1.0.12 (2026-02-17)
✨ Features
- add KMAC128/KMAC256 support to subtle API (#944) (3e06617)
- add ML-KEM/ML-DSA raw-public and raw-seed export/import (#943) (ad5a961)
- add SHA-3 and cSHAKE support to subtle.digest() (#942) (34e61cd)
- implement ML-KEM encapsulate/decapsulate (#941) (e040d63)
- implement X509Certificate class with all 25 methods/properties (#940) (674a146)
🐛 Bug Fixes
- accept any OpenSSL curve name in EC generateKeyPair, add ECDSA stress tests (#930) (70a9650)
- add JS-side validation for pbkdf2 iterations/keylen (#939) (c959f30)
- copy symmetric key on export to prevent JSI ArrayBuffer GC corruption (#933) (8e4c9e7)
- ecDeriveBits returns full backing ArrayBuffer instead of truncat… (#947) (7c1d6ba)
- improve pbkdf2 type safety to match Node.js API (#932) (b585471)
- prevent cipher reuse after final() and reset is_finalized in all init() overrides (#948) (2f1bdb2)
- resolve circular dependencies causing KeyEncoding undefined (#928) (039e1e0)
- support legacy RSA-* hash name aliases (#929) (e4b63a7)
- use StringDecoder for cipher string encoding remainder buffering (#949) (4ef8b1f)