Compare /usr/include/*_asn1.h on e.g. i386 and amd64. One example file: ref13-amd64% grep pCPath /usr/include/rfc2459_asn1.h pCPathLenConstraint INTEGER (0..-1) OPTIONAL, ref13-i386% grep pCPath /usr/include/rfc2459_asn1.h pCPathLenConstraint INTEGER (0..2147483647) OPTIONAL, Looking at the source file crypto/heimdal/lib/asn1/rfc2459.asn1: pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX 4294967295 is 2^32-1, 0xffffffff, and does not fit in a signed 32-bit int. I believe this originates from contrib/flex/src/regex.c: n = (int) strtol (s, endptr, base); i386 has 32-bit long. There strtol truncates 4294967295 to INT_MAX (2147483647) and sets errno to ERANGE, which is then ignored. amd64 has 64-bit long, into which 4294967295 fits. This becomes -1 when cast to int.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=1b7487592987c91020063a311a14dc15b6e58075 commit 1b7487592987c91020063a311a14dc15b6e58075 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-16 18:56:37 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-17 16:12:43 +0000 heimdal: Add 64-bit integer support to ASN.1 compiler Import upstream 19d378f44: ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending on whether the constraint ranges include numbers that cannot be represented in 32-bit ints and whether they include negative numbers. Template backend support included. check-template is now built with --template, so we know we're testing it. Tests included. Also adjusts the generated files: * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have) * der-protos.h, which needs a bunch of new prototypes. I copied these from a der-protos.h generated by the upstream build system, which uses a perl script for this. * adjust printf format strings for int64_t. Upstream uses %lld for this, but that is not portable, and leads to lots of -Werror warnings. This should fix target-dependent differences between headers generated by asn1_compile. For example, when cross compiling world from amd64 to i386, the generated cms_asn1.h header has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..-1), iv OCTET STRING, } while a native build on i386 has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..2147483647), iv OCTET STRING, } These are _both_ wrong, since the source file, cms.asn1, has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } PR: 276960 Reviewed by: cy, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D44814 Differential Revision: https://reviews.freebsd.org/D44815 crypto/heimdal/lib/asn1/Makefile.am | 12 +++- crypto/heimdal/lib/asn1/asn1-template.h | 2 + crypto/heimdal/lib/asn1/asn1parse.c | 6 +- crypto/heimdal/lib/asn1/asn1parse.h | 2 +- crypto/heimdal/lib/asn1/asn1parse.y | 6 +- crypto/heimdal/lib/asn1/check-gen.c | 120 ++++++++++++++++++++++++++++++++ crypto/heimdal/lib/asn1/der-protos.h | 50 +++++++++++++ crypto/heimdal/lib/asn1/der_copy.c | 14 ++++ crypto/heimdal/lib/asn1/der_free.c | 12 ++++ crypto/heimdal/lib/asn1/der_get.c | 45 +++++++++++- crypto/heimdal/lib/asn1/der_length.c | 57 +++++++++++++++ crypto/heimdal/lib/asn1/der_put.c | 72 +++++++++++++++++++ crypto/heimdal/lib/asn1/gen.c | 20 +++--- crypto/heimdal/lib/asn1/gen_decode.c | 18 ++--- crypto/heimdal/lib/asn1/gen_encode.c | 12 ++-- crypto/heimdal/lib/asn1/gen_length.c | 12 ++-- crypto/heimdal/lib/asn1/gen_template.c | 22 +++--- crypto/heimdal/lib/asn1/lex.l | 2 +- crypto/heimdal/lib/asn1/symbol.h | 10 ++- crypto/heimdal/lib/asn1/template.c | 2 + crypto/heimdal/lib/asn1/test.asn1 | 2 + 21 files changed, 446 insertions(+), 52 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=219b6e442308d5353b2af5f0771ce9b887b70754 commit 219b6e442308d5353b2af5f0771ce9b887b70754 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-17 17:49:30 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-17 17:49:30 +0000 heimdal: asn1: Use unsigned bitfields for named bitsets Import upstream 6747e1628: asn1: Use unsigned bitfields for named bitsets Signed 1-bit bitfields are undefined in C. This should fix the following warnings, which for unknown reasons are