Releases: mcginty/snow
v0.10.0-alpha.1
v0.10.0-alpha.1
This change brings in some very welcome additions: no_std support, finally, and unofficial support for the P-256 curve.
New
- Add support for NIST P-256 curve by @AlfioEmanueleFresta in #185
no_stdsupport withallocby @jmlepisto #183
Improvements
- Update dead docs link for forming NoiseParams strings by @thombles in #129
- Fix documentation reference to parameters in examples/simple.rs by @okdistribute in #113
- Update various links by @robyoder in #151
- Fix nonce incrementing in stateful transport to match the specification by @complexspaces in #152
- s/Ed448/Curve448/ by @dconnolly in #155
- curve25519_dalek 4 by @kayabaNerve in #161
- Bump aes-gcm and chacha20poly1305 by @kayabaNerve in #166
- Simplify example code by @BlackHoleFox in #175
- added example for oneway pattern Xpsk1 by @bluen in #186
Migrating from 0.9
This should be a zero-diff change for most users of Snow, but there are small semver incompatibilities.
DHChoice::Ed448has been renamed toDHChoice::Curve448- Multiple new error enum variants have been added.
New Contributors
- @thombles made their first contribution in #129
- @okdistribute made their first contribution in #113
- @robyoder made their first contribution in #151
- @complexspaces made their first contribution in #152
- @dconnolly made their first contribution in #155
- @kayabaNerve made their first contribution in #161
- @AlfioEmanueleFresta made their first contribution in #185
- @bluen made their first contribution in #186
- @jmlepisto made their first contribution in #183
Full Changelog: v0.9.0...v0.10.0-alpha.1
Contributors
Assets 2
v0.9.6
- Validate invalid PSK positions when building a Noise protocol.
- Raise errors in various typos/mistakes in Noise patterns when parsing.
- Deprecate the
sodiumoxidebackend, as that crate is no longer maintained. We may eventually migrate it to a maintaned version of the crate, but for now it's best to warn users. - Set a hard limit in
read_message()in transport mode to 65535 to be fully compliant with the Noise specification.
Full Changelog: v0.9.5...v0.9.6
v0.9.5
This is a security release that fixes a logic flaw in decryption in TransportState (i.e. the stateful one), where the nonce could increase even when decryption failed, which can cause a desync between the sender and receiver, opening this up as a denial of service vector if the attacker has the ability to inject packets in the channel Noise is talking over.
More details can be found in the advisory: GHSA-7g9j-g5jg-3vv3
All users are encouraged to update.
v0.9.4
v0.9.3
v0.9.2
This is a patch release to address a correctness issue for compliance with the Noise specification: the nonce CipherState and StatelessCipherState did not check that, instead just making sure that there was no integer overflow.
Thanks to @kjvalencik for reporting the issue and @complexspaces for contributing the fix PR (#152).
Thanks to @robyoder as well for fixing broken links and making sure all links were HTTPS (#151).
Full Changelog: v0.9.1...v0.9.2
Contributors
Assets 2
v0.9.1
This is a patch release to fix build breakages due to not pinning curve25519-dalek to a specific pre-release version.
Thanks to @Kofituo and @thomaseizinger for bringing it to attention and @tarcieri for the fix PR (#148).
Contributors
Assets 2
v0.9.0
This is a maintenance release, with the exception of some minor function signature changes where snow::Error is now the error type instead of ().
Changes
- Updated all dependencies to latest
- Cleaner error handling with fewer unwraps, thanks to @BlackHoleFox
- Reduced number of dependencies for the crate by using
curve25519-dalekdirectly and no longer depending onrand.
Full Changelog: v0.8.1...v0.9.0