TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7dcfd7373170ef718863c0c61cda4ff3e5e25299^! / . / library
commit7dcfd7373170ef718863c0c61cda4ff3e5e25299[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Jul 10 09:57:29 2025 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Aug 14 09:18:52 2025 +0200
tree0ad7550b041be79254fa5a1b7ffc498ce0c82ee5
parent0d73de5ee0ec65ff8b60d073b7d1d369ee0a00e6 [diff]
RSA: use constant-time GCD in deduce_primes()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c
index 5c265a9..feb7874 100644
--- a/library/rsa_alt_helpers.c
+++ b/library/rsa_alt_helpers.c

@@ -12,6 +12,7 @@
 
 #include "mbedtls/rsa.h"
 #include "mbedtls/bignum.h"
+#include "bignum_internal.h"
 #include "rsa_alt_helpers.h"
 
 /*
@@ -117,7 +118,7 @@
         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt]));
 
         /* Check if gcd(K,N) = 1 */
-        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd_modinv_odd(P, NULL, &K, N));
         if (mbedtls_mpi_cmp_int(P, 1) != 0) {
             continue;
         }
@@ -136,7 +137,7 @@
             }
 
             MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&K, &K, 1));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_gcd_modinv_odd(P, NULL, &K, N));
 
             if (mbedtls_mpi_cmp_int(P, 1) ==  1 &&
                 mbedtls_mpi_cmp_mpi(P, N) == -1) {