olm/CHANGELOG.rst

Changes in `2.1.0 <http://matrix.org/git/olm/commit/?h=2.1.0>`_
===============================================================

This release includes the following changes since 2.0.0:

* Add OLMKit, the Objective-C wrapper. Thanks to Chris Ballinger for the
  initial work on this.

Javascript wrapper:

* Handle exceptions during loading better (don't leave a half-initialised
  state).
* Allow applications to tune emscripten options (such as the amount of heap).
* Allocate memory for encrypted/decrypted messages on the empscripten heap,
  rather than the stack, allowing more efficient memory use.


Changes in `2.0.0 <http://matrix.org/git/olm/commit/?h=2.0.0>`_
===============================================================

This release includes the following changes since 1.3.0:

* Fix a buffer bounds check when decoding group messages.
* Update ``olm_group_decrypt`` to return the ratchet index for decrypted
  messages.
* Fix ``olm_pickle_account``, ``olm_pickle_session``,
  ``olm_pickle_inbound_group_session`` and
  ``olm_pickle_outbound_group_session`` to correctly return the length of the
  pickled object.
* Add a `specification <./docs/megolm.rst>`_ of the Megolm ratchet, and add
  some information on mitigating unknown key-share attacks to the `Olm
  specification <./docs/olm.rst>`_.
* Add an ``install-headers`` target to the Makefile (and run it when installing
  the library). (Credit to Emmanuel Gil Peyrot).


Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_
===============================================================

This release updates the group session identifier to avoid collisions.
Group sessions are now identified by their ed25519 public key.

These changes alter the pickle format of outbound group sessions, attempting
to unpickle an outbound group session created with a previous version of olm
will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected.

This release alters the format of group session_key messages to include the
ratchet counter. The session_key messages are now self signed with their
ed25519 key. No attempt was made to preserve backwards-compatibility.
Attempting to send session_keys between old and new versions will give
``OLM_BAD_SESSION_KEY``.

Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
===============================================================

This release updates the implementation of group session communications, to
include Ed25519 signatures on group messages, to ensure that participants in
group sessions cannot masquerade as each other.

These changes necessitate changes to the pickle format of inbound and outbound
group sessions, as well as the session_keys exchanged between them. No attempt
has been made to preserve backwards-compatibility:

* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
* Attempting to send session_keys between old and new versions will give
  ``OLM_BAD_SESSION_KEY``.
* Attempting to send messages between old and new versions will give one of a
  number of errors.

There were also a number of implementation changes made as part of this
release, aimed at making the codebase more consistent, and to help with the
implementation of the group message signatures.


Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
===============================================================

This release includes a fix to a bug which caused Ed25519 keypairs to be
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
or earlier should be considered compromised.

The fix necessitates a change to the format of the OlmAccount pickle; since
existing OlmAccounts should in any case be considered compromised (as above),
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.


Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
===============================================================

This release includes a fix to a bug which had the potential to leak sensitive
data to the application: see
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
<https://github.com/dluciv>`_ for bringing our attention to the bug.

Other changes since 0.1.0:

 * *Experimental* implementation of the primitives for group sessions. This
   implementation has not yet been used in an application and developers are
   advised not to rely on its stability.

 * Replace custom build scripts with a Makefile.

 * Include the major version number in the soname of libolm.so (credit to
   Emmanuel Gil Peyrot).
Update CHANGELOG 2016-12-22 15:49:49 +01:00			Changes in `2.1.0 <http://matrix.org/git/olm/commit/?h=2.1.0>`_
OLMKit: Add it to olm from version 2.0.1 2016-11-17 14:03:15 +01:00			`===============================================================`

Update CHANGELOG 2016-12-22 15:49:49 +01:00			`This release includes the following changes since 2.0.0:`

			`* Add OLMKit, the Objective-C wrapper. Thanks to Chris Ballinger for the`
			`initial work on this.`

			`Javascript wrapper:`

			`* Handle exceptions during loading better (don't leave a half-initialised`
			`state).`
			`* Allow applications to tune emscripten options (such as the amount of heap).`
			`* Allocate memory for encrypted/decrypted messages on the empscripten heap,`
			`rather than the stack, allowing more efficient memory use.`
OLMKit: Add it to olm from version 2.0.1 2016-11-17 14:03:15 +01:00

Prepare changelog for v2.0.0 2016-10-24 17:51:20 +02:00			Changes in `2.0.0 <http://matrix.org/git/olm/commit/?h=2.0.0>`_
			`===============================================================`

			`This release includes the following changes since 1.3.0:`

			`* Fix a buffer bounds check when decoding group messages.`
			* Update ``olm_group_decrypt`` to return the ratchet index for decrypted
			`messages.`
			* Fix ``olm_pickle_account``, ``olm_pickle_session``,
			``olm_pickle_inbound_group_session`` and
			``olm_pickle_outbound_group_session`` to correctly return the length of the
			`pickled object.`
			* Add a `specification <./docs/megolm.rst>`_ of the Megolm ratchet, and add
			some information on mitigating unknown key-share attacks to the `Olm
			specification <./docs/olm.rst>`_.
Changelog: Mention install-headers 2016-10-24 18:22:43 +02:00			* Add an ``install-headers`` target to the Makefile (and run it when installing
			`the library). (Credit to Emmanuel Gil Peyrot).`
Prepare changelog for v2.0.0 2016-10-24 17:51:20 +02:00
Update CHANGELOG 2016-12-22 15:49:49 +01:00
Changelog and version bump for 1.3.0 2016-09-14 14:55:54 +02:00			Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_
			`===============================================================`

Prepare changelog for v2.0.0 2016-10-24 17:51:20 +02:00			`This release updates the group session identifier to avoid collisions.`
			`Group sessions are now identified by their ed25519 public key.`
Changelog and version bump for 1.3.0 2016-09-14 14:55:54 +02:00
			`These changes alter the pickle format of outbound group sessions, attempting`
			`to unpickle an outbound group session created with a previous version of olm`
			will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected.

			`This release alters the format of group session_key messages to include the`
			`ratchet counter. The session_key messages are now self signed with their`
			`ed25519 key. No attempt was made to preserve backwards-compatibility.`
			`Attempting to send session_keys between old and new versions will give`
			``OLM_BAD_SESSION_KEY``.

Prepare changelog for v1.2.0 2016-09-06 18:04:37 +02:00			Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
			`===============================================================`

			`This release updates the implementation of group session communications, to`
			`include Ed25519 signatures on group messages, to ensure that participants in`
			`group sessions cannot masquerade as each other.`

			`These changes necessitate changes to the pickle format of inbound and outbound`
			`group sessions, as well as the session_keys exchanged between them. No attempt`
			`has been made to preserve backwards-compatibility:`

			* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
			`* Attempting to send session_keys between old and new versions will give`
			``OLM_BAD_SESSION_KEY``.
			`* Attempting to send messages between old and new versions will give one of a`
			`number of errors.`

			`There were also a number of implementation changes made as part of this`
			`release, aimed at making the codebase more consistent, and to help with the`
			`implementation of the group message signatures.`


Fix Ed25519 keypair generation Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality. 2016-09-01 14:35:23 +02:00			Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
			`===============================================================`

			`This release includes a fix to a bug which caused Ed25519 keypairs to be`
			`generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0`
update changelog pre-1.0.0 was broken too 2016-09-01 15:00:26 +02:00			`or earlier should be considered compromised.`
Fix Ed25519 keypair generation Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality. 2016-09-01 14:35:23 +02:00
			`The fix necessitates a change to the format of the OlmAccount pickle; since`
			`existing OlmAccounts should in any case be considered compromised (as above),`
			`the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.`


Prepare 1.0.0 release 2016-07-11 13:50:11 +02:00			Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
			`===============================================================`

			`This release includes a fix to a bug which had the potential to leak sensitive`
			`data to the application: see`
			`https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x`
			versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
			<https://github.com/dluciv>`_ for bringing our attention to the bug.

			`Other changes since 0.1.0:`

			`* Experimental implementation of the primitives for group sessions. This`
			`implementation has not yet been used in an application and developers are`
			`advised not to rely on its stability.`

			`* Replace custom build scripts with a Makefile.`

			`* Include the major version number in the soname of libolm.so (credit to`
			`Emmanuel Gil Peyrot).`