Ideally, Nettle shouldn't allocate any storage. Some functions need temporary scratch space, then options are:

1. Allocate it on the stack.

2. Allocate it on the heap (done only for bigum-related functions, using the allocation functions that are configurable via gmp's mp_set_memory_functions).

3, Take a scratch input parameter. The convention is that there's a corresponding _itch function or macro that callers can use to determine the needed amount of scratch.

One example I have in mind is the ecc signature functions. Internal functions use the itch/scratch interface. Top-level functions allocate the needed scratch on the heap. E.g., I think ed25519_sha512_sign needs 416 bytes of scratch space and ed25519_sha512_verify needs 2112 bytes. Is it reasonable to allocate this on the stack? Or should we extend itch/scratch to the public functions?

Allocation would matter the most when writing code for a very constrained device where it's desirable to allocate needed storage statically, or where malloc/free simply isn't available. Stack size might also matter for highly threaded applications where per-thread stack could be quite small.

Regards, /Niels