diff options
author | Paschalis Tsilias <paschalis.tsilias@gmail.com> | 2020-09-02 13:44:36 +0300 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2020-09-30 16:05:36 +0000 |
commit | 27280d8c14331c1c46cd90206be9f3c924f6b4c4 (patch) | |
tree | 2001d6054815682c071d1c0a2db08db61e79d2f0 /src/crypto | |
parent | 54a112d7197ec320527614e7502a3243eab93b6e (diff) | |
download | go-27280d8c14331c1c46cd90206be9f3c924f6b4c4.tar.gz go-27280d8c14331c1c46cd90206be9f3c924f6b4c4.zip |
crypto/x509: return errors instead of panicking
Eliminate a panic in x509.CreateCertificate when passing templates with unknown ExtKeyUsage; return an error instead.
Fixes #41169
Change-Id: Ia229d3b0d4a1bdeef05928439d97dab228687b3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/252557
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Diffstat (limited to 'src/crypto')
-rw-r--r-- | src/crypto/x509/x509.go | 3 | ||||
-rw-r--r-- | src/crypto/x509/x509_test.go | 19 |
2 files changed, 21 insertions, 1 deletions
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 16655a3c70..5fd4f6fa17 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -1689,7 +1689,8 @@ func buildExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId if oid, ok := oidFromExtKeyUsage(u); ok { oids = append(oids, oid) } else { - panic("internal error") + err = errors.New("x509: unknown extended key usage") + return } } diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go index d0315900e4..6345c3f5ab 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -2754,3 +2754,22 @@ func TestRSAPSAParameters(t *testing.T) { } } } + +func TestUnknownExtKey(t *testing.T) { + const errorContains = "unknown extended key usage" + + template := &Certificate{ + SerialNumber: big.NewInt(10), + DNSNames: []string{"foo"}, + ExtKeyUsage: []ExtKeyUsage{ExtKeyUsage(-1)}, + } + signer, err := rsa.GenerateKey(rand.Reader, 1024) + if err != nil { + t.Errorf("failed to generate key for TestUnknownExtKey") + } + + _, err = CreateCertificate(rand.Reader, template, template, signer.Public(), signer) + if !strings.Contains(err.Error(), errorContains) { + t.Errorf("expected error containing %q, got %s", errorContains, err) + } +} |