Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 #48171

Closed
mic6090 opened this issue Sep 3, 2021 · 10 comments
Closed

crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 #48171

mic6090 opened this issue Sep 3, 2021 · 10 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.18

Comments

@mic6090
Copy link

mic6090 commented Sep 3, 2021

What version of Go are you using (go version)?

$ go version
go version go1.17 windows/amd64

Does this issue reproduce with the latest release?

Yes, the latest release has regression

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\michael\AppData\Local\go-build
set GOENV=C:\Users\michael\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\michael\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\michael\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=c:\go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=c:\go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.17
set GCCGO=gccgo
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\src\go\apitest\go.mod
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\michael\AppData\Local\Temp\go-build1442540087=/tmp/go-build -gno-record-gcc-switches

What did you do?

https://play.golang.org/p/gVmDQZr638l

What did you expect to see?

nil (no error when parse certificate)

What did you see instead?

x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18

go 1.17 encoding/x509 parser does not know about Numeric String (type 18 asn.1) while previous version of Golang does.
@seankhliao seankhliao changed the title go 1.17 regression in x509.ParseCertificate (and x509.ParseCertificates) crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 Sep 3, 2021
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 3, 2021
@seankhliao
Copy link
Member

cc @FiloSottile @rolandshoemaker

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/347034 mentions this issue: crypto/x509: support NumericString in DN components

@mic6090
Copy link
Author

mic6090 commented Sep 4, 2021

golang.org/x/crypto/cryptobyte, golang.org/x/crypto/cryptobyte/asn1 does not support tag 18 type while standard library encoding/asn1 does.
go1.16 does not have this issue - why go1.17 should use outdated code from golang.org/x/crypto/cryptobyte[/asn1] ?

@c00w c00w mentioned this issue Sep 14, 2021
Open
@konart
Copy link

konart commented Oct 29, 2021

Same problem here, example: https://play.golang.org/p/-1pDx9dZNpm

@Theo730
Copy link

Theo730 commented Nov 30, 2021

join the question
solved the problem like this :
in go-1.17.3/src/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
added NumericString = Tag(18)
in go-1.17.3/src/crypto/x509/parser.go
added
func isNumeric(b byte) bool { return '0' <= b && b <= '9' }
and processing
case cryptobyte_asn1.NumericString: for _, b := range value { if !isNumeric(b) { return "", errors.New("invalid NumrticString") } } return string(value), nil
in
func parseASN1String(tag cryptobyte_asn1.Tag, value []byte) (string, error) { switch tag {

@rittneje
Copy link
Contributor

@seankhliao @FiloSottile This is a regression from 1.16 that remains broken even in the latest head. Can the linked CL please be merged, and backported to 1.17?

@rittneje
Copy link
Contributor

rittneje commented Feb 3, 2022

@seankhliao @FiloSottile @katiehockman @rolandshoemaker @agl

@FiloSottile FiloSottile added this to the Go1.18 milestone Feb 3, 2022
@rolandshoemaker
Copy link
Member

@gopherbot please open a backport issue for 1.17. This is a regression in the parser rewrite that prevents parsing some certificates.

@gopherbot gopherbot mentioned this issue Feb 3, 2022
Closed
@gopherbot
Copy link
Contributor

Backport issue(s) opened: #51000 (for 1.17).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/382857 mentions this issue: [release-branch.go1.17] crypto/x509: support NumericString in DN components

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Feb 3, 2022
gopherbot pushed a commit that referenced this issue Feb 9, 2022
@rolandshoemaker
[release-branch.go1.17] crypto/x509: support NumericString in DN comp…
cd6e0d7 
…onents

Updates #48171
Fixes #51000

Change-Id: Ia2e1920c0938a1f8659935a4f725a7e5090ef2c0
Reviewed-on: https://go-review.googlesource.com/c/go/+/347034
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
(cherry picked from commit 896df42)
Reviewed-on: https://go-review.googlesource.com/c/go/+/382857
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
@bradfitz bradfitz mentioned this issue Mar 8, 2022
Merged
@golang golang locked and limited conversation to collaborators Feb 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.18
Development

No branches or pull requests
9 participants
@konart @FiloSottile @dmitshur @rolandshoemaker @gopherbot @seankhliao @rittneje @mic6090 @Theo730