wolfSSL
[Bug]: The wolfSSL incorrectly handled the keyIdentifier field
Contact Details
No response
Version
I am using version 0.1.7 of the wolfssl Command Line Utility. Linked to wolfSSL version 5.7.6
Description
Hello developer, I have a CRL file where the keyIdentifier field in the AKI extension has the value 43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A. However, when I parse it using wolfSSL, I get keyid:59:E0:46:AE:2C:90:C5:7A:04:5B:C4:BF:54:FE:D3:0E:85:93:48:37. According to RFC 5280,
"The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)."
So, I wonder if this might be a bug?I found that wolfSSL encounters errors when handling keyIdentifier values with larger bit lengths.
Reproduction steps
wolfssl crl -inform der -in crl_keyid.der -text
Relevant log output
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
RNG_HEALTH_TEST_CHECK_SIZE = 128
sizeof(seedB_data) = 128
opened /dev/urandom.
rnd read...
wolfSSL Entering wolfSSL_BIO_new_file
wolfSSL Entering wolfSSL_BIO_s_file
wolfSSL Entering wolfSSL_BIO_new
wolfSSL Entering wolfSSL_BIO_set_fp
wolfSSL Entering wolfSSL_BIO_get_len
wolfSSL Entering wolfSSL_BIO_get_fp
wolfSSL Entering wolfSSL_BIO_read
wolfSSL Entering wolfSSL_d2i_X509_CRL
wolfSSL Entering InitCRL
wolfSSL Entering BufferLoadCRL
InitDecodedCRL
ParseCRL
wolfSSL Entering ParseCRL_AuthKeyIdExt
About to verify CRL signature
Did NOT find CRL issuer CA
ERR TRACE: wolfcrypt/src/asn.c L 38604 ASN_CRL_NO_SIGNER_E (-190)
wolfSSL Entering AddCRL
wolfSSL Entering InitCRL_Entry
wolfSSL Entering wolfSSL_d2i_X509_NAME
Getting Name
Getting Cert Name
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_add_entry_by_NID
Found place for name entry
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_free
wolfSSL Entering wolfSSL_X509_NAME_new_ex
wolfSSL Entering wolfSSL_X509_NAME_copy
wolfSSL Entering wolfSSL_sk_X509_NAME_new
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_sk_push
wolfSSL Entering wolfSSL_sk_insert
wolfSSL Entering wolfSSL_sk_new_node
wolfSSL Entering wolfSSL_X509_NAME_free
wolfSSL Entering wolfSSL_sk_free
FreeDecodedCRL
wolfSSL Entering wolfSSL_BIO_s_file
wolfSSL Entering wolfSSL_BIO_new
wolfSSL Entering wolfSSL_BIO_set_fp
wolfSSL Entering wolfSSL_BIO_write
Certificate Revocation List (CRL):
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Version: 2 (0x1)
wolfSSL Entering wolfSSL_X509_CRL_get_signature
wolfSSL Entering wolfSSL_X509_CRL_get_signature
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_OBJ_obj2txt
wolfSSL Entering wolfSSL_OBJ_nid2ln
wolfSSL Entering wolfSSL_BIO_write
Signature Algorithm: sha256WithRSAEncryption
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_print_ex
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_entry_count
wolfSSL Leaving wolfSSL_X509_NAME_entry_count, return 6
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_X509_NAME_ENTRY_get_data
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Issuer: C=US, ST=US, L=US, O=US, CN=US, OU=US
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Last Update: Jan 1 00:00:00 2025 GMT
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Next Update: Dec 1 00:00:00 2025 GMT
wolfSSL Entering wolfSSL_BIO_write
CRL extensions:
wolfSSL Entering wolfSSL_BIO_write
X509v3 CRL Number:
wolfSSL Entering wolfSSL_BIO_write
214884672
wolfSSL Entering wolfSSL_BIO_write
X509v3 Authority Key Identifier:
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
keyid:59:E0:46:AE:2C:90:C5:7A:04:5B:C4:BF:54:FE:D3:0E:85:93:48:37
wolfSSL Entering wolfSSL_BIO_write
Revoked Certificates:
wolfSSL Entering wolfSSL_X509_REVOKED_get_serial_number
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Serial Number:
1c80022ef81f2405ee96a612dcb61fe0ac701e5e
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
Revocation Date: Mar 27 02:51:10 2025 GMT
wolfSSL Entering wolfSSL_X509_CRL_get_signature
wolfSSL Entering wolfSSL_X509_CRL_get_signature
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_OBJ_obj2txt
wolfSSL Entering wolfSSL_OBJ_nid2ln
wolfSSL Entering wolfSSL_BIO_write
Signature Algorithm: sha256WithRSAEncryption
wolfSSL Entering wolfSSL_BIO_write
wolfSSL Entering wolfSSL_BIO_write
a4:f7:2a:e3:73:f2:d3:c2:7d:c0:c5:93:5c:84:13:43:71:37:
wolfSSL Entering wolfSSL_BIO_write
d0:00:81:cc:45:b6:13:ed:c7:67:9f:35:f1:9f:c5:2b:bf:98:
wolfSSL Entering wolfSSL_BIO_write
61:5e:2e:98:f6:79:25:05:48:36:a6:28:4d:ba:51:a0:1a:dd:
wolfSSL Entering wolfSSL_BIO_write
87:c5:49:c8:9d:94:fc:1d:6e:f4:d0:e0:b4:c4:6f:ee:05:47:
wolfSSL Entering wolfSSL_BIO_write
69:df:ae:cb:77:22:44:6f:a7:bc:e6:bd:24:fe:1a:d1:ad:c6:
wolfSSL Entering wolfSSL_BIO_write
30:de:67:85:62:32:92:08:47:f4:b0:58:38:be:3c:58:23:fa:
wolfSSL Entering wolfSSL_BIO_write
af:7a:4e:b7:c8:a7:6f:0e:db:48:1d:b9:1d:20:c8:b8:71:de:
wolfSSL Entering wolfSSL_BIO_write
b8:28:5c:84:33:a0:bf:dd:ba:30:59:98:4e:98:5a:15:8e:e1:
wolfSSL Entering wolfSSL_BIO_write
ea:c1:51:0e:31:d5:49:21:49:12:27:12:47:1f:ed:d0:e2:7c:
wolfSSL Entering wolfSSL_BIO_write
9a:d7:f0:06:a5:8b:c3:de:f6:e6:ee:00:e5:bd:3c:14:60:1f:
wolfSSL Entering wolfSSL_BIO_write
49:5d:14:04:4d:b9:42:aa:a9:13:f5:b9:56:de:2d:0e:60:df:
wolfSSL Entering wolfSSL_BIO_write
47:c8:9d:12:c4:32:45:b0:9f:a8:44:ca:00:57:74:6b:b2:79:
wolfSSL Entering wolfSSL_BIO_write
32:22:38:30:d8:f7:09:a5:16:51:bb:2a:d6:46:6c:15:f4:91:
wolfSSL Entering wolfSSL_BIO_write
16:a3:c9:ca:88:97:95:49:bc:8f:3e:a7:ff:c7:8b:ad:5d:eb:
wolfSSL Entering wolfSSL_BIO_write
0c:b8:92:6e
wolfSSL Entering wolfSSL_BIO_write
-----BEGIN X509 CRL-----
MIICxTCCAa0CAQEwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMxCzAJBgNV
BAgMAlVTMQswCQYDVQQHDAJVUzELMAkGA1UECgwCVVMxCzAJBgNVBAMMAlVTMQsw
CQYDVQQLDAJVUxcNMjUwMTAxMDAwMDAwWhcNMjUxMjAxMDAwMDAwWjA1MDMCFByA
Ai74HyQF7pamEty2H+CscB5eFw0yNTAzMjcwMjUxMTBaMAwwCgYDVR0VBAMKAQag
gfMwgfAwgdMGA1UdIwSByzCByIAcQ0xzZU5iRDNpTXNDWTFGQ01FMEYvTjVhZWFj
CqGBoqSBnzCBnDELMAkGA1UEBgwCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
BgNVBAcMDVNhbiBGcmFuY2lzY28xETAPBgNVBAoMCEZOTVQtUkNNMSMwIQYDVQQL
DBpFUwpPPW1rY2VydCBkZXZlbG9wbWVudCBDQTEoMCYGA1UEAwwfU2VlIHd3dy5l
bnRydXN0Lm5ldC9sZWdhbC10ZXJtc4IDAeJAMBgGA1UdFAQRAg8Zz//e2nTt8vak
RgzO4UAwDQYJKoZIhvcNAQELBQADggEBAKT3KuNz8tPCfcDFk1yEE0NxN9AAgcxF
thPtx2efNfGfxSu/mGFeLpj2eSUFSDamKE26UaAa3YfFScidlPwdbvTQ4LTEb+4F
R2nfrst3IkRvp7zmvST+GtGtxjDeZ4ViMpIIR/SwWDi+PFgj+q96TrfIp28O20gd
uR0gyLhx3rgoXIQzoL/dujBZmE6YWhWO4erBUQ4x1UkhSRInEkcf7dDifJrX8Aal
i8Pe9ubuAOW9PBRgH0ldFARNuUKqqRP1uVbeLQ5g30fInRLEMkWwn6hEygBXdGuy
eTIiODDY9wmlFlG7KtZGbBX0kRajycqIl5VJvI8+p//Hi61d6wy4km4=
-----END X509 CRL-----
wolfSSL Entering wolfSSL_X509_CRL_free
wolfSSL Entering FreeCRL
wolfSSL Entering FreeCRL_Entry
wolfSSL Entering wolfSSL_sk_free
wolfSSL Entering wolfSSL_BIO_free
