From 8236ebadf1a20ea5ae3af938a9d416314a0d0ed4 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Tue, 18 Jun 2024 10:50:25 +0200 Subject: [PATCH] fix: Trailing bytes ignored while parsing PEM content (#1563) --- internal/keystore/key_store.go | 6 +++--- internal/keystore/key_store_test.go | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/internal/keystore/key_store.go b/internal/keystore/key_store.go index 34e6898cb..d4bd5ad48 100644 --- a/internal/keystore/key_store.go +++ b/internal/keystore/key_store.go @@ -224,11 +224,11 @@ func readPEMContents(data []byte) []*pem.Block { for { block, next = pem.Decode(next) - blocks = append(blocks, block) - - if len(next) == 0 { + if block == nil { break } + + blocks = append(blocks, block) } return blocks diff --git a/internal/keystore/key_store_test.go b/internal/keystore/key_store_test.go index babbb9c0a..90d2b4b12 100644 --- a/internal/keystore/key_store_test.go +++ b/internal/keystore/key_store_test.go @@ -44,11 +44,13 @@ import ( // nolint: gochecknoglobals // generated with openssl ecparam -name prime256v1 -genkey -noout -out key.pem. var pemPKCS1ECPrivateKey = []byte(` + -----BEGIN EC PRIVATE KEY----- MHcCAQEEIAcCM9VY6RRiUlz3UoywbT9yN9UlWEEWKIPqiA2D86pCoAoGCCqGSM49 AwEHoUQDQgAEPEmirqVF2KoNguFuh4GGyShM3OIZt/yD6WESlOvAJhJX6HZyOgFu xijD/4gPFRBfs2GsfVZzSL9kH7HH0chB9w== -----END EC PRIVATE KEY----- + `) // nolint: gochecknoglobals @@ -66,6 +68,7 @@ MtusvyePIsJKGGKsTyHwla4eWpjorL+V116zP35J5x32AFIT8hCbZlLGdL5dpVU= // nolint: gochecknoglobals // converted with openssl pkcs8 -topk8 -in key.pem -out pkcs8.pem -nocrypt. var pemPKCS8ECPrivateKey = []byte(` + -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBwIz1VjpFGJSXPdS jLBtP3I31SVYQRYog+qIDYPzqkKhRANCAAQ8SaKupUXYqg2C4W6HgYbJKEzc4hm3 @@ -103,11 +106,15 @@ GbF249/4VrRL8MHubOp2IakJZH0fd01/oSCG8xuFD/0/6X5hvGVM6bwNhgqAGn7c Yxty35glWR1l8sPN0rD9+QdEYuLY3Ov23SVxHnNKy1pGSJjTinBkfjNEBOdfDUrV ga1bMw04tVw/6O9EEKNGaQsS6B0fzq99acgVHADvRji+eqw18x0J -----END RSA PRIVATE KEY----- + + `) // nolint: gochecknoglobals // converted with openssl pkcs8 -topk8 -in key.pem -out pkcs8.pem. var pemPKCS8RSAEncryptedPrivateKey = []byte(` + + -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI2GK20IxuPzwCAggA MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCR3q6ur2Vas0CfsnCyEDqoBIIE @@ -143,6 +150,8 @@ OK9MsGDvuCMUZH6RSGZrEOrepKg3c04DxoVaBamdz7mj // nolint: gochecknoglobals // converted with openssl pkcs8 -topk8 -in key.pem -out pkcs8.pem. var pemPKCS8RSAPrivateKey = []byte(` + + -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/Fzdkc01Vp8gm 9hF0hn4MNXSoOibXmT3ukvNyCc2NG0D8Iqtt3gzqoxRwqnpP32sS9ENZGUEQTWxM @@ -171,6 +180,8 @@ GXADAyyrW/DYo+XBgxyMAoOPqsjPyYBmZP5jG3LfmCVZHWXyw83SsP35B0Ri4tjc 6/bdJXEec0rLWkZImNOKcGR+M0QE518NStWBrVszDTi1XD/o70QQo0ZpCxLoHR/O r31pyBUcAO9GOL56rDXzHQk= -----END PRIVATE KEY----- + + `) func findKeyType(entries []*keystore.Entry, alg string) *keystore.Entry {