Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/x509: decryption of PEM file failure not being caught #43504

Open
pschou opened this issue Jan 5, 2021 · 0 comments
Open

proposal: crypto/x509: decryption of PEM file failure not being caught #43504

pschou opened this issue Jan 5, 2021 · 0 comments

Comments

@pschou
Copy link

@pschou pschou commented Jan 5, 2021

I'd like to propose a way of early and fast detection of PEM decryption errors.

How this check works: it uses the ASN.1 basic encoding rules (BER) to parse the first length field. This length field will contain a number which, when [properly decoded and] parsed, contains the length of the PEM encoded message blob (plus the 2-4 bytes declaring this length). The power of doing this size comparison check via length field is that the decoding routine will then have a verification, with high certainty, that the blob was decoded properly -- and since this does not depend on knowing which kind of crypto pkcs PEM file is being decoded, it is not tied to the knowing or testing any of the pkcs formats; thus it is forward compatible.

Please see the proposal here
https://go-review.googlesource.com/c/proposal/+/281454

and pull request here
#43463

View pull request discussion here
https://go-review.googlesource.com/c/go/+/281112

resolves issue:
#10171

@ianlancetaylor ianlancetaylor changed the title crypto/x509: decryption of PEM file failure not being caught proposal: crypto/x509: decryption of PEM file failure not being caught Jan 5, 2021
@gopherbot gopherbot added this to the Proposal milestone Jan 5, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals Jan 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Incoming
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants