Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto: pkcs.ToPEM does not return error on invalid password #16979

Closed
lorin opened this issue Sep 3, 2016 · 1 comment
Closed

x/crypto: pkcs.ToPEM does not return error on invalid password #16979

lorin opened this issue Sep 3, 2016 · 1 comment
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@lorin
Copy link

lorin commented Sep 3, 2016

What version of Go are you using (go version)?

go version go1.7 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOOS="darwin"
GOARCH="amd64"

What did you do?

Program:

package main

import (
    "fmt"
    "io/ioutil"

    "golang.org/x/crypto/pkcs12"
)

func check(err error) {
    if err != nil {
        panic(err)
    }
}

func main() {
    certPath := "Certificate.p12"
    pfxData, err := ioutil.ReadFile(certPath)
    check(err)
    password := "invalid"
    blocks, err := pkcs12.ToPEM(pfxData, password)
    check(err)

    fmt.Printf("Number of blocks: %d\n", len(blocks))
}

For Certificate.p12, I downloaded https://github.com/golang/go/files/95892/Certificate.p12.zip (password: googler) mentioned in #14015.

What did you expect to see?

A panic resulting from a crypto.ErrIncorrectPassword error being returned.

What did you see instead?

Number of blocks: 0

Looks like the pkcs12.ToPEM function does not check the error returned by pkcs12.getSafeContents
@quentinmit quentinmit modified the milestone: Unreleased Sep 6, 2016
@adamdecaf
Copy link
Contributor

This was fixed in #19542 / https://go-review.googlesource.com/c/crypto/+/38261

@lorin lorin closed this as completed Jan 21, 2018
@golang golang locked and limited conversation to collaborators Jan 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@quentinmit @adamdecaf @lorin @gopherbot