ec/ecdsa_ossl.c: revert blinding in ECDSA signature.

Originally suggested solution for "Return Of the Hidden Number Problem" is arguably too expensive. While it has marginal impact on slower curves, none to ~6%, optimized implementations suffer real penalties. Most notably sign with P-256 went more than 2 times[!] slower. Instead, just implement constant-time BN_mod_add_quick. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6664)
author: Andy Polyakov <appro@openssl.org> 2018-07-06 15:55:34 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-07-18 16:08:59 +0200
commit: 3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f (patch)
tree: 47fd1b4a09f2482d51d461450f1cc21b6cb970f0 /crypto/include
parent: 83e034379fa3f6f0d308ec75fbcb137e26154aec (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
index e7fd8992f4..f7d37d5827 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -71,5 +71,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                           BN_MONT_CTX *mont, BN_CTX *ctx);
 int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
                          BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
 
 #endif
author	Andy Polyakov <appro@openssl.org>	2018-07-06 15:55:34 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-07-18 16:08:59 +0200
commit	3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f (patch)
tree	47fd1b4a09f2482d51d461450f1cc21b6cb970f0 /crypto/include
parent	83e034379fa3f6f0d308ec75fbcb137e26154aec (diff)