1 Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
2 -------------------------------------------------
6 - Fix minor memory leaks in FIPS mode.
8 - Build fixes for MUSL libc. [rCffaef0be61]
12 - More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
14 - Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
16 Release-info: https://dev.gnupg.org/T5810
19 Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
20 -------------------------------------------------
22 * New and extended interfaces:
24 - New control codes to check for FIPS 140-3 approved algorithms.
26 - New control code to switch into non-FIPS mode.
28 - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
30 - Extended cipher mode AESWRAP with padding as specified by
33 - New set of KDF functions.
35 - New KDF modes Argon2 and Balloon.
37 - New functions for combining hashing and signing/verification. [T4894]
41 - Improved support for PowerPC architectures.
43 - Improved ECC performance on zSeries/s390x by using accelerated
44 scalar multiplication.
46 - Many more assembler performance improvements for several
51 - Fix Elgamal encryption for other implementations.
52 [R5328,CVE-2021-40528]
54 - Fix alignment problem on macOS. [T5440]
56 - Check the input length of the point in ECDH. [T5423]
58 - Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
62 - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
63 because it is useless with the FIPS 140-3 related changes.
65 - Update of the jitter entropy RNG code. [T5523]
67 - Simplification of the entropy gatherer when using the getentropy
70 * Interface changes relative to the 1.10.0 release:
71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72 GCRYCTL_SET_DECRYPTION_TAG NEW control code.
73 GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
74 GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
75 GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
76 GCRY_CIPHER_MODE_SIV NEW mode.
77 GCRY_CIPHER_MODE_GCM_SIV NEW mode.
78 GCRY_CIPHER_EXTENDED NEW flag.
79 GCRY_SIV_BLOCK_LEN NEW macro.
80 gcry_cipher_set_decryption_tag NEW macro.
81 GCRY_KDF_ARGON2 NEW constant.
82 GCRY_KDF_BALLOON NEW constant.
83 GCRY_KDF_ARGON2D NEW constant.
84 GCRY_KDF_ARGON2I NEW constant.
85 GCRY_KDF_ARGON2ID NEW constant.
86 gcry_kdf_hd_t NEW type.
87 gcry_kdf_job_fn_t NEW type.
88 gcry_kdf_dispatch_job_fn_t NEW type.
89 gcry_kdf_wait_all_jobs_fn_t NEW type.
90 struct gcry_kdf_thread_ops NEW struct.
91 gcry_kdf_open NEW function.
92 gcry_kdf_compute NEW function.
93 gcry_kdf_final NEW function.
94 gcry_kdf_close NEW function.
95 gcry_pk_hash_sign NEW function.
96 gcry_pk_hash_verify NEW function.
97 gcry_pk_random_override_new NEW function.
99 Release-info: https://dev.gnupg.org/T5691
101 Release dates of 1.9.x versions:
102 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
103 Version 1.9.4 (2021-08-22)
106 Noteworthy changes in version 1.9.3 (2021-04-19) [C23/A3/R3]
107 ------------------------------------------------
111 - Fix build problems on i386 using gcc-4.7.
113 - Fix checksum calculation in OCB decryption for AES on s390.
116 - Fix a regression in gcry_mpi_ec_add related to certain usages of
119 - Fix a symbol not found problem on Apple M1. [#5370]
121 - Fix for Apple iOS getentropy peculiarity. [#5375]
123 - Make keygrip computation work for compressed points. [#4961]
127 - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
130 - Add x86_64 VAES/AVX2 accelerated implementation of AES.
133 - Add VPMSUMD acceleration for GCM mode on PPC. [#5040]
137 - Harden MPI conditional code against EM leakage. [#5330]
139 - Harden Elgamal by introducing exponent blinding. [#5328]
141 - Fix memory leaks in the error code paths of EdDSA. [#5385]
143 Release-info: https://dev.gnupg.org/T5305
146 Noteworthy changes in version 1.9.2 (2021-02-17) [C23/A3/R2]
147 ------------------------------------------------
151 - Fix build problem for macOS in the random code. [#5268]
153 - Fix building with --disable-asm on x86. [#5277]
155 - Check public key for ECDSA verify operation. [#5282]
157 - Make sure gcry_get_config (NULL) returns a nul-terminated string.
160 - Fix a memory leak in the ECDH code. [289543544e]
162 - Fix a reading beyond end of input buffer in SHA2-avx2.
167 - New test driver to allow for standalone regression
170 Release-info: https://dev.gnupg.org/T5276
173 Noteworthy changes in version 1.9.1 (2021-01-29) [C23/A3/R1]
174 ------------------------------------------------
178 - Fix exploitable bug in hash functions introduced with 1.9.0.
181 - Return an error if a negative MPI is used with sexp scan
184 - Check for operational FIPS in the random and KDF functions.
187 - Fix compile error on ARMv7 with NEON disabled. [#5251]
189 - Fix self-test in KDF module. [#5254]
191 - Improve assembler checks for better LTO support. [#5255]
193 - Fix assember problem on macOS running on M1. [#5157]
195 - Support older macOS without posix_spawn. [#5159]
197 - Fix 32-bit cross build on x86. [#5257]
199 - Fix non-NEON ARM assembly implementation for SHA512. [#5263]
201 - Fix build problems with the cipher_bulk_ops_t typedef. [#5264]
203 - Fix Ed25519 private key handling for preceding ZEROs. [#5267]
205 - Fix overflow in modular inverse implementation. [#5269]
207 - Fix register access for AVX/AVX2 implementations of Blake2.
212 - Add optimized cipher and hash functions for s390x/zSeries.
214 - Use hardware bit counting functions when available.
218 - The macOS getentropy syscall is used when available. [#5268]
220 - Update DSA functions to match FIPS 186-3. [30ed9593f6]
222 - New self-tests for CMACs and KDFs. [385a89e35b,7a0da24925]
224 - Add bulk cipher functions for OFB and GCM modes.
225 [f12b6788f2,f4e63e92dc]
227 Release-info: https://dev.gnupg.org/T5259
230 Noteworthy changes in version 1.9.0 (2021-01-19) [C23/A3/R0]
231 ------------------------------------------------
233 * New and extended interfaces:
235 - New curves Ed448, X448, and SM2.
237 - New cipher mode EAX.
239 - New cipher algo SM4.
243 - New hash algo variants SHA512/224 and SHA512/256.
