Nettle release plans

This is an attempt at defining a development target for Nettle-2.7, inspired by similar pages for recent GMP releases. [Last updated 2013-04-02]

This really ought to be done before release

Try to get this done before release


Leave for some later release!

Plan for the Nettle-2.7 release


Support older GMP versions, as far as practical.

Make use of GMP's mpn_cnd_add_n and mpn_sub_n (which will be available in the next GMP release).

Implement ecc_point_mul and ecc_point_mul_g.

Rewrite x86_64/sha3-permute.asm. Moves between xmm registers and regular registers kill performance at least on some AMD processors.

Include UMAC. Needs a serious effort to produce test vectors.


Document new ECC functions.

Document salsa20r12.

Update NEWS file.

Build system

Ensure that make install without a preceding make works.

Make the assembly ALIGN-macro non-logarithmic, reusing the m4 log2 macro in GMP. Current macros have the problem that in m4 eval, << is not supported by Solaris, while ** is not supported by OpenBSD.


Since xenofarm isn't up and running, do some manual testing:

Plans for nettle-2.8

nettle-2.8 is intended to be a minor API cleanup, with few new features.

Interface changes

Change the type of all lengths from unsigned to size_t. An ABI change on most 64-bit platforms.

Change argument type of memxor and memxor3 from uint8_t * to void * (like modern memcpy). Consider them unconditionally part of the nettle library, with nettle_ prefix on the symbols, and no AC_REPLACE_FUNCS.

Use the type uint64_t for 64-bit block counts in all hash functions.

Move some internal-use macros from macros.h to nettle-internal.h.

Plans for nettle-3.0

These are some larger API changes under consideration.

Interface changes

For Merkle-Damgaard hash functions, separate the state and the buffering. E.g., when using them for HMAC keyed "inner" and "outer" states, we now get three buffers but we only need one.

Use the nettle_cipher abstraction only for block ciphers (in particular, exclude arcfour). Use a const for the ctx argument to nettle_crypt_func.

Consider making a public interface similar to nettle_aead? With the above change, it can't use nettle_crypt_func.

Make it possible to build nettle and hogweed using mini-gmp.

Reorganize private key operations. Need to support RSA with and without blinding, and DSA according to spec and some deterministic variant (like putty), and possibly also smartcard versions where the private key is not available to the library. And without an explosion of the number of functions.