1 2 * Version 1.0.16 3 - Signatures computations and verifications are now way faster on 4 64-bit platforms with compilers supporting 128-bit arithmetic (gcc, 5 clang, icc). This includes the WebAssembly target. 6 - New low-level APIs for computations over edwards25519: 7 `crypto_scalarmult_ed25519()`, `crypto_scalarmult_ed25519_base()`, 8 `crypto_core_ed25519_is_valid_point()`, `crypto_core_ed25519_add()`, 9 `crypto_core_ed25519_sub()` and `crypto_core_ed25519_from_uniform()` 10 (elligator representative to point). 11 - `crypto_sign_open()`, `crypto_sign_verify_detached() and 12 `crypto_sign_edwards25519sha512batch_open` now reject public keys in 13 non-canonical form in addition to low-order points. 14 - The library can be built with `ED25519_NONDETERMINISTIC` defined in 15 order to use synthetic nonces for EdDSA. This is disabled by default. 16 - Webassembly: `crypto_pwhash_*()` functions are now included in 17 non-sumo builds. 18 - `sodium_stackzero()` was added to wipe content off the stack. 19 - Android: support new SDKs where unified headers have become the 20 default. 21 - The Salsa20-based PRNG example is now thread-safe on platforms with 22 support for thread-local storage, optionally mixes bits from RDRAND. 23 - CMAKE: static library detection on Unix systems has been improved 24 (thanks to @BurningEnlightenment, @nibua-r, @mellery451) 25 - Argon2 and scrypt are slightly faster on Linux. 26 27 * Version 1.0.15 28 - The default password hashing algorithm is now Argon2id. The 29 `pwhash_str_verify()` function can still verify Argon2i hashes 30 without any changes, and `pwhash()` can still compute Argon2i hashes 31 as well. 32 - The aes128ctr primitive was removed. It was slow, non-standard, not 33 authenticated, and didn't seem to be used by any opensource project. 34 - Argon2id required at least 3 passes like Argon2i, despite a minimum 35 of `1` as defined by the `OPSLIMIT_MIN` constant. This has been fixed. 36 - The secretstream construction was slightly changed to be consistent 37 with forthcoming variants. 38 - The Javascript and Webassembly versions have been merged, and the 39 module now returns a `.ready` promise that will resolve after the 40 Webassembly code is loaded and compiled. 41 - Note that due to these incompatible changes, the library version 42 major was bumped up. 43 44 * Version 1.0.14 45 - iOS binaries should now be compatible with WatchOS and TVOS. 46 - WebAssembly is now officially supported. Special thanks to 47 @facekapow and @pepyakin who helped to make it happen. 48 - Internal consistency checks failing and primitives used with 49 dangerous/out-of-bounds/invalid parameters used to call abort(3). 50 Now, a custom handler *that doesn't return* can be set with the 51 `set_sodium_misuse()` function. It still aborts by default or if the 52 handler ever returns. This is not a replacement for non-fatal, 53 expected runtime errors. This handler will be only called in 54 unexpected situations due to potential bugs in the library or in 55 language bindings. 56 - `*_MESSAGEBYTES_MAX` macros (and the corresponding 57 `_messagebytes_max()` symbols) have been added to represent the 58 maximum message size that can be safely handled by a primitive. 59 Language bindings are encouraged to check user inputs against these 60 maximum lengths. 61 - The test suite has been extended to cover more edge cases. 62 - crypto_sign_ed25519_pk_to_curve25519() now rejects points that are 63 not on the curve, or not in the main subgroup. 64 - Further changes have been made to ensure that smart compilers will 65 not optimize out code that we don't want to be optimized. 66 - Visual Studio solutions are now included in distribution tarballs. 67 - The `sodium_runtime_has_*` symbols for CPU features detection are 68 now defined as weak symbols, i.e. they can be replaced with an 69 application-defined implementation. This can be useful to disable 70 AVX* when temperature/power consumption is a concern. 71 - `crypto_kx_*()` now aborts if called with no non-NULL pointers to 72 store keys to. 73 - SSE2 implementations of `crypto_verify_*()` have been added. 74 - Passwords can be hashed using a specific algorithm with the new 75 `crypto_pwhash_str_alg()` function. 76 - Due to popular demand, base64 encoding (`sodium_bin2base64()`) and 77 decoding (`sodium_base642bin()`) have been implemented. 78 - A new `crypto_secretstream_*()` API was added to safely encrypt files 79 and multi-part messages. 80 - The `sodium_pad()` and `sodium_unpad()` helper functions have been 81 added in order to add & remove padding. 82 - An AVX512 optimized implementation of Argon2 has been added (written 83 by Ondrej Mosnek, thanks!) 84 - The `crypto_pwhash_str_needs_rehash()` function was added to check if 85 a password hash string matches the given parameters, or if it needs an 86 update. 87 - The library can now be compiled with recent versions of 88 emscripten/binaryen that don't allow multiple variables declarations 89 using a single `var` statement. 90 91 * Version 1.0.13 92 - Javascript: the sumo builds now include all symbols. They were 93 previously limited to symbols defined in minimal builds. 94 - The public `crypto_pwhash_argon2i_MEMLIMIT_MAX` constant was 95 incorrectly defined on 32-bit platforms. This has been fixed. 96 - Version 1.0.12 didn't compile on OpenBSD/i386 using the base gcc 97 compiler. This has been fixed. 98 - The Android compilation scripts have been updated for NDK r14b. 99 - armv7s-optimized code was re-added to iOS builds. 100 - An AVX2 optimized implementation of the Argon2 round function was 101 added. 102 - The Argon2id variant of Argon2 has been implemented. The 103 high-level `crypto_pwhash_str_verify()` function automatically detects 104 the algorithm and can verify both Argon2i and Argon2id hashed passwords. 105 The default algorithm for newly hashed passwords remains Argon2i in 106 this version to avoid breaking compatibility with verifiers running 107 libsodium <= 1.0.12. 108 - A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was 109 implemented. 110 - scrypt was removed from minimal builds. 111 - libsodium is now available on NuGet. 112 113 * Version 1.0.12 114 - Ed25519ph was implemented, adding a multi-part signature API 115 (`crypto_sign_init()`, `crypto_sign_update()`, `crypto_sign_final_*()`). 116 - New constants and related accessors have been added for Scrypt and 117 Argon2. 118 - XChaCha20 has been implemented. Like XSalsa20, this construction 119 extends the ChaCha20 cipher to accept a 192-bit nonce. This makes it safe 120 to use ChaCha20 with random nonces. 121 - `crypto_secretbox`, `crypto_box` and `crypto_aead` now offer 122 variants leveraging XChaCha20. 123 - SHA-2 is about 20% faster, which also gives a speed boost to 124 signature and signature verification. 125 - AVX2 implementations of Salsa20 and ChaCha20 have been added. They 126 are twice as fast as the SSE2 implementations. The speed gain is 127 even more significant on Windows, that previously didn't use 128 vectorized implementations. 129 - New high-level API: `crypto_kdf`, to easily derive one or more 130 subkeys from a master key. 131 - Siphash with a 128-bit output has been implemented, and is 132 available as `crypto_shorthash_siphashx_*`. 133 - New `*_keygen()` helpers functions have been added to create secret 134 keys for all constructions. This improves code clarity and can prevent keys 135 from being partially initialized. 136 - A new `randombytes_buf_deterministic()` function was added to 137 deterministically fill a memory region with pseudorandom data. This 138 function can especially be useful to write reproducible tests. 139 - A preliminary `crypto_kx_*()` API was added to compute shared session 140 keys. 141 - AVX2 detection is more reliable. 142 - The pthreads library is not required any more when using MingW. 143 - `contrib/Findsodium.cmake` was added as an example to include 144 libsodium in a project using cmake. 145 - Compatibility with gcc 2.x has been restored. 146 - Minimal builds can be checked using `sodium_library_minimal()`. 147 - The `--enable-opt` compilation switch has become compatible with more 148 platforms. 149 - Android builds are now using clang on platforms where it is 150 available. 151 152 * Version 1.0.11 153 - `sodium_init()` is now thread-safe, and can be safely called multiple 154 times. 155 - Android binaries now properly support 64-bit Android, targeting 156 platform 24, but without breaking compatibility with platforms 16 and 157 21. 158 - Better support for old gcc versions. 159 - On FreeBSD, core dumps are disabled on regions allocated with 160 sodium allocation functions. 161 - AVX2 detection was fixed, resulting in faster Blake2b hashing on 162 platforms where it was not properly detected. 163 - The Sandy2x Curve25519 implementation was not as fast as expected 164 on some platforms. This has been fixed. 