1 NEWS for the 2.1 release
3 *Important*: this release breaks source and binary
4 compatibility for the digital signature functions, and for the
5 DES and BLOWFISH ciphers which have weak keys.
9 * The functions rsa_md5_sign, rsa_sha1_sign and
10 rsa_sha256_sign, and the corresponding _digest variants, now
11 have a return value which callers should check. The functions
12 return failure if the key is too small for the type of
15 * The functions dsa_sign and dsa_verify are renamed to
16 dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
17 renamed similarly. These functions now have a return value
18 which callers should check, and they return failure if the
19 number q is not of the appropriate size.
21 * The return value from des_set_key, des3_set_key and
22 blowfish_set_key now indicates whether or not the given key
23 is weak. But in either case, the key setup is done, and
24 applications that don't care about weak keys can ignore the
27 The incompatible part of this change is that enum des_error
28 and enum blowfish_error has been deleted, and so has the
29 status attribute in struct des_ctx, struct des3_ctx, and
32 The shared library names are libnettle.so.4.0 and
33 libhogweed.so.2.0, with sonames libnettle.so.4 and
38 * Support for the Camellia block cipher, including an
39 assembler implementation for x86_32.
41 * New function aes_invert_key, useful for applications that
42 need both encryption and decryption using the same AES key.
44 * des_set_key and des3_set_key no longer check the key parity
45 bits. Parity bits are silently ignored. A new function
46 des_check_parity is provided, for applications that care
47 about the DES parity bits.
49 * Support for sha224, sha384 and sha512.
51 * Support for digital signatures using rsa-sha512 and
52 dsa-sha256. Due to lack of official test vectors and interop
53 testing, this support should be considered somewhat
56 * Key generation for RSA and DSA changed to use Maurer's
57 algorithm to generate provably prime numbers (as usual, the
58 mathematical proof does not guaranteee that the
59 implementation is bug free).
61 * x86_64 assembler implementation actually included in the
62 distribution (was accidentally left out in nettle-2.0).
64 * Configure script now detects if the compiler uses a 32-bit
65 or 64-bit ABI on x86_64 (prevously did this for sparc only).
66 Also sets the default location for installing libraries
67 (libdir) depending on system type and the ABI used.
69 * Added the nettle and gmp libraries as dependencies when
70 linking shared library libhogweed.so. On systems using
71 shared libraries where such dependencies work (in
72 particular, ELF systems), it is sufficient to link
73 applications with -lhogweed. For static linking -lhogweed
74 -lnettle -lgmp is still required.
76 * The program pkcs1-conv is extended to also handle dsa keys.
77 Contributed by Magnus Holmgren.
79 * Slightly improved sha1 performance on x86.
81 NEWS for the 2.0 release
83 This release breaks binary compatibility by splitting the
84 library into two. Some other smaller changes that are not
85 backwards compatible are also done at the same time.
87 * The nettle library is split into two libraries, libnettle
88 and libhogweed. libnettle contains the symmetric crypto
89 algorithms that don't depend on GMP, while libhogweed
90 contains the public key algorithms that depend on GMP.
91 Using a single library worked fine with static linking, but
92 not with dynamic linking. Consider an application that uses
93 nettle and which doesn't use any public key cryptography. If
94 this application is linked dynamically to nettle, it would
95 have to be linked also with GMP if and only if public key
96 support was enabled when the nettle library was installed.
98 The library names are libnettle.so.3.0 and
99 libhogweed.so.1.0, with sonames libnettle.so.3 and
102 * Function typedefs have been changed to non-pointer types.
105 typedef void (nettle_hash_init_func *)(void *ctx);
107 of previous versions is replaced by
109 typedef void (nettle_hash_init_func)(void *ctx);
111 This makes it possible to use the type when declaring
114 nettle_hash_init_func foo_hash_init;
116 void foo_hash_init(void *ctx) { ... }
118 * Changes to the yarrow256 interface. The automatic seed file
119 generation, and the seed_file member in struct
120 yarrow256_ctx, has been removed. To generate a new seed
121 file, use yarrow256_random. The function
122 yarrow256_force_reseed has been replaced by the two
123 functions yarrow256_fast_reseed and yarrow256_slow_reseed,
124 which were previously static. This interface change makes it
125 easier to mix in the current content of the seed file before
126 overwriting it with newly generated data.
