crypto/x509: test for negative RSA parameters.

Someone found software that generates negative numbers for the RSA modulus in an X.509 certificate. Our error messages were very poor in this case so this change improves that. Update issue 4728 Return more helpful errors when RSA parameters are negative or zero. R=golang-dev, rsc CC=golang-dev https://codereview.appspot.com/7228072
author: Adam Langley <agl@golang.org> 2013-01-31 12:54:37 -0500
committer: Adam Langley <agl@golang.org> 2013-01-31 12:54:37 -0500
commit: 978c02f7aedc92be8be32f1c934c394d0d6a4c02 (patch)
tree: a729a758a17b7a6eedbaaf184e9dca616dc33054 /src
parent: 82e5ab2dc562d907c77aed273707347adbd3f130 (diff)
download: go-978c02f7aedc92be8be32f1c934c394d0d6a4c02.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 798321769..005d36da8 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -660,6 +660,13 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
 			return nil, err
 		}
 
+		if p.N.Sign() <= 0 {
+			return nil, errors.New("x509: RSA modulus is not a positive number")
+		}
+		if p.E <= 0 {
+			return nil, errors.New("x509: RSA public exponent is not a positive number")
+		}
+
 		pub := &rsa.PublicKey{
 			E: p.E,
 			N: p.N,
author	Adam Langley <agl@golang.org>	2013-01-31 12:54:37 -0500
committer	Adam Langley <agl@golang.org>	2013-01-31 12:54:37 -0500
commit	978c02f7aedc92be8be32f1c934c394d0d6a4c02 (patch)
tree	a729a758a17b7a6eedbaaf184e9dca616dc33054 /src
parent	82e5ab2dc562d907c77aed273707347adbd3f130 (diff)
download	go-978c02f7aedc92be8be32f1c934c394d0d6a4c02.tar.gz