
Libgcrypt 1.9.x
Reported by steve | January 20th, 2021 @ 01:21 AM
Noteworthy changes in Libgcrypt 1.9.0:
-
New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. [#4293]
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. Also in 1.8.2 as an undocumented feature.
-
Performance:
- Optimized implementations for Aarch64.
- Faster implementations for Poly1305 and ChaCha. Also for PowerPC. [b9a471ccf5,172ad09cbe,#4460]
- Optimized implementations of AES and SHA-256 on PowerPC. [#4529,#4530]
- Improved use of AES-NI to speed up AES-XTS (6 times faster). [a00c5b2988]
- Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d]
- Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a]
- New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times faster). [af7fc732f9, da58a62ac1]
- Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times faster). [d02958bd30, 0b3ec359e2]
- Use ARMv7/NEON accelerated GCM implementation (3 times faster). [2445cf7431]
- Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7). [b52dde8609]
- Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed]
- Improve CAST5 (40% to 70% faster). [4ec566b368]
- Improve Blowfish (60% to 80% faster). [ced7508c85]
-
Bug fixes:
- Fix infinite loop due to applications using fork the wrong way. [#3491][also in 1.8.4]
- Fix possible leak of a few bits of secret primes to pageable memory. [#3848][also in 1.8.4]
- Fix possible hang in the RNG (1.8.3 only). [#4034][also in 1.8.4]
- Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212] [also in 1.8.4]
- On Linux always make use of getrandom if possible and then use its /dev/urandom behaviour. [#3894][also in 1.8.4]
- Use blinding for ECDSA signing to mitigate a novel side-channel attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
- Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10]
- Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. [also in 1.8.3, 1.7.10]
- Fix the gcry_mpi_ec_curve_point point validation function. [also in 1.8.3, 1.7.10]
- Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
- Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
- Fix test suite failure on systems with large pages. [#3351] [also in 1.8.2]
- Fix test suite to not use mmap on Windows. [also in 1.8.2]
- Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. [also in 1.8.2]
- Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]
- Fix GCM bug on arm64 which troubles for example OMEMO. [#4986, also in 1.8.6]
- Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6]
- Use a constant time mpi_inv and related changes. [#4869, partly also in 1.8.6]
- Fix mpi_copy to correctly handle flags of opaque MPIs. [also in 1.8.6]
- Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
- Fix extra entropy collection via clock_gettime. Note that this fallback code path is not used on any decent hardware. [#4966, also in 1.8.7]
- Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7]
- Allow for a Unicode random seed file on Windows. [#5098, also in 1.8.7]
-
Other features:
For a list of interface changes and links to commits and bug
numbers
see the release info at https://dev.gnupg.org/T4294
Comments and changes to this ticket
-
steve January 26th, 2021 @ 12:19 AM
- State changed from new to verified
- Assigned user set to Luke Le
- Milestone set to 2.2.27
macOS 10.15.7
GPG Suite 2985n
verified -
steve January 29th, 2021 @ 01:37 PM
- State changed from verified to new
- Assigned user cleared.
- Milestone cleared.
reverting to 1.8.x for now. keeping this open until we add 1.9.x
-
steve January 29th, 2021 @ 01:37 PM
- Title changed from Libgcrypt 1.9.0 to Libgcrypt 1.9.x
-
steve January 29th, 2021 @ 01:38 PM
Noteworthy changes in Libgcrypt 1.9.1:
-
Bug fixes:
- Fix exploitable bug in hash functions introduced with 1.9.0. [#5275]
- Return an error if a negative MPI is used with sexp scan functions. [#4964]
- Check for operational FIPS in the random and KDF functions. [#5243]
- Fix compile error on ARMv7 with NEON disabled. [#5251]
- Fix self-test in KDF module. [#5254]
- Improve assembler checks for better LTO support. [#5255]
- Fix assember problem on macOS running on M1. [#5157]
- Support older macOS without posix_spawn. [#5159]
- Fix 32-bit cross build on x86. [#5257]
- Fix non-NEON ARM assembly implementation for SHA512. [#5263]
- Fix build problems with the cipher_bulk_ops_t typedef. [#5264]
- Fix Ed25519 private key handling for preceding ZEROs. [#5267]
- Fix overflow in modular inverse implementation. [#5269]
- Fix register access for AVX/AVX2 implementations of Blake2. [#5271].
-
Performance:
- Add optimized cipher and hash functions for s390x/zSeries.
- Use hardware bit counting functionx when available.
-
Internal changes:
- The macOS getentropy syscall is used when available. [#5268]
- Update DSA functions to match FIPS 186-3. [30ed9593f6]
- New self-tests for CMACs and KDFs. [385a89e35b,7a0da24925]
- Add bulk cipher functions for OFB and GCM modes. [f12b6788f2,f4e63e92dc]
For a list of links to commits and bug numbers
see the release info at https://dev.gnupg.org/T5259 -
-
steve February 17th, 2021 @ 01:05 PM
Noteworthy changes in Libgcrypt 1.9.2
-
Bug fixes:
- Fix build problem for macOS in the random code. [#5268]
- Fix building with --disable-asm on x86. [#5277]
- Check public key for ECDSA verify operation. [#5282]
- Make sure gcry_get_config (NULL) returns a nul-terminated string. [8716e4b2ad]
- Fix a memory leak in the ECDH code. [289543544e]
- Fix a reading beyond end of input buffer in SHA2-avx2. [24af2a55d8]
-
Other features:
- New test driver to allow for standalone regression tests. [b142da4c88]
For a list of links to commits and bug numbers
see the release info at https://dev.gnupg.org/T5276 -
-
steve March 30th, 2022 @ 02:20 PM
- State changed from new to wontfix
decision was made to stay on 1.8 LTS for now.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป