Simplify usage of DHM blinding

2013-09-17 11:34:11 +02:00 · 2013-09-17 11:34:11 +02:00 · 15d5de1969
commit 15d5de1969
parent c83e418149
8 changed files with 62 additions and 57 deletions
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@ -230,13 +230,11 @@ int dhm_make_public( dhm_context *ctx, int x_size,
 *
 * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
 *
- * \note           If f_rng is not NULL, it is used to blind the input as
- *                 countermeasure against timing attacks. This is only useful
- *                 when this function is called repeatedly with the same
- *                 secret value (X field), eg when using DH key exchange as
- *                 opposed to DHE. It is recommended to use a non-NULL f_rng
- *                 only when needed, since otherwise this countermeasure has
- *                 high overhead.
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
 */
 int dhm_calc_secret( dhm_context *ctx,
                     unsigned char *output, size_t *olen,