1
0
mirror of https://github.com/golang/go synced 2024-11-26 07:17:59 -07:00

crypto/rsa: don't correct private exponent unless needed.

At some point in the past, I believe the GCD algorithm was setting d to
be negative. The RSA code has been correcting that ever since but, now,
it appears to have changed and the correction isn't needed.

Having d be too large is harmless, it's just a little odd and I
happened to notice.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/7948044
This commit is contained in:
Adam Langley 2013-03-25 19:08:29 -04:00
parent 5a529b61aa
commit f20f8b8b0a
2 changed files with 6 additions and 1 deletions

View File

@ -203,7 +203,9 @@ NextSetOfPrimes:
g.GCD(priv.D, y, e, totient) g.GCD(priv.D, y, e, totient)
if g.Cmp(bigOne) == 0 { if g.Cmp(bigOne) == 0 {
if priv.D.Sign() < 0 {
priv.D.Add(priv.D, totient) priv.D.Add(priv.D, totient)
}
priv.Primes = primes priv.Primes = primes
priv.N = n priv.N = n

View File

@ -93,6 +93,9 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
if err := priv.Validate(); err != nil { if err := priv.Validate(); err != nil {
t.Errorf("Validate() failed: %s", err) t.Errorf("Validate() failed: %s", err)
} }
if priv.D.Cmp(priv.N) > 0 {
t.Errorf("private exponent too large")
}
pub := &priv.PublicKey pub := &priv.PublicKey
m := big.NewInt(42) m := big.NewInt(42)