On 2016/06/20 16:55, Marc Espie wrote: > The only thing I'm wondering about is if there's somebody out there who > just uses the "big integer arithmetic" part of openssl, and doesn't want > to go libgmp for licensing reasons. > > Like, if you're in it for (say) trying to break codes, having code that > goes as fast as it can might be useful. > > Is this a valid concern ? >
If someone is doing this and needs the speed, they're going to need to find a different solution for OpenSSL as well, they have already enforced constant-time DSA in their tree.