crypto/x509: ParsePKCS1PublicKey expects invalid key format #29141
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
WaitingForInfo
Issue is not actionable because of missing required information, which needs to be provided.
What version of Go are you using (
go version
)?The docker image
golang:1.10-stretch
from Docker Hub, although I can also reproduce this bug locally withgo1.10.5
on Debian stable from the stretch-backports repository.Does this issue reproduce with the latest release?
Yes, specifically with
go version go1.11.2 linux/amd64
from the docker imagegolang:latest
(at time of writing, December 7th, 2018, 17:41).What operating system and processor architecture are you using (
go env
)?docker
on Debian stable from the official repositories:Running
go env
in the docker image yields:go env
OutputWhat did you do?
Try me on play.golang.org.
Compiling the following program yields the following error:
Output:
What did you expect to see?
No error, as the provided public key is a valid PKCS#1 public key, generated by
openssl
.What did you see instead?
An error indicating invalid ASN.1 encoding.
In-depth explanation
The problem stems from
crypto/x509.ParsePKCS1PublicKey
expecting a public key encoded like this:However, a valid PCKS#1 public key can also look like this:
If we put the public key provided in the program in the file
pkcs1.pem
, we can see the ASN structure of our cert by usingopenssl
:Dropping the first 24 bytes yields the encoded
BIT STRING
, and is what golang currently accepts as PKCS#1 key:Coincidentally, this corresponds to dropping the first 32 characters of our PEM-encoded certificate, yielding the "wrong" public key format, which golang accepts happily:
(Sidenote: The standard mandates that header and footer must say
RSA PUBLIC KEY
, but it works withPUBLIC KEY
as well.)Putting this key in the above program yields no errors.
How to fix
There are a few solutions to this problem:
ParseRSAPublicKey
) for parsing RSA public keys and fixParsePKCS1PublicKey
to only parse PKCS#1 public keys.ParsePKCS1PublicKey
I'd opt for the first one as it is the cleanest solution. If this can wait until the new year, I could also take a shot at implementing the solution, whatever it turns out to be.
I haven't checked the other functions in
crypto/x509
, but I can imagine some of them have the same issue.The text was updated successfully, but these errors were encountered: