Add clarifying comment about the backport

commit: 4bf65fb71f1b2f5e418e0a6da25f4ed454281f84 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Jan 21 10:56:23 2019 +0000
committer: Janos Follath <janos.follath@arm.com> Mon Jan 21 10:56:23 2019 +0000
tree: 1526477125f6724fd0f389a970e5c72333a77f24
parent: a62744d4871fb0ca22cd906a8e1ba8cb7a8699f1 [diff] [blame]
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 2059599..aec29e5 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c

@@ -126,6 +126,11 @@
         /*
          * Generate a random value to blind inv_mod in next step,
          * avoiding a potential timing leak.
+         *
+         * This loop does the same job as mbedtls_ecp_gen_privkey() and it is
+         * replaced by a call to it in the mainline. This change is not
+         * necessary to backport the fix separating the blinding and ephemeral
+         * key generating RNGs, therefore the original code is kept.
          */
         blind_tries = 0;
         do
@@ -135,7 +140,6 @@
                                                       p_rng_blind ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &t, 8 * n_size - grp->nbits ) );
 
-            /* See mbedtls_ecp_gen_keypair() */
             if( ++blind_tries > 30 )
                 return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
         }
commit	4bf65fb71f1b2f5e418e0a6da25f4ed454281f84	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Jan 21 10:56:23 2019 +0000
committer	Janos Follath <janos.follath@arm.com>	Mon Jan 21 10:56:23 2019 +0000
tree	1526477125f6724fd0f389a970e5c72333a77f24
parent	a62744d4871fb0ca22cd906a8e1ba8cb7a8699f1 [diff] [blame]