**Noteworthy changes in version 1.11.0** (2024-06-19) [C25/A5/R0]
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24.
[rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation.
[rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20
[rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2
[rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES.
[rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4.
[rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent.
[rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for
SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia.
[rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector
register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions.
[rCab0bdc72c7]
Changes also found in 1.10.3:
* Bug fixes:
- Fix public key computation for other EdDSA curves.
[rC469919751d6e]
- Remove out of core handler diagnostic in FIPS mode. [T6515]
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md. [T6539]
- Make store an s-exp with \0 is considered to be binary. [T6747]
- Various constant-time improvements.
* Portability:
- Use getrandom call only when supported by the platform. [T6442]
- Change the default for --with-libtool-modification to never.
[T6619]
Changes also found in 1.10.2
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Fix Jitter RNG for building native on Windows. [T5891]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
[T5918]
- Fix the behaviour for child process re-seeding in the DRBG.
[rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode.
[rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode.
[T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
Changes also found in 1.10.1:
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Interface changes relative to the 1.10.0 release:
```
GCRY_CIPHER_ARIA128 NEW cipher algo.
GCRY_CIPHER_ARIA192 NEW cipher algo.
GCRY_CIPHER_ARIA256 NEW cipher algo.
gcry_cipher_geniv_methods NEW type.
gcry_cipher_setup_geniv NEW function.
gcry_cipher_geniv NEW function.
GCRY_PK_KEM NEW constant.
GCRY_MD_CSHAKE128 NEW hash algo.
GCRY_MD_CSHAKE256 NEW hash algo.
GCRYCTL_MD_CUSTOMIZE NEW control code.
gcry_cshake_customization NEW type.
GCRY_MAC_CMAC_ARIA NEW mac algo.
GCRY_MAC_GMAC_SM4 NEW mac algo.
GCRY_MAC_GMAC_ARIA NEW mac algo.
GCRY_MAC_POLY1305_SM4 NEW mac algo.
GCRY_MAC_POLY1305_ARIA NEW mac algo.
GCRY_KDF_ONESTEP_KDF NEW kdf algo.
GCRY_KDF_ONESTEP_KDF_MAC NEW kdf algo.
GCRY_KDF_X963_KDF NEW kdf algo.
gcry_kem_algos NEW type.
gcry_kem_keypair NEW function.
gcry_kem_encap NEW function.
gcry_kem_decap NEW function.
GCRY_KEM_SNTRUP761 NEW kem algo.
GCRY_KEM_CM6688128F NEW kem algo.
GCRY_KEM_MLKEM512 NEW kem algo.
GCRY_KEM_MLKEM768 NEW kem algo.
GCRY_KEM_MLKEM1024 NEW kem algo.
GCRY_KEM_RAW_X25519 NEW kem algo.
GCRY_KEM_RAW_X448 NEW kem algo.
GCRY_KEM_RAW_BP256 NEW kem algo.
GCRY_KEM_RAW_BP384 NEW kem algo.
GCRY_KEM_RAW_BP512 NEW kem algo.
GCRY_KEM_RAW_P256R1 NEW kem algo.
GCRY_KEM_RAW_P384R1 NEW kem algo.
GCRY_KEM_RAW_P521R1 NEW kem algo.
GCRY_KEM_DHKEM25519 NEW kem algo.
GCRY_KEM_DHKEM448 NEW kem algo.
GCRY_KEM_DHKEMP256R1 NEW kem algo.
GCRY_KEM_DHKEMP384R1 NEW kem algo.
GCRY_KEM_DHKEMP521R1 NEW kem algo.
GCRY_KEM_*_SECKEY_LEN NEW constants.
GCRY_KEM_*_PUBKEY_LEN NEW constants.
GCRY_KEM_*_ENCAPS_LEN NEW constants.
GCRY_KEM_*_CIPHER_LEN NEW constants.
GCRY_KEM_*_SHARED_LEN NEW constants.
gcry_md_hash_buffers_ext NEW function.
gcry_pk_input_data_push NEW macro.
GCRYCTL_ENABLE_M_GUARD DEPRECATED feature.
gcry_handler_log_t DEPRECATED type.
gcry_set_log_handler DEPRECATED function.
```
-----
//(prev: T6817)//