Google Git
Sign in
pigweed / third_party / boringssl / boringssl / cab31f65f1ad6e6daca62e95b25dd6cd805fce0b^! / .
commitcab31f65f1ad6e6daca62e95b25dd6cd805fce0b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Sep 23 15:22:39 2022 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Sep 23 19:59:00 2022 +0000
tree596efdf7fa955d525d3dd278de3d82ff5eaff4e8
parenta61e7475d3145836cc11469f328ad7c98e7cf527 [diff]
Add int64 ASN1_INTEGER setters too.

https://boringssl-review.googlesource.com/c/boringssl/+/54307 added just
the getters because no one was using the setters yet. But our long
setter *already* implements the int64 version, so just complete the
whole set and deprecate the old long-based APIs.

Change-Id: Ieb793f3cf90d4214c6416ba2f10e641c46403188
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54526
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 89d6a54..78d1f09 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c

@@ -246,7 +246,7 @@
   return NULL;
 }
 
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) {
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t v) {
   if (v >= 0) {
     return ASN1_INTEGER_set_uint64(a, (uint64_t)v);
   }
@@ -259,7 +259,7 @@
   return 1;
 }
 
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) {
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t v) {
   if (v >= 0) {
     return ASN1_ENUMERATED_set_uint64(a, (uint64_t)v);
   }
@@ -272,6 +272,16 @@
   return 1;
 }
 
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) {
+  static_assert(sizeof(long) <= sizeof(int64_t), "long fits in int64_t");
+  return ASN1_INTEGER_set_int64(a, v);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) {
+  static_assert(sizeof(long) <= sizeof(int64_t), "long fits in int64_t");
+  return ASN1_ENUMERATED_set_int64(a, v);
+}
+
 static int asn1_string_set_uint64(ASN1_STRING *out, uint64_t v, int type) {
   uint8_t buf[sizeof(uint64_t)];
   CRYPTO_store_u64_be(buf, v);

diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc
index 4d07a8b..2f0ec76 100644
--- a/crypto/asn1/asn1_test.cc
+++ b/crypto/asn1/asn1_test.cc

@@ -346,13 +346,16 @@
 
       fits_in_i64 = BN_cmp(int64_min.get(), bn.get()) <= 0 &&
                     BN_cmp(bn.get(), int64_max.get()) <= 0;
-
       if (fits_in_i64) {
         if (BN_is_negative(bn.get())) {
           i64 = static_cast<int64_t>(0u - abs_u64);
         } else {
           i64 = static_cast<int64_t>(abs_u64);
         }
+        bssl::UniquePtr<ASN1_INTEGER> by_i64(ASN1_INTEGER_new());
+        ASSERT_TRUE(by_i64);
+        ASSERT_TRUE(ASN1_INTEGER_set_int64(by_i64.get(), i64));
+        objs["i64"] = std::move(by_i64);
       }
 
       if (sizeof(long) == 8) {

diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c
index 42b4f21..606fffd 100644
--- a/crypto/x509/rsa_pss.c
+++ b/crypto/x509/rsa_pss.c

@@ -221,7 +221,7 @@
   assert(saltlen != 20);
   pss->saltLength = ASN1_INTEGER_new();
   if (!pss->saltLength ||  //
-      !ASN1_INTEGER_set(pss->saltLength, saltlen)) {
+      !ASN1_INTEGER_set_int64(pss->saltLength, saltlen)) {
     goto err;
   }
 

diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 29fe722..bfc3ae0 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c

@@ -94,7 +94,7 @@
       return 0;
     }
   }
-  return ASN1_INTEGER_set(x->cert_info->version, version);
+  return ASN1_INTEGER_set_int64(x->cert_info->version, version);
 }
 
 int X509_set_serialNumber(X509 *x, const ASN1_INTEGER *serial) {

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index 24ee3bc..83ff6bd 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc

@@ -1943,7 +1943,7 @@
       cert.reset(X509_new());
       // Fill in some fields for the certificate arbitrarily.
       EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
-      EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
+      EXPECT_TRUE(ASN1_INTEGER_set_int64(X509_get_serialNumber(cert.get()), 1));
       EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
       EXPECT_TRUE(
           X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
@@ -2088,7 +2088,7 @@
   ASSERT_TRUE(root);
 
   bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
-  ASN1_INTEGER_set(fourty_two.get(), 42);
+  ASN1_INTEGER_set_int64(fourty_two.get(), 42);
   X509_set_serialNumber(root.get(), fourty_two.get());
 
   ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
@@ -4822,7 +4822,7 @@
   // them and some callers rely in this for tests.
   bssl::UniquePtr<ASN1_INTEGER> serial(ASN1_INTEGER_new());
   ASSERT_TRUE(serial);
-  ASSERT_TRUE(ASN1_INTEGER_set(serial.get(), -1));
+  ASSERT_TRUE(ASN1_INTEGER_set_int64(serial.get(), -1));
   ASSERT_TRUE(X509_set_serialNumber(root.get(), serial.get()));
   int64_t val;
   ASSERT_TRUE(ASN1_INTEGER_get_int64(&val, X509_get0_serialNumber(root.get())));

diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 5b9dea9..6eba6d1 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c

@@ -85,7 +85,7 @@
       return 0;
     }
   }
-  return ASN1_INTEGER_set(x->crl->version, version);
+  return ASN1_INTEGER_set_int64(x->crl->version, version);
 }
 
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) {

diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index 869bd40..8b8beff 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c

@@ -70,7 +70,7 @@
     OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
     return 0;
   }
-  return ASN1_INTEGER_set(x->req_info->version, version);
+  return ASN1_INTEGER_set_int64(x->req_info->version, version);
 }
 
 int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) {

diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 8c43ee0..693b38e 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h

@@ -1080,9 +1080,9 @@
 // on success and zero on error.
 OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v);
 
-// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
-// success and zero on error.
-OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+// ASN1_INTEGER_set_int64 sets |a| to an INTEGER with value |v|. It returns one
+// on success and zero on error.
+OPENSSL_EXPORT int ASN1_INTEGER_set_int64(ASN1_INTEGER *out, int64_t v);
 
 // ASN1_INTEGER_get_uint64 converts |a| to a |uint64_t|. On success, it returns
 // one and sets |*out| to the result. If |a| did not fit or has the wrong type,
@@ -1095,13 +1095,6 @@
 // it returns zero.
 OPENSSL_EXPORT int ASN1_INTEGER_get_int64(int64_t *out, const ASN1_INTEGER *a);
 
-// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
-// range or the wrong type.
-//
-// WARNING: This function's return value cannot distinguish errors from -1.
-// Prefer |ASN1_INTEGER_get_uint64|.
-OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-
 // BN_to_ASN1_INTEGER sets |ai| to an INTEGER with value |bn| and returns |ai|
 // on success or NULL or error. If |ai| is NULL, it returns a newly-allocated
 // |ASN1_INTEGER| on success instead, which the caller must release with
@@ -1149,9 +1142,9 @@
 // returns one on success and zero on error.
 OPENSSL_EXPORT int ASN1_ENUMERATED_set_uint64(ASN1_ENUMERATED *out, uint64_t v);
 
-// ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
-// on success and zero on error.
-OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+// ASN1_ENUMERATED_set_int64 sets |a| to an ENUMERATED with value |v|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *out, int64_t v);
 
 // ASN1_ENUMERATED_get_uint64 converts |a| to a |uint64_t|. On success, it
 // returns one and sets |*out| to the result. If |a| did not fit or has the
@@ -1165,13 +1158,6 @@
 OPENSSL_EXPORT int ASN1_ENUMERATED_get_int64(int64_t *out,
                                              const ASN1_ENUMERATED *a);
 
-// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
-// of range or the wrong type.
-//
-// WARNING: This function's return value cannot distinguish errors from -1.
-// Prefer |ASN1_ENUMERATED_get_uint64|.
-OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
-
 // BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns
 // |ai| on success or NULL or error. If |ai| is NULL, it returns a
 // newly-allocated |ASN1_ENUMERATED| on success instead, which the caller must
@@ -1974,6 +1960,32 @@
 // printable characters. See https://crbug.com/boringssl/412.
 DECLARE_ASN1_ITEM(ASN1_PRINTABLE)
 
+// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
+// success and zero on error.
+//
+// Use |ASN1_INTEGER_set_uint64| and |ASN1_INTEGER_set_int64| instead.
+OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+
+// ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
+// on success and zero on error.
+//
+// Use |ASN1_ENUMERATED_set_uint64| and |ASN1_ENUMERATED_set_int64| instead.
+OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
+// range or the wrong type.
+//
+// WARNING: This function's return value cannot distinguish errors from -1.
+// Use |ASN1_INTEGER_get_uint64| and |ASN1_INTEGER_get_int64| instead.
+OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+
+// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
+// of range or the wrong type.
+//
+// WARNING: This function's return value cannot distinguish errors from -1.
+// Use |ASN1_ENUMERATED_get_uint64| and |ASN1_ENUMERATED_get_int64| instead.
+OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+
 
 #if defined(__cplusplus)
 }  // extern C