[3.6] Rsa: use the CRT to generate base blinding values #10513
+106 −33
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Will gain a new implementation using the CRT, so we want to hide the upcoming complexity in a dedicated function. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Was only used in one place so far, but will be used in rsa_gen_rand_with_inverse()'s upcoming CRT-based implementation. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
mpg added needs-review 
github-project-automation bot moved this to In Development in Roadmap pull requests (new board) 
gilles-peskine-arm requested changes Nov 28, 2025
Contributor
gilles-peskine-arm left a comment
gilles-peskine-arm left a comment There was a problem hiding this comment.
LGTM for nominal RSA keys, but I don't see why the CRT version would make a difference with respect to the number of retries to find a suitable blinding value.
I haven't run any benchmarks.
gilles-peskine-arm added needs-work needs-backports Previously we were looping in one case but not even checking the other. Let's check both cases and error out immediately. The error path should never be taken in pratice anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This only made the function harder to use. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
gilles-peskine-arm requested changes Dec 3, 2025
Contributor
gilles-peskine-arm left a comment
gilles-peskine-arm left a comment There was a problem hiding this comment.
LGTM, but the CI is unhappy about the NO_CRT code.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Contributor Author
| Ah, quite embarrassing, I didn't even build that config before pushing. Let me try again. |
gilles-peskine-arm added needs-review 
mpg removed needs-reviewer 4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Description
In builds where
MBEDTLS_RSA_NO_CRTis disabled, take advantage of the CRT when generating the initial value for base blinding.Fixes #10476
PR checklist