130 * Nettle manual now contributed to the public domain, to
131 enable remixing into documentation of programs that use
134 * The sexp-conv program preserves comments when using the
135 advanced syntax for output. Optionally locks the output
138 * The base64 decoder recognizes ASCII FF (form feed) and VT
139 (vertical tab) as white space.
141 * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
142 opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
145 * Performance of AES increased by 20-30% on x86.
147 * New programs in the examples directory: erathostenes and
150 NEWS for the 1.15 release
152 Added support for PKCS#1 style RSA signatures using SHA256,
153 according to RFC 3447. Currently lacks interoperability
156 Header files are now C++ aware, so C++ programs using Nettle
159 #include <nettle/foo.h>
164 #include <nettle/foo.h>
167 as was the recommendation for the previous version. This
168 breaks source-level compatibility with C++, even though
169 there's full binary compatibility.
171 The file rfc1750.txt (which is considered non-free by debian)
172 has been removed from the distribution. The file was used as input
173 for the Yarrow testcase, and has been replaced by the short
174 story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
175 obsoleted by RFC 4086.
177 Fixes for Darwin shared library support, contributed by Grant
180 Example programs now use a supplied getopt.c.
182 Configure tests for assemblers with a logarithmic .align
185 The library is intended to be upwards binary compatible with
186 earlier versions. The library name is libnettle.so.2.6, soname
187 is still libnettle.so.2.
189 NEWS for the 1.14 release
191 Experimental support for reading keys in PKCS#1 ASN1/DER
192 format, and a new command line tool pkcs1-conv.
194 Improved MD5 performance on x86.
196 Fixed support for sparc64.
198 Reorganized AES code. Better performance for all three
199 implementations (C, x86 assembler, sparc assembler).
201 New sparc assembler for arcfour. Compared to the code
202 generated by gcc, the new code is about 25% faster on old
203 sparcs, and 6 times faster on ultrasparc.
205 Replaced the internal function nettle_mpz_from_octets with a
206 call to mpz_import, if available in the installed GMP library.
208 More Makefile fixes; it now seems to work to build with
209 the the make programs on Solaris and FreeBSD (although
210 --disable-dependency-tracking is required for the latter).
212 The library is intended to be binary compatible with earlier
213 versions. The library name is libnettle.so.2.5, soname is
214 still libnettle.so.2.
216 NEWS for the 1.13 release
218 Fixed problem with broken m4 on bsd, which resulted in
219 corrupted x86 assembler for sha1.
221 Nettle probably works on windows: I've been able to cross
222 compile it with ./configure --host=i586-mingw32msvc (without
223 public-key support), and the testsuite binaries seem to run
226 Implemented CTR mode.
228 Improved sha1 performance on x86.
230 Configure check to figure out if symbols in assembler files
231 need a leading underscore.
233 Improved benchmark program. Displays cycles per byte and block,
234 and compares with openssl (if openssl is installed).
236 Terminating newline in output from sexp-conv --hash.
238 The library is intended to be binary compatible with earlier
239 versions. The library name is libnettle.so.2.4. However, the
240 interface for the internal function _nettle_sha1_compress has
241 changed; any program that calls this function directly will
244 NEWS for the 1.12 release
246 Fixed a bug in the configure script.
248 Updated the description of aes_set_encrypt_key and
249 aes_set_decrypt_key in the manual.
251 NEWS for the 1.11 release
253 Nettle no longer uses automake. Side effects:
255 * Dependency tracking is enabled only for gcc-3 (help with
256 supporting dependency tracking with other compilers is
259 * Makefile compatibility with make programs other than GNU
260 make is mostly unknown, please report any problems.
264 Fixes to the libdes compatibility code. Declarations should
265 now match openssl/libdes better. des_cbc_cksum pads
266 input with NUL's, if it's not an integral number of blocks (in
267 general, such unreversible padding is a bad idea).
269 By default, also the static library is compiled as position
270 independent code. This is needed on some systems to make it
271 possible to link nettle into a dynamically loaded module. Use
272 the configure flag --disable-pic if this is not desired.
