Resolved issues

• GH#512: Especially for very small bit sizes, Crypto.Util.number.getPrime() was occasionally generating primes larger than given the bit size. Thanks to Koki Takahashi.
• GH#552: Correct typing annotations for PKCS115_Cipher.decrypt().
• GH#555: decrypt() method of a PKCS#1v1.5 cipher returned a bytearray instead of bytes.
• GH#557: External DSA domain parameters were accepted even when the modulus (p) was not prime. This affected Crypto.PublicKey.DSA.generate() and Crypto.PublicKey.DSA.construct(). Thanks to Koki Takahashi.

New features

• Added cSHAKE128 and cSHAKE256 (of SHA-3 family). Thanks to Michael Schaffner.
• GH#558: The flag RTLD_DEEPBIND passed to dlopen() is not well supported by address sanitizers <https://github.com/google/sanitizers/issues/611>_. It is now possible to set the environment variable PYCRYPTDOME_DISABLE_DEEPBIND to drop that flag and allow security testing.