orion v0.14.0 Release Notes
Release Date: 2019-05-04 // almost 5 years ago-
[Breaking change] Function
as_bytes()
for public newtypes are replaced withAsRef<>
trait implementations. This means allas_bytes()
calls need to be replaced withas_ref()
.[Breaking change] The
SecretKey
for BLAKE2b is longer padded with zeroes to the length of the blocksize. Thus, theSecretKey
no longer has aget_original_length()
function, but the same result will be represented by theget_length()
function instead.[Breaking change] All calls to
as_ref()
andunprotected_as_bytes()
return the newtypes data with what it was initialized, regardless of padding. (With the exception of HMAC)๐ป [Breaking change] All calls to
get_length()
return the length of the newtype with what is what initialized, regardless of padding. (With the exception of HMAC)[Breaking change] All newtypes that offer
generate()
now panic if the RNG fails to initialize of read from its source. This also means that newtypegenerate()
functions, that do not take in a size parameter, no longer return aResult
.๐ [Breaking change]
ValidationCryptoError
andFinalizationCryptoError
have been removed. Though this doesn't mean that there is less information available, see issue here.๐ [Breaking change] Support for cSHAKE256 has been dropped, also meaning orion no longer depends on tiny-keccak. 8% decrease in
unsafe
code in dependencies.๐ All fuzzing targets in
fuzz
that used libFuzzer have been deprecated in favor of those in orion-fuzz using honggfuzz-rs.๐ Improvements to fuzzing targets in orion-fuzz.
โ Automated testing in CI, for constant-time execution.
โ Added
From<[u8; C]>
trait implementations for C-length fixed-sized newtypes, so that the caller may avoid usingResult
when not working with slices.๐ [Breaking change] Module
hazardous::constants
has been removed and all types made private. Only a select number of constants have been re-exported in their respective modules. See here for more information.๐ It is now strictly advised agianst using orion in debug mode, for what is meant to be production use. Using
opt-level = 0
with orion, is also advised against. See security section.rand_os
has been replaced withgetrandom
.๐ Improvements to documentation examples as they no longer use
.unwrap()
but?
instead.