165 - The NativeClient target was improved. Most notably, it now supports 166 optimized implementations, and uses pepper_49 by default. 167 - The library can be compiled with recent Emscripten versions. 168 Changes have been made to produce smaller code, and the default heap 169 size was reduced in the standard version. 170 - The code can now be compiled on SLES11 service pack 4. 171 - Decryption functions can now accept a NULL pointer for the output. 172 This checks the MAC without writing the decrypted message. 173 - crypto_generichash_final() now returns -1 if called twice. 174 - Support for Visual Studio 2008 was improved. 175 176 * Version 1.0.10 177 - This release only fixes a compilation issue reported with some older 178 gcc versions. There are no functional changes over the previous release. 179 180 * Version 1.0.9 181 - The Javascript target now includes a `--sumo` option to include all 182 the symbols of the original C library. 183 - A detached API was added to the ChaCha20-Poly1305 and AES256-GCM 184 implementations. 185 - The Argon2i password hashing function was added, and is accessible 186 directly and through a new, high-level `crypto_pwhash` API. The scrypt 187 function remains available as well. 188 - A speed-record AVX2 implementation of BLAKE2b was added (thanks to 189 Samuel Neves). 190 - The library can now be compiled using C++Builder (thanks to @jcolli44) 191 - Countermeasures for Ed25519 signatures malleability have been added 192 to match the irtf-cfrg-eddsa draft (note that malleability is irrelevant to 193 the standard definition of signature security). Signatures with a small-order 194 `R` point are now also rejected. 195 - Some implementations are now slightly faster when using the Clang 196 compiler. 197 - The HChaCha20 core function was implemented (`crypto_core_hchacha20()`). 198 - No-op stubs were added for all AES256-GCM public functions even when 199 compiled on non-Intel platforms. 200 - `crypt_generichash_blake2b_statebytes()` was added. 201 - New macros were added for the IETF variant of the ChaCha20-Poly1305 202 construction. 203 - The library can now be compiled on Minix. 204 - HEASLR is now enabled on MinGW builds. 205 206 * Version 1.0.8 207 - Handle the case where the CPU supports AVX, but we are running 208 on an hypervisor with AVX disabled/not supported. 209 - Faster (2x) scalarmult_base() when using the ref10 implementation. 210 211 * Version 1.0.7 212 - More functions whose return value should be checked have been 213 tagged with `__attribute__ ((warn_unused_result))`: `crypto_box_easy()`, 214 `crypto_box_detached()`, `crypto_box_beforenm()`, `crypto_box()`, and 215 `crypto_scalarmult()`. 216 - Sandy2x, the fastest Curve25519 implementation ever, has been 217 merged in, and is automatically used on CPUs supporting the AVX 218 instructions set. 219 - An SSE2 optimized implementation of Poly1305 was added, and is 220 twice as fast as the portable one. 221 - An SSSE3 optimized implementation of ChaCha20 was added, and is 222 twice as fast as the portable one. 223 - Faster `sodium_increment()` for common nonce sizes. 224 - New helper functions have been added: `sodium_is_zero()` and 225 `sodium_add()`. 226 - `sodium_runtime_has_aesni()` now properly detects the CPU flag when 227 compiled using Visual Studio. 228 229 * Version 1.0.6 230 - Optimized implementations of Blake2 have been added for modern 231 Intel platforms. `crypto_generichash()` is now faster than MD5 and SHA1 232 implementations while being far more secure. 233 - Functions for which the return value should be checked have been 234 tagged with `__attribute__ ((warn_unused_result))`. This will 235 intentionally break code compiled with `-Werror` that didn't bother 236 checking critical return values. 237 - The `crypto_sign_edwards25519sha512batch_*()` functions have been 238 tagged as deprecated. 239 - Undocumented symbols that were exported, but were only useful for 240 internal purposes have been removed or made private: 241 `sodium_runtime_get_cpu_features()`, the implementation-specific 242 `crypto_onetimeauth_poly1305_donna()` symbols, 243 `crypto_onetimeauth_poly1305_set_implementation()`, 244 `crypto_onetimeauth_poly1305_implementation_name()` and 245 `crypto_onetimeauth_pick_best_implementation()`. 246 - `sodium_compare()` now works as documented, and compares numbers 247 in little-endian format instead of behaving like `memcmp()`. 248 - The previous changes should not break actual applications, but to be 249 safe, the library version major was incremented. 250 - `sodium_runtime_has_ssse3()` and `sodium_runtime_has_sse41()` have 251 been added. 252 - The library can now be compiled with the CompCert compiler. 253 254 * Version 1.0.5 255 - Compilation issues on some platforms were fixed: missing alignment 256 directives were added (required at least on RHEL-6/i386), a workaround 257 for a VRP bug on gcc/armv7 was added, and the library can now be compiled 258 with the SunPro compiler. 259 - Javascript target: io.js is not supported any more. Use nodejs. 260 261 * Version 1.0.4 262 - Support for AES256-GCM has been added. This requires 263 a CPU with the aesni and pclmul extensions, and is accessible via the 264 crypto_aead_aes256gcm_*() functions. 265 - The Javascript target doesn't use eval() any more, so that the 266 library can be used in Chrome packaged applications. 267 - QNX and CloudABI are now supported. 268 - Support for NaCl has finally been added. 269 - ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has 270 been implemented as crypto_stream_chacha20_ietf(), 271 crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic(). 272 An IETF-compatible version of ChaCha20Poly1305 is available as 273 crypto_aead_chacha20poly1305_ietf_npubbytes(), 274 crypto_aead_chacha20poly1305_ietf_encrypt() and 275 crypto_aead_chacha20poly1305_ietf_decrypt(). 276 - The sodium_increment() helper function has been added, to increment 277 an arbitrary large number (such as a nonce). 278 - The sodium_compare() helper function has been added, to compare 279 arbitrary large numbers (such as nonces, in order to prevent replay 280 attacks). 281 282 * Version 1.0.3 283 - In addition to sodium_bin2hex(), sodium_hex2bin() is now a 284 constant-time function. 285 - crypto_stream_xsalsa20_ic() has been added. 286 - crypto_generichash_statebytes(), crypto_auth_*_statebytes() and 287 crypto_hash_*_statebytes() have been added in order to retrieve the 288 size of structures keeping states from foreign languages. 289 - The JavaScript target doesn't require /dev/urandom or an external 290 randombytes() implementation any more. Other minor Emscripten-related 291 improvements have been made in order to support libsodium.js 292 - Custom randombytes implementations do not need to provide their own 293 implementation of randombytes_uniform() any more. randombytes_stir() 294 and randombytes_close() can also be NULL pointers if they are not 295 required. 296 - On Linux, getrandom(2) is being used instead of directly accessing 297 /dev/urandom, if the kernel supports this system call. 298 - crypto_box_seal() and crypto_box_seal_open() have been added. 299 - Visual Studio 2015 is now supported. 300 301 * Version 1.0.2 302 - The _easy and _detached APIs now support precalculated keys; 303 crypto_box_easy_afternm(), crypto_box_open_easy_afternm(), 304 crypto_box_detached_afternm() and crypto_box_open_detached_afternm() 305 have been added as an alternative to the NaCl interface. 306 - Memory allocation functions can now be used on operating systems with 307 no memory protection. 308 - crypto_sign_open() and crypto_sign_edwards25519sha512batch_open() 309 now accept a NULL pointer instead of a pointer to the message size, if 310 storing this information is not required. 311 - The close-on-exec flag is now set on the descriptor returned when 312 opening /dev/urandom. 313 - A libsodium-uninstalled.pc file to use pkg-config even when 314 libsodium is not installed, has been added. 315 - The iOS target now includes armv7s and arm64 optimized code, as well 316 as i386 and x86_64 code for the iOS simulator. 317 - sodium_free() can now be called on regions with PROT_NONE protection. 318 - The Javascript tests can run on Ubuntu, where the node binary was 319 renamed nodejs. io.js can also be used instead of node. 320 321 * Version 1.0.1 322 - DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid 323 collisions with similar macros defined by other libraries. 324 - sodium_bin2hex() is now constant-time. 325 - crypto_secretbox_detached() now supports overlapping input and output 326 regions. 327 - NaCl's donna_c64 implementation of curve25519 was reading an extra byte 328 past the end of the buffer containing the base point. This has been 329 fixed. 330 331 * Version 1.0.0 332 - The API and ABI are now stable. New features will be added, but 333 backward-compatibility is guaranteed through all the 1.x.y releases. 