Libgcrypt 1.6.3 released (with SCA fix)

Werner Koch wk at gnupg.org
Fri Feb 27 21:39:05 CET 2015


Hello!

The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.3.  This is a security fix release to mitigate two new side
channel attacks.

Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other protocols.
Thorough understanding of applied cryptography is required for proper
use Libgcrypt.


Noteworthy changes in version 1.6.3 
===================================

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Improved asm support for older toolchains.


Download
========

Source code is hosted at the GnuPG FTP server and its mirrors as listed
at http://www.gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.bz2 (2436k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.bz2.sig

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.gz (2893k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.gz.sig

In order to check that the version of Libgcrypt you are going to build
is an original and unmodified one, you can do it in one of the following
ways:

 * Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.6.3.tar.bz2 you would use this
   command:

     gpg --verify libgcrypt-1.6.3.tar.bz2.sig libgcrypt-1.6.3.tar.bz2

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by one of the release signing keys. 
   See https://gnupg.org/signature_key.html .

 * If you are not able to use GnuPG, you have to verify the SHA-1
   checksum:

     sha1sum libgcrypt-1.6.3.tar.bz2

   and check that the output matches the first line from the
   following list:

9456e7b64db9df8360a1407a38c8c958da80bbf1  libgcrypt-1.6.3.tar.bz2
4d56b5d754d39acae239f876537672e1dc8298e3  libgcrypt-1.6.3.tar.gz


Copying
=======

Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require these additional notices are distributed.


Support
=======

For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel mailing
list for discussion.


Thanks
======

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.  Niibe Yutaka did most of the work on fixing the side channel
attacks.  Special thanks to
 a) Daniel Genkin and his team for working with us on the fix for the
    "radioexp" attack,
 b) Yuval Yarum and its team for advance information on their new cache
    attack and sample code on how to fix it.

Since the start of the GnuPG funding campaign in December several
thousand people have been kind enough to donate a total of 250000 Euro
to support this project.  In addition the Linux Foundation gave a grant
of $ 60000 for 2015, Stripe.com and Facebook.com each pledged $ 50000
per year.

I am amazed by this superb and unexpected support for the GnuPG project.
This will not only allow us to continue the project and hire a second
full time developer but gives us also the resources to improve things
which have been delayed for too long.

*Thank you all !*


Happy hacking,

  Werner


[1] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html

p.s.
This is a announcement only mailing list.  Please send replies only to
the gcrypt-devel at gnupg.org mailing lists.
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20150227/fdb445ed/attachment.sig>


More information about the Gcrypt-devel mailing list