This version has a severe flaw - do not use!
Instead wait for 1.9.1 (see T5259)

Noteworthy changes in version 1.9.0 (2021-01-19)

• New and extended interfaces:
  • New curves Ed448, X448, and SM2.
  • New cipher mode EAX.
  • New cipher algo SM4.
  • New hash algo SM3.
  • New hash algo variants SHA512/224 and SHA512/256.
  • New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant.
  • New convenience function gcry_mpi_get_ui.
  • gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings.
  • New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. [T4293]
  • New function gcry_ecc_get_algo_keylen.
  • New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. Also in 1.8.2 as an undocumented feature.
• Performance:
  • Optimized implementations for Aarch64.
  • Faster implementations for Poly1305 and ChaCha. Also for PowerPC. [rCb9a471ccf5,rC172ad09cbe,T4460]
  • Optimized implementations of AES and SHA-256 on PowerPC. [T4529,T4530]
  • Improved use of AES-NI to speed up AES-XTS (6 times faster). [rCa00c5b2988]
  • Improved use of AES-NI for OCB. [rCeacbd59b13,rCe924ce456d]
  • Speedup AES-XTS on ARMv8/CE (2.5 times faster). [rC93503c127a]
  • New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times faster). [rCaf7fc732f9, rCda58a62ac1]
  • Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times faster). [rCd02958bd30, rC0b3ec359e2]
  • Use ARMv7/NEON accelerated GCM implementation (3 times faster). [rC2445cf7431]
  • Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7). [rCb52dde8609]
  • Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [rC14c8a593ed]
  • Improve CAST5 (40% to 70% faster). [rC4ec566b368]
  • Improve Blowfish (60% to 80% faster). [rCced7508c85]
• Bug fixes:
  • Fix infinite loop due to applications using fork the wrong way. [T3491][also in 1.8.4]
  • Fix possible leak of a few bits of secret primes to pageable memory. [T3848][also in 1.8.4]
  • Fix possible hang in the RNG (1.8.3 only). [T4034][also in 1.8.4]
  • Several minor fixes. [T4102,T4208,T4209,T4210,T4211,T4212] [also in 1.8.4]
  • On Linux always make use of getrandom if possible and then use its /dev/urandom behaviour. [T3894][also in 1.8.4]
  • Use blinding for ECDSA signing to mitigate a novel side-channel attack. [T4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
  • Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [T3764] [also in 1.8.3, 1.7.10]
  • Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. [also in 1.8.3, 1.7.10]
  • Fix the gcry_mpi_ec_curve_point point validation function. [also in 1.8.3, 1.7.10]
  • Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
  • Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
  • Fix test suite failure on systems with large pages. [T3351] [also in 1.8.2]
  • Fix test suite to not use mmap on Windows. [also in 1.8.2]
  • Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. [also in 1.8.2]
  • Fix build problems on OpenIndiana et al. [T4818, also in 1.8.6]
  • Fix GCM bug on arm64 which troubles for example OMEMO. [T4986, also in 1.8.6]
  • Detect a div-by-zero in a debug helper tool. [T4868, also in 1.8.6]
  • Use a constant time mpi_inv and related changes. [T4869, partly also in 1.8.6]
  • Fix mpi_copy to correctly handle flags of opaque MPIs. [also in 1.8.6]
  • Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
  • Fix extra entropy collection via clock_gettime. Note that this fallback code path is not used on any decent hardware. [T4966, also in 1.8.7]
  • Support opaque MPI with gcry_mpi_print. [T4872, also in 1.8.7]
  • Allow for a Unicode random seed file on Windows. [T5098, also in 1.8.7]
• Other features:
  • Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. [also in 1.8.6]
  • Add mitigation against ECC timing attack CVE-2019-13627. [T4626]
  • Internal cleanup of the ECC implementation.
  • Support reading EC point in compressed format for some curves. [T4951]
• Interface changes relative to the 1.8.0 release:

gcry_mpi_get_ui                 NEW function.
GCRYCTL_AUTO_EXPAND_SECMEM      NEW control code.
gcry_sexp_extract_param         EXTENDED.
GCRY_CIPHER_GOST28147_MESH      NEW cipher algo.
GCRY_CIPHER_SM4                 NEW cipher algo.
GCRY_CIPHER_MODE_EAX            NEW mode.
GCRY_ECC_CURVE25519             NEW curve id.
GCRY_ECC_CURVE448               NEW curve id.
gcry_ecc_get_algo_keylen        NEW function.
gcry_ecc_mul_point              NEW function.
GCRY_MD_SM3                     NEW hash algo.
GCRY_MD_SHA512_256              NEW hash algo.
GCRY_MD_SHA512_224              NEW hash algo.
GCRY_MAC_GOST28147_IMIT         NEW mac algo.
GCRY_MAC_HMAC_GOSTR3411_CP      NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_512       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_384       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_256       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_160       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_256       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_224       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_160       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_128       NEW mac algo.
GCRY_MAC_HMAC_SM3               NEW mac algo.
GCRY_MAC_HMAC_SHA512_256        NEW mac algo.
GCRY_MAC_HMAC_SHA512_224        NEW mac algo.
GCRY_MAC_CMAC_SM4               NEW mac algo.

(next release: T5259)