2017-03-13 10:21:37 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 13 09:17:43 UTC 2017 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.12
|
|
|
|
|
* Ed25519ph was implemented, adding a multi-part signature API
|
|
|
|
|
(crypto_sign_init(), crypto_sign_update(), crypto_sign_final_*()).
|
|
|
|
|
* New constants and related accessors have been added for Scrypt
|
|
|
|
|
and Argon2.
|
|
|
|
|
* XChaCha20 has been implemented. Like XSalsa20, this construction
|
|
|
|
|
extends the ChaCha20 cipher to accept a 192-bit nonce. This
|
|
|
|
|
makes it safe to use ChaCha20 with random nonces.
|
|
|
|
|
* crypto_secretbox, crypto_box and crypto_aead now offer variants
|
|
|
|
|
leveraging XChaCha20.
|
|
|
|
|
* SHA-2 is about 20% faster, which also gives a speed boost to
|
|
|
|
|
signature and signature verification.
|
|
|
|
|
* AVX2 implementations of Salsa20 and ChaCha20 have been added.
|
|
|
|
|
They are twice as fast as the SSE2 implementations. The speed
|
|
|
|
|
gain is even more significant on Windows, that previously
|
|
|
|
|
didn't use vectorized implementations.
|
|
|
|
|
* New high-level API: crypto_kdf, to easily derive one or more
|
|
|
|
|
subkeys from a master key.
|
|
|
|
|
* Siphash with a 128-bit output has been implemented, and is
|
|
|
|
|
available as crypto_shorthash_siphashx_*.
|
|
|
|
|
* New *_keygen() helpers functions have been added to create
|
|
|
|
|
secret keys for all constructions. This improves code clarity
|
|
|
|
|
and can prevent keys from being partially initialized.
|
|
|
|
|
* A new randombytes_buf_deterministic() function was added to
|
|
|
|
|
deterministically fill a memory region with pseudorandom data.
|
|
|
|
|
This function can especially be useful to write reproducible tests.
|
|
|
|
|
* A preliminary crypto_kx_*() API was added to compute shared
|
|
|
|
|
session keys.
|
|
|
|
|
* AVX2 detection is more reliable.
|
|
|
|
|
|
2016-08-07 14:03:49 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Aug 6 04:31:24 UTC 2016 - i@marguerite.su
|
|
|
|
|
|
|
|
|
|
- update version 1.0.11
|
|
|
|
|
* sodium_init() is now thread-safe, and can be safely called
|
|
|
|
|
multiple times.
|
|
|
|
|
* Better support for old gcc versions.
|
|
|
|
|
* AVX2 detection was fixed, resulting in faster BLAKE2b hashing
|
|
|
|
|
on platforms where it was not properly detected.
|
|
|
|
|
* The Sandy2x Curve25519 implementation was not as fast as
|
|
|
|
|
expected on some platforms. This has been fixed.
|
|
|
|
|
* The NativeClient target was improved. Most notably, it now
|
|
|
|
|
supports optimized implementations, and uses pepper_49 by default.
|
|
|
|
|
* The library can be compiled with recent Emscripten versions.
|
|
|
|
|
Changes have been made to produce smaller code, and the default
|
|
|
|
|
heap size was reduced in the standard version.
|
|
|
|
|
* Decryption functions can now accept a NULL pointer for the output.
|
|
|
|
|
This checks the MAC without writing the decrypted message.
|
|
|
|
|
* crypto_generichash_final() now returns -1 if called twice.
|
|
|
|
|
|
2016-04-05 15:16:23 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 5 13:14:08 UTC 2016 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.10
|
|
|
|
|
* Compile fix update for older GCCs
|
|
|
|
|
|
2016-04-02 17:55:42 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Apr 2 15:50:44 UTC 2016 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.9
|
|
|
|
|
* A detached API was added to the ChaCha20-Poly1305 and AES256-GCM
|
|
|
|
|
implementations.
|
|
|
|
|
* The Argon2i password hashing function was added, and is accessible
|
|
|
|
|
directly and through a new, high-level crypto_pwhash API.
|
|
|
|
|
The scrypt function remains available as well.
|
|
|
|
|
* A speed-record AVX2 implementation of BLAKE2b was added.
|
|
|
|
|
* Countermeasures for Ed25519 signatures malleability have been
|
|
|
|
|
added to match the irtf-cfrg-eddsa draft.
|
|
|
|
|
* The HChaCha20 core function was implemented (crypto_core_hchacha20()).
|
|
|
|
|
* No-op stubs were added for all AES256-GCM public functions even
|
|
|
|
|
when compiled on non-Intel platforms.
|
|
|
|
|
* crypt_generichash_blake2b_statebytes() was added.
|
|
|
|
|
* New macros were added for the IETF variant of the ChaCha20-Poly1305
|
|
|
|
|
construction.
