You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
x509.ParseECPrivateKey panics on some input values.
Expected outcome: ParseECPrivateKey returns the EC key, or an error if the key is malformed.
Actual outcome: panic.
package main
import (
"crypto/x509""encoding/pem"
)
// Generated with gnutls's certtool -p --ecdsa. Only some keys// generated cause Go to panic; this varies randomly.// This is an example of such a key.varb= []byte(`-----BEGIN EC PRIVATE KEY-----MHgCAQEEIQD59DoEub3DqwH1O+bfgOenvD6ve4f8JOYwpKCql2M2RaAKBggqhkjOPQMBB6FEA0IABEGlG8MYRhtMOaRQSKFtT8KpNbHqf+hujB+iGdbyQ498f9YpV9NELvuUtqI+sOpm3aZj3ELzec2mYwsht4iKXT0=-----END EC PRIVATE KEY-----`)
funcmain() {
blk, _:=pem.Decode(b)
x509.ParseECPrivateKey(blk.Bytes)
}
$ go version
go version go1.5.2 linux/amd64
$ go run ./bugtest.go
panic: runtime error: index out of range
goroutine 1 [running]:
crypto/elliptic.p256GetScalar(0xc820053ce4, 0xc820012b10, 0x21, 0x21)
/usr/lib/go/src/crypto/elliptic/p256.go:56 +0x135
crypto/elliptic.p256Curve.ScalarBaseMult(0xc82000e480, 0xc820012b10, 0x21, 0x21, 0xc820010c40, 0xc82008e0fa)
/usr/lib/go/src/crypto/elliptic/p256.go:62 +0x60
crypto/x509.parseECPrivateKey(0x0, 0xc82008e080, 0x7a, 0x7b, 0x6746e0, 0x0, 0x0)
/usr/lib/go/src/crypto/x509/sec1.go:80 +0x697
crypto/x509.ParseECPrivateKey(0xc82008e080, 0x7a, 0x7b, 0xc820012ae0, 0x0, 0x0)
/usr/lib/go/src/crypto/x509/sec1.go:33 +0x4c
main.main()
/home/hugo/Downloads/bugtest.go:18 +0x68
goroutine 17 [syscall, locked to thread]:
runtime.goexit()
/usr/lib/go/src/runtime/asm_amd64.s:1721 +0x1
exit status 2
The text was updated successfully, but these errors were encountered:
x509.ParseECPrivateKey panics on some input values.
Expected outcome: ParseECPrivateKey returns the EC key, or an error if the key is malformed.
Actual outcome: panic.
The text was updated successfully, but these errors were encountered: