Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Sat, 28 Dec 2024 21:32:59 +0000 (22:32 +0100)
committer	Gopher Robot <gobot@golang.org>
	Tue, 7 Jan 2025 00:16:41 +0000 (16:16 -0800)
commit	a76cc5a4ecb004616404cac5bb756da293818469
tree	8e8e18def024eadd0940610054453964dab4cde4	tree
parent	3f002abb60b86a851e190d9246278aa53db11f87	commit \| diff

crypto/rsa: use λ(N) instead of φ(N)

This has no practical advantage, and requires extra variable time code,
but is an explicit FIPS 186-5 requirement.

Note that the new behavior is consistent with Go+BoringCrypto, but not
with Go 1.23. The resulting keys are essentially interchangeable, but
it's not impossible for applications to notice (google/go-tpm#383).

gcd_lcm_tests.txt is from BoringSSL.

Change-Id: I6a6a4656fd5e92912c87bedc667456d0e8787023
Reviewed-on: https://go-review.googlesource.com/c/go/+/639936
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

src/crypto/internal/fips140/bigmod/nat.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/keygen.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/keygen_test.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/rsa.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/testdata/gcd_lcm_tests.txt	[new file with mode: 0644]	blob