libsodium 1.0.20 (forwarded request 1176876 from AndreasStieger)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 1.0.16
  * Signatures computations and verifications are now way faster
    on 64-bit platforms with compilers supporting 128-bit
    arithmetic (gcc, clang, icc). This includes the WebAssembly
    target.
  * New low-level APIs for computations over edwards25519:
    crypto_scalarmult_ed25519(), crypto_scalarmult_ed25519_base(),
    crypto_core_ed25519_is_valid_point(), crypto_core_ed25519_add(),
    crypto_core_ed25519_sub() and crypto_core_ed25519_from_uniform()
    (elligator representative to point).
  * crypto_sign_open(), crypto_sign_verify_detached() and
    crypto_sign_edwards25519sha512batch_open` now reject public
    keys in non-canonical form in addition to low-order points.
  * The library can be built with ED25519_NONDETERMINISTIC defined
    in order to use synthetic nonces for EdDSA. This is disabled
    by default.
  * sodium_stackzero() was added to wipe content off the stack.
  * The Salsa20-based PRNG example is now thread-safe on platforms
    with support for thread-local storage, optionally mixes bits
    from RDRAND.
  * Argon2 and scrypt are slightly faster on Linux.

• Files Changed
• Browse Source

1

• Files Changed
• Browse Source

- Update to version 1.0.14
  * Internal consistency checks failing and primitives used with
    dangerous/out-of-bounds/invalid parameters used to call abort(3).
    Now, a custom handler that doesn't return can be set with the
    set_sodium_misuse() function. It still aborts by default or if
    the handler ever returns. This is not a replacement for non-fatal,
    expected runtime errors. This handler will be only called in
    unexpected situations due to potential bugs in the library or in
    language bindings.
  * *_MESSAGEBYTES_MAX macros (and the corresponding _messagebytes_max()
    symbols) have been added to represent the maximum message size that
    can be safely handled by a primitive. Language bindings are
    encouraged to check user inputs against these maximum lengths.
  * The test suite has been extended to cover more edge cases.
  * crypto_sign_ed25519_pk_to_curve25519() now rejects points that
    are not on the curve, or not in the main subgroup.
  * Further changes have been made to ensure that smart compilers
    will not optimize out code that we don't want to be optimized.
  * The sodium_runtime_has_* symbols for CPU features detection are
    now defined as weak symbols, i.e. they can be replaced with an
    application-defined implementation. This can be useful to
    disable AVX* when temperature/power consumption is a concern.
  * crypto_kx_*() now aborts if called with no non-NULL pointers
    to store keys to.
  * SSE2 implementations of crypto_verify_*() have been added.
  * Passwords can be hashed using a specific algorithm with the new
    crypto_pwhash_str_alg() function.
  * Due to popular demand, base64 encoding (sodium_bin2base64())
    and decoding (sodium_base642bin()) have been implemented.
  * A new crypto_secretstream_*() API was added to safely encrypt

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

1

• Files Changed
• Browse Source

- Update to version 1.0.10
  * Compile fix update for older GCCs

• Files Changed
• Browse Source

- Update to version 1.0.9
  * A detached API was added to the ChaCha20-Poly1305 and AES256-GCM
    implementations.
  * The Argon2i password hashing function was added, and is accessible
    directly and through a new, high-level crypto_pwhash API.
    The scrypt function remains available as well.
  * A speed-record AVX2 implementation of BLAKE2b was added.
  * Countermeasures for Ed25519 signatures malleability have been
    added to match the irtf-cfrg-eddsa draft.
  * The HChaCha20 core function was implemented (crypto_core_hchacha20()).
  * No-op stubs were added for all AES256-GCM public functions even
    when compiled on non-Intel platforms.
  * crypt_generichash_blake2b_statebytes() was added.
  * New macros were added for the IETF variant of the ChaCha20-Poly1305
    construction.

• Files Changed
• Browse Source

- Update to version 1.0.8
  * Handle the case where the CPU supports AVX, but we are running
    on an hypervisor with AVX disabled/not supported.
  * Faster (2x) scalarmult_base() when using the ref10 implementation.

• Files Changed
• Browse Source

- Update to version 1.0.7
  * Sandy2x, the fastest Curve25519 implementation ever,
    has been merged in, and is automatically used on CPUs
    supporting the AVX instructions set.
  * An SSE2 optimized implementation of Poly1305 was added,
    and is twice as fast as the portable one.
  * An SSSE3 optimized implementation of ChaCha20 was added,
    and is twice as fast as the portable one.
  * Faster sodium_increment() for common nonce sizes.
  * New helper functions have been added: sodium_is_zero()
    and sodium_add().

- Follow upstream's lead and compile with -flto for > 13.2 on x86
  and x86-64.

• Files Changed
• Browse Source

- Update to 1.0.6
  * Optimized implementations of Blake2 have been added for modern
    Intel platforms. crypto_generichash() is now faster than MD5 and 
    SHA1 implementations while being far more secure.
  * The crypto_sign_edwards25519sha512batch_*() functions have been
    tagged as deprecated.
  * sodium_compare() now works as documented, and compares numbers
    in little-endian format instead of behaving like memcmp().
  * sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have
    been added.

• Files Changed
• Browse Source

- Now that gcc 5.2 is available on TW, remove the ARMv7 workaround.

• Files Changed
• Browse Source

- Update to 1.0.4
  * Support for AES256-GCM has been added. This requires a CPU with
    the aesni and pclmul extensions, and is accessible via the
    crypto_aead_aes256gcm_*() functions.
  * ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
    been implemented as crypto_stream_chacha20_ietf(),
    crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic().
    An IETF-compatible version of ChaCha20Poly1305 is available as
    crypto_aead_chacha20poly1305_ietf_npubbytes(), 
    crypto_aead_chacha20poly1305_ietf_encrypt() and
    crypto_aead_chacha20poly1305_ietf_decrypt().
  * The sodium_increment() helper function has been added, to increment
    an arbitrary large number (such as a nonce).
  * The sodium_compare() helper function has been added, to compare
    arbitrary large numbers (such as nonces, in order to prevent replay attacks).

• Files Changed
• Browse Source

1

• Files Changed
• Browse Source

- Update to version 1.0.2
  * The _easy and _detached APIs now support precalculated keys
  * sodium_free() can now be called on regions with PROT_NONE
    protection.
  * Memory allocation functions can now be used on operating systems
    with no memory protection.

• Files Changed
• Browse Source