encoding/asn1: tags don't match parsing certificate

[jefferai]

Maybe related to #18584 but not fixed by 1.8rc1.

What version of Go are you using (go version)?

go version go1.8rc1 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/jeff/go"
GORACE=""
GOROOT="/Users/jeff/src/go"
GOTOOLDIR="/Users/jeff/src/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/h0/06d2pyw96751gy0j9t96kvrc0000gn/T/go-build693834288=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

What did you do?

Attempted to parse a certificate produced by Puppet and signed with EC keys. openssl asn1parse does not complain and the certificate is successfully displayed.

Program and input is at https://play.golang.org/p/5jEVqD5No9

What did you expect to see?

A parsed certificate.

What did you see instead?

asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:450 isCompound:true}) {optional:false explicit:false application:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @4

[bradfitz]

Not a regression from Go 1.7, so this isn't a Go 1.8 candidate at this stage. Targetting Go 1.9.

$ go run prog.go
2017/01/12 17:58:10 asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:450 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @4
exit status 1

$ GOROOT=$HOME/go1.7 go run prog.go
2017/01/12 17:58:23 asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:450 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @4
exit status 1

[agl]

The certificate is trying to use arbitrary curves rather than specifying one.

If this is coming from OpenSSL then the code needs to call EC_GROUP_set_asn1_flag with OPENSSL_EC_NAMED_CURVE.

[koweblomke]

@agl: Can you explain this a bit more?

This is the way the EC key was generated:
openssl genpkey -genparam -algorithm EC -pkeyopt ec_paramgen_curve:secp521r1 -out ecp.pem
openssl genpkey -paramfile ecp.pem -aes256 -pass file:.passphrase -out imca.key.pem

what do you mean by "The certificate is trying to use arbitrary curves rather than specifying one."
is the certificate and its key created wrongly, or is the parsing of the certificate going wrong?

[agl]

A long time ago it was unclear which elliptic curves would end up being a good idea so formats were designed to support arbitrary curves: i.e. the public key can contain the specification for any curve over prime or binary fields and, in theory, every public key could work on its own, unique curve.

That was bonkers and now software only operates on a few, known-good curves (i.e. P-256, P-384 etc). Thus public keys now just contain an OID identifying the curve.

Your certificate contains the full set of parameters however. It's probably the parameters for a standard curve, but we don't go trying to match arbitrary curves to ones that we know.

One option is to generate the key and certificate using Go.

If you need to use the OpenSSL command-line tools then you can add -pkeyopt ec_param_enc:named_curve to the parameter generation command (the one where you have -algorithm EC).