Skip to content

Rscrypto

v0.4.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 9d Secrets & Credentials
βœ“ No known CVEs patched
Read the diff β†’ Tool health β†’ What is this tool? β†’
This release patches 2 known CVEs

Topics

aead asm blake2 blake3 checksums crc32c
+7 more
cryptography ed25519 no-std rust simd wasm x25519

Affected surfaces

crypto_tls auth

Summary

AI summary

Updates πŸ‘· CI, πŸ“¦ Other Changes, and πŸ—οΈ Build across a mixed release.

Changes in this release

Feature Low

Aligns aegis256 AES helper configurations on POWER and s390x architectures.

Aligns aegis256 AES helper configurations on POWER and s390x architectures.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Feature Low

Routes AES AEAD CT evidence through secret‑only probes in CI.

Routes AES AEAD CT evidence through secret‑only probes in CI.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Feature Low

Batches s390x AES‑GCM‑SIV CTR keystream block generation.

Batches s390x AES‑GCM‑SIV CTR keystream block generation.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Feature Low

Aligns RSA key generation with FIPSβ€―186‑5 A.1.3 specification.

Aligns RSA key generation with FIPSβ€―186‑5 A.1.3 specification.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Dependency Low

Preinstalls BINSEC solver system packages in CI.

Preinstalls BINSEC solver system packages in CI.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Dependency Low

Builds BINSEC proof harnesses as non‑PIE binaries.

Builds BINSEC proof harnesses as non‑PIE binaries.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Bugfix Medium

Fixes Blake2b diagnostic multiblock oracle bug.

Fixes Blake2b diagnostic multiblock oracle bug.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Bugfix Low

Clears CT helper and Blake2b diagnostic slice lints.

Clears CT helper and Blake2b diagnostic slice lints.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Bugfix Low

Repairs CT asm heuristic parsing and RISC‑V BINSEC policy in CI.

Repairs CT asm heuristic parsing and RISC‑V BINSEC policy in CI.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Refactor Low

Hardens asm dispatch and backend equivalence gates in crypto package.

Hardens asm dispatch and backend equivalence gates in crypto package.

Source: llm_adapter@2026-06-10

Confidence: high

 β€”
Full changelog

0.4.0 - 2026-06-09

πŸ—οΈ Build

  • add light and full push preflight commands ci: harden BINSEC solver setup and CT diagnostics (5a8c2eb)

πŸ‘· CI

  • load BINSEC proof relocation sections (6421da9)
  • build BINSEC proof harnesses as non-PIE (783eac4)
  • preinstall BINSEC solver system packages (df71e54)
  • harden manual CT DudeCT filters (55ca702)
  • add s390x AES AEAD DudeCT trace cases (53812a5)
  • add AES-GCM-SIV DudeCT trace cases (5e6a24f)
  • add DudeCT filters for targeted CT runs (fcc326e)
  • scope RSA CT evidence and pass BINSEC SMT timeout auth: harden RSA modular import fixed-width output (c93dc79)

πŸ“¦ Other Changes

  • workspace: refresh release package metadata, ignore rules, and lockfile pins ci: bump action pins and harden check, coverage, and fuzz scripts docs: align release docs, CT policy, examples, and module snippets with 0.3.1 benchmarks: refresh 2026-06-09 overview and README perf chart (147c747)
  • aead: align aegis256 AES helper cfgs on POWER and s390x ci: repair CT asm heuristic parsing and RISC-V BINSEC policy docs: narrow RISC-V CT evidence claims (7dbf097)
  • crypto: harden asm dispatch and backend equivalence gates (643dd44)
  • aead: batch s390x AES-GCM-SIV CTR keystream blocks ci: route AES AEAD CT evidence through secret-only probes (e9676b7)
  • hashes: fix Blake2b diag multiblock oracle (053c810)
  • auth: clear CT helper slice lints hashes: clear Blake2b diagnostic slice lints (32f0e12)
  • auth: align RSA keygen with FIPS 186-5 A.1.3 (5ceb703)

Security Fixes

  • Harden manual CT DudeCT filters and add s390x AES AEAD DudeCT trace cases
  • Scope RSA CT evidence, pass BINSEC SMT timeout auth, and harden RSA modular import fixed‑width output
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Rscrypto

Get notified when new releases ship.

Sign up free

About Rscrypto

All releases β†’

Related context

Beta — feedback welcome: [email protected]