Niels Möller
I'm pleased to announce a major new release of GNU Nettle, a low-level cryptographic library. This release includes several API changes, some quite significant, as well as the removal of deprecated functions. One notable new feature is support for SLH-DSA signatures (a stateless hash-based digital signature algorithm).
This is a major new release. It includes support for SLH-DSA. Several changes have been made to the Nettle API, and deprecated functions have been removed. Additionally, the ABI has been improved, leaving the API largely unchanged. Specifically, the context structures for several algorithms have been reduced.
Changes:
- The _digest functions of the hash algorithms, MAC, and AEAD, no longer accept the desired digest size as an argument; instead, they always return a full-size digest. The nettle_hash_digest_func type has been changed accordingly.
- Functions for processing full messages using CCM AES now accept a constant encryption context as the first argument. For example, the first argument of the ccm_aes128_encrypt_message function is now the constant aes128_ctx* structure. Previously, this was the ccm_aes128_ctx* structure, which ignored everything except the underlying encryption context.
- SHA3 functions now use the same sha3_ctx structure for all hash variants, as well as the same sha3_init function. Old names, such as sha3_256_ctx and sha3_256_init, are defined as preprocessor aliases for backward compatibility.
- The dst_length argument of the base16_decode_update and base64_decode_update functions is now both an input and output argument. When used as input, it must contain the size of the target buffer; decoding will fail if this size is insufficient. Previously, dst_length was only an output argument, requiring the target buffer to be large enough for any input value of the specified src_length length.
Source: linux.org.ru
