From: Adam Langley Date: Mon, 23 Feb 2015 21:28:57 +0000 (-0800) Subject: crypto/rsa: drop the primality check in crypto/rsa.Validate. X-Git-Tag: go1.5beta1~1913 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7c7126cfeb82894229b9c3d5109e4b04e6cfde0c;p=gostls13.git crypto/rsa: drop the primality check in crypto/rsa.Validate. This check is expensive and adversely impacts startup times for some servers with several, large RSA keys. It was nice to have, but it's not really going to stop a targetted attack and was never designed to – hopefully people's private keys aren't attacker controlled! Overall I think the feeling is that people would rather have the CPU time back. Fixes #6626. Change-Id: I0143a58c9f22381116d4ca2a3bbba0d28575f3e5 Reviewed-on: https://go-review.googlesource.com/5641 Reviewed-by: Brad Fitzpatrick Run-TryBot: Adam Langley --- diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 2702311281..21704469d2 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -102,16 +102,6 @@ func (priv *PrivateKey) Validate() error { return err } - // Check that the prime factors are actually prime. Note that this is - // just a sanity check. Since the random witnesses chosen by - // ProbablyPrime are deterministic, given the candidate number, it's - // easy for an attack to generate composites that pass this test. - for _, prime := range priv.Primes { - if !prime.ProbablyPrime(20) { - return errors.New("crypto/rsa: prime factor is composite") - } - } - // Check that Πprimes == n. modulus := new(big.Int).Set(bigOne) for _, prime := range priv.Primes {