Release 1.7.0libgcrypt-1.7.0

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 146 insertions, 59 deletions

diff --git a/NEWS b/NEWS
index 7b53c1a3..254b2055 100644
--- a/NEWS
+++ b/NEWS
@@ -1,81 +1,168 @@
-Noteworthy changes in version 1.7.0 (unreleased)
+Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
 ------------------------------------------------
 
- * Added emulation for broken Whirlpool code prior to 1.6.0.
+ * New algorithms and modes:
 
- * Added support for curve sec256k1.
+   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
 
- * Added support for curves GOST R 34.10-2001 and GOST R 34.10-2012.
+   - SHAKE128 and SHAKE256 extendable-output hash algorithms.
 
- * Improved performance of KDF functions.
+   - ChaCha20 stream cipher.
 
- * Improved ECDSA compliance.
+   - Poly1305 message authentication algorithm
 
- * Moved locking out to libgpg-error.
+   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
+     mode.
 
- * Fixed message digest lookup by OID (regression in 1.6.0).
+   - OCB mode.
 
- * Fixed a build problem on NetBSD.
+   - HMAC-MD2 for use by legacy applications.
 
- * Fixed memory leaks in ECC code.
+ * New curves for ECC:
 
- * Fixed some asm build problems and feature detection bugs.
+   - Curve25519.
 
- * Added OCB mode.
+   - sec256k1.
 
- * Added support for the SHA3-224, SHA3-256, SHA3-384 and SHA3-512
-   hash algorithms.
+   - GOST R 34.10-2001 and GOST R 34.10-2012.
+
+ * Performance:
+
+   - Improved performance of KDF functions.
+
+   - Assembler optimized implementations of Blowfish and Serpent on
+     ARM.
+
+   - Assembler optimized implementation of 3DES on x86.
+
+   - Improved AES using the SSSE3 based vector permutation method by
+     Mike Hamburg.
+
+   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
+     about 20% faster than SSSE3 and more than 100% faster than the
+     generic C implementation.
+
+   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
+
+   - 60-90% speedup for Whirlpool on x86.
+
+   - 300% speedup for RIPE MD-160.
+
+   - Up to 11 times speedup for CRC functions on x86.
+
+ * Other features:
+
+   - Improved ECDSA and FIPS 186-4 compliance.
+
+   - Support for Montgomery curves.
+
+   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
+     algorithm.
+
+   - gcry_mpi_ec_sub to subtract two points on a curve.
+
+   - gcry_mpi_ec_decode_point to decode an MPI into a point object.
+
+   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]
 
- * Added support for the SHAKE128 and SHAKE256 extendable-output
-   function algorithms.
+   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
+     hash part.
 
- * Added support for the ChaCha20 stream cipher.
+   - Parameter "saltlen" to set a non-default salt length for RSA PSS.
 
- * Added support for the Poly1305 message authentication algorithm and
-   ChaCha20-Poly1305 Authenticated Encryption with Associated Data
-   mode.
+   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
+     random number generator.
 
- * New flag "no-keytest" for ECC key generation.  Due to a bug in the
-   parser that flag will also be accepted but ignored by older version
-   of Libgcrypt.
+   - Map deprecated RSA algo number to the RSA algo number for better
+     backward compatibility. [from 1.6.2]
+
+   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
+     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
+     [from 1.6.3]
+
+   - Fixed data-dependent timing variations in modular exponentiation
+     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
+      are Practical]. [from 1.6.3]
+
+   - Flag "no-keytest" for ECC key generation.  Due to a bug in
+     the parser that flag will also be accepted but ignored by older
+     version of Libgcrypt. [from 1.6.4]
+
+   - Speed up the random number generator by requiring less extra
+     seeding. [from 1.6.4]
+
+   - Always verify a created RSA signature to avoid private key leaks
+     due to hardware failures. [from 1.6.4]
+
+   - Mitigate side-channel attack on ECDH with Weierstrass curves
+     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
+     details. [from 1.6.5]
+
+ * Internal changes:
+
+   - Moved locking out to libgpg-error.
+
+   - Support of the SYSROOT envvar in the build system.
+
+   - Refactor some code.
+
+   - The availability of a 64 bit integer type is now mandatory.
+
+ * Bug fixes:
+
+   - Fixed message digest lookup by OID (regression in 1.6.0).
+
+   - Fixed a build problem on NetBSD
+
+   - Fixed memory leaks in ECC code.
+
+   - Fixed some asm build problems and feature detection bugs.
 
