crypto/rsa: fix blinding when using a null random source.

For testing it can be useful to use a null random source (one which
always returns zero) to remove non-determinism from the tests.
However, when performing RSA blinding, the random blind ends up being
zero and it's hard to reverse a multiplication by zero.

R=rsc
CC=go-dev
http://go/go-review/1018033

diff --git a/src/pkg/crypto/rsa/rsa.go b/src/pkg/crypto/rsa/rsa.go
index 8ca87485a8809226c4864bf2d64f64f7d2132dbe..65258781bd9ddbecd253320c7acfcd5afdc121a6 100644 (file)
--- a/src/pkg/crypto/rsa/rsa.go
+++ b/src/pkg/crypto/rsa/rsa.go
@@ -16,6 +16,7 @@ import (
        "os";
 )
 
+var bigZero = big.NewInt(0)
 var bigOne = big.NewInt(1)
 
 // randomSafePrime returns a number, p, of the given size, such that p and
@@ -322,6 +323,9 @@ func decrypt(rand io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err os.E
                        err = err1;
                        return;
                }
+               if big.CmpInt(r, bigZero) == 0 {
+                       r = bigOne;
+               }
                ir = modInverse(r, priv.N);
                bigE := big.NewInt(int64(priv.E));
                rpowe := new(big.Int).Exp(r, bigE, priv.N);