Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
NEWS for the 2.0 release
This release breaks binary compatibility by splitting the
library into two. Some other smaller changes that are not
backwards compatible are also done at the same time.
* The nettle library is split into two libraries, libnettle
and libhogweed. libnettle contains the symmetric crypto
algorithms that don't depend on GMP, while libhogweed
contains the public key algorithms that depend on GMP.
Using a single library worked fine with static linking, but
not with dynamic linking. Consider an application that uses
nettle and which doesn't use any public key cryptography. If
this application is linked dynamically to nettle, it would
have to be linked also with GMP if and only if public key
support was enabled when the nettle library was installed.
The library names are libnettle.so.3.0 and
libhogweed.so.1.0, with sonames libnettle.so.3 and
libhogweed.so.1.
* Function typedefs have been changed to non-pointer types.
E.g, the
typedef void (nettle_hash_init_func *)(void *ctx);
of previous versions is replaced by
typedef void (nettle_hash_init_func)(void *ctx);
This makes it possible to use the type when declaring
functions, like
nettle_hash_init_func foo_hash_init;
void foo_hash_init(void *ctx) { ... }
* Changes to the yarrow256 interface. The automatic seed file
generation, and the seed_file member in struct
yarrow256_ctx, has been removed. To generate a new seed
file, use yarrow256_random. The function
yarrow256_force_reseed has been replaced by the two
functions yarrow256_fast_reseed and yarrow256_slow_reseed,
which were previously static. This interface change makes it
easier to mix in the current content of the seed file before
overwriting it with newly generated data.
Other changes:
* The sexp-conv program preserves comments when using the
advanced syntax for output. Optionally locks the output
file.
* The base64 decoder recognizes ASCII FF (form feed) and VT
(vertical tab) as white space.
* New x86_64 implementations of AES and SHA1. On a 2.2 GHz
opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
110 MByte/s.
* Performance of AES increased by 20-30% on x86.
* New programs in the examples directory: erathostenes and
next-prime.
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
NEWS for the 1.15 release
Added support for PKCS#1 style RSA signatures using SHA256,
according to RFC 3447. Currently lacks interoperability
testing.
Header files are now C++ aware, so C++ programs using Nettle
should now use plain
#include <nettle/foo.h>
rather than
#extern "C" {
#include <nettle/foo.h>
}
as was the recommendation for the previous version. This
breaks source-level compatibility with C++, even though
there's full binary compatibility.
The file rfc1750.txt (which is considered non-free by debian)
has been removed from the distribution. The file was used as input
for the Yarrow testcase, and has been replaced by the short
story "The Gold-bug" by Edgar Allan Poe. Anyway, RFC 1750 is
obsoleted by RFC 4086.
Fixes for Darwin shared library support, contributed by Grant
Robinsson.
Example programs now use a supplied getopt.c.
Configure tests for assemblers with a logarithmic .align
directive.
The library is intended to be upwards binary compatible with
earlier versions. The library name is libnettle.so.2.6, soname
is still libnettle.so.2.
Experimental support for reading keys in PKCS#1 ASN1/DER
format, and a new command line tool pkcs1-conv.
Reorganized AES code. Better performance for all three
implementations (C, x86 assembler, sparc assembler).
New sparc assembler for arcfour. Compared to the code
generated by gcc, the new code is about 25% faster on old
sparcs, and 6 times faster on ultrasparc.
Replaced the internal function nettle_mpz_from_octets with a
call to mpz_import, if available in the installed GMP library.
More Makefile fixes; it now seems to work to build with
the the make programs on Solaris and FreeBSD (although
--disable-dependency-tracking is required for the latter).
The library is intended to be binary compatible with earlier
versions. The library name is libnettle.so.2.5, soname is
still libnettle.so.2.
NEWS for the 1.13 release
Fixed problem with broken m4 on bsd, which resulted in
corrupted x86 assembler for sha1.
Nettle probably works on windows: I've been able to cross
compile it with ./configure --host=i586-mingw32msvc (without
public-key support), and the testsuite binaries seem to run
fine in Wine.
Implemented CTR mode.
Improved sha1 performance on x86.
Configure check to figure out if symbols in assembler files
need a leading underscore.
Improved benchmark program. Displays cycles per byte and block,
and compares with openssl (if openssl is installed).
Terminating newline in output from sexp-conv --hash.
The library is intended to be binary compatible with earlier
versions. The library name is libnettle.so.2.4. However, the
interface for the internal function _nettle_sha1_compress has
changed; any program that calls this function directly will
break.
NEWS for the 1.12 release
Fixed a bug in the configure script.
Updated the description of aes_set_encrypt_key and
aes_set_decrypt_key in the manual.
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
NEWS for the 1.11 release
Nettle no longer uses automake. Side effects:
* Dependency tracking is enabled only for gcc-3 (help with
supporting dependency tracking with other compilers is
appreciated).
* Makefile compatibility with make programs other than GNU
make is mostly unknown, please report any problems.
Support for arctwo.
Fixes to the libdes compatibility code. Declarations should
now match openssl/libdes better. des_cbc_cksum pads
input with NUL's, if it's not an integral number of blocks (in
general, such unreversible padding is a bad idea).
By default, also the static library is compiled as position
independent code. This is needed on some systems to make it
possible to link nettle into a dynamically loaded module. Use
the configure flag --disable-pic if this is not desired.
Stricter constness typing for the sexp_iterator_assoc and
sexp_iterator_check_types arguments.
Minor tweaks of arcfour on x86 cpu:s, to speed it up on older
x86 variants such as PII and PPro.
The shared library is intended to be binary compatible with
nettle-1.8 - nettle-1.10. Only the minor version number of the
shared library is increased. The soname is still
libnettle.so.2.
NEWS for the 1.10 release
Nettle should now compile also on Tru64, Darwin, FreeBSD and
Windows. (The only tested windows build uses the rntcl rsh
wrapper to run the command line M$ C compiler "cl". See
http://pike.ida.liu.se for those tools, I don't know all
details about the Pike team's windows setup).
There are some known testsuite failures, on Windows and on one
of the xenofarm HPUX machines, see
http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html. Help
tracking these down is appreciated.
There are no new features.
This release is intended to be binary compatible with
nettle-1.8 and nettle-1.9.
NEWS for the 1.9 release
Optimized C implementation of arcfour. Optimized x86
implementations of arcfour and sha1.
Improved benchmark program.
Fixed bug in the rsa-encrypt example program.
Fixed bug in make install, some of the header files were
forgotten.
Portability fixes. Fixes to make Nettle compile on systems
without gmp. This version has been tested on GNU/Linux,
Solaris, HPUX and AIX.
The shared library is intended to be binary compatible with
nettle-1.8. Only the minor version number of the shared
library is increased.
New example programs, demonstrating encrypting and decrypting
files using RSA, and random sessions keys for bulk encryption
and message authentication.
Support for systems that don't have alloca. On such systems,
some of Nettle's functions have arbitrary limits applied to
their input.
Uses AX_CREATE_STDINT_H, to support systems without
inttypes.h.
Support for the md2 and md4 hash functions.
New name mangling, to reduce the risk of link collisions. All
functions (except memxor) now use a nettle_ or _nettle_ prefix
when seen by the linker. For most functions, the header file
that declares a function also uses #define to provide a
shorter more readable name without the prefix.
The shared library soname for this version is libnettle.so.2.
NEWS for the 1.7 release
Implemented DSA.
Renamed RSA functions for consistency. Now it's
rsa_public_key_init, not rsa_init_public_key, etc.
Both RSA and DSA now have sign/verify functions that take the
hash digest as argument.
A rewritten and much more powerful sexp-conv program.
Other changes to the sexp code, in particular updating it to
the latest SPKI draft.
Building nettle as a shared library (ELF only) seems to work.
The version number is increased, so the library "soname" for
this release is "libnettle.so.1".
Bugfixes. Fixes for build and portability problems.
Optimized assembler implementations of aes, for sparc and x86.
The aes interface has changed slightly. The function
aes_set_key is no more. Instead one has to use
aes_set_encrypt_key or aes_set_decrypt_key. Sorry about that.
New example programs, rsa-keygen, rsa-sign and rsa-verify,
located in the examples directory.
New configure option --enable-shared, which builds a shared
library. Not tested.
New experimental features, including sexp parsing and
formatting, and changes to base64 encoding and decoding. The
interfaces to these functions are subject to change, and are
documented only in the source code.
An implementation of the Yarrow-256 PRNG.
New sections in the manual.
Changed the interface for hash functions. The md5_digest
function is now equivalent to the old sequence of md5_final,
md5_digest, md5_init, and similarly for the other hashing
algorithms. This makes the interface simpler.
NEWS for the 1.0 release
Fixed twofish bug spotted by Jean-Pierre Stierlin.
New RFC-1321-like interface in nettle/md5-compat.h, suggested
by Assar Westerlund.
New libdes-style compatibility interface in nettle/des-compat.h.