ecdsa/ecs_ossl.c: revert blinding in ECDSA signature.
Originally suggested solution for "Return Of the Hidden Number Problem"
is arguably too expensive. While it has marginal impact on slower
curves, none to ~6%, optimized implementations suffer real penalties.
Most notably sign with P-256 went more than 2 times[!] slower. Instead,
just implement constant-time BN_mod_add_quick.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6810)
(cherry picked from commit
3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f)
Resolved onflicts:
crypto/ec/ecdsa_ossl.c
crypto/include/internal/bn_int.h
projects / oweals / openssl.git / commit