Skip to content
This repository was archived by the owner on Feb 27, 2023. It is now read-only.

Commit 6ed2107

Browse files
mbyczkowskitrung
mbyczkowski
and
trung
committed
added error checking avoid nil referencing when error occurs
Cherry-picked from #250 Since jwk-keygen/main.go was moved to jose-util/generate.go on master, this required the patch to be applied manually. Co-authored-by: Trung Nguyen <[email protected]>
1 parent 9d1ab6c commit 6ed2107

File tree

1 file changed

+20
-1
lines changed

1 file changed

+20
-1
lines changed

jwk-keygen/main.go

+20-1
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,11 @@ import (
2525
"encoding/base32"
2626
"errors"
2727
"fmt"
28-
"golang.org/x/crypto/ed25519"
2928
"io"
3029
"os"
3130

31+
"golang.org/x/crypto/ed25519"
32+
3233
"gopkg.in/alecthomas/kingpin.v2"
3334
"gopkg.in/square/go-jose.v2"
3435
)
@@ -75,20 +76,32 @@ func KeygenSig(alg jose.SignatureAlgorithm, bits int) (crypto.PublicKey, crypto.
7576
case jose.ES256:
7677
// The cryptographic operations are implemented using constant-time algorithms.
7778
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
79+
if err != nil {
80+
return nil, nil, err
81+
}
7882
return key.Public(), key, err
7983
case jose.ES384:
8084
// NB: The cryptographic operations do not use constant-time algorithms.
8185
key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
86+
if err != nil {
87+
return nil, nil, err
88+
}
8289
return key.Public(), key, err
8390
case jose.ES512:
8491
// NB: The cryptographic operations do not use constant-time algorithms.
8592
key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
93+
if err != nil {
94+
return nil, nil, err
95+
}
8696
return key.Public(), key, err
8797
case jose.EdDSA:
8898
pub, key, err := ed25519.GenerateKey(rand.Reader)
8999
return pub, key, err
90100
case jose.RS256, jose.RS384, jose.RS512, jose.PS256, jose.PS384, jose.PS512:
91101
key, err := rsa.GenerateKey(rand.Reader, bits)
102+
if err != nil {
103+
return nil, nil, err
104+
}
92105
return key.Public(), key, err
93106
default:
94107
return nil, nil, errors.New("unknown `alg` for `use` = `sig`")
@@ -106,6 +119,9 @@ func KeygenEnc(alg jose.KeyAlgorithm, bits int) (crypto.PublicKey, crypto.Privat
106119
return nil, nil, errors.New("too short key for RSA `alg`, 2048+ is required")
107120
}
108121
key, err := rsa.GenerateKey(rand.Reader, bits)
122+
if err != nil {
123+
return nil, nil, err
124+
}
109125
return key.Public(), key, err
110126
case jose.ECDH_ES, jose.ECDH_ES_A128KW, jose.ECDH_ES_A192KW, jose.ECDH_ES_A256KW:
111127
var crv elliptic.Curve
@@ -120,6 +136,9 @@ func KeygenEnc(alg jose.KeyAlgorithm, bits int) (crypto.PublicKey, crypto.Privat
120136
return nil, nil, errors.New("unknown elliptic curve bit length, use one of 256, 384, 521")
121137
}
122138
key, err := ecdsa.GenerateKey(crv, rand.Reader)
139+
if err != nil {
140+
return nil, nil, err
141+
}
123142
return key.Public(), key, err
124143
default:
125144
return nil, nil, errors.New("unknown `alg` for `use` = `enc`")

0 commit comments

Comments
 (0)