diff options
author | Filippo Valsorda <filippo@golang.org> | 2018-06-08 18:58:30 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2018-06-13 21:59:09 +0000 |
commit | b77f5e4c8530279d40eb29dc86a320a8fb4f909e (patch) | |
tree | 65c6ecc533bf5d99ed7b60fd326757003c48da67 /src/crypto/rsa/boring.go | |
parent | a4b7722ffaa031d1ae7b95a0565c02889de22520 (diff) | |
download | go-b77f5e4c8530279d40eb29dc86a320a8fb4f909e.tar.gz go-b77f5e4c8530279d40eb29dc86a320a8fb4f909e.zip |
[dev.boringcrypto] crypto/rsa: drop random source reading emulation
Now that the standard library behavior in reading from the randomness
source is not reliable thanks to randutil.MaybeReadByte, we don't need
to emulate its behavior.
Also, since boring.RandReader is never deterministic, add an early exit
to randutil.MaybeReadByte.
Change-Id: Ie53e45ee64af635595181f71abd3c4340c600907
Reviewed-on: https://go-review.googlesource.com/117555
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Diffstat (limited to 'src/crypto/rsa/boring.go')
-rw-r--r-- | src/crypto/rsa/boring.go | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go index 0ddff014e6..0f362a2f16 100644 --- a/src/crypto/rsa/boring.go +++ b/src/crypto/rsa/boring.go @@ -6,8 +6,6 @@ package rsa import ( "crypto/internal/boring" - "crypto/rand" - "io" "math/big" "sync/atomic" "unsafe" @@ -124,41 +122,3 @@ func copyPrivateKey(k *PrivateKey) PrivateKey { } return dst } - -// boringFakeRandomBlind consumes from random to mimic the -// blinding operation done in the standard Go func decrypt. -// When we are using BoringCrypto, we always let it handle decrypt -// regardless of random source, because the blind doesn't affect -// the visible output of decryption, but if the random source is not -// true randomness then the caller might still observe the side effect -// of consuming from the source. We consume from the source -// to give the same side effect. This should only happen during tests -// (verified by the UnreachableExceptTests call below). -// -// We go to the trouble of doing this so that we can verify that -// func decrypt (standard RSA decryption) is dropped from -// BoringCrypto-linked binaries entirely; otherwise we'd have to -// keep it in the binary just in case a call happened with a -// non-standard randomness source. -func boringFakeRandomBlind(random io.Reader, priv *PrivateKey) { - if random == nil || random == boring.RandReader { - return - } - boring.UnreachableExceptTests() - - // Copied from func decrypt. - ir := new(big.Int) - for { - r, err := rand.Int(random, priv.N) - if err != nil { - return - } - if r.Cmp(bigZero) == 0 { - r = bigOne - } - ok := ir.ModInverse(r, priv.N) - if ok != nil { - break - } - } -} |