cbor_load returns CBOR_ERR_MALFORMATED parsing the assigned tags for cose-encrypt0 (16), cose-mac0 (17), and cose-sign1 (18)

[dskern-github]

Describe the bug cbor_load returns CBOR_ERR_MALFORMATED upon receipt of all tags between 6 and 20 inclusive, including cose-sign1 (18) and cose-encrypt0 (16) in particular. The relevant code is in cbor/streaming.c around lines 457-471 where all bytes between 0xC6 and 0xD4 are deemed "Unassigned tag value(s)" and rejected.

That range of tag numbers may not be listed in RFC 8949, but RFCs 8152 and 9052 define cose-encrypt0 (16), cose-mac0 (17), and cose-sign1 (18), and RFC 9338 defines COSE_Countersignature (19).

All four of these COSE tags are listed in https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml

To Reproduce Apologies if the code is slightly off; the browser keeps trying to correct my capitalization and spelling.

for (i = 0; i < 1000; i++) {
  struct cbor_load_result Result;
  unsigned char Test[10] = {0};
  size_t testLen = 0;
  cbor_item_t *pOutTag = NULL;
  cbor_item_t *pInTag = cbor_new_tag(i);

  /* Build a tag of value i with a tagged item consisting of a null bstr */
  cbor_tag_set_item (pInTag, cbor_move (cbor_build_bytestring(NULL, 0)));
  testLen = cbor_serialize (pInTag, Test, sizeof (Test));

  pOutTag = cbor_load (Test, testLen, &Result);
  if (Result.error.code == CBOR_ERR_MALFORMATED)
    printf ("%d ", i);
  else if (Result.error.code != CBOR_ERR_NONE)
    printf ("%d* ", i);
  if (pInTag)
    cbor_decref (&pInTag); 
  if (pOutTag)
    cbor_decref (&pOutTag);
}
printf ("\n");

Expected behavior I expected that either all tags would be loaded successfully and the responsibility of determining if the desired tag was found left up to the (context-aware) calling code, or that all long-established registered tags would be loaded successfully. (RFC 8152, which defines COSE and tags 16-18, dates back to 2017)

Environment libcbor version 10.2

[PJK]

Thank you for the nice find, I think this warrants a release.