grpc 1.41.0 → 1.41.1

data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c

@@ -66,53 +66,47 @@
 #include "internal.h"
 
 
+static int asn1_item_ex_i2d_opt(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_ITEM *it, int tag, int aclass,
+                                int optional);
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-                                 const ASN1_ITEM *it, int tag, int aclass);
-static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
-                       const ASN1_ITEM *it);
+                                 const ASN1_ITEM *it, int tag, int aclass,
+                                 int optional);
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *out_omit,
+                       int *putype, const ASN1_ITEM *it);
 static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-                            int skcontlen, const ASN1_ITEM *item,
-                            int do_sort, int iclass);
+                            int skcontlen, const ASN1_ITEM *item, int do_sort);
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_TEMPLATE *tt, int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                               const ASN1_ITEM *it, int flags);
 
 /*
  * Top level i2d equivalents
  */
 
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-{
-    return asn1_item_flags_i2d(val, out, it, 0);
-}
-
-/*
- * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
- * points to a buffer to output the data to. The new i2d has one additional
- * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
- * allocated and populated with the encoding.
- */
-
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                               const ASN1_ITEM *it, int flags)
 {
     if (out && !*out) {
         unsigned char *p, *buf;
-        int len;
-        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
-        if (len <= 0)
+        int len = ASN1_item_ex_i2d(&val, NULL, it, /*tag=*/-1, /*aclass=*/0);
+        if (len <= 0) {
             return len;
+        }
         buf = OPENSSL_malloc(len);
-        if (!buf)
+        if (!buf) {
+            OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         p = buf;
-        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        int len2 = ASN1_item_ex_i2d(&val, &p, it, /*tag=*/-1, /*aclass=*/0);
+        if (len2 <= 0) {
+            return len2;
+        }
+        assert(len == len2);
         *out = buf;
         return len;
     }
 
-    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+    return ASN1_item_ex_i2d(&val, out, it, /*tag=*/-1, /*aclass=*/0);
 }
 
 /*
@@ -122,27 +116,48 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
 
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                      const ASN1_ITEM *it, int tag, int aclass)
+{
+    int ret = asn1_item_ex_i2d_opt(pval, out, it, tag, aclass, /*optional=*/0);
+    assert(ret != 0);
+    return ret;
+}
+
+/* asn1_item_ex_i2d_opt behaves like |ASN1_item_ex_i2d| but, if |optional| is
+ * non-zero and |*pval| is omitted, it returns zero and writes no bytes. */
+int asn1_item_ex_i2d_opt(ASN1_VALUE **pval, unsigned char **out,
+                         const ASN1_ITEM *it, int tag, int aclass,
+                         int optional)
 {
     const ASN1_TEMPLATE *tt = NULL;
     int i, seqcontlen, seqlen;
-    const ASN1_EXTERN_FUNCS *ef;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_aux_cb *asn1_cb = 0;
 
-    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-        return 0;
+    /* Historically, |aclass| was repurposed to pass additional flags into the
+     * encoding process. */
+    assert((aclass & ASN1_TFLG_TAG_CLASS) == aclass);
+    /* If not overridding the tag, |aclass| is ignored and should be zero. */
+    assert(tag != -1 || aclass == 0);
 
-    if (aux && aux->asn1_cb)
-        asn1_cb = aux->asn1_cb;
+    /* All fields are pointers, except for boolean |ASN1_ITYPE_PRIMITIVE|s.
+     * Optional primitives are handled later. */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) {
+        if (optional) {
+            return 0;
+        }
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
+        return -1;
+    }
 
     switch (it->itype) {
 
     case ASN1_ITYPE_PRIMITIVE:
-        if (it->templates)
-            return asn1_template_ex_i2d(pval, out, it->templates,
-                                        tag, aclass);
-        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-        break;
+        if (it->templates) {
+            if (it->templates->flags & ASN1_TFLG_OPTIONAL) {
+                OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
+                return -1;
+            }
+            return asn1_template_ex_i2d(pval, out, it->templates, tag, aclass);
+        }
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass, optional);
 
     case ASN1_ITYPE_MSTRING:
         /*
@@ -153,9 +168,9 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
             return -1;
         }
-        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, -1, 0, optional);
 
-    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_CHOICE: {
         /*
          * It never makes sense for CHOICE types to have implicit tagging, so if
          * tag != -1, then this looks like an error in the template.
@@ -164,31 +179,39 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
             return -1;
         }
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-            return 0;
         i = asn1_get_choice_selector(pval, it);
-        if ((i >= 0) && (i < it->tcount)) {
-            ASN1_VALUE **pchval;
-            const ASN1_TEMPLATE *chtt;
-            chtt = it->templates + i;
-            pchval = asn1_get_field_ptr(pval, chtt);
-            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
-        }
-        /* Fixme: error condition if selector out of range */
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-            return 0;
-        break;
+        if (i < 0 || i >= it->tcount) {
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            return -1;
+        }
+        const ASN1_TEMPLATE *chtt = it->templates + i;
+        if (chtt->flags & ASN1_TFLG_OPTIONAL) {
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
+            return -1;
+        }
+        ASN1_VALUE **pchval = asn1_get_field_ptr(pval, chtt);
+        return asn1_template_ex_i2d(pchval, out, chtt, -1, 0);
+    }
 
-    case ASN1_ITYPE_EXTERN:
+    case ASN1_ITYPE_EXTERN: {
         /* If new style i2d it does all the work */
-        ef = it->funcs;
-        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+        const ASN1_EXTERN_FUNCS *ef = it->funcs;
+        int ret = ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+        if (ret == 0) {
+            /* |asn1_ex_i2d| should never return zero. We have already checked
+             * for optional values generically, and |ASN1_ITYPE_EXTERN| fields
+             * must be pointers. */
+            OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        return ret;
+    }
 
-    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE: {
         i = asn1_enc_restore(&seqcontlen, out, pval, it);
         /* An error occurred */
         if (i < 0)
-            return 0;
+            return -1;
         /* We have a valid cached encoding... */
         if (i > 0)
             return seqcontlen;
@@ -197,12 +220,8 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
         if (tag == -1) {
             tag = V_ASN1_SEQUENCE;
-            /* Retain any other flags in aclass */
-            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
-                | V_ASN1_UNIVERSAL;
+            aclass = V_ASN1_UNIVERSAL;
         }
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-            return 0;
         /* First work out sequence content length */
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
             const ASN1_TEMPLATE *seqtt;
@@ -210,9 +229,9 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             int tmplen;
             seqtt = asn1_do_adb(pval, tt, 1);
             if (!seqtt)
-                return 0;
+                return -1;
             pseqval = asn1_get_field_ptr(pval, seqtt);
-            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, 0);
             if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
                 return -1;
             seqcontlen += tmplen;
@@ -228,40 +247,49 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             ASN1_VALUE **pseqval;
             seqtt = asn1_do_adb(pval, tt, 1);
             if (!seqtt)
-                return 0;
+                return -1;
             pseqval = asn1_get_field_ptr(pval, seqtt);
-            /* FIXME: check for errors in enhanced version */
-            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+            if (asn1_template_ex_i2d(pseqval, out, seqtt, -1, 0) < 0) {
+                return -1;
+            }
         }
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-            return 0;
         return seqlen;
+    }
 
     default:
-        return 0;
-
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
+        return -1;
     }
-    return 0;
 }
 
+/* asn1_template_ex_i2d behaves like |asn1_item_ex_i2d_opt| but uses an
+ * |ASN1_TEMPLATE| instead of an |ASN1_ITEM|. An |ASN1_TEMPLATE| wraps an
+ * |ASN1_ITEM| with modifiers such as tagging, SEQUENCE or SET, etc. Instead of
+ * taking an |optional| parameter, it uses the |ASN1_TFLG_OPTIONAL| flag. */
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_TEMPLATE *tt, int tag, int iclass)
 {
     int i, ret, flags, ttag, tclass;
     size_t j;
     flags = tt->flags;
+
+    /* Historically, |iclass| was repurposed to pass additional flags into the
+     * encoding process. */
+    assert((iclass & ASN1_TFLG_TAG_CLASS) == iclass);
+    /* If not overridding the tag, |iclass| is ignored and should be zero. */
+    assert(tag != -1 || iclass == 0);
+
     /*
      * Work out tag and class to use: tagging may come either from the
      * template or the arguments, not both because this would create
-     * ambiguity. Additionally the iclass argument may contain some
-     * additional flags which should be noted and passed down to other
-     * levels.
+     * ambiguity.
      */
     if (flags & ASN1_TFLG_TAG_MASK) {
         /* Error if argument and template tagging */
-        if (tag != -1)
-            /* FIXME: error code here */
+        if (tag != -1) {
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
             return -1;
+        }
         /* Get tagging from template */
         ttag = tt->tag;
         tclass = flags & ASN1_TFLG_TAG_CLASS;
@@ -273,14 +301,12 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         ttag = -1;
         tclass = 0;
     }
-    /*
-     * Remove any class mask from iflag.
-     */
-    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    const int optional = (flags & ASN1_TFLG_OPTIONAL) != 0;
 
     /*
-     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
-     * class and iclass is any flags passed to this function.
+     * At this point 'ttag' contains the outer tag to use, and 'tclass' is the
+     * class.
      */
 
     if (flags & ASN1_TFLG_SK_MASK) {
@@ -290,16 +316,22 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         int skcontlen, sklen;
         ASN1_VALUE *skitem;
 
-        if (!*pval)
-            return 0;
+        if (!*pval) {
+            if (optional) {
+                return 0;
+            }
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
+            return -1;
+        }
 
         if (flags & ASN1_TFLG_SET_OF) {
             isset = 1;
-            /* 2 means we reorder */
-            if (flags & ASN1_TFLG_SEQUENCE_OF)
-                isset = 2;
-        } else
+            /* Historically, types with both bits set were mutated when
+             * serialized to apply the sort. We no longer support this. */
+            assert((flags & ASN1_TFLG_SEQUENCE_OF) == 0);
+        } else {
             isset = 0;
+        }
 
         /*
          * Work out inner tag value: if EXPLICIT or no tagging use underlying
@@ -322,7 +354,7 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
             int tmplen;
             skitem = sk_ASN1_VALUE_value(sk, j);
             tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
-                                      -1, iclass);
+                                      -1, 0);
             if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
                 return -1;
             skcontlen += tmplen;
@@ -346,30 +378,36 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         /* SET or SEQUENCE and IMPLICIT tag */
         ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass);
         /* And the stuff itself */
-        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
-                         isset, iclass);
+        if (!asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                              isset)) {
+            return -1;
+        }
         return ret;
     }
 
     if (flags & ASN1_TFLG_EXPTAG) {
         /* EXPLICIT tagging */
         /* Find length of tagged item */
-        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
-        if (!i)
-            return 0;
+        i = asn1_item_ex_i2d_opt(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0,
+                                 optional);
+        if (i <= 0)
+            return i;
         /* Find length of EXPLICIT tag */
         ret = ASN1_object_size(/*constructed=*/1, i, ttag);
         if (out && ret != -1) {
             /* Output tag and item */
             ASN1_put_object(out, /*constructed=*/1, i, ttag, tclass);
-            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1,
+                                 0) < 0) {
+                return -1;
+            }
         }
         return ret;
     }
 
-    /* Either normal or IMPLICIT tagging: combine class and flags */
-    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-                            ttag, tclass | iclass);
+    /* Either normal or IMPLICIT tagging */
+    return asn1_item_ex_i2d_opt(pval, out, ASN1_ITEM_ptr(tt->item),
+                                ttag, tclass, optional);
 
 }
 
@@ -378,7 +416,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
 typedef struct {
     unsigned char *data;
     int length;
-    ASN1_VALUE *field;
 } DER_ENC;
 
 static int der_cmp(const void *a, const void *b)
@@ -392,99 +429,96 @@ static int der_cmp(const void *a, const void *b)
     return d1->length - d2->length;
 }
 
-/* Output the content octets of SET OF or SEQUENCE OF */
-
+/* asn1_set_seq_out writes |sk| to |out| under the i2d output convention,
+ * excluding the tag and length. It returns one on success and zero on error.
+ * |skcontlen| must be the total encoded size. If |do_sort| is non-zero, the
+ * elements are sorted for a SET OF type. Each element of |sk| has type
+ * |item|. */
 static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-                            int skcontlen, const ASN1_ITEM *item,
-                            int do_sort, int iclass)
+                            int skcontlen, const ASN1_ITEM *item, int do_sort)
 {
-    size_t i;
-    ASN1_VALUE *skitem;
-    unsigned char *tmpdat = NULL, *p = NULL;
-    DER_ENC *derlst = NULL, *tder;
-    if (do_sort) {
-        /* Don't need to sort less than 2 items */
-        if (sk_ASN1_VALUE_num(sk) < 2)
-            do_sort = 0;
-        else {
-            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
-                                    * sizeof(*derlst));
-            if (!derlst)
-                return 0;
-            tmpdat = OPENSSL_malloc(skcontlen);
-            if (!tmpdat) {
-                OPENSSL_free(derlst);
+    /* No need to sort if there are fewer than two items. */
+    if (!do_sort || sk_ASN1_VALUE_num(sk) < 2) {
+        for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
+            if (ASN1_item_ex_i2d(&skitem, out, item, -1, 0) < 0) {
                 return 0;
             }
         }
-    }
-    /* If not sorting just output each item */
-    if (!do_sort) {
-        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-            skitem = sk_ASN1_VALUE_value(sk, i);
-            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
-        }
         return 1;
     }
-    p = tmpdat;
-
-    /* Doing sort: build up a list of each member's DER encoding */
-    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-        skitem = sk_ASN1_VALUE_value(sk, i);
-        tder->data = p;
-        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
-        tder->field = skitem;
+
+    if (sk_ASN1_VALUE_num(sk) > ((size_t)-1) / sizeof(DER_ENC)) {
+        OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
+        return 0;
+    }
+
+    int ret = 0;
+    unsigned char *const buf = OPENSSL_malloc(skcontlen);
+    DER_ENC *encoded = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*encoded));
+    if (encoded == NULL || buf == NULL) {
+        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Encode all the elements into |buf| and populate |encoded|. */
+    unsigned char *p = buf;
+    for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+        ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
+        encoded[i].data = p;
+        encoded[i].length = ASN1_item_ex_i2d(&skitem, &p, item, -1, 0);
+        if (encoded[i].length < 0) {
+            goto err;
+        }
+        assert(p - buf <= skcontlen);
     }
 
-    /* Now sort them */
-    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
-    /* Output sorted DER encoding */
+    qsort(encoded, sk_ASN1_VALUE_num(sk), sizeof(*encoded), der_cmp);
+
+    /* Output the elements in sorted order. */
     p = *out;
-    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-        OPENSSL_memcpy(p, tder->data, tder->length);
-        p += tder->length;
+    for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+        OPENSSL_memcpy(p, encoded[i].data, encoded[i].length);
+        p += encoded[i].length;
     }
     *out = p;
-    /* If do_sort is 2 then reorder the STACK */
-    if (do_sort == 2) {
-        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
-    }
-    OPENSSL_free(derlst);
-    OPENSSL_free(tmpdat);
-    return 1;
+
+    ret = 1;
+
+err:
+    OPENSSL_free(encoded);
+    OPENSSL_free(buf);
+    return ret;
 }
 
