From 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 7 Jul 2017 21:51:42 +0900
Subject: [PATCH] rsa: Reduce secmem pressure.

* cipher/rsa.c (secret): Don't keep secmem.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 cipher/rsa.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cipher/rsa.c b/cipher/rsa.c
index 84a1af0e5..51b76404f 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -341,22 +341,29 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
     mpi_set_highbit (rr, rr_nbits - 1);
     mpi_sub_ui( h, skey->p, 1  );
     mpi_mul ( D_blind, h, rr );
+    mpi_free ( rr );
     mpi_fdiv_r( h, skey->d, h );
     mpi_add ( D_blind, D_blind, h );
+    mpi_free ( h );
     mpi_powm ( m1, input, D_blind, skey->p );
 
+    h = mpi_alloc_secure (nlimbs);
+    rr = mpi_alloc_secure ( (rr_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
     /* d_blind = (d mod (q-1)) + (q-1) * r            */
     /* m2 = c ^ d_blind mod q */
     randomize_mpi (rr, rr_nbits, 0);
     mpi_set_highbit (rr, rr_nbits - 1);
     mpi_sub_ui( h, skey->q, 1  );
     mpi_mul ( D_blind, h, rr );
+    mpi_free ( rr );
     mpi_fdiv_r( h, skey->d, h );
     mpi_add ( D_blind, D_blind, h );
+    mpi_free ( h );
     mpi_powm ( m2, input, D_blind, skey->q );
 
-    mpi_free ( rr );
     mpi_free ( D_blind );
+    h = mpi_alloc_secure (nlimbs);
 
     /* h = u * ( m2 - m1 ) mod q */
     mpi_sub( h, m2, m1 );