Lines Matching +full:implementation +full:- +full:defined
3 - Signatures computations and verifications are now way faster on
4 64-bit platforms with compilers supporting 128-bit arithmetic (gcc,
6 - New low-level APIs for computations over edwards25519:
11 - `crypto_sign_open()`, `crypto_sign_verify_detached() and
13 non-canonical form in addition to low-order points.
14 - The library can be built with `ED25519_NONDETERMINISTIC` defined in
16 - Webassembly: `crypto_pwhash_*()` functions are now included in
17 non-sumo builds.
18 - `sodium_stackzero()` was added to wipe content off the stack.
19 - Android: support new SDKs where unified headers have become the
21 - The Salsa20-based PRNG example is now thread-safe on platforms with
22 support for thread-local storage, optionally mixes bits from RDRAND.
23 - CMAKE: static library detection on Unix systems has been improved
24 (thanks to @BurningEnlightenment, @nibua-r, @mellery451)
25 - Argon2 and scrypt are slightly faster on Linux.
28 - The default password hashing algorithm is now Argon2id. The
32 - The aes128ctr primitive was removed. It was slow, non-standard, not
34 - Argon2id required at least 3 passes like Argon2i, despite a minimum
35 of `1` as defined by the `OPSLIMIT_MIN` constant. This has been fixed.
36 - The secretstream construction was slightly changed to be consistent
38 - The Javascript and Webassembly versions have been merged, and the
41 - Note that due to these incompatible changes, the library version
45 - iOS binaries should now be compatible with WatchOS and TVOS.
46 - WebAssembly is now officially supported. Special thanks to
48 - Internal consistency checks failing and primitives used with
49 dangerous/out-of-bounds/invalid parameters used to call abort(3).
52 handler ever returns. This is not a replacement for non-fatal,
56 - `*_MESSAGEBYTES_MAX` macros (and the corresponding
61 - The test suite has been extended to cover more edge cases.
62 - crypto_sign_ed25519_pk_to_curve25519() now rejects points that are
64 - Further changes have been made to ensure that smart compilers will
66 - Visual Studio solutions are now included in distribution tarballs.
67 - The `sodium_runtime_has_*` symbols for CPU features detection are
68 now defined as weak symbols, i.e. they can be replaced with an
69 application-defined implementation. This can be useful to disable
71 - `crypto_kx_*()` now aborts if called with no non-NULL pointers to
73 - SSE2 implementations of `crypto_verify_*()` have been added.
74 - Passwords can be hashed using a specific algorithm with the new
76 - Due to popular demand, base64 encoding (`sodium_bin2base64()`) and
78 - A new `crypto_secretstream_*()` API was added to safely encrypt files
79 and multi-part messages.
80 - The `sodium_pad()` and `sodium_unpad()` helper functions have been
82 - An AVX512 optimized implementation of Argon2 has been added (written
84 - The `crypto_pwhash_str_needs_rehash()` function was added to check if
87 - The library can now be compiled with recent versions of
92 - Javascript: the sumo builds now include all symbols. They were
93 previously limited to symbols defined in minimal builds.
94 - The public `crypto_pwhash_argon2i_MEMLIMIT_MAX` constant was
95 incorrectly defined on 32-bit platforms. This has been fixed.
96 - Version 1.0.12 didn't compile on OpenBSD/i386 using the base gcc
98 - The Android compilation scripts have been updated for NDK r14b.
99 - armv7s-optimized code was re-added to iOS builds.
100 - An AVX2 optimized implementation of the Argon2 round function was
102 - The Argon2id variant of Argon2 has been implemented. The
103 high-level `crypto_pwhash_str_verify()` function automatically detects
108 - A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
110 - scrypt was removed from minimal builds.
111 - libsodium is now available on NuGet.
