[ Resend, the posting originally used an incorrect list address. /nisse ]
Simon Josefsson simon@josefsson.org writes:
I wonder which of nettle or libgcrypt is correct -- and further, I really wonder if anyone cares at all about Serpent if a problem like this haven't been noticed before?
Interesting...
As far as I recall the nettle history (and also looking at the comments), the nettle adaptation of serpent.c was done by Rafael Sevilla, if I have touched that code I think it's trivial changes only.
And I think that I wrote serpent-test.c, based on the test vectors in the serpent AES-competition package.
I don't remember if I have ever done any interoperability testing of serpent with lsh (which uses nettle's implementation). Trying to connect to some openssh servers, it seems they don't enable serpent by default.
Maybe you can try adding some of the testvectors at http://www.cs.technion.ac.il/~biham/Reports/Serpent/ to nettle and libgcrypt, and see what happens? (On the nettle side, I'll try to give that a reasonably high priority).
Regards, /Niels