crypto/rsa: fix blinding when using a null random source.

For testing it can be useful to use a null random source (one which always returns zero) to remove non-determinism from the tests. However, when performing RSA blinding, the random blind ends up being zero and it's hard to reverse a multiplication by zero. R=rsc CC=go-dev http://go/go-review/1018033

crypto/rsa: fix blinding when using a null random source.
For testing it can be useful to use a null random source (one which always returns zero) to remove non-determinism from the tests. However, when performing RSA blinding, the random blind ends up being zero and it's hard to reverse a multiplication by zero. R=rsc CC=go-dev http://go/go-review/1018033
bcce2987 · Adam Langley · b5ab5d4f · bcce2987
Commit bcce2987 authored Nov 04, 2009 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

rsa.go src/pkg/crypto/rsa/rsa.go +4 -0

No files found.
--- a/src/pkg/crypto/rsa/rsa.go
+++ b/src/pkg/crypto/rsa/rsa.go
@@ -16,6 +16,7 @@ import (
 	"os";
 )

+var bigZero = big.NewInt(0)
 var bigOne = big.NewInt(1)

 // randomSafePrime returns a number, p, of the given size, such that p and
@@ -322,6 +323,9 @@ func decrypt(rand io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err os.E
 			err = err1;
 			return;
 		}
+		if big.CmpInt(r, bigZero) == 0 {
+			r = bigOne;
+		}
 		ir = modInverse(r, priv.N);
 		bigE := big.NewInt(int64(priv.E));
 		rpowe := new(big.Int).Exp(r, bigE, priv.N);