Release Libgcrypt 1.12.0
Open, NormalPublic
Actions

Assigned To

None

Authored By

	• werner
	May 8 2025, 8:49 AM

Description

Noteworthy changes in version 1.12.0 (2026-01-29) [C27/A7/R0]

New and extended interfaces:
- Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. [T7338,rCd0db6a5abf,rCf51f4e9893]
- Add GCRYCTL_FIPS_REJECT_NON_FIPS control code. [T7338,rCe52adf0948]
- Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS constant. [T7338,rC0414e126b9]
- Make SHA-1 non-FIPS internally for the 1.12 API. This introduces the GCRY_FIPS_FLAG_REJECT_MD_SHA1 constant. [rC4ee91a94bc]
- Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS. [rC0414e126b9]
- Provide macros for each KEM enum constant. [rCe9b1c3ec91]
- Add Dilithium (ML-DSA) support. [T7640]
- Support optional random-override and support byte string data. [rCcbefff5fca,rC3bb4a54f43]
Performance:
- Add VAES/AVX512 accelerated implementation for AES which boosts OCB performance by about 2 times on AMD Zen5. [rC9e3af928ee]
- Avoid AVX512/AVX2/SSSE3 for single block processing with Zen5 for ChaCha20. [rCc1d9fff3b2]
- Avoid AVX/AVX2/AVX512 when CPU has high vector inst latency like Zen5 for Blake2. [rCe5bc3b2826]
- Various optimizations for Camellia. [rCf5848080d4,rCb9bafd6c6c,rC8b538a8c76]
- Add POLYVAL acceleration for RISC-V and GCM-SIV. [rC00815c4207]
- Add RISC-V Zbb+Zbc implementation of CRC. [rCab4fa2a19c]
- Add RISC-V vector cryptography implementation of GHASH. [rCcc2a4b6388]
- Add RISC-V vector cryptography implementation of AES. [rCb000ab6025]
- Add RISC-V vector cryptography implementations of SHA256 and SHA512. [rCcc1d5b0b5e]
- Add AVX2 and AVX512 code paths to improve CRC. [rCc30788969d]
Bug fixes:
- Use secure MPI in _gcry_mpi_assign_limb_space. [rC6e77b09cff]
- Use CSIDL_COMMON_APPDATA instead of /etc on Windows. [rCd5e3cbfd88]
- Apply a Kyber patch from upstream. [rCbdc3724d72]
- Fix an edge case in Jent initialization. [rC0ceca9993f]
- mceliece6688128f: Fix stack overflow crash on win64/wine [rC5bd9320171]
Other:
- Add support for IBM z/OS, fixing -lpthread check with glibc. [rC5af59d8454]
- Introduce mpi_tfr and use it for point_tfr to decrease EM signal and increase EM noise. [rC4e65996bb8]
- Handle HAVE_BROKEN_MLOCK for the case of building with ASAN. [T7889]
- Harden mask generation against branch optimization for several algorithms. [e.g. rC4012e9a037,rCbf7546c502,rC052b03fb0c]
- Improve constant-time operation for ECDSA. [T7519,rC0bd4c77be6]

Changes also found in 1.11.2:

Bug fixes:
- Fix link errors in regression test t-thread-local on some platforms (e.g. NetBSD). [T7634]
- Add missing file to allow building for RISC-V. [T7647]
- Support secp256k1 by KEM API. GnuPG has recently switched to use the KEM interface and a few folks are using this curve. [T7698]
- Fix a missing initialization in RSA's generate_fips. [rG292cb75a72]
Other:
- Silence GCC 15 warnings [rCd5fb7cd9b3,T7617]
- Provide a prototype for __udiv_qrnnd for PowerPC and Alpha which is required due to GCC-15 changes. [T7721]
- Add missing abi versions and machine tags for PowerPC assembly with GCC-15. [T7721]
- Use '.rodata' section for read-only data of poly1305-p10le. [T7721]

Changes also found in 1.11.1:

Bug fixes:
- Fix build regression on 32 bit Windows using Clang. [T7175]
- Fix build regression on macOS due to symbol naming. [T7170]
- Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82]
- Fix build regression due to the use of AVX512 in Blake. [T7184]
- Do not build i386 asm on amd64 and vice versa. [T7220]
- Fix build regression on armhf with gcc-14. [T7226]
- Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0]
- Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
Performance:
- Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb]
- Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
- Add RISC-V vector permute AES. [rCb24ebd6163]
- Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
- Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2]
- Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
Other:
- Add CET support for i386 and amd64 assembly. [T7220]
- Add PAC/BTI support for AArch64 asm. [T7220]
- Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f]
- Introduce an internal API for a revampled FIPS service indicator. [T7340]
- Several improvements for constant time operation by the introduction of Least Leak Intended (LLI) variants of internal functions. [T7519,T7490]
- Remove WindowsCE support. [T7486]

Interface changes relative to the 1.11.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GCRY_KEM_RAW_P256R1                   NEW enum and const.
GCRYCTL_FIPS_SERVICE_INDICATOR        NEW enum.
GCRYCTL_FIPS_REJECT_NON_FIPS          NEW enum.
GCRY_FIPS_FLAG_REJECT_PK_FLAGS        NEW const.
GCRY_FIPS_FLAG_REJECT_MD_SHA1         NEW const.

(prev: T7165 (1.11 branch) next: T8067)

Related Objects

Mentioned In: T8067: Release Libgcrypt 1.12.1
T7165: Release Libgcrypt 1.11.0
Mentioned Here: rCd0db6a5abf7b: fips: Remove GCRYCTL_FIPS_SERVICE_INDICATOR and renumber the enum.
rCf765778e82b3: cipher:kyber: Apply a change from upstream.
rCc51151f5b0b3: Return a proper error code on malloc failure in hex2buffer.
rCcc95c36e7f79: cipher:kyber: Apply changes from upstream for final FIPS 203.
rC94a63aedbbd2: Add AES Vector Permute intrinsics implementation for AArch64
rCfec871fd18c7: Add GHASH AArch64/SIMD intrinsics implementation
rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.
rCe52adf0948c6: fips: Introduce GCRYCTL_FIPS_REJECT_NON_FIPS.
rCb24ebd616304: Add RISC-V vector permute AES
rC0f1fec12b0e9: Add GHASH RISC-V Zbb+Zbc implementation
rC8dbee93ac2f1: chacha20: add RISC-V vector intrinsics implementation
rC1a660068ba5b: Add SHA3 acceleration for RISC-V Zbb extension
rC639b0fca1505: cipher:prime: Fix long standing bug for PRIME % 2 == 0.
rC0414e126b939: fips,cipher: Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS.
rC4ee91a94bcda: md: Make SHA-1 non-FIPS internally for 1.12 API.
rCd5fb7cd9b351: Mark nonstring use cases with __nonstring__ attribute.
rC0bd4c77be6e0: mpi:ec: Least leak with k^(-1) for ECDSA.
rC3bb4a54f4387: cipher: Add PUBKEY_FLAG_BYTE_STRING to support byte string data.
rCcbefff5fcaa6: cipher: Support random-override with PUBKEY_FLAG_BYTE_STRING.
rCe9b1c3ec91a1: cipher:kem: Provide each enum constant as macro.
rCc30788969d3f: crc-intel-pclmul: add AVX2 and AVX512 code paths
rCcc1d5b0b5ed3: Add RISC-V vector cryptography implementations of SHA256 and SHA512
rCb000ab602531: Add RISC-V vector cryptography implementation of AES
rCcc2a4b63889e: Add RISC-V vector cryptography implementation of GHASH
rCab4fa2a19c9f: Add RISC-V Zbb+Zbc implementation of CRC
rC00815c4207a1: cipher-gcm-riscv-zbb-zbc: add POLYVAL acceleration
rC5bd932017116: mceliece6688128f: fix stack overflow crash on win64/wine
rC052b03fb0c6e: kyber: harden mask generation against branch optimization
rCbf7546c5028b: sntrup761: harden mask generation against branch optimization
rC4012e9a037c5: mceliece6688128f: harden mask generation against branch optimization
rC0ceca9993f5a: random:jent: Fix for jent_rng_is_initialized.
rC4e65996bb870: mpi: Introduce mpi_tfr and use it for point_tfr.
rCbdc3724d721d: cipher:kyber: Apply a change from upstream.
rCd5e3cbfd8845: w32: Use CSIDL_COMMON_APPDATA instead of /etc
rC5af59d8454ce: build: Add support for IBM z/OS, fixing -lpthread check with glibc.
rCf5848080d41a: camellia-aesni-avx: optimize camellia_f used for key setup
rCb9bafd6c6cc5: camellia-simd128: optimize round key loading and key setup
rC8b538a8c7669: camellia-gfni-avx512: add 1-block constant-time implementation
rCe5bc3b28260e: blake2: avoid AVX/AVX2/AVX512 when CPU has high vector inst latency
rCc1d9fff3b2eb: chacha20: avoid AVX512/AVX2/SSSE3 for single block processing with Zen5
rC9e3af928ee11: rijndael: add VAES/AVX512 accelerated implementation
rC6e77b09cff56: mpi: Use secure MPI in _gcry_mpi_assign_limb_space.
T7170: Building libgcrypt-1.11.0 produces a dylib with unresolved symbols at runtime
T7175: libgcrypt 1.11.0 fails to build on 32bit Windows with Clang
T7184: Libgcrypt v1.11.0 make fails at cipher/blake2.c:834:6 (has no member named 'use_avx512')
T7220: The CF protection not enabled in libgcrypt
T7226: libgcrypt 1.11.0 buid error on armhf with gcc-14
T7338: Revamp the FIPS service indicator
T7340: Introduced a context with thread local storage
T7486: libgcrypt: Remove WindowsCE support
T7490: libgcrypt: constant-time modular exponentiation
T7519: libgcrypt: (EC)DSA signature generation should be constant-time
T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later
T7634: libgcrypt's test t-thread-local fails to link on some platforms.
T7640: ML-DSA for libgcrypt
T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball
T7698: Add support of secp256k1 for KEM API
T7721: libgcrypt build-error with gcc-15 on powerpc and alpha
T7889: libgcrypt: HAVE_BROKEN_MLOCK
T8067: Release Libgcrypt 1.12.1
T7165: Release Libgcrypt 1.11.0

Event Timeline

• werner triaged this task as Normal priority.May 8 2025, 8:49 AM

• werner created this task.

• werner created this object with edit policy "Administrators".

• werner mentioned this in T7165: Release Libgcrypt 1.11.0.

• werner mentioned this in T8067: Release Libgcrypt 1.12.1.Thu, Jan 29, 12:47 PM

• werner updated the task description. (Show Details)

Release Libgcrypt 1.12.0Open, NormalPublicActions

Description

Related Objects

Event Timeline

Release Libgcrypt 1.12.0
Open, NormalPublic
Actions