245 - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
246 SM3, SM4 and for a GOST variant.
248 - New convenience function gcry_mpi_get_ui.
250 - gcry_sexp_extract_param understands new format specifiers to
251 directly store to integers and strings.
253 - New function gcry_ecc_mul_point and curve constants for Curve448
254 and Curve25519. [#4293]
256 - New function gcry_ecc_get_algo_keylen.
258 - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
259 secure memory area. Also in 1.8.2 as an undocumented feature.
263 - Optimized implementations for Aarch64.
265 - Faster implementations for Poly1305 and ChaCha. Also for
266 PowerPC. [b9a471ccf5,172ad09cbe,#4460]
268 - Optimized implementations of AES and SHA-256 on PowerPC.
271 - Improved use of AES-NI to speed up AES-XTS (6 times faster).
274 - Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d]
276 - Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a]
278 - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
279 faster). [af7fc732f9, da58a62ac1]
281 - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
282 faster). [d02958bd30, 0b3ec359e2]
284 - Use ARMv7/NEON accelerated GCM implementation (3 times faster).
287 - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
290 - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed]
292 - Improve CAST5 (40% to 70% faster). [4ec566b368]
294 - Improve Blowfish (60% to 80% faster). [ced7508c85]
298 - Fix infinite loop due to applications using fork the wrong
299 way. [#3491][also in 1.8.4]
301 - Fix possible leak of a few bits of secret primes to pageable
302 memory. [#3848][also in 1.8.4]
304 - Fix possible hang in the RNG (1.8.3 only). [#4034][also in 1.8.4]
306 - Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212]
309 - On Linux always make use of getrandom if possible and then use
310 its /dev/urandom behaviour. [#3894][also in 1.8.4]
312 - Use blinding for ECDSA signing to mitigate a novel side-channel
313 attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
315 - Fix incorrect counter overflow handling for GCM when using an IV
316 size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10]
318 - Fix incorrect output of AES-keywrap mode for in-place encryption
319 on some platforms. [also in 1.8.3, 1.7.10]
321 - Fix the gcry_mpi_ec_curve_point point validation function.
322 [also in 1.8.3, 1.7.10]
324 - Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
326 - Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
328 - Fix test suite failure on systems with large pages. [#3351]
331 - Fix test suite to not use mmap on Windows. [also in 1.8.2]
333 - Fix fatal out of secure memory status in the s-expression parser
334 on heavy loaded systems. [also in 1.8.2]
336 - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]
338 - Fix GCM bug on arm64 which troubles for example OMEMO. [#4986,
341 - Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6]
343 - Use a constant time mpi_inv and related changes. [#4869, partly
346 - Fix mpi_copy to correctly handle flags of opaque MPIs.
349 - Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
351 - Fix extra entropy collection via clock_gettime. Note that this
352 fallback code path is not used on any decent hardware. [#4966,
355 - Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7]
357 - Allow for a Unicode random seed file on Windows. [#5098, also in
362 - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
365 - Add mitigation against ECC timing attack CVE-2019-13627. [#4626]
367 - Internal cleanup of the ECC implementation.
369 - Support reading EC point in compressed format for some curves.
372 * Interface changes relative to the 1.8.0 release:
373 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
374 gcry_mpi_get_ui NEW function.
375 GCRYCTL_AUTO_EXPAND_SECMEM NEW control code.
376 gcry_sexp_extract_param EXTENDED.
377 GCRY_CIPHER_GOST28147_MESH NEW cipher algo.
378 GCRY_CIPHER_SM4 NEW cipher algo.
379 GCRY_CIPHER_MODE_EAX NEW mode.
380 GCRY_ECC_CURVE25519 NEW curve id.
381 GCRY_ECC_CURVE448 NEW curve id.
382 gcry_ecc_get_algo_keylen NEW function.
383 gcry_ecc_mul_point NEW function.
384 GCRY_MD_SM3 NEW hash algo.
385 GCRY_MD_SHA512_256 NEW hash algo.
386 GCRY_MD_SHA512_224 NEW hash algo.
387 GCRY_MAC_GOST28147_IMIT NEW mac algo.
388 GCRY_MAC_HMAC_GOSTR3411_CP NEW mac algo.
389 GCRY_MAC_HMAC_BLAKE2B_512 NEW mac algo.
390 GCRY_MAC_HMAC_BLAKE2B_384 NEW mac algo.
391 GCRY_MAC_HMAC_BLAKE2B_256 NEW mac algo.
392 GCRY_MAC_HMAC_BLAKE2B_160 NEW mac algo.
393 GCRY_MAC_HMAC_BLAKE2S_256 NEW mac algo.
394 GCRY_MAC_HMAC_BLAKE2S_224 NEW mac algo.
395 GCRY_MAC_HMAC_BLAKE2S_160 NEW mac algo.
396 GCRY_MAC_HMAC_BLAKE2S_128 NEW mac algo.
397 GCRY_MAC_HMAC_SM3 NEW mac algo.
398 GCRY_MAC_HMAC_SHA512_256 NEW mac algo.
399 GCRY_MAC_HMAC_SHA512_224 NEW mac algo.
400 GCRY_MAC_CMAC_SM4 NEW mac algo.
402 Release-info: https://dev.gnupg.org/T4294
404 Release dates of 1.8.x versions:
405 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
406 Version 1.8.2 (2017-12-13)
407 Version 1.8.3 (2018-06-13)
408 Version 1.8.4 (2018-10-26)
409 Version 1.8.5 (2019-08-29)
410 Version 1.8.6 (2020-07-06)
411 Version 1.8.7 (2020-10-23)
414 Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1]
415 ------------------------------------------------
419 - Mitigate a local side-channel attack on Curve25519 dubbed "May
420 the Fourth be With You". [CVE-2017-0379] [also in 1.7.9]
422 - Add more extra bytes to the pool after reading a seed file.
424 - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
426 - Fix build problems with the Jitter RNG
428 - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
431 Noteworthy changes in version 1.8.0 (2017-07-18) [C22/A2/R0]
432 ------------------------------------------------
436 - New cipher mode XTS
438 - New hash function Blake-2
440 - New function gcry_mpi_point_copy.
442 - New function gcry_get_config.
444 - GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
446 - New global configuration file /etc/gcrypt/random.conf.
448 * Extended interfaces:
450 - GCRYCTL_PRINT_CONFIG does now also print build information for
451 libgpg-error and the used compiler version.
