make timing attack protection unconditional

author Dr. Stephen Henson <steve@openssl.org>

Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c

index c4c3e891bd68e9670a141e5e60a05816f7c46644..7725935610ed2e7fb149f97532cb9704e07d9b8d 100644 (file)
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -144,7 +144,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                         }
                 while (BN_is_zero(k));
  
-#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
                 /* We do not want timing information to leak the length of k,
                  * so we compute G*k using an equivalent scalar of fixed
                  * bit-length. */
@@ -152,7 +151,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                 if (!BN_add(k, k, order)) goto err;
                 if (BN_num_bits(k) <= BN_num_bits(order))
                         if (!BN_add(k, k, order)) goto err;
-#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
  
                 /* compute r the x-coordinate of generator * k */
                 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)