commit | abfd5ebc87ddca0fab9fca067c9d7edbc355eae8 | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Wed Apr 12 16:30:01 2023 -0400 |
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Apr 12 23:17:03 2023 +0000 |
tree | 121237a14408ca5821853b0c43660c0e63aca4e7 | |
parent | 8cacbd93b8788cfb46f6a4d7e11b99c29b3752bd [diff] |
Restore some default cases in tasn_dec.c and tasn_enc.c This reverts a small portion of 8c8629bfd89436e5019b6bd3c65cff4bf1a76b76. The parsers for ANY remain unchanged, but we inadvertently changed a corner case of ASN1_PRINTABLE MSTRINGs. This is a huge mess. utype in these switch cases is usually the type of the ASN1_ITEM, but, with ANY and MSTRING, it is the tag of the value we found. (An MSTRING or "multi-string" is a CHOICE of string-like types.) When parsing ANY, this is moot because the is_supported_universal_type logic ensures we'll never pass in an invalid type. When encoding ANY, this only happens if you manually construct such an ASN1_TYPE. MSTRINGs *should* be similar because of the bitmask they apply on tag types. However, there is one MSTRING type whose bitmask, B_ASN1_PRINTABLE, includes B_ASN1_UNKNOWN. ASN1_tag2bit, arbitrarily maps eight unsupported tags to B_ASN1_UNKNOWN and instead of zero. These are: - ObjectDescriptor - EXTERNAL - REAL - EMBEDDED PDV - RELATIVE-OID - TIME (note this is not the same as the X.509 Time CHOICE type) - [UNIVERSAL 15], which is not even a defined type! - CHARACTER STRING (ENUMERATED is also mapped to B_ASN1_UNKNOWN, but it's supported.) These eight tags were previously accepted in d2i_X509_NAME but 8c8629bfd89436e5019b6bd3c65cff4bf1a76b76 inadvertently started rejecting them. For now, restore the default in the switch/case so that we accept them again. Per https://crbug.com/boringssl/412, attribute values are ANY DEFINED BY types, so we actually should be accepting *all* types. We do not, because B_ASN1_PRINTABLE is completely incoherent. But because ANY is the correct type, going from the original incoherent set, to this new, smaller incoherent set is arguably a regression. This is a minimal fix. Long-term, we should handle that ANY correctly, and avoid unexpected ASN1_STRING type values, by mapping all unsupported types to V_ASN1_OTHER. This would allow us to support all types correctly. A follow-up change will do that. Update-Note: The X.509 name parser will go back to accepting a handful of universal tag types that were inadvertently rejected in 8c8629bfd89436e5019b6bd3c65cff4bf1a76b76. It is extremely unlikely that anyone uses these as they're unsupported, obscure types. This CL also makes our ASN1_TYPE encoder slightly more permissive again, if the caller manually constructs an legacy in-memory representation of an unsupported tag. But the follow-up change will restore the stricter behavior. Bug: 412, 561 Change-Id: Ia44a270f12f3021154761a1cd285707416d8787e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58705 Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: