From: Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Date: Wed, 3 Apr 2019 17:06:23 +0000 (+0200)
Subject: manual: Address HISTORY review concerns
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=1c7f6c93955e3d5ba3ff4ee440a39d8f78381e20;p=Monocypher.git

manual: Address HISTORY review concerns
---

diff --git a/doc/man/man3/crypto_lock.3monocypher b/doc/man/man3/crypto_lock.3monocypher
index 54fda1c..d9cff2f 100644
--- a/doc/man/man3/crypto_lock.3monocypher
+++ b/doc/man/man3/crypto_lock.3monocypher
@@ -259,3 +259,12 @@ functions first appeared in Monocypher 0.1.
 and
 .Fn crypto_unlock_aead
 were introduced in Monocypher 1.1.0.
+In Monocypher 2.0.0, the underlying algorithms for these functions were
+changed from a custom XChacha20/Poly1305 construction to an
+implementation of RFC 7539 (now RFC 8439) with XChacha20 instead of
+Chacha20.
+The
+.Fn crypto_lock_encrypt
+and
+.Fn crypto_lock_auth
+functions were removed in Monocypher 2.0.0.
diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher
index 68d52d3..e6c841c 100644
--- a/doc/man/man3/crypto_lock_init.3monocypher
+++ b/doc/man/man3/crypto_lock_init.3monocypher
@@ -287,6 +287,14 @@ The
 and
 .Fn crypto_unlock_final
 functions first appeared in Monocypher 1.1.0.
+.Fn crypto_lock_aead_auth
+and
+.Fn crypto_unlock_aead_auth
+were renamed to
+.Fn crypto_lock_auth_ad
+and
+.Fn crypto_unlock_auth_ad
+respectively in Monocypher 2.0.0.
 .Sh SECURITY CONSIDERATIONS
 Messages are not verified until the call to
 .Fn crypto_unlock_final .
diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher
index aa11ff1..2ca4e62 100644
--- a/doc/man/man3/crypto_sign.3monocypher
+++ b/doc/man/man3/crypto_sign.3monocypher
@@ -145,6 +145,11 @@ The
 and
 .Fn crypto_sign_public_key
 functions appeared in Monocypher 0.2.
+.Pp
+.Sy A critical security vulnerability
+that caused all-zero signatures to be accepted was introduced in
+Monocypher 0.3;
+it was fixed in Monocypher 1.1.1 and 2.0.4.
 .Sh SECURITY CONSIDERATIONS
 .Ss Signature malleability
 EdDSA signatures are not unique like cryptographic hashes.
diff --git a/doc/man/man3/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
index ec5eb99..e744e87 100644
--- a/doc/man/man3/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
@@ -175,6 +175,11 @@ The
 and
 .Fn crypto_check_final
 functions first appeared in Monocypher 1.1.0.
+.Pp
+.Sy A critical security vulnerability
+that caused all-zero signatures to be accepted was introduced in
+Monocypher 0.3;
+it was fixed in Monocypher 1.1.1 and 2.0.4.
 .Sh SECURITY CONSIDERATIONS
 Messages are not verified until the call to
 .Fn crypto_check_final .