mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 02:11:09 +00:00
RSA blinding: check highly unlikely cases
This commit is contained in:
parent
6b06502c4b
commit
ff6e24710a
|
@ -283,12 +283,20 @@ int rsa_private( rsa_context *ctx,
|
||||||
#else
|
#else
|
||||||
if( f_rng != NULL )
|
if( f_rng != NULL )
|
||||||
{
|
{
|
||||||
|
int count = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Blinding
|
* Blinding
|
||||||
* T = T * Vi mod N
|
* T = T * Vi mod N
|
||||||
*/
|
*/
|
||||||
/* Unblinding value: Vf = random number */
|
/* Unblinding value: Vf = random number */
|
||||||
MPI_CHK( mpi_fill_random( &Vf, ctx->len - 1, f_rng, p_rng ) );
|
do {
|
||||||
|
if( count++ > 10 )
|
||||||
|
return( POLARSSL_ERR_RSA_RNG_FAILED );
|
||||||
|
|
||||||
|
MPI_CHK( mpi_fill_random( &Vf, ctx->len - 1, f_rng, p_rng ) );
|
||||||
|
MPI_CHK( mpi_gcd( &Vi, &Vf, &ctx->N ) );
|
||||||
|
} while( mpi_cmp_int( &Vi, 1 ) != 0 );
|
||||||
|
|
||||||
/* Mathematically speaking, the algorithm should check Vf
|
/* Mathematically speaking, the algorithm should check Vf
|
||||||
* against 0, P and Q (Vf should be relatively prime to N, and 0 < Vf < N),
|
* against 0, P and Q (Vf should be relatively prime to N, and 0 < Vf < N),
|
||||||
|
|
Loading…
Reference in a new issue