cryptobyte: reject Object Identifiers with leading 0x80

Change-Id: Ie3a1b53e801077cd86963799e644b9783943933c
GitHub-Last-Rev: 6629bd74f1874eb9fde8e72bfb444ebf9073a1ab
GitHub-Pull-Request: golang/crypto#255
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/483955
Run-TryBot: Mateusz Poliwczak <mpoliwczak34@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>

2 files changed, 9 insertions, 0 deletions

diff --git a/cryptobyte/asn1.go b/cryptobyte/asn1.go
index 3141a7f..6fc2838 100644
--- a/cryptobyte/asn1.go
+++ b/cryptobyte/asn1.go
@@ -431,6 +431,14 @@ func (s *String) readBase128Int(out *int) bool {
 		}
 		ret <<= 7
 		b := s.read(1)[0]
+
+		// ITU-T X.690, section 8.19.2:
+		// The subidentifier shall be encoded in the fewest possible octets,
+		// that is, the leading octet of the subidentifier shall not have the value 0x80.
+		if i == 0 && b == 0x80 {
+			return false
+		}
+
 		ret |= int(b & 0x7f)
 		if b&0x80 == 0 {
 			*out = ret
diff --git a/cryptobyte/asn1_test.go b/cryptobyte/asn1_test.go
index be04bb4..e3f53a9 100644
--- a/cryptobyte/asn1_test.go
+++ b/cryptobyte/asn1_test.go
@@ -276,6 +276,7 @@ func TestASN1ObjectIdentifier(t *testing.T) {
 		{[]byte{6, 7, 85, 0x02, 0x85, 0xc7, 0xcc, 0xfb, 0x01}, true, []int{2, 5, 2, 1492336001}},
 		{[]byte{6, 7, 0x55, 0x02, 0x87, 0xff, 0xff, 0xff, 0x7f}, true, []int{2, 5, 2, 2147483647}}, // 2**31-1
 		{[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, false, []int{}},                   // 2**31
+		{[]byte{6, 3, 85, 0x80, 0x02}, false, []int{}},                                             // leading 0x80 octet
 	}
 
 	for i, test := range testData {