|
|
|
|
|
|
2015-12-25 18:11:04 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 25 17:08:17 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.8
|
|
|
|
|
* Handle the case where the CPU supports AVX, but we are running
|
|
|
|
|
on an hypervisor with AVX disabled/not supported.
|
|
|
|
|
* Faster (2x) scalarmult_base() when using the ref10 implementation.
|
|
|
|
|
|
2015-12-08 17:31:21 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 8 16:25:20 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.7
|
|
|
|
|
* Sandy2x, the fastest Curve25519 implementation ever,
|
|
|
|
|
has been merged in, and is automatically used on CPUs
|
|
|
|
|
supporting the AVX instructions set.
|
|
|
|
|
* An SSE2 optimized implementation of Poly1305 was added,
|
|
|
|
|
and is twice as fast as the portable one.
|
|
|
|
|
* An SSSE3 optimized implementation of ChaCha20 was added,
|
|
|
|
|
and is twice as fast as the portable one.
|
|
|
|
|
* Faster sodium_increment() for common nonce sizes.
|
|
|
|
|
* New helper functions have been added: sodium_is_zero()
|
|
|
|
|
and sodium_add().
|
|
|
|
|
|
2015-11-02 11:58:18 +01:00
|
|
|
-------------------------------------------------------------------
|
2015-12-01 15:08:32 +01:00
|
|
|
Tue Dec 1 14:07:54 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
2015-12-02 08:57:45 +01:00
|
|
|
- Follow upstream's lead and compile with -flto for > 13.2 on x86
|
|
|
|
|
and x86-64.
|
2015-12-01 15:08:32 +01:00
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2015-11-02 11:58:18 +01:00
|
|
|
Mon Nov 2 10:53:04 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.0.6
|
|
|
|
|
* Optimized implementations of Blake2 have been added for modern
|
|
|
|
|
Intel platforms. crypto_generichash() is now faster than MD5 and
|
|
|
|
|
SHA1 implementations while being far more secure.
|
|
|
|
|
* The crypto_sign_edwards25519sha512batch_*() functions have been
|
|
|
|
|
tagged as deprecated.
|
|
|
|
|
* sodium_compare() now works as documented, and compares numbers
|
|
|
|
|
in little-endian format instead of behaving like memcmp().
|
|
|
|
|
* sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have
|
|
|
|
|
been added.
|
|
|
|
|
|
2015-10-21 09:06:53 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 21 07:06:19 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Now that gcc 5.2 is available on TW, remove the ARMv7 workaround.
|
|
|
|
|
|
2015-10-18 17:13:09 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 18 15:09:15 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.0.4
|
|
|
|
|
* Support for AES256-GCM has been added. This requires a CPU with
|
|
|
|
|
the aesni and pclmul extensions, and is accessible via the
|
|
|
|
|
crypto_aead_aes256gcm_*() functions.
|
|
|
|
|
* ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
|
|
|
|
|
been implemented as crypto_stream_chacha20_ietf(),
|
|
|
|
|
crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic().
|
|
|
|
|
An IETF-compatible version of ChaCha20Poly1305 is available as
|
|
|
|
|
crypto_aead_chacha20poly1305_ietf_npubbytes(),
|
|
|
|
|
crypto_aead_chacha20poly1305_ietf_encrypt() and
|
|
|
|
|
crypto_aead_chacha20poly1305_ietf_decrypt().
|
|
|
|
|
* The sodium_increment() helper function has been added, to increment
|
|
|
|
|
an arbitrary large number (such as a nonce).
|
|
|
|
|
* The sodium_compare() helper function has been added, to compare
|
|
|
|
|
arbitrary large numbers (such as nonces, in order to prevent replay attacks).
|
|
|
|
|
|
2015-05-13 18:36:46 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 13 15:09:50 UTC 2015 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.0.3
|
|
|
|
|
* In addition to sodium_bin2hex(), sodium_hex2bin() is now a
|
|
|
|
|
constant-time function.
|
|
|
|
|
* crypto_stream_xsalsa20_ic() has been added.
|
|
|
|
|
* crypto_generichash_statebytes(), crypto_auth_*_statebytes()
|
|
|
|
|
and crypto_hash_*_statebytes() have been added in order to
|
|
|
|
|
retrieve the size of structures keeping states from foreign
|
|
|
|
|
languages.
|
|
|
|
|
* The JavaScript target doesn't require /dev/urandom or an
|
|
|
|
|
external randombytes() implementation any more. Other minor
|
|
|
|
|
Emscripten-related improvements have been made in order to
|
|
|
|
|
support libsodium.js
|
|
|
|
|
* Custom randombytes implementations do not need to provide
|
|
|
|
|
their own implementation of randombytes_uniform() any more.
