[ANNOUNCE] WireGuard Snapshot `0.0.20171211` Available

Jason A. Donenfeld Jason at zx2c4.com
Mon Dec 11 01:32:53 CET 2017

Hash: SHA256


A new snapshot, `0.0.20171211`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * curve25519: explictly depend on AS_AVX
  * curve25519: modularize dispatch
  It's now much cleaner to see which implementation we're calling, and it will
  be simpler to add more implementations in the future.
  * compat: support RAP in assembly
  This should fix PaX/Grsecurity support.
  * device: do not clear keys during sleep on Android
  While we want to clear keys when going to sleep on ordinary Linux, this
  doesn't make sense in the Android world, where phones often sleep but are
  woken up every few milliseconds by the radios to process packets.
  * compat: fix 3.10 backport
  Important compat fixes for non-x86.
  * device: clear last handshake timer on ifdown
  When bringing up an interface, we don't want the rate limiting to handshakes
  to apply.
  * netlink: rename symbol to avoid clashes
  Allows coexistance with horrible Android drivers.
  * kernel-tree: jury rig is the more common spelling
  * tools: no need to put this on the stack
  * blake2s-x86_64: fix spacing
  Small fixes.
  * contrib: keygen-html for generating keys in the browser
  This was covered here:
  * tools: remove undocumented unused syntax
  Not only did nobody know about this or use it, but the implementation actually
  exposed compiler bugs in Qualcomm's "Snapdragon Clang".
  * poly1305: update x86-64 kernel to AVX512F only
  From Samuel Neves, this pulls in Andy Polyakov's changes to only require F and
  not VL for the Poly implementation.
  * chacha20-arm: fix with clang -fno-integrated-as.
  This pulls in David Benjamin's clang fix.
  * global: add SPDX tags to all files
  From Greg KH, we now have SPDX annotations on all files, matching upstream
  kernel's new approach to file licenses.
  * chacha20poly1305: cleaner generic code
  This entirely removes the last remains of Martin Willi's ChaCha
  implementation, and now the generic C implementation is extremely small and
  clearly written, while delivering a small performance boost too.
  * poly1305: fix avx512f alignment bug
  Unlucky people may have had their linkers misalign a constant. This fixes that
  * chacha20: avx512vl implementation
  From Samuel Neves, this imports Andy Polyakov's AVX512VL implementation of
  ChaCha which should have a ~50% performance improvement over AVX2, though it
  is still much slower than our AVX512F implementation.
  * chacha20poly1305: wire up avx512vl for skylake-x
  Some Skylake machines do not have two FMA units (though others do), so we
  prefer the AVX512VL implementation over the should-be-faster AVX512F
  implementation on those machines. What's needed now is to read the PIROM in
  order to determine at runtime whether the particular Skylake-X machine
  actually has the second FMA unit or not, but until that happens, we just fall
  back to the VL implementation for all Skylake-X.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: 57d799d35e92c905e548d00adeb7ed1ead4d6560f084c99e5aae0a87b4eb09e4
  BLAKE2b-256: 7cdaae2f6a6886b8cb86d0cdb2170c22447dda8fa247f10924f920e14d8f51e9

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list