Dear Xiao Nian Jun,

Thanks for your kind words and for reporting this issue you found.

I checked RFC 7427 and indeed while parameters must be present and NULL for all RSA algorithms, appendix A.3 is clear that they must be absent for ECDSA. Since RFC 7427 is about IKEv2 rather than about X.509 certificates, I also checked RFC 5480 (updating RFC 3279 which defines the X.509 profile used by the IETF), and it concurs: for ECDSA, parameters are absent (appendix A).

Our behaviour is not conformant, and this should be fixed. Just to help us evaluate the severity of the issue, I'd like to know if this is something you found by inspecting the generated certificate yourself, or if it caused the generate certificate to be rejected by some other X.509 implementation or verification tool. Said otherwise, is this only a compliance issue, or also an interoperability issue?

Regarding your fix, I think it works as long as you are only generating ECC-signed X.509 certificates, but as you suggest, I'm afraid it only fixes the problem by creating another one: it would suppress the NULL parameters for RSA as well, but unfortunately, they're mandatory there (I wish the standards were more consistent). So, we'll probably have to do something similar, but only for ECDSA.

I was going to create a ticket for that in our bug tracker when I noticed we already have a ticket tracking that: https://github.com/ARMmbed/mbedtls/issues/2924 - Ill add a link to your message in the ticket.

Thanks again for your report.

Best regards,
Manuel

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Xiao, Nian Jun via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 28 December 2020 03:24
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Cc: He, Shu Shan <shushan.he@siemens.com>
Subject: [mbed-tls] MBEDTLS issue I found
 

Dear MBEDTLS team,

 

I¡¦m a developer at SIEMENS, my name is Xiao Nian Jun. Please accept my sincere gratitude for your excellent work and to spend extra time to read my email.

We are using MBEDTLS to generate ECC key and certificates, we found an issue regarding algorithm identifier in the final ASN.1 certificate. For certificate signed by ECC key, the algorithm identifier is ¡§NULL¡¨ which doesn¡¦t conforms to RFC7427 specification.

 

You can see the ¡§NULL¡¨ string in the certificate, Chrome will treat this kind of certificate as invalid.

                                                                            

This issue has blocked us for a while, and after some investigation, we found an easy fix ¡V- probably immature fix --- to make it works right--- we just commented out this line of code ¡§MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) )" in function mbedtls_asn1_write_algorithm_identifier.

To be honesty, we¡¦ve been using MBEDTLS for very short time, probably this is not an issue, probably our fix will end up break up something¡Kcurrently, it¡¦s just looks correct.

 

Please check if my fix works or not, if not, please do not hesitate to correct me.

 

 

B.R.

 

Xiao Nian Jun.