ecdsa/ecs_ossl.c: revert blinding in ECDSA signature.
Originally suggested solution for "Return Of the Hidden Number Problem" is arguably too expensive. While it has marginal impact on slower curves, none to ~6%, optimized implementations suffer real penalties. Most notably sign with P-256 went more than 2 times[!] slower. Instead, just implement constant-time BN_mod_add_quick. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6810) (cherry picked from commit 3fc7a9b9) Resolved onflicts: crypto/ec/ecdsa_ossl.c crypto/include/internal/bn_int.h
parent
c9046a05
Please register or sign in to comment