1 NEWS for the Nettle 3.2 release
5 * The SHA3 implementation is updated according to the FIPS 202
6 standard. It is not interoperable with earlier versions of
7 Nettle. Thanks to Nikos Mavrogiannopoulos. To easily
8 differentiate at compile time, sha3.h defines the constant
11 * Fix corner-case carry propagation bugs affecting elliptic
12 curve operations on the curves secp_256r1 and secp_384r1 on
13 certain platforms, including x86_64. Reported by Hanno Böck.
17 * New functions for RSA private key operations, identified by
18 the "_tr" suffix, with better resistance to side channel
19 attacks and to hardware or software failures which could
20 break the CRT optimization. See the Nettle manual for
21 details. Initial patch by Nikos Mavrogiannopoulos.
23 * New functions nettle_version_major, nettle_version_minor, as
24 a run-time variant of the compile-time constants
25 NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR.
29 * New ARM Neon implementation of the chacha stream cipher.
33 * ABI detection on mips, with improved default libdir
34 location. Contributed by Klaus Ziegler.
36 * Fixes for ARM assembly syntax, to work better with the clang
37 assembler. Thanks to Jukka Ukkonen.
39 * Disabled use of ifunc relocations for fat builds, to fix
40 problems most easily triggered by using dlopen RTLD_NOW.
42 The shared library names are libnettle.so.6.2 and
43 libhogweed.so.4.2, with sonames still libnettle.so.6 and
44 libhogweed.so.4. It is intended to be fully binary compatible
47 NEWS for the Nettle 3.1.1 release
49 This release fixes a couple of non-critical bugs.
53 * By accident, nettle-3.1 disabled the assembly code for the
54 secp_224r1 and secp_521r1 elliptic curves on all x86_64
55 configurations, making signature operations on those curves
56 10%-30% slower. This code is now re-enabled.
58 * The x86_64 assembly implementation of gcm hashing has been
59 fixed to work with the Sun/Oracle assembler.
61 The shared library names are libnettle.so.6.1 and
62 libhogweed.so.4.1, with sonames still libnettle.so.6 and
63 libhogweed.so.4. It is intended to be fully binary compatible
66 NEWS for the Nettle 3.1 release
68 This release adds a couple of new features.
70 The library is mostly source-level compatible with nettle-3.0.
71 It is however not binary compatible, due to the introduction
72 of versioned symbols, and extensions to the base64 context
73 structs. The shared library names are libnettle.so.6.0 and
74 libhogweed.so.4.0, with sonames libnettle.so.6 and
79 * Fixed a missing include of <limits.h>, which made the
80 camellia implementation fail on all 64-bit non-x86
83 * Eliminate out-of-bounds reads in the C implementation of
84 memxor (related to valgrind's --partial-loads-ok flag).
88 * Declarations of many internal functions are moved from ecc.h
89 to ecc-internal.h. The functions are undocumented, and
90 luckily they're apparently also unused by applications, so I
91 don't expect any problems from this change.
95 * Support for curve25519 and for EdDSA25519 signatures.
97 * Support for "fat builds" on x86_64 and arm, where the
98 implementation of certain functions is selected at run-time
99 depending on available cpu features. Configure with
100 --enable-fat to try this out. If it turns out to work well
101 enough, it will likely be enabled by default in later
104 * Support for building the hogweed library (public key
105 support) using "mini-gmp", a small but slower implementation
106 of a subset of the GMP interfaces. Note that builds using
107 mini-gmp are *not* binary compatible with regular builds,
108 and more likely to leak side-channel information.
110 One intended use-case is for small embedded applications
111 which need to verify digital signatures.
113 * The shared libraries are now built with versioned symbols.
114 Should reduce problems in case a program links explicitly to
115 nettle and/or hogweed, and to gnutls, and the program and
116 gnutls expect different versions.
118 * Support for "URL-safe" base64 encoding and decoding, as
119 specified in RFC 4648. Contributed by Amos Jeffries.
123 * New x86_64 implementation of AES, using the "aesni"
124 instructions. Autodetected in fat builds. In non-fat builds,
125 it has to be enabled explicitly with --enable-x86-aesni.
