RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]
Weijun Wang
weijun at openjdk.java.net
Thu Apr 8 17:13:13 UTC 2021
On Thu, 8 Apr 2021 16:58:24 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> update exception wordings
>
> src/java.base/share/classes/sun/security/util/DerValue.java line 322:
>
>> 320: tag = buf[pos++];
>> 321: if ((tag & 0x1f) == 0x1f) {
>> 322: throw new IOException("Tag number over 30 is not supported");
>
> Would it be useful for these types of exception messages to either display the offending tag value or perhaps the tag offset? Just thinking it might be a nice thing for the recipient to know where in the DER encoding the issue is.
I don't want to go on reading the following bytes to find out what the intended tag number is, because that somehow shows I do understand the encoding _a lot_ but still don't want to support it (well, actually I only understand _a little_). There are only 2 kinds of tags: one <= 30 and one >= 31. IMHO, the message has already expressed the meaning that we only support the 1st one.
An alternative message I can think of is "Unsupported tag byte: 0xBF", but it looks too cryptic.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3391
More information about the security-dev
mailing list