Skip to content

fix(x509): return errors instead of panicking on unusable key material#1776

Open
arpitjain099 wants to merge 1 commit into
tektoncd:mainfrom
arpitjain099:fix/x509-signer-panic-on-bad-key
Open

fix(x509): return errors instead of panicking on unusable key material#1776
arpitjain099 wants to merge 1 commit into
tektoncd:mainfrom
arpitjain099:fix/x509-signer-panic-on-bad-key

Conversation

@arpitjain099

Copy link
Copy Markdown

Changes

While reading through the x509 signer I noticed two spots where a bad signing secret takes down the controller with a panic instead of a normal error.

In x509Signer, the result of pem.Decode is used without a nil check. When the x509.pem secret does not contain a valid PEM block (an empty file, base64 without the PEM headers, etc.), pem.Decode returns nil and the next line dereferences it, so the process crashes with a nil pointer panic. Right below that, the parsed key is asserted to *ecdsa.PrivateKey unconditionally, which panics for any other PKCS8 key type such as an ed25519 key (the ed25519 signing test is currently skipped, so this path isn't otherwise exercised).

Both now return a descriptive error, so a misconfigured signing secret shows up as a normal failure rather than a crash. I added a couple of tests covering a malformed PEM file and an unsupported key type, and I confirmed the existing x509 tests still pass along with go vet.

Release Notes

Fixed a panic in the x509 signer when the configured private key is not a valid PEM block or is not an ECDSA key; these now return an error.

The x509 signer dereferenced the result of pem.Decode without a nil
check, so a x509.pem secret that does not contain a valid PEM block
crashed the controller with a nil pointer panic. It also asserted the
parsed key to *ecdsa.PrivateKey unconditionally, which panicked for any
other PKCS8 key type (for example an ed25519 key).

Both cases now return a descriptive error so a misconfigured signing
secret surfaces as a normal failure rather than a crash. Adds tests for
a malformed PEM file and an unsupported key type.

Signed-off-by: arpitjain099 <arpitjain099@gmail.com>
@linux-foundation-easycla

Copy link
Copy Markdown

CLA Not Signed

@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign vdemeester after the PR has been reviewed.
You can assign the PR to them by writing /assign @vdemeester in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants