1.0.19
jedisct1
released this
13 Sep 13:53
·
929 commits
to master
since this release
This release includes all the changes from 1.0.18-stable
, as well as two additions:
- New AEADs: AEGIS-128L and AEGIS-256 are now available in the
crypto_aead_aegis128l_*()
andcrypto_aead_aegis256_*()
namespaces. AEGIS is a family of authenticated ciphers for high-performance applications, leveraging hardware AES acceleration onx86_64
andaarch64
. In addition to performance, AEGIS ciphers have unique properties making them easier and safer to use than AES-GCM. They can also be used as high-performance MACs. - The HKDF key derivation mechanism, required by many standard protocols, is now available in the
crypto_kdf_hkdf_*()
namespace. It is implemented for the SHA-256 and SHA-512 hash functions. - The
osx.sh
build script was renamed tomacos.sh
. - Support for android-mips was removed.
From 1.0.18-stable:
- Visual Studio: support for Windows/ARM64 builds has been added.
- Visual Studio: AVX512 implementations are enabled on supported CPUs.
- Visual Studio: an MSVC 2022 solution was added.
- Apple XCFramework: support for VisionOS was added.
- Apple XCFranework: support for Catalyst was added.
- Apple XCFramework: building the simulators is now optional.
- iOS: bitcode is not generated any more, as it was deprecated by Apple.
- watchOS: support for arm64 was added.
- The Zig toolchain can now be used as a modern build system to replace autoconf/automake/libtool/make/ccache and the compiler. This enables faster compilation times, easier cross compilation, and static libraries optimized for any CPU.
- The Zig toolchain is now the recommended way to compile
libsodium
to WebAssembly/WASI(X). - libsodium can now be added as a dependency to Zig projects.
- Memory fences were added to remove some gadgets that could be used alongside speculative loads.
- The AES-GCM implementation was completely rewritten. It is now faster, and also available on aarch64, including Windows/ARM64.
- Compatibility with CET instrumentation / IBT / Shadow Stack was added.
- Emscripten: the
crypto_pwhash_*()
functions have been removed from Sumo builds, as they reserve a substantial amount of JavaScript memory, even when not used. - Benchmarks now use
CLOCK_MONOTONIC
if possible. - WebAssembly: tests can now run using Bun, WasmEdge, Wazero, wasm3 and wasmer-js. Support for WAVM and Lucet have been removed, as these projects have reached EOL.
- .NET: the minimum supported macOS version is now 1.0.15; this matches Microsoft guidelines.
- .NET: all the packages are now built using Zig, on all platforms. This allows us to easily match Microsoft's requirements, including supported glibc versions. However, on x86_64, targets are expected to support at least the AVX instruction set.
- .NET: packages for ARM64 are now available.
- C23
memset_explicit()
is now used, when available. - Compilation now uses
-Ofast
or-O3
instead of-O2
by default. - Portability improvements to help compile libsodium to modern game consoles.
- JavaScript: a default
unhandledRejection
handler is not set any more. - Slightly faster 25519 operations.
- OpenBSD: leverage
MAP_CONCEAL
.