Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal error #21502

Closed
vickiniu opened this issue Aug 17, 2017 · 5 comments
Closed

crypto/x509: ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal error #21502

vickiniu opened this issue Aug 17, 2017 · 5 comments
Labels
FrozenDueToAge
Milestone
Go1.11

Comments

@vickiniu
Copy link

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.8.3 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/code/go"
GORACE=""
GOROOT="/usr/local/Cellar/go/1.8.3/libexec"
GOTOOLDIR="/usr/local/Cellar/go/1.8.3/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/vd/th9v9qw93c3d2mb24ghf4q_r0000gn/T/go-build785283138=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

What did you do?

Decoding ECDSA certificate (fail)
https://play.golang.org/p/wHYxSA6JrN

Note: decoding this certificate using openssl x509 -in devCA.crt -text -noout produces correct output.

Decoding RSA certificate (success)
https://play.golang.org/p/fvcX76vbY5

What did you expect to see?

Return ok=true from certPool.AppendCertsFromPEM on decoding ECDSA certificate

What did you see instead?

asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:247 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @3
@slrz
Copy link

slrz commented Aug 17, 2017
edited

Your cert looks fishy. Replacing it with another one (ECDSA too, of course) leads to successful decoding.
https://play.golang.org/p/xVICqXPJfg

@vickiniu
Copy link
Author

These are the commands we used to generate the cert:

openssl ecparam -name prime256v1 -genkey -param_enc explicit -out dev-ca.key
openssl req -new -sha256 -x509 -days 10000 -key dev-ca.key -out dev-ca.crt -subj "/C=US/ST=California/L=San Francisco/O=Chain/OU=development/CN=Development Root Certificate Authority"

It looks like the param_enc explicit flag in openssl ecparam is what causes the error.

@odeke-em odeke-em changed the title crypto/x509: x509.ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal error crypto/x509: ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal error Aug 17, 2017
jakob223 added a commit to jakob223/go that referenced this issue Aug 18, 2017
@jakob223
crypto/x509: improve error when parsing bad ECDSA cert
c072828 
when parsing an ECDSA certificate, improve the error message upon
failing to parse the curve as a named curve, rather than returning
the original ASN1 error.

Fixes golang#21502 (sort of, to the extent that it needs fixing)
@jakob223
Copy link
Contributor

jakob223 commented Aug 18, 2017
edited

Go assumes that an ECDSA curve as specified in a certificate is always going to be a named curve.

Named curves are only one of 3 valid ways of specifying a curve, according to RFC 5480, but the only way to do so for x.509 certificates:

The parameter for id-ecPublicKey is as follows and MUST always be
present:

ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
-- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
-- Details for SpecifiedECDomain can be found in [X9.62].
-- Any future additions to this CHOICE should be coordinated
-- with ANSI X9.

The failing certificate uses param_enc explicit, which translates to using a specified curve when encoding the AlgorithmIdentifier.

openssl perhaps shouldn't be willing to generate this certificate. That said, maybe go should have a better error in the case of encountering such a certificate?

@jakob223
Copy link
Contributor

https://go-review.googlesource.com/c/57050 makes a more useful error message here.

@gopherbot
Copy link

Change https://golang.org/cl/57050 mentions this issue: crypto/x509: improve error when parsing bad ECDSA cert

@odeke-em odeke-em mentioned this issue Jan 28, 2018
Closed
@FiloSottile FiloSottile added this to the Go1.11 milestone Mar 28, 2018
@golang golang locked and limited conversation to collaborators Mar 28, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.11
Development

No branches or pull requests
5 participants
@FiloSottile @jakob223 @slrz @vickiniu @gopherbot