From 485ed2fa5b5e0b7067ef72a0f4bdc9ca12b77ed7 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 2 Dec 2024 21:04:15 +0100
Subject: [PATCH] crypto/rsa: return error if keygen random source is broken

Fixes #70643

Change-Id: I47c76500bb2e79b0d1dc096651eb45885f6888b6
Reviewed-on: https://go-review.googlesource.com/c/go/+/632896
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/internal/fips140/rsa/keygen.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/crypto/internal/fips140/rsa/keygen.go b/src/crypto/internal/fips140/rsa/keygen.go
index 62e0063d60..a9e12eb1e8 100644
--- a/src/crypto/internal/fips140/rsa/keygen.go
+++ b/src/crypto/internal/fips140/rsa/keygen.go
@@ -45,6 +45,10 @@ func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error) {
 			return nil, err
 		}
 
+		if Q.Nat().ExpandFor(P).Equal(P.Nat()) == 1 {
+			return nil, errors.New("rsa: generated p == q, random source is broken")
+		}
+
 		N, err := bigmod.NewModulusProduct(p, q)
 		if err != nil {
 			return nil, err
-- 
2.48.1