crypto/tls: fix loading keys labeled just "PRIVATE KEY"

Worked in Go 1, broken in f440e65f93fe. Fixes #4477 R=golang-dev, agl CC=golang-dev https://golang.org/cl/6865043
2012-12-01 11:02:08 -08:00 · 2012-12-01 11:02:08 -08:00 · ada990689f
commit ada990689f
parent a954c40163
2 changed files with 21 additions and 7 deletions
--- a/tls.go
+++ b/tls.go
@ -155,7 +155,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
 			err = errors.New("crypto/tls: failed to parse key PEM data")
 			return
 		}
-		if strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
+		if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
 			break
 		}
 	}
--- a/tls_test.go
+++ b/tls_test.go
@ -33,6 +33,19 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
 -----END RSA PRIVATE KEY-----
 `

+// keyPEM is the same as rsaKeyPEM, but declares itself as just
+// "PRIVATE KEY", not "RSA PRIVATE KEY".  http://golang.org/issue/4477
+var keyPEM = `-----BEGIN PRIVATE KEY-----
+MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
+k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
+6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
+MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW
+SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T
+xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi
+D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
+-----END PRIVATE KEY-----
+`
+
 var ecdsaCertPEM = `-----BEGIN CERTIFICATE-----
 MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
@ -62,21 +75,22 @@ kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==

 var keyPairTests = []struct {
 	algo string
-	cert *string
-	key  *string
+	cert string
+	key  string
 }{
-	{"ECDSA", &ecdsaCertPEM, &ecdsaKeyPEM},
-	{"RSA", &rsaCertPEM, &rsaKeyPEM},
+	{"ECDSA", ecdsaCertPEM, ecdsaKeyPEM},
+	{"RSA", rsaCertPEM, rsaKeyPEM},
+	{"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477
 }

 func TestX509KeyPair(t *testing.T) {
 	var pem []byte
 	for _, test := range keyPairTests {
-		pem = []byte(*test.cert + *test.key)
+		pem = []byte(test.cert + test.key)
 		if _, err := X509KeyPair(pem, pem); err != nil {
 			t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err)
 		}
-		pem = []byte(*test.key + *test.cert)
+		pem = []byte(test.key + test.cert)
 		if _, err := X509KeyPair(pem, pem); err != nil {
 			t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err)
 		}