- Update from version 1.10.3 to 1.11.0
- Update of rootfile
- Update of libgcrypt requires an update of netatalk as old version will not build with
libgcrypt-1.11.0
- Changelog
1.11.0
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24.
[rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation.
[rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20
[rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2
[rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES.
[rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4.
[rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent.
[rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for
SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia.
[rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector
register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions.
[rCab0bdc72c7]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.10.1 to 1.10.2
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.2 (2023-04-06) [C24/A4/R2]
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Fix Jitter RNG for building native on Windows. [T5891]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
[T5918]
- Fix the behaviour for child process re-seeding in the DRBG.
[rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode.
[rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode.
[T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.9.4 to 1.10.1
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
GCRYCTL_SET_DECRYPTION_TAG NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
GCRY_CIPHER_MODE_SIV NEW mode.
GCRY_CIPHER_MODE_GCM_SIV NEW mode.
GCRY_CIPHER_EXTENDED NEW flag.
GCRY_SIV_BLOCK_LEN NEW macro.
gcry_cipher_set_decryption_tag NEW macro.
GCRY_KDF_ARGON2 NEW constant.
GCRY_KDF_BALLOON NEW constant.
GCRY_KDF_ARGON2D NEW constant.
GCRY_KDF_ARGON2I NEW constant.
GCRY_KDF_ARGON2ID NEW constant.
gcry_kdf_hd_t NEW type.
gcry_kdf_job_fn_t NEW type.
gcry_kdf_dispatch_job_fn_t NEW type.
gcry_kdf_wait_all_jobs_fn_t NEW type.
struct gcry_kdf_thread_ops NEW struct.
gcry_kdf_open NEW function.
gcry_kdf_compute NEW function.
gcry_kdf_final NEW function.
gcry_kdf_close NEW function.
gcry_pk_hash_sign NEW function.
gcry_pk_hash_verify NEW function.
gcry_pk_random_override_new NEW function.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 1.9.3 to 1.9.4
- Update rootfile
- Changelog
Release 1.9.4.
2021-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
mpi/longlong.h: fix missing macro parameter parentheses.
* mpi/longlong.h [__alpha] (umul_ppmm): Add parentheses around
used parameters.
[__i370__] (sdiv_qrnnd): Ditto.
[__mips__] (umul_ppmm): Ditto.
[__vax__] (sdiv_qrnnd): Ditto.
tests/t-mpi-point: add NIST curve multiplication test vectors.
* tests/t-mpi-point.c (mpi_base10_scan, check_ec_mul): New.
(main): Call 'check_ec_mul'.
2021-08-22 Werner Koch <wk@gnupg.org>
ecc: Fix bug in gcry_pk_get_param for Curve25519.
* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Simplify.
* cipher/pubkey.c (map_algo): Also map EDDSA to ECC.
* tests/curves.c (check_get_params): Add simple param lookup tests by
for all curves.
2021-08-22 Johannes Schindelin via Gcrypt-devel <gcrypt-devel@gnupg.org>
build: Fix broken mlock detection.
* acinclude.m4 [GNUPG_CHECK_MLOCK]: Use size_t for the ptr test.
2021-08-22 Werner Koch <wk@gnupg.org>
cipher: Extend convenience OID mapping table for AES.
* cipher/rijndael.c: Add OIDs for GCM and CCM.
Minor tweak to gcry_free.
* src/global.c (_gcry_free): Avoid setting errno again if it did not
change.
2021-08-22 NIIBE Yutaka <gniibe@fsij.org>
random: Silence a warning for building rndjent by Clang.
* random/jitterentropy-base.c: Conditionalize by __OPTIMIZE__.
2021-08-22 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
cipher: Fix memory leaks for EdDSA.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Initialize point Q when used.
2021-08-22 NIIBE Yutaka <gniibe@fsij.org>
ecc: Check the input length for the point.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.
2021-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
hwf-x86: fix use of wrong operand type.
* src/hwf-x86.c (get_cpuid): Use xchg for swapping %ebx back
and forth between operand register.
2021-05-27 NIIBE Yutaka <gniibe@fsij.org>
build: _DARWIN_C_SOURCE should be 1.
* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
2021-05-26 NIIBE Yutaka <gniibe@fsij.org>
cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.9.2 to 1.9.3
- Update of rootfile
- Changelog is too long to put here.
Full details can be found in the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes (see: https://gnupg.org/download/release_notes.html):
"gpg: Sending very large keys to the keyservers works again.
gpg: Validity strings in key listings are now again translatable.
gpg: Emit FAILURE status lines to help GPGME.
gpg: Does not anymore link to Libksba to reduce dependencies.
gpgsm: Export of secret keys via Assuan is now possible.
agent: Raise the maximum passphrase length from 100 to 255 bytes.
agent: Fix regression using EdDSA keys with ssh.
Does not anymore use a build timestamp by default.
The fallback encoding for broken locale settings changed from Latin-1 to UTF-8.
Many code cleanups and improved internal documentation.
Various minor bug fixes."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* configure.ac: Change LT version to C20/A0/R4.
w32: Avoid a few compiler warnings.
* cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
as unused.
* random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
warning.
* src/secmem.c (init_pool): Avoid unused variable warning.
* tests/random.c (writen, readn): Include on if needed.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
