New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add checks for octet length of X, Y, and D #210

Merged
merged 4 commits into from Dec 5, 2018

Conversation

3 participants
@jsha
Contributor

jsha commented Dec 5, 2018

The JWK spec says these fields in EC keys MUST be a fixed length, but go-jose wasn't
checking their length on input. I got a report from the Let's Encrypt forums that this
caused some confusion with certain software that was generating invalid JWKs. Boulder
(using go-jose) ingested those keys just fine, but output a different (valid) encoding.

This change enforces the correct length on parsing. It also changes some t.Errorf to
t.Fatalf that I noticed during testing. The t.Fatalf checks are for failures that prevent
the test from meaningfully continuing.

@CLAassistant

This comment has been minimized.

CLAassistant commented Dec 5, 2018

CLA assistant check
All committers have signed the CLA.

@csstaub

csstaub approved these changes Dec 5, 2018

@csstaub

This comment has been minimized.

Member

csstaub commented Dec 5, 2018

This looks good to me. Thank you @jsha!

@csstaub csstaub merged commit 7241509 into square:v2 Dec 5, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details
@csstaub

This comment has been minimized.

Member

csstaub commented Dec 5, 2018

(I'll release this in a v2.2.1 later today)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment