1 NEWS for the Nettle 3.0 release
3 This is a major release, including several interface changes,
4 and new features, some of which are a bit experimental.
5 Feedback is highly appreciated.
7 It is *not* binary (ABI) compatible with earlier versions. It
8 is mostly source-level (API) compatible, with a couple of
9 incompatibilities noted below.
11 There may be some problems in the new interfaces and new
12 features which really need incompatible fixes. It is likely
13 that there will be an update in the form of a 3.1 release in
14 the not too distant future, with small but incompatible
15 changes, and if that happens, bugfix-only releases 3.0.x are
16 unlikely. Users and applications which desire better API and
17 ABI stability are advised to stay with nettle-2.7.x (latest
18 version is now 2.7.1) until the dust settles.
22 * For the many _set_key functions, it is now consider the
23 normal case to have a fixed key size, with no key_size
24 arguments. _set_key functions with a length parameter are
25 provided only for algorithms with a truly variable keysize,
26 and where it makes sense for backwards compatibility.
28 INCOMPATIBLE CHANGE: cast128_set_key no longer accepts a key
29 size argument. The old function is available under a new
32 INCOMPATIBLE CHANGE: The function typedef
33 nettle_set_key_func no longer accepts a key size argument.
34 In particular, this affects users of struct nettle_cipher.
36 * The nettle_cipher abstraction (in nettle-meta.h) is
37 restricted to block ciphers only. The encrypt and decrypt
38 functions now take a const argument for the context.
40 INCOMPATIBLE CHANGE: nettle_arcfour, i.e., the nettle_cipher
41 abstraction for the arcfour stream cipher, is deleted.
43 INCOMPATIBLE CHANGE: New type, nettle_cipher_func, for the
44 encrypt and decrypt fields of struct nettle_cipher.
46 * New DSA interface, with a separate struct dsa_param to
47 represent the underlying group, and generalized dsa_sign and
48 dsa_verify functions which don't care about the hash
49 function used. Limited backwards compatibility provided in
52 INCOMPATIBLE CHANGE: Declarations of the old interface,
53 e.g., struct dsa_public_key, dsa_sha1_sign, etc, is moved to
56 INCOMPATIBLE CHANGE: The various key conversion functions,
57 e.g., dsa_keypair_to_sexp, all use the new DSA interface, with
58 no backwards compatible functions.
60 INCOMPATIBLE CHANGE: dsa_generate_keypair also uses the new
61 interface. dsa-compat.h declares a function
62 dsa_compate_generate_keypair, implementing the old
63 interface, and #defines dsa_generate_keypair to refer to
64 this backwards compatible function.
66 * New AES and Camellia interfaces. There are now separate
67 context structs for each key size, e.g., aes128_ctx and
68 camellia256_ctx, and corresponding new functions. The old
69 interface, with struct aes_ctx and struct camellia_ctx, is
70 kept for backwards compatibility, but might be removed in
73 * The type of most length arguments is changed from unsigned
74 to size_t. The memxor functions have their pointer arguments
75 changed from uint8_t * to void *, for consistency with
76 related libc functions.
80 * The nettle_next_prime function has been deleted.
81 Applications should use GMP's mpz_nextprime instead.
83 * Deleted the RSAREF compatibility, including the header file
84 rsa-compat.h and everything declared therein.
88 * Building with ./configure --disable-static now works.
90 * Use GMP's allocation functions for temporary storage related
91 to bignums, to avoid potentially large stack allocations.
95 * Support for poly1305-aes MAC.
97 * Experimental support for the Chacha stream cipher and the
98 chacha-poly1305 AEAD mode. Specifications are still in
99 flux, and future releases may do incompatible changes to
100 track standardization. Currently uses 256-bit key and 64-bit
103 * Support for EAX mode.
105 * Support for CCM mode. Contributed by Owen Kirby.
107 * Support for additional variants of SHA512 with output size
108 of 224 and 256 bits. Contributed by Joachim Strömbergson.
