diff options
author | Adam Langley <agl@golang.org> | 2013-01-31 12:54:37 -0500 |
---|---|---|
committer | Adam Langley <agl@golang.org> | 2013-01-31 12:54:37 -0500 |
commit | 978c02f7aedc92be8be32f1c934c394d0d6a4c02 (patch) | |
tree | a729a758a17b7a6eedbaaf184e9dca616dc33054 /src | |
parent | 82e5ab2dc562d907c77aed273707347adbd3f130 (diff) | |
download | go-978c02f7aedc92be8be32f1c934c394d0d6a4c02.tar.gz |
crypto/x509: test for negative RSA parameters.
Someone found software that generates negative numbers for the RSA
modulus in an X.509 certificate. Our error messages were very poor in
this case so this change improves that.
Update issue 4728
Return more helpful errors when RSA parameters are negative or zero.
R=golang-dev, rsc
CC=golang-dev
https://codereview.appspot.com/7228072
Diffstat (limited to 'src')
-rw-r--r-- | src/pkg/crypto/x509/x509.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go index 798321769..005d36da8 100644 --- a/src/pkg/crypto/x509/x509.go +++ b/src/pkg/crypto/x509/x509.go @@ -660,6 +660,13 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{ return nil, err } + if p.N.Sign() <= 0 { + return nil, errors.New("x509: RSA modulus is not a positive number") + } + if p.E <= 0 { + return nil, errors.New("x509: RSA public exponent is not a positive number") + } + pub := &rsa.PublicKey{ E: p.E, N: p.N, |