  * Interface changes relative to the 1.6.0 release:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- gcry_mac_get_algo               NEW.
- gcry_md_extract                 NEW.
- GCRY_MAC_HMAC_MD2               NEW.
- GCRY_MD_FLAG_BUGEMU1            NEW.
- GCRYCTL_SET_SBOX                NEW.
- gcry_cipher_set_sbox            NEW macro.
- GCRY_MD_GOSTR3411_CP            NEW.
- GCRY_MD_SHA3_224                NEW.
- GCRY_MD_SHA3_256                NEW.
- GCRY_MD_SHA3_384                NEW.
- GCRY_MD_SHA3_512                NEW.
- GCRY_MD_SHAKE128                NEW.
- GCRY_MD_SHAKE256                NEW.
- GCRY_MAC_HMAC_SHA3_224          NEW.
- GCRY_MAC_HMAC_SHA3_256          NEW.
- GCRY_MAC_HMAC_SHA3_384          NEW.
- GCRY_MAC_HMAC_SHA3_512          NEW.
- GCRY_MAC_POLY1305               NEW.
- GCRY_MAC_POLY1305_AES           NEW.
- GCRY_MAC_POLY1305_CAMELLIA      NEW.
- GCRY_MAC_POLY1305_TWOFISH       NEW.
- GCRY_MAC_POLY1305_SERPENT       NEW.
- GCRY_MAC_POLY1305_SEED          NEW.
- gcry_mpi_ec_sub                 NEW.
- gcry_mpi_ec_decode_point        NEW.
- GCRY_CIPHER_MODE_POLY1305       NEW.
- GCRY_CIPHER_MODE_OCB            NEW.
- GCRY_CIPHER_MODE_CFB8           NEW constant.
- GCRYCTL_SET_TAGLEN              NEW.
- GCRYCTL_GET_TAGLEN              NEW.
- gcry_cipher_final               NEW macro.
- GCRY_PK_EDDSA                   NEW constant.
-
-
-Noteworthy changes in version 1.6.0 (2013-12-16)
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+   gcry_cipher_final               NEW macro.
+   GCRY_CIPHER_MODE_CFB8           NEW constant.
+   GCRY_CIPHER_MODE_OCB            NEW.
+   GCRY_CIPHER_MODE_POLY1305       NEW.
+   gcry_cipher_set_sbox            NEW macro.
+   gcry_mac_get_algo               NEW.
+   GCRY_MAC_HMAC_MD2               NEW.
+   GCRY_MAC_HMAC_SHA3_224          NEW.
+   GCRY_MAC_HMAC_SHA3_256          NEW.
+   GCRY_MAC_HMAC_SHA3_384          NEW.
+   GCRY_MAC_HMAC_SHA3_512          NEW.
+   GCRY_MAC_POLY1305               NEW.
+   GCRY_MAC_POLY1305_AES           NEW.
+   GCRY_MAC_POLY1305_CAMELLIA      NEW.
+   GCRY_MAC_POLY1305_SEED          NEW.
+   GCRY_MAC_POLY1305_SERPENT       NEW.
+   GCRY_MAC_POLY1305_TWOFISH       NEW.
+   gcry_md_extract                 NEW.
+   GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
+   GCRY_MD_GOSTR3411_CP            NEW.
+   GCRY_MD_SHA3_224                NEW.
+   GCRY_MD_SHA3_256                NEW.
+   GCRY_MD_SHA3_384                NEW.
+   GCRY_MD_SHA3_512                NEW.
+   GCRY_MD_SHAKE128                NEW.
+   GCRY_MD_SHAKE256                NEW.
+   gcry_mpi_ec_decode_point        NEW.
+   gcry_mpi_ec_sub                 NEW.
+   GCRY_PK_EDDSA                   NEW constant.
+   GCRYCTL_GET_TAGLEN              NEW.
+   GCRYCTL_SET_SBOX                NEW.
+   GCRYCTL_SET_TAGLEN              NEW.
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Version 1.6.5 (2016-02-09) [C20/A0/R5]
+Version 1.6.4 (2015-09-08) [C20/A0/R4]
+Version 1.6.3 (2015-02-27) [C20/A0/R3]
+Version 1.6.2 (2014-08-21) [C20/A0/R2]
+Version 1.6.1 (2014-01-29) [C20/A0/R1]
+
+
+Noteworthy changes in version 1.6.0 (2013-12-16) [C20/A0/R0]
 ------------------------------------------------
 
  * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is