110 * New interface, struct nettle_aead, for mechanisms providing
111 authenticated encryption with associated data (AEAD).
113 * DSA: Support a wider range for the size of q and a wider
114 range for the digest size.
118 * New x86_64 assembly for GCM and MD5. Modest speedups on the
123 * The portability fix for the rotation macros, mentioned in
124 NEWS for 2.7.1, actually didn't make it into that release.
127 * cast128_set_key rewritten for clarity, also eliminating a
128 couple of compiler warnings.
130 * New command line tool nettle-pbkdf2.
132 NEWS for the 2.7.1 release
134 This is a bugfix release.
138 * Fixed a bug in the new ECC code. The ecc_j_to_a function
139 called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
140 input and output arguments, which is not supported.
142 * The assembly files for SHA1, SHA256 and AES depend on ARMv6
143 instructions, breaking nettle-2.7 for pre-v6 ARM processors.
144 The configure script now enables those assembly files only
145 when building for ARMv6 or later.
147 * Use a more portable C expression for rotations. The
148 previous version used the following "standard" expression
151 (x << n) | (x >> (32 - n))
153 But this gives undefined behavior (according to the C
154 specification) for n = 0. The rotate expression is replaced
155 by the more portable:
157 (x << n) | (x >> ((-n)&31))
159 This change affects only CAST128, which uses non-constant
160 rotation counts. Unfortunately, the new expression is poorly
161 optimized by released versions of gcc, making CAST128 a bit
162 slower. This is being fixed by the gcc hackers, see
163 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
165 The following problems have been reported, but are *not* fixed
168 * ARM assembly files use instruction syntax which is not
169 supported by all assemblers. Workaround: Use a current
170 version of GNU as, or configure with --disable-assembler.
172 * Configuring with --disable-static doesn't work on windows.
174 The libraries are intended to be binary compatible with
175 nettle-2.2 and later. The shared library names are
176 libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
177 libnettle.so.4 and libhogweed.so.2.
179 NEWS for the 2.7 release
181 This release includes an implementation of elliptic curve
182 cryptography (ECC) and optimizations for the ARM architecture.
183 This work was done at the offices of South Pole AB, and
184 generously funded by the .SE Internet Fund.
188 * Fixed a bug in the buffer handling for incremental SHA3
189 hashing, with a possible buffer overflow. Patch by Edgar
194 * Support for ECDSA signatures. Elliptic curve operations over
195 the following curves: secp192r1, secp224r1, secp256r1,
196 secp384r1 and secp521r1, including x86_64 and ARM assembly
197 for the most important primitives.
199 * Support for UMAC, including x86_64 and ARM assembly.
201 * Support for 12-round salsa20, "salsa20r12", as specified by
202 eSTREAM. Contributed by Nikos Mavrogiannopoulos.
206 * ARM assembly code for several additional algorithms,
207 including AES, Salsa20, and the SHA family of hash
210 * x86_64 assembly for SHA256, SHA512, and SHA3. (SHA3 assembly
211 was included in the 2.6 release, but disabled due to poor
212 performance on some AMD processors. Hopefully, that
213 performance problem is fixed now).
215 The ARM code was tested and benchmarked on Cortex-A9. Some of
216 the functions use "neon" instructions. The configure script
217 decides if neon instructions can be used, and the command line
218 options --enable-arm-neon and --disable-arm-neon can be used
219 to override its choice. Feedback appreciated.
221 The libraries are intended to be binary compatible with
222 nettle-2.2 and later. The shared library names are
223 libnettle.so.4.6 and libhogweed.so.2.4, with sonames still
224 libnettle.so.4 and libhogweed.so.2.
226 NEWS for the 2.6 release
230 * Fixed a bug in ctr_crypt. For zero length (which should be a
231 NOP), it sometimes incremented the counter. Reported by Tim
234 * Fixed a small memory leak in nettle_realloc and
239 * Support for PKCS #5 PBKDF2, to generate a key from a
240 password or passphrase. Contributed by Simon Josefsson.
241 Specification in RFC 2898 and test vectors in RFC 6070.
245 * Support for the GOST R 34.11-94 hash algorithm. Ported from
246 librhash by Nikos Mavrogiannopoulos. Written by Aleksey
247 Kravchenko. More information in RFC4357. Test vectors taken
248 from the GOST hash wikipedia page.
252 * The include file <nettle/sha.h> has been split into
253 <nettle/sha1.h> and <nettle/sha2.h>. For now, sha.h is kept
254 for backwards compatibility and it simply includes both
255 files, but applications are encouraged to use the new names.
256 The new SHA3 functions are declared in <nettle/sha3.h>.
258 * Testsuite can be run under valgrind, using
260 make check EMULATOR='$(VALGRIND)'
262 For this to work, test programs and other executables now
265 * New configure options --disable-documentation and
266 --disable-static. Contributed by Sam Thursfield and Alon
267 Bar-Lev, respectively.
269 * The section on hash functions in the manual is split into
270 separate nodes for recommended hash functions and legacy
273 * Various smaller improvements, most of them portability
274 fixes. Credits go to David Woodhouse, Tim Rühsen, Martin
275 Storsjö, Nikos Mavrogiannopoulos, Fredrik Thulin and Dennis
278 Finally, a note on the naming of the various "SHA" hash
279 functions. Naming is a bit inconsistent; we have, e.g.,
282 SHA2: sha256_digest (not sha2_256_digest)
283 SHA3: sha3_256_digest
285 Renaming the SHA2 functions to make Nettle's naming more
286 consistent has been considered, but the current naming follows
287 common usage. Most documents (including the specification for
288 SHA2) refer to 256-bit SHA2 as "SHA-256" or "SHA256" rather
291 The libraries are intended to be binary compatible with
292 nettle-2.2 and later. The shared library names are
293 libnettle.so.4.5 and libhogweed.so.2.3, with sonames still
294 libnettle.so.4 and libhogweed.so.2
296 NEWS for the 2.5 release
298 This release includes important portability fixes for Windows
299 and MacOS. There are also a few new features.
301 First a *warning*: Some internal functions have been removed
302 from the library. Since the functions in question are internal
303 and not documented, this is not considered a change of ABI or
304 API. Programs explicitly using any of these functions will
307 * The function pkcs1_signature_prefix has been renamed to
308 _pkcs1_signature_prefix, and with slightly different
311 * The file nettle-internal.c is no longer included in the
312 library (the features defined there are used by the
313 benchmark and test programs, and were never intended for
318 * Support for the salsa20 stream cipher, including x86_64
319 assembler. Originally contributed by Simon Josefsson, based
320 on the reference implementation, then further optimized.
322 * Tentative interface for timing-resistant RSA functions,
323 contributed by Nikos Mavrogiannopoulos.
325 * A more general interface for PKCS#1 signatures, taking the
326 input in the form of a "DigestInfo". Suggested by Nikos
331 * Building of shared libraries (./configure --enable-shared)
332 is now enabled by default.
334 * Various portability fixes for MacOS and M$ Windows. A lot of
335 this work done by Martin Storsjö.
337 * In particular, Nettle now hopefully works on 64-bit Windows
338 builds, "W64", including the x86_64 assembly code.
342 * Documentation and example programs for the base16 and base64
343 functions. Was contributed by Jeronimo Pellegrini back in
344 2006, but unfortunately forgotten until now.
346 * Use an additional table to avoid GF2^8 multiplications in
347 aes_invert_key (mainly used by aes_set_decrypt_key). Also
348 tabulate round constants in aes_set_encrypt_key.
350 * The nettle repository has been migrated from cvs to git,
351 with a public repository at
352 http://git.lysator.liu.se/nettle. To make it independent of
353 the LSH repository, a few files have been moved around.
354 While at it, files have also been converted from latin-1 to
357 The libraries are intended to be binary compatible with
358 nettle-2.2 and later. The shared library names are
359 libnettle.so.4.4 and libhogweed.so.2.2, with sonames still
360 libnettle.so.4 and libhogweed.so.2
362 NEWS for the 2.4 release
364 This is a bugfix release only. It turned out ripemd160 in the
365 2.3 release was broken on all big-endian systems, due to a
366 missing include of config.h. nettle-2.4 fixes this.
368 The library is intended to be binary compatible with
369 nettle-2.2 and nettle-2.3. The shared library names are
370 libnettle.so.4.3 and libhogweed.so.2.1, with sonames still
371 libnettle.so.4 and libhogweed.so.2.
373 NEWS for the 2.3 release
375 * Support for the ripemd-160 hash function.
377 * Generates and installs nettle.pc and hogweed.pc files, for
378 use with pkg-config. Feedback appreciated. For projects
379 using autoconf, the traditional non-pkg-config ways of
380 detecting libraries, and setting LIBS and LDFLAGS, is still
383 * Fixed a bug which made the testsuite fail in the GCM test on
384 certain platforms. Should not affect any documented features
387 * Reorganization of the code for the various Merkle-Damgård
388 hash functions. Some fields in the context structs for md4,
389 md5 and sha1 have been renamed, for consistency.
390 Applications should not peek inside these structs, and the
393 * In the manual, fixed mis-placed const in certain function
396 The library is intended to be binary compatible with
397 nettle-2.2. The shared library names are libnettle.so.4.2 and
398 libhogweed.so.2.1, with sonames still libnettle.so.4 and
401 NEWS for the 2.2 release
405 * Relicensed as LGPL v2.1 or later (user's option).
407 * Replaced blowfish and serpent implementation. New code is
408 based on the LGPLed code in libgcrypt.
412 * Support for Galois/Counter Mode (GCM).
414 * New interface for enumerating (most) available algorithms,
415 contributed by Daniel Kahn Gillmor.
417 * New tool nettle-hash. Can generate hash digests using any
418 supported hash function, with output compatible with md5sum
419 and friends from GNU coreutils. Checking (like md5sum -c)
424 * The old serpent code had a byte order bug (introduced by
425 yours truly about ten years ago). New serpent implementation
426 does not interoperate with earlier versions of nettle.
428 * Fixed ABI-dependent libdir default for Linux-based systems
429 which do not follow the Linux File Hierarchy Standard, e.g.,
434 * x86_64 implemention of serpent.
436 * x86_64 implemention of camellia.
438 * Optimized memxor using word rather than byte operations.
439 Both generic C and x86_64 assembler.
441 * Eliminated a memcpy for in-place CBC decrypt.
445 * In command line tools, no longer support -? for requesting
446 help, since using it without shell quoting is a dangerous
447 habit. Use long option --help instead.
449 The shared library names are libnettle.so.4.1 and
450 libhogweed.so.2.1, with sonames libnettle.so.4 and
453 NEWS for the 2.1 release
455 *Important*: this release breaks source and binary
456 compatibility for the digital signature functions, and for the
457 DES and BLOWFISH ciphers which have weak keys.
459 Incompatible changes:
461 * The functions rsa_md5_sign, rsa_sha1_sign and
462 rsa_sha256_sign, and the corresponding _digest variants, now
463 have a return value which callers should check. The functions
464 return failure if the key is too small for the type of
467 * The functions dsa_sign and dsa_verify are renamed to
468 dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
469 renamed similarly. These functions now have a return value
470 which callers should check, and they return failure if the
471 number q is not of the appropriate size.
