crypto/x509: improve error when parsing bad ECDSA cert

When parsing an ECDSA certificate, improve the error message upon
failing to parse the curve as a named curve, rather than returning
the original ASN1 error.

Fixes #21502

Change-Id: I7ae7b3ea7a9dcbd78a9607f46f5883d3193b8367
Reviewed-on: https://go-review.googlesource.com/57050
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 89789ceba4f5398b80a1394c2db9379c4c657a0f..037924cede331aceafc58d95e289f55c0119e7aa 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1056,7 +1056,7 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
                namedCurveOID := new(asn1.ObjectIdentifier)
                rest, err := asn1.Unmarshal(paramsData, namedCurveOID)
                if err != nil {
-                       return nil, err
+                       return nil, errors.New("x509: failed to parse ECDSA parameters as named curve")
                }
                if len(rest) != 0 {
                        return nil, errors.New("x509: trailing data after ECDSA parameters")