Add a function for validating a DER-encoded INTEGER.

net/der/parse_values.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_DER_PARSE_VALUES_H_
 #define NET_DER_PARSE_VALUES_H_
 
 #include "base/compiler_specific.h"
 #include "net/base/net_export.h"
 #include "net/der/input.h"
 
 namespace net {
 
 namespace der {
 
 // Reads a DER-encoded ASN.1 BOOLEAN value from |in| and puts the resulting
 // value in |out|. Returns whether the encoded value could successfully be
 // read.
 NET_EXPORT bool ParseBool(const Input& in, bool* out) WARN_UNUSED_RESULT;
 
 // Like ParseBool, except it is more relaxed in what inputs it accepts: Any
 // value that is a valid BER encoding will be parsed successfully.
 NET_EXPORT bool ParseBoolRelaxed(const Input& in, bool* out) WARN_UNUSED_RESULT;
 
+// Checks the validity of a DER-encoded ASN.1 INTEGER value from |in|, and
+// determines the sign and length of the number. Returns true on success and
+// fills |negative| and |numeric_length|. Otherwise returns false and does not
+// modify any outputs.
+//
+//    in: The value portion of an INTEGER.
+//    negative: Out parameter that is set to true if the number is negative,
+//        and false otherwise (zero counts as !negative).
+//    numeric_length: The minimum number of bytes needed to represent this
+//        INTEGER using either a signed or unsigned twos-complement
+//        representation. For negative INTEGERs the numeric_length will always
+//        be in.Length(). However for non-negative numbers the numeric_length
+//        may be one less than in.Length(). This happens because the first byte
+//        may be entirely zero simply to indicate that it is not negative.
+NET_EXPORT bool ParseInteger(const Input& in,

[nharper, 2015/08/14 22:23:41]

All of the other Parse* functions here are of the form ParseType(const Input&
in, Type* out) (for whatever value of Type). It seems like this is more of a
verification or validation function than a parsing function (since it doesn't
have an output param that represents the value parsed), and its name should be
changed to reflect that.

[eroman, 2015/08/14 23:19:38]

Done. Renamed to IsValidInteger().

+                             bool* negative,
+                             size_t* numeric_length) WARN_UNUSED_RESULT;
+
 // Reads a DER-encoded ASN.1 INTEGER value from |in| and puts the resulting
 // value in |out|. ASN.1 INTEGERs are arbitrary precision; this function is
 // provided as a convenience when the caller knows that the value is unsigned
-// and is between 0 and 2^63-1. This function does not support the full range of
-// uint64_t. This function returns false if the value is too big to fit in a
-// uint64_t, is negative, or if there is an error reading the integer.
+// and is between 0 and 2^64-1. This function returns false if the value is too
+// big to fit in a uint64_t, is negative, or if there is an error reading the
+// integer.
 NET_EXPORT bool ParseUint64(const Input& in, uint64_t* out) WARN_UNUSED_RESULT;
 
 // The BitString class is a helper for representing a valid parsed BIT STRING.
 //
 // * The bits are ordered within each octet of bytes() from most to least
 //   significant, as in the DER encoding.
 //
 // * There may be at most 7 unused bits.
 class NET_EXPORT BitString {
  public:
@@ skipping 52 matching lines @@
 // DER rules - it follows the rules from RFC5280, which does not allow for
 // fractional seconds.
 NET_EXPORT bool ParseGeneralizedTime(const Input& in,
                                      GeneralizedTime* out) WARN_UNUSED_RESULT;
 
 }  // namespace der
 
 }  // namespace net
 
 #endif  // NET_DER_PARSE_VALUES_H_