Home Explore Help
Sign In
cloudflare
/
cfssl
mirror of https://github.com/cloudflare/cfssl
Watch 1
Star 0
Fork 0
Files Issues
Branch: master
Branches Tags
cfssl
/
vendor
/
github.com
/
zmap
/
zcrypto
/
x509
/
crl_parser.go

crl_parser.go 13 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410 
  1. package x509
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"errors"
    6. 

  6. 	"fmt"
    7. 

  7. 	"math/big"
    8. 

  8. 	"time"
    9. 

  9. 	"unicode/utf16"
    10. 

  10. 	"unicode/utf8"
    11. 

  11. 

  12. 	"github.com/zmap/zcrypto/cryptobyte"
    13. 

  13. 	cryptobyte_asn1 "github.com/zmap/zcrypto/cryptobyte/asn1"
    14. 

  14. 	"github.com/zmap/zcrypto/encoding/asn1"
    15. 

  15. 	"github.com/zmap/zcrypto/x509/pkix"
    16. 

  16. )
    17. 

  17. 

  18. const x509v2Version = 1
    19. 

  19. 

  20. // RevokedCertificate represents an entry in the revokedCertificates sequence of
    21. 

  21. // a CRL.
    22. 

  22. // STARTBLOCK: This type does not exist in upstream.
    23. 

  23. type RevokedCertificate struct {
    24. 

  24. 	// Raw contains the raw bytes of the revokedCertificates entry. It is set when
    25. 

  25. 	// parsing a CRL; it is ignored when generating a CRL.
    26. 

  26. 	Raw []byte
    27. 

  27. 

  28. 	// SerialNumber represents the serial number of a revoked certificate. It is
    29. 

  29. 	// both used when creating a CRL and populated when parsing a CRL. It MUST NOT
    30. 

  30. 	// be nil.
    31. 

  31. 	SerialNumber *big.Int
    32. 

  32. 	// RevocationTime represents the time at which the certificate was revoked. It
    33. 

  33. 	// is both used when creating a CRL and populated when parsing a CRL. It MUST
    34. 

  34. 	// NOT be nil.
    35. 

  35. 	RevocationTime time.Time
    36. 

  36. 	// ReasonCode represents the reason for revocation, using the integer enum
    37. 

  37. 	// values specified in RFC 5280 Section 5.3.1. When creating a CRL, a value of
    38. 

  38. 	// nil or zero will result in the reasonCode extension being omitted. When
    39. 

  39. 	// parsing a CRL, a value of nil represents a no reasonCode extension, while a
    40. 

  40. 	// value of 0 represents a reasonCode extension containing enum value 0 (this
    41. 

  41. 	// SHOULD NOT happen, but can and does).
    42. 

  42. 	ReasonCode *int
    43. 

  43. 

  44. 	// Extensions contains raw X.509 extensions. When creating a CRL, the
    45. 

  45. 	// Extensions field is ignored, see ExtraExtensions.
    46. 

  46. 	Extensions []pkix.Extension
    47. 

  47. 	// ExtraExtensions contains any additional extensions to add directly to the
    48. 

  48. 	// revokedCertificate entry. It is up to the caller to ensure that this field
    49. 

  49. 	// does not contain any extensions which duplicate extensions created by this
    50. 

  50. 	// package (currently, the reasonCode extension). The ExtraExtensions field is
    51. 

  51. 	// not populated when parsing a CRL, see Extensions.
    52. 

  52. 	ExtraExtensions []pkix.Extension
    53. 

  53. }
    54. 

  54. 

  55. // ENDBLOCK
    56. 

  56. 

  57. // ParseRevocationList parses a X509 v2 Certificate Revocation List from the given
    58. 

  58. // ASN.1 DER data.
    59. 

  59. func ParseRevocationList(der []byte) (*RevocationList, error) {
    60. 

  60. 	rl := &RevocationList{}
    61. 

  61. 

  62. 	input := cryptobyte.String(der)
    63. 

  63. 	// we read the SEQUENCE including length and tag bytes so that
    64. 

  64. 	// we can populate RevocationList.Raw, before unwrapping the
    65. 

  65. 	// SEQUENCE so it can be operated on
    66. 

  66. 	if !input.ReadASN1Element(&input, cryptobyte_asn1.SEQUENCE) {
    67. 

  67. 		return nil, errors.New("x509: malformed crl")
    68. 

  68. 	}
    69. 

  69. 	rl.Raw = input
    70. 

  70. 	if !input.ReadASN1(&input, cryptobyte_asn1.SEQUENCE) {
    71. 

  71. 		return nil, errors.New("x509: malformed crl")
    72. 

  72. 	}
    73. 

  73. 

  74. 	var tbs cryptobyte.String
    75. 

  75. 	// do the same trick again as above to extract the raw
    76. 

  76. 	// bytes for Certificate.RawTBSCertificate
    77. 

  77. 	if !input.ReadASN1Element(&tbs, cryptobyte_asn1.SEQUENCE) {
    78. 

  78. 		return nil, errors.New("x509: malformed tbs crl")
    79. 

  79. 	}
    80. 

  80. 	rl.RawTBSRevocationList = tbs
    81. 

  81. 	if !tbs.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) {
    82. 

  82. 		return nil, errors.New("x509: malformed tbs crl")
    83. 

  83. 	}
    84. 

  84. 

  85. 	var version int
    86. 

  86. 	if !tbs.PeekASN1Tag(cryptobyte_asn1.INTEGER) {
    87. 

  87. 		return nil, errors.New("x509: unsupported crl version")
    88. 

  88. 	}
    89. 

  89. 	if !tbs.ReadASN1Integer(&version) {
    90. 

  90. 		return nil, errors.New("x509: malformed crl")
    91. 

  91. 	}
    92. 

  92. 	if version != x509v2Version {
    93. 

  93. 		return nil, fmt.Errorf("x509: unsupported crl version: %d", version)
    94. 

  94. 	}
    95. 

  95. 

  96. 	var sigAISeq cryptobyte.String
    97. 

  97. 	if !tbs.ReadASN1(&sigAISeq, cryptobyte_asn1.SEQUENCE) {
    98. 

  98. 		return nil, errors.New("x509: malformed signature algorithm identifier")
    99. 

  99. 	}
    100. 

  100. 	// Before parsing the inner algorithm identifier, extract
    101. 

  101. 	// the outer algorithm identifier and make sure that they
    102. 

  102. 	// match.
    103. 

  103. 	var outerSigAISeq cryptobyte.String
    104. 

  104. 	if !input.ReadASN1(&outerSigAISeq, cryptobyte_asn1.SEQUENCE) {
    105. 

  105. 		return nil, errors.New("x509: malformed algorithm identifier")
    106. 

  106. 	}
    107. 

  107. 	if !bytes.Equal(outerSigAISeq, sigAISeq) {
    108. 

  108. 		return nil, errors.New("x509: inner and outer signature algorithm identifiers don't match")
    109. 

  109. 	}
    110. 

  110. 	sigAI, err := parseAI(sigAISeq)
    111. 

  111. 	if err != nil {
    112. 

  112. 		return nil, err
    113. 

  113. 	}
    114. 

  114. 	rl.SignatureAlgorithm = getSignatureAlgorithmFromAI(sigAI)
    115. 

  115. 

  116. 	var signature asn1.BitString
    117. 

  117. 	if !input.ReadASN1BitString(&signature) {
    118. 

  118. 		return nil, errors.New("x509: malformed signature")
    119. 

  119. 	}
    120. 

  120. 	rl.Signature = signature.RightAlign()
    121. 

  121. 

  122. 	var issuerSeq cryptobyte.String
    123. 

  123. 	if !tbs.ReadASN1Element(&issuerSeq, cryptobyte_asn1.SEQUENCE) {
    124. 

  124. 		return nil, errors.New("x509: malformed issuer")
    125. 

  125. 	}
    126. 

  126. 	rl.RawIssuer = issuerSeq
    127. 

  127. 	issuerRDNs, err := parseName(issuerSeq)
    128. 

  128. 	if err != nil {
    129. 

  129. 		return nil, err
    130. 

  130. 	}
    131. 

  131. 	rl.Issuer.FillFromRDNSequence(issuerRDNs)
    132. 

