info-gnu
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ANNOUNCE: Nettle-2.7.1


From: Niels Möller
Subject: ANNOUNCE: Nettle-2.7.1
Date: Wed, 29 May 2013 10:08:20 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (usg-unix-v)

I'm happy to annnounce a new version of GNU Nettle, a low-level
cryptographics library. The Nettle home page can be found at
http://www.lysator.liu.se/~nisse/nettle/.

One serious bug has been found in the new ECC code shipped in
nettle-2.7. Thanks to Magnus Holmgren for help tracking down this
problem.

NEWS for the 2.7.1 release

        This is a bugfix release.

        Bug fixes:

        * Fixed a bug in the new ECC code. The ecc_j_to_a function
          called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
          input and output arguments, which is not supported.

        * The assembly files for SHA1, SHA256 and AES depend on ARMv6
          instructions, breaking nettle-2.7 for pre-v6 ARM processors.
          The configure script now enables those assembly files only
          when building for ARMv6 or later.
          
        * Use a more portable C expression for rotations. The
          previous version used the following "standard" expression
          for 32-bit rotation:

            (x << n) | (x >> (32 - n))

          But this gives undefined behavior (according to the C
          specification) for n = 0. The rotate expression is replaced
          by the more portable:

            (x << n) | (x >> ((-n)&31))

          This change affects only CAST128, which uses non-constant
          rotation counts. Unfortunately, the new expression is poorly
          optimized by released versions of gcc, making CAST128 a bit
          slower. This is being fixed by the gcc hackers, see
          http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
          
        The following problems have been reported, but are *not* fixed
        in this release:

        * ARM assembly files use instruction syntax which is not
          supported by all assemblers. Workaround: Use a current
          version of GNU as, or configure with --disable-assembler.

        * Configuring with --disable-static doesn't work on windows.
        
        The libraries are intended to be binary compatible with
        nettle-2.2 and later. The shared library names are
        libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
        libnettle.so.4 and libhogweed.so.2.

Available at

  http://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz
  ftp://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz
  http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz

and in the "nettle-2.7-fixes" branch in the git repository, see
http://git.lysator.liu.se/nettle/nettle.

Happy hacking,
/Niels Möller

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]