diff options
author | Filippo Valsorda <filippo@golang.org> | 2018-06-08 18:28:11 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2018-06-08 18:43:33 -0400 |
commit | a4b7722ffaa031d1ae7b95a0565c02889de22520 (patch) | |
tree | ad4e3e3d35d3d7d7fdf3d4f6b2c203aa447ec2c0 /src/crypto/rsa/rsa.go | |
parent | 18db93d7e673b72628e5b277b5be87f4f78135f6 (diff) | |
parent | 289ab30457a73d29462d584a499fcf48a6aa7fa5 (diff) | |
download | go-a4b7722ffaa031d1ae7b95a0565c02889de22520.tar.gz go-a4b7722ffaa031d1ae7b95a0565c02889de22520.zip |
[dev.boringcrypto] all: merge master into dev.boringcrypto
Conflicts due to randutil.MaybeReadByte (kept at the top for patch
maintainability and consistency):
src/crypto/ecdsa/ecdsa.go
src/crypto/rsa/pkcs1v15.go
src/crypto/rsa/rsa.go
Change-Id: I03a2de541e68a1bbdc48590ad7c01fbffbbf4a2b
Diffstat (limited to 'src/crypto/rsa/rsa.go')
-rw-r--r-- | src/crypto/rsa/rsa.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 9302ea8535..6cbcfe5449 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -33,6 +33,8 @@ import ( "math" "math/big" "unsafe" + + "crypto/internal/randutil" ) var bigZero = big.NewInt(0) @@ -72,7 +74,7 @@ var ( // We require pub.E to fit into a 32-bit integer so that we // do not have different behavior depending on whether // int is 32 or 64 bits. See also -// http://www.imperialviolet.org/2012/03/16/rsae.html. +// https://www.imperialviolet.org/2012/03/16/rsae.html. func checkPub(pub *PublicKey) error { if pub.N == nil { return errPublicModulus @@ -224,6 +226,8 @@ func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) { // [1] US patent 4405829 (1972, expired) // [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*PrivateKey, error) { + randutil.MaybeReadByte(random) + if boring.Enabled && random == boring.RandReader && nprimes == 2 && (bits == 2048 || bits == 3072) { N, E, D, P, Q, Dp, Dq, Qinv, err := boring.GenerateKeyRSA(bits) if err != nil { @@ -526,6 +530,8 @@ func decrypt(random io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err er var ir *big.Int if random != nil { + randutil.MaybeReadByte(random) + // Blinding enabled. Blinding involves multiplying c by r^e. // Then the decryption operation performs (m^e * r^e)^d mod n // which equals mr mod n. The factor of r can then be removed |