  132. 

  133. 	rl.ThisUpdate, err = parseTime(&tbs)
    134. 

  134. 	if err != nil {
    135. 

  135. 		return nil, err
    136. 

  136. 	}
    137. 

  137. 	if tbs.PeekASN1Tag(cryptobyte_asn1.GeneralizedTime) || tbs.PeekASN1Tag(cryptobyte_asn1.UTCTime) {
    138. 

  138. 		rl.NextUpdate, err = parseTime(&tbs)
    139. 

  139. 		if err != nil {
    140. 

  140. 			return nil, err
    141. 

  141. 		}
    142. 

  142. 	}
    143. 

  143. 

  144. 	if tbs.PeekASN1Tag(cryptobyte_asn1.SEQUENCE) {
    145. 

  145. 		// NOTE: The block does not exist in upstream.
    146. 

  146. 		rcs := make([]RevokedCertificate, 0)
    147. 

  147. 		// ENDBLOCK
    148. 

  148. 		var revokedSeq cryptobyte.String
    149. 

  149. 		if !tbs.ReadASN1(&revokedSeq, cryptobyte_asn1.SEQUENCE) {
    150. 

  150. 			return nil, errors.New("x509: malformed crl")
    151. 

  151. 		}
    152. 

  152. 		for !revokedSeq.Empty() {
    153. 

  153. 			var certSeq cryptobyte.String
    154. 

  154. 			// NOTE: The block is different from upstream. Upstream: ReadASN1
    155. 

  155. 			if !revokedSeq.ReadASN1Element(&certSeq, cryptobyte_asn1.SEQUENCE) {
    156. 

  156. 				// ENDBLOCK
    157. 

  157. 				return nil, errors.New("x509: malformed crl")
    158. 

  158. 			}
    159. 

  159. 			rc := RevokedCertificate{Raw: certSeq}
    160. 

  160. 			if !certSeq.ReadASN1(&certSeq, cryptobyte_asn1.SEQUENCE) {
    161. 

  161. 				return nil, errors.New("x509: malformed crl")
    162. 

  162. 			}
    163. 

  163. 			rc.SerialNumber = new(big.Int)
    164. 

  164. 			if !certSeq.ReadASN1Integer(rc.SerialNumber) {
    165. 

  165. 				return nil, errors.New("x509: malformed serial number")
    166. 

  166. 			}
    167. 

  167. 			rc.RevocationTime, err = parseTime(&certSeq)
    168. 

  168. 			if err != nil {
    169. 

  169. 				return nil, err
    170. 

  170. 			}
    171. 

  171. 			var extensions cryptobyte.String
    172. 

  172. 			var present bool
    173. 

  173. 			if !certSeq.ReadOptionalASN1(&extensions, &present, cryptobyte_asn1.SEQUENCE) {
    174. 

  174. 				return nil, errors.New("x509: malformed extensions")
    175. 

  175. 			}
    176. 

  176. 			if present {
    177. 

  177. 				for !extensions.Empty() {
    178. 

  178. 					var extension cryptobyte.String
    179. 

  179. 					if !extensions.ReadASN1(&extension, cryptobyte_asn1.SEQUENCE) {
    180. 

  180. 						return nil, errors.New("x509: malformed extension")
    181. 

  181. 					}
    182. 

  182. 					ext, err := parseExtension(extension)
    183. 

  183. 					if err != nil {
    184. 

  184. 						return nil, err
    185. 

  185. 					}
    186. 

  186. 					// STARTBLOCK: This block does not exist in upstream.
    187. 

  187. 					if ext.Id.Equal(oidExtensionReasonCode) {
    188. 

  188. 						val := cryptobyte.String(ext.Value)
    189. 

  189. 						rc.ReasonCode = new(int)
    190. 

  190. 						if !val.ReadASN1Enum(rc.ReasonCode) {
    191. 

  191. 							return nil, fmt.Errorf("x509: malformed reasonCode extension")
    192. 

  192. 						}
    193. 

  193. 					}
    194. 

  194. 					// ENDBLOCK
    195. 

  195. 					rc.Extensions = append(rc.Extensions, ext)
    196. 

