Sodium Compat Versions Save

Pure PHP polyfill for ext/sodium

v2.0.1

3 weeks ago

What's Changed

New Contributors

Full Changelog: https://github.com/paragonie/sodium_compat/compare/v2.0.0...v2.0.1

v1.21.1

3 weeks ago

What's Changed

Full Changelog: https://github.com/paragonie/sodium_compat/compare/v1.21.0...v1.21.1

v2.0.0

3 weeks ago

New Major Version

Please [read this blog post]((https://paragonie.com/blog/2024/04/release-sodium-compat-v2-and-future-our-polyfill-libraries) for more information.

v1.21.0

3 weeks ago

Important - Please Read

While this is not the final v1.x release, we will be releasing a new major version soon. See the updated major version policy in our readme for specific guidance.

Beyond that, this is a bog standard feature release. It contains no security fixes, but additional features (including the AEGIS AEAD mode used by libsodium, expected to land in PHP 8.4).

What's Changed

Full Changelog: https://github.com/paragonie/sodium_compat/compare/v1.20.1...v1.21.0

v1.20.1

1 month ago

What's Changed

Full Changelog: https://github.com/paragonie/sodium_compat/compare/v1.20.0...v1.20.1

v1.20.0

1 year ago

What's Changed

  • #157 - Update Wycheproof tests, fix Poly1305 implementation in response to Wycheproof failure

Full Changelog: https://github.com/paragonie/sodium_compat/compare/v1.19.0...v1.20.0

Poly1305 bug?

If you had a specific bit pattern in your Poly1305 key and ciphertext, you would generate an invalid authentication tag. This was caught by the ChaCha20-Poly1305 tests included in Project Wycheproof.

We don't believe this is a security issue because:

  1. Letting attackers control the key going into Poly1305 would defeat the security of this algorithm.
  2. Years of integration and compatibility testing with ext/sodium never encountered the conditions necessary to trigger the bug. (Specifically, a ciphertext of all bits set was one of the conditions necessary to trigger it.)
  3. The impact of triggering the bug is an incorrect authentication tag.

Additionally, if you turned fast multiplication on, you would have not triggered the bug at all.

This slows down our Poly1305 implementation slightly.

v1.19.0

1 year ago
  • Breaking Changes for PHP 8: #152 - We fixed the parameter names for the public API for sodium_compat to conform to the Sodium extension
    • If you weren't relying on the Named Parameters feature (which landed after sodium_compat was created), this doesn't affect you at all.
  • Added missing $ignore parameter to sodium_hex2bin() polyfill
    • Apparently we took that parameter at face value. Mea culpa.
  • More unit testing

v1.18.1

1 year ago
  • Fix #151 (PR #150): Resolve autoload-fast.php include path issue with Wordfence plugin for WordPress

v1.18.0

1 year ago
  • Fixed issues with the PHP autoloader
    • #145: For WordPress, this ensures when Ed25519 is included, so too is the class it inherits from.
    • #148, #149: For PHP 7.4+ with opcache preloading, this ensures the include guards don't fail.
  • #144: Added sodium_crypto_stream_xchacha20_xor_ic()

v1.17.1

2 years ago
  • #140 Fix issues with 32-bit integers and floats on PHP 8.1
  • Curve25519 field elements will now be normalized (overflow bits cleared unless numbers are negative) to prevent this float/int weirdness on PHP 8.1. This adds a very small performance hit on Curve25519 operations, but adds a guardrail against incorrect results.