and
.Fn crypto_unlock_aead
were introduced in Monocypher 1.1.0.
+In Monocypher 2.0.0, the underlying algorithms for these functions were
+changed from a custom XChacha20/Poly1305 construction to an
+implementation of RFC 7539 (now RFC 8439) with XChacha20 instead of
+Chacha20.
+The
+.Fn crypto_lock_encrypt
+and
+.Fn crypto_lock_auth
+functions were removed in Monocypher 2.0.0.
and
.Fn crypto_unlock_final
functions first appeared in Monocypher 1.1.0.
+.Fn crypto_lock_aead_auth
+and
+.Fn crypto_unlock_aead_auth
+were renamed to
+.Fn crypto_lock_auth_ad
+and
+.Fn crypto_unlock_auth_ad
+respectively in Monocypher 2.0.0.
.Sh SECURITY CONSIDERATIONS
Messages are not verified until the call to
.Fn crypto_unlock_final .
and
.Fn crypto_sign_public_key
functions appeared in Monocypher 0.2.
+.Pp
+.Sy A critical security vulnerability
+that caused all-zero signatures to be accepted was introduced in
+Monocypher 0.3;
+it was fixed in Monocypher 1.1.1 and 2.0.4.
.Sh SECURITY CONSIDERATIONS
.Ss Signature malleability
EdDSA signatures are not unique like cryptographic hashes.
and
.Fn crypto_check_final
functions first appeared in Monocypher 1.1.0.
+.Pp
+.Sy A critical security vulnerability
+that caused all-zero signatures to be accepted was introduced in
+Monocypher 0.3;
+it was fixed in Monocypher 1.1.1 and 2.0.4.
.Sh SECURITY CONSIDERATIONS
Messages are not verified until the call to
.Fn crypto_check_final .
projects / Monocypher.git / commitdiff