+/* asn1_i2d_ex_primitive behaves like |ASN1_item_ex_i2d| but |item| must be a
+ * a PRIMITIVE or MSTRING type that is not an |ASN1_ITEM_TEMPLATE|. */
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-                                 const ASN1_ITEM *it, int tag, int aclass)
+                                 const ASN1_ITEM *it, int tag, int aclass,
+                                 int optional)
 {
-    int len;
-    int utype;
-    int usetag;
-
-    utype = it->utype;
-
-    /*
-     * Get length of content octets and maybe find out the underlying type.
-     */
-
-    len = asn1_ex_i2c(pval, NULL, &utype, it);
+    /* Get length of content octets and maybe find out the underlying type. */
+    int omit;
+    int utype = it->utype;
+    int len = asn1_ex_i2c(pval, NULL, &omit, &utype, it);
+    if (len < 0) {
+        return -1;
+    }
+    if (omit) {
+        if (optional) {
+            return 0;
+        }
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
+        return -1;
+    }
 
     /*
      * If SEQUENCE, SET or OTHER then header is included in pseudo content
      * octets so don't include tag+length. We need to check here because the
      * call to asn1_ex_i2c() could change utype.
      */
-    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
-        (utype == V_ASN1_OTHER))
-        usetag = 0;
-    else
-        usetag = 1;
-
-    /* -1 means omit type */
-
-    if (len == -1)
-        return 0;
+    int usetag = utype != V_ASN1_SEQUENCE && utype != V_ASN1_SET &&
+                 utype != V_ASN1_OTHER;
 
     /* If not implicitly tagged get tag from underlying type */
     if (tag == -1)
@@ -492,21 +526,42 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
 
     /* Output tag+length followed by content octets */
     if (out) {
-        if (usetag)
+        if (usetag) {
             ASN1_put_object(out, /*constructed=*/0, len, tag, aclass);
-        asn1_ex_i2c(pval, *out, &utype, it);
+        }
+        int len2 = asn1_ex_i2c(pval, *out, &omit, &utype, it);
+        if (len2 < 0) {
+          return -1;
+        }
+        assert(len == len2);
+        assert(!omit);
         *out += len;
     }
 
-    if (usetag)
+    if (usetag) {
         return ASN1_object_size(/*constructed=*/0, len, tag);
+    }
     return len;
 }
 
-/* Produce content octets from a structure */
-
-static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
-                       const ASN1_ITEM *it)
+/* asn1_ex_i2c writes the |*pval| to |cout| under the i2d output convention,
+ * excluding the tag and length. It returns the number of bytes written,
+ * possibly zero, on success or -1 on error. If |*pval| should be omitted, it
+ * returns zero and sets |*out_omit| to true.
+ *
+ * If |it| is an MSTRING or ANY type, it gets the underlying type from |*pval|,
+ * which must be an |ASN1_STRING| or |ASN1_TYPE|, respectively. It then updates
+ * |*putype| with the tag number of type used, or |V_ASN1_OTHER| if it was not a
+ * universal type. If |*putype| is set to |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or
+ * |V_ASN1_OTHER|, it additionally outputs the tag and length, so the caller
+ * must not do so.
+ *
+ * Otherwise, |*putype| must contain |it->utype|.
+ *
+ * WARNING: Unlike most functions in this file, |asn1_ex_i2c| can return zero
+ * without omitting the element. ASN.1 values may have empty contents. */
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *out_omit,
+                       int *putype, const ASN1_ITEM *it)
 {
     ASN1_BOOLEAN *tbool = NULL;
     ASN1_STRING *strtmp;
@@ -520,23 +575,51 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
      * |ASN1_PRIMITIVE_FUNCS| table of callbacks. */
     assert(it->funcs == NULL);
 
