From 7ea2ab1252f5aeaa3a84b70a8f6364973c2d0a35 Mon Sep 17 00:00:00 2001
From: Anna Weine <anna.weine@mozilla.com>
Date: Fri, 4 Nov 2022 16:56:31 +0000
Subject: Bug 1783231 - Initialising variables in the rsa blinding code
 r=jschanck

The PR introduces the modifications asked in the previous RSA blinding patch: https://phabricator.services.mozilla.com/D153763.

Differential Revision: https://phabricator.services.mozilla.com/D161270
---
 lib/freebl/rsa.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
index 514a1f2f5..2b8a3bfb5 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -1030,6 +1030,8 @@ rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
     MP_DIGITS(&ctmp) = 0;
     MP_DIGITS(&blinding_dp) = 0;
     MP_DIGITS(&blinding_dq) = 0;
+    MP_DIGITS(&r1) = 0;
+    MP_DIGITS(&r2) = 0;
 
     CHECK_MPI_OK(mp_init(&p));
     CHECK_MPI_OK(mp_init(&q));
@@ -1058,8 +1060,8 @@ rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
     CHECK_MPI_OK(mp_sub(&p, &blinding_dp, &blinding_dp));
     // generating a random value
     RNG_GenerateGlobalRandomBytes(random_block, EXP_BLINDING_RANDOMNESS_LEN_BYTES);
-    r1.used = EXP_BLINDING_RANDOMNESS_LEN;
-    memcpy(r1.dp, random_block, sizeof(random_block));
+    MP_USED(&r1) = EXP_BLINDING_RANDOMNESS_LEN;
+    memcpy(MP_DIGITS(&r1), random_block, sizeof(random_block));
     // blinding_dp = random * (p - 1)
     CHECK_MPI_OK(mp_mul(&blinding_dp, &r1, &blinding_dp));
     //d_p = d_p + random * (p - 1)
@@ -1071,8 +1073,8 @@ rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
     CHECK_MPI_OK(mp_sub(&q, &blinding_dq, &blinding_dq));
     // generating a random value
     RNG_GenerateGlobalRandomBytes(random_block, EXP_BLINDING_RANDOMNESS_LEN_BYTES);
-    memcpy(r2.dp, random_block, sizeof(random_block));
-    r2.used = EXP_BLINDING_RANDOMNESS_LEN;
+    memcpy(MP_DIGITS(&r2), random_block, sizeof(random_block));
+    MP_USED(&r2) = EXP_BLINDING_RANDOMNESS_LEN;
     // blinding_dq = random * (q - 1)
     CHECK_MPI_OK(mp_mul(&blinding_dq, &r2, &blinding_dq));
     //d_q = d_q + random * (q-1)
-- 
cgit v1.2.1