)]}' { "commit": "edbdc240ecb6a2d5a500b8e2eedfe3e6a2423c0a", "tree": "bfbe2c2b54480d5d7a72bd2a079de96229aa7201", "parents": [ "2fc6d38391cb76839c76b2a462619e7d69fd998d" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Nov 02 11:37:22 2021 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Apr 19 18:42:59 2022 +0000" }, "message": "Reject [UNIVERSAL 0] in DER/BER element parsers.\n\n[UNIVERSAL 0] is reserved by X.680 for the encoding to use. BER uses\nthis to encode indefinite-length EOCs, but it is possible to encode it\nin a definite-length element or in a non-EOC form (non-zero length, or\nconstructed).\n\nWhether we accept such encodings is normally moot: parsers will reject\nthe tag as unsuitable for the type. However, the ANY type matches all\ntags. Previously, we would allow this, but crypto/asn1 has some ad-hoc\nchecks for unexpected EOCs, in some contexts, but not others.\n\nGeneralize this check to simply rejecting [UNIVERSAL 0] in all forms.\nThis avoids a weird hole in the abstraction where tags are sometimes\nrepresentable in BER and sometimes not. It also means we\u0027ll preserve\nthis check when migrating parsers from crypto/asn1.\n\nUpdate-Note: There are two kinds of impacts I might expect from this\nchange. The first is BER parsers might be relying on the CBS DER/BER\nelement parser to pick up EOCs, as our ber.c does. This should be caught\nby the most basic unit test and can be fixed by detecting EOCs\nexternally.\n\nThe second is code might be trying to parse \"actual\" elements with tag\n[UNIVERSAL 0]. No actual types use this tag, so any non-ANY field is\nalready rejecting such inputs. However, it is possible some input has\nthis tag in a field with type ANY. This CL will cause us to reject that\ninput. Note, however, that crypto/asn1 already rejects unexpected EOCs\ninside sequences, so many cases were already rejected anyway. Such\ninputs are also invalid as the ANY should match some actual, unknown\nASN.1 type, and that type cannot use the reserved tag.\n\nFixed: 455\nChange-Id: If42cacc01840439059baa0e67179d0f198234fc4\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52245\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "7d6988965168feed2e8c57f46375bb90a9c897f5", "old_mode": 33188, "old_path": "crypto/asn1/asn1_test.cc", "new_id": "6e8a1a9041994af769df748ab0d8dc5578e8eb3d", "new_mode": 33188, "new_path": "crypto/asn1/asn1_test.cc" }, { "type": "modify", "old_id": "beb9a0b26d1d5d6630d9efe2070b75bdbe405802", "old_mode": 33188, "old_path": "crypto/asn1/tasn_dec.c", "new_id": "c2b52eb0e34d30858b0bab46246ad57a274d178a", "new_mode": 33188, "new_path": "crypto/asn1/tasn_dec.c" }, { "type": "modify", "old_id": "d9b780f9ed82c115d3d06217faa29e9695f884ac", "old_mode": 33188, "old_path": "crypto/bytestring/ber.c", "new_id": "dc707b93fe4e552196ba3450468f15c4d9cdb216", "new_mode": 33188, "new_path": "crypto/bytestring/ber.c" }, { "type": "modify", "old_id": "77261a304b60dd06966d2673596011401ffa6535", "old_mode": 33188, "old_path": "crypto/bytestring/bytestring_test.cc", "new_id": "a8c19132a585678ec3b513bb675f9e9e30815755", "new_mode": 33188, "new_path": "crypto/bytestring/bytestring_test.cc" }, { "type": "modify", "old_id": "293e66c35d42b796a3ce9e9d69caec0cd6a0db80", "old_mode": 33188, "old_path": "crypto/bytestring/cbs.c", "new_id": "010897b107bdc24d1159811e00c13b7e41c0dd68", "new_mode": 33188, "new_path": "crypto/bytestring/cbs.c" }, { "type": "modify", "old_id": "199d89c31bdf4b9abca61a82f545fe137e4acac8", "old_mode": 33188, "old_path": "include/openssl/bytestring.h", "new_id": "68c1ba4c57697f2f33ed8939448f4bc1608804b7", "new_mode": 33188, "new_path": "include/openssl/bytestring.h" } ] }