All Versions
37
Latest Version
Avg Release Cycle
30 days
Latest Release
85 days ago

Changelog History
Page 1

  • v0.15.1

    March 09, 2020

    Date: March 9, 2020.

    🔄 Changelog:

    • ⚡️ Update base64 dependency from 0.11.0 to 0.12.0.
    • 📚 Documentation improvements.
  • v0.15.0

    February 25, 2020

    Date: February 25, 2020.

    🔄 Changelog:

    • [Breaking change] secure_cmp and all verification functions now return Result<(), UnknownCryptoError> instead of Result<bool, UnknownCryptoError> (#97).
    • [Breaking change] HChaCha20 is no longer public.
    • 0️⃣ [Breaking change] The default size of a randomly generated secret key in hazardous::hash::blake2b is now 32 bytes instead of 64 bytes (#88).
    • [Breaking change] orion::auth now uses BLAKE2b in keyed-mode as MAC (#88, by Vince Mutolo).
    • [Breaking change] The public API for structs used with incremental processing has been changed (#106 and #87).
    • 👍 [Breaking change] Support for Argon2i(single-threaded) has been added. This is now used in the orion::kdf and orion::pwhash modules (#113).
    • [Breaking change] chacha20::keystream_block is no longer available.
    • [Breaking change] Uses of (X)ChaCha20Poly1305 will return an error if a usize to u64 conversion would be lossy.
    • [Breaking change] orion is now no_std-compatible on stable Rust and the no_std and nightly features have been removed (#111).
    • libsodium-compatible, streaming AEAD based on XChaCha20Poly1305 (libsodiums "secretstream") (#99 and #108, by snsmac).
    • Switch to Criterion for benchmarks.
    • ➕ Add contribution guidelines in CONTRIBUTING.md.
    • 🚚 Move the changelog to a CHANGELOG.md file.
    • ➕ Add test vectors to XChaCha20.
    • 👌 Improvements to secure_cmp (#93, by snsmac)
    • ➕ Add explicit security warnings to #[must_use] public APIs that return a Result (#95, by Cole Lawrence)
    • ✅ Cleanup in the orion-dudect tests and add tests for newtype PartialEq<&[u8]> impl.
    • ✂ Remove hardcoded docs.rs links in the documentation (#100, by Kyle Schreiber).
    • Previously, the documentation for util::secure_rand_bytes stated that a panic would occur if the function failed to generate random bytes without throwing an error, which was not the case. This has been corrected.
    • ➕ Add Blake2b::verify to fuzzing targets.
    • 🏁 orion-dudect now also tests for constant-time execution in CI on OSX and Windows platforms.
    • ✅ Testing constant-time execution with WASM at orion-sidefuzz.
    • 🆕 New testing framework which has greatly reduced the amount of duplicate testing code (#96).
    • ✅ Document and test MSRV (#104).
    • orion is now listed as an alternative to the old rust-crypto crate on RustSec.
    • 👍 UnknownCryptoError now implements std::error::Error for better interoperability with error-handling crates.
    • ➕ Added new test vectors from Wycheproof for ChaCha20Poly1305, XChaCha20Poly1305, HMAC-SHA512 and HKDF-HMAC-SHA512 (#116).
    • 🏗 #![deny(warnings)] has been removed and replaced with flags in CI build jobs.
    • 🔒 GitHub actions are used for daily security audit for the crates-published branch. Travis CI runs only weekly on crates-published branch now (daily before).
    • ✂ Removed inlining attributes that did not provide any performance improvements when tested with benchmarks (commit).
    • 🐎 Various performance improvements.
    • Various improvements to fuzzing targets.
    • ✅ Various improvements to tests.
  • v0.14.5

    January 25, 2020

    Date: January 25, 2020.

    🔄 Changelog:

    • 🛠 Fix nightly build breakage.
  • v0.14.4

    August 21, 2019

    Date: August 21, 2019.

