Hello,
* gcm.h:
The GCM_SET_KEY macro uses key both as input and to access a ctx element, and thus requires the last parameter to be called "key" as well.
#define GCM_SET_KEY(ctx, set_key, encrypt, key) \ do { \ (set_key)(&(ctx)->cipher, (key)); \ if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0); \ gcm_set_key(&(ctx)->key, &(ctx)->cipher, \ (nettle_cipher_func *) (encrypt)); \ } while (0)
* cbc.h: cbc_encrypt and decrypt use const void* as first parameter. That is, it cannot be wrapped over a function that works for cbc_encrypt as well as gcm_aes_encrypt (the latter doesn't use const). Without casts that is.
Overall, what I didn't like it that the new cipher API required more code to wrap around it.
* macros.h: The MD_INCR(ctx) macro is now only applicable for sha512.
* nettle-types.h: There is still nettle_crypt_func which is identical to nettle_cipher_func. Is that intentional? I was wondering what was its use.
* dsa_verify() Note sure if this is a regression, but this function will now succeed verifying data signed with a DSA-2048 key and SHA1 as hash.
* libhogweed soname: libhogweed has the same soname with 2.7.1, so applications crash if they are linked against nettle 2.7.1 and 3.0 is installed (that is because hogweed links against libnettle.so.5). It may make sense for both libraries to share the same so version.
regards, Nikos