From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 15 May 2018 15:24:57 +0000 (-0400)
Subject: [dev.boringcrypto] crypto/rsa: fix boringFakeRandomBlind to work with (*big.Int)... 
X-Git-Tag: go1.19beta1~484^2~147
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=019a994e32;p=gostls13.git

[dev.boringcrypto] crypto/rsa: fix boringFakeRandomBlind to work with (*big.Int).ModInverse

http://golang.org/cl/108996 removed the local modInverse and its call in
decrypt in favor of (*big.Int).ModInverse. boringFakeRandomBlind copies
decrypt, so it needs to be updated as well.

Change-Id: I59a6c17c2fb9cc7f38cbb59dd9ed11846737d220
Reviewed-on: https://go-review.googlesource.com/113676
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go
index f25f4a5274..0ddff014e6 100644
--- a/src/crypto/rsa/boring.go
+++ b/src/crypto/rsa/boring.go
@@ -147,6 +147,7 @@ func boringFakeRandomBlind(random io.Reader, priv *PrivateKey) {
 	boring.UnreachableExceptTests()
 
 	// Copied from func decrypt.
+	ir := new(big.Int)
 	for {
 		r, err := rand.Int(random, priv.N)
 		if err != nil {
@@ -155,8 +156,8 @@ func boringFakeRandomBlind(random io.Reader, priv *PrivateKey) {
 		if r.Cmp(bigZero) == 0 {
 			r = bigOne
 		}
-		_, ok := modInverse(r, priv.N)
-		if ok {
+		ok := ir.ModInverse(r, priv.N)
+		if ok != nil {
 			break
 		}
 	}