RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Apr 8 17:31:09 UTC 2021
On Thu, 8 Apr 2021 16:59:54 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/DerValue.java line 225:
>>
>>> 223: DerValue(byte tag, byte[] buffer, int start, int end, boolean allowBER) {
>>> 224: if ((tag & 0x1f) == 0x1f) {
>>> 225: throw new IllegalArgumentException("Tag number 31 is not supported");
>>
>> As number 31 just means the tag is bigger than 31, Is it more accuracy by using "Tag number over 30 is not supported"?
>
> Well, it's a little delicate here. Even if we support multi-byte tag one day, this constructor will still only be used to create a single-byte tag `DerValue`, and it's illegal for a single byte tag to end with 0x1f. So the words above is to remind people that they cannot create a tag number 31 `DerValue` just because it seems it still fits into the 5 bits. Precisely, the words should be "this constructor only supports tag number between 0 and 30", but... I'll choose your words.
It makes sense. Your words is good to me.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3391
More information about the security-dev
mailing list