453 - GCRY_CIPHER_MODE_CFB8 is now supported.
455 - Add Stribog OIDs. [also in 1.7.4]
459 - A jitter based entropy collector is now used in addition to the
460 other entropy collectors.
462 - Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
464 - More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
467 - Add ARMv8/AArch32 assembly implementation for Twofish and
468 Camellia. [also in 1.7.4]
470 - Add bulk processing implementation for ARMv8/AArch32.
473 - Improve the DRBG performance and sync the code with the Linux
474 version. [also in 1.7.4]
478 - Libgpg-error 1.25 is now required. This avoids stalling of nPth
479 threads due to contention on internal Libgcrypt locks (e.g. the
482 - The system call clamp of libgpg-error is now used to wrap the
483 blocking read of /dev/random. This allows other nPth threads to
484 run while Libgcrypt is gathering entropy.
486 - When secure memory is requested by the MPI functions or by
487 gcry_xmalloc_secure, they do not anymore lead to a fatal error if
488 the secure memory pool is used up. Instead new pools are
489 allocated as needed. These new pools are not protected against
490 being swapped out (mlock can't be used). However, these days
491 this is considered a minor issue and can easily be mitigated by
492 using encrypted swap space. [also in 1.7.4]
496 - Fix AES CTR self-check detected failure in the SSSE3 based
497 implementation. [also in 1.7.6]
499 - Remove gratuitous select before the getrandom syscall.
502 - Fix regression in mlock detection. [bug#2870] [also in 1.7.5]
504 - Fix GOST 28147 CryptoPro-B S-box. [also in 1.7.4]
506 - Fix error code handling of mlock calls. [also in 1.7.4]
508 - Fix possible timing attack on EdDSA session key. [also in 1.7.7]
510 - Fix long standing bug in secure memory implementation which could
511 lead to a segv on free. [bug#3027] [also in 1.7.7]
513 - Mitigate a flush+reload side-channel attack on RSA secret keys
514 dubbed "Sliding right into disaster". For details see
515 <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] [also in 1.7.8]
517 * Interface changes relative to the 1.7.0 release:
518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
519 gcry_get_config NEW function.
520 gcry_mpi_point_copy NEW function.
521 GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro.
522 GCRY_MD_BLAKE2B_512 NEW constant.
523 GCRY_MD_BLAKE2B_384 NEW constant.
524 GCRY_MD_BLAKE2B_256 NEW constant.
525 GCRY_MD_BLAKE2B_160 NEW constant.
526 GCRY_MD_BLAKE2S_256 NEW constant.
527 GCRY_MD_BLAKE2S_224 NEW constant.
528 GCRY_MD_BLAKE2S_160 NEW constant.
529 GCRY_MD_BLAKE2S_128 NEW constant.
530 GCRY_CIPHER_MODE_XTS NEW constant.
531 gcry_md_info DEPRECATED.
533 * Release dates of 1.7.x versions:
534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
535 Version 1.7.10 (2018-06-13) [C21/A1/R10]
536 Version 1.7.9 (2017-08-27) [C21/A1/R9]
537 Version 1.7.8 (2017-06-29) [C21/A1/R8]
538 Version 1.7.7 (2017-06-02) [C21/A1/R7]
539 Version 1.7.6 (2017-01-18) [C21/A1/R6]
540 Version 1.7.5 (2016-12-15) [C21/A1/R5]
541 Version 1.7.4 (2016-12-09) [C21/A1/R4]
544 Noteworthy changes in version 1.7.3 (2016-08-17) [C21/A1/R3]
545 ------------------------------------------------
549 - Fix critical security bug in the RNG [CVE-2016-6313]. An
550 attacker who obtains 580 bytes from the standard RNG can
551 trivially predict the next 20 bytes of output. Problem
552 detected by Felix Dörre and Vladimir Klebanov, KIT.
554 - Fix building of some asm modules with older compilers and CPUs.
558 - ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
561 Noteworthy changes in version 1.7.2 (2016-07-14) [C21/A1/R2]
562 ------------------------------------------------
566 - Fix setting of the ECC cofactor if parameters are specified.
568 - Fix memory leak in the ECC code.
570 - Remove debug message about unsupported getrandom syscall.
572 - Fix build problems related to AVX use.
574 - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
578 - Improved fatal error message for wrong use of gcry_md_read.
580 - Disallow symmetric encryption/decryption if key is not set.
583 Noteworthy changes in version 1.7.1 (2016-06-15) [C21/A1/R1]
584 ------------------------------------------------
588 - Fix ecc_verify for cofactor support.
590 - Fix portability bug when using gcc with Solaris 9 SPARC.
592 - Build fix for OpenBSD/amd64
594 - Add OIDs to the Serpent ciphers.
598 - Use getrandom system call on Linux if available.
600 - Blinding is now also used for RSA signature creation.
602 - Changed names of debug envvars
605 Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0]
606 ------------------------------------------------
608 * New algorithms and modes:
610 - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
612 - SHAKE128 and SHAKE256 extendable-output hash algorithms.
614 - ChaCha20 stream cipher.
616 - Poly1305 message authentication algorithm
618 - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
623 - HMAC-MD2 for use by legacy applications.
625 * New curves for ECC:
631 - GOST R 34.10-2001 and GOST R 34.10-2012.
635 - Improved performance of KDF functions.
637 - Assembler optimized implementations of Blowfish and Serpent on
640 - Assembler optimized implementation of 3DES on x86.
642 - Improved AES using the SSSE3 based vector permutation method by
645 - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
646 about 20% faster than SSSE3 and more than 100% faster than the
647 generic C implementation.
649 - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
651 - 60-90% speedup for Whirlpool on x86.
653 - 300% speedup for RIPE MD-160.
655 - Up to 11 times speedup for CRC functions on x86.
659 - Improved ECDSA and FIPS 186-4 compliance.
661 - Support for Montgomery curves.
663 - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
666 - gcry_mpi_ec_sub to subtract two points on a curve.
668 - gcry_mpi_ec_decode_point to decode an MPI into a point object.
670 - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
672 - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
675 - Parameter "saltlen" to set a non-default salt length for RSA PSS.
677 - A SP800-90A conforming DRNG replaces the former X9.31 alternative
678 random number generator.
