On Tue, 2016-02-09 at 15:52 +0100, Niels Möller wrote:
Do you plan a backport of the carry propagation fix in secp384 [0] for nettle 2.7.1?
I hadn't planned to do that. Do you think I should?
It's up to you. We plan to keep using this version of the library for quite long time.
My limited understanding of the 3.2 assembly file wouldn't work out of the box in 2.7 due to the change from ecc_curve to ecc_modulus.
I don't think that should be a problem, since the first argument to ecc_384_modp isn't used by the assembly implementation.
Hanno already pointed to the patches prepared by the debian maintainer. https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=813679;filen ame=nettle_2.7.1-5%2Bdeb8u1.debian.tar.xz;att=1 (not yet available at https://sources.debian.net/src/nettle/2.7.1-5/debian/patches/, it seems).
Thank you. One more thing on that. The Debian fix uses the new asm code under the LGPLv2+ license. Could I assume that you grant an exception for this file?
regards, Nikos