On Thu, Jan 2, 2014 at 9:57 PM, Niels Möller <[email protected]> wrote:
> For the next release of GMP, there will be some new public functions for > side-channel silent computations, as part of the low-level "mpn" > interface. > I think it would make sense to rewrite the RSA and DSA private key > operations to use side-channel silent functions. This might require > further interface changes; I haven't really looked into it yet, so I > don't know to which degree backwards compatibility can be kept. > For RSA it would matter but it is not urgent as blinding currently works. For DSA it would matter too, but who cares (and who uses DSA anyway?) :) For gnutls what would be needed in the short term are: - Add chacha. - the TMP_GMP_ALLOC change. - Fix out-of-bounds access in memxor In medium term: - Add poly1305 (with chacha-poly1305 if accepted in the TLS WG) I also don't yet know if it's practical to make use of the new functions > optional, or if it will make the latest GMP a strict requirement (unless > Nettle's public key support is completely disabled). > I think that would effectively make nettle LGPLv3. Unless the issue with GPLv2 compatibility is solved somehow, I'd prefer if the LGPLv2 of gmp can still be used. regards, Nikos _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