680 - Map deprecated RSA algo number to the RSA algo number for better
681 backward compatibility. [from 1.6.2]
683 - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
684 See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
687 - Fixed data-dependent timing variations in modular exponentiation
688 [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
689 are Practical]. [from 1.6.3]
691 - Flag "no-keytest" for ECC key generation. Due to a bug in
692 the parser that flag will also be accepted but ignored by older
693 version of Libgcrypt. [from 1.6.4]
695 - Speed up the random number generator by requiring less extra
696 seeding. [from 1.6.4]
698 - Always verify a created RSA signature to avoid private key leaks
699 due to hardware failures. [from 1.6.4]
701 - Mitigate side-channel attack on ECDH with Weierstrass curves
702 [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
703 details. [from 1.6.5]
707 - Moved locking out to libgpg-error.
709 - Support of the SYSROOT envvar in the build system.
711 - Refactor some code.
713 - The availability of a 64 bit integer type is now mandatory.
717 - Fixed message digest lookup by OID (regression in 1.6.0).
719 - Fixed a build problem on NetBSD
721 - Fixed memory leaks in ECC code.
723 - Fixed some asm build problems and feature detection bugs.
725 * Interface changes relative to the 1.6.0 release:
726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
727 gcry_cipher_final NEW macro.
728 GCRY_CIPHER_MODE_CFB8 NEW constant.
729 GCRY_CIPHER_MODE_OCB NEW.
730 GCRY_CIPHER_MODE_POLY1305 NEW.
731 gcry_cipher_set_sbox NEW macro.
732 gcry_mac_get_algo NEW.
733 GCRY_MAC_HMAC_MD2 NEW.
734 GCRY_MAC_HMAC_SHA3_224 NEW.
735 GCRY_MAC_HMAC_SHA3_256 NEW.
736 GCRY_MAC_HMAC_SHA3_384 NEW.
737 GCRY_MAC_HMAC_SHA3_512 NEW.
738 GCRY_MAC_POLY1305 NEW.
739 GCRY_MAC_POLY1305_AES NEW.
740 GCRY_MAC_POLY1305_CAMELLIA NEW.
741 GCRY_MAC_POLY1305_SEED NEW.
742 GCRY_MAC_POLY1305_SERPENT NEW.
743 GCRY_MAC_POLY1305_TWOFISH NEW.
745 GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
746 GCRY_MD_GOSTR3411_CP NEW.
747 GCRY_MD_SHA3_224 NEW.
748 GCRY_MD_SHA3_256 NEW.
749 GCRY_MD_SHA3_384 NEW.
750 GCRY_MD_SHA3_512 NEW.
751 GCRY_MD_SHAKE128 NEW.
752 GCRY_MD_SHAKE256 NEW.
753 gcry_mpi_ec_decode_point NEW.
755 GCRY_PK_EDDSA NEW constant.
756 GCRYCTL_GET_TAGLEN NEW.
757 GCRYCTL_SET_SBOX NEW.
758 GCRYCTL_SET_TAGLEN NEW.
759 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
762 Version 1.6.5 (2016-02-09) [C20/A0/R5]
763 Version 1.6.4 (2015-09-08) [C20/A0/R4]
764 Version 1.6.3 (2015-02-27) [C20/A0/R3]
765 Version 1.6.2 (2014-08-21) [C20/A0/R2]
766 Version 1.6.1 (2014-01-29) [C20/A0/R1]
769 Noteworthy changes in version 1.6.0 (2013-12-16) [C20/A0/R0]
770 ------------------------------------------------
772 * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
773 not anymore ABI compatible to previous versions if they used the ac
776 * Removed the module register subsystem.
778 * The deprecated message digest debug macros have been removed. Use
779 gcry_md_debug instead.
781 * Removed deprecated control codes.
783 * Improved performance of most cipher algorithms as well as for the
784 SHA family of hash functions.
786 * Added support for the IDEA cipher algorithm.
788 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
790 * Added limited support for the GOST 28147-89 cipher algorithm.
792 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
795 * Added a random number generator to directly use the system's RNG.
796 Also added an interface to prefer the use of a specified RNG.
798 * Added support for the SCRYPT algorithm.
800 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
801 secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
803 * Added support for Deterministic DSA as per RFC-6979.
805 * Added support for curve Ed25519.
807 * Added a scatter gather hash convenience function.
809 * Added several MPI amd SEXP helper functions.
811 * Added support for negative numbers to gcry_mpi_print,
812 gcry_mpi_aprint and gcry_mpi_scan.
814 * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
815 deprecated. Use GCRY_PK_ECC if you need an algorithm id.
817 * Changed gcry_pk_genkey for "ecc" to only include the curve name and
818 not the parameters. The flag "param" may be used to revert this.
820 * Added a feature to globally disable selected hardware features.
822 * Added debug helper functions.
824 * Interface changes relative to the 1.5.0 release:
825 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
828 gcry_module_t REMOVED.
829 gcry_cipher_register REMOVED.
830 gcry_cipher_unregister REMOVED.
831 gcry_cipher_list REMOVED.
832 gcry_pk_register REMOVED.
833 gcry_pk_unregister REMOVED.
834 gcry_pk_list REMOVED.
835 gcry_md_register REMOVED.
836 gcry_md_unregister REMOVED.
837 gcry_md_list REMOVED.
838 gcry_md_start_debug REMOVED (macro).
839 gcry_md_stop_debug REMOVED (macro).
840 GCRYCTL_SET_KEY REMOVED.
841 GCRYCTL_SET_IV REMOVED.
842 GCRYCTL_SET_CTR REMOVED.
843 GCRYCTL_DISABLE_ALGO CHANGED: Not anymore thread-safe.
844 gcry_pk_genkey CHANGED: ECC curve params not returned.
845 gcry_md_hash_buffers NEW.
847 GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
848 GCRYCTL_SET_PREFERRED_RNG_TYPE NEW.
849 GCRYCTL_GET_CURRENT_RNG_TYPE NEW.
850 GCRYCTL_CLOSE_RANDOM_DEVICE NEW.
851 GCRY_RNG_TYPE_STANDARD NEW.
852 GCRY_RNG_TYPE_FIPS NEW.
853 GCRY_RNG_TYPE_SYSTEM NEW.
858 gcry_mpi_set_opaque_copy NEW.
859 gcry_mpi_point_t NEW.
860 gcry_mpi_point_new NEW.
861 gcry_mpi_point_release NEW.
862 gcry_mpi_point_get NEW.
863 gcry_mpi_point_snatch_get NEW.
