Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed

Move the added ChangeLog entry to the bottom so that the list remains in merge order.
2018-03-13 17:15:34 +01:00 · 2018-03-13 17:15:34 +01:00 · 553a06f08a
commit 553a06f08a
parent f3ada4adb0 6f486a6fb5
8 changed files with 137 additions and 38 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1049,7 +1049,8 @@
 /**
 * \def MBEDTLS_RSA_NO_CRT
 *
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
 *
 * Uncomment this macro to disable the use of CRT in RSA.
 *
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -518,6 +518,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
 *
 * \note           The input and output buffers must be large
 *                 enough. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note           Blinding is used if and only if a PRNG is provided.
+ *
+ * \note           If blinding is used, both the base of exponentation
+ *                 and the exponent are blinded, providing protection
+ *                 against some side-channel attacks.
+ *
+ * \warning        It is deprecated and a security risk to not provide
+ *                 a PRNG here and thereby prevent the use of blinding.
+ *                 Future versions of the library may enforce the presence
+ *                 of a PRNG.
+ *
 */
 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
                 int (*f_rng)(void *, unsigned char *, size_t),