richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1188 Commits
8 Branches
85 Tags
14 MiB
Tree: f7f90b1eb2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7f90b1eb2'
${ noResults }
shadowsocks-libev/libsodium/ChangeLog

296 lines
14 KiB
Raw Normal View History

integrate libsodium as a subproject
9 years ago
Update libsodium
8 years ago
integrate libsodium as a subproject
9 years ago
  2. * Version 1.0.7
  3. - More functions whose return value should be checked have been
  4. tagged with `__attribute__ ((warn_unused_result))`: `crypto_box_easy()`,
  5. `crypto_box_detached()`, `crypto_box_beforenm()`, `crypto_box()`, and
  6. `crypto_scalarmult()`.
  7. - Sandy2x, the fastest Curve25519 implementation ever, has been
  8. merged in, and is automatically used on CPUs supporting the AVX
  9. instructions set.
  10. - An SSE2 optimized implementation of Poly1305 was added, and is
  11. twice as fast as the portable one.
  12. - An SSSE3 optimized implementation of ChaCha20 was added, and is
  13. twice as fast as the portable one.
  14. - Faster `sodium_increment()` for common nonce sizes.
  15. - New helper functions have been added: `sodium_is_zero()` and
  16. `sodium_add()`.
  17. - `sodium_runtime_has_aesni()` now properly detects the CPU flag when
  18. compiled using Visual Studio.
  20. * Version 1.0.6
  21. - Optimized implementations of Blake2 have been added for modern
  22. Intel platforms. `crypto_generichash()` is now faster than MD5 and SHA1
  23. implementations while being far more secure.
  24. - Functions for which the return value should be checked have been
  25. tagged with `__attribute__ ((warn_unused_result))`. This will
  26. intentionally break code compiled with `-Werror` that didn't bother
  27. checking critical return values.
  28. - The `crypto_sign_edwards25519sha512batch_*()` functions have been
  29. tagged as deprecated.
  30. - Undocumented symbols that were exported, but were only useful for
  31. internal purposes have been removed or made private:
  32. `sodium_runtime_get_cpu_features()`, the implementation-specific
  33. `crypto_onetimeauth_poly1305_donna()` symbols,
  34. `crypto_onetimeauth_poly1305_set_implementation()`,
  35. `crypto_onetimeauth_poly1305_implementation_name()` and
  36. `crypto_onetimeauth_pick_best_implementation()`.
  37. - `sodium_compare()` now works as documented, and compares numbers
  38. in little-endian format instead of behaving like `memcmp()`.
  39. - The previous changes should not break actual applications, but to be
  40. safe, the library version major was incremented.
  41. - `sodium_runtime_has_ssse3()` and `sodium_runtime_has_sse41()` have
  42. been added.
  43. - The library can now be compiled with the CompCert compiler.
  45. * Version 1.0.5
  46. - Compilation issues on some platforms were fixed: missing alignment
  47. directives were added (required at least on RHEL-6/i386), a workaround
  48. for a VRP bug on gcc/armv7 was added, and the library can now be compiled
  49. with the SunPro compiler.
  50. - Javascript target: io.js is not supported any more. Use nodejs.
  52. * Version 1.0.4
  53. - Support for AES256-GCM has been added. This requires
  54. a CPU with the aesni and pclmul extensions, and is accessible via the
  55. crypto_aead_aes256gcm_*() functions.
  56. - The Javascript target doesn't use eval() any more, so that the
  57. library can be used in Chrome packaged applications.
  58. - QNX and CloudABI are now supported.
  59. - Support for NaCl has finally been added.
  60. - ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
  61. been implemented as crypto_stream_chacha20_ietf(),
  62. crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic().
  63. An IETF-compatible version of ChaCha20Poly1305 is available as
  64. crypto_aead_chacha20poly1305_ietf_npubbytes(),
  65. crypto_aead_chacha20poly1305_ietf_encrypt() and
  66. crypto_aead_chacha20poly1305_ietf_decrypt().
  67. - The sodium_increment() helper function has been added, to increment
  68. an arbitrary large number (such as a nonce).
  69. - The sodium_compare() helper function has been added, to compare
  70. arbitrary large numbers (such as nonces, in order to prevent replay
  71. attacks).
  73. * Version 1.0.3
  74. - In addition to sodium_bin2hex(), sodium_hex2bin() is now a
  75. constant-time function.
  76. - crypto_stream_xsalsa20_ic() has been added.
  77. - crypto_generichash_statebytes(), crypto_auth_*_statebytes() and
  78. crypto_hash_*_statebytes() have been added in order to retrieve the
  79. size of structures keeping states from foreign languages.
  80. - The JavaScript target doesn't require /dev/urandom or an external
  81. randombytes() implementation any more. Other minor Emscripten-related
  82. improvements have been made in order to support libsodium.js
  83. - Custom randombytes implementations do not need to provide their own
  84. implementation of randombytes_uniform() any more. randombytes_stir()
  85. and randombytes_close() can also be NULL pointers if they are not
  86. required.
  87. - On Linux, getrandom(2) is being used instead of directly accessing
  88. /dev/urandom, if the kernel supports this system call.
  89. - crypto_box_seal() and crypto_box_seal_open() have been added.
  90. - A solutions for Visual Studio 2015 was added.
  92. * Version 1.0.2
  93. - The _easy and _detached APIs now support precalculated keys;
  94. crypto_box_easy_afternm(), crypto_box_open_easy_afternm(),
  95. crypto_box_detached_afternm() and crypto_box_open_detached_afternm()
  96. have been added as an alternative to the NaCl interface.
  97. - Memory allocation functions can now be used on operating systems with
  98. no memory protection.
  99. - crypto_sign_open() and crypto_sign_edwards25519sha512batch_open()
  100. now accept a NULL pointer instead of a pointer to the message size, if
  101. storing this information is not required.
  102. - The close-on-exec flag is now set on the descriptor returned when
  103. opening /dev/urandom.
  104. - A libsodium-uninstalled.pc file to use pkg-config even when
  105. libsodium is not installed, has been added.
  106. - The iOS target now includes armv7s and arm64 optimized code, as well
  107. as i386 and x86_64 code for the iOS simulator.
  108. - sodium_free() can now be called on regions with PROT_NONE protection.
  109. - The Javascript tests can run on Ubuntu, where the node binary was
  110. renamed nodejs. io.js can also be used instead of node.
  112. * Version 1.0.1
  113. - DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid
  114. collisions with similar macros defined by other libraries.
  115. - sodium_bin2hex() is now constant-time.
  116. - crypto_secretbox_detached() now supports overlapping input and output
  117. regions.
  118. - NaCl's donna_c64 implementation of curve25519 was reading an extra byte
  119. past the end of the buffer containing the base point. This has been
  120. fixed.
  122. * Version 1.0.0
  123. - The API and ABI are now stable. New features will be added, but
  124. backward-compatibility is guaranteed through all the 1.x.y releases.
  125. - crypto_sign() properly works with overlapping regions again. Thanks
  126. to @pysiak for reporting this regression introduced in version 0.6.1.
  127. - The test suite has been extended.
  129. * Version 0.7.1 (1.0 RC2)
  130. - This is the second release candidate of Sodium 1.0. Minor
  131. compilation, readability and portability changes have been made and the
  132. test suite was improved, but the API is the same as the previous release
  133. candidate.
  135. * Version 0.7.0 (1.0 RC1)
  136. - Allocating memory to store sensitive data can now be done using
  137. sodium_malloc() and sodium_allocarray(). These functions add guard
  138. pages around the protected data to make it less likely to be
  139. accessible in a heartbleed-like scenario. In addition, the protection
  140. for memory regions allocated that way can be changed using
  141. sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
  142. sodium_mprotect_readwrite().
  143. - ed25519 keys can be converted to curve25519 keys with
  144. crypto_sign_ed25519_pk_to_curve25519() and
  145. crypto_sign_ed25519_sk_to_curve25519(). This allows using the same
  146. keys for signature and encryption.
  147. - The seed and the public key can be extracted from an ed25519 key
  148. using crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk().
  149. - aes256 was removed. A timing-attack resistant implementation might
  150. be added later, but not before version 1.0 is tagged.
  151. - The crypto_pwhash_scryptxsalsa208sha256_* compatibility layer was
  152. removed. Use crypto_pwhash_scryptsalsa208sha256_*.
  153. - The compatibility layer for implementation-specific functions was
  154. removed.
  155. - Compilation issues with Mingw64 on MSYS (not MSYS2) were fixed.
  156. - crypto_pwhash_scryptsalsa208sha256_STRPREFIX was added: it contains
  157. the prefix produced by crypto_pwhash_scryptsalsa208sha256_str()
  159. * Version 0.6.1
  160. - Important bug fix: when crypto_sign_open() was given a signed
  161. message too short to even contain a signature, it was putting an
  162. unlimited amount of zeros into the target buffer instead of
  163. immediately returning -1. The bug was introduced in version 0.5.0.
  164. - New API: crypto_sign_detached() and crypto_sign_verify_detached()
  165. to produce and verify ed25519 signatures without having to duplicate
  166. the message.
  167. - New ./configure switch: --enable-minimal, to create a smaller
  168. library, with only the functions required for the high-level API.
  169. Mainly useful for the JavaScript target and embedded systems.
  170. - All the symbols are now exported by the Emscripten build script.
  171. - The pkg-config .pc file is now always installed even if the
  172. pkg-config tool is not available during the installation.
  174. * Version 0.6.0
  175. - The ChaCha20 stream cipher has been added, as crypto_stream_chacha20_*
  176. - The ChaCha20Poly1305 AEAD construction has been implemented, as
  177. crypto_aead_chacha20poly1305_*
  178. - The _easy API does not require any heap allocations any more and
  179. does not have any overhead over the NaCl API. With the password
  180. hashing function being an obvious exception, the library doesn't
  181. allocate and will not allocate heap memory ever.
  182. - crypto_box and crypto_secretbox have a new _detached API to store
  183. the authentication tag and the encrypted message separately.
  184. - crypto_pwhash_scryptxsalsa208sha256*() functions have been renamed
  185. crypto_pwhash_scryptsalsa208sha256*().
  186. - The low-level crypto_pwhash_scryptsalsa208sha256_ll() function
  187. allows setting individual parameters of the scrypt function.
  188. - New macros and functions for recommended crypto_pwhash_* parameters
  189. have been added.
  190. - Similarly to crypto_sign_seed_keypair(), crypto_box_seed_keypair()
  191. has been introduced to deterministically generate a key pair from a seed.
  192. - crypto_onetimeauth() now provides a streaming interface.
  193. - crypto_stream_chacha20_xor_ic() and crypto_stream_salsa20_xor_ic()
  194. have been added to use a non-zero initial block counter.
  195. - On Windows, CryptGenRandom() was replaced by RtlGenRandom(), which
  196. doesn't require the Crypt API.
  197. - The high bit in curve25519 is masked instead of processing the key as
  198. a 256-bit value.
  199. - The curve25519 ref implementation was replaced by the latest ref10
  200. implementation from Supercop.
  201. - sodium_mlock() now prevents memory from being included in coredumps
  202. on Linux 3.4+
  204. * Version 0.5.0
  205. - sodium_mlock()/sodium_munlock() have been introduced to lock pages
  206. in memory before storing sensitive data, and to zero them before
  207. unlocking them.
  208. - High-level wrappers for crypto_box and crypto_secretbox
  209. (crypto_box_easy and crypto_secretbox_easy) can be used to avoid
  210. dealing with the specific memory layout regular functions depend on.
  211. - crypto_pwhash_scryptsalsa208sha256* functions have been added
  212. to derive a key from a password, and for password storage.
  213. - Salsa20 and ed25519 implementations now support overlapping
  214. inputs/keys/outputs (changes imported from supercop-20140505).
  215. - New build scripts for Visual Studio, Emscripten, different Android
  216. architectures and msys2 are available.
  217. - The poly1305-53 implementation has been replaced with Floodyberry's
  218. poly1305-donna32 and poly1305-donna64 implementations.
  219. - sodium_hex2bin() has been added to complement sodium_bin2hex().
  220. - On OpenBSD and Bitrig, arc4random() is used instead of reading
  221. /dev/urandom.
  222. - crypto_auth_hmac_sha512() has been implemented.
  223. - sha256 and sha512 now have a streaming interface.
  224. - hmacsha256, hmacsha512 and hmacsha512256 now support keys of
  225. arbitrary length, and have a streaming interface.
  226. - crypto_verify_64() has been implemented.
  227. - first-class Visual Studio build system, thanks to @evoskuil
  228. - CPU features are now detected at runtime.
  230. * Version 0.4.5
  231. - Restore compatibility with OSX <= 10.6
  233. * Version 0.4.4
  234. - Visual Studio is officially supported (VC 2010 & VC 2013)
  235. - mingw64 is now supported
  236. - big-endian architectures are now supported as well
  237. - The donna_c64 implementation of curve25519_donna_c64 now handles
  238. non-canonical points like the ref implementation
  239. - Missing scalarmult_curve25519 and stream_salsa20 constants are now exported
  240. - A crypto_onetimeauth_poly1305_ref() wrapper has been added
  242. * Version 0.4.3
  243. - crypto_sign_seedbytes() and crypto_sign_SEEDBYTES were added.
  244. - crypto_onetimeauth_poly1305_implementation_name() was added.
  245. - poly1305-ref has been replaced by a faster implementation,
  246. Floodyberry's poly1305-donna-unrolled.
  247. - Stackmarkings have been added to assembly code, for Hardened Gentoo.
  248. - pkg-config can now be used in order to retrieve compilations flags for
  249. using libsodium.
  250. - crypto_stream_aes256estream_*() can now deal with unaligned input
  251. on platforms that require word alignment.
  252. - portability improvements.
  254. * Version 0.4.2
  255. - All NaCl constants are now also exposed as functions.
  256. - The Android and iOS cross-compilation script have been improved.
  257. - libsodium can now be cross-compiled to Windows from Linux.
  258. - libsodium can now be compiled with emscripten.
  259. - New convenience function (prototyped in utils.h): sodium_bin2hex().
  261. * Version 0.4.1
  262. - sodium_version_*() functions were not exported in version 0.4. They
  263. are now visible as intended.
  264. - sodium_init() now calls randombytes_stir().
  265. - optimized assembly version of salsa20 is now used on amd64.
  266. - further cleanups and enhanced compatibility with non-C99 compilers.
  268. * Version 0.4
  269. - Most constants and operations are now available as actual functions
  270. instead of macros, making it easier to use from other languages.
  271. - New operation: crypto_generichash, featuring a variable key size, a
  272. variable output size, and a streaming API. Currently implemented using
  273. Blake2b.
  274. - The package can be compiled in a separate directory.
  275. - aes128ctr functions are exported.
  276. - Optimized versions of curve25519 (curve25519_donna_c64), poly1305
  277. (poly1305_53) and ed25519 (ed25519_ref10) are available. Optionally calling
  278. sodium_init() once before using the library makes it pick the fastest
  279. implementation.
  280. - New convenience function: sodium_memzero() in order to securely
  281. wipe a memory area.
  282. - A whole bunch of cleanups and portability enhancements.
  283. - On Windows, a .REF file is generated along with the shared library,
  284. for use with Visual Studio. The installation path for these has become
  285. $prefix/bin as expected by MingW.
  287. * Version 0.3
  288. - The crypto_shorthash operation has been added, implemented using
  289. SipHash-2-4.
  291. * Version 0.2
  292. - crypto_sign_seed_keypair() has been added
  294. * Version 0.1
  295. - Initial release.