1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

rsa: Reduce secmem pressure.

* cipher/rsa.c (secret): Don't keep secmem.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2017-07-07 21:51:42 +09:00
parent 994d5b7075
commit 1b1f44846b

View File

@ -341,22 +341,29 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
mpi_set_highbit (rr, rr_nbits - 1); mpi_set_highbit (rr, rr_nbits - 1);
mpi_sub_ui( h, skey->p, 1 ); mpi_sub_ui( h, skey->p, 1 );
mpi_mul ( D_blind, h, rr ); mpi_mul ( D_blind, h, rr );
mpi_free ( rr );
mpi_fdiv_r( h, skey->d, h ); mpi_fdiv_r( h, skey->d, h );
mpi_add ( D_blind, D_blind, h ); mpi_add ( D_blind, D_blind, h );
mpi_free ( h );
mpi_powm ( m1, input, D_blind, skey->p ); mpi_powm ( m1, input, D_blind, skey->p );
h = mpi_alloc_secure (nlimbs);
rr = mpi_alloc_secure ( (rr_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
/* d_blind = (d mod (q-1)) + (q-1) * r */ /* d_blind = (d mod (q-1)) + (q-1) * r */
/* m2 = c ^ d_blind mod q */ /* m2 = c ^ d_blind mod q */
randomize_mpi (rr, rr_nbits, 0); randomize_mpi (rr, rr_nbits, 0);
mpi_set_highbit (rr, rr_nbits - 1); mpi_set_highbit (rr, rr_nbits - 1);
mpi_sub_ui( h, skey->q, 1 ); mpi_sub_ui( h, skey->q, 1 );
mpi_mul ( D_blind, h, rr ); mpi_mul ( D_blind, h, rr );
mpi_free ( rr );
mpi_fdiv_r( h, skey->d, h ); mpi_fdiv_r( h, skey->d, h );
mpi_add ( D_blind, D_blind, h ); mpi_add ( D_blind, D_blind, h );
mpi_free ( h );
mpi_powm ( m2, input, D_blind, skey->q ); mpi_powm ( m2, input, D_blind, skey->q );
mpi_free ( rr );
mpi_free ( D_blind ); mpi_free ( D_blind );
h = mpi_alloc_secure (nlimbs);
/* h = u * ( m2 - m1 ) mod q */ /* h = u * ( m2 - m1 ) mod q */
mpi_sub( h, m2, m1 ); mpi_sub( h, m2, m1 );