crypto/rsa: drop the primality check in crypto/rsa.Validate.

This check is expensive and adversely impacts startup times for some
servers with several, large RSA keys.

It was nice to have, but it's not really going to stop a targetted
attack and was never designed to – hopefully people's private keys
aren't attacker controlled!

Overall I think the feeling is that people would rather have the CPU
time back.

Fixes #6626.

Change-Id: I0143a58c9f22381116d4ca2a3bbba0d28575f3e5
Reviewed-on: https://go-review.googlesource.com/5641
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
index 2702311281ce07a64c71ff56223d4a75c0041bf0..21704469d28984d1319d81b86b7e93d38a0a22b8 100644 (file)
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@ -102,16 +102,6 @@ func (priv *PrivateKey) Validate() error {
                return err
        }
 
-       // Check that the prime factors are actually prime. Note that this is
-       // just a sanity check. Since the random witnesses chosen by
-       // ProbablyPrime are deterministic, given the candidate number, it's
-       // easy for an attack to generate composites that pass this test.
-       for _, prime := range priv.Primes {
-               if !prime.ProbablyPrime(20) {
-                       return errors.New("crypto/rsa: prime factor is composite")
-               }
-       }
-
        // Check that Πprimes == n.
        modulus := new(big.Int).Set(bigOne)
        for _, prime := range priv.Primes {