pr feedback

microsoft · Jun 28, 2022 · a2b9d65 · a2b9d65
1 parent f3981b7
commit a2b9d65
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 14 deletions.
diff --git a/cng/aes.go b/cng/aes.go
@@ -40,11 +40,11 @@ func loadAes(mode string) (aesAlgorithm, error) {
 		if info.Increment == 0 || info.MinLength > info.MaxLength {
 			return nil, errors.New("invalid BCRYPT_KEY_LENGTHS_STRUCT")
 		}
-		var allowedKeySized []int
+		var allowedKeySizes []int
 		for size := info.MinLength; size <= info.MaxLength; size += info.Increment {
-			allowedKeySized = append(allowedKeySized, int(size))
+			allowedKeySizes = append(allowedKeySizes, int(size))
 		}
-		return aesAlgorithm{h, allowedKeySized}, nil
+		return aesAlgorithm{h, allowedKeySizes}, nil
 	})
 	if err != nil {
 		return aesAlgorithm{}, nil

diff --git a/cng/rsa.go b/cng/rsa.go
@@ -59,29 +59,33 @@ func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error)
 		return bad(err)
 	}
 
+	if size < sizeOfRSABlobHeader {
+		return bad(errors.New("crypto/rsa: exported key is corrupted"))
+	}
+
 	blob := make([]byte, size)
 	err = bcrypt.ExportKey(hkey, 0, utf16PtrFromString(bcrypt.RSAFULLPRIVATE_BLOB), blob, &size, 0)
 	if err != nil {
 		return bad(err)
 	}
 	hdr := (*(*bcrypt.RSAKEY_BLOB)(unsafe.Pointer(&blob[0])))
 	if hdr.Magic != bcrypt.RSAFULLPRIVATE_MAGIC || hdr.BitLength != uint32(bits) {
-		panic("crypto/rsa: exported key is corrupted")
+		return bad(errors.New("crypto/rsa: exported key is corrupted"))
 	}
 	data := blob[sizeOfRSABlobHeader:]
-	newInt := func(size uint32) *big.Int {
+	consumeBigInt := func(size uint32) *big.Int {
 		b := new(big.Int).SetBytes(data[:size])
 		data = data[size:]
 		return b
 	}
-	E = newInt(hdr.PublicExpSize)
-	N = newInt(hdr.ModulusSize)
-	P = newInt(hdr.Prime1Size)
-	Q = newInt(hdr.Prime2Size)
-	Dp = newInt(hdr.Prime1Size)
-	Dq = newInt(hdr.Prime2Size)
-	Qinv = newInt(hdr.Prime1Size)
-	D = newInt(hdr.ModulusSize)
+	E = consumeBigInt(hdr.PublicExpSize)
+	N = consumeBigInt(hdr.ModulusSize)
+	P = consumeBigInt(hdr.Prime1Size)
+	Q = consumeBigInt(hdr.Prime2Size)
+	Dp = consumeBigInt(hdr.Prime1Size)
+	Dq = consumeBigInt(hdr.Prime2Size)
+	Qinv = consumeBigInt(hdr.Prime1Size)
+	D = consumeBigInt(hdr.ModulusSize)
 	return
 }
 
@@ -151,7 +155,7 @@ func encodeRSAKey(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) []byte {
 		hdr.Prime2Size = bigIntBytesLen(Q)
 		blob = make([]byte, sizeOfRSABlobHeader+hdr.PublicExpSize+hdr.ModulusSize*2+hdr.Prime1Size*3+hdr.Prime2Size*2)
 	}
-	copy(blob[:sizeOfRSABlobHeader], (*(*[1<<31 - 1]byte)(unsafe.Pointer(&hdr)))[:sizeOfRSABlobHeader])
+	copy(blob, (*(*[sizeOfRSABlobHeader]byte)(unsafe.Pointer(&hdr)))[:])
 	data := blob[sizeOfRSABlobHeader:]
 	encode := func(b *big.Int, size uint32) {
 		b.FillBytes(data[:size])