From 444b7b53e02487e3292c9db04b584915a21de54b Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sat, 1 Dec 2012 11:02:08 -0800 Subject: [PATCH] crypto/tls: fix loading keys labeled just "PRIVATE KEY" Worked in Go 1, broken in f440e65f93fe. Fixes #4477 R=golang-dev, agl CC=golang-dev https://golang.org/cl/6865043 --- src/pkg/crypto/tls/tls.go | 2 +- src/pkg/crypto/tls/tls_test.go | 26 ++++++++++++++++++++------ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go index 182506c59e..9230656d6a 100644 --- a/src/pkg/crypto/tls/tls.go +++ b/src/pkg/crypto/tls/tls.go @@ -155,7 +155,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) err = errors.New("crypto/tls: failed to parse key PEM data") return } - if strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { + if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { break } } diff --git a/src/pkg/crypto/tls/tls_test.go b/src/pkg/crypto/tls/tls_test.go index 31b858d832..38229014cd 100644 --- a/src/pkg/crypto/tls/tls_test.go +++ b/src/pkg/crypto/tls/tls_test.go @@ -33,6 +33,19 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== -----END RSA PRIVATE KEY----- ` +// keyPEM is the same as rsaKeyPEM, but declares itself as just +// "PRIVATE KEY", not "RSA PRIVATE KEY". http://golang.org/issue/4477 +var keyPEM = `-----BEGIN PRIVATE KEY----- +MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo +k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G +6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N +MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW +SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T +xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi +D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== +-----END PRIVATE KEY----- +` + var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 @@ -62,21 +75,22 @@ kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== var keyPairTests = []struct { algo string - cert *string - key *string + cert string + key string }{ - {"ECDSA", &ecdsaCertPEM, &ecdsaKeyPEM}, - {"RSA", &rsaCertPEM, &rsaKeyPEM}, + {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM}, + {"RSA", rsaCertPEM, rsaKeyPEM}, + {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477 } func TestX509KeyPair(t *testing.T) { var pem []byte for _, test := range keyPairTests { - pem = []byte(*test.cert + *test.key) + pem = []byte(test.cert + test.key) if _, err := X509KeyPair(pem, pem); err != nil { t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) } - pem = []byte(*test.key + *test.cert) + pem = []byte(test.key + test.cert) if _, err := X509KeyPair(pem, pem); err != nil { t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) } -- 2.48.1