crypto: catch more overly entusiast casting

crypto/p256/public.go

@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.

crypto/p384/public.go

@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.

crypto/p521/public.go

@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.

crypto/rsa/private.go

@@ -54,7 +54,10 @@ func PrivateKeyFromPKCS8DER(bytes []byte) (*PrivateKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	rsaPriv := priv.(*rsa.PrivateKey)
+	rsaPriv, ok := priv.(*rsa.PrivateKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid private key type")
+	}
 	return &PrivateKey{k: rsaPriv}, nil
 }
 

crypto/rsa/public.go

@@ -74,7 +74,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*rsa.PublicKey)}, nil
+	rsaPub, ok := pub.(*rsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: rsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.