[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Mon May 18 17:45:02 UTC 2015


The branch master has been updated
       via  6c5b6cb035666d46495ccbe4a4f3d5e3a659cd40 (commit)
       via  978327bcadb738b7bc7a52f74c7b4c5f56bda4a6 (commit)
      from  b2ce0337e8430f7d4d1e692415efc89ed02a8ea3 (commit)


- Log -----------------------------------------------------------------
commit 6c5b6cb035666d46495ccbe4a4f3d5e3a659cd40
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri May 15 00:00:41 2015 +0100

    ASN1 INTEGER refactor.
    
    Rewrite and tidy ASN1_INTEGER and ASN1_ENUMERATED handling.
    
    Remove code duplication.
    
    New functions to convert between int64_t and ASN.1 types without the
    quirks of the old long conversion functions.
    
    Add documentation.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 978327bcadb738b7bc7a52f74c7b4c5f56bda4a6
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sun May 17 15:09:46 2015 +0100

    Add types to indent.pro
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/Makefile                  |  24 +-
 crypto/asn1/a_enum.c                  | 179 -----------
 crypto/asn1/a_int.c                   | 540 ++++++++++++++++++++++------------
 crypto/asn1/asn1_err.c                |  15 +-
 crypto/asn1/f_enum.c                  | 193 ------------
 crypto/asn1/f_int.c                   |  13 +
 doc/crypto/ASN1_INTEGER_get_int64.pod | 112 +++++++
 include/openssl/asn1.h                |  23 +-
 util/indent.pro                       |   8 +
 9 files changed, 529 insertions(+), 578 deletions(-)
 delete mode 100644 crypto/asn1/a_enum.c
 delete mode 100644 crypto/asn1/f_enum.c
 create mode 100644 doc/crypto/ASN1_INTEGER_get_int64.pod

diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 4283145..20b7948 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -17,7 +17,7 @@ GENERAL=Makefile README
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
-	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+	a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
 	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
 	x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
 	x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
@@ -25,13 +25,13 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
 	tasn_prn.c tasn_scn.c ameth_lib.c \
 	f_int.c f_string.c n_pkey.c \
-	f_enum.c x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
+	x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
 	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
 	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \
 	asn_mstbl.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
-	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+	a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
 	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
 	x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
 	x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
@@ -39,7 +39,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
 	tasn_prn.o tasn_scn.o ameth_lib.o \
 	f_int.o f_string.o n_pkey.o \
-	f_enum.o x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \
+	x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \
 	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \
 	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \
 	asn_mstbl.o
@@ -133,14 +133,6 @@ a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_dup.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h
 a_dup.o: a_dup.c
-a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../include/internal/cryptlib.h a_enum.c
 a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
 a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -441,14 +433,6 @@ evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_asn1.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h
 evp_asn1.o: evp_asn1.c
-f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-f_enum.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h
-f_enum.o: f_enum.c
 f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
deleted file mode 100644
index 81c0f3a..0000000
--- a/crypto/asn1/a_enum.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* crypto/asn1/a_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-/*
- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
- * for comments on encoding see a_int.c
- */
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
-{
-    int j, k;
-    unsigned int i;
-    unsigned char buf[sizeof(long) + 1];
-    long d;
-
-    a->type = V_ASN1_ENUMERATED;
-    if (a->length < (int)(sizeof(long) + 1)) {
-        OPENSSL_free(a->data);
-        if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset(a->data, 0, sizeof(long) + 1);
-    }
-    if (a->data == NULL) {
-        ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    d = v;
-    if (d < 0) {
-        d = -d;
-        a->type = V_ASN1_NEG_ENUMERATED;
-    }
-
-    for (i = 0; i < sizeof(long); i++) {
-        if (d == 0)
-            break;
-        buf[i] = (int)d & 0xff;
-        d >>= 8;
-    }
-    j = 0;
-    for (k = i - 1; k >= 0; k--)
-        a->data[j++] = buf[k];
-    a->length = j;
-    return (1);
-}
-
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
-{
-    int neg = 0, i;
-    long r = 0;
-
-    if (a == NULL)
-        return (0L);
-    i = a->type;
-    if (i == V_ASN1_NEG_ENUMERATED)
-        neg = 1;
-    else if (i != V_ASN1_ENUMERATED)
-        return -1;
-
-    if (a->length > (int)sizeof(long)) {
-        /* hmm... a bit ugly */
-        return (0xffffffffL);
-    }
-    if (a->data == NULL)
-        return 0;
-
-    for (i = 0; i < a->length; i++) {
-        r <<= 8;
-        r |= (unsigned char)a->data[i];
-    }
-    if (neg)
-        r = -r;
-    return (r);
-}
-
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
-{
-    ASN1_ENUMERATED *ret;
-    int len, j;
-
-    if (ai == NULL)
-        ret = ASN1_ENUMERATED_new();
-    else
-        ret = ai;
-    if (ret == NULL) {
-        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
-        goto err;
-    }
-    if (BN_is_negative(bn))
-        ret->type = V_ASN1_NEG_ENUMERATED;
-    else
-        ret->type = V_ASN1_ENUMERATED;
-    j = BN_num_bits(bn);
-    len = ((j == 0) ? 0 : ((j / 8) + 1));
-    if (ret->length < len + 4) {
-        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
-        if (!new_data) {
-            ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        ret->data = new_data;
-    }
-
-    ret->length = BN_bn2bin(bn, ret->data);
-    return (ret);
- err:
-    if (ret != ai)
-        ASN1_ENUMERATED_free(ret);
-    return (NULL);
-}
-
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
-{
-    BIGNUM *ret;
-
-    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-        ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
-    else if (ai->type == V_ASN1_NEG_ENUMERATED)
-        BN_set_negative(ret, 1);
-    return (ret);
-}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 56a72fb..f3a7e6a 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include <limits.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 #include "asn1_locl.h"
@@ -88,10 +89,11 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
 }
 
