- In addition to sodium_bin2hex(), sodium_hex2bin() is now a
constant-time function.
- crypto_stream_xsalsa20_ic() has been added.
- crypto_generichash_statebytes(), crypto_auth_*_statebytes() and
crypto_hash_*_statebytes() have been added in order to retrieve the
size of structures keeping states from foreign languages.
- crypto_box_seal() and crypto_box_seal_open() have been added.
- sodium_bin2hex() is now constant-time.
- crypto_secretbox_detached() now supports overlapping input and output
regions.
- NaCl's donna_c64 implementation of curve25519 was reading an extra byte
past the end of the buffer containing the base point. This has been
fixed.
and fixing a bug introduced in 0.5.0 (not updated in ports until post-5.5):
"when crypto_sign_open() was given a signed message too short to even
contain a signature, it was putting an unlimited amount of zeros into
the target buffer instead of immediately returning -1."
- sodium_mlock()/sodium_munlock() have been introduced to lock pages
in memory before storing sensitive data, and to zero them before
unlocking them.
- High-level wrappers for crypto_box and crypto_secretbox
(crypto_box_easy and crypto_secretbox_easy) can be used to avoid
dealing with the specific memory layout regular functions depend on.
- crypto_pwhash_scryptxsalsa208sha256* functions have been added
to derive a key from a password, and for password storage.
- Salsa20 and ed25519 implementations now support overlapping
inputs/keys/outputs (changes imported from supercop-20140505).
- The poly1305-53 implementation has been replaced with Floodyberry's
poly1305-donna32 and poly1305-donna64 implementations.
- sodium_hex2bin() has been added to complement sodium_bin2hex().
- On OpenBSD and Bitrig, arc4random() is used instead of reading
/dev/urandom.
- crypto_auth_hmac_sha512() has been implemented.
- sha256 and sha512 now have a streaming interface.
- hmacsha256, hmacsha512 and hmacsha512256 now support keys of
arbitrary length, and have a streaming interface.
- crypto_verify_64() has been implemented.
- CPU features are now detected at runtime.
NaCl (pronounced "salt") is a new easy-to-use high-speed software library
for network communication, encryption, decryption, signatures, etc.
NaCl's goal is to provide all of the core operations needed to build
higher-level cryptographic tools.
Sodium is a fork of NaCl with a compatible API. Unlike NaCl, Sodium
performs checks for hardware features at runtime instead of compile time,
making it suitable for packaging.
