3 Sep
2015
3 Sep
'15
10:48 a.m.
On 09/03/2015 11:56 AM, Nikos Mavrogiannopoulos wrote:
That verifies the output of the timing-resistant version of the signing function, to make it also fault-resistant.
Doesn't this leave the miscomputed signature in the output parameter, so that it would still be used by a caller which ignores the return value?
--
Florian Weimer / Red Hat Product Security