Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: Panics on some ECDSA keys #13699

Closed
hlandau opened this issue Dec 21, 2015 · 2 comments
Closed

crypto/x509: Panics on some ECDSA keys #13699

hlandau opened this issue Dec 21, 2015 · 2 comments
Labels
FrozenDueToAge
Milestone
Go1.6

Comments

@hlandau
Copy link

hlandau commented Dec 21, 2015

x509.ParseECPrivateKey panics on some input values.

Expected outcome: ParseECPrivateKey returns the EC key, or an error if the key is malformed.
Actual outcome: panic.

package main

import (
    "crypto/x509"
    "encoding/pem"
)

// Generated with gnutls's certtool -p --ecdsa. Only some keys
// generated cause Go to panic; this varies randomly.
// This is an example of such a key.
var b = []byte(`
-----BEGIN EC PRIVATE KEY-----
MHgCAQEEIQD59DoEub3DqwH1O+bfgOenvD6ve4f8JOYwpKCql2M2RaAKBggqhkjO
PQMBB6FEA0IABEGlG8MYRhtMOaRQSKFtT8KpNbHqf+hujB+iGdbyQ498f9YpV9NE
LvuUtqI+sOpm3aZj3ELzec2mYwsht4iKXT0=
-----END EC PRIVATE KEY-----
`)

func main() {
    blk, _ := pem.Decode(b)
    x509.ParseECPrivateKey(blk.Bytes)
}
$ go version
go version go1.5.2 linux/amd64
$ go run ./bugtest.go 
panic: runtime error: index out of range

goroutine 1 [running]:
crypto/elliptic.p256GetScalar(0xc820053ce4, 0xc820012b10, 0x21, 0x21)
    /usr/lib/go/src/crypto/elliptic/p256.go:56 +0x135
crypto/elliptic.p256Curve.ScalarBaseMult(0xc82000e480, 0xc820012b10, 0x21, 0x21, 0xc820010c40, 0xc82008e0fa)
    /usr/lib/go/src/crypto/elliptic/p256.go:62 +0x60
crypto/x509.parseECPrivateKey(0x0, 0xc82008e080, 0x7a, 0x7b, 0x6746e0, 0x0, 0x0)
    /usr/lib/go/src/crypto/x509/sec1.go:80 +0x697
crypto/x509.ParseECPrivateKey(0xc82008e080, 0x7a, 0x7b, 0xc820012ae0, 0x0, 0x0)
    /usr/lib/go/src/crypto/x509/sec1.go:33 +0x4c
main.main()
    /home/hugo/Downloads/bugtest.go:18 +0x68

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
    /usr/lib/go/src/runtime/asm_amd64.s:1721 +0x1
exit status 2
@ianlancetaylor ianlancetaylor added this to the Go1.6 milestone Dec 21, 2015
@ianlancetaylor
Copy link
Contributor

CC @agl

@agl agl self-assigned this Dec 21, 2015
@gopherbot
Copy link

CL https://golang.org/cl/18094 mentions this issue.

@agl agl closed this as completed in 9338f39 Jan 6, 2016
@khlieng khlieng mentioned this issue Jan 14, 2016
Closed
@golang golang locked and limited conversation to collaborators Jan 7, 2017
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.6
Development

No branches or pull requests
4 participants
@agl @hlandau @ianlancetaylor @gopherbot