From 7c7126cfeb82894229b9c3d5109e4b04e6cfde0c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 23 Feb 2015 13:28:57 -0800 Subject: [PATCH] crypto/rsa: drop the primality check in crypto/rsa.Validate. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This check is expensive and adversely impacts startup times for some servers with several, large RSA keys. It was nice to have, but it's not really going to stop a targetted attack and was never designed to – hopefully people's private keys aren't attacker controlled! Overall I think the feeling is that people would rather have the CPU time back. Fixes #6626. Change-Id: I0143a58c9f22381116d4ca2a3bbba0d28575f3e5 Reviewed-on: https://go-review.googlesource.com/5641 Reviewed-by: Brad Fitzpatrick Run-TryBot: Adam Langley --- src/crypto/rsa/rsa.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 2702311281..21704469d2 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -102,16 +102,6 @@ func (priv *PrivateKey) Validate() error { return err } - // Check that the prime factors are actually prime. Note that this is - // just a sanity check. Since the random witnesses chosen by - // ProbablyPrime are deterministic, given the candidate number, it's - // easy for an attack to generate composites that pass this test. - for _, prime := range priv.Primes { - if !prime.ProbablyPrime(20) { - return errors.New("crypto/rsa: prime factor is composite") - } - } - // Check that Πprimes == n. modulus := new(big.Int).Set(bigOne) for _, prime := range priv.Primes { -- 2.50.0