129 * Use the same object files for both static and shared
130 libraries. This eliminates the *.po object files which were
131 confusing to some tools (as well as humans). Like before,
132 PIC code is used by default; to build a non-pic static
133 library, configure with --disable-pic --disable-shared.
137 * Made type-checking hack in CBC_ENCRYPT and similar macros
138 stricter, to generate warnings if they are used with
139 functions which have a length argument smaller than size_t.
141 NEWS for the Nettle 3.0 release
143 This is a major release, including several interface changes,
144 and new features, some of which are a bit experimental.
145 Feedback is highly appreciated.
147 It is *not* binary (ABI) compatible with earlier versions. It
148 is mostly source-level (API) compatible, with a couple of
149 incompatibilities noted below. The shared library names are
150 libnettle.so.5.0 and libhogweed.so.3.0, with sonames
151 libnettle.so.5 and libhogweed.so.3.
153 There may be some problems in the new interfaces and new
154 features which really need incompatible fixes. It is likely
155 that there will be an update in the form of a 3.1 release in
156 the not too distant future, with small but incompatible
157 changes, and if that happens, bugfix-only releases 3.0.x are
158 unlikely. Users and applications which desire better API and
159 ABI stability are advised to stay with nettle-2.7.x (latest
160 version is now 2.7.1) until the dust settles.
164 * For the many _set_key functions, it is now consider the
165 normal case to have a fixed key size, with no key_size
166 arguments. _set_key functions with a length parameter are
167 provided only for algorithms with a truly variable keysize,
168 and where it makes sense for backwards compatibility.
170 INCOMPATIBLE CHANGE: cast128_set_key no longer accepts a key
171 size argument. The old function is available under a new
174 INCOMPATIBLE CHANGE: The function typedef
175 nettle_set_key_func no longer accepts a key size argument.
176 In particular, this affects users of struct nettle_cipher.
178 * The nettle_cipher abstraction (in nettle-meta.h) is
179 restricted to block ciphers only. The encrypt and decrypt
180 functions now take a const argument for the context.
182 INCOMPATIBLE CHANGE: nettle_arcfour, i.e., the nettle_cipher
183 abstraction for the arcfour stream cipher, is deleted.
185 INCOMPATIBLE CHANGE: New type, nettle_cipher_func, for the
186 encrypt and decrypt fields of struct nettle_cipher.
188 * New DSA interface, with a separate struct dsa_param to
189 represent the underlying group, and generalized dsa_sign and
190 dsa_verify functions which don't care about the hash
191 function used. Limited backwards compatibility provided in
194 INCOMPATIBLE CHANGE: Declarations of the old interface,
195 e.g., struct dsa_public_key, dsa_sha1_sign, etc, is moved to
198 INCOMPATIBLE CHANGE: The various key conversion functions,
199 e.g., dsa_keypair_to_sexp, all use the new DSA interface, with
200 no backwards compatible functions.
202 INCOMPATIBLE CHANGE: dsa_generate_keypair also uses the new
203 interface. dsa-compat.h declares a function
204 dsa_compat_generate_keypair, implementing the old
205 interface, and #defines dsa_generate_keypair to refer to
206 this backwards compatible function.
208 * New AES and Camellia interfaces. There are now separate
209 context structs for each key size, e.g., aes128_ctx and
210 camellia256_ctx, and corresponding new functions. The old
211 interface, with struct aes_ctx and struct camellia_ctx, is
212 kept for backwards compatibility, but might be removed in
215 * The type of most length arguments is changed from unsigned
216 to size_t. The memxor functions have their pointer arguments
217 changed from uint8_t * to void *, for consistency with
218 related libc functions.
220 * For hash functions, the constants *_DATA_SIZE have been
221 renamed to *_BLOCK_SIZE. Old names kept for backwards
226 * The nettle_next_prime function has been deleted.
227 Applications should use GMP's mpz_nextprime instead.
229 * Deleted the RSAREF compatibility, including the header file
230 rsa-compat.h and everything declared therein.
232 * Also under consideration for removal is des-compat.h and
233 everything declared therein. This implements a subset of the
234 old libdes/ssleay/openssl interface for DES and triple-DES,
235 and it is poorly tested. If anyone uses this interface,
236 please speak up! Otherwise, it will likely be removed in the
241 * Building with ./configure --disable-static now works.
243 * Use GMP's allocation functions for temporary storage related
244 to bignums, to avoid potentially large stack allocations.
246 * Fixes for shared libraries on M$ Windows.
250 * Support for Poly1305-AES MAC.
252 * Support for the ChaCha stream cipher and EXPERIMENTAL
253 support for the ChaCha-Poly1305 AEAD mode. Specifications
254 are still in flux, and future releases may do incompatible
255 changes to track standardization. Currently uses 256-bit key
258 * Support for EAX mode.
260 * Support for CCM mode. Contributed by Owen Kirby.
262 * Additional variants of SHA512 with output size of 224 and
263 256 bits. Contributed by Joachim Strömbergson.
265 * New interface, struct nettle_aead, for mechanisms providing
266 authenticated encryption with associated data (AEAD).
268 * DSA: Support a wider range for the size of q and a wider
269 range for the digest size.
273 * New x86_64 assembly for GCM and MD5. Modest speedups on the
278 * SHA3 is now documented as EXPERIMENTAL. Nettle currently
279 implements SHA3 as specified at the time Keccak won the SHA3
280 competition. However, the final standard specified by NIST
281 is likely to be incompatible, in which case future releases
282 may do incompatible changes to track standardization.
284 * The portability fix for the rotation macros, mentioned in
285 NEWS for 2.7.1, actually didn't make it into that release.
288 * cast128_set_key rewritten for clarity, also eliminating a
289 couple of compiler warnings.
291 * New command line tool nettle-pbkdf2.
293 NEWS for the 2.7.1 release
295 This is a bugfix release.
299 * Fixed a bug in the new ECC code. The ecc_j_to_a function
300 called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
301 input and output arguments, which is not supported.
303 * The assembly files for SHA1, SHA256 and AES depend on ARMv6
304 instructions, breaking nettle-2.7 for pre-v6 ARM processors.
305 The configure script now enables those assembly files only
306 when building for ARMv6 or later.
308 * Use a more portable C expression for rotations. The
309 previous version used the following "standard" expression
312 (x << n) | (x >> (32 - n))
314 But this gives undefined behavior (according to the C
315 specification) for n = 0. The rotate expression is replaced
316 by the more portable:
318 (x << n) | (x >> ((-n)&31))
320 This change affects only CAST128, which uses non-constant
321 rotation counts. Unfortunately, the new expression is poorly
322 optimized by released versions of gcc, making CAST128 a bit
323 slower. This is being fixed by the gcc hackers, see
324 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
326 The following problems have been reported, but are *not* fixed
329 * ARM assembly files use instruction syntax which is not
330 supported by all assemblers. Workaround: Use a current
331 version of GNU as, or configure with --disable-assembler.
333 * Configuring with --disable-static doesn't work on windows.
335 The libraries are intended to be binary compatible with
336 nettle-2.2 and later. The shared library names are
337 libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
338 libnettle.so.4 and libhogweed.so.2.
340 NEWS for the 2.7 release
342 This release includes an implementation of elliptic curve
343 cryptography (ECC) and optimizations for the ARM architecture.
344 This work was done at the offices of South Pole AB, and
345 generously funded by the .SE Internet Fund.
349 * Fixed a bug in the buffer handling for incremental SHA3
350 hashing, with a possible buffer overflow. Patch by Edgar
355 * Support for ECDSA signatures. Elliptic curve operations over
356 the following curves: secp192r1, secp224r1, secp256r1,
357 secp384r1 and secp521r1, including x86_64 and ARM assembly
358 for the most important primitives.
360 * Support for UMAC, including x86_64 and ARM assembly.
362 * Support for 12-round salsa20, "salsa20r12", as specified by
363 eSTREAM. Contributed by Nikos Mavrogiannopoulos.