114 - Ed25519ph was implemented, adding a multi-part signature API
116 - New constants and related accessors have been added for Scrypt and
118 - XChaCha20 has been implemented. Like XSalsa20, this construction
119 extends the ChaCha20 cipher to accept a 192-bit nonce. This makes it safe
121 - `crypto_secretbox`, `crypto_box` and `crypto_aead` now offer
123 - SHA-2 is about 20% faster, which also gives a speed boost to
125 - AVX2 implementations of Salsa20 and ChaCha20 have been added. They
129 - New high-level API: `crypto_kdf`, to easily derive one or more
131 - Siphash with a 128-bit output has been implemented, and is
133 - New `*_keygen()` helpers functions have been added to create secret
136 - A new `randombytes_buf_deterministic()` function was added to
139 - A preliminary `crypto_kx_*()` API was added to compute shared session
141 - AVX2 detection is more reliable.
142 - The pthreads library is not required any more when using MingW.
143 - `contrib/Findsodium.cmake` was added as an example to include
145 - Compatibility with gcc 2.x has been restored.
146 - Minimal builds can be checked using `sodium_library_minimal()`.
147 - The `--enable-opt` compilation switch has become compatible with more
149 - Android builds are now using clang on platforms where it is
153 - `sodium_init()` is now thread-safe, and can be safely called multiple
155 - Android binaries now properly support 64-bit Android, targeting
158 - Better support for old gcc versions.
159 - On FreeBSD, core dumps are disabled on regions allocated with
161 - AVX2 detection was fixed, resulting in faster Blake2b hashing on
163 - The Sandy2x Curve25519 implementation was not as fast as expected
165 - The NativeClient target was improved. Most notably, it now supports
167 - The library can be compiled with recent Emscripten versions.
170 - The code can now be compiled on SLES11 service pack 4.
171 - Decryption functions can now accept a NULL pointer for the output.
173 - crypto_generichash_final() now returns -1 if called twice.
174 - Support for Visual Studio 2008 was improved.
177 - This release only fixes a compilation issue reported with some older
181 - The Javascript target now includes a `--sumo` option to include all
183 - A detached API was added to the ChaCha20-Poly1305 and AES256-GCM
185 - The Argon2i password hashing function was added, and is accessible
186 directly and through a new, high-level `crypto_pwhash` API. The scrypt
188 - A speed-record AVX2 implementation of BLAKE2b was added (thanks to
190 - The library can now be compiled using C++Builder (thanks to @jcolli44)
191 - Countermeasures for Ed25519 signatures malleability have been added
192 to match the irtf-cfrg-eddsa draft (note that malleability is irrelevant to
193 the standard definition of signature security). Signatures with a small-order
195 - Some implementations are now slightly faster when using the Clang
197 - The HChaCha20 core function was implemented (`crypto_core_hchacha20()`).
198 - No-op stubs were added for all AES256-GCM public functions even when
199 compiled on non-Intel platforms.
200 - `crypt_generichash_blake2b_statebytes()` was added.
201 - New macros were added for the IETF variant of the ChaCha20-Poly1305
203 - The library can now be compiled on Minix.
204 - HEASLR is now enabled on MinGW builds.
207 - Handle the case where the CPU supports AVX, but we are running
209 - Faster (2x) scalarmult_base() when using the ref10 implementation.
212 - More functions whose return value should be checked have been
216 - Sandy2x, the fastest Curve25519 implementation ever, has been
219 - An SSE2 optimized implementation of Poly1305 was added, and is
221 - An SSSE3 optimized implementation of ChaCha20 was added, and is
223 - Faster `sodium_increment()` for common nonce sizes.
224 - New helper functions have been added: `sodium_is_zero()` and
226 - `sodium_runtime_has_aesni()` now properly detects the CPU flag when
230 - Optimized implementations of Blake2 have been added for modern
233 - Functions for which the return value should be checked have been
235 intentionally break code compiled with `-Werror` that didn't bother
237 - The `crypto_sign_edwards25519sha512batch_*()` functions have been
239 - Undocumented symbols that were exported, but were only useful for
241 `sodium_runtime_get_cpu_features()`, the implementation-specific
246 - `sodium_compare()` now works as documented, and compares numbers
247 in little-endian format instead of behaving like `memcmp()`.
