From 5c659d736241f4904eb3d513f9f585397a3ed8af Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 31 Jan 2013 12:54:37 -0500 Subject: [PATCH] crypto/x509: test for negative RSA parameters. Someone found software that generates negative numbers for the RSA modulus in an X.509 certificate. Our error messages were very poor in this case so this change improves that. Update #4728 Return more helpful errors when RSA parameters are negative or zero. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/7228072 --- src/pkg/crypto/x509/x509.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go index 7983217696..005d36da88 100644 --- a/src/pkg/crypto/x509/x509.go +++ b/src/pkg/crypto/x509/x509.go @@ -660,6 +660,13 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{ return nil, err } + if p.N.Sign() <= 0 { + return nil, errors.New("x509: RSA modulus is not a positive number") + } + if p.E <= 0 { + return nil, errors.New("x509: RSA public exponent is not a positive number") + } + pub := &rsa.PublicKey{ E: p.E, N: p.N, -- 2.48.1