crypto/x509: allow nil Certificates to be compared in Equal
The current implementation panics on nil certificates,
so introduce a nil check and early return true if both
are nil, false if only one is.
Fixes #28743
Change-Id: I71b0dee3e505d3ad562a4470ccc22c3a2579bc52
Reviewed-on: https://go-review.googlesource.com/c/go/+/167118
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 1cd8fde..b978239 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -25,8 +25,6 @@
"encoding/pem"
"errors"
"fmt"
- "golang.org/x/crypto/cryptobyte"
- cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
"io"
"math/big"
"net"
@@ -35,6 +33,9 @@
"strings"
"time"
"unicode/utf8"
+
+ "golang.org/x/crypto/cryptobyte"
+ cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
)
// pkixPublicKey reflects a PKIX public key structure. See SubjectPublicKeyInfo
@@ -780,6 +781,9 @@
}
func (c *Certificate) Equal(other *Certificate) bool {
+ if c == nil || other == nil {
+ return c == other
+ }
return bytes.Equal(c.Raw, other.Raw)
}
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 171509f..1aaf093 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -450,6 +450,23 @@
}
}
+func TestCertificateEqualOnNil(t *testing.T) {
+ cNonNil := new(Certificate)
+ var cNil1, cNil2 *Certificate
+ if !cNil1.Equal(cNil2) {
+ t.Error("Nil certificates: cNil1 is not equal to cNil2")
+ }
+ if !cNil2.Equal(cNil1) {
+ t.Error("Nil certificates: cNil2 is not equal to cNil1")
+ }
+ if cNil1.Equal(cNonNil) {
+ t.Error("Unexpectedly cNil1 is equal to cNonNil")
+ }
+ if cNonNil.Equal(cNil1) {
+ t.Error("Unexpectedly cNonNil is equal to cNil1")
+ }
+}
+
func TestMismatchedSignatureAlgorithm(t *testing.T) {
der, _ := pem.Decode([]byte(rsaPSSSelfSignedPEM))
if der == nil {