wolfSSL Entering wolfSSL_BIO_free
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup
Hi @onepeople158,
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)
As you mention above, the keyIdentifier will be 160 bits long (20 bytes). The value that you are expecting (43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A), is 28 bytes long and isn't compliant with the RFC.
Hi @onepeople158,
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)
As you mention above, the keyIdentifier will be 160 bits long (20 bytes). The value that you are expecting (), is 28 bytes long and isn't compliant with the RFC.
43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A
Hello, Developer. Sorry, my previous statement was somewhat incomplete. Let me clarify my point below.
The keyIdentifier is composed of the 160-bit SHA-1 hash of the BIT STRING type subjectPublicKey value (excluding the tag, length, and the number of unused bits).
This is one of the common methods for generating a key identifier from a public key. However, RFC5280 also specifies that different hash algorithms can be used, as long as a similar method is followed.
Currently, the SHA-1 algorithm is considered insecure, and the commonly used cryptographic algorithm is SHA-256, which generates a 256-bit (32-byte) hash value. For comparison, OpenSSL can successfully parse the following value: 43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A.
Hi @onepeople158,
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)
As you mention above, the keyIdentifier will be 160 bits long (20 bytes). The value that you are expecting (
43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A), is 28 bytes long and isn't compliant with the RFC.
Hello developer, sorry, although wolfSSL follows the rule that
(1)"The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits),"
there is another common method in RFC5280:
(2) "The keyIdentifier is composed of a four-bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)."
The keyIdentifier generated by the second method is likely to be shorter than 20 bytes. When I use wolfSSL to parse a keyIdentifier with fewer than 20 bytes (for example, keyIdentifier=00:10:64:71:83:35), wolfSSL still parses it as a 20-byte length. Here is the test case:
Hi @onepeople158,
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits)
As you mention above, the keyIdentifier will be 160 bits long (20 bytes). The value that you are expecting (), is 28 bytes long and isn't compliant with the RFC.
43:4C:73:65:4E:62:44:33:69:4D:73:43:59:31:46:43:4D:45:30:46:2F:4E:35:61:65:61:63:0A
Hi Developer, I've noticed that when wolfSSL parses a keyIdentifier field that isn't 20 bytes long, it seems to parse it into a 20-byte keyIdentifier value. Is this correct behavior? Could this lead to misinterpretation of the original keyIdentifier's content?
Hi @onepeople158 ,
Thank you for the report. I'll make sure to review this next week.
Hi @onepeople158,
We should support this, but it looks like it will be a significant refactor. I'll spend time on it during spare cycles but I don't expect to have many of those any time soon. I'll keep you posted.
Thanks
Hi @onepeople158,
I've added this to our feature requests list and will now be closing this issue. If you need to accelerate this feature addition, please email support @ wolfssl.com.
Thanks