RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Thu Apr 8 17:31:09 UTC 2021


On Thu, 8 Apr 2021 16:59:54 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/util/DerValue.java line 225:
>> 
>>> 223:     DerValue(byte tag, byte[] buffer, int start, int end, boolean allowBER) {
>>> 224:         if ((tag & 0x1f) == 0x1f) {
>>> 225:             throw new IllegalArgumentException("Tag number 31 is not supported");
>> 
>> As number 31 just means the tag is bigger than 31, Is it more accuracy by using "Tag number over 30 is not supported"?
>
> Well, it's a little delicate here. Even if we support multi-byte tag one day, this constructor will still only be used to create a single-byte tag `DerValue`, and it's illegal for a single byte tag to end with 0x1f. So the words above is to remind people that they cannot create a tag number 31 `DerValue` just because it seems it still fits into the 5 bits. Precisely, the words should be "this constructor only supports tag number between 0 and 30", but... I'll choose your words.

It makes sense.  Your words is good to me.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3391



More information about the security-dev mailing list