334 - crypto_sign() properly works with overlapping regions again. Thanks 335 to @pysiak for reporting this regression introduced in version 0.6.1. 336 - The test suite has been extended. 337 338 * Version 0.7.1 (1.0 RC2) 339 - This is the second release candidate of Sodium 1.0. Minor 340 compilation, readability and portability changes have been made and the 341 test suite was improved, but the API is the same as the previous release 342 candidate. 343 344 * Version 0.7.0 (1.0 RC1) 345 - Allocating memory to store sensitive data can now be done using 346 sodium_malloc() and sodium_allocarray(). These functions add guard 347 pages around the protected data to make it less likely to be 348 accessible in a heartbleed-like scenario. In addition, the protection 349 for memory regions allocated that way can be changed using 350 sodium_mprotect_noaccess(), sodium_mprotect_readonly() and 351 sodium_mprotect_readwrite(). 352 - ed25519 keys can be converted to curve25519 keys with 353 crypto_sign_ed25519_pk_to_curve25519() and 354 crypto_sign_ed25519_sk_to_curve25519(). This allows using the same 355 keys for signature and encryption. 356 - The seed and the public key can be extracted from an ed25519 key 357 using crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk(). 358 - aes256 was removed. A timing-attack resistant implementation might 359 be added later, but not before version 1.0 is tagged. 360 - The crypto_pwhash_scryptxsalsa208sha256_* compatibility layer was 361 removed. Use crypto_pwhash_scryptsalsa208sha256_*. 362 - The compatibility layer for implementation-specific functions was 363 removed. 364 - Compilation issues with Mingw64 on MSYS (not MSYS2) were fixed. 365 - crypto_pwhash_scryptsalsa208sha256_STRPREFIX was added: it contains 366 the prefix produced by crypto_pwhash_scryptsalsa208sha256_str() 367 368 * Version 0.6.1 369 - Important bug fix: when crypto_sign_open() was given a signed 370 message too short to even contain a signature, it was putting an 371 unlimited amount of zeros into the target buffer instead of 372 immediately returning -1. The bug was introduced in version 0.5.0. 373 - New API: crypto_sign_detached() and crypto_sign_verify_detached() 374 to produce and verify ed25519 signatures without having to duplicate 375 the message. 376 - New ./configure switch: --enable-minimal, to create a smaller 377 library, with only the functions required for the high-level API. 378 Mainly useful for the JavaScript target and embedded systems. 379 - All the symbols are now exported by the Emscripten build script. 380 - The pkg-config .pc file is now always installed even if the 381 pkg-config tool is not available during the installation. 382 383 * Version 0.6.0 384 - The ChaCha20 stream cipher has been added, as crypto_stream_chacha20_* 385 - The ChaCha20Poly1305 AEAD construction has been implemented, as 386 crypto_aead_chacha20poly1305_* 387 - The _easy API does not require any heap allocations any more and 388 does not have any overhead over the NaCl API. With the password 389 hashing function being an obvious exception, the library doesn't 390 allocate and will not allocate heap memory ever. 391 - crypto_box and crypto_secretbox have a new _detached API to store 392 the authentication tag and the encrypted message separately. 393 - crypto_pwhash_scryptxsalsa208sha256*() functions have been renamed 394 crypto_pwhash_scryptsalsa208sha256*(). 395 - The low-level crypto_pwhash_scryptsalsa208sha256_ll() function 396 allows setting individual parameters of the scrypt function. 397 - New macros and functions for recommended crypto_pwhash_* parameters 398 have been added. 399 - Similarly to crypto_sign_seed_keypair(), crypto_box_seed_keypair() 400 has been introduced to deterministically generate a key pair from a seed. 401 - crypto_onetimeauth() now provides a streaming interface. 402 - crypto_stream_chacha20_xor_ic() and crypto_stream_salsa20_xor_ic() 403 have been added to use a non-zero initial block counter. 404 - On Windows, CryptGenRandom() was replaced by RtlGenRandom(), which 405 doesn't require the Crypt API. 406 - The high bit in curve25519 is masked instead of processing the key as 407 a 256-bit value. 408 - The curve25519 ref implementation was replaced by the latest ref10 409 implementation from Supercop. 