[PATCH] Update NEWS
NIIBE Yutaka
gniibe at fsij.org
Tue Feb 2 09:48:38 CET 2016
On 01/29/2016 06:11 PM, Werner Koch wrote:
> I would like to get libgcrypt 1.7 out soon. The following topics need
> to be addressed before a release:
>
> - Addition of a new DRNG to replace or the X9.31 RNG we use for in FIPS
> mode. Quite some time ago Stephan Mueller posted an implementation
> which can be used for this.
>
> - Add a test to check our Curve25519 implementation against the test
> vectors from RFC-7748 (Elliptic Curves for Security).
I'm going to add a test. We have a small API issue, here.
In RFC-7748, the function X25519 is defined as it cares input scalar
MSB and LSBs. In libgcrypt, _gcry_mpi_ec_mul_point does not handle
those bit-handling. For ecc_encrypt_raw, it is up to users (for
example, GnuPG) to make sure those bits correctness. For
ecc_decrypt_raw, private key scalar is guaranteed to be correct by
ecc_generate.
I think that it is OK to implement this bit-handling within the test
program.
> - Check that all constant-time improvements gniibe posted are applied.
We have a patch to libgcrypt-1.6, which can be also applied to master.
It's waiting coordination.
> - Check whether there are important things left in the bug tracker.
I will check, too.
--
More information about the Gcrypt-devel
mailing list