)]}'
{
  "commit": "112e1a71e16b17284ff318ac05e0120f01eb624e",
  "tree": "c15134886f5309ea37f1fd1eada930cdf379c714",
  "parents": [
    "915eb691d3a4c64025acc841d389848db80a5444"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Fri Dec 30 12:01:10 2022 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon Jan 30 18:44:22 2023 +0000"
  },
  "message": "Rewrite ASN1_generate_v3.\n\nThis improves the error-handling and uses CBB instead. It also resolves\na pile of -Wshorten-64-to-32 warnings. It also removes some of the calls\nto ASN_put_object within the library.\n\nThe parsing uses NUL-terminated strings a bit because several of the\nfunctions called at the end actually rely on the string being\nNUL-terminated. Rather than pipe through (ptr, len) versions through\neverything, I just used const char * or CBS based on whether the string\ncould be assumed to have a trailing NUL.\n\nAs part of this, I\u0027ve made it reject [UNIVERSAL 0], matching all our\nparsers. Rejecting that value means, since we don\u0027t have a nice\nOption\u003cT\u003e in C, we can use zero in all the recursive calls to mean \"no\nimplicit tag\".\n\nThis does tighten the forms allowed for UTCTime a bit. I\u0027ve disabled\nallow_timezone_offset, while crypto/asn1 broadly still allows it. The\nreasoning is this is code for constructing new certificates, not\nconsuming existing ones. If anything is calling this (hopefully not!) to\naccidentally generate an invalid UTCTime, it should be fixed.\n\nUpdate-Note: This code is reachable from the deprecated, string-based\nX.509 extensions API. I\u0027ve added tests for this, so it should behave\ngenerally compatibly, but if anything changes for a caller using these\nAPIs, this CL is the likely cause. (NB: No one should be using these\nAPIs. They\u0027re fundamentally prone to string injection vulnerabilities.)\n\nBug: 516\nChange-Id: I87f95e01ffbd22c4487d82c89ac098d095126cc1\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56166\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "5550f6177cb94b1ed3af16fcaea64dad02067ce9",
      "old_mode": 33188,
      "old_path": "crypto/x509/asn1_gen.c",
      "new_id": "6dcf1292ec845465adc86eb3abe0a01fbdb09115",
      "new_mode": 33188,
      "new_path": "crypto/x509/asn1_gen.c"
    },
    {
      "type": "modify",
      "old_id": "ebd8262d956329e3b40aa26a3daa2937430e728b",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_test.cc",
      "new_id": "fea26e7bcc672247390e84cf56cd6b78bbb72125",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_test.cc"
    },
    {
      "type": "modify",
      "old_id": "51e15e41bafbf0f3ed88563d5a15da7a969997ac",
      "old_mode": 33188,
      "old_path": "crypto/x509v3/internal.h",
      "new_id": "05a7026d602af6d7cf2db82e3ba5b780e8fc1a8b",
      "new_mode": 33188,
      "new_path": "crypto/x509v3/internal.h"
    },
    {
      "type": "modify",
      "old_id": "eec7d081841d02337c98e8a48f4dee488d1a45fb",
      "old_mode": 33188,
      "old_path": "crypto/x509v3/v3_utl.c",
      "new_id": "96ad2295bd7e84adab3cd133b2614c06529f9072",
      "new_mode": 33188,
      "new_path": "crypto/x509v3/v3_utl.c"
    }
  ]
}