nettle-3.9

[Bruce Dubbs]

New minor version.

[Xi Ruoyao]

NEWS for the Nettle 3.9 release

This release includes bug fixes, several new features, a few performance improvements, and one performance regression affecting GCM on certain platforms.

The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.7 and libhogweed.so.6.7, with sonames libnettle.so.8 and libhogweed.so.6.

This release includes a rewrite of the C implementation of GHASH (dating from 2011), as well as the plain x86_64 assembly version, to use precomputed tables in a different way, with tables always accessed in the same sequential manner.

This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms without carry-less mul instructions. E.g., benchmarks of the C implementation on x86_64 showed a slowdown of 3 times.

Bug fixes:

• Fix bug in ecdsa and gostdsa signature verify operation, for the unlikely corner case that point addition really is point duplication.

• Fix for chacha on Power7, nettle's assembly used an instruction only available on later processors. Fixed by Mamone Tarsha.

• GHASH implementation should now be side-channel silent on all architectures.

• A few portability fixes for *BSD.

New features:

• Support for the SM4 block cipher, contributed by Tianjia Zhang.

• Support for the Balloon password hash, contributed by Zoltan Fridrich.

• Support for SIV-GCM authenticated encryption mode, contributed by Daiki Ueno.

• Support for OCB authenticated encryption mode.

• New exported functions md5_compress, sha1_compress, sha256_compress, sha512_compress, based on patches from Corentin Labbe.

Optimizations:

• Improved sha256 performance, in particular for x86_64 and s390x.

• Use GMP's mpn_sec_tabselect, which is implemented in assembly on many platforms, and delete the similar nettle function. Gives a modest speedup to all ecc operations.

• Faster poly1305 for x86_64 and ppc64. New ppc code contributed by Mamone Tarsha.

Miscellaneous:

• New ASM_FLAGS variable recognized by configure.

• Delete all arcfour assembly code. Affects 32-bit x86, 32-bit and 64-bit sparc.

Known issues:

• Version 6.2.1 of GNU GMP (the most recent GMP release as of this writing) has a known issue for MacOS on 64-bit ARM: GMP assembly files use the reserved x18 register. On this platform it is recommended to use a GMP snapshot where this bug is fixed, and upgrade to a later GMP release when one becomes available.

• Also on MacOS, Nettle's testsuite may still break due to DYLD_LIBRARY_PATH being discarded under some circumstances. As a workaround, use

make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'

[Xi Ruoyao]

There is also a nettle.pdf file shipped in the tarball and we can install it into /usr/share/doc/nettle-3.9 (along with nettle.html).

[Bruce Dubbs]

Fixed at commits

ffe5cb046a Update to php-8.2.6.
9b14f4c1bb Update to at-spi2-core-2.48.2.
875f120843 Update to nettle-3.9.

[Bruce Dubbs]

Milestone renamed