Revisions of libsodium
Dominique Leuenberger (dimstar_suse)
accepted
request 726508
from
Ismail Dönmez (namtrac)
(revision 27)
Dominique Leuenberger (dimstar_suse)
accepted
request 712754
from
Dirk Mueller (dirkmueller)
(revision 26)
Dominique Leuenberger (dimstar_suse)
accepted
request 622471
from
Ismail Dönmez (namtrac)
(revision 24)
Dominique Leuenberger (dimstar_suse)
accepted
request 556722
from
Ismail Dönmez (namtrac)
(revision 22)
- Update to 1.0.16
* Signatures computations and verifications are now way faster
on 64-bit platforms with compilers supporting 128-bit
arithmetic (gcc, clang, icc). This includes the WebAssembly
target.
* New low-level APIs for computations over edwards25519:
crypto_scalarmult_ed25519(), crypto_scalarmult_ed25519_base(),
crypto_core_ed25519_is_valid_point(), crypto_core_ed25519_add(),
crypto_core_ed25519_sub() and crypto_core_ed25519_from_uniform()
(elligator representative to point).
* crypto_sign_open(), crypto_sign_verify_detached() and
crypto_sign_edwards25519sha512batch_open` now reject public
keys in non-canonical form in addition to low-order points.
* The library can be built with ED25519_NONDETERMINISTIC defined
in order to use synthetic nonces for EdDSA. This is disabled
by default.
* sodium_stackzero() was added to wipe content off the stack.
* The Salsa20-based PRNG example is now thread-safe on platforms
with support for thread-local storage, optionally mixes bits
from RDRAND.
* Argon2 and scrypt are slightly faster on Linux.
Dominique Leuenberger (dimstar_suse)
accepted
request 532674
from
Ismail Dönmez (namtrac)
(revision 21)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 529173
from
Ismail Dönmez (namtrac)
(revision 20)
- Update to version 1.0.14
* Internal consistency checks failing and primitives used with
dangerous/out-of-bounds/invalid parameters used to call abort(3).
Now, a custom handler that doesn't return can be set with the
set_sodium_misuse() function. It still aborts by default or if
the handler ever returns. This is not a replacement for non-fatal,
expected runtime errors. This handler will be only called in
unexpected situations due to potential bugs in the library or in
language bindings.
* *_MESSAGEBYTES_MAX macros (and the corresponding _messagebytes_max()
symbols) have been added to represent the maximum message size that
can be safely handled by a primitive. Language bindings are
encouraged to check user inputs against these maximum lengths.
* The test suite has been extended to cover more edge cases.
* crypto_sign_ed25519_pk_to_curve25519() now rejects points that
are not on the curve, or not in the main subgroup.
* Further changes have been made to ensure that smart compilers
will not optimize out code that we don't want to be optimized.
* The sodium_runtime_has_* symbols for CPU features detection are
now defined as weak symbols, i.e. they can be replaced with an
application-defined implementation. This can be useful to
disable AVX* when temperature/power consumption is a concern.
* crypto_kx_*() now aborts if called with no non-NULL pointers
to store keys to.
* SSE2 implementations of crypto_verify_*() have been added.
* Passwords can be hashed using a specific algorithm with the new
crypto_pwhash_str_alg() function.
* Due to popular demand, base64 encoding (sodium_bin2base64())
and decoding (sodium_base642bin()) have been implemented.
* A new crypto_secretstream_*() API was added to safely encrypt
Dominique Leuenberger (dimstar_suse)
accepted
request 481258
from
Factory Maintainer (factory-maintainer)
(revision 19)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 417345
from
Dirk Mueller (dirkmueller)
(revision 18)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 384516
from
Ismail Dönmez (namtrac)
(revision 17)
- Update to version 1.0.10 * Compile fix update for older GCCs
Dominique Leuenberger (dimstar_suse)
accepted
request 383238
from
Ismail Dönmez (namtrac)
(revision 16)
- Update to version 1.0.9
* A detached API was added to the ChaCha20-Poly1305 and AES256-GCM
implementations.
* The Argon2i password hashing function was added, and is accessible
directly and through a new, high-level crypto_pwhash API.
The scrypt function remains available as well.
* A speed-record AVX2 implementation of BLAKE2b was added.
* Countermeasures for Ed25519 signatures malleability have been
added to match the irtf-cfrg-eddsa draft.
* The HChaCha20 core function was implemented (crypto_core_hchacha20()).
* No-op stubs were added for all AES256-GCM public functions even
when compiled on non-Intel platforms.
* crypt_generichash_blake2b_statebytes() was added.
* New macros were added for the IETF variant of the ChaCha20-Poly1305
construction.
Dominique Leuenberger (dimstar_suse)
accepted
request 350786
from
Ismail Dönmez (namtrac)
(revision 15)
- Update to version 1.0.8
* Handle the case where the CPU supports AVX, but we are running
on an hypervisor with AVX disabled/not supported.
* Faster (2x) scalarmult_base() when using the ref10 implementation.
Dominique Leuenberger (dimstar_suse)
accepted
request 347947
from
Ismail Dönmez (namtrac)
(revision 14)
- Update to version 1.0.7
* Sandy2x, the fastest Curve25519 implementation ever,
has been merged in, and is automatically used on CPUs
supporting the AVX instructions set.
* An SSE2 optimized implementation of Poly1305 was added,
and is twice as fast as the portable one.
* An SSSE3 optimized implementation of ChaCha20 was added,
and is twice as fast as the portable one.
* Faster sodium_increment() for common nonce sizes.
* New helper functions have been added: sodium_is_zero()
and sodium_add().
- Follow upstream's lead and compile with -flto for > 13.2 on x86
and x86-64.
Dominique Leuenberger (dimstar_suse)
accepted
request 342056
from
Ismail Dönmez (namtrac)
(revision 13)
- Update to 1.0.6
* Optimized implementations of Blake2 have been added for modern
Intel platforms. crypto_generichash() is now faster than MD5 and
SHA1 implementations while being far more secure.
* The crypto_sign_edwards25519sha512batch_*() functions have been
tagged as deprecated.
* sodium_compare() now works as documented, and compares numbers
in little-endian format instead of behaving like memcmp().
* sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have
been added.
Stephan Kulow (coolo)
accepted
request 340172
from
Ismail Dönmez (namtrac)
(revision 12)
- Now that gcc 5.2 is available on TW, remove the ARMv7 workaround.
Dominique Leuenberger (dimstar_suse)
accepted
request 339760
from
Ismail Dönmez (namtrac)
(revision 11)
- Update to 1.0.4
* Support for AES256-GCM has been added. This requires a CPU with
the aesni and pclmul extensions, and is accessible via the
crypto_aead_aes256gcm_*() functions.
* ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
been implemented as crypto_stream_chacha20_ietf(),
crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic().
An IETF-compatible version of ChaCha20Poly1305 is available as
crypto_aead_chacha20poly1305_ietf_npubbytes(),
crypto_aead_chacha20poly1305_ietf_encrypt() and
crypto_aead_chacha20poly1305_ietf_decrypt().
* The sodium_increment() helper function has been added, to increment
an arbitrary large number (such as a nonce).
* The sodium_compare() helper function has been added, to compare
arbitrary large numbers (such as nonces, in order to prevent replay attacks).
Dominique Leuenberger (dimstar_suse)
accepted
request 281495
from
Ismail Dönmez (namtrac)
(revision 9)
- Update to version 1.0.2
* The _easy and _detached APIs now support precalculated keys
* sodium_free() can now be called on regions with PROT_NONE
protection.
* Memory allocation functions can now be used on operating systems
with no memory protection.
Stephan Kulow (coolo)
accepted
request 251994
from
Ismail Dönmez (namtrac)
(revision 8)
- Update to version 1.0.0 * The API and ABI are now stable. * crypto_sign() properly works with overlapping regions again. * The test suite has been extended.
Displaying revisions 1 - 20 of 27
