)]}'
{
  "commit": "8ebfea76db79bc5b1646fbe76e681f58b3363e9d",
  "tree": "2b51e9ecc2f8f04726e722af3359b8a3e567f760",
  "parents": [
    "2a52444f9d9e66b0dc317b8b25bdb4a3e4c7518c"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu Mar 16 01:45:35 2023 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Tue Mar 21 22:35:09 2023 +0000"
  },
  "message": "Reject non-minimal lengths in ASN1_get_object\n\nNow that the preceding CL has isolated the X.509 signature hack, we can\napply the strictness across the legacy parser. This is particularly\nimportant for the TBSCertificate parser, where it is ambiguous which\nvalue one checks the signature over. (Officially, you\u0027re supposed to\nre-encode as DER. In practice, people don\u0027t do this.)\n\nThis change means many of our primitive types are actually parsed as\nDER. I\u0027ve removed the bug references in the comment in the documentation\nwhere I believe they\u0027re finally correct.\n\nUpdate-Note: Non-minimal lengths in certificates are no longer accepted,\nas required for standards compliance. The one exception is the signature\nfield, where we still carry an exception. Some of this was already\nenforced by libssl\u0027s parser.\n\nBug: 354\nChange-Id: I57cfa7df9e1ec5707390e9b32fe1ec6b5d8172f9\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58186\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3b97b38e0b60dad2418312b1683d0715a8b340d6",
      "old_mode": 33188,
      "old_path": "crypto/asn1/asn1_lib.c",
      "new_id": "dd56c9890bf67d0b5164f75119af34d54bc2c8f4",
      "new_mode": 33188,
      "new_path": "crypto/asn1/asn1_lib.c"
    },
    {
      "type": "modify",
      "old_id": "1421462006d48833085b216f4f2ab31481769610",
      "old_mode": 33188,
      "old_path": "crypto/asn1/asn1_test.cc",
      "new_id": "cd26528dbfd0101c33bc8f6668d9059a02d1ba5a",
      "new_mode": 33188,
      "new_path": "crypto/asn1/asn1_test.cc"
    },
    {
      "type": "modify",
      "old_id": "8adba6c68f97a4499811f06afb704be985d890f4",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_test.cc",
      "new_id": "653af3911720fb082ad00d0a71a63b69f9ef0910",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_test.cc"
    },
    {
      "type": "modify",
      "old_id": "030306b54f3a2b1682f222c61fed340cbeb397e0",
      "old_mode": 33188,
      "old_path": "include/openssl/asn1.h",
      "new_id": "5df6816039723bb003253d524e622c1511e631f7",
      "new_mode": 33188,
      "new_path": "include/openssl/asn1.h"
    }
  ]
}