You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I generated a DER format X509 certificate by OPENSSL, however, when I pass the hex string to mbedtls_x509_crt_parse_der(), it results in MBEDTLS_ERR_ASN1_INVALID_DATA error in function mbedtls_asn1_get_bitstring_null().
The hex string of the test X509 certificate is (DER) : 308201e73082018da00302010202143b3a90a1abef554f62916fd10413b4b20950a59a300a06082a8648ce3d0403023041310b300906035504061302434e310e300c06035504080c054368696e61310e300c060355040a0c057a686968753112301006035504030c09526f6f745f53746172301e170d3231303731323130343130385a170d3431303730373130343130385a3041310b300906035504061302434e310e300c06035504080c054368696e61310e300c060355040a0c057a686968753112301006035504030c09526f6f745f537461723059301306072a8648ce3d020106082a8648ce3d03010703422004b785d341c20af9cef8a91124e5565dabab57cd38143e676680a720e0e20f9a9daee11cc5211ddfb0defd5c63eca6b1f3f8ba327af76a8b650870769c745fa6c6a3633061301d0603551d0e041604148a6a45c0942afa1d6c9160c4ed77187869f44265301f0603551d230418301680148a6a45c0942afa1d6c9160c4ed77187869f44265300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186300a06082a8648ce3d040302034820304502204a3805ca0bfe9ce78082edb68ae370b0db38a86514787d5f8bc805e84cf8c56d022120cdde2e283db9b4b608c7db273c97ba812091dd3b8655dc55729e3af187350ef5
The error occurs when parsing the public key field. After 03 42, it expects 0004, while the actual value is 2004.
The BIT STRING data type is encoded into a TLV triplet that begins with a Tag byte of 0x03. The Value field of the TLV triplet contains a leading byte that specifies the number of bits left unused in the final byte of content.
I don't know if it's bug or the format of certificate is incorrect. Thanks if anyone could help!
System information
Mbed TLS version (number or commit id):
2.26.0
Operating system and version:
windows 10
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
VS 2019
Additional environment information:
Expected behavior
mbedtls_x509_crt_parse_der correctly parses the DER format certificate and generate a correct mbedtls_x509_crt structure.
Actual behavior
mbedtls_x509_crt_parse_der returns results in MBEDTLS_ERR_ASN1_INVALID_DATA error in function mbedtls_asn1_get_bitstring_null() when parsing public key field.
Steps to reproduce
Additional information
OpenSSL command line tool is able to parse the DER certificate as bellows:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:3a:90:a1:ab:ef:55:4f:62:91:6f:d1:04:13:b4:b2:09:50:a5:9a
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = CN, ST = China, O = zhihu, CN = Root_Star
Validity
Not Before: Jul 12 10:41:08 2021 GMT
Not After : Jul 7 10:41:08 2041 GMT
Subject: C = CN, ST = China, O = zhihu, CN = Root_Star
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b7:85:d3:41:c2:0a:f9:ce:f8:a9:11:24:e5:56:
5d:ab:ab:57:cd:38:14:3e:67:66:80:a7:20:e0:e2:
0f:9a:9d:ae:e1:1c:c5:21:1d:df:b0:de:fd:5c:63:
ec:a6:b1:f3:f8:ba:32:7a:f7:6a:8b:65:08:70:76:
9c:74:5f:a6:c6
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:6A:45:C0:94:2A:FA:1D:6C:91:60:C4:ED:77:18:78:69:F4:42:65
X509v3 Authority Key Identifier:
keyid:8A:6A:45:C0:94:2A:FA:1D:6C:91:60:C4:ED:77:18:78:69:F4:42:65
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:4a:38:05:ca:0b:fe:9c:e7:80:82:ed:b6:8a:e3:
70:b0:db:38:a8:65:14:78:7d:5f:8b:c8:05:e8:4c:f8:c5:6d:
02:21:00:cd:de:2e:28:3d:b9:b4:b6:08:c7:db:27:3c:97:ba:
81:00:91:dd:3b:86:55:dc:55:72:9e:3a:f1:87:35:0e:f5
The text was updated successfully, but these errors were encountered:
I think the data is genuinely invalid. In a BIT STRING, the first value after the 0x03 type and the length byte(s) (here 0x42) is the number of unused bits in the last byte. This can only range from 0 to 7.
Mbed TLS only supports bit strings containing a whole number of bytes, so it would complain about any bit string where the number of unused bits is nonzero. However, here, the bit string is invalid, not just not-supported-here.
In any case, what is expected at this position in the certificate is an EC public key, and those are always encoded in a whole number of bytes. The content would be a plausible secp256r1 public key if the number of unused bits was 0.
OpenSSL can't even read back this value (I tried with OpenSSL 1.1.1f).
If I edit the file and change this 0x20 to 0x00, and same in another bit-string at the end of the file containing the signature (also a whole number of bytes), OpenSSL is happy with it.
I conclude that either the version of OpenSSL that generated the certificate was buggy, or the data got corrupted somewhere.
Summary
I generated a DER format X509 certificate by OPENSSL, however, when I pass the hex string to mbedtls_x509_crt_parse_der(), it results in MBEDTLS_ERR_ASN1_INVALID_DATA error in function mbedtls_asn1_get_bitstring_null().
The hex string of the test X509 certificate is (DER) :
308201e73082018da00302010202143b3a90a1abef554f62916fd10413b4b20950a59a300a06082a8648ce3d0403023041310b300906035504061302434e310e300c06035504080c054368696e61310e300c060355040a0c057a686968753112301006035504030c09526f6f745f53746172301e170d3231303731323130343130385a170d3431303730373130343130385a3041310b300906035504061302434e310e300c06035504080c054368696e61310e300c060355040a0c057a686968753112301006035504030c09526f6f745f537461723059301306072a8648ce3d020106082a8648ce3d03010703422004b785d341c20af9cef8a91124e5565dabab57cd38143e676680a720e0e20f9a9daee11cc5211ddfb0defd5c63eca6b1f3f8ba327af76a8b650870769c745fa6c6a3633061301d0603551d0e041604148a6a45c0942afa1d6c9160c4ed77187869f44265301f0603551d230418301680148a6a45c0942afa1d6c9160c4ed77187869f44265300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186300a06082a8648ce3d040302034820304502204a3805ca0bfe9ce78082edb68ae370b0db38a86514787d5f8bc805e84cf8c56d022120cdde2e283db9b4b608c7db273c97ba812091dd3b8655dc55729e3af187350ef5
The error occurs when parsing the public key field. After 03 42, it expects 0004, while the actual value is 2004.
The error line is as bellows:
I did some search and found the link below:
https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-bit-string
It says:
I don't know if it's bug or the format of certificate is incorrect. Thanks if anyone could help!
System information
Mbed TLS version (number or commit id):
2.26.0
Operating system and version:
windows 10
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
VS 2019
Additional environment information:
Expected behavior
mbedtls_x509_crt_parse_der correctly parses the DER format certificate and generate a correct mbedtls_x509_crt structure.
Actual behavior
mbedtls_x509_crt_parse_der returns results in MBEDTLS_ERR_ASN1_INVALID_DATA error in function mbedtls_asn1_get_bitstring_null() when parsing public key field.
Steps to reproduce
Additional information
OpenSSL command line tool is able to parse the DER certificate as bellows:
The text was updated successfully, but these errors were encountered: