crypto/x509,ecoding/asn1: better handling of weird encodings - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <roland@golang.org>	2025-02-20 17:05:04 -0800
committer	Roland Shoemaker <roland@golang.org>	2025-03-13 16:42:59 -0700
commit	3b456ff42137df2b89295ede29c915d43c10b538 (patch)
tree	d6c0c945ba72094af897ee191d613e87b2394a98 /src/cmd/internal/obj
parent	d704ef76068eb7da15520b08dc7df98f45f85ffa (diff)
download	go-3b456ff42137df2b89295ede29c915d43c10b538.tar.xz

crypto/x509,ecoding/asn1: better handling of weird encodings

For various cursed reasons we need to support the BMPString and T61String ASN.1 string encodings. These types use the defunct UCS-2 and T.61 character encodings respectively. This change rejects some characters when decoding BMPStrings which are not valid in UCS-2, and properly parses T61Strings instead of treating them as plain UTF-8. While still not perfect, this matches the behavior of most other implementations, particularly BoringSSL. Ideally we'd just remove support for these ASN.1 types (particularly in crypto/x509, where we don't actually expose any API), but doing so is likely to break some deploy certificates which unfortunately still use these types in DNs, despite them being deprecated since 1999/2002. Fixes #71862 Change-Id: Ib8f392656a35171e48eaf71a200be6d7605b2f02 Reviewed-on: https://go-review.googlesource.com/c/go/+/651275 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>

Diffstat (limited to 'src/cmd/internal/obj')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: