1 NEWS for the 2.1 release
3 *Important*: this release breaks source and binary
4 compatibility for the digital signature functions, and for the
5 DES and BLOWFISH ciphers which have weak keys.
9 * The functions rsa_md5_sign, rsa_sha1_sign and
10 rsa_sha256_sign, and the corresponding _digest variants, now
11 have a return value which callers should check. The functions
12 return failure if the key is too small for the type of
15 * The functions dsa_sign and dsa_verify are renamed to
16 dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
17 renamed similarly. These functions now have a return value
18 which callers should check, and they return failure if the
19 number q is not of the appropriate size.
21 * The return value from des_set_key, des3_set_key and
22 blowfish_set_key now indicates whether or not the given key
23 is weak. But in either case, the key setup is done, and
24 applications that don't care about weak keys can ignore the
27 The incompatible part of this change is that enum des_error
28 and enum blowfish_error has been deleted, and so has the
29 status attribute in struct des_ctx, struct des3_ctx, and
34 * Support for the Camellia block cipher.
36 * New function aes_invert_key, useful for applications that
37 need both encryption and decryption using the same AES key.
39 * des_set_key and des3_set_key no longer check the key parity
40 bits. Parity bits are silently ignored. A new function
41 des_check_parity is provided, for applications that care
42 about the DES parity bits.
44 * Support for sha224, sha384 and sha512.
46 * Support for digital signatures using rsa-sha512 and
47 dsa-sha256. Due to lack of official test vectors and interop
48 testing, this support should be considered somewhat
51 * Key generation for RSA and DSA changed to use Maurer's
52 algorithm to generate provably prime numbers (as usual, the
53 mathematical proof does not guaranteee that the
54 implementation is bug free).
56 * x86_64 assembler implementation actually included in the
57 distribution (was accidentally left out in nettle-2.0).
59 * Configure script now detects if the compiler uses a 32-bit
60 or 64-bit on x86_64 (prevously did this for sparc only).
61 Also sets the default location for installing libraries
62 (libdir) depending on system type and the ABI used.
64 * Added the nettle and gmp libraries as dependencies when
65 linking shared library libhogweed.so. On systems using
66 shared libraries where such dependencies work (in
67 particular, ELF systems), it is sufficient to link
68 applications with -lhogweed. For static linking -lhogweed
69 -lnettle -lgmp is still required.
71 * The program pkcs1-conv is extended to also handle dsa keys.
72 Contributed by Magnus Holmgren.
74 * Slightly improved sha1 performance on x86.
76 NEWS for the 2.0 release
78 This release breaks binary compatibility by splitting the
79 library into two. Some other smaller changes that are not
80 backwards compatible are also done at the same time.
82 * The nettle library is split into two libraries, libnettle
83 and libhogweed. libnettle contains the symmetric crypto
84 algorithms that don't depend on GMP, while libhogweed
85 contains the public key algorithms that depend on GMP.
86 Using a single library worked fine with static linking, but
87 not with dynamic linking. Consider an application that uses
88 nettle and which doesn't use any public key cryptography. If
89 this application is linked dynamically to nettle, it would
90 have to be linked also with GMP if and only if public key
91 support was enabled when the nettle library was installed.
93 The library names are libnettle.so.3.0 and
94 libhogweed.so.1.0, with sonames libnettle.so.3 and
97 * Function typedefs have been changed to non-pointer types.
100 typedef void (nettle_hash_init_func *)(void *ctx);
102 of previous versions is replaced by
104 typedef void (nettle_hash_init_func)(void *ctx);
106 This makes it possible to use the type when declaring
109 nettle_hash_init_func foo_hash_init;
111 void foo_hash_init(void *ctx) { ... }
113 * Changes to the yarrow256 interface. The automatic seed file
114 generation, and the seed_file member in struct
115 yarrow256_ctx, has been removed. To generate a new seed
116 file, use yarrow256_random. The function
117 yarrow256_force_reseed has been replaced by the two
118 functions yarrow256_fast_reseed and yarrow256_slow_reseed,
119 which were previously static. This interface change makes it
120 easier to mix in the current content of the seed file before
121 overwriting it with newly generated data.
