From 019a994e32ce0b1766311753add7d5ee1e434772 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 15 May 2018 11:24:57 -0400
Subject: [PATCH] [dev.boringcrypto] crypto/rsa: fix boringFakeRandomBlind to
 work with (*big.Int).ModInverse

http://golang.org/cl/108996 removed the local modInverse and its call in
decrypt in favor of (*big.Int).ModInverse. boringFakeRandomBlind copies
decrypt, so it needs to be updated as well.

Change-Id: I59a6c17c2fb9cc7f38cbb59dd9ed11846737d220
Reviewed-on: https://go-review.googlesource.com/113676
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 src/crypto/rsa/boring.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go
index f25f4a5274..0ddff014e6 100644
--- a/src/crypto/rsa/boring.go
+++ b/src/crypto/rsa/boring.go
@@ -147,6 +147,7 @@ func boringFakeRandomBlind(random io.Reader, priv *PrivateKey) {
 	boring.UnreachableExceptTests()
 
 	// Copied from func decrypt.
+	ir := new(big.Int)
 	for {
 		r, err := rand.Int(random, priv.N)
 		if err != nil {
@@ -155,8 +156,8 @@ func boringFakeRandomBlind(random io.Reader, priv *PrivateKey) {
 		if r.Cmp(bigZero) == 0 {
 			r = bigOne
 		}
-		_, ok := modInverse(r, priv.N)
-		if ok {
+		ok := ir.ModInverse(r, priv.N)
+		if ok != nil {
 			break
 		}
 	}
-- 
2.48.1