]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 139d6ee) | patch
crypto/x509: avoid panic when parsing partial PKCS#1 private keys
authorFilippo Valsorda <filippo@golang.org>
Thu, 9 Jan 2025 15:03:08 +0000 (16:03 +0100)
committerGopher Robot <gobot@golang.org>
Thu, 16 Jan 2025 19:01:33 +0000 (11:01 -0800)
commit6a4effa08ba5c7b182d319a2a8ddd782274c2f74
tree8353b2b2e011ebd3a7d158e3822ecdc49927fa0ftree
parent139d6eedae38f9e8bc81bb2c8c5c2c75d12853abcommit | diff
crypto/x509: avoid panic when parsing partial PKCS#1 private keys

These keys are off-spec, but have historically been accepted by
ParsePKCS1PrivateKey.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

Fixes #71216
Fixes CVE-2025-22865

Change-Id: I6a6a46564156fa32e29e8d6acbec3fbac47c7352
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1820
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643098
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
src/crypto/x509/pkcs1.go diff | blob | history
src/crypto/x509/x509_test.go diff | blob | history
Go GOST TLS 1.3