RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]
Jamil Nimeh
jnimeh at openjdk.java.net
Thu Apr 8 17:06:38 UTC 2021
On Thu, 8 Apr 2021 13:57:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change does not intend to support multiple byte tags. Instead, it aims to fail more gracefully when such a tag is encountered. For `DerValue` constructors from an encoding (type I), an `IOException` will be thrown since it's already in the throws clause. For constructors from tag and value (type II), an `IllegalArgumentException` will be thrown. All existing type II callers inside JDK use tag numbers smaller than 31.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> update exception wordings
src/java.base/share/classes/sun/security/util/DerValue.java line 322:
> 320: tag = buf[pos++];
> 321: if ((tag & 0x1f) == 0x1f) {
> 322: throw new IOException("Tag number over 30 is not supported");
Would it be useful for these types of exception messages to either display the offending tag value or perhaps the tag offset? Just thinking it might be a nice thing for the recipient to know where in the DER encoding the issue is.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3391
More information about the security-dev
mailing list