From: Adam Langley <agl@golang.org>
Date: Wed, 4 Nov 2009 01:23:50 +0000 (-0800)
Subject: crypto/rsa: fix blinding when using a null random source.
X-Git-Tag: weekly.2009-11-06~109
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=bcce2987e0ea9ba25d102f3565eac04e84307181;p=gostls13.git

crypto/rsa: fix blinding when using a null random source.

For testing it can be useful to use a null random source (one which
always returns zero) to remove non-determinism from the tests.
However, when performing RSA blinding, the random blind ends up being
zero and it's hard to reverse a multiplication by zero.

R=rsc
CC=go-dev
http://go/go-review/1018033
---

diff --git a/src/pkg/crypto/rsa/rsa.go b/src/pkg/crypto/rsa/rsa.go
index 8ca87485a8..65258781bd 100644
--- a/src/pkg/crypto/rsa/rsa.go
+++ b/src/pkg/crypto/rsa/rsa.go
@@ -16,6 +16,7 @@ import (
 	"os";
 )
 
+var bigZero = big.NewInt(0)
 var bigOne = big.NewInt(1)
 
 // randomSafePrime returns a number, p, of the given size, such that p and
@@ -322,6 +323,9 @@ func decrypt(rand io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err os.E
 			err = err1;
 			return;
 		}
+		if big.CmpInt(r, bigZero) == 0 {
+			r = bigOne;
+		}
 		ir = modInverse(r, priv.N);
 		bigE := big.NewInt(int64(priv.E));
 		rpowe := new(big.Int).Exp(r, bigE, priv.N);