topdown/tokens: protect against nistec panics (#5214)

With Golang 1.19, the code used in crypto/elliptic has switched to nistec, and this introduced new panics where there hadn't been any before. To play along with this, we're adding defer/recover constructs. It's only about bad inputs; none of those offending points could ever be valid. Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
open-policy-agent · Oct 6, 2022 · 94baa1b · 94baa1b
1 parent 4ea5c0f
commit 94baa1b
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/topdown/tokens.go b/topdown/tokens.go
@@ -254,7 +254,12 @@ func builtinJWTVerifyES512(bctx BuiltinContext, args []*ast.Term, iter func(*ast
 	return err
 }
 
-func verifyES(publicKey interface{}, digest []byte, signature []byte) error {
+func verifyES(publicKey interface{}, digest []byte, signature []byte) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("ECDSA signature verification error: %v", r)
+		}
+	}()
 	publicKeyEcdsa, ok := publicKey.(*ecdsa.PublicKey)
 	if !ok {
 		return fmt.Errorf("incorrect public key type")
@@ -783,7 +788,12 @@ func verifyRSAPSS(key interface{}, hash crypto.Hash, digest []byte, signature []
 	return nil
 }
 
-func verifyECDSA(key interface{}, hash crypto.Hash, digest []byte, signature []byte) error {
+func verifyECDSA(key interface{}, hash crypto.Hash, digest []byte, signature []byte) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("ECDSA signature verification error: %v", r)
+		}
+	}()
 	publicKeyEcdsa, ok := key.(*ecdsa.PublicKey)
 	if !ok {
 		return fmt.Errorf("incorrect public key type")