-
This removes function calls that potentially leak bit-length of a private key used to calculate a nonce in deterministic ECDSA. Namely: - _gnutls_dsa_compute_k has been rewritten to work on always zero-padded mp_limb_t arrays instead of mpz_t - rnd_mpz_func has been replaced with rnd_datum_func, which is backed by a byte array instead of an mpz_t value Signed-off-by: Daiki Ueno <ueno@gnu.org>
1c4701ff