Simplify usage of DHM blinding

commit: 15d5de19699fc253beb4910eed17716fd6102a3e [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Sep 17 11:34:11 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Sep 18 14:35:55 2013 +0200
tree: 2bddd60ad834c393ac8204603cf279cc0a4d192e
parent: c83e418149d9f410c550d68c6b7ea2e432f5c461 [diff]
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 0152dc9..75dff19 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h

@@ -230,13 +230,11 @@
  *
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
  *
- * \note           If f_rng is not NULL, it is used to blind the input as
- *                 countermeasure against timing attacks. This is only useful
- *                 when this function is called repeatedly with the same
- *                 secret value (X field), eg when using DH key exchange as
- *                 opposed to DHE. It is recommended to use a non-NULL f_rng
- *                 only when needed, since otherwise this countermeasure has
- *                 high overhead.
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
  */
 int dhm_calc_secret( dhm_context *ctx,
                      unsigned char *output, size_t *olen,
commit	15d5de19699fc253beb4910eed17716fd6102a3e	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Sep 17 11:34:11 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Sep 18 14:35:55 2013 +0200
tree	2bddd60ad834c393ac8204603cf279cc0a4d192e
parent	c83e418149d9f410c550d68c6b7ea2e432f5c461 [diff]