- Bug fix: sodium_pad() didn't properly support block sizes >= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() didn't return EINVAL on input strings with a short length, unlike their high-level counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU features not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime order group: crypto_core_ed25519_scalar_random(), crypto_core_ed25519_scalar_reduce(), crypto_core_ed25519_scalar_invert(), crypto_core_ed25519_scalar_negate(), crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add() and crypto_core_ed25519_scalar_sub().
- New low-level APIs for scalar multiplication without clamping: crypto_scalarmult_ed25519_base_noclamp() and crypto_scalarmult_ed25519_noclamp(). These new APIs are especially useful for blinding.
- sodium_sub() has been implemented.
- The nonnull attribute has been added to all relevant prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
Signed-off-by: Pierre-Yves <pyu@riseup.net>