crypto/x509: Verify panics on certificates with an unknown public key algorithm [CVE-2024-24783]

[neild]

Verifying a certificate chain which contains a certificate with an unknown public
key algorithm will cause Certificate.Verify to panic.

This affects all crypto/tls clients, and servers that set Config.ClientAuth to
VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is
for TLS servers to not verify client certificates.

Thanks to John Howard (Google) for reporting this issue. This is CVE-2024-24783.

/cc @golang/security and @golang/release

[neild]

@gopherbot please open backport issues for this security fix.

[gopherbot]

Backport issue(s) opened: #65391 (for 1.20), #65392 (for 1.21).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/569235 mentions this issue: [release-branch.go1.22] crypto/x509: make sure pub key is non-nil before interface conversion

[gopherbot]

Change https://go.dev/cl/569238 mentions this issue: [release-branch.go1.21] crypto/x509: make sure pub key is non-nil before interface conversion