 /*-
- * This converts an ASN1 INTEGER into its content encoding.
+ * This converts a big endian buffer and sign into its content encoding.
+ * This is used for INTEGER and ENUMERATED types.
  * The internal representation is an ASN1_STRING whose data is a big endian
  * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
+ * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
  *
  * Positive integers are no problem: they are almost the same as the DER
  * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
@@ -112,19 +114,19 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
  * followed by optional zeros isn't padded.
  */
 
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+                       unsigned char **pp)
 {
-    int pad = 0, ret, i, neg;
-    unsigned char *p, *n, pb = 0;
+    int pad = 0;
+    size_t ret, i;
+    unsigned char *p, pb = 0;
+    const unsigned char *n;
 
-    if (a == NULL)
-        return (0);
-    neg = a->type & V_ASN1_NEG;
-    if (a->length == 0)
+    if (b == NULL || blen == 0)
         ret = 1;
     else {
-        ret = a->length;
-        i = a->data[0];
+        ret = blen;
+        i = b[0];
         if (ret == 1 && i == 0)
             neg = 0;
         if (!neg && (i > 127)) {
@@ -139,8 +141,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
                  * Special case: if any other bytes non zero we pad:
                  * otherwise we don't.
                  */
-                for (i = 1; i < a->length; i++)
-                    if (a->data[i]) {
+                for (i = 1; i < blen; i++)
+                    if (b[i]) {
                         pad = 1;
                         pb = 0xFF;
                         break;
@@ -150,20 +152,20 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         ret += pad;
     }
     if (pp == NULL)
-        return (ret);
+        return ret;
     p = *pp;
 
     if (pad)
         *(p++) = pb;
-    if (a->length == 0)
+    if (blen == 0)
         *(p++) = 0;
     else if (!neg)
-        memcpy(p, a->data, (unsigned int)a->length);
+        memcpy(p, b, blen);
     else {
         /* Begin at the end of the encoding */
-        n = a->data + a->length - 1;
-        p += a->length - 1;
-        i = a->length;
+        n = b + blen - 1;
+        p += blen - 1;
+        i = blen;
         /* Copy zeros to destination as long as source is zero */
         while (!*n && i > 1) {
             *(p--) = 0;
@@ -179,97 +181,241 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
     }
 
     *pp += ret;
-    return (ret);
+    return ret;
 }
 
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+/*
+ * convert content octets into a big endian buffer. Returns the length
+ * of buffer or 0 on error: for malformed INTEGER. If output bufer is
+ * NULL just return length.
+ */
 
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                               long len)
+static size_t c2i_ibuf(unsigned char *b, int *pneg,
+                       const unsigned char *p, size_t plen)
 {
-    ASN1_INTEGER *ret = NULL;
-    const unsigned char *p, *pend;
-    unsigned char *to, *s;
-    int i;
+    size_t i;
+    int neg, pad;
+    /* Zero content length is illegal */
+    if (plen == 0) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
+        return 0;
+    }
+    neg = p[0] & 0x80;
+    if (pneg)
+        *pneg = neg;
+    /* Handle common case where length is 1 octet separately */
+    if (plen == 1) {
+        if (b) {
+            if (neg)
+                b[0] = (p[0] ^ 0xFF) + 1;
+            else
+                b[0] = p[0];
+        }
+        return 1;
+    }
+    if (p[0] == 0 || p[0] == 0xFF)
+        pad = 1;
+    else
+        pad = 0;
+    /* reject illegal padding: first two octets MSB can't match */
+    if (pad && (neg == (p[1] & 0x80))) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+    /* If positive just copy across */
+    if (neg == 0) {
+        if (b)
+            memcpy(b, p + pad, plen - pad);
+        return plen - pad;
+    }
 
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = ASN1_INTEGER_new()) == NULL)
-            return (NULL);
-        ret->type = V_ASN1_INTEGER;
-    } else
-        ret = (*a);
+    if (neg && pad) {
+        /* check is any following octets are non zero */
+        for (i = 1; i < plen; i++) {
+            if (p[i] != 0)
+                break;
+        }
+        /* if all bytes are zero handle as special case */
+        if (i == plen) {
+            if (b) {
+                b[0] = 1;
+                memset(b + 1, 0, plen - 1);
+            }
+            return plen;
+        }
+    }
 
-    p = *pp;
-    pend = p + len;
+    plen -= pad;
+    /* Must be negative: calculate twos complement */
+    if (b) {
+        const unsigned char *from = p + plen - 1 + pad;
+        unsigned char *to = b + plen - 1;
+        i = plen;
+        while (*from == 0 && i) {
+            *to-- = 0;
+            i--;
+            from--;
+        }
+        *to-- = (*from-- ^ 0xff) + 1;
+        OPENSSL_assert(i != 0);
+        i--;
+        for (; i > 0; i--)
+            *to-- = *from-- ^ 0xff;
+    }
+    return plen;
+}
 
-    /*
-     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
-     * a missing NULL parameter.
-     */
-    s = OPENSSL_malloc((int)len + 1);
-    if (s == NULL) {
-        i = ERR_R_MALLOC_FAILURE;
-        goto err;
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+}
+
+/* Convert big endian buffer into uint64_t, return 0 on error */
+static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
+{
+    size_t i;
+    if (blen > sizeof(*pr)) {
+        ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
+        return 0;
     }
-    to = s;
-    if (!len) {
-        /*
-         * Strictly speaking this is an illegal INTEGER but we tolerate it.
-         */
-        ret->type = V_ASN1_INTEGER;
-    } else if (*p & 0x80) {     /* a negative number */
-        ret->type = V_ASN1_NEG_INTEGER;
-        if ((*p == 0xff) && (len != 1)) {
-            p++;
-            len--;
-        }
-        i = len;
-        p += i - 1;
-        to += i - 1;
-        while ((!*p) && i) {
-            *(to--) = 0;
-            i--;
-            p--;
+    *pr = 0;
+    if (b == NULL)
+        return 0;
+    for (i = 0; i < blen; i++) {
+        *pr <<= 8;
+        *pr |= b[i];
+    }
+    return 1;
+}
+
+static size_t asn1_put_uint64(unsigned char *b, uint64_t r)
+{
+    if (r >= 0x100) {
+        unsigned char *p;
+        uint64_t rtmp = r;
+        size_t i = 0;
+
+        /* Work out how many bytes we need */
+        while (rtmp) {
+            rtmp >>= 8;
+            i++;
         }
-        /*
-         * Special case: if all zeros then the number will be of the form FF
-         * followed by n zero bytes: this corresponds to 1 followed by n zero
-         * bytes. We've already written n zeros so we just append an extra
-         * one and set the first byte to a 1. This is treated separately
-         * because it is the only case where the number of bytes is larger
-         * than len.
-         */
-        if (!i) {
-            *s = 1;
-            s[len] = 0;
-            len++;
-        } else {
-            *(to--) = (*(p--) ^ 0xff) + 1;
-            i--;
-            for (; i > 0; i--)
-                *(to--) = *(p--) ^ 0xff;
+
+        /* Copy from end to beginning */
+        p = b + i - 1;
+
+        do {
+            *p-- = r & 0xFF;
+            r >>= 8;
+        } while (p >= b);
+
+        return i;
+    }
+
+    b[0] = (unsigned char)r;
+    return 1;
+
+}
+
+/*
+ * Absolute value of INT64_MIN: we can't just use -INT64_MIN as it produces
+ * overflow warnings.
+ */
+
+#define ABS_INT64_MIN \
+    ((uint64_t)INT64_MAX + (uint64_t)(-(INT64_MIN + INT64_MAX)))
+
+/* signed version of asn1_get_uint64 */
+static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
+                          int neg)
+{
+    uint64_t r;
+    if (asn1_get_uint64(&r, b, blen) == 0)
+        return 0;
+    if (neg) {
+        if (r > ABS_INT64_MIN) {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
+            return 0;
         }
+        *pr = (int64_t)-r;
     } else {
-        ret->type = V_ASN1_INTEGER;
-        if ((*p == 0) && (len != 1)) {
-            p++;
-            len--;
+        if (r > INT64_MAX) {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
+            return 0;
         }
-        memcpy(s, p, (int)len);
+        *pr = (int64_t)r;
     }
+    return 1;
+}
 
-    OPENSSL_free(ret->data);
-    ret->data = s;
-    ret->length = (int)len;
+/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long len)
+{
+    ASN1_INTEGER *ret = NULL;
+    size_t r;
+    int neg;
+
+    r = c2i_ibuf(NULL, NULL, *pp, len);
+
+    if (r == 0)
+        return NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        ret = ASN1_INTEGER_new();
+        if (ret == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = *a;
+
+    if (ASN1_STRING_set(ret, NULL, r) == 0)
+        goto err;
+
+    c2i_ibuf(ret->data, &neg, *pp, len);
+
+    if (neg)
+        ret->type |= V_ASN1_NEG;
+
+    *pp += len;
     if (a != NULL)
         (*a) = ret;
-    *pp = pend;
-    return (ret);
+    return ret;
  err:
-    ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
     if ((a == NULL) || (*a != ret))
         ASN1_INTEGER_free(ret);
-    return (NULL);
+    return NULL;
+}
+
+static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
+}
+
+static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t l;
+    a->type = itype;
+    if (r < 0) {
+        l = asn1_put_uint64(tbuf, -r);
+        a->type |= V_ASN1_NEG;
+    } else {
+        l = asn1_put_uint64(tbuf, r);
+        a->type &= ~V_ASN1_NEG;
+    }
+    if (l == 0)
+        return 0;
+    return ASN1_STRING_set(a, tbuf, l);
 }
 
 /*
@@ -340,116 +486,148 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
     return (NULL);
 }
 
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
+                                      int atype)
 {
-    int j, k;
-    unsigned int i;
-    unsigned char buf[sizeof(long) + 1];
-
-    if (a->length < (int)(sizeof(long) + 1)) {
-        OPENSSL_free(a->data);
-        if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset(a->data, 0, sizeof(long) + 1);
-    }
-    if (a->data == NULL) {
-        ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    if (v < 0) {
-        v = -v;
-        a->type = V_ASN1_NEG_INTEGER;
-    } else
-        a->type = V_ASN1_INTEGER;
+    ASN1_INTEGER *ret;
+    int len;
 
-    for (i = 0; i < sizeof(long); i++) {
-        if (v == 0)
-            break;
-        buf[i] = (int)v & 0xff;
-        v >>= 8;
+    if (ai == NULL) {
+        ret = ASN1_STRING_type_new(atype);
+    } else {
+        ret = ai;
+        ret->type = atype;
     }
-    j = 0;
-    for (k = i - 1; k >= 0; k--)
-        a->data[j++] = buf[k];
-    a->length = j;
-    return (1);
-}
-
-long ASN1_INTEGER_get(const ASN1_INTEGER *a)
-{
-    int neg = 0, i;
-    long r = 0;
 
-    if (a == NULL)
-        return (0L);
-    i = a->type;
-    if (i == V_ASN1_NEG_INTEGER)
-        neg = 1;
-    else if (i != V_ASN1_INTEGER)
-        return -1;
-
-    if (a->length > (int)sizeof(long)) {
-        /* hmm... a bit ugly, return all ones */
-        return -1;
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
     }
-    if (a->data == NULL)
-        return 0;
 
-    for (i = 0; i < a->length; i++) {
-        r <<= 8;
-        r |= (unsigned char)a->data[i];
-    }
-    if (neg)
-        r = -r;
-    return (r);
-}
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
+        ret->type |= V_ASN1_NEG_INTEGER;
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
-{
-    ASN1_INTEGER *ret;
-    int len, j;
+    len = BN_num_bytes(bn);
 
-    if (ai == NULL)
-        ret = ASN1_INTEGER_new();
-    else
-        ret = ai;
-    if (ret == NULL) {
-        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
+    if (len == 0)
+        len = 1;
+
+    if (ASN1_STRING_set(ret, NULL, len) == 0) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if (BN_is_negative(bn) && !BN_is_zero(bn))
-        ret->type = V_ASN1_NEG_INTEGER;
-    else
-        ret->type = V_ASN1_INTEGER;
-    j = BN_num_bits(bn);
-    len = ((j == 0) ? 0 : ((j / 8) + 1));
-    if (ret->length < len + 4) {
-        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
-        if (!new_data) {
-            ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        ret->data = new_data;
-    }
-    ret->length = BN_bn2bin(bn, ret->data);
+
     /* Correct zero case */
-    if (!ret->length) {
+    if (BN_is_zero(bn))
         ret->data[0] = 0;
-        ret->length = 1;
-    }
-    return (ret);
+    else
+        len = BN_bn2bin(bn, ret->data);
+    ret->length = len;
+    return ret;
  err:
     if (ret != ai)
         ASN1_INTEGER_free(ret);
     return (NULL);
 }
 
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
+                                 int itype)
 {
     BIGNUM *ret;
 
-    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
-        ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
-    else if (ai->type == V_ASN1_NEG_INTEGER)
+    if ((ai->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
+        return NULL;
+    }
+
+    ret = BN_bin2bn(ai->data, ai->length, bn);
+    if (ret == 0) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
+        return NULL;
+    }
+    if (ai->type & V_ASN1_NEG)
         BN_set_negative(ret, 1);
-    return (ret);
+    return ret;
+}
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+    return ASN1_INTEGER_set_int64(a, v);
+}
+
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    i = ASN1_INTEGER_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
+}
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+    return ASN1_ENUMERATED_set_int64(a, v);
+}
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
+        return -1;
+    if (a->length > (int)sizeof(long))
+        return 0xffffffffL;
+    i = ASN1_ENUMERATED_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
+}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
 }
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index b70ddb7..4151dc7 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -93,7 +93,9 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
     {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
     {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "ASN1_GET_INT64"},
     {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "ASN1_GET_UINT64"},
     {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"},
     {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
     {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
@@ -101,8 +103,8 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
     {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
@@ -121,8 +123,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
     {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
     {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "ASN1_STRING_GET_INT64"},
     {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
     {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "ASN1_STRING_TO_BN"},
     {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
     {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
     {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
@@ -142,9 +146,11 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
     {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
     {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "BN_TO_ASN1_STRING"},
     {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
     {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
     {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_C2I_IBUF), "C2I_IBUF"},
     {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
     {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
     {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
@@ -252,8 +258,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
     {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
     {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
      "illegal options on item template"},
+    {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"},
     {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
     {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
+    {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"},
     {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
     {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
      "integer too large for long"},
@@ -314,7 +322,9 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
     {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
      "the asn1 object identifier is not known for this md"},
     {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
+    {ERR_REASON(ASN1_R_TOO_LARGE), "too large"},
     {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
+    {ERR_REASON(ASN1_R_TOO_SMALL), "too small"},
     {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
     {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
     {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
@@ -339,6 +349,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
     {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
      "unsupported public key type"},
     {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"},
     {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
     {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
     {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c
deleted file mode 100644
index 4b85be9..0000000
--- a/crypto/asn1/f_enum.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-{
-    int i, n = 0;
-    static const char *h = "0123456789ABCDEF";
-    char buf[2];
-
-    if (a == NULL)
-        return (0);
-
-    if (a->length == 0) {
-        if (BIO_write(bp, "00", 2) != 2)
-            goto err;
-        n = 2;
-    } else {
-        for (i = 0; i < a->length; i++) {
-            if ((i != 0) && (i % 35 == 0)) {
-                if (BIO_write(bp, "\\\n", 2) != 2)
-                    goto err;
-                n += 2;
-            }
-            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
-            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
-            if (BIO_write(bp, buf, 2) != 2)
-                goto err;
-            n += 2;
-        }
-    }
-    return (n);
- err:
-    return (-1);
-}
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-{
-    int i, j, k, m, n, again, bufsize;
-    unsigned char *s = NULL, *sp;
-    unsigned char *bufp;
-    int num = 0, slen = 0, first = 1;
-
-    bs->type = V_ASN1_ENUMERATED;
-
-    bufsize = BIO_gets(bp, buf, size);
-    for (;;) {
-        if (bufsize < 1)
-            goto err;
-        i = bufsize;
-        if (buf[i - 1] == '\n')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err;
-        if (buf[i - 1] == '\r')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err;
-        again = (buf[i - 1] == '\\');
-
-        for (j = 0; j < i; j++) {
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
-                i = j;
-                break;
-            }
-        }
-        buf[i] = '\0';
-        /*
-         * We have now cleared all the crap off the end of the line
-         */
-        if (i < 2)
-            goto err;
-
-        bufp = (unsigned char *)buf;
-        if (first) {
-            first = 0;
-            if ((bufp[0] == '0') && (buf[1] == '0')) {
-                bufp += 2;
-                i -= 2;
-            }
-        }
-        k = 0;
-        i -= again;
-        if (i % 2 != 0) {
-            ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
-            return 0;
-        }
-        i /= 2;
-        if (num + i > slen) {
-            sp = OPENSSL_realloc(s, (unsigned int)num + i * 2);
-            if (sp == NULL) {
-                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-                OPENSSL_free(s);
-                return 0;
-            }
-            s = sp;
-            slen = num + i * 2;
-        }
-        for (j = 0; j < i; j++, k += 2) {
-            for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
-                    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                            ASN1_R_NON_HEX_CHARACTERS);
-                    return 0;
-                }
-                s[num + j] <<= 4;
-                s[num + j] |= m;
-            }
-        }
-        num += i;
-        if (again)
-            bufsize = BIO_gets(bp, buf, size);
-        else
-            break;
-    }
-    bs->length = num;
-    bs->data = s;
-    return 1;
-
- err:
-    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
-    return 0;
-}
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index 61029fa..9a0928e 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -204,3 +204,16 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
     ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
     return 0;
 }
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+{
+    return i2a_ASN1_INTEGER(bp, a);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int rv = a2i_ASN1_INTEGER(bp, bs, buf, size);
+    if (rv == 1)
+        bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG);
+    return rv;
+}
diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod
new file mode 100644
index 0000000..98944b8
--- /dev/null
+++ b/doc/crypto/ASN1_INTEGER_get_int64.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN, - ASN.1 INTEGER and ENUMERATED utilities
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_INTEGER_get(ASN1_INTEGER *a, long v);
+
+ int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+ long ASN1_INTEGER_set(const ASN1_INTEGER *a);
+
+ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+
+ int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r);
+ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+=head1 DESCRIPTION
+
+These functions convert to and from B<ASN1_INTEGER> and B<ASN1_ENUMERATED>
+structures.
+
+ASN1_INTEGER_get_int64() converts an B<ASN1_INTEGER> into an B<int64_t> type
+If successful it returns 1 and sets B<*pr> to the value of B<a>. If it fails
+(due to invalid type or the value being too big to fit into an B<int64_t> type)
+it returns 0.
+
+ASN1_INTEGER_get() also returns the value of B<a> but it returns 0 if B<a> is
+NULL and -1 on error (which is ambiguous because -1 is a legitimate value for
+an B<ASN1_INTEGER>). New applications should use ASN1_INTEGER_get_int64()
+instead.
+
+ASN1_INTEGER_set_int64() sets the value of B<ASN1_INTEGER> B<a> to the
+B<int64_t> value B<r>.
+
+ASN1_INTEGER_set() sets the value of B<ASN1_INTEGER> B<a> to the B<long> value
+B<v>.
+
+BN_to_ASN1_INTEGER() converts B<BIGNUM> B<bn> to an B<ASN1_INTEGER>. If B<ai>
+is NULL a new B<ASN1_INTEGER> structure is returned. If B<ai> is not NULL then
+the existing structure will be used instead.
+
+ASN1_INTEGER_to_BN() converts ASN1_INTEGER B<ai> into a B<BIGNUM>. If B<bn> is
+NULL a new B<BIGNUM> structure is returned. If B<bn> is not NULL then the
+existing structure will be used instead.
+
+ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(),
+ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN()
+behave in an identical way to their ASN1_INTEGER counterparts except they
+operate on an B<ASN1_ENUMERATED> value.
+
+ASN1_ENUMERATED_get() returns the value of B<a> in a similar way to
+ASN1_INTEGER_get() but it returns B<0xffffffffL> if the value of B<a> will not
+fit in a long type. New applications should use ASN1_ENUMERATED_get_int64()
+instead.
+
+=head1 NOTES
+
+In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an
+integer of almost arbitrary size and so cannot always be represented by a C
+B<int64_t> type. However in many cases (for example version numbers) they
+represent small integers which can be more easily manipulated if converted to
+an appropriate C integer type.
+
+=head1 BUGS
+
+The ambigious return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
+mean these functions should be avoided if possible. They are retained for
+compatibility. Normally the ambigious return values are not legitimate
+values for the fields they represent.
+
+=head1 RETURN VALUES
+
+ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and
+ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only
+fail if a memory allocation error occurs.
+
+ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success
+and 0 for failure. They will fail if the passed type is incorrect (this will
+only happen if there is a programming error) or if the value exceeds the range
+of an B<int64_t> type.
+
+BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an B<ASN1_INTEGER> or
+B<ASN1_ENUMERATED> structure respectively or NULL if an error occurs. They will
+only fail due to a memory allocation error.
+
+ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a B<BIGNUM> structure
+of NULL if an error occurs. They can fail if the pased type is incorrect
+(due to programming error) or due to a memory allocation failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
+ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
+were added to OpenSSL 1.1.0.
+
+=cut
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index b1bcef7..26d31b7 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -677,15 +677,21 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
                                 const char *sn, const char *ln);
 