367 * ARM assembly code for several additional algorithms,
368 including AES, Salsa20, and the SHA family of hash
371 * x86_64 assembly for SHA256, SHA512, and SHA3. (SHA3 assembly
372 was included in the 2.6 release, but disabled due to poor
373 performance on some AMD processors. Hopefully, that
374 performance problem is fixed now).
376 The ARM code was tested and benchmarked on Cortex-A9. Some of
377 the functions use "neon" instructions. The configure script
378 decides if neon instructions can be used, and the command line
379 options --enable-arm-neon and --disable-arm-neon can be used
380 to override its choice. Feedback appreciated.
382 The libraries are intended to be binary compatible with
383 nettle-2.2 and later. The shared library names are
384 libnettle.so.4.6 and libhogweed.so.2.4, with sonames still
385 libnettle.so.4 and libhogweed.so.2.
387 NEWS for the 2.6 release
391 * Fixed a bug in ctr_crypt. For zero length (which should be a
392 NOP), it sometimes incremented the counter. Reported by Tim
395 * Fixed a small memory leak in nettle_realloc and
400 * Support for PKCS #5 PBKDF2, to generate a key from a
401 password or passphrase. Contributed by Simon Josefsson.
402 Specification in RFC 2898 and test vectors in RFC 6070.
406 * Support for the GOST R 34.11-94 hash algorithm. Ported from
407 librhash by Nikos Mavrogiannopoulos. Written by Aleksey
408 Kravchenko. More information in RFC4357. Test vectors taken
409 from the GOST hash wikipedia page.
413 * The include file <nettle/sha.h> has been split into
414 <nettle/sha1.h> and <nettle/sha2.h>. For now, sha.h is kept
415 for backwards compatibility and it simply includes both
416 files, but applications are encouraged to use the new names.
417 The new SHA3 functions are declared in <nettle/sha3.h>.
419 * Testsuite can be run under valgrind, using
421 make check EMULATOR='$(VALGRIND)'
423 For this to work, test programs and other executables now
426 * New configure options --disable-documentation and
427 --disable-static. Contributed by Sam Thursfield and Alon
428 Bar-Lev, respectively.
430 * The section on hash functions in the manual is split into
431 separate nodes for recommended hash functions and legacy
434 * Various smaller improvements, most of them portability
435 fixes. Credits go to David Woodhouse, Tim Rühsen, Martin
436 Storsjö, Nikos Mavrogiannopoulos, Fredrik Thulin and Dennis
439 Finally, a note on the naming of the various "SHA" hash
440 functions. Naming is a bit inconsistent; we have, e.g.,
443 SHA2: sha256_digest (not sha2_256_digest)
444 SHA3: sha3_256_digest
446 Renaming the SHA2 functions to make Nettle's naming more
447 consistent has been considered, but the current naming follows
448 common usage. Most documents (including the specification for
449 SHA2) refer to 256-bit SHA2 as "SHA-256" or "SHA256" rather
452 The libraries are intended to be binary compatible with
453 nettle-2.2 and later. The shared library names are
454 libnettle.so.4.5 and libhogweed.so.2.3, with sonames still
455 libnettle.so.4 and libhogweed.so.2
457 NEWS for the 2.5 release
459 This release includes important portability fixes for Windows
460 and MacOS. There are also a few new features.
462 First a *warning*: Some internal functions have been removed
463 from the library. Since the functions in question are internal
464 and not documented, this is not considered a change of ABI or
465 API. Programs explicitly using any of these functions will
468 * The function pkcs1_signature_prefix has been renamed to
469 _pkcs1_signature_prefix, and with slightly different
472 * The file nettle-internal.c is no longer included in the
473 library (the features defined there are used by the
474 benchmark and test programs, and were never intended for
479 * Support for the salsa20 stream cipher, including x86_64
480 assembler. Originally contributed by Simon Josefsson, based
481 on the reference implementation, then further optimized.
483 * Tentative interface for timing-resistant RSA functions,
484 contributed by Nikos Mavrogiannopoulos.
486 * A more general interface for PKCS#1 signatures, taking the
487 input in the form of a "DigestInfo". Suggested by Nikos
492 * Building of shared libraries (./configure --enable-shared)
493 is now enabled by default.
