1 Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3]
2 ------------------------------------------------
6 - Use blinding for ECDSA signing to mitigate a novel side-channel
7 attack. [#4011,CVE-2018-0495]
9 - Fix incorrect counter overflow handling for GCM when using an IV
10 size other than 96 bit. [#3764]
12 - Fix incorrect output of AES-keywrap mode for in-place encryption
15 - Fix the gcry_mpi_ec_curve_point point validation function.
17 - Fix rare assertion failure in gcry_prime_check.
20 Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2]
21 ------------------------------------------------
25 - Do not use /dev/srandom on OpenBSD.
27 - Fix test suite failure on systems with large pages. [#3351]
29 - Fix test suite to not use mmap on Windows.
31 - Fix fatal out of secure memory status in the s-expression parser
32 on heavy loaded systems.
36 - Backport the auto expand secmem feature from master for use by
37 the forthcoming GnuPG 2.2.4.
40 Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1]
41 ------------------------------------------------
45 - Mitigate a local side-channel attack on Curve25519 dubbed "May
46 the Fourth be With You". [CVE-2017-0379] [also in 1.7.9]
48 - Add more extra bytes to the pool after reading a seed file.
50 - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
52 - Fix build problems with the Jitter RNG
54 - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
57 Noteworthy changes in version 1.8.0 (2017-07-18) [C22/A2/R0]
58 ------------------------------------------------
64 - New hash function Blake-2
66 - New function gcry_mpi_point_copy.
68 - New function gcry_get_config.
70 - GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
72 - New global configuration file /etc/gcrypt/random.conf.
74 * Extended interfaces:
76 - GCRYCTL_PRINT_CONFIG does now also print build information for
77 libgpg-error and the used compiler version.
79 - GCRY_CIPHER_MODE_CFB8 is now supported.
81 - Add Stribog OIDs. [also in 1.7.4]
85 - A jitter based entropy collector is now used in addition to the
86 other entropy collectors.
88 - Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
90 - More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
93 - Add ARMv8/AArch32 assembly implementation for Twofish and
94 Camellia. [also in 1.7.4]
96 - Add bulk processing implementation for ARMv8/AArch32.
99 - Improve the DRBG performance and sync the code with the Linux
100 version. [also in 1.7.4]
104 - Libgpg-error 1.25 is now required. This avoids stalling of nPth
105 threads due to contention on internal Libgcrypt locks (e.g. the
108 - The system call clamp of libgpg-error is now used to wrap the
109 blocking read of /dev/random. This allows other nPth threads to
110 run while Libgcrypt is gathering entropy.
112 - When secure memory is requested by the MPI functions or by
113 gcry_xmalloc_secure, they do not anymore lead to a fatal error if
114 the secure memory pool is used up. Instead new pools are
115 allocated as needed. These new pools are not protected against
116 being swapped out (mlock can't be used). However, these days
117 this is considered a minor issue and can easily be mitigated by
118 using encrypted swap space. [also in 1.7.4]
122 - Fix AES CTR self-check detected failure in the SSSE3 based
123 implementation. [also in 1.7.6]
125 - Remove gratuitous select before the getrandom syscall.
128 - Fix regression in mlock detection. [bug#2870] [also in 1.7.5]
130 - Fix GOST 28147 CryptoPro-B S-box. [also in 1.7.4]
132 - Fix error code handling of mlock calls. [also in 1.7.4]
134 - Fix possible timing attack on EdDSA session key. [also in 1.7.7]
136 - Fix long standing bug in secure memory implementation which could
137 lead to a segv on free. [bug#3027] [also in 1.7.7]
139 - Mitigate a flush+reload side-channel attack on RSA secret keys
140 dubbed "Sliding right into disaster". For details see
141 <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] [also in 1.7.8]
143 * Interface changes relative to the 1.7.0 release:
144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
145 gcry_get_config NEW function.
146 gcry_mpi_point_copy NEW function.
147 GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro.
148 GCRY_MD_BLAKE2B_512 NEW constant.
149 GCRY_MD_BLAKE2B_384 NEW constant.
150 GCRY_MD_BLAKE2B_256 NEW constant.
151 GCRY_MD_BLAKE2B_160 NEW constant.
152 GCRY_MD_BLAKE2S_256 NEW constant.
153 GCRY_MD_BLAKE2S_224 NEW constant.
154 GCRY_MD_BLAKE2S_160 NEW constant.
155 GCRY_MD_BLAKE2S_128 NEW constant.
156 GCRY_CIPHER_MODE_XTS NEW constant.
157 gcry_md_info DEPRECATED.
159 * Release dates of 1.7.x versions:
160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
161 Version 1.7.8 (2017-06-29) [C21/A1/R8]
162 Version 1.7.7 (2017-06-02) [C21/A1/R7]
163 Version 1.7.6 (2017-01-18) [C21/A1/R6]
164 Version 1.7.5 (2016-12-15) [C21/A1/R5]
165 Version 1.7.4 (2016-12-09) [C21/A1/R4]
168 Noteworthy changes in version 1.7.3 (2016-08-17) [C21/A1/R3]
169 ------------------------------------------------
173 - Fix critical security bug in the RNG [CVE-2016-6313]. An
174 attacker who obtains 580 bytes from the standard RNG can
175 trivially predict the next 20 bytes of output. Problem
176 detected by Felix Dörre and Vladimir Klebanov, KIT.
178 - Fix building of some asm modules with older compilers and CPUs.
182 - ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
185 Noteworthy changes in version 1.7.2 (2016-07-14) [C21/A1/R2]
186 ------------------------------------------------
190 - Fix setting of the ECC cofactor if parameters are specified.
192 - Fix memory leak in the ECC code.
194 - Remove debug message about unsupported getrandom syscall.
196 - Fix build problems related to AVX use.
198 - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
202 - Improved fatal error message for wrong use of gcry_md_read.
204 - Disallow symmetric encryption/decryption if key is not set.
207 Noteworthy changes in version 1.7.1 (2016-06-15) [C21/A1/R1]
208 ------------------------------------------------
212 - Fix ecc_verify for cofactor support.
214 - Fix portability bug when using gcc with Solaris 9 SPARC.
216 - Build fix for OpenBSD/amd64
218 - Add OIDs to the Serpent ciphers.
222 - Use getrandom system call on Linux if available.
224 - Blinding is now also used for RSA signature creation.
226 - Changed names of debug envvars
229 Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0]
230 ------------------------------------------------
232 * New algorithms and modes:
234 - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
236 - SHAKE128 and SHAKE256 extendable-output hash algorithms.
238 - ChaCha20 stream cipher.
240 - Poly1305 message authentication algorithm
242 - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
247 - HMAC-MD2 for use by legacy applications.
249 * New curves for ECC:
255 - GOST R 34.10-2001 and GOST R 34.10-2012.
259 - Improved performance of KDF functions.
261 - Assembler optimized implementations of Blowfish and Serpent on
264 - Assembler optimized implementation of 3DES on x86.
266 - Improved AES using the SSSE3 based vector permutation method by
269 - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
270 about 20% faster than SSSE3 and more than 100% faster than the
271 generic C implementation.
273 - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
275 - 60-90% speedup for Whirlpool on x86.
277 - 300% speedup for RIPE MD-160.
279 - Up to 11 times speedup for CRC functions on x86.
283 - Improved ECDSA and FIPS 186-4 compliance.
285 - Support for Montgomery curves.
287 - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
290 - gcry_mpi_ec_sub to subtract two points on a curve.
292 - gcry_mpi_ec_decode_point to decode an MPI into a point object.
294 - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
296 - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
299 - Parameter "saltlen" to set a non-default salt length for RSA PSS.
301 - A SP800-90A conforming DRNG replaces the former X9.31 alternative
302 random number generator.
304 - Map deprecated RSA algo number to the RSA algo number for better
305 backward compatibility. [from 1.6.2]
307 - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
308 See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
311 - Fixed data-dependent timing variations in modular exponentiation
312 [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
313 are Practical]. [from 1.6.3]
315 - Flag "no-keytest" for ECC key generation. Due to a bug in
316 the parser that flag will also be accepted but ignored by older
317 version of Libgcrypt. [from 1.6.4]
319 - Speed up the random number generator by requiring less extra
320 seeding. [from 1.6.4]
322 - Always verify a created RSA signature to avoid private key leaks
323 due to hardware failures. [from 1.6.4]
325 - Mitigate side-channel attack on ECDH with Weierstrass curves
326 [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
327 details. [from 1.6.5]
331 - Moved locking out to libgpg-error.
333 - Support of the SYSROOT envvar in the build system.
335 - Refactor some code.
337 - The availability of a 64 bit integer type is now mandatory.
341 - Fixed message digest lookup by OID (regression in 1.6.0).
343 - Fixed a build problem on NetBSD
345 - Fixed memory leaks in ECC code.
347 - Fixed some asm build problems and feature detection bugs.
349 * Interface changes relative to the 1.6.0 release:
350 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
351 gcry_cipher_final NEW macro.
352 GCRY_CIPHER_MODE_CFB8 NEW constant.
353 GCRY_CIPHER_MODE_OCB NEW.
354 GCRY_CIPHER_MODE_POLY1305 NEW.
355 gcry_cipher_set_sbox NEW macro.
356 gcry_mac_get_algo NEW.
357 GCRY_MAC_HMAC_MD2 NEW.
358 GCRY_MAC_HMAC_SHA3_224 NEW.
359 GCRY_MAC_HMAC_SHA3_256 NEW.
360 GCRY_MAC_HMAC_SHA3_384 NEW.
361 GCRY_MAC_HMAC_SHA3_512 NEW.
362 GCRY_MAC_POLY1305 NEW.
363 GCRY_MAC_POLY1305_AES NEW.
364 GCRY_MAC_POLY1305_CAMELLIA NEW.
365 GCRY_MAC_POLY1305_SEED NEW.
366 GCRY_MAC_POLY1305_SERPENT NEW.
367 GCRY_MAC_POLY1305_TWOFISH NEW.
369 GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
370 GCRY_MD_GOSTR3411_CP NEW.
371 GCRY_MD_SHA3_224 NEW.
372 GCRY_MD_SHA3_256 NEW.
373 GCRY_MD_SHA3_384 NEW.
374 GCRY_MD_SHA3_512 NEW.
375 GCRY_MD_SHAKE128 NEW.
376 GCRY_MD_SHAKE256 NEW.
377 gcry_mpi_ec_decode_point NEW.
379 GCRY_PK_EDDSA NEW constant.
380 GCRYCTL_GET_TAGLEN NEW.
381 GCRYCTL_SET_SBOX NEW.
382 GCRYCTL_SET_TAGLEN NEW.
383 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
386 Version 1.6.5 (2016-02-09) [C20/A0/R5]
387 Version 1.6.4 (2015-09-08) [C20/A0/R4]
388 Version 1.6.3 (2015-02-27) [C20/A0/R3]
389 Version 1.6.2 (2014-08-21) [C20/A0/R2]
390 Version 1.6.1 (2014-01-29) [C20/A0/R1]
393 Noteworthy changes in version 1.6.0 (2013-12-16) [C20/A0/R0]
394 ------------------------------------------------
396 * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
397 not anymore ABI compatible to previous versions if they used the ac
400 * Removed the module register subsystem.
402 * The deprecated message digest debug macros have been removed. Use
403 gcry_md_debug instead.
405 * Removed deprecated control codes.
407 * Improved performance of most cipher algorithms as well as for the
408 SHA family of hash functions.
410 * Added support for the IDEA cipher algorithm.
412 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
414 * Added limited support for the GOST 28147-89 cipher algorithm.
416 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
419 * Added a random number generator to directly use the system's RNG.
420 Also added an interface to prefer the use of a specified RNG.
422 * Added support for the SCRYPT algorithm.
424 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
425 secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
427 * Added support for Deterministic DSA as per RFC-6979.
429 * Added support for curve Ed25519.
431 * Added a scatter gather hash convenience function.
433 * Added several MPI amd SEXP helper functions.
435 * Added support for negative numbers to gcry_mpi_print,
436 gcry_mpi_aprint and gcry_mpi_scan.
438 * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
439 deprecated. Use GCRY_PK_ECC if you need an algorithm id.
441 * Changed gcry_pk_genkey for "ecc" to only include the curve name and
442 not the parameters. The flag "param" may be used to revert this.
444 * Added a feature to globally disable selected hardware features.
446 * Added debug helper functions.
448 * Interface changes relative to the 1.5.0 release:
449 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
452 gcry_module_t REMOVED.
453 gcry_cipher_register REMOVED.
454 gcry_cipher_unregister REMOVED.
455 gcry_cipher_list REMOVED.
456 gcry_pk_register REMOVED.
457 gcry_pk_unregister REMOVED.
458 gcry_pk_list REMOVED.
459 gcry_md_register REMOVED.
460 gcry_md_unregister REMOVED.
461 gcry_md_list REMOVED.
462 gcry_md_start_debug REMOVED (macro).
463 gcry_md_stop_debug REMOVED (macro).
464 GCRYCTL_SET_KEY REMOVED.
465 GCRYCTL_SET_IV REMOVED.
466 GCRYCTL_SET_CTR REMOVED.
467 GCRYCTL_DISABLE_ALGO CHANGED: Not anymore thread-safe.
468 gcry_pk_genkey CHANGED: ECC curve params not returned.
469 gcry_md_hash_buffers NEW.
471 GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
472 GCRYCTL_SET_PREFERRED_RNG_TYPE NEW.
473 GCRYCTL_GET_CURRENT_RNG_TYPE NEW.
474 GCRYCTL_CLOSE_RANDOM_DEVICE NEW.
475 GCRY_RNG_TYPE_STANDARD NEW.
476 GCRY_RNG_TYPE_FIPS NEW.
477 GCRY_RNG_TYPE_SYSTEM NEW.
482 gcry_mpi_set_opaque_copy NEW.
483 gcry_mpi_point_t NEW.
484 gcry_mpi_point_new NEW.
485 gcry_mpi_point_release NEW.
486 gcry_mpi_point_get NEW.
487 gcry_mpi_point_snatch_get NEW.
488 gcry_mpi_point_set NEW.
489 gcry_mpi_point_snatch_set NEW.
491 gcry_ctx_release NEW.
493 gcry_mpi_ec_get_mpi NEW.
494 gcry_mpi_ec_get_point NEW.
495 gcry_mpi_ec_set_mpi NEW.
496 gcry_mpi_ec_set_point NEW.
497 gcry_mpi_ec_get_affine NEW.
501 gcry_mpi_ec_curve_point NEW.
502 GCRYMPI_FLAG_IMMUTABLE NEW.
503 GCRYMPI_FLAG_CONST NEW.
504 GCRYMPI_FLAG_USER1 NEW.
505 GCRYMPI_FLAG_USER2 NEW.
506 GCRYMPI_FLAG_USER3 NEW.
507 GCRYMPI_FLAG_USER4 NEW.
508 GCRYMPI_CONST_ONE NEW.
509 GCRYMPI_CONST_TWO NEW.
510 GCRYMPI_CONST_THREE NEW.
511 GCRYMPI_CONST_FOUR NEW.
512 GCRYMPI_CONST_EIGHT NEW.
513 GCRYMPI_FMT_OPAQUE NEW.
514 GCRYPT_VERSION_NUMBER NEW.
516 gcry_pubkey_get_sexp NEW.
517 GCRYCTL_DISABLE_LOCKED_SECMEM NEW.
518 GCRYCTL_DISABLE_PRIV_DROP NEW.
519 GCRY_CIPHER_SALSA20 NEW.
520 gcry_sexp_nth_buffer NEW.
521 gcry_sexp_extract_param NEW.
522 GCRY_CIPHER_SALSA20R12 NEW.
523 GCRY_CIPHER_GOST28147 NEW.
524 GCRY_MD_GOSTR3411_94 NEW.
525 GCRY_MD_STRIBOG256 NEW.
526 GCRY_MD_STRIBOG512 NEW.
529 gcry_log_debughex NEW.
530 gcry_log_debugmpi NEW.
531 gcry_log_debugpnt NEW.
534 Noteworthy changes in version 1.5.0 (2011-06-29)
535 ------------------------------------------------
537 * New function gcry_kdf_derive implementing OpenPGP S2K algorithms
540 * Support for WindowsCE.
544 * Support for OAEP and PSS methods as described by RFC-3447.
546 * Fixed PKCS v1.5 code to always return the leading zero.
548 * New format specifiers "%M" and "%u" for gcry_sexp_build.
550 * Support opaque MPIs with "%m" and "%M" in gcry_sexp_build.
552 * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
553 parameters to a curve name and to retrieve parameter values.
555 * gcry_mpi_cmp applied to opaque values has a defined semantic now.
557 * Uses the Intel AES-NI instructions if available.
559 * The use of the deprecated Alternative Public Key Interface
560 (gcry_ac_*) will now print compile time warnings.
562 * The module register subsystem has been deprecated. This subsystem
563 is not flexible enough and would always require ABI changes to
564 extend the internal interfaces. It will eventually be removed.
565 Please contact us on the gcrypt-devel mailing list to discuss
566 whether you really need this feature or how it can be replaced by
567 an internal plugin mechanism.
569 * CTR mode may now be used with data chunks of arbitrary length.
571 * Changes also done in 1.4.6 (2010-07-13):
572 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
574 * New variants of the TIGER algorithm.
576 * New cipher algorithm mode for AES-WRAP.
578 * Changes also done in 1.4.5 (2009-12-11):
579 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
581 * Fixed minor memory leak in DSA key generation.
583 * No more switching to FIPS mode if /proc/version is not readable.
585 * Fixed sigill during Padlock detection on old CPUs.
587 * Fixed a hang on some W2000 machines.
589 * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
590 SHA-256 went up by 25%.
592 * Interface changes relative to the 1.4.6 release:
593 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
595 gcry_pk_get_curve NEW.
596 gcry_pk_get_param NEW.
597 GCRYCTL_DISABLE_HWF NEW.
599 gcry_pk_encrypt EXTENDED: Support OAEP.
600 gcry_pk_decrypt EXTENDED: Support OAEP.
601 gcry_pk_sign EXTENDED: Support PSS.
602 gcry_pk_verify EXTENDED: Support PSS.
603 gcry_sexp_build EXTENDED: Add format specifiers M and u.
605 * Interface changes relative to the 1.4.2 release:
606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
607 GCRY_CIPHER_MODE_AESWRAP NEW.
612 Noteworthy changes in version 1.4.4 (2009-01-22)
613 ------------------------------------------------
615 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
616 This functionality has been in Libgcrypt since 1.3.0.
618 * MD5 may now be used in non-enforced fips mode.
620 * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
622 * In fips mode, RSA keys are now generated using the X9.31 algorithm
623 and DSA keys using the FIPS 186-2 algorithm.
625 * The transient-key flag is now also supported for DSA key
626 generation. DSA domain parameters may be given as well.
629 Noteworthy changes in version 1.4.3 (2008-09-18)
630 ------------------------------------------------
632 * Try to auto-initialize Libgcrypt to minimize the effect of
633 applications not doing that correctly. This is not a perfect
634 solution but given that many applicationion would totally fail
635 without such a hack, we try to help at least with the most common
636 cases. Folks, please read the manual to learn how to properly
637 initialize Libgcrypt!