errors in CI: /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1020 | ku.digitalSignature = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1021 | ku.keyEncipherment = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1028 | ku.keyCertSign = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1029 | ku.cRLSign = 1; | ^ ~ PR: 276960 Fixes: 1b7487592987 MFC after: 1 week crypto/heimdal/lib/asn1/gen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=164f125311a6cc0217ce9103aaefcfd31fb796bf commit 164f125311a6cc0217ce9103aaefcfd31fb796bf Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-16 18:56:37 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-24 21:26:52 +0000 heimdal: Add 64-bit integer support to ASN.1 compiler Import upstream 19d378f44: ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending on whether the constraint ranges include numbers that cannot be represented in 32-bit ints and whether they include negative numbers. Template backend support included. check-template is now built with --template, so we know we're testing it. Tests included. Also adjusts the generated files: * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have) * der-protos.h, which needs a bunch of new prototypes. I copied these from a der-protos.h generated by the upstream build system, which uses a perl script for this. * adjust printf format strings for int64_t. Upstream uses %lld for this, but that is not portable, and leads to lots of -Werror warnings. This should fix target-dependent differences between headers generated by asn1_compile. For example, when cross compiling world from amd64 to i386, the generated cms_asn1.h header has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..-1), iv OCTET STRING, } while a native build on i386 has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..2147483647), iv OCTET STRING, } These are _both_ wrong, since the source file, cms.asn1, has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } PR: 276960 Reviewed by: cy, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D44814 Differential Revision: https://reviews.freebsd.org/D44815 (cherry picked from commit 1b7487592987c91020063a311a14dc15b6e58075) crypto/heimdal/lib/asn1/Makefile.am | 12 +++- crypto/heimdal/lib/asn1/asn1-template.h | 2 + crypto/heimdal/lib/asn1/asn1parse.c | 6 +- crypto/heimdal/lib/asn1/asn1parse.h | 2 +- crypto/heimdal/lib/asn1/asn1parse.y | 6 +- crypto/heimdal/lib/asn1/check-gen.c | 120 ++++++++++++++++++++++++++++++++ crypto/heimdal/lib/asn1/der-protos.h | 50 +++++++++++++ crypto/heimdal/lib/asn1/der_copy.c | 14 ++++ crypto/heimdal/lib/asn1/der_free.c | 12 ++++ crypto/heimdal/lib/asn1/der_get.c | 45 +++++++++++- crypto/heimdal/lib/asn1/der_length.c | 57 +++++++++++++++ crypto/heimdal/lib/asn1/der_put.c | 72 +++++++++++++++++++ crypto/heimdal/lib/asn1/gen.c | 20 +++--- crypto/heimdal/lib/asn1/gen_decode.c | 18 ++--- crypto/heimdal/lib/asn1/gen_encode.c | 12 ++-- crypto/heimdal/lib/asn1/gen_length.c | 12 ++-- crypto/heimdal/lib/asn1/gen_template.c | 22 +++--- crypto/heimdal/lib/asn1/lex.l | 2 +- crypto/heimdal/lib/asn1/symbol.h | 10 ++- crypto/heimdal/lib/asn1/template.c | 2 + crypto/heimdal/lib/asn1/test.asn1 | 2 + 21 files changed, 446 insertions(+), 52 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=689dbdedd8bdaa0e6c7149a7a26dc77ba9db886e commit 689dbdedd8bdaa0e6c7149a7a26dc77ba9db886e Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-17 17:49:30 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-24 21:27:11 +0000 heimdal: asn1: Use unsigned bitfields for named bitsets Import upstream 6747e1628: asn1: Use unsigned bitfields for named bitsets Signed 1-bit bitfields are undefined in C. This should fix the following warnings, which for unknown reasons are errors in CI: /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1020 | ku.digitalSignature = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1021 | ku.keyEncipherment = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1028 | ku.keyCertSign = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1029 | ku.cRLSign = 1; | ^ ~ PR: 276960 Fixes: 1b7487592987 MFC after: 1 week (cherry picked from commit 219b6e442308d5353b2af5f0771ce9b887b70754) crypto/heimdal/lib/asn1/gen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2efe30782cd92ef975eb4d05c53bac1d8a7e9f46 commit 2efe30782cd92ef975eb4d05c53bac1d8a7e9f46 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-16 18:56:37 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-24 21:26:47 +0000 heimdal: Add 64-bit integer support to ASN.1 compiler Import upstream 19d378f44: ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending on whether the constraint ranges include numbers that cannot be represented in 32-bit ints and whether they include negative numbers. Template backend support included. check-template is now built with --template, so we know we're testing it. Tests included. Also adjusts the generated files: * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have) * der-protos.h, which needs a bunch of new prototypes. I copied these from a der-protos.h generated by the upstream build system, which uses a perl script for this. * adjust printf format strings for int64_t. Upstream uses %lld for this, but that is not portable, and leads to lots of -Werror warnings. This should fix target-dependent differences between headers generated by asn1_compile. For example, when cross compiling world from amd64 to i386, the generated cms_asn1.h header has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..-1), iv OCTET STRING, } while a native build on i386 has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..2147483647), iv OCTET STRING, } These are _both_ wrong, since the source file, cms.asn1, has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } PR: 276960 Reviewed by: cy, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D44814 Differential Revision: https://reviews.freebsd.org/D44815 (cherry picked from commit 1b7487592987c91020063a311a14dc15b6e58075) crypto/heimdal/lib/asn1/Makefile.am | 12 +++- crypto/heimdal/lib/asn1/asn1-template.h | 2 + crypto/heimdal/lib/asn1/asn1parse.c | 6 +- crypto/heimdal/lib/asn1/asn1parse.h | 2 +- crypto/heimdal/lib/asn1/asn1parse.y | 6 +- crypto/heimdal/lib/asn1/check-gen.c | 120 ++++++++++++++++++++++++++++++++ crypto/heimdal/lib/asn1/der-protos.h | 50 +++++++++++++ crypto/heimdal/lib/asn1/der_copy.c | 14 ++++ crypto/heimdal/lib/asn1/der_free.c | 12 ++++ crypto/heimdal/lib/asn1/der_get.c | 45 +++++++++++- crypto/heimdal/lib/asn1/der_length.c | 57 +++++++++++++++ crypto/heimdal/lib/asn1/der_put.c | 72 +++++++++++++++++++ crypto/heimdal/lib/asn1/gen.c | 20 +++--- crypto/heimdal/lib/asn1/gen_decode.c | 18 ++--- crypto/heimdal/lib/asn1/gen_encode.c | 12 ++-- crypto/heimdal/lib/asn1/gen_length.c | 12 ++-- crypto/heimdal/lib/asn1/gen_template.c | 22 +++--- crypto/heimdal/lib/asn1/lex.l | 2 +- crypto/heimdal/lib/asn1/symbol.h | 10 ++- crypto/heimdal/lib/asn1/template.c | 2 + crypto/heimdal/lib/asn1/test.asn1 | 2 + 21 files changed, 446 insertions(+), 52 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=15dfc47b6adc0ba6bf91f60d05c404c7621dbc11 commit 15dfc47b6adc0ba6bf91f60d05c404c7621dbc11 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-04-17 17:49:30 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-04-24 21:27:27 +0000 heimdal: asn1: Use unsigned bitfields for named bitsets Import upstream 6747e1628: asn1: Use unsigned bitfields for named bitsets Signed 1-bit bitfields are undefined in C. This should fix the following warnings, which for unknown reasons are errors in CI: /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1020 | ku.digitalSignature = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1021 | ku.keyEncipherment = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1028 | ku.keyCertSign = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1029 | ku.cRLSign = 1; | ^ ~ PR: 276960 Fixes: 1b7487592987 MFC after: 1 week (cherry picked from commit 219b6e442308d5353b2af5f0771ce9b887b70754) crypto/heimdal/lib/asn1/gen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)