495 * Various portability fixes for MacOS and M$ Windows. A lot of
496 this work done by Martin Storsjö.
498 * In particular, Nettle now hopefully works on 64-bit Windows
499 builds, "W64", including the x86_64 assembly code.
503 * Documentation and example programs for the base16 and base64
504 functions. Was contributed by Jeronimo Pellegrini back in
505 2006, but unfortunately forgotten until now.
507 * Use an additional table to avoid GF2^8 multiplications in
508 aes_invert_key (mainly used by aes_set_decrypt_key). Also
509 tabulate round constants in aes_set_encrypt_key.
511 * The nettle repository has been migrated from cvs to git,
512 with a public repository at
513 http://git.lysator.liu.se/nettle. To make it independent of
514 the LSH repository, a few files have been moved around.
515 While at it, files have also been converted from latin-1 to
518 The libraries are intended to be binary compatible with
519 nettle-2.2 and later. The shared library names are
520 libnettle.so.4.4 and libhogweed.so.2.2, with sonames still
521 libnettle.so.4 and libhogweed.so.2
523 NEWS for the 2.4 release
525 This is a bugfix release only. It turned out ripemd160 in the
526 2.3 release was broken on all big-endian systems, due to a
527 missing include of config.h. nettle-2.4 fixes this.
529 The library is intended to be binary compatible with
530 nettle-2.2 and nettle-2.3. The shared library names are
531 libnettle.so.4.3 and libhogweed.so.2.1, with sonames still
532 libnettle.so.4 and libhogweed.so.2.
534 NEWS for the 2.3 release
536 * Support for the ripemd-160 hash function.
538 * Generates and installs nettle.pc and hogweed.pc files, for
539 use with pkg-config. Feedback appreciated. For projects
540 using autoconf, the traditional non-pkg-config ways of
541 detecting libraries, and setting LIBS and LDFLAGS, is still
544 * Fixed a bug which made the testsuite fail in the GCM test on
545 certain platforms. Should not affect any documented features
548 * Reorganization of the code for the various Merkle-Damgård
549 hash functions. Some fields in the context structs for md4,
550 md5 and sha1 have been renamed, for consistency.
551 Applications should not peek inside these structs, and the
554 * In the manual, fixed mis-placed const in certain function
557 The library is intended to be binary compatible with
558 nettle-2.2. The shared library names are libnettle.so.4.2 and
559 libhogweed.so.2.1, with sonames still libnettle.so.4 and
562 NEWS for the 2.2 release
566 * Relicensed as LGPL v2.1 or later (user's option).
568 * Replaced blowfish and serpent implementation. New code is
569 based on the LGPLed code in libgcrypt.
573 * Support for Galois/Counter Mode (GCM).
575 * New interface for enumerating (most) available algorithms,
576 contributed by Daniel Kahn Gillmor.
578 * New tool nettle-hash. Can generate hash digests using any
579 supported hash function, with output compatible with md5sum
580 and friends from GNU coreutils. Checking (like md5sum -c)
585 * The old serpent code had a byte order bug (introduced by
586 yours truly about ten years ago). New serpent implementation
587 does not interoperate with earlier versions of nettle.
589 * Fixed ABI-dependent libdir default for Linux-based systems
590 which do not follow the Linux File Hierarchy Standard, e.g.,
595 * x86_64 implemention of serpent.
597 * x86_64 implemention of camellia.
599 * Optimized memxor using word rather than byte operations.
600 Both generic C and x86_64 assembler.
602 * Eliminated a memcpy for in-place CBC decrypt.
606 * In command line tools, no longer support -? for requesting
607 help, since using it without shell quoting is a dangerous
608 habit. Use long option --help instead.
