diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 15:18:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 15:18:09 +0000 |
commit | 0cd6f26b6b8fcec2b43398fd831f6b9e0cb977e3 (patch) | |
tree | 673eec8dca4c4cfc5125dd4447f6608e589fa6b9 /security/nss/lib/freebl/rsa.c | |
parent | Adding debian version 115.8.0esr-1~deb12u1. (diff) | |
download | firefox-esr-0cd6f26b6b8fcec2b43398fd831f6b9e0cb977e3.tar.xz firefox-esr-0cd6f26b6b8fcec2b43398fd831f6b9e0cb977e3.zip |
Merging upstream version 115.9.0esr.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/freebl/rsa.c')
-rw-r--r-- | security/nss/lib/freebl/rsa.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 4dac957902..52fd8b69fb 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -70,6 +70,8 @@ struct RSABlindingParamsStr { SECItem modulus; /* list element "key" */ blindingParams *free, *bp; /* Blinding parameters queue */ blindingParams array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE]; + /* precalculate montegomery reduction value */ + mp_digit n0i; /* n0i = -( n & MP_DIGIT) ** -1 mod mp_RADIX */ }; typedef struct RSABlindingParamsStr RSABlindingParams; @@ -1210,6 +1212,8 @@ generate_blinding_params(RSAPrivateKey *key, mp_int *f, mp_int *g, mp_int *n, CHECK_MPI_OK(mp_exptmod(&k, &e, n, f)); /* g = k**-1 mod n */ CHECK_MPI_OK(mp_invmod(&k, n, g)); + /* g in montgomery form.. */ + CHECK_MPI_OK(mp_to_mont(g, n, g)); cleanup: if (kb) PORT_ZFree(kb, modLen); @@ -1246,13 +1250,16 @@ init_blinding_params(RSABlindingParams *rsabp, RSAPrivateKey *key, rsabp->bp = NULL; rsabp->free = bp; + /* precalculate montgomery reduction parameter */ + rsabp->n0i = mp_calculate_mont_n0i(n); + /* List elements are keyed using the modulus */ return SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus); } static SECStatus get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, - mp_int *f, mp_int *g) + mp_int *f, mp_int *g, mp_digit *n0i) { RSABlindingParams *rsabp = NULL; blindingParams *bpUnlinked = NULL; @@ -1312,6 +1319,7 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, /* We've found (or created) the RSAblindingParams struct for this key. * Now, search its list of ready blinding params for a usable one. */ + *n0i = rsabp->n0i; while (0 != (bp = rsabp->bp)) { #ifdef UNSAFE_FUZZER_MODE /* Found a match and there are still remaining uses left */ @@ -1426,6 +1434,7 @@ cleanup: if (err) { MP_TO_SEC_ERROR(err); } + *n0i = 0; return SECFailure; } @@ -1445,6 +1454,7 @@ rsa_PrivateKeyOp(RSAPrivateKey *key, mp_err err; mp_int n, c, m; mp_int f, g; + mp_digit n0i; if (!key || !output || !input) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -1476,7 +1486,7 @@ rsa_PrivateKeyOp(RSAPrivateKey *key, ** blinding factor */ if (nssRSAUseBlinding) { - CHECK_SEC_OK(get_blinding_params(key, &n, modLen, &f, &g)); + CHECK_SEC_OK(get_blinding_params(key, &n, modLen, &f, &g, &n0i)); /* c' = c*f mod n */ CHECK_MPI_OK(mp_mulmod(&c, &f, &n, &c)); } @@ -1497,7 +1507,7 @@ rsa_PrivateKeyOp(RSAPrivateKey *key, */ if (nssRSAUseBlinding) { /* m = m'*g mod n */ - CHECK_MPI_OK(mp_mulmod(&m, &g, &n, &m)); + CHECK_MPI_OK(mp_mulmontmodCT(&m, &g, &n, n0i, &m)); } err = mp_to_fixlen_octets(&m, output, modLen); if (err >= 0) |