  196. 				}
    197. 

  197. 			}
    198. 

  198. 			// STARTBLOCK: The block does not exist in upstream.
    199. 

  199. 			rcs = append(rcs, rc)
    200. 

  200. 			// ENDBLOCK
    201. 

  201. 		}
    202. 

  202. 		rl.RevokedCertificates = rcs
    203. 

  203. 	}
    204. 

  204. 

  205. 	var extensions cryptobyte.String
    206. 

  206. 	var present bool
    207. 

  207. 	if !tbs.ReadOptionalASN1(&extensions, &present, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific()) {
    208. 

  208. 		return nil, errors.New("x509: malformed extensions")
    209. 

  209. 	}
    210. 

  210. 	if present {
    211. 

  211. 		if !extensions.ReadASN1(&extensions, cryptobyte_asn1.SEQUENCE) {
    212. 

  212. 			return nil, errors.New("x509: malformed extensions")
    213. 

  213. 		}
    214. 

  214. 		for !extensions.Empty() {
    215. 

  215. 			var extension cryptobyte.String
    216. 

  216. 			if !extensions.ReadASN1(&extension, cryptobyte_asn1.SEQUENCE) {
    217. 

  217. 				return nil, errors.New("x509: malformed extension")
    218. 

  218. 			}
    219. 

  219. 			ext, err := parseExtension(extension)
    220. 

  220. 			if err != nil {
    221. 

  221. 				return nil, err
    222. 

  222. 			}
    223. 

  223. 			if ext.Id.Equal(oidExtensionAuthorityKeyId) {
    224. 

  224. 				rl.AuthorityKeyId = ext.Value
    225. 

  225. 			} else if ext.Id.Equal(oidExtensionCRLNumber) {
    226. 

  226. 				value := cryptobyte.String(ext.Value)
    227. 

  227. 				rl.Number = new(big.Int)
    228. 

  228. 				if !value.ReadASN1Integer(rl.Number) {
    229. 

  229. 					return nil, errors.New("x509: malformed crl number")
    230. 

  230. 				}
    231. 

  231. 			}
    232. 

  232. 			rl.Extensions = append(rl.Extensions, ext)
    233. 

  233. 		}
    234. 

  234. 	}
    235. 

  235. 

  236. 	return rl, nil
    237. 

  237. }
    238. 

  238. 

  239. // isPrintable reports whether the given b is in the ASN.1 PrintableString set.
    240. 

  240. // This is a simplified version of encoding/asn1.isPrintable.
    241. 

  241. func isPrintable(b byte) bool {
    242. 

  242. 	return 'a' <= b && b <= 'z' ||
    243. 

  243. 		'A' <= b && b <= 'Z' ||
    244. 

  244. 		'0' <= b && b <= '9' ||
    245. 

  245. 		'\'' <= b && b <= ')' ||
    246. 

  246. 		'+' <= b && b <= '/' ||
    247. 

  247. 		b == ' ' ||
    248. 

  248. 		b == ':' ||
    249. 

  249. 		b == '=' ||
    250. 

  250. 		b == '?' ||
    251. 

  251. 		// This is technically not allowed in a PrintableString.
    252. 

  252. 		// However, x509 certificates with wildcard strings don't
    253. 

  253. 		// always use the correct string type so we permit it.
    254. 

  254. 		b == '*' ||
    255. 

  255. 		// This is not technically allowed either. However, not
    256. 

  256. 		// only is it relatively common, but there are also a
    257. 

  257. 		// handful of CA certificates that contain it. At least
    258. 

  258. 		// one of which will not expire until 2027.
    259. 

  259. 		b == '&'
    260. 

  260. }
    261. 

  261. 

  262. // parseASN1String parses the ASN.1 string types T61String, PrintableString,
    263. 

  263. // UTF8String, BMPString, IA5String, and NumericString. This is mostly copied
    264. 

  264. // from the respective encoding/asn1.parse... methods, rather than just
    265. 

  265. // increasing the API surface of that package.
    266. 

  266. func parseASN1String(tag cryptobyte_asn1.Tag, value []byte) (string, error) {
    267. 

  267. 	switch tag {
    268. 

