Commit graph

20 commits

Author SHA1 Message Date
Hubert Chathi
af47497ace update changelog for 3.1.1 2019-04-29 14:35:15 -04:00
Hubert Chathi
992323c37c update changelog 2019-04-22 13:17:30 -04:00
Hubert Chathi
009173c1ab update changelog links to point to new repo 2019-04-17 21:09:03 -04:00
Hubert Chathi
bac8ca7802 prepare for 3.1.0 release 2019-04-17 17:31:01 -04:00
Hubert Chathi
ff24af601a prepare release 3.0.0 2018-10-23 12:58:10 -04:00
David Baker
8635d68ba8 Add other breaking change 2018-10-02 12:09:33 +01:00
David Baker
498562fa65 Breking change 2018-09-25 18:03:31 +01:00
Hubert Chathi
98e8ee1b0d prepare 2.3.0 2018-07-04 15:24:44 -04:00
Richard van der Hoff
77eaaa3d5f prepare v2.2.2 2017-03-01 16:21:37 +00:00
Richard van der Hoff
b185229c2b Prep v2.2.1 2017-01-18 18:16:32 +00:00
Richard van der Hoff
972798d1b7 Prep changelog for 2.2.0 2017-01-18 15:48:48 +00:00
Richard van der Hoff
e71dc46a1e Update CHANGELOG 2016-12-22 14:51:56 +00:00
manuroe
0b1ecbff2d OLMKit: Add it to olm from version 2.0.1 2016-11-17 14:03:15 +01:00
Richard van der Hoff
d02c457da5 Changelog: Mention install-headers 2016-10-24 17:22:43 +01:00
Richard van der Hoff
4367afc65e Prepare changelog for v2.0.0 2016-10-24 16:51:20 +01:00
Mark Haines
ec7d968623 Changelog and version bump for 1.3.0 2016-09-14 13:55:54 +01:00
Richard van der Hoff
b5c65bed0a Prepare changelog for v1.2.0 2016-09-06 17:04:37 +01:00
Richard van der Hoff
f7c428d62c update changelog
pre-1.0.0 was broken too
2016-09-01 14:00:26 +01:00
Richard van der Hoff
0c462cff11 Fix Ed25519 keypair generation
Ed25519 private keys, it turns out, have 64 bytes, not 32.

We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.

By way of fixes:

 * Use the correct algorithm for generating the Ed25519 private key, and store
   all 512 bits of it.

 * Update the account pickle format and refuse to load the old format (since we
   should consider it compromised).

 * Bump the library version, and add a function to retrieve the library
   version, so that applications can verify that they are linked against a
   fixed version of the library.

 * Remove the curve25519_{sign, verify} functions which were unused and of
   dubious quality.
2016-09-01 13:35:23 +01:00
Richard van der Hoff
f3b9c3bbbb Prepare 1.0.0 release 2016-07-11 12:50:11 +01:00