610 The shared library names are libnettle.so.4.1 and
611 libhogweed.so.2.1, with sonames libnettle.so.4 and
614 NEWS for the 2.1 release
616 *Important*: this release breaks source and binary
617 compatibility for the digital signature functions, and for the
618 DES and BLOWFISH ciphers which have weak keys.
620 Incompatible changes:
622 * The functions rsa_md5_sign, rsa_sha1_sign and
623 rsa_sha256_sign, and the corresponding _digest variants, now
624 have a return value which callers should check. The functions
625 return failure if the key is too small for the type of
628 * The functions dsa_sign and dsa_verify are renamed to
629 dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
630 renamed similarly. These functions now have a return value
631 which callers should check, and they return failure if the
632 number q is not of the appropriate size.
634 * The return value from des_set_key, des3_set_key and
635 blowfish_set_key now indicates whether or not the given key
636 is weak. But in either case, the key setup is done, and
637 applications that don't care about weak keys can ignore the
640 The incompatible part of this change is that enum des_error
641 and enum blowfish_error has been deleted, and so has the
642 status attribute in struct des_ctx, struct des3_ctx, and
645 The shared library names are libnettle.so.4.0 and
646 libhogweed.so.2.0, with sonames libnettle.so.4 and
651 * Support for the Camellia block cipher, including an
652 assembler implementation for x86_32.
654 * New function aes_invert_key, useful for applications that
655 need both encryption and decryption using the same AES key.
657 * des_set_key and des3_set_key no longer check the key parity
658 bits. Parity bits are silently ignored. A new function
659 des_check_parity is provided, for applications that care
660 about the DES parity bits.
662 * Support for sha224, sha384 and sha512.
664 * Support for digital signatures using rsa-sha512 and
665 dsa-sha256. Due to lack of official test vectors and interop
666 testing, this support should be considered somewhat
669 * Key generation for RSA and DSA changed to use Maurer's
670 algorithm to generate provably prime numbers (as usual, the
671 mathematical proof does not guaranteee that the
672 implementation is bug free).
674 * x86_64 assembler implementation actually included in the
675 distribution (was accidentally left out in nettle-2.0).
677 * Configure script now detects if the compiler uses a 32-bit
678 or 64-bit ABI on x86_64 (prevously did this for sparc only).
679 Also sets the default location for installing libraries
680 (libdir) depending on system type and the ABI used.
682 * Added the nettle and gmp libraries as dependencies when
683 linking shared library libhogweed.so. On systems using
684 shared libraries where such dependencies work (in
685 particular, ELF systems), it is sufficient to link
686 applications with -lhogweed. For static linking -lhogweed
687 -lnettle -lgmp is still required.
689 * The program pkcs1-conv is extended to also handle dsa keys.
690 Contributed by Magnus Holmgren.
692 * Slightly improved sha1 performance on x86.
694 NEWS for the 2.0 release
696 This release breaks binary compatibility by splitting the
697 library into two. Some other smaller changes that are not
698 backwards compatible are also done at the same time.
700 * The nettle library is split into two libraries, libnettle
701 and libhogweed. libnettle contains the symmetric crypto
702 algorithms that don't depend on GMP, while libhogweed
703 contains the public key algorithms that depend on GMP.
704 Using a single library worked fine with static linking, but
705 not with dynamic linking. Consider an application that uses
706 nettle and which doesn't use any public key cryptography. If
707 this application is linked dynamically to nettle, it would
708 have to be linked also with GMP if and only if public key
709 support was enabled when the nettle library was installed.
711 The library names are libnettle.so.3.0 and
712 libhogweed.so.1.0, with sonames libnettle.so.3 and
715 * Function typedefs have been changed to non-pointer types.
718 typedef void (nettle_hash_init_func *)(void *ctx);
720 of previous versions is replaced by
722 typedef void (nettle_hash_init_func)(void *ctx);
724 This makes it possible to use the type when declaring
727 nettle_hash_init_func foo_hash_init;
729 void foo_hash_init(void *ctx) { ... }
731 * Changes to the yarrow256 interface. The automatic seed file
732 generation, and the seed_file member in struct
733 yarrow256_ctx, has been removed. To generate a new seed
734 file, use yarrow256_random. The function
735 yarrow256_force_reseed has been replaced by the two
736 functions yarrow256_fast_reseed and yarrow256_slow_reseed,
737 which were previously static. This interface change makes it
738 easier to mix in the current content of the seed file before
739 overwriting it with newly generated data.
743 * Nettle manual now contributed to the public domain, to
744 enable remixing into documentation of programs that use
747 * The sexp-conv program preserves comments when using the
748 advanced syntax for output. Optionally locks the output
751 * The base64 decoder recognizes ASCII FF (form feed) and VT
752 (vertical tab) as white space.
754 * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
755 opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
758 * Performance of AES increased by 20-30% on x86.
760 * New programs in the examples directory: erathostenes and
763 NEWS for the 1.15 release
765 Added support for PKCS#1 style RSA signatures using SHA256,
766 according to RFC 3447. Currently lacks interoperability
769 Header files are now C++ aware, so C++ programs using Nettle
772 #include <nettle/foo.h>
777 #include <nettle/foo.h>
780 as was the recommendation for the previous version. This
781 breaks source-level compatibility with C++, even though
782 there's full binary compatibility.
784 The file rfc1750.txt (which is considered non-free by debian)
785 has been removed from the distribution. The file was used as input
786 for the Yarrow testcase, and has been replaced by the short
787 story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
788 obsoleted by RFC 4086.
790 Fixes for Darwin shared library support, contributed by Grant
793 Example programs now use a supplied getopt.c.
795 Configure tests for assemblers with a logarithmic .align
798 The library is intended to be upwards binary compatible with
799 earlier versions. The library name is libnettle.so.2.6, soname
800 is still libnettle.so.2.
802 NEWS for the 1.14 release
804 Experimental support for reading keys in PKCS#1 ASN1/DER
805 format, and a new command line tool pkcs1-conv.
807 Improved MD5 performance on x86.
809 Fixed support for sparc64.
811 Reorganized AES code. Better performance for all three
812 implementations (C, x86 assembler, sparc assembler).
814 New sparc assembler for arcfour. Compared to the code
815 generated by gcc, the new code is about 25% faster on old
816 sparcs, and 6 times faster on ultrasparc.
818 Replaced the internal function nettle_mpz_from_octets with a
819 call to mpz_import, if available in the installed GMP library.
821 More Makefile fixes; it now seems to work to build with
822 the the make programs on Solaris and FreeBSD (although
823 --disable-dependency-tracking is required for the latter).
825 The library is intended to be binary compatible with earlier
826 versions. The library name is libnettle.so.2.5, soname is
827 still libnettle.so.2.
829 NEWS for the 1.13 release
831 Fixed problem with broken m4 on bsd, which resulted in
832 corrupted x86 assembler for sha1.
834 Nettle probably works on windows: I've been able to cross
835 compile it with ./configure --host=i586-mingw32msvc (without
836 public-key support), and the testsuite binaries seem to run
839 Implemented CTR mode.
841 Improved sha1 performance on x86.
843 Configure check to figure out if symbols in assembler files
844 need a leading underscore.
846 Improved benchmark program. Displays cycles per byte and block,
847 and compares with openssl (if openssl is installed).
849 Terminating newline in output from sexp-conv --hash.
851 The library is intended to be binary compatible with earlier
852 versions. The library name is libnettle.so.2.4. However, the
853 interface for the internal function _nettle_sha1_compress has
854 changed; any program that calls this function directly will
857 NEWS for the 1.12 release
859 Fixed a bug in the configure script.
861 Updated the description of aes_set_encrypt_key and
862 aes_set_decrypt_key in the manual.
864 NEWS for the 1.11 release
866 Nettle no longer uses automake. Side effects:
868 * Dependency tracking is enabled only for gcc-3 (help with
869 supporting dependency tracking with other compilers is
872 * Makefile compatibility with make programs other than GNU
873 make is mostly unknown, please report any problems.
877 Fixes to the libdes compatibility code. Declarations should
878 now match openssl/libdes better. des_cbc_cksum pads
879 input with NUL's, if it's not an integral number of blocks (in
880 general, such unreversible padding is a bad idea).
882 By default, also the static library is compiled as position
883 independent code. This is needed on some systems to make it
884 possible to link nettle into a dynamically loaded module. Use
885 the configure flag --disable-pic if this is not desired.
887 Stricter constness typing for the sexp_iterator_assoc and
888 sexp_iterator_check_types arguments.
890 Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
891 x86 variants such as PII and PPro.
893 The shared library is intended to be binary compatible with
894 nettle-1.8 - nettle-1.10. Only the minor version number of the
895 shared library is increased. The soname is still
898 NEWS for the 1.10 release
900 Nettle should now compile also on Tru64, Darwin, FreeBSD and
901 Windows. (The only tested windows build uses the rntcl rsh
902 wrapper to run the command line M$ C compiler "cl". See
903 http://pike.ida.liu.se for those tools, I don't know all
904 details about the Pike team's windows setup).
906 There are some known testsuite failures, on Windows and on one
907 of the xenofarm HPUX machines, see
908 http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
909 tracking these down is appreciated.
911 There are no new features.
913 This release is intended to be binary compatible with
914 nettle-1.8 and nettle-1.9.
916 NEWS for the 1.9 release
918 Optimized C implementation of arcfour. Optimized x86
919 implementations of arcfour and sha1.
921 Improved benchmark program.
923 Fixed bug in the rsa-encrypt example program.
925 Fixed bug in make install, some of the header files were
928 Portability fixes. Fixes to make Nettle compile on systems
929 without gmp. This version has been tested on GNU/Linux,
930 Solaris, HPUX and AIX.
932 The shared library is intended to be binary compatible with
933 nettle-1.8. Only the minor version number of the shared
934 library is increased.
936 NEWS for the 1.8 release
938 New example programs, demonstrating encrypting and decrypting
939 files using RSA, and random sessions keys for bulk encryption
940 and message authentication.
942 Support for systems that don't have alloca. On such systems,
943 some of Nettle's functions have arbitrary limits applied to
946 Uses AX_CREATE_STDINT_H, to support systems without
949 Support for the md2 and md4 hash functions.
951 New name mangling, to reduce the risk of link collisions. All
952 functions (except memxor) now use a nettle_ or _nettle_ prefix
953 when seen by the linker. For most functions, the header file
954 that declares a function also uses #define to provide a
955 shorter more readable name without the prefix.
957 The shared library soname for this version is libnettle.so.2.
959 NEWS for the 1.7 release
963 Renamed RSA functions for consistency. Now it's
964 rsa_public_key_init, not rsa_init_public_key, etc.
966 Both RSA and DSA now have sign/verify functions that take the
967 hash digest as argument.
969 A rewritten and much more powerful sexp-conv program.
971 Other changes to the sexp code, in particular updating it to
972 the latest SPKI draft.
974 Building nettle as a shared library (ELF only) seems to work.
975 The version number is increased, so the library "soname" for
976 this release is "libnettle.so.1".
978 Bugfixes. Fixes for build and portability problems.
980 NEWS for the 1.6 release
982 Optimized assembler implementations of aes, for sparc and x86.
984 The aes interface has changed slightly. The function
985 aes_set_key is no more. Instead one has to use
986 aes_set_encrypt_key or aes_set_decrypt_key. Sorry about that.
988 New example programs, rsa-keygen, rsa-sign and rsa-verify,
989 located in the examples directory.
991 New configure option --enable-shared, which builds a shared
994 New experimental features, including sexp parsing and
995 formatting, and changes to base64 encoding and decoding. The
996 interfaces to these functions are subject to change, and are
997 documented only in the source code.
999 NEWS for the 1.5 release
1001 RSA support. Key generation and signatures.
1003 Support for HMAC (RFC-2104).
1005 An implementation of the Yarrow-256 PRNG.
1007 New sections in the manual.
1009 Changed the interface for hash functions. The md5_digest
1010 function is now equivalent to the old sequence of md5_final,
1011 md5_digest, md5_init, and similarly for the other hashing
1012 algorithms. This makes the interface simpler.
1014 NEWS for the 1.0 release
1016 Fixed twofish bug spotted by Jean-Pierre Stierlin.
1020 New RFC-1321-like interface in nettle/md5-compat.h, suggested
1021 by Assar Westerlund.
1023 New libdes-style compatibility interface in nettle/des-compat.h.