  268. 	case cryptobyte_asn1.T61String:
    269. 

  269. 		return string(value), nil
    270. 

  270. 	case cryptobyte_asn1.PrintableString:
    271. 

  271. 		for _, b := range value {
    272. 

  272. 			if !isPrintable(b) {
    273. 

  273. 				return "", errors.New("invalid PrintableString")
    274. 

  274. 			}
    275. 

  275. 		}
    276. 

  276. 		return string(value), nil
    277. 

  277. 	case cryptobyte_asn1.UTF8String:
    278. 

  278. 		if !utf8.Valid(value) {
    279. 

  279. 			return "", errors.New("invalid UTF-8 string")
    280. 

  280. 		}
    281. 

  281. 		return string(value), nil
    282. 

  282. 	case cryptobyte_asn1.Tag(asn1.TagBMPString):
    283. 

  283. 		if len(value)%2 != 0 {
    284. 

  284. 			return "", errors.New("invalid BMPString")
    285. 

  285. 		}
    286. 

  286. 

  287. 		// Strip terminator if present.
    288. 

  288. 		if l := len(value); l >= 2 && value[l-1] == 0 && value[l-2] == 0 {
    289. 

  289. 			value = value[:l-2]
    290. 

  290. 		}
    291. 

  291. 

  292. 		s := make([]uint16, 0, len(value)/2)
    293. 

  293. 		for len(value) > 0 {
    294. 

  294. 			s = append(s, uint16(value[0])<<8+uint16(value[1]))
    295. 

  295. 			value = value[2:]
    296. 

  296. 		}
    297. 

  297. 

  298. 		return string(utf16.Decode(s)), nil
    299. 

  299. 	case cryptobyte_asn1.IA5String:
    300. 

  300. 		s := string(value)
    301. 

  301. 		if isIA5String(s) != nil {
    302. 

  302. 			return "", errors.New("invalid IA5String")
    303. 

  303. 		}
    304. 

  304. 		return s, nil
    305. 

  305. 	case cryptobyte_asn1.Tag(asn1.TagNumericString):
    306. 

  306. 		for _, b := range value {
    307. 

  307. 			if !('0' <= b && b <= '9' || b == ' ') {
    308. 

  308. 				return "", errors.New("invalid NumericString")
    309. 

  309. 			}
    310. 

  310. 		}
    311. 

  311. 		return string(value), nil
    312. 

  312. 	}
    313. 

  313. 	return "", fmt.Errorf("unsupported string type: %v", tag)
    314. 

  314. }
    315. 

  315. 

  316. // parseName parses a DER encoded Name as defined in RFC 5280. We may
    317. 

  317. // want to export this function in the future for use in crypto/tls.
    318. 

  318. func parseName(raw cryptobyte.String) (*pkix.RDNSequence, error) {
    319. 

  319. 	if !raw.ReadASN1(&raw, cryptobyte_asn1.SEQUENCE) {
    320. 

  320. 		return nil, errors.New("x509: invalid RDNSequence")
    321. 

  321. 	}
    322. 

  322. 

  323. 	var rdnSeq pkix.RDNSequence
    324. 

  324. 	for !raw.Empty() {
    325. 

  325. 		var rdnSet pkix.RelativeDistinguishedNameSET
    326. 

  326. 		var set cryptobyte.String
    327. 

  327. 		if !raw.ReadASN1(&set, cryptobyte_asn1.SET) {
    328. 

  328. 			return nil, errors.New("x509: invalid RDNSequence")
    329. 

  329. 		}
    330. 

  330. 		for !set.Empty() {
    331. 

  331. 			var atav cryptobyte.String
    332. 

  332. 			if !set.ReadASN1(&atav, cryptobyte_asn1.SEQUENCE) {
    333. 

  333. 				return nil, errors.New("x509: invalid RDNSequence: invalid attribute")
    334. 

  334. 			}
    335. 

  335. 			var attr pkix.AttributeTypeAndValue
    336. 

  336. 			if !atav.ReadASN1ObjectIdentifier(&attr.Type) {
    337. 

  337. 				return nil, errors.New("x509: invalid RDNSequence: invalid attribute type")
    338. 

  338. 			}
    339. 

  339. 			var rawValue cryptobyte.String
    340. 

  340. 			var valueTag cryptobyte_asn1.Tag
    341. 

  341. 			if !atav.ReadAnyASN1(&rawValue, &valueTag) {
    342. 

  342. 				return nil, errors.New("x509: invalid RDNSequence: invalid attribute value")
    343. 

  343. 			}
    344. 

  344. 			var err error
    345. 

  345. 			attr.Value, err = parseASN1String(valueTag, rawValue)
    346. 

  346. 			if err != nil {
    347. 

  347. 				return nil, fmt.Errorf("x509: invalid RDNSequence: invalid attribute value: %s", err)
    348. 

  348. 			}
    349. 

  349. 			rdnSet = append(rdnSet, attr)
    350. 

  350. 		}
    351. 

  351. 

  352. 		rdnSeq = append(rdnSeq, rdnSet)
    353. 

  353. 	}
    354. 

  354. 

  355. 	return &rdnSeq, nil
    356. 

  356. }
    357. 

  357. 

  358. func parseAI(der cryptobyte.String) (pkix.AlgorithmIdentifier, error) {
    359. 

  359. 	ai := pkix.AlgorithmIdentifier{}
    360. 

  360. 	if !der.ReadASN1ObjectIdentifier(&ai.Algorithm) {
    361. 

  361. 		return ai, errors.New("x509: malformed OID")
    362. 

  362. 	}
    363. 

  363. 	if der.Empty() {
    364. 

  364. 		return ai, nil
    365. 

  365. 	}
    366. 

  366. 	var params cryptobyte.String
    367. 

  367. 	var tag cryptobyte_asn1.Tag
    368. 

  368. 	if !der.ReadAnyASN1Element(&params, &tag) {
    369. 

  369. 		return ai, errors.New("x509: malformed parameters")
    370. 

  370. 	}
    371. 

  371. 	ai.Parameters.Tag = int(tag)
    372. 

  372. 	ai.Parameters.FullBytes = params
    373. 

  373. 	return ai, nil
    374. 

  374. }
    375. 

  375. 

  376. func parseTime(der *cryptobyte.String) (time.Time, error) {
    377. 

  377. 	var t time.Time
    378. 

  378. 	switch {
    379. 

  379. 	case der.PeekASN1Tag(cryptobyte_asn1.UTCTime):
    380. 

  380. 		if !der.ReadASN1UTCTime(&t) {
    381. 

  381. 			return t, errors.New("x509: malformed UTCTime")
    382. 

  382. 		}
    383. 

  383. 	case der.PeekASN1Tag(cryptobyte_asn1.GeneralizedTime):
    384. 

  384. 		if !der.ReadASN1GeneralizedTime(&t) {
    385. 

  385. 			return t, errors.New("x509: malformed GeneralizedTime")
    386. 

  386. 		}
    387. 

  387. 	default:
    388. 

  388. 		return t, errors.New("x509: unsupported time format")
    389. 

  389. 	}
    390. 

  390. 	return t, nil
    391. 

  391. }
    392. 

  392. 

  393. func parseExtension(der cryptobyte.String) (pkix.Extension, error) {
    394. 

  394. 	var ext pkix.Extension
    395. 

  395. 	if !der.ReadASN1ObjectIdentifier(&ext.Id) {
    396. 

  396. 		return ext, errors.New("x509: malformed extension OID field")
    397. 

  397. 	}
    398. 

  398. 	if der.PeekASN1Tag(cryptobyte_asn1.BOOLEAN) {
    399. 

  399. 		if !der.ReadASN1Boolean(&ext.Critical) {
    400. 

  400. 			return ext, errors.New("x509: malformed extension critical field")
    401. 

  401. 		}
    402. 

  402. 	}
    403. 

  403. 	var val cryptobyte.String
    404. 

  404. 	if !der.ReadASN1(&val, cryptobyte_asn1.OCTET_STRING) {
    405. 

  405. 		return ext, errors.New("x509: malformed extension value field")
    406. 

  406. 	}
    407. 

  407. 	ext.Value = val
    408. 

  408. 	return ext, nil
    409. 

  409. }
    410. 

  410.