Skip to content

Support for UUID OIDs in X509v3 extensions #1135

New issue
New issue
Open
Open
Support for UUID OIDs in X509v3 extensions#1135
@robby-cornelissen

Description

@robby-cornelissen
robby-cornelissen
opened on Feb 12, 2026

There seems to have been a regression in forge 1.3.2 where OIDs with a bit length exceeding 53 bits (32 bits in some cases) are no longer allowed, while in 1.3.1 they were allowed, but parsed incorrectly. The change was caused by this commit, which addresses an integer overflow vulnerability.

For my specific use case, using a UUID OID (subtree 2.25) in a certificate's SAN extension causes parsing errors that were not present in version 1.3.1 and lower.

The behavior is illustrated by the following code:

const forge = require('node-forge');

const hex = "06146982d0c480ebc5cda2b8c183a5adfeb4a7b99915";
const bytes = forge.util.hexToBytes(hex);
const buffer = forge.util.createBuffer(bytes);

try {
    const asn1 = forge.asn1.fromDer(buffer);
    const oid = forge.asn1.derToOid(asn1.value);

    console.log("OID:", oid);
    // forge 1.3.1 prints "OID: 2.25.1156467861", which is wrong
} catch (e) {
    console.error("Error:", e.message);
    // forge 1.3.2 prints "Error: OID value too large; max is 53-bits."
}

OID maximum length is a messy topic. From an ASN.1 perspective, there is no real maximum depth/length limit for OIDs in general, but the X509v3 specification seems to only require support for OID arc lengths up to 28 bits.

This confuses things a little, and I do understand that to prevent vulnerabilities like CVE-2025-66030 from reoccurring, there is a need to put some form of limitation in place. I also understand that putting the limitation at 53 bits (i.e. JavaScript's MAX_SAFE_INTEGER) is very convenient from an implementation perspective.

However, given the existence of OID subtree 2.25, and the fact that the forge ASN.1 implementation seems to be intended to provide generic ASN.1 functionality beyond the scope of X509v3, I believe the 53 bit limit to be too restrictive, and would argue in favor of raising it to 128 bits. This will require replacing the current Number-based implementation with a BigInt-based implementation.

Some more examples of the current lay of the land, regarding this:

  • OpenSSL supports OIDs at least up to 128 bits.
  • The Python cryptography library, and the Rust dependency it relies on for its ASN.1 parsing (rust-asn1), both support OIDs up to 128 bits. (Admittedly, I was the one to push for that, and also provided the implementation.)
  • PeculiarVentures/ASN1.js supports OIDs at least up to 128 bits.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions