Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Refer to #4576 for further details. Reviewed-by:Andy Polyakov <appro@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4623)
Please register or sign in to comment