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(const ASN1_INTEGER *a);
 ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
 BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
 
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
 
 /* General */
 /* given a string, return the correct type, max is the maximum length */
@@ -930,7 +936,9 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
 # define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
 # define ASN1_F_ASN1_GENERATE_V3                          178
+# define ASN1_F_ASN1_GET_INT64                            224
 # define ASN1_F_ASN1_GET_OBJECT                           114
+# define ASN1_F_ASN1_GET_UINT64                           225
 # define ASN1_F_ASN1_HEADER_NEW                           115
 # define ASN1_F_ASN1_I2D_BIO                              116
 # define ASN1_F_ASN1_I2D_FP                               117
@@ -938,8 +946,8 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_INTEGER_TO_BN                        119
 # define ASN1_F_ASN1_ITEM_D2I_FP                          206
 # define ASN1_F_ASN1_ITEM_DUP                             191
-# define ASN1_F_ASN1_ITEM_EX_NEW                          121
 # define ASN1_F_ASN1_ITEM_EX_D2I                          120
+# define ASN1_F_ASN1_ITEM_EX_NEW                          121
 # define ASN1_F_ASN1_ITEM_I2D_BIO                         192
 # define ASN1_F_ASN1_ITEM_I2D_FP                          193
 # define ASN1_F_ASN1_ITEM_PACK                            198
@@ -958,8 +966,10 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_SEQ_UNPACK                           127
 # define ASN1_F_ASN1_SIGN                                 128
 # define ASN1_F_ASN1_STR2TYPE                             179
+# define ASN1_F_ASN1_STRING_GET_INT64                     227
 # define ASN1_F_ASN1_STRING_SET                           186
 # define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+# define ASN1_F_ASN1_STRING_TO_BN                         228
 # define ASN1_F_ASN1_STRING_TYPE_NEW                      130
 # define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 # define ASN1_F_ASN1_TEMPLATE_NEW                         133
@@ -978,9 +988,11 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_BITSTR_CB                                 180
 # define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 # define ASN1_F_BN_TO_ASN1_INTEGER                        139
+# define ASN1_F_BN_TO_ASN1_STRING                         229
 # define ASN1_F_C2I_ASN1_BIT_STRING                       189
 # define ASN1_F_C2I_ASN1_INTEGER                          194
 # define ASN1_F_C2I_ASN1_OBJECT                           196
+# define ASN1_F_C2I_IBUF                                  226
 # define ASN1_F_COLLECT_DATA                              140
 # define ASN1_F_D2I_ASN1_BIT_STRING                       141
 # define ASN1_F_D2I_ASN1_BOOLEAN                          142
@@ -1079,8 +1091,10 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_ILLEGAL_OBJECT                            183
 # define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
 # define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+# define ASN1_R_ILLEGAL_PADDING                           221
 # define ASN1_R_ILLEGAL_TAGGED_ANY                        127
 # define ASN1_R_ILLEGAL_TIME_VALUE                        184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT                      222
 # define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
 # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
@@ -1133,7 +1147,9 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_TAG_VALUE_TOO_HIGH                        153
 # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
 # define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+# define ASN1_R_TOO_LARGE                                 223
 # define ASN1_R_TOO_LONG                                  155
+# define ASN1_R_TOO_SMALL                                 224
 # define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
 # define ASN1_R_TYPE_NOT_PRIMITIVE                        195
 # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
@@ -1151,6 +1167,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
 # define ASN1_R_UNSUPPORTED_TYPE                          196
+# define ASN1_R_WRONG_INTEGER_TYPE                        225
 # define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
 # define ASN1_R_WRONG_TAG                                 168
 # define ASN1_R_WRONG_TYPE                                169
diff --git a/util/indent.pro b/util/indent.pro
index 5a6d452..2a51225 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -717,3 +717,11 @@
 -T tls12_lookup
 -T OPTIONS
 -T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t


More information about the openssl-commits mailing list