Change Details

------ //(prev: T7165 (1.10 branch) next: tbd)//

**Noteworthy changes in version 1.12.0** (2026-01-29) [C27/A7/R0] * New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. [T7338,rCd0db6a5abf,rCf51f4e9893] - Add GCRYCTL_FIPS_REJECT_NON_FIPS control code. [T7338,rCe52adf0948] - Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS constant. [T7338,rC0414e126b9] - Make SHA-1 non-FIPS internally for the 1.12 API. This introduces the GCRY_FIPS_FLAG_REJECT_MD_SHA1 constant. [rC4ee91a94bc] - Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS. [rC0414e126b9] - Provide macros for each KEM enum constant. [rCe9b1c3ec91] - Add Dilithium (ML-DSA) support. [T7640] - Support optional random-override and support byte string data. [rCcbefff5fca,rC3bb4a54f43] * Performance: - Add VAES/AVX512 accelerated implementation for AES which boosts OCB performance by about 2 times on AMD Zen5. [rC9e3af928ee] - Avoid AVX512/AVX2/SSSE3 for single block processing with Zen5 for ChaCha20. [rCc1d9fff3b2] - Avoid AVX/AVX2/AVX512 when CPU has high vector inst latency like Zen5 for Blake2. [rCe5bc3b2826] - Various optimizations for Camellia. [rCf5848080d4,rCb9bafd6c6c,rC8b538a8c76] - Add POLYVAL acceleration for RISC-V and GCM-SIV. [rC00815c4207] - Add RISC-V Zbb+Zbc implementation of CRC. [rCab4fa2a19c] - Add RISC-V vector cryptography implementation of GHASH. [rCcc2a4b6388] - Add RISC-V vector cryptography implementation of AES. [rCb000ab6025] - Add RISC-V vector cryptography implementations of SHA256 and SHA512. [rCcc1d5b0b5e] - Add AVX2 and AVX512 code paths to improve CRC. [rCc30788969d] * Bug fixes: - Use secure MPI in _gcry_mpi_assign_limb_space. [rC6e77b09cff] - Use CSIDL_COMMON_APPDATA instead of /etc on Windows. [rCd5e3cbfd88] - Apply a Kyber patch from upstream. [rCbdc3724d72] - Fix an edge case in Jent initialization. [rC0ceca9993f] - mceliece6688128f: Fix stack overflow crash on win64/wine [rC5bd9320171] * Other: - Add support for IBM z/OS, fixing -lpthread check with glibc. [rC5af59d8454] - Introduce mpi_tfr and use it for point_tfr to decrease EM signal and increase EM noise. [rC4e65996bb8] - Handle HAVE_BROKEN_MLOCK for the case of building with ASAN. [T7889] - Harden mask generation against branch optimization for several algorithms. [e.g. rC4012e9a037,rCbf7546c502,rC052b03fb0c] - Improve constant-time operation for ECDSA. [T7519,rC0bd4c77be6] Changes also found in 1.11.2: * Bug fixes: - Fix link errors in regression test t-thread-local on some platforms (e.g. NetBSD). [T7634] - Add missing file to allow building for RISC-V. [T7647] - Support secp256k1 by KEM API. GnuPG has recently switched to use the KEM interface and a few folks are using this curve. [T7698] - Fix a missing initialization in RSA's generate_fips. [rG292cb75a72] * Other: - Silence GCC 15 warnings [rCd5fb7cd9b3,T7617] - Provide a prototype for __udiv_qrnnd for PowerPC and Alpha which is required due to GCC-15 changes. [T7721] - Add missing abi versions and machine tags for PowerPC assembly with GCC-15. [T7721] - Use '.rodata' section for read-only data of poly1305-p10le. [T7721] Changes also found in 1.11.1: * Bug fixes: - Fix build regression on 32 bit Windows using Clang. [T7175] - Fix build regression on macOS due to symbol naming. [T7170] - Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82] - Fix build regression due to the use of AVX512 in Blake. [T7184] - Do not build i386 asm on amd64 and vice versa. [T7220] - Fix build regression on armhf with gcc-14. [T7226] - Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0] - Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15] * Performance: - Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb] - Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18] - Add RISC-V vector permute AES. [rCb24ebd6163] - Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0] - Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2] - Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba] * Other: - Add CET support for i386 and amd64 assembly. [T7220] - Add PAC/BTI support for AArch64 asm. [T7220] - Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f] - Introduce an internal API for a revampled FIPS service indicator. [T7340] - Several improvements for constant time operation by the introduction of Least Leak Intended (LLI) variants of internal functions. [T7519,T7490] - Remove WindowsCE support. [T7486] ``` Interface changes relative to the 1.11.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_KEM_RAW_P256R1 NEW enum and const. GCRYCTL_FIPS_SERVICE_INDICATOR NEW enum. GCRYCTL_FIPS_REJECT_NON_FIPS NEW enum. GCRY_FIPS_FLAG_REJECT_PK_FLAGS NEW const. GCRY_FIPS_FLAG_REJECT_MD_SHA1 NEW const. ``` ------ //(prev: T7165 (1.11 branch) next: T8067)//

**Noteworthy changes in version 1.12.0** (2026-01-29) [C27/A7/R0] * New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. [T7338,rCd0db6a5abf,rCf51f4e9893] - Add GCRYCTL_FIPS_REJECT_NON_FIPS control code. [T7338,rCe52adf0948] - Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS constant. [T7338,rC0414e126b9] - Make SHA-1 non-FIPS internally for the 1.12 API. This introduces the GCRY_FIPS_FLAG_REJECT_MD_SHA1 constant. [rC4ee91a94bc] - Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS. [rC0414e126b9] - Provide macros for each KEM enum constant. [rCe9b1c3ec91] - Add Dilithium (ML-DSA) support. [T7640] - Support optional random-override and support byte string data. [rCcbefff5fca,rC3bb4a54f43] * Performance: - Add VAES/AVX512 accelerated implementation for AES which boosts OCB performance by about 2 times on AMD Zen5. [rC9e3af928ee] - Avoid AVX512/AVX2/SSSE3 for single block processing with Zen5 for ChaCha20. [rCc1d9fff3b2] - Avoid AVX/AVX2/AVX512 when CPU has high vector inst latency like Zen5 for Blake2. [rCe5bc3b2826] - Various optimizations for Camellia. [rCf5848080d4,rCb9bafd6c6c,rC8b538a8c76] - Add POLYVAL acceleration for RISC-V and GCM-SIV. [rC00815c4207] - Add RISC-V Zbb+Zbc implementation of CRC. [rCab4fa2a19c] - Add RISC-V vector cryptography implementation of GHASH. [rCcc2a4b6388] - Add RISC-V vector cryptography implementation of AES. [rCb000ab6025] - Add RISC-V vector cryptography implementations of SHA256 and SHA512. [rCcc1d5b0b5e] - Add AVX2 and AVX512 code paths to improve CRC. [rCc30788969d] * Bug fixes: - Use secure MPI in _gcry_mpi_assign_limb_space. [rC6e77b09cff] - Use CSIDL_COMMON_APPDATA instead of /etc on Windows. [rCd5e3cbfd88] - Apply a Kyber patch from upstream. [rCbdc3724d72] - Fix an edge case in Jent initialization. [rC0ceca9993f] - mceliece6688128f: Fix stack overflow crash on win64/wine [rC5bd9320171] * Other: - Add support for IBM z/OS, fixing -lpthread check with glibc. [rC5af59d8454] - Introduce mpi_tfr and use it for point_tfr to decrease EM signal and increase EM noise. [rC4e65996bb8] - Handle HAVE_BROKEN_MLOCK for the case of building with ASAN. [T7889] - Harden mask generation against branch optimization for several algorithms. [e.g. rC4012e9a037,rCbf7546c502,rC052b03fb0c] - Improve constant-time operation for ECDSA. [T7519,rC0bd4c77be6] Changes also found in 1.11.2: * Bug fixes: - Fix link errors in regression test t-thread-local on some platforms (e.g. NetBSD). [T7634] - Add missing file to allow building for RISC-V. [T7647] - Support secp256k1 by KEM API. GnuPG has recently switched to use the KEM interface and a few folks are using this curve. [T7698] - Fix a missing initialization in RSA's generate_fips. [rG292cb75a72] * Other: - Silence GCC 15 warnings [rCd5fb7cd9b3,T7617] - Provide a prototype for __udiv_qrnnd for PowerPC and Alpha which is required due to GCC-15 changes. [T7721] - Add missing abi versions and machine tags for PowerPC assembly with GCC-15. [T7721] - Use '.rodata' section for read-only data of poly1305-p10le. [T7721] Changes also found in 1.11.1: * Bug fixes: - Fix build regression on 32 bit Windows using Clang. [T7175] - Fix build regression on macOS due to symbol naming. [T7170] - Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82] - Fix build regression due to the use of AVX512 in Blake. [T7184] - Do not build i386 asm on amd64 and vice versa. [T7220] - Fix build regression on armhf with gcc-14. [T7226] - Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0] - Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15] * Performance: - Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb] - Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18] - Add RISC-V vector permute AES. [rCb24ebd6163] - Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0] - Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2] - Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba] * Other: - Add CET support for i386 and amd64 assembly. [T7220] - Add PAC/BTI support for AArch64 asm. [T7220] - Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f] - Introduce an internal API for a revampled FIPS service indicator. [T7340] - Several improvements for constant time operation by the introduction of Least Leak Intended (LLI) variants of internal functions. [T7519,T7490] - Remove WindowsCE support. [T7486] ``` Interface changes relative to the 1.11.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_KEM_RAW_P256R1 NEW enum and const. GCRYCTL_FIPS_SERVICE_INDICATOR NEW enum. GCRYCTL_FIPS_REJECT_NON_FIPS NEW enum. GCRY_FIPS_FLAG_REJECT_PK_FLAGS NEW const. GCRY_FIPS_FLAG_REJECT_MD_SHA1 NEW const. ``` ------ //(prev: T7165 (1.1011 branch) next: tbd)//T8067)//