Billy Brumley

* NSS for [P-384](https://hg.mozilla.org/projects/nss/file/tip/lib/freebl/ecl/ecp_secp384r1.c) and [P-521](https://hg.mozilla.org/projects/nss/file/tip/lib/freebl/ecl/ecp_secp521r1.c), both 32 and 64 bit builds. * Firefox via NSS * [GOST engine](https://github.com/gost-engine/engine/) for [eight standardized curves](https://github.com/gost-engine/engine/commit/bc346202fbb3bc838a19af8c3b0e449926589c7b) Yes these are [ECCKiila](https://gitlab.com/nisec/ecckiila/) deployments but IMO...

I see -- so your implementation [starts by converting from the Montgomery form](https://github.com/mit-plv/fiat-crypto/blob/master/inversion/zig/inversion.zig#L24) to canonical form. Why can't you do everything in Montgomery form? That is what the [ECCKiila code...

I think I get it now. When you stay in the Montgomery domain and invert, you also invert the Montgomery factor. So to correct that and leave the output in...

@dfaranha you made contributions related to this, [right](https://eprint.iacr.org/2021/549)? Any thoughts?

Perfect -- thanks, Diego :) Especially for confirming I haven't gone totally insane. (Only the normal insane that comes with the academic territory.) I'll go ahead and merge that ECCKiila...

Related to #10 it seems.

@kakwa Gentle ping :) Any thoughts on this PR? I've tested it with [e_nss](https://gitlab.com/e_nss/e_nss) which will give a PKCS11 soft-token view and can provide instructions for that if you're interested.

You mean use an older one? Like I said, the `autoconf` bug doesn't seem to be fixed even after all these years.

Looks good to me :) Thank you, @JulieDzeze1

Thanks! Let's see what the maintainers say. For `Windows's` vs `Windows'`, did you check the rest of the lib for consistency? This looks fine to me, but the maintainers are...