Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the

mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing
author: tb <> 2019-03-13 20:34:00 +0000
committer: tb <> 2019-03-13 20:34:00 +0000
commit: 5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0 (patch)
tree: 81f6ab2828c3099781b20bfb3c3d4c20a8449029 /src/lib/libcrypto/pkcs7
parent: 949d9e712f1c305bf193db2c3d0528f18d77fbcf (diff)
download: openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.tar.gz
openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.tar.bz2
openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.zip
2 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 24ab957b4c..d0c27e98a9 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.43 2019/03/13 20:34:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -410,7 +410,7 @@ pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
            pcert->cert_info->issuer);
        if (ret)
                return ret;
-        return ASN1_STRING_cmp(pcert->cert_info->serialNumber,
+        return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
            ri->issuer_and_serial->serial);
 }
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index dc407dad55..28f812a811 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: pk7_lib.c,v 1.20 2019/03/13 20:34:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -374,7 +374,7 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
         * things the ugly way. */
        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
        if (!(p7i->issuer_and_serial->serial =
-            ASN1_STRING_dup(X509_get_serialNumber(x509))))
+            ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
                goto err;
        /* lets keep the pkey around for a while */
@@ -534,7 +534,7 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
        if (!(p7i->issuer_and_serial->serial =
-            ASN1_STRING_dup(X509_get_serialNumber(x509))))
+            ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
                return 0;
        pkey = X509_get_pubkey(x509);
author	tb <>	2019-03-13 20:34:00 +0000
committer	tb <>	2019-03-13 20:34:00 +0000
commit	5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0 (patch)
tree	81f6ab2828c3099781b20bfb3c3d4c20a8449029 /src/lib/libcrypto/pkcs7
parent	949d9e712f1c305bf193db2c3d0528f18d77fbcf (diff)
download	openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.tar.gz openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.tar.bz2 openbsd-5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0.zip

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 24ab957b4c..d0c27e98a9 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */	1	/* $OpenBSD: pk7_doit.c,v 1.43 2019/03/13 20:34:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -410,7 +410,7 @@ pkcs7_cmp_ri(PKCS7_RECIP_INFO ri, X509 pcert)
410	pcert->cert_info->issuer);	410	pcert->cert_info->issuer);
411	if (ret)	411	if (ret)
412	return ret;	412	return ret;
413	return ASN1_STRING_cmp(pcert->cert_info->serialNumber,	413	return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
414	ri->issuer_and_serial->serial);	414	ri->issuer_and_serial->serial);
415	}	415	}
416		416


diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index dc407dad55..28f812a811 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */	1	/* $OpenBSD: pk7_lib.c,v 1.20 2019/03/13 20:34:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -374,7 +374,7 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
374	* things the ugly way. */	374	* things the ugly way. */
375	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);	375	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
376	if (!(p7i->issuer_and_serial->serial =	376	if (!(p7i->issuer_and_serial->serial =
377	ASN1_STRING_dup(X509_get_serialNumber(x509))))	377	ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
378	goto err;	378	goto err;
379		379
380	/* lets keep the pkey around for a while */	380	/* lets keep the pkey around for a while */
@@ -534,7 +534,7 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO p7i, X509 x509)
534		534
535	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);	535	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
536	if (!(p7i->issuer_and_serial->serial =	536	if (!(p7i->issuer_and_serial->serial =
537	ASN1_STRING_dup(X509_get_serialNumber(x509))))	537	ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
538	return 0;	538	return 0;
539		539
540	pkey = X509_get_pubkey(x509);	540	pkey = X509_get_pubkey(x509);