qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-22 03:54:39 -07:00
Code Releases Activity

crypto/x509: test for negative RSA parameters.

Browse Source 
Someone found software that generates negative numbers for the RSA
modulus in an X.509 certificate. Our error messages were very poor in
this case so this change improves that.

Update #4728
Return more helpful errors when RSA parameters are negative or zero.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/7228072
This commit is contained in:
Adam Langley 2013-01-31 12:54:37 -05:00
parent 8b6534b78a
commit 5c659d7362
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/pkg/crypto/x509/x509.go
View File

@ -660,6 +660,13 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
return nil, err
}
if p.N.Sign() <= 0 {
return nil, errors.New("x509: RSA modulus is not a positive number")
}
if p.E <= 0 {
return nil, errors.New("x509: RSA public exponent is not a positive number")
}
pub := &rsa.PublicKey{
E: p.E,
N: p.N,