crypto/rsa: drop the primality check in crypto/rsa.Validate.

This check is expensive and adversely impacts startup times for some servers with several, large RSA keys. It was nice to have, but it's not really going to stop a targetted attack and was never designed to – hopefully people's private keys aren't attacker controlled! Overall I think the feeling is that people would rather have the CPU time back. Fixes #6626. Change-Id: I0143a58c9f22381116d4ca2a3bbba0d28575f3e5 Reviewed-on: https://go-review.googlesource.com/5641 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
2015-02-23 13:28:57 -08:00 · 2015-02-23 13:28:57 -08:00 · 7c7126cfeb
parent ec92af650c
commit 7c7126cfeb
1 changed files with 0 additions and 10 deletions
--- a/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@ -102,16 +102,6 @@ func (priv *PrivateKey) Validate() error {
 		return err
 	}

-	// Check that the prime factors are actually prime. Note that this is
-	// just a sanity check. Since the random witnesses chosen by
-	// ProbablyPrime are deterministic, given the candidate number, it's
-	// easy for an attack to generate composites that pass this test.
-	for _, prime := range priv.Primes {
-		if !prime.ProbablyPrime(20) {
-			return errors.New("crypto/rsa: prime factor is composite")
-		}
-	}
-
 	// Check that Πprimes == n.
 	modulus := new(big.Int).Set(bigOne)
 	for _, prime := range priv.Primes {