473 * The return value from des_set_key, des3_set_key and
474 blowfish_set_key now indicates whether or not the given key
475 is weak. But in either case, the key setup is done, and
476 applications that don't care about weak keys can ignore the
479 The incompatible part of this change is that enum des_error
480 and enum blowfish_error has been deleted, and so has the
481 status attribute in struct des_ctx, struct des3_ctx, and
484 The shared library names are libnettle.so.4.0 and
485 libhogweed.so.2.0, with sonames libnettle.so.4 and
490 * Support for the Camellia block cipher, including an
491 assembler implementation for x86_32.
493 * New function aes_invert_key, useful for applications that
494 need both encryption and decryption using the same AES key.
496 * des_set_key and des3_set_key no longer check the key parity
497 bits. Parity bits are silently ignored. A new function
498 des_check_parity is provided, for applications that care
499 about the DES parity bits.
501 * Support for sha224, sha384 and sha512.
503 * Support for digital signatures using rsa-sha512 and
504 dsa-sha256. Due to lack of official test vectors and interop
505 testing, this support should be considered somewhat
508 * Key generation for RSA and DSA changed to use Maurer's
509 algorithm to generate provably prime numbers (as usual, the
510 mathematical proof does not guaranteee that the
511 implementation is bug free).
513 * x86_64 assembler implementation actually included in the
514 distribution (was accidentally left out in nettle-2.0).
516 * Configure script now detects if the compiler uses a 32-bit
517 or 64-bit ABI on x86_64 (prevously did this for sparc only).
518 Also sets the default location for installing libraries
519 (libdir) depending on system type and the ABI used.
521 * Added the nettle and gmp libraries as dependencies when
522 linking shared library libhogweed.so. On systems using
523 shared libraries where such dependencies work (in
524 particular, ELF systems), it is sufficient to link
525 applications with -lhogweed. For static linking -lhogweed
526 -lnettle -lgmp is still required.
528 * The program pkcs1-conv is extended to also handle dsa keys.
529 Contributed by Magnus Holmgren.
531 * Slightly improved sha1 performance on x86.
533 NEWS for the 2.0 release
535 This release breaks binary compatibility by splitting the
536 library into two. Some other smaller changes that are not
537 backwards compatible are also done at the same time.
539 * The nettle library is split into two libraries, libnettle
540 and libhogweed. libnettle contains the symmetric crypto
541 algorithms that don't depend on GMP, while libhogweed
542 contains the public key algorithms that depend on GMP.
543 Using a single library worked fine with static linking, but
544 not with dynamic linking. Consider an application that uses
545 nettle and which doesn't use any public key cryptography. If
546 this application is linked dynamically to nettle, it would
547 have to be linked also with GMP if and only if public key
548 support was enabled when the nettle library was installed.
550 The library names are libnettle.so.3.0 and
551 libhogweed.so.1.0, with sonames libnettle.so.3 and
554 * Function typedefs have been changed to non-pointer types.
557 typedef void (nettle_hash_init_func *)(void *ctx);
559 of previous versions is replaced by
561 typedef void (nettle_hash_init_func)(void *ctx);
563 This makes it possible to use the type when declaring
566 nettle_hash_init_func foo_hash_init;
568 void foo_hash_init(void *ctx) { ... }
570 * Changes to the yarrow256 interface. The automatic seed file
571 generation, and the seed_file member in struct
572 yarrow256_ctx, has been removed. To generate a new seed
573 file, use yarrow256_random. The function
574 yarrow256_force_reseed has been replaced by the two
575 functions yarrow256_fast_reseed and yarrow256_slow_reseed,
576 which were previously static. This interface change makes it
577 easier to mix in the current content of the seed file before
578 overwriting it with newly generated data.
582 * Nettle manual now contributed to the public domain, to
583 enable remixing into documentation of programs that use
586 * The sexp-conv program preserves comments when using the
587 advanced syntax for output. Optionally locks the output
590 * The base64 decoder recognizes ASCII FF (form feed) and VT
591 (vertical tab) as white space.
593 * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
594 opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
597 * Performance of AES increased by 20-30% on x86.
599 * New programs in the examples directory: erathostenes and
602 NEWS for the 1.15 release
604 Added support for PKCS#1 style RSA signatures using SHA256,
605 according to RFC 3447. Currently lacks interoperability
608 Header files are now C++ aware, so C++ programs using Nettle
611 #include <nettle/foo.h>
616 #include <nettle/foo.h>
619 as was the recommendation for the previous version. This
620 breaks source-level compatibility with C++, even though
621 there's full binary compatibility.
623 The file rfc1750.txt (which is considered non-free by debian)
624 has been removed from the distribution. The file was used as input
625 for the Yarrow testcase, and has been replaced by the short
626 story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
627 obsoleted by RFC 4086.
629 Fixes for Darwin shared library support, contributed by Grant
632 Example programs now use a supplied getopt.c.
634 Configure tests for assemblers with a logarithmic .align
637 The library is intended to be upwards binary compatible with
638 earlier versions. The library name is libnettle.so.2.6, soname
639 is still libnettle.so.2.
641 NEWS for the 1.14 release
643 Experimental support for reading keys in PKCS#1 ASN1/DER
644 format, and a new command line tool pkcs1-conv.
646 Improved MD5 performance on x86.
648 Fixed support for sparc64.
650 Reorganized AES code. Better performance for all three
651 implementations (C, x86 assembler, sparc assembler).
653 New sparc assembler for arcfour. Compared to the code
654 generated by gcc, the new code is about 25% faster on old
655 sparcs, and 6 times faster on ultrasparc.
657 Replaced the internal function nettle_mpz_from_octets with a
658 call to mpz_import, if available in the installed GMP library.
660 More Makefile fixes; it now seems to work to build with
661 the the make programs on Solaris and FreeBSD (although
662 --disable-dependency-tracking is required for the latter).
664 The library is intended to be binary compatible with earlier
665 versions. The library name is libnettle.so.2.5, soname is
666 still libnettle.so.2.
668 NEWS for the 1.13 release
670 Fixed problem with broken m4 on bsd, which resulted in
671 corrupted x86 assembler for sha1.
673 Nettle probably works on windows: I've been able to cross
674 compile it with ./configure --host=i586-mingw32msvc (without
675 public-key support), and the testsuite binaries seem to run
678 Implemented CTR mode.
680 Improved sha1 performance on x86.
682 Configure check to figure out if symbols in assembler files
683 need a leading underscore.
685 Improved benchmark program. Displays cycles per byte and block,
686 and compares with openssl (if openssl is installed).
688 Terminating newline in output from sexp-conv --hash.
690 The library is intended to be binary compatible with earlier
691 versions. The library name is libnettle.so.2.4. However, the
692 interface for the internal function _nettle_sha1_compress has
693 changed; any program that calls this function directly will
696 NEWS for the 1.12 release
698 Fixed a bug in the configure script.
700 Updated the description of aes_set_encrypt_key and
701 aes_set_decrypt_key in the manual.
703 NEWS for the 1.11 release
705 Nettle no longer uses automake. Side effects:
707 * Dependency tracking is enabled only for gcc-3 (help with
708 supporting dependency tracking with other compilers is
711 * Makefile compatibility with make programs other than GNU
712 make is mostly unknown, please report any problems.
716 Fixes to the libdes compatibility code. Declarations should
717 now match openssl/libdes better. des_cbc_cksum pads
718 input with NUL's, if it's not an integral number of blocks (in
719 general, such unreversible padding is a bad idea).
721 By default, also the static library is compiled as position
722 independent code. This is needed on some systems to make it
723 possible to link nettle into a dynamically loaded module. Use
724 the configure flag --disable-pic if this is not desired.
726 Stricter constness typing for the sexp_iterator_assoc and
727 sexp_iterator_check_types arguments.
729 Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
730 x86 variants such as PII and PPro.