864 gcry_mpi_point_set NEW.
865 gcry_mpi_point_snatch_set NEW.
867 gcry_ctx_release NEW.
869 gcry_mpi_ec_get_mpi NEW.
870 gcry_mpi_ec_get_point NEW.
871 gcry_mpi_ec_set_mpi NEW.
872 gcry_mpi_ec_set_point NEW.
873 gcry_mpi_ec_get_affine NEW.
877 gcry_mpi_ec_curve_point NEW.
878 GCRYMPI_FLAG_IMMUTABLE NEW.
879 GCRYMPI_FLAG_CONST NEW.
880 GCRYMPI_FLAG_USER1 NEW.
881 GCRYMPI_FLAG_USER2 NEW.
882 GCRYMPI_FLAG_USER3 NEW.
883 GCRYMPI_FLAG_USER4 NEW.
884 GCRYMPI_CONST_ONE NEW.
885 GCRYMPI_CONST_TWO NEW.
886 GCRYMPI_CONST_THREE NEW.
887 GCRYMPI_CONST_FOUR NEW.
888 GCRYMPI_CONST_EIGHT NEW.
889 GCRYMPI_FMT_OPAQUE NEW.
890 GCRYPT_VERSION_NUMBER NEW.
892 gcry_pubkey_get_sexp NEW.
893 GCRYCTL_DISABLE_LOCKED_SECMEM NEW.
894 GCRYCTL_DISABLE_PRIV_DROP NEW.
895 GCRY_CIPHER_SALSA20 NEW.
896 gcry_sexp_nth_buffer NEW.
897 gcry_sexp_extract_param NEW.
898 GCRY_CIPHER_SALSA20R12 NEW.
899 GCRY_CIPHER_GOST28147 NEW.
900 GCRY_MD_GOSTR3411_94 NEW.
901 GCRY_MD_STRIBOG256 NEW.
902 GCRY_MD_STRIBOG512 NEW.
905 gcry_log_debughex NEW.
906 gcry_log_debugmpi NEW.
907 gcry_log_debugpnt NEW.
910 Noteworthy changes in version 1.5.0 (2011-06-29)
911 ------------------------------------------------
913 * New function gcry_kdf_derive implementing OpenPGP S2K algorithms
916 * Support for WindowsCE.
920 * Support for OAEP and PSS methods as described by RFC-3447.
922 * Fixed PKCS v1.5 code to always return the leading zero.
924 * New format specifiers "%M" and "%u" for gcry_sexp_build.
926 * Support opaque MPIs with "%m" and "%M" in gcry_sexp_build.
928 * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
929 parameters to a curve name and to retrieve parameter values.
931 * gcry_mpi_cmp applied to opaque values has a defined semantic now.
933 * Uses the Intel AES-NI instructions if available.
935 * The use of the deprecated Alternative Public Key Interface
936 (gcry_ac_*) will now print compile time warnings.
938 * The module register subsystem has been deprecated. This subsystem
939 is not flexible enough and would always require ABI changes to
940 extend the internal interfaces. It will eventually be removed.
941 Please contact us on the gcrypt-devel mailing list to discuss
942 whether you really need this feature or how it can be replaced by
943 an internal plugin mechanism.
945 * CTR mode may now be used with data chunks of arbitrary length.
947 * Changes also done in 1.4.6 (2010-07-13):
948 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
950 * New variants of the TIGER algorithm.
952 * New cipher algorithm mode for AES-WRAP.
954 * Changes also done in 1.4.5 (2009-12-11):
955 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
957 * Fixed minor memory leak in DSA key generation.
959 * No more switching to FIPS mode if /proc/version is not readable.
961 * Fixed sigill during Padlock detection on old CPUs.
963 * Fixed a hang on some W2000 machines.
965 * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
966 SHA-256 went up by 25%.
968 * Interface changes relative to the 1.4.6 release:
969 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
971 gcry_pk_get_curve NEW.
972 gcry_pk_get_param NEW.
973 GCRYCTL_DISABLE_HWF NEW.
975 gcry_pk_encrypt EXTENDED: Support OAEP.
976 gcry_pk_decrypt EXTENDED: Support OAEP.
977 gcry_pk_sign EXTENDED: Support PSS.
978 gcry_pk_verify EXTENDED: Support PSS.
979 gcry_sexp_build EXTENDED: Add format specifiers M and u.
981 * Interface changes relative to the 1.4.2 release:
982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
983 GCRY_CIPHER_MODE_AESWRAP NEW.
988 Noteworthy changes in version 1.4.4 (2009-01-22)
989 ------------------------------------------------
991 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
992 This functionality has been in Libgcrypt since 1.3.0.
994 * MD5 may now be used in non-enforced fips mode.
996 * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
998 * In fips mode, RSA keys are now generated using the X9.31 algorithm
999 and DSA keys using the FIPS 186-2 algorithm.
1001 * The transient-key flag is now also supported for DSA key
1002 generation. DSA domain parameters may be given as well.
1005 Noteworthy changes in version 1.4.3 (2008-09-18)
1006 ------------------------------------------------
1008 * Try to auto-initialize Libgcrypt to minimize the effect of
1009 applications not doing that correctly. This is not a perfect
1010 solution but given that many applicationion would totally fail
1011 without such a hack, we try to help at least with the most common
1012 cases. Folks, please read the manual to learn how to properly
1013 initialize Libgcrypt!
1015 * Auto-initialize the secure memory to 32k instead of aborting the
1018 * Log fatal errors via syslog.
1020 * Changed the name and the semantics of the fips mode config file.
1022 * Add convenience macro gcry_fips_mode_active.
1026 * Documentation cleanups.
1029 Noteworthy changes in version 1.4.2 (2008-09-08)
1030 ------------------------------------------------
1032 * The long missing gcry_mpi_lshift function has been added.
1034 * RSA key generation now supports a "transient-key" flag.
1036 * The keygrip computation for ECDSA has been implemented thus ECDSA
1037 is now fully supported.
1039 * A few macros have been replaced by functions for better type
1042 * The thread initialization structure now carries version
1045 * The manual describes more clearly how to initialize Libgcrypt.
1047 * The library may now be switched into a FIPS mode.
1049 * Interface changes relative to the 1.3.0 release:
1050 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1051 GCRYCTL_OPERATIONAL_P NEW.
