Skip to content
Commit 83325a68 authored by Andy Polyakov's avatar Andy Polyakov
Browse files

ecdsa/ecs_ossl.c: revert blinding in ECDSA signature.



Originally suggested solution for "Return Of the Hidden Number Problem"
is arguably too expensive. While it has marginal impact on slower
curves, none to ~6%, optimized implementations suffer real penalties.
Most notably sign with P-256 went more than 2 times[!] slower. Instead,
just implement constant-time BN_mod_add_quick.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6810)

(cherry picked from commit 3fc7a9b9)

Resolved onflicts:
	crypto/ec/ecdsa_ossl.c
	crypto/include/internal/bn_int.h
parent c9046a05
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment