From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 2 Dec 2024 20:04:15 +0000 (+0100)
Subject: crypto/rsa: return error if keygen random source is broken
X-Git-Tag: go1.24rc1~44
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=485ed2fa5b5e0b7067ef72a0f4bdc9ca12b77ed7;p=gostls13.git

crypto/rsa: return error if keygen random source is broken

Fixes #70643

Change-Id: I47c76500bb2e79b0d1dc096651eb45885f6888b6
Reviewed-on: https://go-review.googlesource.com/c/go/+/632896
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
---

diff --git a/src/crypto/internal/fips140/rsa/keygen.go b/src/crypto/internal/fips140/rsa/keygen.go
index 62e0063d60..a9e12eb1e8 100644
--- a/src/crypto/internal/fips140/rsa/keygen.go
+++ b/src/crypto/internal/fips140/rsa/keygen.go
@@ -45,6 +45,10 @@ func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error) {
 			return nil, err
 		}
 
+		if Q.Nat().ExpandFor(P).Equal(P.Nat()) == 1 {
+			return nil, errors.New("rsa: generated p == q, random source is broken")
+		}
+
 		N, err := bigmod.NewModulusProduct(p, q)
 		if err != nil {
 			return nil, err