diff options
author | Russ Cox <rsc@golang.org> | 2017-08-30 10:10:15 -0400 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2017-08-30 19:23:53 +0000 |
commit | 7b49445d0fab71820314a2e5bdfba6b84b7f16d0 (patch) | |
tree | 6d4035d450b5215fa6ee388cf2607dead0c3296d /src/crypto/rsa/boring_test.go | |
parent | 81b9d733b04b635e6c6e78396c4bde0d344da06c (diff) | |
download | go-7b49445d0fab71820314a2e5bdfba6b84b7f16d0.tar.gz go-7b49445d0fab71820314a2e5bdfba6b84b7f16d0.zip |
[dev.boringcrypto] cmd/compile: hide new boring fields from reflection
This is terrible but much simpler, cleaner, and more effective
than all the alternatives I have come up with.
Lots of code assumes that reflect.DeepEqual is meaningful
on rsa.PublicKey etc, because previously they consisted only of
exported meaningful fields.
Worse, there exists code that assumes asn1.Marshal can be
passed an rsa.PublicKey, because that struct has historically
matched exactly the form that would be needed to produce
the official ASN.1 DER encoding of an RSA public key.
Instead of tracking down and fixing all of that code
(and probably more), we can limit the BoringCrypto-induced
damage by ensliting the compiler to hide the new field
from reflection. Then nothing can get at it and nothing can
be disrupted by it.
Kill two birds with one cannon ball.
I'm very sorry.
Change-Id: I0ca4d6047c7e98f880cbb81904048c1952e278cc
Reviewed-on: https://go-review.googlesource.com/60271
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Diffstat (limited to 'src/crypto/rsa/boring_test.go')
-rw-r--r-- | src/crypto/rsa/boring_test.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go new file mode 100644 index 0000000000..7fbafee16e --- /dev/null +++ b/src/crypto/rsa/boring_test.go @@ -0,0 +1,40 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package rsa + +import ( + "crypto/rand" + "encoding/asn1" + "reflect" + "testing" + "unsafe" +) + +func TestBoringASN1Marshal(t *testing.T) { + k, err := GenerateKey(rand.Reader, 128) + if err != nil { + t.Fatal(err) + } + // This used to fail, because of the unexported 'boring' field. + // Now the compiler hides it [sic]. + _, err = asn1.Marshal(k.PublicKey) + if err != nil { + t.Fatal(err) + } +} + +func TestBoringDeepEqual(t *testing.T) { + k, err := GenerateKey(rand.Reader, 128) + if err != nil { + t.Fatal(err) + } + k.boring = nil // probably nil already but just in case + k2 := *k + k2.boring = unsafe.Pointer(k) // anything not nil, for this test + if !reflect.DeepEqual(k, &k2) { + // compiler should be hiding the boring field from reflection + t.Fatalf("DeepEqual compared boring fields") + } +} |