732 The shared library is intended to be binary compatible with
733 nettle-1.8 - nettle-1.10. Only the minor version number of the
734 shared library is increased. The soname is still
737 NEWS for the 1.10 release
739 Nettle should now compile also on Tru64, Darwin, FreeBSD and
740 Windows. (The only tested windows build uses the rntcl rsh
741 wrapper to run the command line M$ C compiler "cl". See
742 http://pike.ida.liu.se for those tools, I don't know all
743 details about the Pike team's windows setup).
745 There are some known testsuite failures, on Windows and on one
746 of the xenofarm HPUX machines, see
747 http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
748 tracking these down is appreciated.
750 There are no new features.
752 This release is intended to be binary compatible with
753 nettle-1.8 and nettle-1.9.
755 NEWS for the 1.9 release
757 Optimized C implementation of arcfour. Optimized x86
758 implementations of arcfour and sha1.
760 Improved benchmark program.
762 Fixed bug in the rsa-encrypt example program.
764 Fixed bug in make install, some of the header files were
767 Portability fixes. Fixes to make Nettle compile on systems
768 without gmp. This version has been tested on GNU/Linux,
769 Solaris, HPUX and AIX.
771 The shared library is intended to be binary compatible with
772 nettle-1.8. Only the minor version number of the shared
773 library is increased.
775 NEWS for the 1.8 release
777 New example programs, demonstrating encrypting and decrypting
778 files using RSA, and random sessions keys for bulk encryption
779 and message authentication.
781 Support for systems that don't have alloca. On such systems,
782 some of Nettle's functions have arbitrary limits applied to
785 Uses AX_CREATE_STDINT_H, to support systems without
788 Support for the md2 and md4 hash functions.
790 New name mangling, to reduce the risk of link collisions. All
791 functions (except memxor) now use a nettle_ or _nettle_ prefix
792 when seen by the linker. For most functions, the header file
793 that declares a function also uses #define to provide a
794 shorter more readable name without the prefix.
796 The shared library soname for this version is libnettle.so.2.
798 NEWS for the 1.7 release
802 Renamed RSA functions for consistency. Now it's
803 rsa_public_key_init, not rsa_init_public_key, etc.
805 Both RSA and DSA now have sign/verify functions that take the
806 hash digest as argument.
808 A rewritten and much more powerful sexp-conv program.
810 Other changes to the sexp code, in particular updating it to
811 the latest SPKI draft.
813 Building nettle as a shared library (ELF only) seems to work.
814 The version number is increased, so the library "soname" for
815 this release is "libnettle.so.1".
817 Bugfixes. Fixes for build and portability problems.
819 NEWS for the 1.6 release
821 Optimized assembler implementations of aes, for sparc and x86.
823 The aes interface has changed slightly. The function
824 aes_set_key is no more. Instead one has to use
825 aes_set_encrypt_key or aes_set_decrypt_key. Sorry about that.
827 New example programs, rsa-keygen, rsa-sign and rsa-verify,
828 located in the examples directory.
830 New configure option --enable-shared, which builds a shared
833 New experimental features, including sexp parsing and
834 formatting, and changes to base64 encoding and decoding. The
835 interfaces to these functions are subject to change, and are
836 documented only in the source code.
838 NEWS for the 1.5 release
840 RSA support. Key generation and signatures.
842 Support for HMAC (RFC-2104).
844 An implementation of the Yarrow-256 PRNG.
846 New sections in the manual.
848 Changed the interface for hash functions. The md5_digest
849 function is now equivalent to the old sequence of md5_final,
850 md5_digest, md5_init, and similarly for the other hashing
851 algorithms. This makes the interface simpler.
853 NEWS for the 1.0 release
855 Fixed twofish bug spotted by Jean-Pierre Stierlin.
859 New RFC-1321-like interface in nettle/md5-compat.h, suggested
862 New libdes-style compatibility interface in nettle/des-compat.h.