++++++++++++ Resolved issues --------------- * Output of ``Crypto.Util.number.long_to_bytes()`` was not always a multiple of ``blocksize``. ``` ### 3.10.3 ``` ++++++++++++++++++++++++++ Resolved issues --------------- * GH376: Fixed symbol conflict between different versions of ``libgmp``. * GH481: Improved robustness of PKCS1v1.5 decryption against timing attacks. * GH506 and GH509: Fixed segmentation faults on Apple M1 and other Aarch64 SoCs, when the GMP library was accessed via ``ctypes``. Do not use GMP's own sscanf and snprintf routines: instead, use simpler conversion routines. * GH510: Workaround for ``cffi`` calling ``ctypes.util.find_library()``, which invokes ``gcc`` and ``ld`` on Linux, considerably slowing down all imports. On certain configurations, that may also leave temporary files behind. * GH517: Fix RSAES-OAEP, as it didn't always fail when zero padding was incorrect. New features ------------ * Added support for SHA-3 hash functions to HMAC. Other changes ------------- * The Windows wheels of Python 2.7 now require the VS2015 runtime to be installed in the system, because Microsoft stopped distributing the VS2008 compiler in April 2021. VS2008 was used to compile the Python 2.7 extensions. ``` ### 3.10.1 ``` ++++++++++++++++++++++++ Other changes ------------- * Python 3 wheels use ``abi3`` ABI tag. * Remove Appveyor CI. ``` ### 3.10.0 ``` ++++++++++++++++++++++++ Resolved issues --------------- * Fixed a potential memory leak when initializing block ciphers. * GH466: ``Crypto.Math.miller_rabin_test()`` was still using the system random source and not the one provided as parameter. * GH469: RSA objects have the method ``public_key()`` like ECC objects. The old method ``publickey()`` is still available for backward compatibility. * GH476: ``Crypto.Util.Padding.unpad()`` was raising an incorrect exception in case of zero-length inputs. Thanks to Captainowie. * GH491: better exception message when ``Counter.new()`` is called with an integer ``initial_value`` than doesn't fit into ``nbits`` bits. * GH496: added missing ``block_size`` member for ECB cipher objects. Thanks to willem. * GH500: ``nonce`` member of an XChaCha20 cipher object was not matching the original nonce. Thanks to Charles Machalow. Other changes ------------- * The bulk of the test vectors have been moved to the separate package ``pycryptodome-test-vectors``. As result, packages ``pycryptodome`` and ``pycryptodomex`` become significantly smaller (from 14MB to 3MB). * Moved CI tests and build service from Travis CI to GitHub Actions. Breaks in compatibility ----------------------- * Drop support for Python 2.6 and 3.4. ```

Links

- PyPI: https://pypi.org/project/pycryptodome - Changelog: https://data.safetycli.com/changelogs/pycryptodome/ - Homepage: https://www.pycryptodome.org