make timing attack protection unconditional

[openssl.git] / crypto / ecdsa / ecs_ossl.c

diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 8b407c5470fd371921eca09dafded7ed0d1b9856..acdeea83d4a789c356547546de2f7b56d1170ac1 100644 (file)
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -151,7 +151,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                        }
                while (BN_is_zero(k));
 
-#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
                /* We do not want timing information to leak the length of k,
                 * so we compute G*k using an equivalent scalar of fixed
                 * bit-length. */
@@ -159,7 +158,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                if (!BN_add(k, k, order)) goto err;
                if (BN_num_bits(k) <= BN_num_bits(order))
                        if (!BN_add(k, k, order)) goto err;
-#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
 
                /* compute r the x-coordinate of generator * k */
                if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))