diff options
author | Werner Koch <wk@gnupg.org> | 2021-01-21 08:31:08 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2021-01-21 08:31:08 +0100 |
commit | 269250870a48a79edd0aaf723edd7a32e089a7a1 (patch) | |
tree | 3f035c25939ee6ce97c457f38ebc6b91aef12c49 | |
parent | fa3420b011c105ca21894489e62c7e882a3ac4dd (diff) | |
parent | 880aa91cfb64f8a63a39048cf38d2a5889e650a8 (diff) | |
download | libgcrypt-269250870a48a79edd0aaf723edd7a32e089a7a1.tar.gz |
Merge branch 'LIBGCRYPT-1.9-BRANCH'
--
Master is missing latest NEWS and some other last minute changes from
the 1.9.0 release.
-rw-r--r-- | AUTHORS | 8 | ||||
-rw-r--r-- | NEWS | 143 | ||||
-rw-r--r-- | README | 15 | ||||
-rw-r--r-- | cipher/ecc-ecdh.c | 14 | ||||
-rw-r--r-- | compat/compat.c | 4 | ||||
-rw-r--r-- | configure.ac | 4 | ||||
-rw-r--r-- | doc/gcrypt.texi | 42 | ||||
-rw-r--r-- | src/gcrypt.h.in | 8 | ||||
-rw-r--r-- | src/versioninfo.rc.in | 2 | ||||
-rw-r--r-- | src/visibility.c | 8 |
10 files changed, 206 insertions, 42 deletions
@@ -6,6 +6,7 @@ Repository: git://git.gnupg.org/libgcrypt.git Maintainer: Werner Koch <wk@gnupg.org> Bug reports: https://bugs.gnupg.org Security related bug reports: <security@gnupg.org> +End-of-life: TBD License (library): LGPLv2.1+ License (manual and tools): GPLv2+ @@ -30,14 +31,17 @@ List of Copyright holders Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett Copyright (C) 2003 Nikos Mavroyanopoulos Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) - Copyright (C) 2012-2018 g10 Code GmbH + Copyright (C) 2012-2021 g10 Code GmbH Copyright (C) 2012 Simon Josefsson, Niels Möller Copyright (c) 2012 Intel Corporation Copyright (C) 2013 Christian Grothoff - Copyright (C) 2013-2017 Jussi Kivilinna + Copyright (C) 2013-2021 Jussi Kivilinna Copyright (C) 2013-2014 Dmitry Eremin-Solenikov Copyright (C) 2014 Stephan Mueller + Copyright (C) 2017 Jia Zhang Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik + Copyright (C) 2020 Alibaba Group. + Copyright (C) 2020 Tianjia Zhang Authors with a FSF copyright assignment @@ -1,7 +1,74 @@ -Noteworthy changes in version 1.9.0 (unreleased) [C22/A3/R0] +Noteworthy changes in version 1.9.1 (unreleased) [C23/A3/R_] ------------------------------------------------ - * Bug fixes + +Noteworthy changes in version 1.9.0 (2021-01-19) [C23/A3/R0] +------------------------------------------------ + + * New and extended interfaces: + + - New curves Ed448, X448, and SM2. + + - New cipher mode EAX. + + - New cipher algo SM4. + + - New hash algo SM3. + + - New hash algo variants SHA512/224 and SHA512/256. + + - New MAC algos for Blake-2 algorithms, the new SHA512 variants, + SM3, SM4 and for a GOST variant. + + - New convenience function gcry_mpi_get_ui. + + - gcry_sexp_extract_param understands new format specifiers to + directly store to integers and strings. + + - New function gcry_ecc_mul_point and curve constants for Curve448 + and Curve25519. [#4293] + + - New function gcry_ecc_get_algo_keylen. + + - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the + secure memory area. Also in 1.8.2 as an undocumented feature. + + * Performance: + + - Optimized implementations for Aarch64. + + - Faster implementations for Poly1305 and ChaCha. Also for + PowerPC. [b9a471ccf5,172ad09cbe,#4460] + + - Optimized implementations of AES and SHA-256 on PowerPC. + [#4529,#4530] + + - Improved use of AES-NI to speed up AES-XTS (6 times faster). + [a00c5b2988] + + - Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d] + + - Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a] + + - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times + faster). [af7fc732f9, da58a62ac1] + + - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times + faster). [d02958bd30, 0b3ec359e2] + + - Use ARMv7/NEON accelerated GCM implementation (3 times faster). + [2445cf7431] + + - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7). + [b52dde8609] + + - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed] + + - Improve CAST5 (40% to 70% faster). [4ec566b368] + + - Improve Blowfish (60% to 80% faster). [ced7508c85] + + * Bug fixes: - Fix infinite loop due to applications using fork the wrong way. [#3491][also in 1.8.4] @@ -41,24 +108,82 @@ Noteworthy changes in version 1.9.0 (unreleased) [C22/A3/R0] - Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. [also in 1.8.2] - * Extended interfaces: + - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6] - - gcry_sexp_extract_param understands new format specifiers to - directly store to integers and strings. + - Fix GCM bug on arm64 which troubles for example OMEMO. [#4986, + also in 1.8.6] + + - Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6] + + - Use a constant time mpi_inv and related changes. [#4869, partly + also in 1.8.6] + + - Fix mpi_copy to correctly handle flags of opaque MPIs. + [also in 1.8.6] + - Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6] + + - Fix extra entropy collection via clock_gettime. Note that this + fallback code path is not used on any decent hardware. [#4966, + also in 1.8.7] + + - Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7] + + - Allow for a Unicode random seed file on Windows. [#5098, also in + 1.8.7] + + * Other features: + + - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. + [also in 1.8.6] + + - Add mitigation against ECC timing attack CVE-2019-13627. [#4626] + + - Internal cleanup of the ECC implementation. + + - Support reading EC point in compressed format for some curves. + [#4951] * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mpi_get_ui NEW function. GCRYCTL_AUTO_EXPAND_SECMEM NEW control code. gcry_sexp_extract_param EXTENDED. - - - * Release dates of 1.8.x versions: - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GCRY_CIPHER_GOST28147_MESH NEW cipher algo. + GCRY_CIPHER_SM4 NEW cipher algo. + GCRY_CIPHER_MODE_EAX NEW mode. + GCRY_ECC_CURVE25519 NEW curve id. + GCRY_ECC_CURVE448 NEW curve id. + gcry_ecc_get_algo_keylen NEW function. + gcry_ecc_mul_point NEW function. + GCRY_MD_SM3 NEW hash algo. + GCRY_MD_SHA512_256 NEW hash algo. + GCRY_MD_SHA512_224 NEW hash algo. + GCRY_MAC_GOST28147_IMIT NEW mac algo. + GCRY_MAC_HMAC_GOSTR3411_CP NEW mac algo. + GCRY_MAC_HMAC_BLAKE2B_512 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2B_384 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2B_256 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2B_160 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2S_256 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2S_224 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2S_160 NEW mac algo. + GCRY_MAC_HMAC_BLAKE2S_128 NEW mac algo. + GCRY_MAC_HMAC_SM3 NEW mac algo. + GCRY_MAC_HMAC_SHA512_256 NEW mac algo. + GCRY_MAC_HMAC_SHA512_224 NEW mac algo. + GCRY_MAC_CMAC_SM4 NEW mac algo. + + Release-info: https://dev.gnupg.org/T4294 + + Release dates of 1.8.x versions: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Version 1.8.2 (2017-12-13) Version 1.8.3 (2018-06-13) Version 1.8.4 (2018-10-26) + Version 1.8.5 (2019-08-29) + Version 1.8.6 (2020-07-06) + Version 1.8.7 (2020-10-23) Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1] @@ -3,8 +3,8 @@ Version 1.9 Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. - Copyright (C) 2012-2018 g10 Code GmbH - Copyright (C) 2013-2018 Jussi Kivilinna + Copyright (C) 2012-2021 g10 Code GmbH + Copyright (C) 2013-2021 Jussi Kivilinna Libgcrypt is free software. See the file AUTHORS for full copying notices, and LICENSES for notices about contributions that require @@ -261,12 +261,11 @@ Commercial grade support for Libgcrypt is available; for a listing of offers see https://www.gnupg.org/service.html . - Maintenance and development of Libgcrypt is mostly financed by - donations. We currently employ 3 full-time developers, one - part-timer, and one contractor. They all work on GnuPG and - closely related software like Libgcrypt. Please visit - https://gnupg.org/donate/ to see out how you can help. - + Since 2001 maintenance and development of Libgcrypt is done by g10 + Code GmbH and mostly financed by donations. g10 Code currently + employs 3 full-time developers and two contractors. They all work + on GnuPG and closely related software like Libgcrypt. Please + visit https://gnupg.org/donate/ to see how you can help. This file is Free Software; as a special exception the authors gives unlimited permission to copy and/or distribute it, with or without diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c index 39458788..43eb731a 100644 --- a/cipher/ecc-ecdh.c +++ b/cipher/ecc-ecdh.c @@ -46,20 +46,20 @@ prepare_ec (mpi_ec_t *r_ec, const char *name) } unsigned int -_gcry_ecc_get_algo_keylen (int algo) +_gcry_ecc_get_algo_keylen (int curveid) { unsigned int len = 0; - if (algo == GCRY_ECC_CURVE25519) + if (curveid == GCRY_ECC_CURVE25519) len = ECC_CURVE25519_BYTES; - else if (algo == GCRY_ECC_CURVE448) + else if (curveid == GCRY_ECC_CURVE448) len = ECC_CURVE448_BYTES; return len; } gpg_error_t -_gcry_ecc_mul_point (int algo, unsigned char *result, +_gcry_ecc_mul_point (int curveid, unsigned char *result, const unsigned char *scalar, const unsigned char *point) { unsigned int nbits; @@ -73,12 +73,12 @@ _gcry_ecc_mul_point (int algo, unsigned char *result, unsigned int len; unsigned char *buf; - if (algo == GCRY_ECC_CURVE25519) + if (curveid == GCRY_ECC_CURVE25519) curve = "Curve25519"; - else if (algo == GCRY_ECC_CURVE448) + else if (curveid == GCRY_ECC_CURVE448) curve = "X448"; else - return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + return gpg_error (GPG_ERR_UNKNOWN_CURVE); err = prepare_ec (&ec, curve); if (err) diff --git a/compat/compat.c b/compat/compat.c index 8b001de3..88f20c13 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -31,8 +31,8 @@ _gcry_compat_identification (void) "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2018 g10 Code GmbH\n" - "Copyright (C) 2013-2018 Jussi Kivilinna\n" + "Copyright (C) 2012-2021 g10 Code GmbH\n" + "Copyright (C) 2013-2021 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" "\n\n"; diff --git a/configure.ac b/configure.ac index 6a2051a9..bcbd16d7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Configure.ac script for Libgcrypt # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, # 2007, 2008, 2009, 2011 Free Software Foundation, Inc. -# Copyright (C) 2012-2017 g10 Code GmbH +# Copyright (C) 2012-2021 g10 Code GmbH # # This file is part of Libgcrypt. # @@ -31,7 +31,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libgcrypt]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [9]) -m4_define([mym4_micro], [0]) +m4_define([mym4_micro], [1]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 9c0a3463..11c1549f 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2135,6 +2135,7 @@ S-expressions. * Available algorithms:: Algorithms supported by the library. * Used S-expressions:: Introduction into the used S-expression. * Cryptographic Functions:: Functions for performing the cryptographic actions. +* Dedicated ECC Functions:: Dedicated functions for elliptic curves. * General public-key related Functions:: General functions, not implementing any cryptography. @end menu @@ -2142,8 +2143,7 @@ S-expressions. @section Available algorithms Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well -as DSA (Digital Signature Algorithm) and Elgamal. The versatile -interface allows to add more algorithms in the future. +as DSA (Digital Signature Algorithm), Elgamal, ECDSA, ECDH, and