125 * Nettle manual now contributed to the public domain, to
126 enable remixing into documentation of programs that use
129 * The sexp-conv program preserves comments when using the
130 advanced syntax for output. Optionally locks the output
133 * The base64 decoder recognizes ASCII FF (form feed) and VT
134 (vertical tab) as white space.
136 * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
137 opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
140 * Performance of AES increased by 20-30% on x86.
142 * New programs in the examples directory: erathostenes and
145 NEWS for the 1.15 release
147 Added support for PKCS#1 style RSA signatures using SHA256,
148 according to RFC 3447. Currently lacks interoperability
151 Header files are now C++ aware, so C++ programs using Nettle
154 #include <nettle/foo.h>
159 #include <nettle/foo.h>
162 as was the recommendation for the previous version. This
163 breaks source-level compatibility with C++, even though
164 there's full binary compatibility.
166 The file rfc1750.txt (which is considered non-free by debian)
167 has been removed from the distribution. The file was used as input
168 for the Yarrow testcase, and has been replaced by the short
169 story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
170 obsoleted by RFC 4086.
172 Fixes for Darwin shared library support, contributed by Grant
175 Example programs now use a supplied getopt.c.
177 Configure tests for assemblers with a logarithmic .align
180 The library is intended to be upwards binary compatible with
181 earlier versions. The library name is libnettle.so.2.6, soname
182 is still libnettle.so.2.
184 NEWS for the 1.14 release
186 Experimental support for reading keys in PKCS#1 ASN1/DER
187 format, and a new command line tool pkcs1-conv.
189 Improved MD5 performance on x86.
191 Fixed support for sparc64.
193 Reorganized AES code. Better performance for all three
194 implementations (C, x86 assembler, sparc assembler).
196 New sparc assembler for arcfour. Compared to the code
197 generated by gcc, the new code is about 25% faster on old
198 sparcs, and 6 times faster on ultrasparc.
200 Replaced the internal function nettle_mpz_from_octets with a
201 call to mpz_import, if available in the installed GMP library.
203 More Makefile fixes; it now seems to work to build with
204 the the make programs on Solaris and FreeBSD (although
205 --disable-dependency-tracking is required for the latter).
207 The library is intended to be binary compatible with earlier
208 versions. The library name is libnettle.so.2.5, soname is
209 still libnettle.so.2.
211 NEWS for the 1.13 release
213 Fixed problem with broken m4 on bsd, which resulted in
214 corrupted x86 assembler for sha1.
216 Nettle probably works on windows: I've been able to cross
217 compile it with ./configure --host=i586-mingw32msvc (without
218 public-key support), and the testsuite binaries seem to run
221 Implemented CTR mode.
223 Improved sha1 performance on x86.
225 Configure check to figure out if symbols in assembler files
226 need a leading underscore.
228 Improved benchmark program. Displays cycles per byte and block,
229 and compares with openssl (if openssl is installed).
231 Terminating newline in output from sexp-conv --hash.
233 The library is intended to be binary compatible with earlier
234 versions. The library name is libnettle.so.2.4. However, the
235 interface for the internal function _nettle_sha1_compress has
236 changed; any program that calls this function directly will
239 NEWS for the 1.12 release
241 Fixed a bug in the configure script.
243 Updated the description of aes_set_encrypt_key and
244 aes_set_decrypt_key in the manual.
246 NEWS for the 1.11 release
248 Nettle no longer uses automake. Side effects:
250 * Dependency tracking is enabled only for gcc-3 (help with
251 supporting dependency tracking with other compilers is
254 * Makefile compatibility with make programs other than GNU
255 make is mostly unknown, please report any problems.
259 Fixes to the libdes compatibility code. Declarations should
260 now match openssl/libdes better. des_cbc_cksum pads
261 input with NUL's, if it's not an integral number of blocks (in
262 general, such unreversible padding is a bad idea).
264 By default, also the static library is compiled as position
265 independent code. This is needed on some systems to make it
266 possible to link nettle into a dynamically loaded module. Use
267 the configure flag --disable-pic if this is not desired.
269 Stricter constness typing for the sexp_iterator_assoc and
270 sexp_iterator_check_types arguments.
272 Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
273 x86 variants such as PII and PPro.
275 The shared library is intended to be binary compatible with
276 nettle-1.8 - nettle-1.10. Only the minor version number of the
277 shared library is increased. The soname is still
280 NEWS for the 1.10 release
282 Nettle should now compile also on Tru64, Darwin, FreeBSD and
283 Windows. (The only tested windows build uses the rntcl rsh
284 wrapper to run the command line M$ C compiler "cl". See
285 http://pike.ida.liu.se for those tools, I don't know all
286 details about the Pike team's windows setup).
288 There are some known testsuite failures, on Windows and on one
289 of the xenofarm HPUX machines, see
290 http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
291 tracking these down is appreciated.
293 There are no new features.
295 This release is intended to be binary compatible with
296 nettle-1.8 and nettle-1.9.
298 NEWS for the 1.9 release
300 Optimized C implementation of arcfour. Optimized x86
301 implementations of arcfour and sha1.
303 Improved benchmark program.
305 Fixed bug in the rsa-encrypt example program.
307 Fixed bug in make install, some of the header files were
310 Portability fixes. Fixes to make Nettle compile on systems
311 without gmp. This version has been tested on GNU/Linux,
312 Solaris, HPUX and AIX.
314 The shared library is intended to be binary compatible with
315 nettle-1.8. Only the minor version number of the shared
316 library is increased.
318 NEWS for the 1.8 release
320 New example programs, demonstrating encrypting and decrypting
321 files using RSA, and random sessions keys for bulk encryption
322 and message authentication.
324 Support for systems that don't have alloca. On such systems,
325 some of Nettle's functions have arbitrary limits applied to
328 Uses AX_CREATE_STDINT_H, to support systems without
331 Support for the md2 and md4 hash functions.
333 New name mangling, to reduce the risk of link collisions. All
334 functions (except memxor) now use a nettle_ or _nettle_ prefix
335 when seen by the linker. For most functions, the header file
336 that declares a function also uses #define to provide a
337 shorter more readable name without the prefix.
339 The shared library soname for this version is libnettle.so.2.
341 NEWS for the 1.7 release
345 Renamed RSA functions for consistency. Now it's
346 rsa_public_key_init, not rsa_init_public_key, etc.
348 Both RSA and DSA now have sign/verify functions that take the
349 hash digest as argument.
351 A rewritten and much more powerful sexp-conv program.
353 Other changes to the sexp code, in particular updating it to
354 the latest SPKI draft.
356 Building nettle as a shared library (ELF only) seems to work.
357 The version number is increased, so the library "soname" for
358 this release is "libnettle.so.1".
360 Bugfixes. Fixes for build and portability problems.
362 NEWS for the 1.6 release
364 Optimized assembler implementations of aes, for sparc and x86.
366 The aes interface has changed slightly. The function
367 aes_set_key is no more. Instead one has to use
368 aes_set_encrypt_key or aes_set_decrypt_key. Sorry about that.
370 New example programs, rsa-keygen, rsa-sign and rsa-verify,
371 located in the examples directory.
373 New configure option --enable-shared, which builds a shared
376 New experimental features, including sexp parsing and
377 formatting, and changes to base64 encoding and decoding. The
378 interfaces to these functions are subject to change, and are
379 documented only in the source code.
381 NEWS for the 1.5 release
383 RSA support. Key generation and signatures.
385 Support for HMAC (RFC-2104).
387 An implementation of the Yarrow-256 PRNG.
389 New sections in the manual.
391 Changed the interface for hash functions. The md5_digest
392 function is now equivalent to the old sequence of md5_final,
393 md5_digest, md5_init, and similarly for the other hashing
394 algorithms. This makes the interface simpler.
396 NEWS for the 1.0 release
398 Fixed twofish bug spotted by Jean-Pierre Stierlin.
402 New RFC-1321-like interface in nettle/md5-compat.h, suggested
405 New libdes-style compatibility interface in nettle/des-compat.h.