• Adam Langley's avatar
    crypto/rsa: ensure that RSA keys use the full number of bits. · 975bf6d3
    Adam Langley authored
    While half of all numbers don't have their most-significant bit set,
    this is becoming increasingly impermissible for RSA moduli. In an
    attempt to exclude weak keys, several bits of software either do, or
    will, enforce that RSA moduli are >= 1024-bits.
    
    However, Go often generates 1023-bit RSA moduli which this software
    would then reject.
    
    This change causes crypto/rsa to regenerate the primes in the event
    that the result is shorter than requested.
    
    It also alters crypto/rand in order to remove the performance impact
    of this:
    
    The most important change to crypto/rand is that it will now set the
    top two bits in a generated prime (OpenSSL does the same thing).
    Multiplying two n/2 bit numbers, where each have the top two bits set,
    will always result in an n-bit product. (The effectively makes the
    crypto/rsa change moot, but that seems too fragile to depend on.)
    
    Also this change adds code to crypto/rand to rapidly eliminate some
    obviously composite numbers and reduce the number of Miller-Rabin
    tests needed to generate a prime.
    
    R=rsc, minux.ma
    CC=golang-dev
    https://golang.org/cl/7002050
    975bf6d3
rsa.go 14 KB