Correct documentation for RSA_FORCE_BLINDING option

commit: 9f4e670b14b41ac2978469852acae943f8a2b19c [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Jun 12 10:23:19 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 12 10:23:19 2017 +0100
tree: 75f31ce5eb4e9c38a8b3f626361a4e82d92dd1a1
parent: b624b85b04e3b335ba6e03f1d06d7c5167bf7843 [diff]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1ce92c5..d54f0c3 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -987,9 +987,12 @@
  *             of Diffie-Hellman, RSA, DSS, and Other Systems]
  *
  * \note      Disabling this does not mean that blinding
- *            will never be used, but instead makes private
- *            key operations fail if, perhaps unintentionally,
- *            the user failed to call them with a PRNG.
+ *            will never be used: if a PRNG is provided,
+ *            blinding will be in place. Instead, disabling this
+ *            option may result in private key operations being
+ *            performed in a way potentially leaking sensitive
+ *            information through side-channels when no PRNG
+ *            is supplied by the user.
  *
  * \note      For more on the use of blinding in RSA
  *            private key operations, see the documentation
commit	9f4e670b14b41ac2978469852acae943f8a2b19c	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Jun 12 10:23:19 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 12 10:23:19 2017 +0100
tree	75f31ce5eb4e9c38a8b3f626361a4e82d92dd1a1
parent	b624b85b04e3b335ba6e03f1d06d7c5167bf7843 [diff]