Page MenuHome GnuPG

Release Libgcrypt 1.9.0
Closed, ResolvedPublic

Description

This version has a severe flaw - do not use!
Instead wait for 1.9.1 (see T5259)

Noteworthy changes in version 1.9.0 (2021-01-19)

  • New and extended interfaces:
    • New curves Ed448, X448, and SM2.
    • New cipher mode EAX.
    • New cipher algo SM4.
    • New hash algo SM3.
    • New hash algo variants SHA512/224 and SHA512/256.
    • New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant.
    • New convenience function gcry_mpi_get_ui.
    • gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings.
    • New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. [T4293]
    • New function gcry_ecc_get_algo_keylen.
    • New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. Also in 1.8.2 as an undocumented feature.
  • Performance:
  • Bug fixes:
    • Fix infinite loop due to applications using fork the wrong way. [T3491][also in 1.8.4]
    • Fix possible leak of a few bits of secret primes to pageable memory. [T3848][also in 1.8.4]
    • Fix possible hang in the RNG (1.8.3 only). [T4034][also in 1.8.4]
    • Several minor fixes. [T4102,T4208,T4209,T4210,T4211,T4212] [also in 1.8.4]
    • On Linux always make use of getrandom if possible and then use its /dev/urandom behaviour. [T3894][also in 1.8.4]
    • Use blinding for ECDSA signing to mitigate a novel side-channel attack. [T4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
    • Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [T3764] [also in 1.8.3, 1.7.10]
    • Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. [also in 1.8.3, 1.7.10]
    • Fix the gcry_mpi_ec_curve_point point validation function. [also in 1.8.3, 1.7.10]
    • Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
    • Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
    • Fix test suite failure on systems with large pages. [T3351] [also in 1.8.2]
    • Fix test suite to not use mmap on Windows. [also in 1.8.2]
    • Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. [also in 1.8.2]
    • Fix build problems on OpenIndiana et al. [T4818, also in 1.8.6]
    • Fix GCM bug on arm64 which troubles for example OMEMO. [T4986, also in 1.8.6]
    • Detect a div-by-zero in a debug helper tool. [T4868, also in 1.8.6]
    • Use a constant time mpi_inv and related changes. [T4869, partly also in 1.8.6]
    • Fix mpi_copy to correctly handle flags of opaque MPIs. [also in 1.8.6]
    • Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
    • Fix extra entropy collection via clock_gettime. Note that this fallback code path is not used on any decent hardware. [T4966, also in 1.8.7]
    • Support opaque MPI with gcry_mpi_print. [T4872, also in 1.8.7]
    • Allow for a Unicode random seed file on Windows. [T5098, also in 1.8.7]
  • Other features:
    • Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. [also in 1.8.6]
    • Add mitigation against ECC timing attack CVE-2019-13627. [T4626]
    • Internal cleanup of the ECC implementation.
    • Support reading EC point in compressed format for some curves. [T4951]
  • Interface changes relative to the 1.8.0 release:
gcry_mpi_get_ui                 NEW function.
GCRYCTL_AUTO_EXPAND_SECMEM      NEW control code.
gcry_sexp_extract_param         EXTENDED.
GCRY_CIPHER_GOST28147_MESH      NEW cipher algo.
GCRY_CIPHER_SM4                 NEW cipher algo.
GCRY_CIPHER_MODE_EAX            NEW mode.
GCRY_ECC_CURVE25519             NEW curve id.
GCRY_ECC_CURVE448               NEW curve id.
gcry_ecc_get_algo_keylen        NEW function.
gcry_ecc_mul_point              NEW function.
GCRY_MD_SM3                     NEW hash algo.
GCRY_MD_SHA512_256              NEW hash algo.
GCRY_MD_SHA512_224              NEW hash algo.
GCRY_MAC_GOST28147_IMIT         NEW mac algo.
GCRY_MAC_HMAC_GOSTR3411_CP      NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_512       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_384       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_256       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2B_160       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_256       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_224       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_160       NEW mac algo.
GCRY_MAC_HMAC_BLAKE2S_128       NEW mac algo.
GCRY_MAC_HMAC_SM3               NEW mac algo.
GCRY_MAC_HMAC_SHA512_256        NEW mac algo.
GCRY_MAC_HMAC_SHA512_224        NEW mac algo.
GCRY_MAC_CMAC_SM4               NEW mac algo.

(next release: T5259)

Details

Due Date
Wed, Mar 31, 12:00 AM
Version
1.9.0

Related Objects

Event Timeline

werner set Due Date to Wed, Mar 31, 12:00 AM.Dec 14 2020, 1:21 PM
aheinecke added a project: Restricted Project.
aheinecke moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 11 2021, 10:15 AM
werner set Version to 1.9.0.
werner removed a project: Restricted Project.
  • For build problems on Raspberry PI see T5251 for a patch
  • If you run into "selftest" error see T5254 for a patch (which should be applied in any case)

A new release is planed for next week (T5259).

  • For Ed25519 private key segfault: see T5267
  • For macOS getentropy: see T5268
  • For invm failure: see T5269