+    *out_omit = 0;
+
     /* Should type be omitted? */
     if ((it->itype != ASN1_ITYPE_PRIMITIVE)
         || (it->utype != V_ASN1_BOOLEAN)) {
-        if (!*pval)
-            return -1;
+        if (!*pval) {
+            *out_omit = 1;
+            return 0;
+        }
     }
 
     if (it->itype == ASN1_ITYPE_MSTRING) {
         /* If MSTRING type set the underlying type */
         strtmp = (ASN1_STRING *)*pval;
         utype = strtmp->type;
+        if (utype < 0 && utype != V_ASN1_OTHER) {
+            /* MSTRINGs can have type -1 when default-constructed. */
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
+            return -1;
+        }
+        /* Negative INTEGER and ENUMERATED values use |ASN1_STRING| type values
+         * that do not match their corresponding utype values. INTEGERs cannot
+         * participate in MSTRING types, but ENUMERATEDs can.
+         *
+         * TODO(davidben): Is this a bug? Although arguably one of the MSTRING
+         * types should contain more values, rather than less. See
+         * https://crbug.com/boringssl/412. But it is not possible to fit all
+         * possible ANY values into an |ASN1_STRING|, so matching the spec here
+         * is somewhat hopeless. */
+        if (utype == V_ASN1_NEG_INTEGER) {
+            utype = V_ASN1_INTEGER;
+        } else if (utype == V_ASN1_NEG_ENUMERATED) {
+            utype = V_ASN1_ENUMERATED;
+        }
         *putype = utype;
     } else if (it->utype == V_ASN1_ANY) {
         /* If ANY set type and pointer to value */
         ASN1_TYPE *typ;
         typ = (ASN1_TYPE *)*pval;
         utype = typ->type;
+        if (utype < 0 && utype != V_ASN1_OTHER) {
+            /* |ASN1_TYPE|s can have type -1 when default-constructed. */
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
+            return -1;
+        }
         *putype = utype;
         pval = &typ->value.asn1_value;
     } else
@@ -547,8 +630,11 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
         otmp = (ASN1_OBJECT *)*pval;
         cont = otmp->data;
         len = otmp->length;
-        if (cont == NULL || len == 0)
+        if (len == 0) {
+            /* Some |ASN1_OBJECT|s do not have OIDs and cannot be serialized. */
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
             return -1;
+        }
         break;
 
     case V_ASN1_NULL:
@@ -558,34 +644,39 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
 
     case V_ASN1_BOOLEAN:
         tbool = (ASN1_BOOLEAN *)pval;
-        if (*tbool == -1)
-            return -1;
+        if (*tbool == -1) {
+            *out_omit = 1;
+            return 0;
+        }
         if (it->utype != V_ASN1_ANY) {
             /*
              * Default handling if value == size field then omit
              */
-            if (*tbool && (it->size > 0))
-                return -1;
-            if (!*tbool && !it->size)
-                return -1;
+            if ((*tbool && (it->size > 0)) ||
+                (!*tbool && !it->size)) {
+                *out_omit = 1;
+                return 0;
+            }
         }
         c = *tbool ? 0xff : 0x00;
         cont = &c;
         len = 1;
         break;
 
-    case V_ASN1_BIT_STRING:
-        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
-                                   cout ? &cout : NULL);
-        break;
+    case V_ASN1_BIT_STRING: {
+        int ret = i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                      cout ? &cout : NULL);
+        /* |i2c_ASN1_BIT_STRING| returns zero on error instead of -1. */
+        return ret <= 0 ? -1 : ret;
+    }
 
     case V_ASN1_INTEGER:
-    case V_ASN1_ENUMERATED:
-        /*
-         * These are all have the same content format as ASN1_INTEGER
-         */
-        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
-        break;
+    case V_ASN1_ENUMERATED: {
+        /* |i2c_ASN1_INTEGER| also handles ENUMERATED. */
+        int ret = i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+        /* |i2c_ASN1_INTEGER| returns zero on error instead of -1. */
+        return ret <= 0 ? -1 : ret;
+    }
 
     case V_ASN1_OCTET_STRING:
     case V_ASN1_NUMERICSTRING: