Releases: dchest/tweetnacl-js
Important security fix
IMPORTANT BUG FIX. Due to a bug in calculating carry in
modulo reduction that used bit operations on integers larger than
32 bits, nacl.sign or nacl.sign.detached could have created
incorrect signatures.
This only affects signing, not verification.
Thanks to @valerini on GitHub for finding and reporting the bug.
v1.0.2
v1.0.1
v1.0.0
🗝 🎉 🔐
Changes since v1.0.0-rc.1
No code changes
Changes since v0.14.5:
-
IMPORTANT! In previous versions,
nacl.secretbox.open,nacl.box.open, andnacl.box.afterreturnedfalsewhen opening failed (for example, when using incorrect key, nonce, or when input was maliciously or accidentally modified after encryption). This version instead returnsnull.The usual way to check for this condition:
if (!result) { ... }is correct and will continue to work.
However, direct comparison with
false:if (result == false) { ... }it will no longer work and will not detect failure. Please check your code for this condition.
(
nacl.sign.openalways returnednull, so it is not affected.) -
Arguments type check now uses
instanceof Uint8Arrayinstead ofObject.prototype.toString. -
Removed deprecation checks for
nacl.util(moved to a
separate package in v0.14.0). -
Removed deprecation checks for the old signature API (changed in v0.10.0).
-
Improved benchmarking.
v1.0.0-rc.1 (release candidate)
dchest
Dmitry Chestnykh
-
IMPORTANT! In previous versions,
nacl.secretbox.open,nacl.box.open, andnacl.box.afterreturnedfalsewhen opening failed (for example, when using incorrect key, nonce, or when input was maliciously or accidentally modified after encryption). This version instead returnsnull.The usual way to check for this condition:
if (!result) { ... }is correct and will continue to work.
However, direct comparison with
false:if (result == false) { ... }it will no longer work and will not detect failure. Please check your code for this condition.
(
nacl.sign.openalways returnednull, so it is not affected.) -
Arguments type check now uses
instanceof Uint8Arrayinstead ofObject.prototype.toString. -
Removed deprecation checks for
nacl.util(moved to a
separate package in v0.14.0). -
Removed deprecation checks for the old signature API (changed in v0.10.0).
-
Improved benchmarking.
v0.14.5
- Fixed incomplete return types in TypeScript typings.
- Replaced COPYING.txt with LICENSE file, which now has public domain dedication
text from The Unlicense. License fields in package.json and bower.json have
been set to "Unlicense". The project was and will be in the public domain --
this change just makes it easier for automated tools to know about this fact by
using the widely recognized and SPDX-compatible template for public domain
dedication.
v0.14.4
Good news, everyone!
The bug in the fast version of Poly1305 has been fixed and this version is back into nacl-fast.js. Thanks to @floodyberry for promptly responding and fixing it:
"The issue was not properly detecting if st->h was >= 2^130 - 5, coupled with [testing mistake] not catching the failure. The chance of the bug affecting anything in the real world is essentially zero luckily, but it's good to have it fixed."
floodyberry/poly1305-donna#2 (comment)
Commit in TweetNaCl.js: 6dcbcaf
Commit in Poly1305-donna: floodyberry/poly1305-donna@0911057
Important bug fix in fast version
This update switches Poly1305 fast version back to original (slow) version.
There was a bug in fast version of Poly1305 which sometimes produced incorrect results. Authenticity of results of the following functions may be affected: secretbox, secretbox.open, box, box.open.
Fast version is default if you used npm package (e.g. require("tweetnacl")).
TweetNaCl.js comes in two favors: nacl.js, which is almost the exact port of TweetNaCl, and nacl-fast.js, which includes faster versions ported from other implementations. The fast version of Poly1305 message authenticator comes from 16-bit version of floodyberry/poly1305-donna. The bug is present in this version and was ported to JavaScript.
Until we figure how to fix the bug, Poly1305 in nacl-fast.js was switched to original nacl.js.