From c177d9d98a7bfb21346f6309c115d0a2bf3167e3 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 29 Jun 2022 11:30:47 -0700
Subject: [PATCH] crypto/x509: restrict CRL number to <=20 octets

Similar to certificate serial numbers, RFC 5280 restricts the length of
the CRL number field to no more than 20 octets. Enforce this in
CreateRevocationList.

Fixes #53543

Change-Id: If392ef6b0844db716ae9ee6ef317135fceab039c
Reviewed-on: https://go-review.googlesource.com/c/go/+/415134
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
---
 src/crypto/x509/x509.go      |  4 ++++
 src/crypto/x509/x509_test.go | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 7dcebfa5f1..950f6d08c8 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -2196,6 +2196,10 @@ func CreateRevocationList(rand io.Reader, template *RevocationList, issuer *Cert
 	if err != nil {
 		return nil, err
 	}
+
+	if numBytes := template.Number.Bytes(); len(numBytes) > 20 || (len(numBytes) == 20 && numBytes[0]&0x80 != 0) {
+		return nil, errors.New("x509: CRL number exceeds 20 octets")
+	}
 	crlNum, err := asn1.Marshal(template.Number)
 	if err != nil {
 		return nil, err
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index cddad1e246..cba44f6f8c 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2478,6 +2478,40 @@ func TestCreateRevocationList(t *testing.T) {
 			},
 			expectedError: "x509: template contains nil Number field",
 		},
+		{
+			name: "long Number",
+			key:  ec256Priv,
+			issuer: &Certificate{
+				KeyUsage: KeyUsageCRLSign,
+				Subject: pkix.Name{
+					CommonName: "testing",
+				},
+				SubjectKeyId: []byte{1, 2, 3},
+			},
+			template: &RevocationList{
+				ThisUpdate: time.Time{}.Add(time.Hour * 24),
+				NextUpdate: time.Time{}.Add(time.Hour * 48),
+				Number:     big.NewInt(0).SetBytes(append([]byte{1}, make([]byte, 20)...)),
+			},
+			expectedError: "x509: CRL number exceeds 20 octets",
+		},
+		{
+			name: "long Number (20 bytes, MSB set)",
+			key:  ec256Priv,
+			issuer: &Certificate{
+				KeyUsage: KeyUsageCRLSign,
+				Subject: pkix.Name{
+					CommonName: "testing",
+				},
+				SubjectKeyId: []byte{1, 2, 3},
+			},
+			template: &RevocationList{
+				ThisUpdate: time.Time{}.Add(time.Hour * 24),
+				NextUpdate: time.Time{}.Add(time.Hour * 48),
+				Number:     big.NewInt(0).SetBytes(append([]byte{255}, make([]byte, 19)...)),
+			},
+			expectedError: "x509: CRL number exceeds 20 octets",
+		},
 		{
 			name: "invalid signature algorithm",
 			key:  ec256Priv,
-- 
2.50.0