crypto/rsa: don't correct private exponent unless needed.

At some point in the past, I believe the GCD algorithm was setting d to be negative. The RSA code has been correcting that ever since but, now, it appears to have changed and the correction isn't needed. Having d be too large is harmless, it's just a little odd and I happened to notice. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/7948044

crypto/rsa: don't correct private exponent unless needed.
At some point in the past, I believe the GCD algorithm was setting d to be negative. The RSA code has been correcting that ever since but, now, it appears to have changed and the correction isn't needed. Having d be too large is harmless, it's just a little odd and I happened to notice. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/7948044
f20f8b8b · Adam Langley · 5a529b61 · f20f8b8b · f20f8b8b
Commit f20f8b8b authored Mar 25, 2013 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

src/pkg/crypto/rsa/rsa.go src/pkg/crypto/rsa/rsa.go +3 -1

src/pkg/crypto/rsa/rsa_test.go src/pkg/crypto/rsa/rsa_test.go +3 -0

No files found.
--- a/src/pkg/crypto/rsa/rsa.go
+++ b/src/pkg/crypto/rsa/rsa.go
@@ -203,7 +203,9 @@ NextSetOfPrimes:
 		g.GCD(priv.D, y, e, totient)

 		if g.Cmp(bigOne) == 0 {
-			priv.D.Add(priv.D, totient)
+			if priv.D.Sign() < 0 {
+				priv.D.Add(priv.D, totient)
+			}
 			priv.Primes = primes
 			priv.N = n


--- a/src/pkg/crypto/rsa/rsa_test.go
+++ b/src/pkg/crypto/rsa/rsa_test.go
@@ -93,6 +93,9 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
 	if err := priv.Validate(); err != nil {
 		t.Errorf("Validate() failed: %s", err)
 	}
+	if priv.D.Cmp(priv.N) > 0 {
+		t.Errorf("private exponent too large")
+	}

 	pub := &priv.PublicKey
 	m := big.NewInt(42)