Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/x509: Export wrong parse function error #43780

Open
joeshaw opened this issue Jan 19, 2021 · 0 comments
Open

proposal: crypto/x509: Export wrong parse function error #43780

joeshaw opened this issue Jan 19, 2021 · 0 comments
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals (old)
Milestone
Proposal

Comments

@joeshaw
Copy link
Contributor

joeshaw commented Jan 19, 2021
edited

What version of Go are you using (go version)?

$ go version
go version go1.15.6 darwin/amd64

What did you do?

I occasionally see PEM-encoded private keys that have the wrong PEM header for that key type. For example, a PKCS8 key with BEGIN RSA PRIVATE KEY instead of BEGIN PRIVATE KEY. Thanks to #30094 this is helpfully reported with an error message suggesting the correct API. For example, in ParsePKCS1PrivateKey:

go/src/crypto/x509/pkcs1.go

Lines 54 to 59 in ccb2e90

if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {
return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
}
if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
}

What would you like to see?

It would be nice if these errors were exported as values that could be checked in code, so we could handle these gracefully. Currently you have to do string parsing, and I don't think that is covered by the Go 1 compatibility guarantee.

Alternatively, an API that given DER input returned which key type it was would be nice. With just DER input (that is, without the PEM block hint) you just have to try all the ParsePKCS1PrivateKey / ParsePKCS8PrivateKey / ParseECPrivateKey functions in a row until one succeeds.
@seankhliao seankhliao changed the title crypto/x509: Export errors when PKCS1/PKCS8/EC keys are provided to incorrect parse function proposal: crypto/x509: Export wrong parse function error Jan 19, 2021
@gopherbot gopherbot added this to the Proposal milestone Jan 19, 2021
@seankhliao seankhliao added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jan 19, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals (old) Feb 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals
Status: Incoming
Proposals (old)
Incoming
Milestone
Proposal
Development

No branches or pull requests
3 participants
@joeshaw @gopherbot @seankhliao