pkgsrc-WIP-cvs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: wip/libnettle

Module name:    wip
Committed by:   emil_s
Date:           Mon Nov  1 17:00:23 UTC 2010

Modified Files:
        wip/libnettle: Makefile PLIST distinfo

Log Message:
Update 1.15 -> 2.1

NEWS for the 2.1 release

        *Important*: this release breaks source and binary
        compatibility for the digital signature functions, and for the
        DES and BLOWFISH ciphers which have weak keys.

        Incompatible changes:

        * The functions rsa_md5_sign, rsa_sha1_sign and
          rsa_sha256_sign, and the corresponding _digest variants, now
          have a return value which callers should check. The functions
          return failure if the key is too small for the type of

        * The functions dsa_sign and dsa_verify are renamed to
          dsa_sha1_sign and dsa_sha1_verify. The _-digest variants are
          renamed similarly. These functions now have a return value
          which callers should check, and they return failure if the
          number q is not of the appropriate size.

        * The return value from des_set_key, des3_set_key and
          blowfish_set_key now indicates whether or not the given key
          is weak. But in either case, the key setup is done, and
          applications that don't care about weak keys can ignore the
          return value.

          The incompatible part of this change is that enum des_error
          and enum blowfish_error has been deleted, and so has the
          status attribute in struct des_ctx, struct des3_ctx, and
          struct blowfish_ctx.

        The shared library names are and, with sonames and

        Other changes:

        * Support for the Camellia block cipher, including an
          assembler implementation for x86_32.

        * New function aes_invert_key, useful for applications that
          need both encryption and decryption using the same AES key.
        * des_set_key and des3_set_key no longer check the key parity
          bits. Parity bits are silently ignored. A new function
          des_check_parity is provided, for applications that care
          about the DES parity bits.

        * Support for sha224, sha384 and sha512.

        * Support for digital signatures using rsa-sha512 and
          dsa-sha256. Due to lack of official test vectors and interop
          testing, this support should be considered somewhat

        * Key generation for RSA and DSA changed to use Maurer's
          algorithm to generate provably prime numbers (as usual, the
          mathematical proof does not guaranteee that the
          implementation is bug free).
        * x86_64 assembler implementation actually included in the
          distribution (was accidentally left out in nettle-2.0).

        * Configure script now detects if the compiler uses a 32-bit
          or 64-bit ABI on x86_64 (prevously did this for sparc only).
          Also sets the default location for installing libraries
          (libdir) depending on system type and the ABI used.

        * Added the nettle and gmp libraries as dependencies when
          linking shared library On systems using
          shared libraries where such dependencies work (in
          particular, ELF systems), it is sufficient to link
          applications with -lhogweed. For static linking -lhogweed
          -lnettle -lgmp is still required.

        * The program pkcs1-conv is extended to also handle dsa keys.
          Contributed by Magnus Holmgren.

        * Slightly improved sha1 performance on x86.

NEWS for the 2.0 release

        This release breaks binary compatibility by splitting the
        library into two. Some other smaller changes that are not
        backwards compatible are also done at the same time.

        * The nettle library is split into two libraries, libnettle
          and libhogweed. libnettle contains the symmetric crypto
          algorithms that don't depend on GMP, while libhogweed
          contains the public key algorithms that depend on GMP.
          Using a single library worked fine with static linking, but
          not with dynamic linking. Consider an application that uses
          nettle and which doesn't use any public key cryptography. If
          this application is linked dynamically to nettle, it would
          have to be linked also with GMP if and only if public key
          support was enabled when the nettle library was installed.

          The library names are and
, with sonames and

        * Function typedefs have been changed to non-pointer types.
          E.g, the

            typedef void (nettle_hash_init_func *)(void *ctx);

          of previous versions is replaced by

            typedef void (nettle_hash_init_func)(void *ctx);

          This makes it possible to use the type when declaring
          functions, like

            nettle_hash_init_func foo_hash_init;

            void foo_hash_init(void *ctx) { ... }

        * Changes to the yarrow256 interface. The automatic seed file
          generation, and the seed_file member in struct
          yarrow256_ctx, has been removed. To generate a new seed
          file, use yarrow256_random. The function
          yarrow256_force_reseed has been replaced by the two
          functions yarrow256_fast_reseed and yarrow256_slow_reseed,
          which were previously static. This interface change makes it
          easier to mix in the current content of the seed file before
          overwriting it with newly generated data.

        Other changes:

        * Nettle manual now contributed to the public domain, to
          enable remixing into documentation of programs that use

        * The sexp-conv program preserves comments when using the
          advanced syntax for output. Optionally locks the output

        * The base64 decoder recognizes ASCII FF (form feed) and VT
          (vertical tab) as white space.

        * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
          opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
          110 MByte/s.

        * Performance of AES increased by 20-30% on x86.

        * New programs in the examples directory: erathostenes and

To generate a diff of this commit:
cvs -z3 rdiff -u -r1.2 -r1.3 wip/libnettle/distinfo
cvs -z3 rdiff -u -r1.4 -r1.5 wip/libnettle/
cvs -z3 rdiff -u -r1.5 -r1.6 wip/libnettle/PLIST
cvs -z3 rdiff -u -r1.6 -r1.7 wip/libnettle/Makefile

To view a diff of this commit:

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
pkgsrc-wip-cvs mailing list

Home | Main Index | Thread Index | Old Index