Version 1.0.21

Breaking Changes

• crypto_core_ed25519_is_valid_point() now properly rejects small-order points outside the main subgroup — verify your Ed25519 validation logic if you rely on the old behavior

Security Fixes

• Fixed crypto_core_ed25519_is_valid_point() to reject invalid points
• Added memory fences after AEAD MAC verification to prevent speculative plaintext access...

v1.0.20

Breaking Changes

• zig build now requires Zig 0.12

Features

• crypto_kdf_hkdf_sha512_statebytes() added
• .NET packages now include precompiled libraries for Windows/arm64, iOS, tvOS, and Catalyst
• Emscripten: crypto_aead_aegis*() functions exported in JavaScript builds
• GitHub attestation build provenance added to NuGet packages

Fixes

• C++ guards no longer break...

This release includes all the changes from 1.0.18-stable, as well as two additions:

• New AEADs: AEGIS-128L and AEGIS-256 are now available in the crypto_aead_aegis128l_*() and crypto_aead_aegis256_*() namespaces. AEGIS is a family of authenticated ciphers for high-performance applications, leveraging hardware AES acceleration on x86_64 and aarch64. In addition to performance, AEGIS...

• Enterprise versions of Visual Studio are now supported.
• Visual Studio 2019 is now supported.
• 32-bit binaries for Visual Studio 2010 are now provided.
• A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been removed in order to fix Ansible builds.
• Emscripten: print and printErr functions are overridden to send err...

• Signatures computations and verifications are now way faster on 64-bit platforms with compilers supporting 128-bit arithmetic (gcc, clang, icc). This includes the WebAssembly target.
• New low-level APIs for computations over edwards25519: crypto_scalarmult_ed25519(), crypto_scalarmult_ed25519_base(), crypto_core_ed25519_is_valid_point(), crypto_core_ed25519_add(), `crypto_core_ed2551...