crypto/x509: malformed signature algorithm identifier error while version and serialNumber swapped

[dulanshuangqiao]

Go version

go version go1.23.2 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''

GOARCH='amd64'

GOBIN=''

GOCACHE='/home/liu/.cache/go-build'

GOENV='/home/liu/.config/go/env'

GOEXE=''

GOEXPERIMENT=''

GOFLAGS=''

GOHOSTARCH='amd64'

GOHOSTOS='linux'

GOINSECURE=''

GOMODCACHE='/home/liu/go/pkg/mod'

GONOPROXY=''

GONOSUMDB=''

GOOS='linux'

GOPATH='/home/liu/go'

GOPRIVATE=''

GOPROXY='https://proxy.golang.org,direct'

GOROOT='/snap/go/10730'

GOSUMDB='sum.golang.org'

GOTMPDIR=''

GOTOOLCHAIN='auto'

GOTOOLDIR='/snap/go/10730/pkg/tool/linux_amd64'

GOVCS=''

GOVERSION='go1.23.2'

GODEBUG=''

GOTELEMETRY='local'

GOTELEMETRYDIR='/home/liu/.config/go/telemetry'

GCCGO='gccgo'

GOAMD64='v1'

AR='ar'

CC='gcc'

CXX='g++'

CGO_ENABLED='1'

GOMOD='/dev/null'

GOWORK=''

CGO_CFLAGS='-O2 -g'

CGO_CPPFLAGS=''

CGO_CXXFLAGS='-O2 -g'

CGO_FFLAGS='-O2 -g'

CGO_LDFLAGS='-O2 -g'

PKG_CONFIG='pkg-config'

GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build578094757=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Use x509.ParseCertificate to parse the der certificate. The version and serial number of the certificate are swapped. case.zip

What did you see happen?

Parse error:malformed signature algorithm identifier

What did you expect to see?

Swap the positions of serialnumber and version, and the value of serialnumber is the same as version. Since the type of version is OPTIONAL[0] + INTEGER, and the type of serialnumber is INTEGER, the invalid version should be checked first instead of throwing an alformed signature algorithm identifier.

[gabyhelp]

Related Issues

• crypto/x509: invalid certificate policies #65990 (closed)
• crypto/x509: ParseCertificate should error on invalid tag for PolicyMappings #70074 (closed)
• crypto/x509: ParseCertificate and ParseCertificates return different errors with a single bad certificate supplied #43113
• crypto/x509: malformed x509 certificate is accepted since 1.17 #51369
• x/crypto/cryptobyte: "x509: invalid key usage" error caused by strict asn1 bit string parsing #70242
• crypto/x509: ParseCertificate fails with "net/url: invalid userinfo" #69930
• crypto/x509: ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal error #21502 (closed)
• x509.ParsePKIXPublicKey failed to parse X.509 DER format public key #69012 (closed)
• x509: invalid RDNSequence: invalid attribute value: invalid PrintableString #62607 (closed)
• x/crypto: error parsing even large ASN.1 identifiers #58821

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[mateusz834]

The TBSCertificate is your certificate looks like this: serialNumber, version, signature. The spec does not allow this kind of order of fields:

RFC 5280:

    TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        -- (...)
    }

The version is checked first, but it is optional (has a DEFAULT), thus we are skipping it (because of an unexpected tag). After that the parser is still at the same spot, it does not skip the badly-placed serialNumber field, so now the sertialNumber parsing succeeds. After that, the AlgorithmIdentifier parsing fails, because it contains an unexpected tag (badly placed version). I think that the error is correct.

See the implementation for reference:

https://github.com/golang/go/blob/5123f38e050c5ee7130d459ea247d998a838b5a1/src/crypto/x509/parser.go#L829-L883