    🔄 Changelog:

    • ⬇️ Reduce the amount of allocations throughout most of orion.
    • 🐎 Vectorize the ChaCha20 implementation providing ~6% performance improvement for (X)ChaCha20Poly1305 and ~11.5% for (X)ChaCha20.
    • 📚 Documentation improvements.
  • v0.14.3

    July 31, 2019

    Date: August 1, 2019.

    🔄 Changelog:

    • 👌 Improved performance for ChaCha20Poly1305/XChaCha20Poly1305 when AAD is empty.
    • ♻️ Refactoring of streaming contexts used by SHA512, BLAKE2b and Poly1305.
    • 📚 Implement PartialEq<&[u8]> for all newtypes and provide documentation for usage of such (by Vince Mutolo).
    • Switched to stable rustfmt.
    • 🛠 Fix use of now deprecated (since v0.1.7) getrandom errors.
    • ⚡️ Updated fuzzing targets in orion-fuzz.
  • v0.14.2

    June 10, 2019

    Date: June 10, 2019.

    🔄 Changelog:

    • 👌 Improved performance on all implementations, most notably: ~30% in ChaCha20/XChaCha20 and ~20% in ChaCha20Poly1305/XChaCha20Poly1305.
    • ⚡️ Updated zeroize dependency.
    • ✅ Testing WebAssembly (wasm32-unknown-unknown) support in CI.
    • 👌 Improved documentation.
  • v0.14.1

    May 27, 2019

    Date: May 27, 2019.

    🔄 Changelog:

    • ⚡️ Update zeroize dependency.
    • 👌 Improvements to documentation.
  • v0.14.0

    May 04, 2019

    [Breaking change] Function as_bytes() for public newtypes are replaced with AsRef<> trait implementations. This means all as_bytes() calls need to be replaced with as_ref().

    [Breaking change] The SecretKey for BLAKE2b is longer padded with zeroes to the length of the blocksize. Thus, the SecretKey no longer has a get_original_length() function, but the same result will be represented by the get_length() function instead.

    [Breaking change] All calls to as_ref() and unprotected_as_bytes() return the newtypes data with what it was initialized, regardless of padding. (With the exception of HMAC)

    👻 [Breaking change] All calls to get_length() return the length of the newtype with what is what initialized, regardless of padding. (With the exception of HMAC)

    [Breaking change] All newtypes that offer generate() now panic if the RNG fails to initialize of read from its source. This also means that newtype generate() functions, that do not take in a size parameter, no longer return a Result.

    👀 [Breaking change] ValidationCryptoError and FinalizationCryptoError have been removed. Though this doesn't mean that there is less information available, see issue here.

    👍 [Breaking change] Support for cSHAKE256 has been dropped, also meaning orion no longer depends on tiny-keccak. 8% decrease in unsafe code in dependencies.

    🗄 All fuzzing targets in fuzz that used libFuzzer have been deprecated in favor of those in orion-fuzz using honggfuzz-rs.

    👌 Improvements to fuzzing targets in orion-fuzz.

    Automated testing in CI, for constant-time execution.

    ➕ Added From<[u8; C]> trait implementations for C-length fixed-sized newtypes, so that the caller may avoid using Result when not working with slices.

    👀 [Breaking change] Module hazardous::constants has been removed and all types made private. Only a select number of constants have been re-exported in their respective modules. See here for more information.

    🚀 It is now strictly advised agianst using orion in debug mode, for what is meant to be production use. Using opt-level = 0 with orion, is also advised against. See security section.

    rand_os has been replaced with getrandom.

    👌 Improvements to documentation examples as they no longer use .unwrap() but ? instead.

  • v0.13.4

    April 01, 2019

    Date: April 1, 2019.

    🔄 Changelog:

    • 🛠 Fix build for latest nightly.
  • v0.13.3

    March 31, 2019

    Date: March 31, 2019.

    🔄 Changelog:

    • ⚡️ Updated zeroize to 0.6.0.
    • ➕ Added a small number of tests.
    • 👌 Improvement to constant-time interfaces (#66).