lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Don't use DH blinding for ephemeral DH

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2013-09-07 13:06:27 +02:00
parent ce6352a791
commit 032c34e206
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/polarssl/dhm.h
View File

@ -228,7 +228,12 @@ int dhm_make_public( dhm_context *ctx, int x_size,
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*
* \note If f_rng is not NULL, it is used to blind the input as
* countermeasure against timing attacks.
* countermeasure against timing attacks. This is only useful
* when this function is called repeatedly with the same
* secret value (X field), eg when using DH key exchange as
* opposed to DHE. It is recommended to use a non-NULL f_rng
* only when needed, since otherwise this countermeasure has
* high overhead.
*/
int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen,