Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: ParsePKIXPublicKey ignores tail of ASN.1 encoding #10583
We probably need to fix ParsePKIXPublicKey not to ignore the remainder of the DER encoding.
@agl, please speak up if you think the code is correct as is. Otherwise we'll take care of it. Thanks.
---------- Forwarded message ----------
In crypto/x509/x509.go, we have the following code:
Notice that the rest value is ignored when parsing the public key. If key validity is checked using a hash function, a malicious entity could add bytes after the public key, changing its hash value without altering the key itself. This is unacceptable in x509 implementation.