Bug is inside golang.org/x/crypto/cryptobyte/asn1.go
in func (s *String) readBase128Int(out *int) bool {
"if i == 4 {" should be replaced by "if i == 5 {"

Change https://golang.org/cl/365674 mentions this issue: Fixes golang/go#49678 x/crypto/cryptobyte/asn1: Error parsing ASN1 identifiers

cc @FiloSottile @agl @katiehockman @rolandshoemaker

Hi, i have the same problem when i try to pull image from our internal docker repository:

docker pull private_repo/myimage:latest
Error response from daemon: Get "https://private_repo/v2/": tls: failed to parse certificate from server: x509: invalid certificate policies

Our private CA certificate’s are added to system. And wget/curl connects to https://private_repo/v2/ without problems.

@heschi How long can an investigation take?
The operation of one of the banks depends on this fix. We have a "sick" certificate that cannot be changed quickly.
Recompilation of all kubernetes related software is not a solution.

@gopherbot please open a backport issue to Go 1.17. This is a regression due to Go 1.17 changes without workaround that makes it impossible to parse some valid (if a little weird) certificates.

Backport issue(s) opened: #50165 (for 1.17).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

Change https://golang.org/cl/372274 mentions this issue: [internal-branch.go1.17-vendor] cryptobyte: fix parsing of large ASN.1 OIDs

Nice work @umlublin for the report and for the fix too! Thank you @FiloSottile for the cherry picks. @FiloSottile given that we've merged the fix into both master and go1.17-vendor branches, what else is left for us to do to close this issue for Go1.18?

Change https://golang.org/cl/373360 mentions this issue: all: update vendored golang.org/x/crypto for cryptobyte fix

Change https://golang.org/cl/373361 mentions this issue: [release-branch.go1.17] all: update vendored golang.org/x/crypto for cryptobyte fix

This is a regression due to Go 1.17 changes without workaround that makes it impossible to parse some valid (if a little weird) certificates

@FiloSottile This seems to impact Go 1.16 as well. I haven't tested myself, but we have a bug report in Vault (hashicorp/vault#14122) suggesting as much, and looking at https://github.com/golang/go/blob/release-branch.go1.16/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go#L394 I see the comparison to 4 (instead of 5).

Any chance of a 1.16 backport?

This is a regression due to Go 1.17 changes without workaround that makes it impossible to parse some valid (if a little weird) certificates

@FiloSottile This seems to impact Go 1.16 as well. I haven't tested myself, but we have a bug report in Vault (hashicorp/vault#14122) suggesting as much, and looking at https://github.com/golang/go/blob/release-branch.go1.16/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go#L394 I see the comparison to 4 (instead of 5).

Any chance of a 1.16 backport?

There is another certificate parser in 1.16, "golang.org/x/crypto/cryptobyte/asn1.go" is not used to parse them.
In 1.17 parser was switched.
Fixing asn1 parser is not needed in this case (hashicorp/vault#14122), but could be needed in another ones.

If this was not a change in behavior in Go 1.17, I wonder why it only started coming up now.

If this was not a change in behavior in Go 1.17, I wonder why it only started coming up now.

I presume @umlublin (and you) are correct and I was just looking at the wrong file. We'll followup with the bug reporter and get more details.

Hi,

I hit the same issue with even larger ID https://oidref.com/1.2.36.20151795998

Tested it with the same program (https://play.golang.org/p/WI9bl64Z6wU) , the test does not pass.

It looks like if any part in the ID is larger than 2^31 - 1, the test fails.

        // decode(encode([]int{1, 2, 36, 20151795998, 3, 1, 1, 1})) // not pass
        // decode(encode([]int{1, 2, 36, 2147483647, 3, 1, 1, 1})) // (2^31 - 1) pass
        decode(encode([]int{1, 2, 36, 2147483648, 3, 1, 1, 1})) // 2^31 not pass

I'm using the latest golang.org/x/crypto@v0.6.0/cryptobyte. Debugging the code shows it fails at https://github.com/golang/crypto/blob/v0.6.0/cryptobyte/asn1.go#L430

Is there anything we can do to get it work?

func (s *String) readBase128Int(out *int) bool {
	ret := 0
	for i := 0; len(*s) > 0; i++ {
		if i == 5 {
			return false
		}
		// Avoid overflowing int on a 32-bit platform.
		// We don't want different behavior based on the architecture.
		if ret >= 1<<(31-7) {
			return false   <= failed
		}
		ret <<= 7
		b := s.read(1)[0]
		ret |= int(b & 0x7f)
		if b&0x80 == 0 {
			*out = ret
			return true
		}
	}
	return false // truncated
}