I'm happy to announce a new version of GNU Nettle, a low-level
cryptographic library.
NEWS for the 2.1 release
*Important*: this release breaks source and binary
compatibility for the digital signature functions, and for the
DES and BLOWFISH ciphers which have weak keys.
Incompatible changes:
* The functions rsa_md5_sign, rsa_sha1_sign and
rsa_sha256_sign, and the corresponding _digest variants, now
have a return value which callers should check. The functions
return failure if the key is too small for the type of
signature.
* The functions dsa_sign and dsa_verify are renamed to
dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
renamed similarly. These functions now have a return value
which callers should check, and they return failure if the
number q is not of the appropriate size.
* The return value from des_set_key, des3_set_key and
blowfish_set_key now indicates whether or not the given key
is weak. But in either case, the key setup is done, and
applications that don't care about weak keys can ignore the
return value.
The incompatible part of this change is that enum des_error
and enum blowfish_error has been deleted, and so has the
status attribute in struct des_ctx, struct des3_ctx, and
struct blowfish_ctx.
The shared library names are libnettle.so.4.0 and
libhogweed.so.2.0, with sonames libnettle.so.4 and
libhogweed.so.2.
Other changes:
* Support for the Camellia block cipher, including an
assembler implementation for x86_32.
* New function aes_invert_key, useful for applications that
need both encryption and decryption using the same AES key.
* des_set_key and des3_set_key no longer check the key parity
bits. Parity bits are silently ignored. A new function
des_check_parity is provided, for applications that care
about the DES parity bits.
* Support for sha224, sha384 and sha512.
* Support for digital signatures using rsa-sha512 and
dsa-sha256. Due to lack of official test vectors and interop
testing, this support should be considered somewhat
experimental.
* Key generation for RSA and DSA changed to use Maurer's
algorithm to generate provably prime numbers (as usual, the
mathematical proof does not guaranteee that the
implementation is bug free).
* x86_64 assembler implementation actually included in the
distribution (was accidentally left out in nettle-2.0).
* Configure script now detects if the compiler uses a 32-bit
or 64-bit ABI on x86_64 (prevously did this for sparc only).
Also sets the default location for installing libraries
(libdir) depending on system type and the ABI used.
* Added the nettle and gmp libraries as dependencies when
linking shared library libhogweed.so. On systems using
shared libraries where such dependencies work (in
particular, ELF systems), it is sufficient to link
applications with -lhogweed. For static linking -lhogweed
-lnettle -lgmp is still required.
* The program pkcs1-conv is extended to also handle dsa keys.
Contributed by Magnus Holmgren.
* Slightly improved sha1 performance on x86.
Available at
http://www.lysator.liu.se/~nisse/archive/nettle-2.1.tar.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/nettle-2.1.tar.gz
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
