Test and document EC blinding overhead

commit: 337b29c3345201e7556d6f3718b189e65a4298fa [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Sep 07 11:52:27 2013 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Sep 07 11:52:27 2013 +0200
tree: 9472120130d2fa0e2b498b0d88cd974687846bd8
parent: cac5f7d7372fbe27284f2ac2144125b987b69649 [diff]
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index 5942231..31f9e6d 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h

@@ -427,8 +427,10 @@
  * \note            If f_rng is not NULL, it is used to randomize projective
  *                  coordinates of indermediate results, in order to prevent
  *                  more elaborate timing attacks relying on intermediate
- *                  operations. (This is a prophylactic measure since so such
- *                  attack has been published yet.)
+ *                  operations. (This is a prophylactic measure since no such
+ *                  attack has been published yet.) Since this contermeasure
+ *                  has very low overhead, it is recommended to always provide
+ *                  a non-NULL f_rng parameter when using secret inputs.
  */
 int ecp_mul( const ecp_group *grp, ecp_point *R,
              const mpi *m, const ecp_point *P,
commit	337b29c3345201e7556d6f3718b189e65a4298fa	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Sep 07 11:52:27 2013 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Sep 07 11:52:27 2013 +0200
tree	9472120130d2fa0e2b498b0d88cd974687846bd8
parent	cac5f7d7372fbe27284f2ac2144125b987b69649 [diff]