Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible to retain negative serial number parsing in x509 certificates ? #10247

Open
vEpiphyte opened this issue Jan 24, 2024 · 9 comments
Open

Comments

@vEpiphyte
Copy link

I'm writing regarding the planned removal of negative serial number support from the cryptography package in v43.0.0.

Would it be possible to allow the parsing of negative serial numbers as an optional configuration to the hazmat layer, or as an option to the "load_der_x509_certificate / load_der_x509_certificates / load_der_x509_certificate" APIs? That would allow someone who is okay handling those negative serial numbers to opt-into supporting them; and those who want strict compliance with the RFCs to reject the certificates.

The reason that I bring this up is that there are still many real world examples of negative serial numbers being present in X509 certificates, despite deviation from RFCs. This is the unfortunate scenario where "RFC / Specification says one thing" and "Real stuff seen in the wild on the internet" differs enough to be non-ideal for parser authors. This is especially true when there have been multiple revisions of the standard :(

The example from #6609 is just one item. There are people in the information security space who use cryptography for parsing and inspecting X509 certificates. Restricting the allowed space for ( otherwise usable ) X509 certificates can hamper security research and tracking of threat actors, since they cannot take advantage of new functionality offered by cryptography moving forward.

@Ousret
Copy link

Ousret commented Feb 14, 2024

I agree that this should not be removed. Working with the OSes truststores made me realize that X509 certificates w/ negative serial numbers are still wildly used. I had to silent the warning due to how often it appeared in my tests.
I'm no X509 expert, but if there is no evidence of security risks or downsides to allowing that, I would vouch in favor of not removing its support (i) and (ii) possibly even removing the warning.

@alex
Copy link
Member

alex commented Feb 14, 2024

Is there a particular OS or root that you've encountered with a negative serial number?

We originally added this fallback based on the Mozilla trust store containing a negative serial number, but that cert has since been removed.

@Ousret
Copy link

Ousret commented Feb 14, 2024

I have encountered it in NT systems. I have seen it in Windows Server <=2022 for example.

@reaperhulk
Copy link
Member

If these are common root certs would it be possible to get some links to them from crt.sh? It's interesting (but perhaps understandable) that Windows has a significantly divergent trusted set from Mozilla, Apple, et al.

@alex
Copy link
Member

alex commented Feb 15, 2024 via email

@dpandya-cisco
Copy link

Hello - I am wondering if there are any updates on whether there will be an option to allow negative serial number parsing in x509 certificates in v43.0.0? We have encountered a situation where one of the certificates in our team's trust store has a negative value for a serial number.

Interestingly, when I print the certificate serial numbers, none of them show a negative value. It would be greatly helpful if the CryptographyDeprecationWarning for parsing negative serial numbers could be expanded to include information about which certificate triggered the warning to see if there is indeed one with a negative serial number or if this is a bug in the cryptography library.

@alex
Copy link
Member

alex commented Jun 28, 2024

There's no updates beyond what is present in this thread.

@intgr
Copy link
Contributor

intgr commented Jul 22, 2024

What exactly is the status of this? Was support for negative serials removed or was it not removed?

The changelog is now contradictory.

42.0.0 release notes says:

In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0.

43.0.0 was released 2 days ago, but its changelog https://cryptography.io/en/latest/changelog/#v43-0-0 does not mention anything about this.

@alex
Copy link
Member

alex commented Jul 22, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

6 participants