cryptobyte: support 64 bit object identifiers

asn1.ObjectIdentifier is a slice of ints and asn1.Marshal can serialize
int values greater than 2^31-1 on 64 bit platforms.

This change updates ReadASN1ObjectIdentifier to support greater int
values on 64 bit platforms.

For golang/go#58821

Author: AlexanderYastrebov

cryptobyte/asn1.go

@@ -7,6 +7,7 @@ package cryptobyte
 import (
 	encoding_asn1 "encoding/asn1"
 	"fmt"
+	"math"
 	"math/big"
 	"reflect"
 	"time"
@@ -421,12 +422,7 @@ func (s *String) ReadASN1Enum(out *int) bool {
 func (s *String) readBase128Int(out *int) bool {
 	ret := 0
 	for i := 0; len(*s) > 0; i++ {
-		if i == 5 {
-			return false
-		}
-		// Avoid overflowing int on a 32-bit platform.
-		// We don't want different behavior based on the architecture.
-		if ret >= 1<<(31-7) {
+		if ret > math.MaxInt>>7 {
 			return false
 		}
 		ret <<= 7

cryptobyte/asn1_32bit_test.go

@@ -0,0 +1,24 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || arm || mips || mipsle
+
+package cryptobyte
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestASN1ObjectIdentifier32bit(t *testing.T) {
+	testData := []readASN1ObjectIdentifierTest{
+		{[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, false, []int{}}, // 2**31
+	}
+
+	for i, test := range testData {
+		t.Run(fmt.Sprintf("#%d", i), func(t *testing.T) {
+			testASN1ObjectIdentifier(t, test)
+		})
+	}
+}

cryptobyte/asn1_64bit_test.go

@@ -0,0 +1,27 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !(386 || arm || mips || mipsle)
+
+package cryptobyte
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestASN1ObjectIdentifier64bit(t *testing.T) {
+	testData := []readASN1ObjectIdentifierTest{
+		{[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, true, []int{2, 5, 2, 2147483648}},                                        // 2**31
+		{[]byte{6, 11, 0x2a, 0x24, 0xcb, 0x89, 0x90, 0x82, 0x1e, 0x03, 0x01, 0x01, 0x01}, true, []int{1, 2, 36, 20151795998, 3, 1, 1, 1}}, // https://github.com/golang/go/issues/58821
+		{[]byte{6, 11, 0x55, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, true, []int{2, 5, 2, 9223372036854775807}},      // 2**63-1
+		{[]byte{0, 12, 0x55, 0x02, 0x81, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x00}, false, []int{}},                           // 2**63
+	}
+
+	for i, test := range testData {
+		t.Run(fmt.Sprintf("#%d", i), func(t *testing.T) {
+			testASN1ObjectIdentifier(t, test)
+		})
+	}
+}

cryptobyte/asn1_test.go

@@ -7,6 +7,7 @@ package cryptobyte
 import (
 	"bytes"
 	encoding_asn1 "encoding/asn1"
+	"fmt"
 	"math/big"
 	"reflect"
 	"testing"
@@ -259,12 +260,14 @@ func TestReadASN1IntegerInvalid(t *testing.T) {
 	}
 }
 
+type readASN1ObjectIdentifierTest struct {
+	in  []byte
+	ok  bool
+	out []int
+}
+
 func TestASN1ObjectIdentifier(t *testing.T) {
-	testData := []struct {
-		in  []byte
-		ok  bool
-		out []int
-	}{
+	testData := []readASN1ObjectIdentifierTest{
 		{[]byte{}, false, []int{}},
 		{[]byte{6, 0}, false, []int{}},
 		{[]byte{5, 1, 85}, false, []int{2, 5}},
@@ -275,29 +278,36 @@ func TestASN1ObjectIdentifier(t *testing.T) {
 		{[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
 		{[]byte{6, 7, 85, 0x02, 0x85, 0xc7, 0xcc, 0xfb, 0x01}, true, []int{2, 5, 2, 1492336001}},
 		{[]byte{6, 7, 0x55, 0x02, 0x87, 0xff, 0xff, 0xff, 0x7f}, true, []int{2, 5, 2, 2147483647}}, // 2**31-1
-		{[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, false, []int{}},                   // 2**31
 	}
 
 	for i, test := range testData {
-		in := String(test.in)
-		var out encoding_asn1.ObjectIdentifier
-		ok := in.ReadASN1ObjectIdentifier(&out)
-		if ok != test.ok || ok && !out.Equal(test.out) {
-			t.Errorf("#%d: in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
-			continue
-		}
+		t.Run(fmt.Sprintf("#%d", i), func(t *testing.T) {
+			testASN1ObjectIdentifier(t, test)
+		})
+	}
+}
 
-		var b Builder
-		b.AddASN1ObjectIdentifier(out)
-		result, err := b.Bytes()
-		if builderOk := err == nil; test.ok != builderOk {
-			t.Errorf("#%d: error from Builder.Bytes: %s", i, err)
-			continue
-		}
-		if test.ok && !bytes.Equal(result, test.in) {
-			t.Errorf("#%d: reserialisation didn't match, got %x, want %x", i, result, test.in)
-			continue
-		}
+func testASN1ObjectIdentifier(t *testing.T, test readASN1ObjectIdentifierTest) {
+	t.Helper()
+
+	in := String(test.in)
+	var out encoding_asn1.ObjectIdentifier
+	ok := in.ReadASN1ObjectIdentifier(&out)
+	if ok != test.ok || ok && !out.Equal(test.out) {
+		t.Errorf("in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out)
+		return
+	}
+
+	var b Builder
+	b.AddASN1ObjectIdentifier(out)
+	result, err := b.Bytes()
+	if builderOk := err == nil; test.ok != builderOk {
+		t.Errorf("error from Builder.Bytes: %s", err)
+		return
+	}
+	if test.ok && !bytes.Equal(result, test.in) {
+		t.Errorf("reserialisation didn't match, got %x, want %x", result, test.in)
+		return
 	}
 }