375124b162
CBS_asn1_ber_to_der currently uses heuristics because implicitly-tagged constructed strings in BER are ambiguous with implicitly-tagged sequences. It's not possible to convert BER to DER without knowing the schema. Fortunately, implicitly tagged strings don't appear often so instead split the job up: CBS_asn1_ber_to_der fixes indefinite-length elements and constructed strings it can see. Implicitly-tagged strings it leaves uncoverted, but they will only nest one level down (because BER kindly allows one to nest constructed strings arbitrarily!). CBS_get_asn1_implicit_string then performs the final concatenation at parse time. This isn't much more complex and lets us parse BER more accurately and also reject a number of mis-encoded values (e.g. constructed INTEGERs are not a thing) we'd previously let through. The downside is the post-conversion parsing code must be aware of this limitation of CBS_asn1_ber_to_der. Fortunately, there's only one implicitly-tagged string in our PKCS#12 code. (In the category of things that really really don't matter, but I had spare cycles and the old BER converter is weird.) Change-Id: Iebdd13b08559fa158b308ef83a5bb07bfdf80ae8 Reviewed-on: https://boringssl-review.googlesource.com/7052 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| internal.h | ||
| p5_pbe.c | ||
| p5_pbev2.c | ||
| p8_pkey.c | ||
| pkcs8_test.cc | ||
| pkcs8.c | ||
| pkcs12_test.cc | ||