From 671696a22dd98c0fafcaea2d159c284367b24aa0 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 7 Feb 2024 12:10:58 -0800
Subject: [PATCH] crypto/x509: reject critical AKI

Updates #65085

Change-Id: I8cc60990737d582edf4f7f85ec871f5e42f82b78
Reviewed-on: https://go-review.googlesource.com/c/go/+/562341
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/x509/parser.go    |  4 ++++
 src/crypto/x509/x509_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/src/crypto/x509/parser.go b/src/crypto/x509/parser.go
index 001b001775..4202991f47 100644
--- a/src/crypto/x509/parser.go
+++ b/src/crypto/x509/parser.go
@@ -723,6 +723,10 @@ func processExtensions(out *Certificate) error {
 
 			case 35:
 				// RFC 5280, 4.2.1.1
+				if e.Critical {
+					// Conforming CAs MUST mark this extension as non-critical
+					return errors.New("x509: authority key identifier incorrectly marked critical")
+				}
 				val := cryptobyte.String(e.Value)
 				var akid cryptobyte.String
 				if !val.ReadASN1(&akid, cryptobyte_asn1.SEQUENCE) {
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index a29f914c8e..a9dc145265 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -4011,6 +4011,31 @@ func TestGob(t *testing.T) {
 	}
 }
 
+func TestRejectCriticalAKI(t *testing.T) {
+	template := Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject:      pkix.Name{CommonName: "Cert"},
+		NotBefore:    time.Unix(1000, 0),
+		NotAfter:     time.Unix(100000, 0),
+		ExtraExtensions: []pkix.Extension{
+			{
+				Id:       asn1.ObjectIdentifier{2, 5, 29, 35},
+				Critical: true,
+				Value:    []byte{1, 2, 3},
+			},
+		},
+	}
+	certDER, err := CreateCertificate(rand.Reader, &template, &template, rsaPrivateKey.Public(), rsaPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate() unexpected error: %v", err)
+	}
+	expectedErr := "x509: authority key identifier incorrectly marked critical"
+	_, err = ParseCertificate(certDER)
+	if err == nil || err.Error() != expectedErr {
+		t.Fatalf("ParseCertificate() unexpected error: %v, want: %s", err, expectedErr)
+	}
+}
+
 func TestRejectCriticalAIA(t *testing.T) {
 	template := Certificate{
 		SerialNumber: big.NewInt(1),
-- 
2.48.1