Releases: paragonie/sodium_compat
Version 2.1.0
What's Changed
- explicitly mark argument $alg as nullable by @xabbuh in #178
- define 2.0.x-dev as an alias for the master branch by @xabbuh in #179
- Optimize Curve25519 code by @paragonie-security in #181
- PHP 8.4 compat nits by @paragonie-security in #182
New Contributors
Full Changelog: v2.0.1...v2.1.0
Version 2.0.1
Read this blog post for context.
We pulled v2.0.0 to prevent v2.x from being installed on 32-bit systems.
What's Changed
New Contributors
Full Changelog: v2.0.0...v2.0.1
Version 1.21.1
What's Changed
- [v1] Use SensitiveParameter on public API by @paragonie-security in #176
Full Changelog: v1.21.0...v1.21.1
Version 1.21.0
Important - Please Read
While this is not the final v1.x release, we will be releasing a new major version soon. See the updated major version policy in our readme for specific guidance.
Beyond that, this is a bog standard feature release. It contains no security fixes, but additional features (including the AEGIS AEAD mode used by libsodium, expected to land in PHP 8.4).
What's Changed
- AEGIS Implementation by @paragonie-security in #167
- Support PHP 8.4 by @paragonie-security in #169
- Pre v1.21 fixes by @paragonie-security in #170
- New major version policy by @paragonie-security in #171
Full Changelog: v1.20.1...v1.21.0
Version 1.20.1
What's Changed
- GH Actions: update PHP versions in workflows by @jrfnl in #160
- XSalsa20Test: fix typo in
@covers
tag by @jrfnl in #164 - Update actions/checkout to v4 by @paragonie-security in #165
Full Changelog: v1.20.0...v1.20.1
Version 1.20.0
What's Changed
- #157 - Update Wycheproof tests, fix Poly1305 implementation in response to Wycheproof failure
Full Changelog: v1.19.0...v1.20.0
Poly1305 bug?
If you had a specific bit pattern in your Poly1305 key and ciphertext, you would generate an invalid authentication tag. This was caught by the ChaCha20-Poly1305 tests included in Project Wycheproof.
We don't believe this is a security issue because:
- Letting attackers control the key going into Poly1305 would defeat the security of this algorithm.
- Years of integration and compatibility testing with ext/sodium never encountered the conditions necessary to trigger the bug. (Specifically, a ciphertext of all bits set was one of the conditions necessary to trigger it.)
- The impact of triggering the bug is an incorrect authentication tag.
Additionally, if you turned fast multiplication on, you would have not triggered the bug at all.
This slows down our Poly1305 implementation slightly.
Version 1.19.0
- Breaking Changes for PHP 8: #152 - We fixed the parameter names for the public API for sodium_compat to conform to the Sodium extension
- If you weren't relying on the Named Parameters feature (which landed after sodium_compat was created), this doesn't affect you at all.
- Added missing
$ignore
parameter tosodium_hex2bin()
polyfill- Apparently we took that parameter at face value. Mea culpa.
- More unit testing
Version 1.18.1
Version 1.18.0
- Fixed issues with the PHP autoloader
- #144: Added
sodium_crypto_stream_xchacha20_xor_ic()
- See pull request for php-src
- For motivation: paragonie/halite#178
Version 1.17.1
- #140 Fix issues with 32-bit integers and floats on PHP 8.1
- Curve25519 field elements will now be normalized (overflow bits cleared unless numbers are negative) to prevent this float/int weirdness on PHP 8.1. This adds a very small performance hit on Curve25519 operations, but adds a guardrail against incorrect results.