Notable Changes:

• Fix xts avx2 decryption issue with GB mode.#383
• internal/deps/cpu: support Loong64 features detection.
• nternal/nat: add missing loong64 optimization.

Notable Changes:

• cipher: initial support gxm & mur modes in GM/T 0001.4-2024 ZUC stream cipher algorithm.
• drbg: 增加了DRBG销毁内部状态的方法 by @Trisia in #378
• internal/zuc: eea supports encoding.BinaryMarshaler & encoding.BinaryUnmarshaler interfaces #375
• internal/zuc: support fast forward

@emmansun , @Trisia

Notable Changes:

• mldsa: implements crypto.Signer interface.
• slhdsa: implements crypto.Signer interface.
• slhdsa: fix GenerateKey bug.

Notable Changes:

• supports PQC: ML‐KEM (ML-KEM-512, ML-KEM-768, ML-KEM-1024), requires go 1.24+.

Notable Changes:

• supports PQC: ML‐DSA, , requires go 1.24+
• supports PQC: SLH‐DSA, , requires go 1.24+
• sm2: provide low-level encoding functions for keys (alias for NewXXX)
• sm2: provide SignMessage method to comply with the [crypto.MessageSigner] interface
• sm9: add back SetMasterPublic methods
• smx509: disallow negative path length #329
• smx509: use truncated SHA-256 for SubjectKeyId #328
• smx509: add new OID type and use it in Certificate #209
• smx509: switch default policy field to Policies

What's Changed

• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @dependabot in #323
• sm9: Prevent PublicKey() returning nil after unmarshaling master priavate key by @hrimfaxi in #324

New Contributors

• @hrimfaxi made their first contribution in #324

Full Changelog: v0.30.0...v0.30.1

Notable Changes:

• all: upgrade go directive to at least 1.23.0
• all: change to use go's own XORBytes function #315
• cbcmac: enable provided padding method #319
• cfca: support RSA keys for CSR creation #322
• cipher: move xts detail implementation to internal #320
• internal/bigmod: explicitly clear expanded limbs on reset #313
• internal/deps/cpu: import golang.org/x/sys/cpu #310
• internal/sm2ec: make SetBytes constant time #309
• internal/sm9/bn256: make gfP.Unmarshal constant time and reduce big.Int usage
• padding: implement ISO IEC9797-1 padding method 3 #319
• sm3: move implementation detail to internal/sm3
• sm4: move implementation detail to internal/sm4
• sm9: refactoring, do not expose bn256 types to caller #314
• smx509: add new CRL parser, deprecate old one #40
• smx509: add support for PKCS8/PKIX X25519 key encodings #210
• smx509: avoid crypto/rand.Int to generate serial number #308
• smx509: better handling of weird encodings #316
• smx509: surface ReasonCode in RevocationList API #212
• zuc: move implementation detail to internal/zuc
• zuc: support to keep/cache states per bucket for seekable stream #321

Notes:
sm9 have some incompatible changes.

Notable Changes:

• sm2: provide a specific hash.Hash implementation
• smx509: properly check for IPv6 hosts in URIs
• internal/subtle: combine xor_.go files

Notes:
从v0.30.0+开始，Go最低版本要求改为v1.23+。如果你不能升级Go版本，请继续使用v0.29.x。

Notable Changes:

• pkcs7: sign precomputed digest #294
• smx509: add wasip1 support #290
• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
• build(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0

Notable Changes:

• cfca: add pkcs7 signed data facade
• cfca: support cfca certificate request #286
• cfca: parse returned encryption key #286
• cfca: extract encrypt/decrypt functions with SM4CBC and SM3 KDF
• build(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0
• build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0