639 * Auto-initialize the secure memory to 32k instead of aborting the
642 * Log fatal errors via syslog.
644 * Changed the name and the semantics of the fips mode config file.
646 * Add convenience macro gcry_fips_mode_active.
650 * Documentation cleanups.
653 Noteworthy changes in version 1.4.2 (2008-09-08)
654 ------------------------------------------------
656 * The long missing gcry_mpi_lshift function has been added.
658 * RSA key generation now supports a "transient-key" flag.
660 * The keygrip computation for ECDSA has been implemented thus ECDSA
661 is now fully supported.
663 * A few macros have been replaced by functions for better type
666 * The thread initialization structure now carries version
669 * The manual describes more clearly how to initialize Libgcrypt.
671 * The library may now be switched into a FIPS mode.
673 * Interface changes relative to the 1.3.0 release:
674 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
675 GCRYCTL_OPERATIONAL_P NEW.
676 GCRYCTL_FIPS_MODE_P NEW.
677 GCRYCTL_FORCE_FIPS_MODE NEW.
678 gcry_cipher_setkey NEW: Replaces macro.
679 gcry_cipher_setiv NEW: Replaces macro.
680 gcry_cipher_setctr NEW: Replaces macro.
682 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
685 Noteworthy changes in version 1.4.1 (2008-04-25)
686 ------------------------------------------------
688 * Fixed a bug introduced by 1.3.1 which led to the comsumption of far
689 too much entropy for the intial seeding.
691 * Improved AES performance for CFB and CBC modes.
693 * Removed build problems for the Padlock support.
696 Noteworthy changes in version 1.4.0 (2007-12-10)
697 ------------------------------------------------
699 * New configure option --disable-padlock-support which is mostly
700 useful in case of build problems.
703 Noteworthy changes in version 1.3.2 (2007-12-03)
704 ------------------------------------------------
706 * The visibility attribute is now used if supported by the toolchain.
708 * The ACE engine of VIA processors is now used for AES-128.
710 * The ASN.1 DER template for SHA-224 has been fixed.
713 Noteworthy changes in version 1.3.1 (2007-10-26)
714 ------------------------------------------------
716 * The entire library is now under the LGPL. The helper programs and
717 the manual are under the GPL. Kudos to Peter Gutmann for giving
718 permissions to relicense the rndw32 and rndunix modules.
720 * The Camellia cipher is now under the LGPL and included by default.
722 * Fixed a bug in the detection of symbol prefixes which inhibited the
723 build of optimzied assembler code on certain systems.
725 * Updated the entropy gatherer for W32.
728 Noteworthy changes in version 1.3.0 (2007-05-04)
729 ------------------------------------------------
731 * Changed the way the RNG gets initialized. This allows to keep it
732 uninitialized as long as no random numbers are used. To override
733 this, the new macro gcry_fast_random_poll may be used. It is in
734 general a good idea to spread this macro into the application code
735 to make sure that these polls happen often enough.
737 * Made the RNG immune against fork without exec.
739 * Reading and writing the random seed file is now protected by a
740 fcntl style file lock on systems that provide this function.
742 * Support for SHA-224 and HMAC using SHA-384 and SHA-512.
744 * Support for the SEED cipher.
746 * Support for the Camellia cipher. Note that Camellia is disabled by
747 default, and that enabling it changes the license of libgcrypt from
750 * Support for OFB encryption mode.
752 * gcry_mpi_rshift does not anymore truncate the shift count.
754 * Reserved algorithm ranges for use by applications.
758 * The new function gcry_md_debug should be used instead of the
759 gcry_md_start_debug and gcry_md_stop_debug macros.
761 * New configure option --enable-random-daemon to support a system
762 wide random daemon. The daemon code is experimental and not yet
763 very well working. It will eventually allow to keep a global
764 random pool for the sake of short living processes.
766 * Non executable stack support is now used by default on systems
769 * Support for Microsoft Windows.
771 * Assembler support for the AMD64 architecture.
773 * New configure option --enable-mpi-path for optimized builds.
775 * Experimental support for ECDSA; should only be used for testing.
777 * New control code GCRYCTL_PRINT_CONFIG to print the build
780 * Minor changes to some function declarations. Buffer arguments are
781 now typed as void pointer. This should not affect any compilation.
782 Fixed two bugs in return values and clarified documentation.
784 * Interface changes relative to the 1.2.0 release:
785 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
786 gcry_fast_random_poll NEW
788 gcry_sexp_nth_string NEW
790 GCRY_PK_USAGE_CERT NEW
791 GCRY_PK_USAGE_AUTH NEW
792 GCRY_PK_USAGE_UNKN NEW
795 GCRY_CIPHER_CAMELLIA128 NEW
796 GCRY_CIPHER_CAMELLIA192 NEW
797 GCRY_CIPHER_CAMELLIA256 NEW
798 GCRYCTL_FAKED_RANDOM_P NEW
799 GCRYCTL_PRINT_CONFIG NEW
800 GCRYCTL_SET_RNDEGD_SOCKET NEW.
801 gcry_mpi_scan CHANGED: Argument BUFFER is now void*.
