Bug 11100

Created attachment 431 [details]
attachment-5336-0.txt

The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.0.  This is a new stable version of Libgcrypt with full API
and ABI compatibiliy to the 1.6 series.  Its main features are new
algorithms, curves, and performance improvements.

Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG.  It does not provide any
implementation of OpenPGP or other protocols.  Thorough understanding of
applied cryptography is required to use Libgcrypt.


Noteworthy changes between version 1.6.0 and 1.7.0:
===================================================

 * New algorithms and modes:

   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.

   - SHAKE128 and SHAKE256 extendable-output hash algorithms.

   - ChaCha20 stream cipher.

   - Poly1305 message authentication algorithm

   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
     mode.

   - OCB mode.

   - HMAC-MD2 for use by legacy applications.

 * New curves for ECC:

   - Curve25519.

   - sec256k1.

   - GOST R 34.10-2001 and GOST R 34.10-2012.

 * Performance:

   - Improved performance of KDF functions.

   - Assembler optimized implementations of Blowfish and Serpent on
     ARM.

   - Assembler optimized implementation of 3DES on x86.

   - Improved AES using the SSSE3 based vector permutation method by
     Mike Hamburg.

   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
     about 20% faster than SSSE3 and more than 100% faster than the
     generic C implementation.

   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.

   - 60-90% speedup for Whirlpool on x86.

   - 300% speedup for RIPE MD-160.

   - Up to 11 times speedup for CRC functions on x86.

 * Other features:

   - Improved ECDSA and FIPS 186-4 compliance.

   - Support for Montgomery curves.

   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
     algorithm.

   - gcry_mpi_ec_sub to subtract two points on a curve.

   - gcry_mpi_ec_decode_point to decode an MPI into a point object.

   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]

   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
     hash part.

   - Parameter "saltlen" to set a non-default salt length for RSA PSS.

   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
     random number generator.

   - Map deprecated RSA algo number to the RSA algo number for better
     backward compatibility. [from 1.6.2]

   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
     [from 1.6.3]

   - Fixed data-dependent timing variations in modular exponentiation
     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical]. [from 1.6.3]

   - Flag "no-keytest" for ECC key generation.  Due to a bug in
     the parser that flag will also be accepted but ignored by older
     version of Libgcrypt. [from 1.6.4]

   - Speed up the random number generator by requiring less extra
     seeding. [from 1.6.4]

   - Always verify a created RSA signature to avoid private key leaks
     due to hardware failures. [from 1.6.4]

   - Mitigate side-channel attack on ECDH with Weierstrass curves
     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
     details. [from 1.6.5]

 * Internal changes:

   - Moved locking out to libgpg-error.

   - Support of the SYSROOT envvar in the build system.

   - Refactor some code.

   - The availability of a 64 bit integer type is now mandatory.

 * Bug fixes:

   - Fixed message digest lookup by OID (regression in 1.6.0).

   - Fixed a build problem on NetBSD

   - Fixed memory leaks in ECC code.

   - Fixed some asm build problems and feature detection bugs.

For interface changes relative to the 1.6.0 release see below [4].  Note
that the 1.6 series will enter end-of-life state on 2017-06-30.


Download
========

Source code is hosted at the GnuPG FTP server and its mirrors as listed
at https://gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2 (2477k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2.sig

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz (3309k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz.sig

The same files are also available via HTTP:

 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2.sig
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz.sig

In order to check that the version of Libgcrypt you downloaded is an
original and unmodified file please follow the instructions found at
<https://gnupg.org/download/integrity_check.html>.  In short, you may
use one of the following mthods:

 - Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.7.0.tar.bz2 you would use this
   command:

     gpg --verify libgcrypt-1.7.0.tar.bz2.sig libgcrypt-1.7.0.tar.bz2

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by one or more of the release signing keys. 

 - If you are not able to use GnuPG, you have to verify the SHA-1
   checksum:

     sha1sum libgcrypt-1.7.0.tar.bz2

   and check that the output matches the first line from the
   following list:

f840b737faafded451a084ae143285ad68bbfb01  libgcrypt-1.7.0.tar.bz2
b6b6cfea349ca18a658a18a6365f5e2ca78fe1cc  libgcrypt-1.7.0.tar.gz

   You should also verify that the checksums above are authentic by
   matching them with copies of this announcement.  Those copies can be
   found at other mailing lists, web sites, and search engines.
   

Copying
=======

Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require that these additional notices are distributed.


Support
=======

For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel mailing
list for discussion.

Maintenance and development of Libgcrypt is mostly financed by
donations; see <https://gnupg.org/donate/>.  We currently employ
3 full-time developers, one part-timer, and one contractor to work on
GnuPG and closely related software like Libgcrypt.


Thanks
======

We like to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.  Also many thanks to all our donors [3].  Special thanks go to
Jussi Kivilinna for all of his performance improvement work.



For the GnuPG hackers,

   Werner



p.s.
This is an announcement only mailing list.  Please send replies only to
the gcrypt-devel 'at' gnupg.org mailing list.


[1] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html
[3] https://gnupg.org/donate/kudos.html
[4] Interface changes relative to the 1.6.0 release:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    gcry_cipher_final               NEW macro.
    GCRY_CIPHER_MODE_CFB8           NEW constant.
    GCRY_CIPHER_MODE_OCB            NEW.
    GCRY_CIPHER_MODE_POLY1305       NEW.
    gcry_cipher_set_sbox            NEW macro.
    gcry_mac_get_algo               NEW.
    GCRY_MAC_HMAC_MD2               NEW.
    GCRY_MAC_HMAC_SHA3_224          NEW.
    GCRY_MAC_HMAC_SHA3_256          NEW.
    GCRY_MAC_HMAC_SHA3_384          NEW.
    GCRY_MAC_HMAC_SHA3_512          NEW.
    GCRY_MAC_POLY1305               NEW.
    GCRY_MAC_POLY1305_AES           NEW.
    GCRY_MAC_POLY1305_CAMELLIA      NEW.
    GCRY_MAC_POLY1305_SEED          NEW.
    GCRY_MAC_POLY1305_SERPENT       NEW.
    GCRY_MAC_POLY1305_TWOFISH       NEW.
    gcry_md_extract                 NEW.
    GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
    GCRY_MD_GOSTR3411_CP            NEW.
    GCRY_MD_SHA3_224                NEW.
    GCRY_MD_SHA3_256                NEW.
    GCRY_MD_SHA3_384                NEW.
    GCRY_MD_SHA3_512                NEW.
    GCRY_MD_SHAKE128                NEW.
    GCRY_MD_SHAKE256                NEW.
    gcry_mpi_ec_decode_point        NEW.
    gcry_mpi_ec_sub                 NEW.
    GCRY_PK_EDDSA                   NEW constant.
    GCRYCTL_GET_TAGLEN              NEW.
    GCRYCTL_SET_SBOX                NEW.
    GCRYCTL_SET_TAGLEN              NEW.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~