1052 GCRYCTL_FIPS_MODE_P NEW.
1053 GCRYCTL_FORCE_FIPS_MODE NEW.
1054 gcry_cipher_setkey NEW: Replaces macro.
1055 gcry_cipher_setiv NEW: Replaces macro.
1056 gcry_cipher_setctr NEW: Replaces macro.
1057 gcry_mpi_lshift NEW.
1058 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1061 Noteworthy changes in version 1.4.1 (2008-04-25)
1062 ------------------------------------------------
1064 * Fixed a bug introduced by 1.3.1 which led to the comsumption of far
1065 too much entropy for the intial seeding.
1067 * Improved AES performance for CFB and CBC modes.
1069 * Removed build problems for the Padlock support.
1072 Noteworthy changes in version 1.4.0 (2007-12-10)
1073 ------------------------------------------------
1075 * New configure option --disable-padlock-support which is mostly
1076 useful in case of build problems.
1079 Noteworthy changes in version 1.3.2 (2007-12-03)
1080 ------------------------------------------------
1082 * The visibility attribute is now used if supported by the toolchain.
1084 * The ACE engine of VIA processors is now used for AES-128.
1086 * The ASN.1 DER template for SHA-224 has been fixed.
1089 Noteworthy changes in version 1.3.1 (2007-10-26)
1090 ------------------------------------------------
1092 * The entire library is now under the LGPL. The helper programs and
1093 the manual are under the GPL. Kudos to Peter Gutmann for giving
1094 permissions to relicense the rndw32 and rndunix modules.
1096 * The Camellia cipher is now under the LGPL and included by default.
1098 * Fixed a bug in the detection of symbol prefixes which inhibited the
1099 build of optimzied assembler code on certain systems.
1101 * Updated the entropy gatherer for W32.
1104 Noteworthy changes in version 1.3.0 (2007-05-04)
1105 ------------------------------------------------
1107 * Changed the way the RNG gets initialized. This allows to keep it
1108 uninitialized as long as no random numbers are used. To override
1109 this, the new macro gcry_fast_random_poll may be used. It is in
1110 general a good idea to spread this macro into the application code
1111 to make sure that these polls happen often enough.
1113 * Made the RNG immune against fork without exec.
1115 * Reading and writing the random seed file is now protected by a
1116 fcntl style file lock on systems that provide this function.
1118 * Support for SHA-224 and HMAC using SHA-384 and SHA-512.
1120 * Support for the SEED cipher.
1122 * Support for the Camellia cipher. Note that Camellia is disabled by
1123 default, and that enabling it changes the license of libgcrypt from
1126 * Support for OFB encryption mode.
1128 * gcry_mpi_rshift does not anymore truncate the shift count.
1130 * Reserved algorithm ranges for use by applications.
1134 * The new function gcry_md_debug should be used instead of the
1135 gcry_md_start_debug and gcry_md_stop_debug macros.
1137 * New configure option --enable-random-daemon to support a system
1138 wide random daemon. The daemon code is experimental and not yet
1139 very well working. It will eventually allow to keep a global
1140 random pool for the sake of short living processes.
1142 * Non executable stack support is now used by default on systems
1145 * Support for Microsoft Windows.
1147 * Assembler support for the AMD64 architecture.
1149 * New configure option --enable-mpi-path for optimized builds.
1151 * Experimental support for ECDSA; should only be used for testing.
1153 * New control code GCRYCTL_PRINT_CONFIG to print the build
1156 * Minor changes to some function declarations. Buffer arguments are
1157 now typed as void pointer. This should not affect any compilation.
1158 Fixed two bugs in return values and clarified documentation.
1160 * Interface changes relative to the 1.2.0 release:
1161 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1162 gcry_fast_random_poll NEW
1164 gcry_sexp_nth_string NEW
1166 GCRY_PK_USAGE_CERT NEW
1167 GCRY_PK_USAGE_AUTH NEW
1168 GCRY_PK_USAGE_UNKN NEW
1170 GCRY_CIPHER_SEED NEW
1171 GCRY_CIPHER_CAMELLIA128 NEW
1172 GCRY_CIPHER_CAMELLIA192 NEW
1173 GCRY_CIPHER_CAMELLIA256 NEW
1174 GCRYCTL_FAKED_RANDOM_P NEW
1175 GCRYCTL_PRINT_CONFIG NEW
1176 GCRYCTL_SET_RNDEGD_SOCKET NEW.
1177 gcry_mpi_scan CHANGED: Argument BUFFER is now void*.
1178 gcry_pk_algo_name CHANGED: Returns "?" instead of NULL.
1179 gcry_cipher_algo_name CHANGED: Returns "?" instead of "".
1180 gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr.
1181 gcry_md_write_t CHANGED: Argument BUF is now a const void*.
1182 gcry_md_ctl CHANGED: Argument BUFFER is now void*.
1183 gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*.
1184 gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*.
1185 gcry_sexp_sprint CHANGED: Argument BUFFER is now void*.
1186 gcry_create_nonce CHANGED: Argument BUFFER is now void*.
1187 gcry_randomize CHANGED: Argument BUFFER is now void*.
1188 gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.
1189 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1192 Noteworthy changes in version 1.2.0 (2004-04-15)
1193 ------------------------------------------------
1195 * First stable release.
1198 Noteworthy changes in version 1.1.94 (2004-03-29)
1199 -------------------------------------------------
1201 * The support for multi-threaded users goes into its third
1202 incarnation. We removed compile time support for thread libraries.
1203 To support the thread library of your choice, you have to set up
1204 callback handlers at initialization time. New data structures, a
1205 new control command, and default initializers are provided for this
1208 * Interface changes relative to the 1.1.93 release:
1209 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1210 libgcrypt-config --thread OBSOLETE
1211 libgcrypt-pth.la REMOVED
1212 libgcrypt-pthread.la REMOVED
1213 GCRYCTL_SET_THREAD_CBS NEW
1214 struct gcrypt_thread_cbs NEW
1215 enum gcry_thread_option NEW
1216 GCRY_THREAD_OPTION_PTH_IMPL NEW
1217 GCRY_THREAD_OPTION_PTHREAD_IMPL NEW
1218 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1220 Noteworthy changes in version 1.1.93 (2004-03-06)
1221 -------------------------------------------------
1223 * The automatic thread library detection has finally been removed.
1224 From now on, only linking explicitely to libgcrypt, libgcrypt-pth
1225 or libgcrypt-pthread is supported.
