crypto/x509: handle ECC private keys with the wrong length.
SEC-1 says: “The component privateKey is the private key defined to be the octet string of length ⌊log₂(n)/8⌋ (where n is the order of the curve)”. Previously the code for parsing ECC private keys would panic (on non-amd64) when the private was too long. It would also pass a too-short private key to crypto/elliptic, possibly resulting in undesirable behaviour. This change makes the parsing function handle both too much and too little padding because GnuTLS does the former and OpenSSL did the latter until 30cd4ff294252c4b6a4b69cbef6a5b4117705d22. It also causes serialisation to pad private keys correctly. Fixes #13699 Change-Id: If9c2faeaeb45af8a4d7770d784f3d2633e7f8290 Reviewed-on: https://go-review.googlesource.com/18094 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
Showing
Please register or sign in to comment