Bug 276960 - /usr/include/*_asn1.h have unexpected target-dependent differences
Summary: /usr/include/*_asn1.h have unexpected target-dependent differences
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-10 23:56 UTC by Ed Maste
Modified: 2024-04-24 21:31 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Maste freebsd_committer freebsd_triage 2024-02-10 23:56:40 UTC
Compare /usr/include/*_asn1.h on e.g. i386 and amd64.

One example file:

ref13-amd64% grep pCPath /usr/include/rfc2459_asn1.h 
  pCPathLenConstraint   INTEGER (0..-1) OPTIONAL,

ref13-i386% grep pCPath /usr/include/rfc2459_asn1.h
  pCPathLenConstraint   INTEGER (0..2147483647) OPTIONAL,

Looking at the source file crypto/heimdal/lib/asn1/rfc2459.asn1:
pCPathLenConstraint     INTEGER (0..4294967295) OPTIONAL, -- really MAX

4294967295 is 2^32-1, 0xffffffff, and does not fit in a signed 32-bit int.

I believe this originates from contrib/flex/src/regex.c:
n = (int) strtol (s, endptr, base);

i386 has 32-bit long. There strtol truncates 4294967295 to INT_MAX (2147483647) and sets errno to ERANGE, which is then ignored.

amd64 has 64-bit long, into which 4294967295 fits. This becomes -1 when cast to int.
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-04-17 17:01:02 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=1b7487592987c91020063a311a14dc15b6e58075

commit 1b7487592987c91020063a311a14dc15b6e58075
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-16 18:56:37 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-17 16:12:43 +0000

    heimdal: Add 64-bit integer support to ASN.1 compiler

    Import upstream 19d378f44:

      ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
      on whether the constraint ranges include numbers that cannot be
      represented in 32-bit ints and whether they include negative
      numbers.

      Template backend support included.  check-template is now built with
      --template, so we know we're testing it.

      Tests included.

    Also adjusts the generated files:
    * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have)
    * der-protos.h, which needs a bunch of new prototypes. I copied these
      from a der-protos.h generated by the upstream build system, which
      uses a perl script for this.
    * adjust printf format strings for int64_t. Upstream uses %lld for this,
      but that is not portable, and leads to lots of -Werror warnings.

    This should fix target-dependent differences between headers generated
    by asn1_compile. For example, when cross compiling world from amd64 to
    i386, the generated cms_asn1.h header has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..-1),
        iv                    OCTET STRING,
      }

    while a native build on i386 has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..2147483647),
        iv                    OCTET STRING,
      }

    These are _both_ wrong, since the source file, cms.asn1, has:

      CMSRC2CBCParameter ::= SEQUENCE {
              rc2ParameterVersion   INTEGER (0..4294967295),
              iv                    OCTET STRING -- exactly 8 octets
      }

    PR:             276960
    Reviewed by:    cy, emaste
    MFC after:      1 week
    Differential Revision: https://reviews.freebsd.org/D44814
    Differential Revision: https://reviews.freebsd.org/D44815

 crypto/heimdal/lib/asn1/Makefile.am     |  12 +++-
 crypto/heimdal/lib/asn1/asn1-template.h |   2 +
 crypto/heimdal/lib/asn1/asn1parse.c     |   6 +-
 crypto/heimdal/lib/asn1/asn1parse.h     |   2 +-
 crypto/heimdal/lib/asn1/asn1parse.y     |   6 +-
 crypto/heimdal/lib/asn1/check-gen.c     | 120 ++++++++++++++++++++++++++++++++
 crypto/heimdal/lib/asn1/der-protos.h    |  50 +++++++++++++
 crypto/heimdal/lib/asn1/der_copy.c      |  14 ++++
 crypto/heimdal/lib/asn1/der_free.c      |  12 ++++
 crypto/heimdal/lib/asn1/der_get.c       |  45 +++++++++++-
 crypto/heimdal/lib/asn1/der_length.c    |  57 +++++++++++++++
 crypto/heimdal/lib/asn1/der_put.c       |  72 +++++++++++++++++++
 crypto/heimdal/lib/asn1/gen.c           |  20 +++---
 crypto/heimdal/lib/asn1/gen_decode.c    |  18 ++---
 crypto/heimdal/lib/asn1/gen_encode.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_length.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_template.c  |  22 +++---
 crypto/heimdal/lib/asn1/lex.l           |   2 +-
 crypto/heimdal/lib/asn1/symbol.h        |  10 ++-
 crypto/heimdal/lib/asn1/template.c      |   2 +
 crypto/heimdal/lib/asn1/test.asn1       |   2 +
 21 files changed, 446 insertions(+), 52 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-04-17 17:52:13 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=219b6e442308d5353b2af5f0771ce9b887b70754

commit 219b6e442308d5353b2af5f0771ce9b887b70754
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-17 17:49:30 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-17 17:49:30 +0000

    heimdal: asn1: Use unsigned bitfields for named bitsets

    Import upstream 6747e1628:

      asn1: Use unsigned bitfields for named bitsets

      Signed 1-bit bitfields are undefined in C.

    This should fix the following warnings, which for unknown reasons are
    errors in CI:

      /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1020 |         ku.digitalSignature = 1;
            |                             ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1021 |         ku.keyEncipherment = 1;
            |                            ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1028 |         ku.keyCertSign = 1;
            |                        ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1029 |         ku.cRLSign = 1;
            |                    ^ ~

    PR:             276960
    Fixes:          1b7487592987
    MFC after:      1 week

 crypto/heimdal/lib/asn1/gen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-04-24 21:28:48 UTC
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=164f125311a6cc0217ce9103aaefcfd31fb796bf

commit 164f125311a6cc0217ce9103aaefcfd31fb796bf
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-16 18:56:37 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-24 21:26:52 +0000

    heimdal: Add 64-bit integer support to ASN.1 compiler

    Import upstream 19d378f44:

      ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
      on whether the constraint ranges include numbers that cannot be
      represented in 32-bit ints and whether they include negative
      numbers.

      Template backend support included.  check-template is now built with
      --template, so we know we're testing it.

      Tests included.

    Also adjusts the generated files:
    * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have)
    * der-protos.h, which needs a bunch of new prototypes. I copied these
      from a der-protos.h generated by the upstream build system, which
      uses a perl script for this.
    * adjust printf format strings for int64_t. Upstream uses %lld for this,
      but that is not portable, and leads to lots of -Werror warnings.

    This should fix target-dependent differences between headers generated
    by asn1_compile. For example, when cross compiling world from amd64 to
    i386, the generated cms_asn1.h header has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..-1),
        iv                    OCTET STRING,
      }

    while a native build on i386 has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..2147483647),
        iv                    OCTET STRING,
      }

    These are _both_ wrong, since the source file, cms.asn1, has:

      CMSRC2CBCParameter ::= SEQUENCE {
              rc2ParameterVersion   INTEGER (0..4294967295),
              iv                    OCTET STRING -- exactly 8 octets
      }

    PR:             276960
    Reviewed by:    cy, emaste
    MFC after:      1 week
    Differential Revision: https://reviews.freebsd.org/D44814
    Differential Revision: https://reviews.freebsd.org/D44815

    (cherry picked from commit 1b7487592987c91020063a311a14dc15b6e58075)

 crypto/heimdal/lib/asn1/Makefile.am     |  12 +++-
 crypto/heimdal/lib/asn1/asn1-template.h |   2 +
 crypto/heimdal/lib/asn1/asn1parse.c     |   6 +-
 crypto/heimdal/lib/asn1/asn1parse.h     |   2 +-
 crypto/heimdal/lib/asn1/asn1parse.y     |   6 +-
 crypto/heimdal/lib/asn1/check-gen.c     | 120 ++++++++++++++++++++++++++++++++
 crypto/heimdal/lib/asn1/der-protos.h    |  50 +++++++++++++
 crypto/heimdal/lib/asn1/der_copy.c      |  14 ++++
 crypto/heimdal/lib/asn1/der_free.c      |  12 ++++
 crypto/heimdal/lib/asn1/der_get.c       |  45 +++++++++++-
 crypto/heimdal/lib/asn1/der_length.c    |  57 +++++++++++++++
 crypto/heimdal/lib/asn1/der_put.c       |  72 +++++++++++++++++++
 crypto/heimdal/lib/asn1/gen.c           |  20 +++---
 crypto/heimdal/lib/asn1/gen_decode.c    |  18 ++---
 crypto/heimdal/lib/asn1/gen_encode.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_length.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_template.c  |  22 +++---
 crypto/heimdal/lib/asn1/lex.l           |   2 +-
 crypto/heimdal/lib/asn1/symbol.h        |  10 ++-
 crypto/heimdal/lib/asn1/template.c      |   2 +
 crypto/heimdal/lib/asn1/test.asn1       |   2 +
 21 files changed, 446 insertions(+), 52 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-04-24 21:28:52 UTC
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=689dbdedd8bdaa0e6c7149a7a26dc77ba9db886e

commit 689dbdedd8bdaa0e6c7149a7a26dc77ba9db886e
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-17 17:49:30 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-24 21:27:11 +0000

    heimdal: asn1: Use unsigned bitfields for named bitsets

    Import upstream 6747e1628:

      asn1: Use unsigned bitfields for named bitsets

      Signed 1-bit bitfields are undefined in C.

    This should fix the following warnings, which for unknown reasons are
    errors in CI:

      /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1020 |         ku.digitalSignature = 1;
            |                             ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1021 |         ku.keyEncipherment = 1;
            |                            ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1028 |         ku.keyCertSign = 1;
            |                        ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1029 |         ku.cRLSign = 1;
            |                    ^ ~

    PR:             276960
    Fixes:          1b7487592987
    MFC after:      1 week

    (cherry picked from commit 219b6e442308d5353b2af5f0771ce9b887b70754)

 crypto/heimdal/lib/asn1/gen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-04-24 21:29:58 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2efe30782cd92ef975eb4d05c53bac1d8a7e9f46

commit 2efe30782cd92ef975eb4d05c53bac1d8a7e9f46
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-16 18:56:37 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-24 21:26:47 +0000

    heimdal: Add 64-bit integer support to ASN.1 compiler

    Import upstream 19d378f44:

      ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
      on whether the constraint ranges include numbers that cannot be
      represented in 32-bit ints and whether they include negative
      numbers.

      Template backend support included.  check-template is now built with
      --template, so we know we're testing it.

      Tests included.

    Also adjusts the generated files:
    * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have)
    * der-protos.h, which needs a bunch of new prototypes. I copied these
      from a der-protos.h generated by the upstream build system, which
      uses a perl script for this.
    * adjust printf format strings for int64_t. Upstream uses %lld for this,
      but that is not portable, and leads to lots of -Werror warnings.

    This should fix target-dependent differences between headers generated
    by asn1_compile. For example, when cross compiling world from amd64 to
    i386, the generated cms_asn1.h header has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..-1),
        iv                    OCTET STRING,
      }

    while a native build on i386 has:

      CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion   INTEGER (0..2147483647),
        iv                    OCTET STRING,
      }

    These are _both_ wrong, since the source file, cms.asn1, has:

      CMSRC2CBCParameter ::= SEQUENCE {
              rc2ParameterVersion   INTEGER (0..4294967295),
              iv                    OCTET STRING -- exactly 8 octets
      }

    PR:             276960
    Reviewed by:    cy, emaste
    MFC after:      1 week
    Differential Revision: https://reviews.freebsd.org/D44814
    Differential Revision: https://reviews.freebsd.org/D44815

    (cherry picked from commit 1b7487592987c91020063a311a14dc15b6e58075)

 crypto/heimdal/lib/asn1/Makefile.am     |  12 +++-
 crypto/heimdal/lib/asn1/asn1-template.h |   2 +
 crypto/heimdal/lib/asn1/asn1parse.c     |   6 +-
 crypto/heimdal/lib/asn1/asn1parse.h     |   2 +-
 crypto/heimdal/lib/asn1/asn1parse.y     |   6 +-
 crypto/heimdal/lib/asn1/check-gen.c     | 120 ++++++++++++++++++++++++++++++++
 crypto/heimdal/lib/asn1/der-protos.h    |  50 +++++++++++++
 crypto/heimdal/lib/asn1/der_copy.c      |  14 ++++
 crypto/heimdal/lib/asn1/der_free.c      |  12 ++++
 crypto/heimdal/lib/asn1/der_get.c       |  45 +++++++++++-
 crypto/heimdal/lib/asn1/der_length.c    |  57 +++++++++++++++
 crypto/heimdal/lib/asn1/der_put.c       |  72 +++++++++++++++++++
 crypto/heimdal/lib/asn1/gen.c           |  20 +++---
 crypto/heimdal/lib/asn1/gen_decode.c    |  18 ++---
 crypto/heimdal/lib/asn1/gen_encode.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_length.c    |  12 ++--
 crypto/heimdal/lib/asn1/gen_template.c  |  22 +++---
 crypto/heimdal/lib/asn1/lex.l           |   2 +-
 crypto/heimdal/lib/asn1/symbol.h        |  10 ++-
 crypto/heimdal/lib/asn1/template.c      |   2 +
 crypto/heimdal/lib/asn1/test.asn1       |   2 +
 21 files changed, 446 insertions(+), 52 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2024-04-24 21:30:03 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=15dfc47b6adc0ba6bf91f60d05c404c7621dbc11

commit 15dfc47b6adc0ba6bf91f60d05c404c7621dbc11
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2024-04-17 17:49:30 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2024-04-24 21:27:27 +0000

    heimdal: asn1: Use unsigned bitfields for named bitsets

    Import upstream 6747e1628:

      asn1: Use unsigned bitfields for named bitsets

      Signed 1-bit bitfields are undefined in C.

    This should fix the following warnings, which for unknown reasons are
    errors in CI:

      /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1020 |         ku.digitalSignature = 1;
            |                             ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1021 |         ku.keyEncipherment = 1;
            |                            ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1028 |         ku.keyCertSign = 1;
            |                        ^ ~
      /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
       1029 |         ku.cRLSign = 1;
            |                    ^ ~

    PR:             276960
    Fixes:          1b7487592987
    MFC after:      1 week

    (cherry picked from commit 219b6e442308d5353b2af5f0771ce9b887b70754)

 crypto/heimdal/lib/asn1/gen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)