1227 Noteworthy changes in version 1.1.92 (2004-02-20)
1228 -------------------------------------------------
1232 * Included a limited implementation of RFC2268.
1234 * Changed API of the gcry_ac_ functions. Only a very few programs
1235 should be affected by this.
1237 * Interface changes relative to the 1.1.91 release:
1238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1239 GCRY_CIPHER_RFC2268_40 NEW.
1240 gcry_ac_data_set CHANGED: New argument FLAGS.
1241 gcry_ac_data_get_name CHANGED: New argument FLAGS.
1242 gcry_ac_data_get_index CHANGED: New argument FLAGS.
1243 gcry_ac_key_pair_generate CHANGED: New and reordered arguments.
1244 gcry_ac_key_test CHANGED: New argument HANDLE.
1245 gcry_ac_key_get_nbits CHANGED: New argument HANDLE.
1246 gcry_ac_key_get_grip CHANGED: New argument HANDLE.
1247 gcry_ac_data_search REMOVED.
1248 gcry_ac_data_add REMOVED.
1249 GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED.
1250 GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.
1253 Noteworthy changes in version 1.1.91 (2003-12-19)
1254 -------------------------------------------------
1256 * Code cleanups and minor bug fixes.
1259 Noteworthy changes in version 1.1.90 (2003-11-14)
1260 -------------------------------------------------
1262 * The use of the GCRY_WEAK_RANDOM level is now deprecated in favor of
1263 the new gcry_create_nonce function.
1265 * gcry_sexp_build now supports a "%b" format to include a memory buffer.
1267 * Minor configuration fixes.
1269 * Interface changes relative to the 1.1.44 release:
1270 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1271 gcry_create_nonce NEW
1272 gcry_sexp_build ENHANCED
1275 Noteworthy changes in version 1.1.44 (2003-10-31)
1276 -------------------------------------------------
1278 * Bug fixes and more code cleanups.
1280 * Enhanced the prime API.
1282 * Interface changes relative to the 1.1.43 release:
1283 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1284 gcry_prime_group_generator NEW
1285 gcry_prime_release_factors NEW
1288 Noteworthy changes in version 1.1.43 (2003-09-04)
1289 -------------------------------------------------
1291 * Bug fixes and internal code cleanups.
1293 * Support for the Serpent cipher algorithm.
1295 * Interface changes relative to the 1.1.42 release:
1296 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1297 gcry_prime_generate NEW
1298 gcry_prime_check NEW
1301 Noteworthy changes in version 1.1.42 (2003-07-31)
1302 -------------------------------------------------
1304 * Major API cleanup. Applications need to be converted to the new
1305 API. See README.apichanges for hints on how to do that. Backward
1306 compatibility is provided where it was possible without too much
1307 effort and did not collide with the overall sanitization effort.
1308 However, this is only for ease of transition. NO DEPRECATED
1309 FUNCTION OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND
1310 WILL BE DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE
1313 * If gcrypt.h is included in sources compiled by GCC 3.1 or later,
1314 deprecated attributes will warn about use of obsolete functions and
1315 type definitions. You can suppress these warnings by passing
1316 -Wno-deprecated-declarations to the gcc command.
1318 * gcry_check_version must be called from now on to initialize the
1319 library, it is not longer optional.
1321 * Removed `libgcrypt errno' concept.
1323 * Libgcrypt depends on libgpg-error, a library that provides error
1324 codes and according functions for all GnuPG components. Functions
1325 that used to return error codes asa `int' have been changed to
1326 return a code of type `gcry_error_t'. All GCRYERR_* error symbols
1327 have been removed, since they are now contained in libgpg-error
1328 (GPG_ERR_*). All functions and types in libgpg-error have also been
1329 wrapped in Libgcrypt. The new types are gcry_err_code_t and
1330 gcry_err_source_t. The new functions are gcry_err_code,
1331 gcry_err_source, gcry_error, gcry_err_make, gcry_error_from_errno,
1332 gcry_err_make_from_errno, gcry_err_code_from_errno,
1333 gcry_err_code_to_errno, gcry_strsource.
1335 * New function gcry_mpi_dump to help in debugging.
1337 * Added alternative interface for asymmetric cryptography.
1339 * CRC-32, CRC-32 a'la RFC 1510, CRC-24 a'la RFC 2440 are now
1342 * SHA-256, SHA-384 and SHA-512 are now supported.
1344 * 128 bit Twofish is now supported.
1346 * The random module won't print the "not enough random bytes
1347 available" anymore. A new progress status is issued instead.
1349 * CBC-MAC for block ciphers is now supported, by using a
1350 GCRY_CIPHER_CBC_MAC cipher flag.
1352 * CTR mode for block ciphers is now supported.
1354 * The public RSA exponent can now be specified in key generation.
1356 * RSA blinding is now supported and is used automatically for RSA
1357 decryption. It can be explicitely disabled by using the
1358 `no-blinding' symbol in the `flags' S-Expression or by using the
1359 GCRY_AC_FLAG_DATA_NO_BLINDING flag when using the ac interface.
1361 * gcry_sexp_canon_len does not use a `historically encoded' error
1365 * Interface changes relative to the 1.1.12 release:
1366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1367 GCRY_MPI DEPRECATED; Use: gcry_mpi_t
1368 GcryMPI DEPRECATED; Use: gcry_mpi_t
1369 GCRY_SEXP DEPRECATED; Use: gcry_sexp_t
1370 GcrySexp DEPRECATED; Use: gcry_sexp_t
1371 GCRY_CIPHER_HD DEPRECATED; Use: gcry_cipher_hd_t
1372 GcryCipherHd DEPRECATED; Use: gcry_cipher_hd_t
1373 GCRY_MD_HD DEPRECATED; Use: gcry_md_hd_t
1374 GcryMDHd DEPRECATED; Use: gcry_md_hd_t
1377 gcry_err_source_t NEW
1382 gcry_err_code_from_errno NEW
1383 gcry_err_code_to_errno NEW
1384 gcry_err_make_from_errno NEW
1385 gcry_error_from_errno NEW
1387 GCRYERR_{some error code} REMOVED; Use GPG_ERR_*
1388 from libgpg-error instead.
1390 gcry_sexp_canon_len CHANGED
1391 gcry_sexp_build_array NEW
1392 gcry_mpi_scan CHANGED: New argument to separate in/out args.
