diff options
author | Niels Möller <nisse@lysator.liu.se> | 2023-05-07 16:32:39 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2023-05-07 16:32:39 +0200 |
commit | 6bd3e1a7ce87500e8e42cd29f807fd781d5d57ef (patch) | |
tree | c3a79ed89af2a93d0945f00e179dc9d2e448d3a1 | |
parent | 8f32bce28046d3d6f17f5667bb3b64dc3fa7e996 (diff) | |
download | nettle-6bd3e1a7ce87500e8e42cd29f807fd781d5d57ef.tar.gz |
Update NEWS.
-rw-r--r-- | NEWS | 19 |
1 files changed, 8 insertions, 11 deletions
@@ -4,18 +4,15 @@ NEWS for the Nettle 3.9 release performance improvements, and one performance regression affecting GCM on certain platforms. - Nettle's implementation of GHASH, the authentication mechanism - used for GCM, dates from 2011, and has used data-dependent - table lookups for performance. Those lookups imply a potential - side-channel leak. More recent assembly implementations of - GHASH that use the carry-less multiplication instruction, - available on certain platforms, don't suffer from this - problem. + The new version is intended to be fully source and binary + compatible with Nettle-3.6. The shared library names are + libnettle.so.8.7 and libhogweed.so.6.7, with sonames + libnettle.so.8 and libhogweed.so.6. This release includes a rewrite of the C implementation of - GHASH as well as the plain x86_64 assembly version to use - precomputed tables in a different way, with tables always - accessed in the same sequential manner. + GHASH (dating from 2011), as well as the plain x86_64 assembly + version, to use precomputed tables in a different way, with + tables always accessed in the same sequential manner. This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms @@ -35,7 +32,7 @@ NEWS for the Nettle 3.9 release * GHASH implementation should now be side-channel silent on all architectures. - * A few other portability fixes for *BSD. + * A few portability fixes for *BSD. New features: |