orion v0.15.0 Release Notes
Release Date: 2020-02-25 // about 4 years ago-
Date: February 25, 2020.
๐ Changelog:
- [Breaking change]
secure_cmp
and all verification functions now returnResult<(), UnknownCryptoError>
instead ofResult<bool, UnknownCryptoError>
(#97). - [Breaking change] HChaCha20 is no longer public.
- 0๏ธโฃ [Breaking change] The default size of a randomly generated secret key in
hazardous::hash::blake2b
is now 32 bytes instead of 64 bytes (#88). - [Breaking change]
orion::auth
now uses BLAKE2b in keyed-mode as MAC (#88, by Vince Mutolo). - [Breaking change] The public API for structs used with incremental processing has been changed (#106 and #87).
- ๐ [Breaking change] Support for Argon2i(single-threaded) has been added. This is now used in the
orion::kdf
andorion::pwhash
modules (#113). - [Breaking change]
chacha20::keystream_block
is no longer available. - [Breaking change] Uses of (X)ChaCha20Poly1305 will return an error if a
usize
tou64
conversion would be lossy. - [Breaking change] orion is now
no_std
-compatible on stable Rust and theno_std
andnightly
features have been removed (#111). - libsodium-compatible, streaming AEAD based on XChaCha20Poly1305 (libsodiums "secretstream") (#99 and #108, by snsmac).
- Switch to Criterion for benchmarks.
- โ Add contribution guidelines in
CONTRIBUTING.md
. - ๐ Move the changelog to a
CHANGELOG.md
file. - โ Add test vectors to XChaCha20.
- ๐ Improvements to
secure_cmp
(#93, by snsmac) - โ Add explicit security warnings to
#[must_use]
public APIs that return aResult
(#95, by Cole Lawrence) - โ
Cleanup in the orion-dudect tests and add tests for newtype
PartialEq<&[u8]>
impl. - โ Remove hardcoded docs.rs links in the documentation (#100, by Kyle Schreiber).
- Previously, the documentation for
util::secure_rand_bytes
stated that a panic would occur if the function failed to generate random bytes without throwing an error, which was not the case. This has been corrected. - โ Add
Blake2b::verify
to fuzzing targets. - ๐ orion-dudect now also tests for constant-time execution in CI on OSX and Windows platforms.
- โ Testing constant-time execution with WASM at orion-sidefuzz.
- ๐ New testing framework which has greatly reduced the amount of duplicate testing code (#96).
- โ Document and test MSRV (#104).
- orion is now listed as an alternative to the old
rust-crypto
crate on RustSec. - ๐
UnknownCryptoError
now implementsstd::error::Error
for better interoperability with error-handling crates. - โ Added new test vectors from Wycheproof for ChaCha20Poly1305, XChaCha20Poly1305, HMAC-SHA512 and HKDF-HMAC-SHA512 (#116).
- ๐
#![deny(warnings)]
has been removed and replaced with flags in CI build jobs. - ๐ GitHub actions are used for daily security audit for the
crates-published
branch. Travis CI runs only weekly oncrates-published
branch now (daily before). - โ Removed inlining attributes that did not provide any performance improvements when tested with benchmarks (commit).
- ๐ Various performance improvements.
- Various improvements to fuzzing targets.
- โ Various improvements to tests.
- [Breaking change]