410 - sodium_mlock() now prevents memory from being included in coredumps 411 on Linux 3.4+ 412 413 * Version 0.5.0 414 - sodium_mlock()/sodium_munlock() have been introduced to lock pages 415 in memory before storing sensitive data, and to zero them before 416 unlocking them. 417 - High-level wrappers for crypto_box and crypto_secretbox 418 (crypto_box_easy and crypto_secretbox_easy) can be used to avoid 419 dealing with the specific memory layout regular functions depend on. 420 - crypto_pwhash_scryptsalsa208sha256* functions have been added 421 to derive a key from a password, and for password storage. 422 - Salsa20 and ed25519 implementations now support overlapping 423 inputs/keys/outputs (changes imported from supercop-20140505). 424 - New build scripts for Visual Studio, Emscripten, different Android 425 architectures and msys2 are available. 426 - The poly1305-53 implementation has been replaced with Floodyberry's 427 poly1305-donna32 and poly1305-donna64 implementations. 428 - sodium_hex2bin() has been added to complement sodium_bin2hex(). 429 - On OpenBSD and Bitrig, arc4random() is used instead of reading 430 /dev/urandom. 431 - crypto_auth_hmac_sha512() has been implemented. 432 - sha256 and sha512 now have a streaming interface. 433 - hmacsha256, hmacsha512 and hmacsha512256 now support keys of 434 arbitrary length, and have a streaming interface. 435 - crypto_verify_64() has been implemented. 436 - first-class Visual Studio build system, thanks to @evoskuil 437 - CPU features are now detected at runtime. 438 439 * Version 0.4.5 440 - Restore compatibility with OSX <= 10.6 441 442 * Version 0.4.4 443 - Visual Studio is officially supported (VC 2010 & VC 2013) 444 - mingw64 is now supported 445 - big-endian architectures are now supported as well 446 - The donna_c64 implementation of curve25519_donna_c64 now handles 447 non-canonical points like the ref implementation 448 - Missing scalarmult_curve25519 and stream_salsa20 constants are now exported 449 - A crypto_onetimeauth_poly1305_ref() wrapper has been added 450 451 * Version 0.4.3 452 - crypto_sign_seedbytes() and crypto_sign_SEEDBYTES were added. 453 - crypto_onetimeauth_poly1305_implementation_name() was added. 454 - poly1305-ref has been replaced by a faster implementation, 455 Floodyberry's poly1305-donna-unrolled. 456 - Stackmarkings have been added to assembly code, for Hardened Gentoo. 457 - pkg-config can now be used in order to retrieve compilations flags for 458 using libsodium. 459 - crypto_stream_aes256estream_*() can now deal with unaligned input 460 on platforms that require word alignment. 461 - portability improvements. 462 463 * Version 0.4.2 464 - All NaCl constants are now also exposed as functions. 465 - The Android and iOS cross-compilation script have been improved. 466 - libsodium can now be cross-compiled to Windows from Linux. 467 - libsodium can now be compiled with emscripten. 468 - New convenience function (prototyped in utils.h): sodium_bin2hex(). 469 470 * Version 0.4.1 471 - sodium_version_*() functions were not exported in version 0.4. They 472 are now visible as intended. 473 - sodium_init() now calls randombytes_stir(). 474 - optimized assembly version of salsa20 is now used on amd64. 475 - further cleanups and enhanced compatibility with non-C99 compilers. 476 477 * Version 0.4 478 - Most constants and operations are now available as actual functions 479 instead of macros, making it easier to use from other languages. 480 - New operation: crypto_generichash, featuring a variable key size, a 481 variable output size, and a streaming API. Currently implemented using 482 Blake2b. 483 - The package can be compiled in a separate directory. 484 - aes128ctr functions are exported. 485 - Optimized versions of curve25519 (curve25519_donna_c64), poly1305 486 (poly1305_53) and ed25519 (ed25519_ref10) are available. Optionally calling 487 sodium_init() once before using the library makes it pick the fastest 488 implementation. 489 - New convenience function: sodium_memzero() in order to securely 490 wipe a memory area. 491 - A whole bunch of cleanups and portability enhancements. 492 - On Windows, a .REF file is generated along with the shared library, 493 for use with Visual Studio. The installation path for these has become 494 $prefix/bin as expected by MingW. 495 496 * Version 0.3 497 - The crypto_shorthash operation has been added, implemented using 498 SipHash-2-4. 499 500 * Version 0.2 501 - crypto_sign_seed_keypair() has been added 502 503 * Version 0.1 504 - Initial release. 505 506
Indexes created Wed Oct 01 19:09:53 GMT 2025