EdDSA. @node Used S-expressions @section Used S-expressions @@ -2151,7 +2151,7 @@ interface allows to add more algorithms in the future. Libgcrypt's API for asymmetric cryptography is based on data structures called S-expressions (see @uref{http://people.csail.mit.edu/@/rivest/@/sexp.html}) and does not work -with contexts as most of the other building blocks of Libgcrypt do. +with contexts/handles as most of the other building blocks of Libgcrypt do. @noindent The following information are stored in S-expressions: @@ -2797,6 +2797,42 @@ to indicate that the signature does not match the provided data. @end deftypefun @c end gcry_pk_verify + +@node Dedicated ECC Functions +@section Dedicated functions for elliptic curves. + +@noindent +The S-expression based interface is for certain operations on elliptic +curves not optimal. Thus a few special functions are implemented to +support common operations on curves with one of these assigned curve +ids: + +@table @code +@item GCRY_ECC_CURVE25519 +@item GCRY_ECC_CURVE448 +@end table + +@deftypefun @w{unsigned int} gcry_ecc_get_algo_keylen (@w{int @var{curveid}}); + +Returns the length in bytes of a point on the curve with the id +@var{curveid}. 0 is returned for curves which have no assigned id. +@end deftypefun + + +@deftypefun gpg_error_t gcry_ecc_mul_point @ + (@w{int @var{curveid}}, @ + @w{unsigned char *@var{result}}, @ + @w{const unsigned char *@var{scalar}}, @ + @w{const unsigned char *@var{point}}) + +This function computes the scalar multiplication on the Montgomery +form of the curve with id @var{curveid}. If @var{point} is NULL the +base point of the curve is used. The caller needs to provide a large +enough buffer for @var{result} and a valid @var{scalar} and +@var{point}. +@end deftypefun + + @node General public-key related Functions @section General public-key related Functions diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 5668e625..e77b6e74 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -946,7 +946,7 @@ enum gcry_cipher_algos GCRY_CIPHER_SALSA20R12 = 314, GCRY_CIPHER_GOST28147 = 315, GCRY_CIPHER_CHACHA20 = 316, - GCRY_CIPHER_GOST28147_MESH = 317, /* GOST 28247 with optional CryptoPro keymeshing */ + GCRY_CIPHER_GOST28147_MESH = 317, /* With CryptoPro key meshing. */ GCRY_CIPHER_SM4 = 318 }; @@ -1215,11 +1215,11 @@ enum gcry_ecc_curves }; /* Get the length of point to prepare buffer for the result. */ -unsigned int gcry_ecc_get_algo_keylen (int algo); +unsigned int gcry_ecc_get_algo_keylen (int curveid); /* Convenience function to compute scalar multiplication of the - Montgomery form of curve. */ -gpg_error_t gcry_ecc_mul_point (int algo, unsigned char *result, + * Montgomery form of curve. */ +gpg_error_t gcry_ecc_mul_point (int curveid, unsigned char *result, const unsigned char *scalar, const unsigned char *point); diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index b85d4947..f87d0d05 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright © 2017 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright © 2021 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" diff --git a/src/visibility.c b/src/visibility.c index eb0d7e3e..8cda962c 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1113,16 +1113,16 @@ gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx) } unsigned int -gcry_ecc_get_algo_keylen (int algo) +gcry_ecc_get_algo_keylen (int curveid) { - return _gcry_ecc_get_algo_keylen (algo); + return _gcry_ecc_get_algo_keylen (curveid); } gpg_error_t -gcry_ecc_mul_point (int algo, unsigned char *result, +gcry_ecc_mul_point (int curveid, unsigned char *result, const unsigned char *scalar, const unsigned char *point) { - return _gcry_ecc_mul_point (algo, result, scalar, point); + return _gcry_ecc_mul_point (curveid, result, scalar, point); } gcry_error_t |