Log Message:
nettle: updated to 3.7.1

NEWS for the Nettle 3.7.1 release

This is primarily a bug fix release, fixing a couple of
problems found in Nettle-3.7.

The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.2 and libhogweed.so.6.2, with sonames
libnettle.so.8 and libhogweed.so.6.

Bug fixes:

* Fix bug in chacha counter update logic. The problem affected
  ppc64 and ppc64el, with the new altivec assembly code
  enabled. Reported by Andreas Metzler, after breakage in
  GnuTLS tests on ppc64.

* Support for big-endian ARM platforms has been restored.
  Fixes contributed by Michael Weiser.

* Fix build problem on OpenBSD/powerpc64, reported by Jasper
  Lievisse Adriaanse.

* Fix corner case bug in ECDSA verify, it would produce
  incorrect result in the unlikely case of an all-zero
  message hash. Reported by Guido Vranken.

New features:

* Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512,
  contributed by Nicolas Mora.

Miscellaneous:

* Poorly performing ARM Neon code for doing single-block
  Salsa20 and Chacha has been deleted. The code to do two or
  three blocks in parallel, introduced in Nettle-3.7, is
  unchanged.

NEWS for the Nettle 3.7 release

This release adds one new feature, the bcrypt password hashing
function, and lots of optimizations. There's also one
important change to how Nettle is configured: Fat builds are
now on by default.

The release adds PowerPC64 assembly for a few algorithms,
resulting in great speedups. Benchmarked on a Power9 machine,
speedup was 13 times for AES256-CTR and AES256-GCM, and 3.5
times for Chacha. For fat builds (now the default), the new
code is used automatically, on processors supporting the needed
instruction set extensions.

The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.1 and libhogweed.so.6.1, with sonames
libnettle.so.8 and libhogweed.so.6.

New features:

* Support for bcrypt, contributed by Stephen R. van den Berg.

Optimizations:

* Much faster AES and GCM on PowerPC64 processors supporting
  the corresponding crypto extensions. Contributed by Mamone
  Tarsha.

* Speed of Chacha improved on PowerPC64, x86_64 and ARM Neon.

* Speed of Salsa20 improved on x86_64 and ARM Neon.

* Overhaul of some elliptic curve primitives, improving ECDSA
  signature speed.

Configure:

* Fat builds are enabled by default on the architectures where
  it is supported (x86_64, arm and powerpc64). To disable
  runtime selection, and instead specify the processor flavor
  at configure time, you need to pass --disable-fat to the
  configure script.

Known issues:

* The ARM assembly code in this release doesn't work correctly
  on big-endian ARM systems. This will hopefully be fixed in a
  later release.

Miscellaneous:

* Use a few more gmp-6.1 functions: mpn_cnd_add_n,
  mpn_cnd_sub_n, mpn_cnd_swap. Delete corresponding internal
  Nettle functions.

* Convert all assembly files to use the default m4 quote
  characters.