|author||Roland Shoemaker <firstname.lastname@example.org>||Wed Jun 09 11:31:27 2021 -0700|
|committer||Dmitri Shuralyov <email@example.com>||Mon Jul 12 17:19:01 2021 +0000|
[release-branch.go1.16] crypto/tls: test key type when casting When casting the certificate public key in generateClientKeyExchange, check the type is appropriate. This prevents a panic when a server agrees to a RSA based key exchange, but then sends an ECDSA (or other) certificate. Updates #47143 Fixes #47145 Fixes CVE-2021-34558 Thanks to Imre Rad for reporting this issue. Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723 Reviewed-by: Filippo Valsorda <firstname.lastname@example.org> Reviewed-by: Katie Hockman <email@example.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/334029 Trust: Filippo Valsorda <firstname.lastname@example.org> Run-TryBot: Filippo Valsorda <email@example.com> Reviewed-by: Dmitri Shuralyov <firstname.lastname@example.org> TryBot-Result: Go Bot <email@example.com>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
After downloading a binary release, visit https://golang.org/doc/install for installation instructions.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines at https://golang.org/doc/contribute.html.
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.