Version 0.6.0

• Fixed a bug with crypto_generichash_update() introduced by erroneous string encoding/decoding routines.
  This wasn't likely security-affecting, but it would lead to incorrect results which is still pretty bad.
• Added ParagonIE_Sodium_File::generichash(), so a hash can be calculated of an entire file without loading the entire thing into memory.

Version 0.5.0

• Security fix: Our hash_equals() polyfill would return a false positive if the first byte matched. This was originally identified by a strange unit test failure, analyzed by @defuse, then a proposed future-proofing was suggested by @solardiz. This would not have affected PHP 5.6 or newer.
• ParagonIE_Sodium_File is now feature-complete for the operations we wish to expose (i.e. encrypting, signing, and verifying files).
  • Unlike Halite, it does not attempt to mitigate TOCTOU vulnerabilities. If TOCTOU is relevant to your threat model, you are encouraged to load the entire files into memory and use ParagonIE_Sodium_Compat instead of ParagonIE_Sodium_File.
• More multiplication operations have been replaced with our constant time loop. See cryptographically secure PHP development for more information.

Version 0.4.0

We now use a constant-time implementation of integer multiplication. This decision was motivated by research from Kudelski Security and BearSSL design decisions.

If you want better performance (and to throw caution to the wind), you can disable this at runtime via:

ParagonIE_Sodium_Compat::$fastMult = true;

However, if performance really matters to you, you'll want to run this command once instead (Ubuntu-specific; your mileage may vary with other distros):

apt-get install libsodium-dev php7.1-libsodium

Version 0.3.1

• Fixes a security bug (our scalarmult implementation didn't reject public keys that consisted of all zero bytes, which led to invalid ECDH results). Reported by @veorq to other projects.
• Improve test coverage.

Version 0.3.0 (Final Beta; Pre-Audit Code Freeze)

• Added ParagonIE_Sodium_File which allows you to sign/verify files without loading them all into memory at once.
• Added ChaCha20-Poly1305 (and the IETF variant) AEAD modes
• Documentation clean-up.

See #8 for the status on getting v1.0.0 released.

Version 0.2.2

• memzero() now throws an Error instead of silently calling unset.
• Minor documentation enhancements.

Version 0.2.1

Forgot to add some constants in lib/constants.php.

Version 0.2.0

• Added ChaCha20-Poly1305 so that we can one day integrate with the Noise protocol framework.
• Integrated with Psalm by Vimeo in our continuous integration, which gives us automated static analysis.

Version 0.1.1

Fixed #14 (adds constants to lib/sodium_compat.php).

Version 0.1.0 (First Alpha Release)

We should be feature-complete (sans the things that aren't worthwhile to attempt to polyfill).