802 gcry_pk_algo_name CHANGED: Returns "?" instead of NULL.
803 gcry_cipher_algo_name CHANGED: Returns "?" instead of "".
804 gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr.
805 gcry_md_write_t CHANGED: Argument BUF is now a const void*.
806 gcry_md_ctl CHANGED: Argument BUFFER is now void*.
807 gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*.
808 gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*.
809 gcry_sexp_sprint CHANGED: Argument BUFFER is now void*.
810 gcry_create_nonce CHANGED: Argument BUFFER is now void*.
811 gcry_randomize CHANGED: Argument BUFFER is now void*.
812 gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.
813 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
816 Noteworthy changes in version 1.2.0 (2004-04-15)
817 ------------------------------------------------
819 * First stable release.
822 Noteworthy changes in version 1.1.94 (2004-03-29)
823 -------------------------------------------------
825 * The support for multi-threaded users goes into its third
826 incarnation. We removed compile time support for thread libraries.
827 To support the thread library of your choice, you have to set up
828 callback handlers at initialization time. New data structures, a
829 new control command, and default initializers are provided for this
832 * Interface changes relative to the 1.1.93 release:
833 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
834 libgcrypt-config --thread OBSOLETE
835 libgcrypt-pth.la REMOVED
836 libgcrypt-pthread.la REMOVED
837 GCRYCTL_SET_THREAD_CBS NEW
838 struct gcrypt_thread_cbs NEW
839 enum gcry_thread_option NEW
840 GCRY_THREAD_OPTION_PTH_IMPL NEW
841 GCRY_THREAD_OPTION_PTHREAD_IMPL NEW
842 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
844 Noteworthy changes in version 1.1.93 (2004-03-06)
845 -------------------------------------------------
847 * The automatic thread library detection has finally been removed.
848 From now on, only linking explicitely to libgcrypt, libgcrypt-pth
849 or libgcrypt-pthread is supported.
851 Noteworthy changes in version 1.1.92 (2004-02-20)
852 -------------------------------------------------
856 * Included a limited implementation of RFC2268.
858 * Changed API of the gcry_ac_ functions. Only a very few programs
859 should be affected by this.
861 * Interface changes relative to the 1.1.91 release:
862 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
863 GCRY_CIPHER_RFC2268_40 NEW.
864 gcry_ac_data_set CHANGED: New argument FLAGS.
865 gcry_ac_data_get_name CHANGED: New argument FLAGS.
866 gcry_ac_data_get_index CHANGED: New argument FLAGS.
867 gcry_ac_key_pair_generate CHANGED: New and reordered arguments.
868 gcry_ac_key_test CHANGED: New argument HANDLE.
869 gcry_ac_key_get_nbits CHANGED: New argument HANDLE.
870 gcry_ac_key_get_grip CHANGED: New argument HANDLE.
871 gcry_ac_data_search REMOVED.
872 gcry_ac_data_add REMOVED.
873 GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED.
874 GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.
877 Noteworthy changes in version 1.1.91 (2003-12-19)
878 -------------------------------------------------
880 * Code cleanups and minor bug fixes.
883 Noteworthy changes in version 1.1.90 (2003-11-14)
884 -------------------------------------------------
886 * The use of the GCRY_WEAK_RANDOM level is now deprecated in favor of
887 the new gcry_create_nonce function.
889 * gcry_sexp_build now supports a "%b" format to include a memory buffer.
891 * Minor configuration fixes.
893 * Interface changes relative to the 1.1.44 release:
894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
895 gcry_create_nonce NEW
896 gcry_sexp_build ENHANCED
899 Noteworthy changes in version 1.1.44 (2003-10-31)
900 -------------------------------------------------
902 * Bug fixes and more code cleanups.
904 * Enhanced the prime API.
906 * Interface changes relative to the 1.1.43 release:
907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
908 gcry_prime_group_generator NEW
909 gcry_prime_release_factors NEW
912 Noteworthy changes in version 1.1.43 (2003-09-04)
913 -------------------------------------------------
915 * Bug fixes and internal code cleanups.
917 * Support for the Serpent cipher algorithm.
919 * Interface changes relative to the 1.1.42 release:
920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
921 gcry_prime_generate NEW
925 Noteworthy changes in version 1.1.42 (2003-07-31)
926 -------------------------------------------------
928 * Major API cleanup. Applications need to be converted to the new
929 API. See README.apichanges for hints on how to do that. Backward
930 compatibility is provided where it was possible without too much
931 effort and did not collide with the overall sanitization effort.
