3 Sep
2015
3 Sep
'15
11:01 a.m.
On Thu, Sep 3, 2015 at 12:48 PM, Florian Weimer fweimer@redhat.com wrote:
On 09/03/2015 11:56 AM, Nikos Mavrogiannopoulos wrote:
That verifies the output of the timing-resistant version of the signing function, to make it also fault-resistant.
Doesn't this leave the miscomputed signature in the output parameter, so that it would still be used by a caller which ignores the return value?
Correct, it would be better to set to zero on failure.