]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54a112d)
crypto/x509: return errors instead of panicking
authorPaschalis Tsilias <paschalis.tsilias@gmail.com>
Wed, 2 Sep 2020 10:44:36 +0000 (13:44 +0300)
committerFilippo Valsorda <filippo@golang.org>
Wed, 30 Sep 2020 16:05:36 +0000 (16:05 +0000)
Eliminate a panic in x509.CreateCertificate when passing templates with unknown ExtKeyUsage; return an error instead.

Fixes #41169

Change-Id: Ia229d3b0d4a1bdeef05928439d97dab228687b3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/252557
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>

src/crypto/x509/x509.go patch | blob | history
src/crypto/x509/x509_test.go patch | blob | history

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 16655a3c7041120f6d2609f47579bcb5457beef0..5fd4f6fa17699bd46d64390bdd52aac46bd70929 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1689,7 +1689,8 @@ func buildExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId
                        if oid, ok := oidFromExtKeyUsage(u); ok {
                                oids = append(oids, oid)
                        } else {
-                               panic("internal error")
+                               err = errors.New("x509: unknown extended key usage")
+                               return
                        }
                }
 
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index d0315900e47c5399dddf328552733b49c852233e..6345c3f5ab0527bd071ebe15e5357a0d29ab1538 100644 (file)
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2754,3 +2754,22 @@ func TestRSAPSAParameters(t *testing.T) {
                }
        }
 }
+
+func TestUnknownExtKey(t *testing.T) {
+       const errorContains = "unknown extended key usage"
+
+       template := &Certificate{
+               SerialNumber: big.NewInt(10),
+               DNSNames:     []string{"foo"},
+               ExtKeyUsage:  []ExtKeyUsage{ExtKeyUsage(-1)},
+       }
+       signer, err := rsa.GenerateKey(rand.Reader, 1024)
+       if err != nil {
+               t.Errorf("failed to generate key for TestUnknownExtKey")
+       }
+
+       _, err = CreateCertificate(rand.Reader, template, template, signer.Public(), signer)
+       if !strings.Contains(err.Error(), errorContains) {
+               t.Errorf("expected error containing %q, got %s", errorContains, err)
+       }
+}
Go GOST TLS 1.3