crypto/x509: improve error when parsing bad ECDSA cert

aaazalea · FiloSottile · commit 89f4592d1e83 · 2018-03-28T03:46:14.000Z
When parsing an ECDSA certificate, improve the error message upon failing to parse the curve as a named curve, rather than returning the original ASN1 error. Fixes #21502 Change-Id: I7ae7b3ea7a9dcbd78a9607f46f5883d3193b8367 Reviewed-on: https://go-review.googlesource.com/57050 Reviewed-by: Filippo Valsorda <filippo@golang.org>
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
@@ -1056,7 +1056,7 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
 		namedCurveOID := new(asn1.ObjectIdentifier)
 		rest, err := asn1.Unmarshal(paramsData, namedCurveOID)
 		if err != nil {
-			return nil, err
+			return nil, errors.New("x509: failed to parse ECDSA parameters as named curve")
 		}
 		if len(rest) != 0 {
 			return nil, errors.New("x509: trailing data after ECDSA parameters")

Original file line number	Diff line number	Diff line change
`@@ -1056,7 +1056,7 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{`
`1056`	`1056`	`namedCurveOID := new(asn1.ObjectIdentifier)`
`1057`	`1057`	`rest, err := asn1.Unmarshal(paramsData, namedCurveOID)`
`1058`	`1058`	`if err != nil {`
`1059`		`- return nil, err`
	`1059`	`+ return nil, errors.New("x509: failed to parse ECDSA parameters as named curve")`
`1060`	`1060`	`}`
`1061`	`1061`	`if len(rest) != 0 {`
`1062`	`1062`	`return nil, errors.New("x509: trailing data after ECDSA parameters")`