Skip to content

base64-ng 0.5.0

Choose a tag to compare

@eldryoth eldryoth released this 14 May 15:25
Immutable release. Only release title and notes can be modified.
v0.5.0
adec375

base64-ng v0.5.0

Highlights

  • Added AVX-512 VBMI candidate detection and audit reporting while keeping scalar as the only active backend.
  • Hardened runtime backend reporting with structured snapshots, CPU feature requirements, and scalar-only deployment policy checks.
  • Added inactive AVX-512, AVX2, and NEON prototype checks with scalar-equivalence evidence.
  • Strengthened stream decoder/encoder hardening for framed payloads and sensitive buffer cleanup.
  • Replaced stream reader allocator-backed queues with fixed-size internal queues that clear consumed slots and wipe full queue capacity on drop.
  • Hardened constant-time-oriented decoding with opaque malformed-content errors and integer byte-mask helpers.
  • Expanded release gates for reserved features, SIMD boundaries, packaged scripts, cross-target builds, SBOMs, and reproducible package/build checks.
  • Added a zero-dependency roadmap for MIME/PEM/bcrypt profiles, custom alphabets, validation-only APIs, secret wrappers, and future high-assurance work.

Security

  • Default runtime dependency graph remains zero external crates.
  • Scalar execution remains the only active backend.
  • Unsafe code remains isolated to the SIMD admission boundary.
  • Clear-tail and stream cleanup APIs provide best-effort buffer-retention reduction.
  • Constant-time-oriented APIs still do not claim a formally verified cryptographic constant-time guarantee.

Verification

Passed release gate for:

  • formatting
  • clippy
  • default/all-features/no-default-features tests
  • doctests and docs
  • Miri
  • nextest
  • cargo-deny
  • cargo-audit
  • license inventory
  • fuzz/perf harness checks
  • cross-target checks
  • SIMD feature-bundle checks
  • SBOM generation
  • reproducible package/build

Kani proof execution is currently skipped because installed Kani bundles rustc 1.93.0-nightly, while this crate requires Rust 1.95.