248 - The previous changes should not break actual applications, but to be
250 - `sodium_runtime_has_ssse3()` and `sodium_runtime_has_sse41()` have
252 - The library can now be compiled with the CompCert compiler.
255 - Compilation issues on some platforms were fixed: missing alignment
256 directives were added (required at least on RHEL-6/i386), a workaround
259 - Javascript target: io.js is not supported any more. Use nodejs.
262 - Support for AES256-GCM has been added. This requires
265 - The Javascript target doesn't use eval() any more, so that the
267 - QNX and CloudABI are now supported.
268 - Support for NaCl has finally been added.
269 - ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
272 An IETF-compatible version of ChaCha20Poly1305 is available as
276 - The sodium_increment() helper function has been added, to increment
278 - The sodium_compare() helper function has been added, to compare
283 - In addition to sodium_bin2hex(), sodium_hex2bin() is now a
284 constant-time function.
285 - crypto_stream_xsalsa20_ic() has been added.
286 - crypto_generichash_statebytes(), crypto_auth_*_statebytes() and
289 - The JavaScript target doesn't require /dev/urandom or an external
290 randombytes() implementation any more. Other minor Emscripten-related
292 - Custom randombytes implementations do not need to provide their own
293 implementation of randombytes_uniform() any more. randombytes_stir()
296 - On Linux, getrandom(2) is being used instead of directly accessing
298 - crypto_box_seal() and crypto_box_seal_open() have been added.
299 - Visual Studio 2015 is now supported.
302 - The _easy and _detached APIs now support precalculated keys;
306 - Memory allocation functions can now be used on operating systems with
308 - crypto_sign_open() and crypto_sign_edwards25519sha512batch_open()
311 - The close-on-exec flag is now set on the descriptor returned when
313 - A libsodium-uninstalled.pc file to use pkg-config even when
315 - The iOS target now includes armv7s and arm64 optimized code, as well
317 - sodium_free() can now be called on regions with PROT_NONE protection.
318 - The Javascript tests can run on Ubuntu, where the node binary was
322 - DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid
323 collisions with similar macros defined by other libraries.
324 - sodium_bin2hex() is now constant-time.
325 - crypto_secretbox_detached() now supports overlapping input and output
327 - NaCl's donna_c64 implementation of curve25519 was reading an extra byte
332 - The API and ABI are now stable. New features will be added, but
333 backward-compatibility is guaranteed through all the 1.x.y releases.
334 - crypto_sign() properly works with overlapping regions again. Thanks
336 - The test suite has been extended.
339 - This is the second release candidate of Sodium 1.0. Minor
345 - Allocating memory to store sensitive data can now be done using
348 accessible in a heartbleed-like scenario. In addition, the protection
352 - ed25519 keys can be converted to curve25519 keys with
356 - The seed and the public key can be extracted from an ed25519 key
358 - aes256 was removed. A timing-attack resistant implementation might
360 - The crypto_pwhash_scryptxsalsa208sha256_* compatibility layer was
362 - The compatibility layer for implementation-specific functions was
364 - Compilation issues with Mingw64 on MSYS (not MSYS2) were fixed.
365 - crypto_pwhash_scryptsalsa208sha256_STRPREFIX was added: it contains
369 - Important bug fix: when crypto_sign_open() was given a signed
372 immediately returning -1. The bug was introduced in version 0.5.0.
373 - New API: crypto_sign_detached() and crypto_sign_verify_detached()
376 - New ./configure switch: --enable-minimal, to create a smaller
377 library, with only the functions required for the high-level API.
379 - All the symbols are now exported by the Emscripten build script.
380 - The pkg-config .pc file is now always installed even if the
381 pkg-config tool is not available during the installation.
384 - The ChaCha20 stream cipher has been added, as crypto_stream_chacha20_*
385 - The ChaCha20Poly1305 AEAD construction has been implemented, as
387 - The _easy API does not require any heap allocations any more and
391 - crypto_box and crypto_secretbox have a new _detached API to store
393 - crypto_pwhash_scryptxsalsa208sha256*() functions have been renamed
395 - The low-level crypto_pwhash_scryptsalsa208sha256_ll() function
397 - New macros and functions for recommended crypto_pwhash_* parameters
399 - Similarly to crypto_sign_seed_keypair(), crypto_box_seed_keypair()
401 - crypto_onetimeauth() now provides a streaming interface.
