Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/rsa: fix GenerateKey flakes for toy-sized keys

Browse source 
Could have fixed this some other ways, including inside the FIPS 140-3
module, but this is small and self-contained, clearly not affecting
production non-toy key sizes. This late in the freeze, a surgical fix
felt best.

Fixes #71185

Change-Id: I6a6a465641357c9d6b076c8a520b221be4210ed5
Reviewed-on: https://go-review.googlesource.com/c/go/+/641755
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
Filippo Valsorda 2025-01-09 15:12:49 +01:00 committed by Gopher Robot
parent d0c9142ce3
commit 932ec2be8d
2 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/crypto/rsa/rsa.go
View file

@ -327,6 +327,21 @@ func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) {
} }
k, err := rsa.GenerateKey(random, bits) k, err := rsa.GenerateKey(random, bits)
if bits < 256 && err != nil {
// Toy-sized keys have a non-negligible chance of hitting two hard
// failure cases: p == q and d <= 2^(nlen / 2).
//
// Since these are impossible to hit for real keys, we don't want to
// make the production code path more complex and harder to think about
// to handle them.
//
// Instead, just rerun the whole process a total of 8 times, which
// brings the chance of failure for 32-bit keys down to the same as for
// 256-bit keys.
for i := 1; i < 8 && err != nil; i++ {
k, err = rsa.GenerateKey(random, bits)
}
}
if err != nil { if err != nil {
return nil, err return nil, err
} }

17
src/crypto/rsa/rsa_test.go
View file

@ -109,6 +109,23 @@ func TestImpossibleKeyGeneration(t *testing.T) {
} }
} }
func TestTinyKeyGeneration(t *testing.T) {
// Toy-sized keys can randomly hit hard failures in GenerateKey.
if testing.Short() {
t.Skip("skipping in short mode")
}
t.Setenv("GODEBUG", "rsa1024min=0")
for range 10000 {
k, err := GenerateKey(rand.Reader, 32)
if err != nil {
t.Fatalf("GenerateKey(32): %v", err)
}
if err := k.Validate(); err != nil {
t.Fatalf("Validate(32): %v", err)
}
}
}
func TestGnuTLSKey(t *testing.T) { func TestGnuTLSKey(t *testing.T) {
t.Setenv("GODEBUG", "rsa1024min=0") t.Setenv("GODEBUG", "rsa1024min=0")
// This is a key generated by `certtool --generate-privkey --bits 128`. // This is a key generated by `certtool --generate-privkey --bits 128`.