|
|
|
|
|
randombytes_stir() and randombytes_close() can also be NULL
|
|
|
|
|
pointers if they are not required.
|
|
|
|
|
* On Linux, getrandom(2) is being used instead of directly
|
|
|
|
|
accessing /dev/urandom, if the kernel supports this system
|
|
|
|
|
call.
|
|
|
|
|
* crypto_box_seal() and crypto_box_seal_open() have been added.
|
|
|
|
|
* A solutions for Visual Studio 2015 was added.
|
|
|
|
|
|
2015-01-16 11:25:05 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 16 10:22:39 UTC 2015 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.2
|
|
|
|
|
* The _easy and _detached APIs now support precalculated keys
|
|
|
|
|
* sodium_free() can now be called on regions with PROT_NONE
|
|
|
|
|
protection.
|
|
|
|
|
* Memory allocation functions can now be used on operating systems
|
|
|
|
|
with no memory protection.
|
|
|
|
|
|
2014-09-24 21:51:33 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 24 19:45:03 UTC 2014 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.0.0
|
|
|
|
|
* The API and ABI are now stable.
|
|
|
|
|
* crypto_sign() properly works with overlapping regions again.
|
|
|
|
|
* The test suite has been extended.
|
|
|
|
|
|
|
|
|
|
|
2014-08-28 17:19:09 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 28 15:14:29 UTC 2014 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 0.7.0
|
|
|
|
|
* Added sodium_malloc() and sodium_allocarray() for secure memory
|
|
|
|
|
allocation.
|
|
|
|
|
* ed25519 keys can be converted to curve25519 keys with
|
|
|
|
|
crypto_sign_ed25519_pk_to_curve25519() and
|
|
|
|
|
crypto_sign_ed25519_sk_to_curve25519().
|
|
|
|
|
* aes256 was removed.
|
|
|
|
|
|
2014-07-16 14:12:37 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 16 12:04:50 UTC 2014 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 0.6.1
|
|
|
|
|
* The ChaCha20 stream cipher has been added
|
|
|
|
|
* The ChaCha20Poly1305 AEAD construction has been implemented
|
|
|
|
|
* crypto_onetimeauth() now provides a streaming interface.
|
|
|
|
|
* New API: crypto_sign_detached() and crypto_sign_verify_detached()
|
|
|
|
|
|
2014-05-14 14:53:20 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 14 12:40:08 UTC 2014 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 0.5.0
|
|
|
|
|
* sodium_mlock()/sodium_munlock() have been introduced.
|
|
|
|
|
* Added high-level wrappers for crypto_box and crypto_secretbox
|
|
|
|
|
* Added crypto_pwhash_scryptxsalsa208sha256* functions
|
|
|
|
|
* Salsa20 and ed25519 implementations now support overlapping
|
|
|
|
|
inputs/keys/outputs
|
|
|
|
|
* The poly1305-53 implementation has been replaced with Floodyberry's
|
|
|
|
|
poly1305-donna32 and poly1305-donna64 implementations
|
|
|
|
|
* sodium_hex2bin() has been added to complement sodium_bin2hex()
|
|
|
|
|
* crypto_auth_hmac_sha512() has been implemented
|
|
|
|
|
* sha256 and sha512 now have a streaming interface
|
|
|
|
|
* hmacsha256, hmacsha512 and hmacsha512256 now support keys of
|
|
|
|
|
arbitrary length, and have a streaming interface
|
|
|
|
|
* crypto_verify_64() has been implemented
|
|
|
|
|
* CPU features are now detected at runtime
|
|
|
|
|
|
2014-05-07 16:58:58 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 2 11:44:43 UTC 2014 - i@marguerite.su
|
|
|
|
|
|
2014-05-14 14:53:20 +02:00
|
|
|
- Update to version 0.4.5
|
|
|
|
|
* Restore compatibility with OSX <= 10.6
|
2014-05-07 16:58:58 +02:00
|
|
|
|
2013-10-22 10:44:11 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 22 08:41:03 UTC 2013 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 0.4.4
|
|
|
|
|
* Big-endian architectures are now supported.
|
|
|
|
|
* The donna_c64 implementation of curve25519_donna_c64 now handles
|
|
|
|
|
non-canonical points like the ref implementation.
|
|
|
|
|
* Missing scalarmult_curve25519 and stream_salsa20 constants are
|
|
|
|
|
now exported.
|
|
|
|
|
* A crypto_onetimeauth_poly1305_ref() wrapper has been added.
|
|
|
|
|
|
2013-09-11 13:02:49 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 11 10:58:48 UTC 2013 - idonmez@suse.com
|
|
|
|
|
|
2013-10-22 10:44:11 +02:00
|
|
|
- Initial release for build.opensuse.org
|
2013-09-11 13:02:49 +02:00
|
|
|
|