402 - crypto_stream_chacha20_xor_ic() and crypto_stream_salsa20_xor_ic()
403 have been added to use a non-zero initial block counter.
404 - On Windows, CryptGenRandom() was replaced by RtlGenRandom(), which
406 - The high bit in curve25519 is masked instead of processing the key as
407 a 256-bit value.
408 - The curve25519 ref implementation was replaced by the latest ref10
409 implementation from Supercop.
410 - sodium_mlock() now prevents memory from being included in coredumps
414 - sodium_mlock()/sodium_munlock() have been introduced to lock pages
417 - High-level wrappers for crypto_box and crypto_secretbox
420 - crypto_pwhash_scryptsalsa208sha256* functions have been added
422 - Salsa20 and ed25519 implementations now support overlapping
423 inputs/keys/outputs (changes imported from supercop-20140505).
424 - New build scripts for Visual Studio, Emscripten, different Android
426 - The poly1305-53 implementation has been replaced with Floodyberry's
427 poly1305-donna32 and poly1305-donna64 implementations.
428 - sodium_hex2bin() has been added to complement sodium_bin2hex().
429 - On OpenBSD and Bitrig, arc4random() is used instead of reading
431 - crypto_auth_hmac_sha512() has been implemented.
432 - sha256 and sha512 now have a streaming interface.
433 - hmacsha256, hmacsha512 and hmacsha512256 now support keys of
435 - crypto_verify_64() has been implemented.
436 - first-class Visual Studio build system, thanks to @evoskuil
437 - CPU features are now detected at runtime.
440 - Restore compatibility with OSX <= 10.6
443 - Visual Studio is officially supported (VC 2010 & VC 2013)
444 - mingw64 is now supported
445 - big-endian architectures are now supported as well
446 - The donna_c64 implementation of curve25519_donna_c64 now handles
447 non-canonical points like the ref implementation
448 - Missing scalarmult_curve25519 and stream_salsa20 constants are now exported
449 - A crypto_onetimeauth_poly1305_ref() wrapper has been added
452 - crypto_sign_seedbytes() and crypto_sign_SEEDBYTES were added.
453 - crypto_onetimeauth_poly1305_implementation_name() was added.
454 - poly1305-ref has been replaced by a faster implementation,
455 Floodyberry's poly1305-donna-unrolled.
456 - Stackmarkings have been added to assembly code, for Hardened Gentoo.
457 - pkg-config can now be used in order to retrieve compilations flags for
459 - crypto_stream_aes256estream_*() can now deal with unaligned input
461 - portability improvements.
464 - All NaCl constants are now also exposed as functions.
465 - The Android and iOS cross-compilation script have been improved.
466 - libsodium can now be cross-compiled to Windows from Linux.
467 - libsodium can now be compiled with emscripten.
468 - New convenience function (prototyped in utils.h): sodium_bin2hex().
471 - sodium_version_*() functions were not exported in version 0.4. They
473 - sodium_init() now calls randombytes_stir().
474 - optimized assembly version of salsa20 is now used on amd64.
475 - further cleanups and enhanced compatibility with non-C99 compilers.
478 - Most constants and operations are now available as actual functions
480 - New operation: crypto_generichash, featuring a variable key size, a
483 - The package can be compiled in a separate directory.
484 - aes128ctr functions are exported.
485 - Optimized versions of curve25519 (curve25519_donna_c64), poly1305
488 implementation.
489 - New convenience function: sodium_memzero() in order to securely
491 - A whole bunch of cleanups and portability enhancements.
492 - On Windows, a .REF file is generated along with the shared library,
497 - The crypto_shorthash operation has been added, implemented using
498 SipHash-2-4.
501 - crypto_sign_seed_keypair() has been added
504 - Initial release.