932 However, this is only for ease of transition. NO DEPRECATED
933 FUNCTION OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND
934 WILL BE DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE
937 * If gcrypt.h is included in sources compiled by GCC 3.1 or later,
938 deprecated attributes will warn about use of obsolete functions and
939 type definitions. You can suppress these warnings by passing
940 -Wno-deprecated-declarations to the gcc command.
942 * gcry_check_version must be called from now on to initialize the
943 library, it is not longer optional.
945 * Removed `libgcrypt errno' concept.
947 * Libgcrypt depends on libgpg-error, a library that provides error
948 codes and according functions for all GnuPG components. Functions
949 that used to return error codes asa `int' have been changed to
950 return a code of type `gcry_error_t'. All GCRYERR_* error symbols
951 have been removed, since they are now contained in libgpg-error
952 (GPG_ERR_*). All functions and types in libgpg-error have also been
953 wrapped in Libgcrypt. The new types are gcry_err_code_t and
954 gcry_err_source_t. The new functions are gcry_err_code,
955 gcry_err_source, gcry_error, gcry_err_make, gcry_error_from_errno,
956 gcry_err_make_from_errno, gcry_err_code_from_errno,
957 gcry_err_code_to_errno, gcry_strsource.
959 * New function gcry_mpi_dump to help in debugging.
961 * Added alternative interface for asymmetric cryptography.
963 * CRC-32, CRC-32 a'la RFC 1510, CRC-24 a'la RFC 2440 are now
966 * SHA-256, SHA-384 and SHA-512 are now supported.
968 * 128 bit Twofish is now supported.
970 * The random module won't print the "not enough random bytes
971 available" anymore. A new progress status is issued instead.
973 * CBC-MAC for block ciphers is now supported, by using a
974 GCRY_CIPHER_CBC_MAC cipher flag.
976 * CTR mode for block ciphers is now supported.
978 * The public RSA exponent can now be specified in key generation.
980 * RSA blinding is now supported and is used automatically for RSA
981 decryption. It can be explicitely disabled by using the
982 `no-blinding' symbol in the `flags' S-Expression or by using the
983 GCRY_AC_FLAG_DATA_NO_BLINDING flag when using the ac interface.
985 * gcry_sexp_canon_len does not use a `historically encoded' error
989 * Interface changes relative to the 1.1.12 release:
990 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
991 GCRY_MPI DEPRECATED; Use: gcry_mpi_t
992 GcryMPI DEPRECATED; Use: gcry_mpi_t
993 GCRY_SEXP DEPRECATED; Use: gcry_sexp_t
994 GcrySexp DEPRECATED; Use: gcry_sexp_t
995 GCRY_CIPHER_HD DEPRECATED; Use: gcry_cipher_hd_t
996 GcryCipherHd DEPRECATED; Use: gcry_cipher_hd_t
997 GCRY_MD_HD DEPRECATED; Use: gcry_md_hd_t
998 GcryMDHd DEPRECATED; Use: gcry_md_hd_t
1001 gcry_err_source_t NEW
1006 gcry_err_code_from_errno NEW
1007 gcry_err_code_to_errno NEW
1008 gcry_err_make_from_errno NEW
1009 gcry_error_from_errno NEW
1011 GCRYERR_{some error code} REMOVED; Use GPG_ERR_*
1012 from libgpg-error instead.
1014 gcry_sexp_canon_len CHANGED
1015 gcry_sexp_build_array NEW
1016 gcry_mpi_scan CHANGED: New argument to separate in/out args.
1017 gcry_mpi_print CHANGED: Ditto.
1019 gcry_cipher_open CHANGED
1020 gcry_cipher_reset NEW
1021 gcry_cipher_register NEW
1022 gcry_cipher_unregister NEW
1023 gcry_cipher_list NEW
1024 gcry_cipher_algo_keylen REPLACED macro with function.
1025 gcry_cipher_algo_blklen REPLACED macro with function.
1026 gcry_pk_register NEW
1027 gcry_pk_unregister NEW
1029 gcry_pk_decrypt ENHANCED: Allows flag to return
1030 complete S-expression.
1031 gcry_md_open CHANGED
1032 gcry_md_copy CHANGED
1033 gcry_md_is_enabled NEW
1034 gcry_md_is_secure NEW
1035 gcry_md_register NEW
1036 gcry_md_unregister NEW
1040 gcry_ac_key_pair_t NEW
1041 gcry_ac_handle_t NEW
1042 gcry_ac_key_spec_rsa_t NEW
1043 gcry_ac_data_new NEW
1044 gcry_ac_data_destroy NEW
1045 gcry_ac_data_set NEW
1046 gcry_ac_data_copy NEW
1047 gcry_ac_data_length NEW
1048 gcry_ac_data_get_name NEW
1049 gcry_ac_data_get_index NEW
1050 gcry_ac_data_clear NEW
1053 gcry_ac_key_init NEW
1054 gcry_ac_key_pair_generate NEW
1055 gcry_ac_key_pair_extract NEW
1056 gcry_ac_key_data_get NEW
1057 gcry_ac_key_test NEW
1058 gcry_ac_key_get_nbits NEW
1059 gcry_ac_key_get_grip NEW
1060 gcry_ac_key_destroy NEW
1061 gcry_ac_key_pair_destroy NEW
1062 gcry_ac_data_encrypt NEW
1063 gcry_ac_data_decrypt NEW
1064 gcry_ac_data_sign NEW
1065 gcry_ac_data_verify NEW
1066 gcry_ac_id_to_name NEW
1067 gcry_ac_name_to_id NEW
1068 gcry_handler_progress_t NEW
1069 gcry_handler_alloc_t NEW
1070 gcry_handler_secure_check_t NEW
1071 gcry_handle_realloc_t NEW
1072 gcry_handler_free_t NEW
1073 gcry_handler_no_mem_t NEW
1074 gcry_handler_error_t NEW
1075 gcry_handler_log_t NEW
1076 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1078 Noteworthy changes in version 1.1.12 (2003-01-20)
1079 -------------------------------------------------
1081 * gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
1082 optional pkcs1 flags parameter in the S-expression. A similar flag
1083 may be passed to gcry_pk_decrypt but it is only syntactically
1086 * New convenience macro gcry_md_get_asnoid.
1088 * There is now some real stuff in the manual.
1091 Noteworthy changes in version 1.1.11 (2002-12-21)
1092 -------------------------------------------------
1094 * Don't export internal symbols anymore (currently only for GNU systems)
1096 * New algorithm: MD4
1098 * Implemented ciphertext stealing.
1100 * Smaller bugs fixes and a few new OIDs.
1102 * Interface changes relative to the 1.1.8 release:
1103 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1105 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1108 Noteworthy changes in version 1.1.10 (2002-09-20)
1109 -------------------------------------------------
1111 * Fixed shared library builds for i386, PPC and Sparc.
1113 * Added simple benchmark tool.
1115 * Replaced the internal mutexes by code which automatically adapts to
1116 the used threading library. Currently Pth and Pthread are
1117 supported. For non-ELF systems the GNU toolchain is now required..
1119 * Added untested support to build Windows DLLs.
1121 Noteworthy changes in version 1.1.9 (2002-08-23)
1122 ------------------------------------------------
1124 * Support for plain old DES.
1127 Noteworthy changes in version 1.1.8 (2002-06-25)
1128 ------------------------------------------------
1130 * Minor cleanups and exported a few new functions.
1132 * Interface changes relative to the 1.1.7 release:
1133 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1140 Noteworthy changes in version 1.1.7 (2002-05-21)
1141 ------------------------------------------------
1143 * Libgcrypt is now distributed under the terms of the GNU Lesser
1144 General Public License; see the README file for details.
1146 * It is possible to use libgcrypt w/o intialized secure memory.
1148 * Libgcrypt should now be thread safe after the initialization.
1149 gcry_control (GCRYCRL_INITIALIZATION_FINISHED,NULL,0) should have
1150 been called before creating additional threads.
1152 * Interface changes relative to the 1.1.6 release:
1153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1154 GCRYCTL_DISABLE_INTERNAL_LOCKING NEW
1155 GCRYCTL_DISABLE_SECMEM NEW
1156 GCRYCTL_INITIALIZATION_FINISHED NEW
1157 GCRYCTL_INITIALIZATION_FINISHED_P NEW
1158 GCRYCTL_ANY_INITIALIZATION_P NEW
1160 gcry_sexp_create NEW
1162 gcry_set_progress_handler NEW
1163 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1165 Noteworthy changes in version 1.1.6 (2002-02-07)
1166 ------------------------------------------------
1168 * Enhanced the S-expression conversion functions.
1170 Noteworthy changes in version 1.1.5 (2001-12-18)
1171 ------------------------------------------------
1173 * gcry_{cipher,md}_map_name are now able to map stringified object IDs.
1175 * New functions gcry_sexp_canon_len and gcry_cipher_mode_from_oid.
1177 * Closed some memory leaks.
1180 Noteworthy changes in version 1.1.4 (2001-08-03)
1181 ------------------------------------------------
1183 * Arcfour does now work.
1187 * Added a first test program
1189 * Migrated to autoconf 2.52.
1192 Noteworthy changes in version 1.1.3 (2001-05-31)
1193 ------------------------------------------------
1195 * First release of Libgcrypt which is a result of splitting GnuPG
1196 into into libgcrypt and GnuPG.
1199 Copyright 2001, 2002, 2003, 2004, 2007, 2008,
1200 2009, 2011 Free Software Foundation, Inc.
1201 Copyright 2013 g10 Code GmbH
1203 This file is free software; as a special exception the author gives
1204 unlimited permission to copy and/or distribute it, with or without
1205 modifications, as long as this notice is preserved.
1207 This file is distributed in the hope that it will be useful, but
1208 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
1209 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.