)]}' { "commit": "8c8629bfd89436e5019b6bd3c65cff4bf1a76b76", "tree": "635b5235bcddf91d25a32ea1bad6aff56c3bb6cc", "parents": [ "92de195169d26d9f5cec7ef34df9194e614e50f8" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 13 11:58:08 2023 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 21 16:28:49 2023 +0000" }, "message": "Represent unknown universal types with V_ASN1_OTHER\n\nOpenSSL\u0027s ASN1_STRING representation has many cases. There\u0027s a grab-bag\nV_ASN1_OTHER cases that can represent any element. But it is currently\nonly used for non-universal tags. Unknown universal tags go into the\ntype field directly.\n\nThis has a few problems:\n\n- Certain high values, V_ASN1_NEG_INTEGER and V_ASN1_NEG_ENUMERATED,\n are treated special. This was one of the two causes behind\n CVE-2016-2108 and had to be worked around with V_ASN1_MAX_UNIVERSAL.\n\n- OpenSSL can never compatibly support a new universal type in a\n non-ASN1_STRING form. Otherwise ASN1_TYPE\u0027s union changes its\n in-memory representation.\n\n- It is a bit ambiguous when OpenSSL does or doesn\u0027t know the type.\n\n- This is broadly implemented by having a default in all the\n switch/cases, which is a little awkward.\n\n- It\u0027s yet another \"unknown tag\" case when V_ASN1_OTHER covers such\n cases just fine.\n\nRemove this representation and use V_ASN1_OTHER. This more unambiguously\nresolves CVE-2016-2108. ASN1_STRING\u0027s and ASN1_TYPE\u0027s respective type\nfields are now a closed set. Update the documenthation accordingly.\n\nFormally allowing universal types in ASN1_STRING also opens the door to\nclearing the ASN1_PRINTABLE mess (https://crbug.com/boringssl/412).\nBoringSSL currently rejects X.509 names that are actually valid, because\nthe OpenSSL X509_NAME representation cannot represent them. This allows\nus to introduce an ASN1_STRING-based ANY representation, which just\nrepresents all non-ASN1_STRING types in an V_ASN1_OTHER.\n\nThe implementation is a little clumsy (the way things tasn_dec.c is\nwritten, I had to introduce yet another check), but I\u0027m hoping that,\nwhen the parser is rewritten with CBS, this can be integrated into a\nsingle type dispatch.\n\nUpdate-Note: This does not change the set of inputs accepted or rejected\nby the ASN.1 parser. It does, however, change the in-memory\nrepresentation in edge cases. Unless the application was specifically\ninspecting the in-memory representation for these unknown types, we\nexpect this to have no impact.\n\nFixed: 561\nChange-Id: Ibf9550e285ce50b11c7609d28b139354b9dd41dc\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58148\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "640b726810063b70097fa316d525dba493f71bbb", "old_mode": 33188, "old_path": "crypto/asn1/asn1_test.cc", "new_id": "1421462006d48833085b216f4f2ab31481769610", "new_mode": 33188, "new_path": "crypto/asn1/asn1_test.cc" }, { "type": "modify", "old_id": "4f25fbbac1315d3a338938eec6f64e6f46b427f0", "old_mode": 33188, "old_path": "crypto/asn1/tasn_dec.c", "new_id": "23c526e0f1ba6987e4902859e34d9b575831af7a", "new_mode": 33188, "new_path": "crypto/asn1/tasn_dec.c" }, { "type": "modify", "old_id": "ca3b3fc504bdf7394b3737ceaca7717b3c56d5bc", "old_mode": 33188, "old_path": "crypto/asn1/tasn_enc.c", "new_id": "b0d72ce86e4afe3ccbcde6e854dda05555710f9e", "new_mode": 33188, "new_path": "crypto/asn1/tasn_enc.c" }, { "type": "modify", "old_id": "59996b66f5d652562b119b0eb733a2af18ef13df", "old_mode": 33188, "old_path": "include/openssl/asn1.h", "new_id": "030306b54f3a2b1682f222c61fed340cbeb397e0", "new_mode": 33188, "new_path": "include/openssl/asn1.h" } ] }