olm/CHANGELOG.rst

Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
===============================================================

This release includes a fix to a bug which caused Ed25519 keypairs to be
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
or earlier should be considered compromised.

The fix necessitates a change to the format of the OlmAccount pickle; since
existing OlmAccounts should in any case be considered compromised (as above),
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.


Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
===============================================================

This release includes a fix to a bug which had the potential to leak sensitive
data to the application: see
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
<https://github.com/dluciv>`_ for bringing our attention to the bug.

Other changes since 0.1.0:

 * *Experimental* implementation of the primitives for group sessions. This
   implementation has not yet been used in an application and developers are
   advised not to rely on its stability.

 * Replace custom build scripts with a Makefile.

 * Include the major version number in the soname of libolm.so (credit to
   Emmanuel Gil Peyrot).
Fix Ed25519 keypair generation Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality. 2016-09-01 14:35:23 +02:00			Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
			`===============================================================`

			`This release includes a fix to a bug which caused Ed25519 keypairs to be`
			`generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0`
update changelog pre-1.0.0 was broken too 2016-09-01 15:00:26 +02:00			`or earlier should be considered compromised.`
Fix Ed25519 keypair generation Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality. 2016-09-01 14:35:23 +02:00
			`The fix necessitates a change to the format of the OlmAccount pickle; since`
			`existing OlmAccounts should in any case be considered compromised (as above),`
			`the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.`


Prepare 1.0.0 release 2016-07-11 13:50:11 +02:00			Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
			`===============================================================`

			`This release includes a fix to a bug which had the potential to leak sensitive`
			`data to the application: see`
			`https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x`
			versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
			<https://github.com/dluciv>`_ for bringing our attention to the bug.

			`Other changes since 0.1.0:`

			`* Experimental implementation of the primitives for group sessions. This`
			`implementation has not yet been used in an application and developers are`
			`advised not to rely on its stability.`

			`* Replace custom build scripts with a Makefile.`

			`* Include the major version number in the soname of libolm.so (credit to`
			`Emmanuel Gil Peyrot).`