[dev.boringcrypto] crypto/rsa: fix boring GenerateKey to set non-nil …

…Precomputed.CRTValues This matches the standard GenerateKey and more importantly Precompute, so that if you generate a key and then store it, read it back, call Precompute on the new copy, and then do reflect.DeepEqual on the two copies, they will match. Before this CL, the original key had CRTValues == nil and the reconstituted key has CRTValues != nil (but len(CRTValues) == 0). Change-Id: I1ddc64342a50a1b65a48d827e4d564f1faab1945 Reviewed-on: https://go-review.googlesource.com/63914 Reviewed-by: Adam Langley <agl@golang.org>
golang · Sep 18, 2017 · a929f3a · a929f3a
1 parent aa4a4a8
commit a929f3a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go
@@ -158,6 +158,11 @@ func TestBoringRandGenerateKey(t *testing.T) {
 		t.Fatalf("GenerateKey: wrong N\nhave %x\nwant %x", k.N, n)
 	}
 	r.checkOffset(35200)
+
+	// Non-Boring GenerateKey always sets CRTValues to a non-nil (possibly empty) slice.
+	if k.Precomputed.CRTValues == nil {
+		t.Fatalf("GenerateKey: Precomputed.CRTValues = nil")
+	}
 }
 
 func TestBoringRandGenerateMultiPrimeKey(t *testing.T) {

diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
@@ -233,9 +233,10 @@ func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*PrivateKey
 			D:      D,
 			Primes: []*big.Int{P, Q},
 			Precomputed: PrecomputedValues{
-				Dp:   Dp,
-				Dq:   Dq,
-				Qinv: Qinv,
+				Dp:        Dp,
+				Dq:        Dq,
+				Qinv:      Qinv,
+				CRTValues: make([]CRTValue, 0), // non-nil, to match Precompute
 			},
 		}
 		return key, nil