Thanks for the submission!
It seems that the BN_MONT_CTX-related code (used in crypto/ecdsa for
constant-time signing) is entirely independent of the remainder of the patch,
and should be considered separately.
Regarding your reference 'S.Gueron and V.Krasnov, Fast Prime Field Elliptic
Curve
On 10/23/2013 06:16 AM, Stephen Henson via RT wrote:
What version of OpenSSL are you using? This was worked around in 1.0.1e due to
the difficulty of changing the FIPS module.
Ah, okay; I see the drbg_free_entropy functions are checking for NULL
there now, which works (even though it's probably
At an extremely high level, the FIPS module is validated by independent
assessors and only that /exact/ version of the module is allowed to run in FIPS
mode. That assessment is expensive and slow. There are other concerns too, but
you should probably just read about them from the source.
See
At an extremely high level, the FIPS module is validated by independent
assessors and only that /exact/ version of the module is allowed to run in FIPS
mode. That assessment is expensive and slow. There are other concerns too, but
you should probably just read about them from the source.
See