1393 gcry_mpi_print CHANGED: Ditto.
1395 gcry_cipher_open CHANGED
1396 gcry_cipher_reset NEW
1397 gcry_cipher_register NEW
1398 gcry_cipher_unregister NEW
1399 gcry_cipher_list NEW
1400 gcry_cipher_algo_keylen REPLACED macro with function.
1401 gcry_cipher_algo_blklen REPLACED macro with function.
1402 gcry_pk_register NEW
1403 gcry_pk_unregister NEW
1405 gcry_pk_decrypt ENHANCED: Allows flag to return
1406 complete S-expression.
1407 gcry_md_open CHANGED
1408 gcry_md_copy CHANGED
1409 gcry_md_is_enabled NEW
1410 gcry_md_is_secure NEW
1411 gcry_md_register NEW
1412 gcry_md_unregister NEW
1416 gcry_ac_key_pair_t NEW
1417 gcry_ac_handle_t NEW
1418 gcry_ac_key_spec_rsa_t NEW
1419 gcry_ac_data_new NEW
1420 gcry_ac_data_destroy NEW
1421 gcry_ac_data_set NEW
1422 gcry_ac_data_copy NEW
1423 gcry_ac_data_length NEW
1424 gcry_ac_data_get_name NEW
1425 gcry_ac_data_get_index NEW
1426 gcry_ac_data_clear NEW
1429 gcry_ac_key_init NEW
1430 gcry_ac_key_pair_generate NEW
1431 gcry_ac_key_pair_extract NEW
1432 gcry_ac_key_data_get NEW
1433 gcry_ac_key_test NEW
1434 gcry_ac_key_get_nbits NEW
1435 gcry_ac_key_get_grip NEW
1436 gcry_ac_key_destroy NEW
1437 gcry_ac_key_pair_destroy NEW
1438 gcry_ac_data_encrypt NEW
1439 gcry_ac_data_decrypt NEW
1440 gcry_ac_data_sign NEW
1441 gcry_ac_data_verify NEW
1442 gcry_ac_id_to_name NEW
1443 gcry_ac_name_to_id NEW
1444 gcry_handler_progress_t NEW
1445 gcry_handler_alloc_t NEW
1446 gcry_handler_secure_check_t NEW
1447 gcry_handle_realloc_t NEW
1448 gcry_handler_free_t NEW
1449 gcry_handler_no_mem_t NEW
1450 gcry_handler_error_t NEW
1451 gcry_handler_log_t NEW
1452 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1454 Noteworthy changes in version 1.1.12 (2003-01-20)
1455 -------------------------------------------------
1457 * gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
1458 optional pkcs1 flags parameter in the S-expression. A similar flag
1459 may be passed to gcry_pk_decrypt but it is only syntactically
1462 * New convenience macro gcry_md_get_asnoid.
1464 * There is now some real stuff in the manual.
1467 Noteworthy changes in version 1.1.11 (2002-12-21)
1468 -------------------------------------------------
1470 * Don't export internal symbols anymore (currently only for GNU systems)
1472 * New algorithm: MD4
1474 * Implemented ciphertext stealing.
1476 * Smaller bugs fixes and a few new OIDs.
1478 * Interface changes relative to the 1.1.8 release:
1479 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1481 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1484 Noteworthy changes in version 1.1.10 (2002-09-20)
1485 -------------------------------------------------
1487 * Fixed shared library builds for i386, PPC and Sparc.
1489 * Added simple benchmark tool.
1491 * Replaced the internal mutexes by code which automatically adapts to
1492 the used threading library. Currently Pth and Pthread are
1493 supported. For non-ELF systems the GNU toolchain is now required..
1495 * Added untested support to build Windows DLLs.
1497 Noteworthy changes in version 1.1.9 (2002-08-23)
1498 ------------------------------------------------
1500 * Support for plain old DES.
1503 Noteworthy changes in version 1.1.8 (2002-06-25)
1504 ------------------------------------------------
1506 * Minor cleanups and exported a few new functions.
1508 * Interface changes relative to the 1.1.7 release:
1509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1516 Noteworthy changes in version 1.1.7 (2002-05-21)
1517 ------------------------------------------------
1519 * Libgcrypt is now distributed under the terms of the GNU Lesser
1520 General Public License; see the README file for details.
1522 * It is possible to use libgcrypt w/o intialized secure memory.
1524 * Libgcrypt should now be thread safe after the initialization.
1525 gcry_control (GCRYCRL_INITIALIZATION_FINISHED,NULL,0) should have
1526 been called before creating additional threads.
1528 * Interface changes relative to the 1.1.6 release:
1529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1530 GCRYCTL_DISABLE_INTERNAL_LOCKING NEW
1531 GCRYCTL_DISABLE_SECMEM NEW
1532 GCRYCTL_INITIALIZATION_FINISHED NEW
1533 GCRYCTL_INITIALIZATION_FINISHED_P NEW
1534 GCRYCTL_ANY_INITIALIZATION_P NEW
1536 gcry_sexp_create NEW
1538 gcry_set_progress_handler NEW
1539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1541 Noteworthy changes in version 1.1.6 (2002-02-07)
1542 ------------------------------------------------
1544 * Enhanced the S-expression conversion functions.
1546 Noteworthy changes in version 1.1.5 (2001-12-18)
1547 ------------------------------------------------
1549 * gcry_{cipher,md}_map_name are now able to map stringified object IDs.
1551 * New functions gcry_sexp_canon_len and gcry_cipher_mode_from_oid.
1553 * Closed some memory leaks.
1556 Noteworthy changes in version 1.1.4 (2001-08-03)
1557 ------------------------------------------------
1559 * Arcfour does now work.
1563 * Added a first test program
1565 * Migrated to autoconf 2.52.
1568 Noteworthy changes in version 1.1.3 (2001-05-31)
1569 ------------------------------------------------
1571 * First release of Libgcrypt which is a result of splitting GnuPG
1572 into into libgcrypt and GnuPG.
1575 Copyright 2001, 2002, 2003, 2004, 2007, 2008,
1576 2009, 2011 Free Software Foundation, Inc.
1577 Copyright 2013 g10 Code GmbH
1579 This file is free software; as a special exception the author gives
1580 unlimited permission to copy and/or distribute it, with or without
1581 modifications, as long as this notice is preserved.
1583 This file is distributed in the hope that it will be useful, but
1584 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
1585 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.