Add int64 ASN1_INTEGER setters too.

https://boringssl-review.googlesource.com/c/boringssl/+/54307 added just
the getters because no one was using the setters yet. But our long
setter *already* implements the int64 version, so just complete the
whole set and deprecate the old long-based APIs.

Change-Id: Ieb793f3cf90d4214c6416ba2f10e641c46403188
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54526
Commit-Queue: Adam Langley <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
(cherry picked from commit cab31f65f1ad6e6daca62e95b25dd6cd805fce0b)

Author: davidben

crypto/asn1/a_int.c

@@ -246,7 +246,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **out, const unsigned char **inp,
   return NULL;
 }
 
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) {
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t v) {
   if (v >= 0) {
     return ASN1_INTEGER_set_uint64(a, (uint64_t)v);
   }
@@ -259,7 +259,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) {
   return 1;
 }
 
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) {
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t v) {
   if (v >= 0) {
     return ASN1_ENUMERATED_set_uint64(a, (uint64_t)v);
   }
@@ -272,6 +272,16 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) {
   return 1;
 }
 
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) {
+  static_assert(sizeof(long) <= sizeof(int64_t), "long fits in int64_t");
+  return ASN1_INTEGER_set_int64(a, v);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) {
+  static_assert(sizeof(long) <= sizeof(int64_t), "long fits in int64_t");
+  return ASN1_ENUMERATED_set_int64(a, v);
+}
+
 static int asn1_string_set_uint64(ASN1_STRING *out, uint64_t v, int type) {
   uint8_t buf[sizeof(uint64_t)];
   CRYPTO_store_u64_be(buf, v);

crypto/asn1/asn1_test.cc

@@ -346,13 +346,16 @@ TEST(ASN1Test, Integer) {
 
       fits_in_i64 = BN_cmp(int64_min.get(), bn.get()) <= 0 &&
                     BN_cmp(bn.get(), int64_max.get()) <= 0;
-
       if (fits_in_i64) {
         if (BN_is_negative(bn.get())) {
           i64 = static_cast<int64_t>(0u - abs_u64);
         } else {
           i64 = static_cast<int64_t>(abs_u64);
         }
+        bssl::UniquePtr<ASN1_INTEGER> by_i64(ASN1_INTEGER_new());
+        ASSERT_TRUE(by_i64);
+        ASSERT_TRUE(ASN1_INTEGER_set_int64(by_i64.get(), i64));
+        objs["i64"] = std::move(by_i64);
       }
 
       if (sizeof(long) == 8) {

crypto/x509/rsa_pss.c

@@ -229,7 +229,7 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
 
   if (saltlen != 20) {
     pss->saltLength = ASN1_INTEGER_new();
-    if (!pss->saltLength || !ASN1_INTEGER_set(pss->saltLength, saltlen)) {
+    if (!pss->saltLength || !ASN1_INTEGER_set_int64(pss->saltLength, saltlen)) {
       goto err;
     }
   }

crypto/x509/x509_set.c

@@ -94,7 +94,7 @@ int X509_set_version(X509 *x, long version) {
       return 0;
     }
   }
-  return ASN1_INTEGER_set(x->cert_info->version, version);
+  return ASN1_INTEGER_set_int64(x->cert_info->version, version);
 }
 
 int X509_set_serialNumber(X509 *x, const ASN1_INTEGER *serial) {

crypto/x509/x509_test.cc

@@ -1943,7 +1943,7 @@ TEST(X509Test, RSASignManual) {
       cert.reset(X509_new());
       // Fill in some fields for the certificate arbitrarily.
       EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
-      EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
+      EXPECT_TRUE(ASN1_INTEGER_set_int64(X509_get_serialNumber(cert.get()), 1));
       EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
       EXPECT_TRUE(
           X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
@@ -2088,7 +2088,7 @@ TEST(X509Test, TestFromBufferModified) {
   ASSERT_TRUE(root);
 
   bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
-  ASN1_INTEGER_set(fourty_two.get(), 42);
+  ASN1_INTEGER_set_int64(fourty_two.get(), 42);
   X509_set_serialNumber(root.get(), fourty_two.get());
 
   ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
@@ -4823,7 +4823,7 @@ TEST(X509Test, SetSerialNumberChecksASN1StringType) {
   // them and some callers rely in this for tests.
   bssl::UniquePtr<ASN1_INTEGER> serial(ASN1_INTEGER_new());
   ASSERT_TRUE(serial);
-  ASSERT_TRUE(ASN1_INTEGER_set(serial.get(), -1));
+  ASSERT_TRUE(ASN1_INTEGER_set_int64(serial.get(), -1));
   ASSERT_TRUE(X509_set_serialNumber(root.get(), serial.get()));
   int64_t val;
   ASSERT_TRUE(ASN1_INTEGER_get_int64(&val, X509_get0_serialNumber(root.get())));

crypto/x509/x509cset.c

@@ -85,7 +85,7 @@ int X509_CRL_set_version(X509_CRL *x, long version) {
       return 0;
     }
   }
-  return ASN1_INTEGER_set(x->crl->version, version);
+  return ASN1_INTEGER_set_int64(x->crl->version, version);
 }
 
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) {

crypto/x509/x509rset.c

@@ -70,7 +70,7 @@ int X509_REQ_set_version(X509_REQ *x, long version) {
     OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
     return 0;
   }
-  return ASN1_INTEGER_set(x->req_info->version, version);
+  return ASN1_INTEGER_set_int64(x->req_info->version, version);
 }
 
 int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) {

include/openssl/asn1.h

@@ -1083,9 +1083,9 @@ DECLARE_ASN1_ITEM(ASN1_INTEGER)
 // on success and zero on error.
 OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v);
 
-// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
-// success and zero on error.
-OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+// ASN1_INTEGER_set_int64 sets |a| to an INTEGER with value |v|. It returns one
+// on success and zero on error.
+OPENSSL_EXPORT int ASN1_INTEGER_set_int64(ASN1_INTEGER *out, int64_t v);
 
 // ASN1_INTEGER_get_uint64 converts |a| to a |uint64_t|. On success, it returns
 // one and sets |*out| to the result. If |a| did not fit or has the wrong type,
@@ -1098,13 +1098,6 @@ OPENSSL_EXPORT int ASN1_INTEGER_get_uint64(uint64_t *out,
 // it returns zero.
 OPENSSL_EXPORT int ASN1_INTEGER_get_int64(int64_t *out, const ASN1_INTEGER *a);
 
-// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
-// range or the wrong type.
-//
-// WARNING: This function's return value cannot distinguish errors from -1.
-// Prefer |ASN1_INTEGER_get_uint64|.
-OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-
 // BN_to_ASN1_INTEGER sets |ai| to an INTEGER with value |bn| and returns |ai|
 // on success or NULL or error. If |ai| is NULL, it returns a newly-allocated
 // |ASN1_INTEGER| on success instead, which the caller must release with
@@ -1152,9 +1145,9 @@ DECLARE_ASN1_ITEM(ASN1_ENUMERATED)
 // returns one on success and zero on error.
 OPENSSL_EXPORT int ASN1_ENUMERATED_set_uint64(ASN1_ENUMERATED *out, uint64_t v);
 
-// ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
-// on success and zero on error.
-OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+// ASN1_ENUMERATED_set_int64 sets |a| to an ENUMERATED with value |v|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *out, int64_t v);
 
 // ASN1_ENUMERATED_get_uint64 converts |a| to a |uint64_t|. On success, it
 // returns one and sets |*out| to the result. If |a| did not fit or has the
@@ -1168,13 +1161,6 @@ OPENSSL_EXPORT int ASN1_ENUMERATED_get_uint64(uint64_t *out,
 OPENSSL_EXPORT int ASN1_ENUMERATED_get_int64(int64_t *out,
                                              const ASN1_ENUMERATED *a);
 
-// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
-// of range or the wrong type.
-//
-// WARNING: This function's return value cannot distinguish errors from -1.
-// Prefer |ASN1_ENUMERATED_get_uint64|.
-OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
-
 // BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns
 // |ai| on success or NULL or error. If |ai| is NULL, it returns a
 // newly-allocated |ASN1_ENUMERATED| on success instead, which the caller must
@@ -1977,6 +1963,32 @@ OPENSSL_EXPORT int i2d_ASN1_PRINTABLE(const ASN1_STRING *in, uint8_t **outp);
 // printable characters. See https://crbug.com/boringssl/412.
 DECLARE_ASN1_ITEM(ASN1_PRINTABLE)
 
+// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
+// success and zero on error.
+//
+// Use |ASN1_INTEGER_set_uint64| and |ASN1_INTEGER_set_int64| instead.
+OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+
+// ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
+// on success and zero on error.
+//
+// Use |ASN1_ENUMERATED_set_uint64| and |ASN1_ENUMERATED_set_int64| instead.
+OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
+// range or the wrong type.
+//
+// WARNING: This function's return value cannot distinguish errors from -1.
+// Use |ASN1_INTEGER_get_uint64| and |ASN1_INTEGER_get_int64| instead.
+OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+
+// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
+// of range or the wrong type.
+//
+// WARNING: This function's return value cannot distinguish errors from -1.
+// Use |ASN1_ENUMERATED_get_uint64| and |ASN1_ENUMERATED_get_int64| instead.
+OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+
 
 #if defined(__cplusplus)
 }  // extern C