Periodically reinitialize the blinding sequence instead of always

deriving it by squaring the previous value.
author: Jack Lloyd <[email protected]> 2015-10-15 10:07:36 -0400
committer: Jack Lloyd <[email protected]> 2015-10-15 10:07:36 -0400
commit: 3181dfa7abfe7b623d8823e078f04a374775e978 (patch)
tree: 892045bf1538463ebd4b586f0414b44d2335e044 /src/build-data
parent: 83fe87cc13b4dd6285fbc15465c7bd39fdadb53d (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index eaf4181b5..31069f0ae 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -71,9 +71,20 @@
 * representation of an ECC point. Set to zero to diable this
 * side-channel countermeasure.
 */
-#define BOTAN_POINTGFP_RANDOMIZE_BLINDING_BITS 64
+#define BOTAN_POINTGFP_RANDOMIZE_BLINDING_BITS 80
 
-#define BOTAN_CURVE_GFP_USE_MONTGOMERY_LADDER 0
+/*
+* Normally blinding is performed by choosing a random starting point (plus
+* its inverse, of a form appropriate to the algorithm being blinded), and
+* then choosing new blinding operands by successive squaring of both
+* values. This is much faster than computing a new starting point but
+* introduces some possible coorelation
+*
+* To avoid possible leakage problems in long-running processes, the blinder
+* periodically reinitializes the sequence. This value specifies how often
+* a new sequence should be started.
+*/
+#define BOTAN_BLINDING_REINIT_INTERVAL 32
 
 /* PK key consistency checking toggles */
 #define BOTAN_PUBLIC_KEY_STRONG_CHECKS_ON_LOAD 1
author	Jack Lloyd <[email protected]>	2015-10-15 10:07:36 -0400
committer	Jack Lloyd <[email protected]>	2015-10-15 10:07:36 -0400
commit	3181dfa7abfe7b623d8823e078f04a374775e978 (patch)
tree	892045bf1538463ebd4b586f0414b44d2335e044 /src/build-data
parent	83fe87cc13b4dd6285fbc15465c7bd39fdadb53d (diff)