Commits on Feb 22, 2014
  1. Fix tools/ building Python on Linux 3.x or later (sy…

    dlitz committed Feb 22, 2014
    …s.platform should be "linux2", not "linux3")
  2. Regenerate autoconf files

    dlitz committed Feb 22, 2014
  3. Clean up AESNI aligned malloc() wrappers

    dlitz committed Feb 22, 2014
    - Set errno properly when using posix_memalign
    - Rename to aligned_malloc_wrapper / aligned_free_wrapper
    - Use a single set of #if blocks, to avoid the possibility of
      mismatching them.
  4. Fix handle_fastmath_import_error (broken due to incorrect path in the…

    dlitz committed Feb 22, 2014
    … previous commit)
    Tested on py21-py33 by force-uninstalling libgmp10 after building.
  5. Refactor 3 places handling fastmath ImportError

    msabramo committed with dlitz Nov 11, 2013
    so that they call `Crypto.SelfTest.st_common.handle_fastmath_import_error`,
    thereby eliminiating duplicate code.
  6. Use different method for getting ext_suffix

    msabramo committed with dlitz Nov 11, 2013
    ext_suffix = get_config_var("EXT_SUFFIX") or get_config_var("SO")
    because `get_config_var("SO")` returns None in Python 3.4.0a4 because the "SO"
    variable is deprecated and "EXT_SUFFIX" is the new way to get this information
    This fixes `TypeError: Can't convert 'NoneType' object to str implicitly`
    errors when running the tests on Python 3.4.0a4.
  7. Prefer C11's aligned_alloc if it is available

    sebastinas committed Feb 22, 2014
    Signed-off-by: Sebastian Ramacher <>
  8. Check return value of posix_memalign

    sebastinas committed Feb 22, 2014
    Signed-off-by: Sebastian Ramacher <>
  9. Add wrapper for free

    sebastinas committed Feb 22, 2014
    For _aligned_malloc calling free is illegal. We need to use_aligned_free
    Signed-off-by: Sebastian Ramacher <>
  10. Fix typo in error string

    dlitz committed Feb 22, 2014
  11. Fixed sentence in CCM example

    Legrandin committed with dlitz Dec 17, 2013
  12. Throw exception when IV is used with ECB or CTR

    Legrandin committed with dlitz Dec 22, 2013
    The IV parameter is currently ignored when initializing
    a cipher in ECB or CTR mode.
    For CTR mode, it is confusing: it takes some time to see
    that a different parameter is needed (the counter).
    For ECB mode, it is outright dangerous.
    This patch forces an exception to be raised.
Commits on Dec 24, 2013
  1. Sign the hash in the the PKCS1_PSS doctest, not the key

    wking committed Dec 24, 2013
    As it stood before this commit, the hash was never used in the signing
    process.  It looks like the bug was introduced by e053629 (Restructure
    both PKCS#1 signature schemes as objects, 2011-10-16), which changed:
    -    >>> signature = PKCS1_PSS.sign(h, key)
    +    >>> signer =
    +    >>> signature = PKCS1_PSS.sign(key)
Commits on Oct 28, 2013
  1. Add a wrapper for posix_memalign and friends

    sebastinas committed Oct 28, 2013
    This also fixes the order of arguments passed to _aligned_malloc.
    Signed-off-by: Sebastian Ramacher <>
  2. Make sure that ek and dk are aligned at 16 byte boundaries

    sebastinas committed Oct 28, 2013
    ek and dk are used as operands in instructions that require 16 byte alignment.
    Thanks to Greg Price for finding this issue.
    Signed-off-by: Sebastian Ramacher <>
  3. Add block_finalize to clean up block_state from ALGdealloc

    sebastinas committed Oct 28, 2013
    This is the counterpart to block_init which is called from ALGnew.
    Signed-off-by: Sebastian Ramacher <>
  4. Be more consistent with spaces and tabs

    sebastinas committed Oct 28, 2013
    Signed-off-by: Sebastian Ramacher <>
Commits on Oct 21, 2013
  1. Release v2.7a1

    dlitz committed Oct 21, 2013
  2. Update ChangeLog

    dlitz committed Oct 21, 2013
  3. hexverify: Fix handling unicode strings on Python 3.2

    dlitz committed Sep 30, 2013
    We were getting this error on Python 3.2:
        ERROR: runTest (Crypto.SelfTest.Hash.common.MACSelfTest)
        CMAC #17: NIST SP 800 38B D.7 Example 17
        Traceback (most recent call last):
          File "build/lib.linux-x86_64-3.2/Crypto/SelfTest/Hash/", line 199, in runTest
            self.assertRaises(ValueError, h.hexverify, "4556")
          File "/home/dwon/py/pythons/python3.2/lib/python3.2/unittest/", line 557, in assertRaises
            callableObj(*args, **kwargs)
          File "build/lib.linux-x86_64-3.2/Crypto/Hash/", line 323, in hexverify
        TypeError: 'str' does not support the buffer interface
Commits on Oct 20, 2013
  1. block_template: Fix compiler warning (%i -> %zi)

    dlitz committed Sep 30, 2013
    This fixes this warning:
        In file included from src/CAST.c:453:0:
        src/block_template.c: In function ‘ALG_Encrypt’:
        src/block_template.c:426:12: warning: format ‘%i’ expects argument of
        type ‘int’, but argument 3 has type ‘Py_ssize_t’ [-Wformat=]
                    ctr->buf_size, BLOCK_SIZE);
  2. Make MODE_OPENPGP accept uppercase 'IV' parameter.

    dlitz committed Sep 29, 2013
    This is for consistency with the rest of PyCrypto.
  3. More ValueError -> TypeError

    dlitz committed Sep 29, 2013
  4. CMAC: raise TypeError instead of ValueError when ciphermod is missing…

    dlitz committed Sep 29, 2013
    … or unusable
    This makes the CMAC module behave more like most Python functions do
    when a required argument is missing, and reserves ValueError for a MAC
  5. _CBCMAC: Rename ignite() -> _ignite()

    dlitz committed Sep 29, 2013
    I don't want to make this a public API just yet.
  6. Add encrypt_and_digest() and decrypt_and_verify()

    Legrandin committed with dlitz Aug 18, 2013
    This patch adds encrypt_and_digest() and decrypt_and_verify()
    methods to a cipher object.
    In most cases they are just shortcuts to the existing functions.
    For SIV mode, decrypt_and_verify() replaces decrypt().
    [ Squashed with bugfix commit:]
    Bug in encrypt_and_digest() (all AEAD modes)
    decrypt() was being called instead of encrypt().
    Added also a unit test to validate that composition
    of encrypt_and_digest() and decrypt_and_verify()
    is the identity function.
    [ Included changes from the following commit from the author's pull request:]
    - [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
    [ Whitespace fixed with "git rebase --whitespace=fix"]
    [ Replaced MacMismatchError with ValueError]
    [ Replaced ApiUsageError with TypeError]
  7. GCM mode: Optimize key setup for GCM mode.

    Legrandin committed with dlitz Jun 29, 2013
    GCM mode requires GHASH for 2 different operations: one for
    the data (AD + ciphertext) and one for the IV.
    Construction of tables to speed-up GHASH is very expensive
    and it is worth doing only for the data, not for the IV.
    This patch ensures that the GHASH for the IV does not
    use tables, with a ~40% faster key setup.
    [ Whitespace fixed with "git rebase --whitespace=fix"]