Skip to content

crypto/x509: wrong value of RevocationList.AuthorityKeyId #67571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
andrewkostevich opened this issue May 22, 2024 · 3 comments
Closed

crypto/x509: wrong value of RevocationList.AuthorityKeyId #67571

andrewkostevich opened this issue May 22, 2024 · 3 comments
Assignees
@mateusz834
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@andrewkostevich
Copy link

Go version

go version go1.20.6 windows/amd64

Output of go env in your module/workspace:

set GO111MODULE=on
set GOARCH=amd64
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOOS=windows
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOVCS=
set GOVERSION=go1.20.6
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=x86_64-w64-mingw32-gcc
set CXX=x86_64-w64-mingw32-g++
set CGO_ENABLED=1
set GOMOD=NUL
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config

What did you do?

rl, _:= x509.ParseRevocationList(crl)
fmt.Println(hex.EncodeToString(rl.AuthorityKeyId))

What did you see happen?

AuthorityKeyId is not decoded from DER completely, it contains DER prefix SEQUENCE [0]

For a sample CRL: 3016 8014 99c826668f2d01b54a27ae658284092f2dab97fc instead of 99c826668f2d01b54a27ae658284092f2dab97fc

RevocationList.AuthorityKeyId is not decoded here: parser.go

What did you expect to see?

Correctly decoded AuthorityKeyId value.

RevocationList.AuthorityKeyId should be decoded same way as Certificate.AuthorityKeyId: parser.go
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 22, 2024
@seankhliao
Copy link
Member

cc @FiloSottile @rolandshoemaker @golang/security

@mateusz834 mateusz834 self-assigned this May 22, 2024
@mateusz834
Copy link
Member

mateusz834 commented May 22, 2024
edited
Loading

Duplicate of #57461

@mateusz834 mateusz834 closed this as not planned Won't fix, can't repro, duplicate, stale May 22, 2024
@mateusz834 mateusz834 mentioned this issue May 22, 2024
Closed
@mateusz834 mateusz834 marked this as a duplicate of #57461 May 22, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/587455 mentions this issue: crypto/x509: properly pouplate the RevocationList.AuthorityKeyId field

gopherbot pushed a commit that referenced this issue May 22, 2024
@mateusz834 @rolandshoemaker
crypto/x509: properly pouplate the RevocationList.AuthorityKeyId field
6db272d 
This looks like a oversight in CL 416354.

Fixes #67571
Fixes #57461

Change-Id: I564c008989fecf84b437e123d27121ac907642fa
GitHub-Last-Rev: fec88bb
GitHub-Pull-Request: #67576
Reviewed-on: https://go-review.googlesource.com/c/go/+/587455
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
@gabyhelp gabyhelp mentioned this issue Oct 28, 2024
Closed
@gabyhelp gabyhelp mentioned this issue Nov 30, 2024
Open
@gabyhelp gabyhelp mentioned this issue Mar 25, 2025
Open
@gabyhelp gabyhelp mentioned this issue Apr 9, 2025
Open
@gabyhelp gabyhelp mentioned this issue Apr 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mateusz834 mateusz834

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto/x509: properly pouplate the RevocationList.AuthorityKeyId field mateusz834/go
4 participants
@gopherbot @seankhliao @mateusz834 @andrewkostevich