274 Stricter constness typing for the sexp_iterator_assoc and
275 sexp_iterator_check_types arguments.
277 Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
278 x86 variants such as PII and PPro.
280 The shared library is intended to be binary compatible with
281 nettle-1.8 - nettle-1.10. Only the minor version number of the
282 shared library is increased. The soname is still
285 NEWS for the 1.10 release
287 Nettle should now compile also on Tru64, Darwin, FreeBSD and
288 Windows. (The only tested windows build uses the rntcl rsh
289 wrapper to run the command line M$ C compiler "cl". See
290 http://pike.ida.liu.se for those tools, I don't know all
291 details about the Pike team's windows setup).
293 There are some known testsuite failures, on Windows and on one
294 of the xenofarm HPUX machines, see
295 http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
296 tracking these down is appreciated.
298 There are no new features.
300 This release is intended to be binary compatible with
301 nettle-1.8 and nettle-1.9.
303 NEWS for the 1.9 release
305 Optimized C implementation of arcfour. Optimized x86
306 implementations of arcfour and sha1.
308 Improved benchmark program.
310 Fixed bug in the rsa-encrypt example program.
312 Fixed bug in make install, some of the header files were
315 Portability fixes. Fixes to make Nettle compile on systems
316 without gmp. This version has been tested on GNU/Linux,
317 Solaris, HPUX and AIX.
319 The shared library is intended to be binary compatible with
320 nettle-1.8. Only the minor version number of the shared
321 library is increased.
323 NEWS for the 1.8 release
325 New example programs, demonstrating encrypting and decrypting
326 files using RSA, and random sessions keys for bulk encryption
327 and message authentication.
329 Support for systems that don't have alloca. On such systems,
330 some of Nettle's functions have arbitrary limits applied to
333 Uses AX_CREATE_STDINT_H, to support systems without
336 Support for the md2 and md4 hash functions.
338 New name mangling, to reduce the risk of link collisions. All
339 functions (except memxor) now use a nettle_ or _nettle_ prefix
340 when seen by the linker. For most functions, the header file
341 that declares a function also uses #define to provide a
342 shorter more readable name without the prefix.
344 The shared library soname for this version is libnettle.so.2.
346 NEWS for the 1.7 release
350 Renamed RSA functions for consistency. Now it's
351 rsa_public_key_init, not rsa_init_public_key, etc.
353 Both RSA and DSA now have sign/verify functions that take the
354 hash digest as argument.
356 A rewritten and much more powerful sexp-conv program.
358 Other changes to the sexp code, in particular updating it to
359 the latest SPKI draft.
361 Building nettle as a shared library (ELF only) seems to work.
362 The version number is increased, so the library "soname" for
363 this release is "libnettle.so.1".
365 Bugfixes. Fixes for build and portability problems.
367 NEWS for the 1.6 release
369 Optimized assembler implementations of aes, for sparc and x86.
371 The aes interface has changed slightly. The function
372 aes_set_key is no more. Instead one has to use
373 aes_set_encrypt_key or aes_set_decrypt_key. Sorry about that.
375 New example programs, rsa-keygen, rsa-sign and rsa-verify,
376 located in the examples directory.
378 New configure option --enable-shared, which builds a shared
381 New experimental features, including sexp parsing and
382 formatting, and changes to base64 encoding and decoding. The
383 interfaces to these functions are subject to change, and are
384 documented only in the source code.
386 NEWS for the 1.5 release
388 RSA support. Key generation and signatures.
390 Support for HMAC (RFC-2104).
392 An implementation of the Yarrow-256 PRNG.
394 New sections in the manual.
396 Changed the interface for hash functions. The md5_digest
397 function is now equivalent to the old sequence of md5_final,
398 md5_digest, md5_init, and similarly for the other hashing
399 algorithms. This makes the interface simpler.
401 NEWS for the 1.0 release
403 Fixed twofish bug spotted by Jean-Pierre Stierlin.
407 New RFC-1321-like interface in nettle/md5-compat.h, suggested
410 New libdes-style compatibility interface in nettle/des-compat.h.