On Thu, Jan 2, 2014 at 9:57 PM, Niels Möller nisse@lysator.liu.se wrote:
For the next release of GMP, there will be some new public functions for side-channel silent computations, as part of the low-level "mpn" interface. I think it would make sense to rewrite the RSA and DSA private key operations to use side-channel silent functions. This might require further interface changes; I haven't really looked into it yet, so I don't know to which degree backwards compatibility can be kept.
For RSA it would matter but it is not urgent as blinding currently works. For DSA it would matter too, but who cares (and who uses DSA anyway?) :)
For gnutls what would be needed in the short term are: - Add chacha. - the TMP_GMP_ALLOC change. - Fix out-of-bounds access in memxor
In medium term: - Add poly1305 (with chacha-poly1305 if accepted in the TLS WG)
I also don't yet know if it's practical to make use of the new functions
optional, or if it will make the latest GMP a strict requirement (unless Nettle's public key support is completely disabled).
I think that would effectively make nettle LGPLv3. Unless the issue with GPLv2 compatibility is solved somehow, I'd prefer if the LGPLv2 of gmp can still be used.
regards, Nikos