From: Niels Möller Date: Tue, 24 Jun 2025 16:32:02 +0000 (+0200) Subject: NEWS entries for Nettle-4.0. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d450557767b0a9e432a82d5f724ede07f7a987f;p=thirdparty%2Fnettle.git NEWS entries for Nettle-4.0. --- diff --git a/NEWS b/NEWS index 99234571..da9ee680 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,122 @@ +NEWS for the Nettle 4.0 release + + This is a major cleanup release, with a few changes to + Nettle's API, as well as deletion of obsolete features. There + are also several improvements to the ABI that leaves the API + mostly unchanged, in particular, smaller context structs for + several algorithms. + + The most disruptive API change is that the *_digest functions + no longer takes the desired digest size as argument. Truncated + hashes appeared to be an important use case decades ago when + the previous interface was designed, but that is now rather + obscure. + + Feedback on the new interfaces is appreciated, e.g., if the + variable tag length for OCB and CCM should be supported + differently, if additional types would benefit from larger + alignment, or if there are remaining interface bugs or + inconsistencies. Smaller additional API or ABI changes may be + considered for the next release, Nettle-4.1, but after that, + the intention is that both ABI and API should stay backwards + compatible for a longer time. + + The shared library names are libnettle.so.9.0 and + libhogweed.so.7.0, with new sonames libnettle.so.9 and + libhogweed.so.7. + + Interface deletions: + + * Deleted the old struct aes_ctx, and all functions operating + on it. Use the fixed key size interfaces instead, e.g., + struct aes256_ctx, introduced in Nettle-3.0. + + * Deleted dsa-compat.h, and everything declared therein. Use + the interface in dsa.h, introduced in Nettle-3.0. + + * Deleted old header sha.h. Use sha1.h or sha2.h instead, as + appropriate. + + * Deleted the general HMAC interface, with functions like + hmac_set_key that work with an arbitrary underlying hash + function. Use the specific hmac functions instead, e.g., + hmac_sha256_set_key, or the mac abstraction defined in + nettle-meta.h, e.g, the nettle_hmac_sha256 instance. + + * Deleted md5-compat.h, and everything declared therein. Use + the interface in md5.h instead (or even better, stop using md5). + + * Deleted pgp.h, and everything declared therein. This attempt + to support openpgp formats was incomplete, undocumented, and + mostly obsolete. + + * Delete all the *_DATA_SIZE compatibility aliases. Use + corresponding *_BLOCK_SIZE constants instead, introduced in + Nettle-3.0. + + * Deleted the obsolete functions _rsa_blind and _rsa_unblind. + (Current RSA blinding in Nettle uses internal functions with + a different interface). + + * Delete compatibility aliases salsa20_set_iv, + SALSA20_IV_SIZE. These were renamed to salsa20_set_nonce and + SALSA20_NONCE_SIZE in Nettle-3.0. + + * Deleted compatibility aliases _nettle_md5_compress, + _nettle_sha1_compress. These internal functions were + promoted to documented and supported functions in + Nettle-3.9, with new names md5_compress and sha1_compress. + + * Deleted compatibility alias yarrow_force_reseed. Renamed to + yarrow_slow_reseed in Nettle-2.0. + + Interface changes: + + * The _digest functions for hash algorithms, MACs and AEADs no + longer take the desired digest size as argument, instead, + they always produce the full-size digest. The typedef + nettle_hash_digest_func has also been changed accordingly. + + There are two exceptions: CCM and OCB (functions ccm_digest, + ocb_digest, ccm_ae128_digest, ocb_aes128_digest, ...). These + AEAD algorithms are specified with a variable tag length, + which is not a mere truncation of the output. + + * The functions to process complete messages using CCM AES now + take a const cipher context as the first argument, e.g, + first argument to ccm_aes128_encrypt_message is now a const + struct aes128_ctx *. It used to be a struct ccm_aes128_ctx + *, where everything but the underlying cipher context was + ignored. + + * The SHA3 functions now use the same struct sha3_ctx for all + flavors, and the same function sha3_init. Old names, e.g., + sha3_256_ctx and sha3_256_init, are defined as preprocessor + aliases, for backwards compatibility. + + ABI changes and improvements. + + * Introduce 16-byte alignment on certain types. Applied to + union nettle_block16, and subkey arrays of AES and UMAC. + This is intended to improve performance for SIMD load and + store instructions, which on some platforms may be faster + with proper alignment. The larger alignment is enabled only + for platforms where the alignment of the uint64_t type is 8. + + * Size of struct gcm_key is reduced from 4096 bytes to 2048. + + * Size of the new sha3_ctx is considerable smaller, 216 bytes, + than the previous types that included a buffer for a + complete block. E.g., the largest one, for sha3_128_ctx + (shake128), used to be 376 bytes. + + * Size of HMAC contexts have been reduced, by not including + multiple block buffers. E.g, size of struct hmac_sha256_ctx + reduced from 336 bytes to 192. This change has been + discussed for a long time, with first attempt made by Dmitry + Baryshkov years ago, but delayed, since it implies an ABI + break. + NEWS for the Nettle 3.10.1 release This is a maintenance release, with only a few bugfixes and