From e44d7af88579ebe18a2d8ef57242b067993706b1 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 13 Mar 2019 20:34:00 +0000 Subject: Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing --- src/lib/libcrypto/asn1/x_crl.c | 6 ++---- src/lib/libcrypto/pkcs7/pk7_doit.c | 4 ++-- src/lib/libcrypto/pkcs7/pk7_lib.c | 6 +++--- src/lib/libcrypto/x509/x509_cmp.c | 4 ++-- src/lib/libcrypto/x509v3/v3_sxnet.c | 4 ++-- 5 files changed, 11 insertions(+), 13 deletions(-) diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 0837ec15be..bc1783dbfb 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_crl.c,v 1.33 2018/08/24 19:55:58 tb Exp $ */ +/* $OpenBSD: x_crl.c,v 1.34 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -527,9 +527,7 @@ X509_CRL_dup(X509_CRL *x) static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b) { - return(ASN1_STRING_cmp( - (ASN1_STRING *)(*a)->serialNumber, - (ASN1_STRING *)(*b)->serialNumber)); + return(ASN1_INTEGER_cmp((*a)->serialNumber, (*b)->serialNumber)); } int diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 24ab957b4c..d0c27e98a9 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.43 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -410,7 +410,7 @@ pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) pcert->cert_info->issuer); if (ret) return ret; - return ASN1_STRING_cmp(pcert->cert_info->serialNumber, + return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, ri->issuer_and_serial->serial); } diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index dc407dad55..28f812a811 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pk7_lib.c,v 1.20 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -374,7 +374,7 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, * things the ugly way. */ ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = - ASN1_STRING_dup(X509_get_serialNumber(x509)))) + ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) goto err; /* lets keep the pkey around for a while */ @@ -534,7 +534,7 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = - ASN1_STRING_dup(X509_get_serialNumber(x509)))) + ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; pkey = X509_get_pubkey(x509); diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 2141f871e5..6d6e840899 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cmp.c,v 1.34 2018/08/24 19:59:32 tb Exp $ */ +/* $OpenBSD: x509_cmp.c,v 1.35 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -76,7 +76,7 @@ X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) ai = a->cert_info; bi = b->cert_info; - i = ASN1_STRING_cmp(ai->serialNumber, bi->serialNumber); + i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); if (i) return (i); return (X509_NAME_cmp(ai->issuer, bi->issuer)); diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c index 53db28248a..400bc26346 100644 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ b/src/lib/libcrypto/x509v3/v3_sxnet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: v3_sxnet.c,v 1.21 2018/05/13 15:03:01 tb Exp $ */ +/* $OpenBSD: v3_sxnet.c,v 1.22 2019/03/13 20:34:00 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -376,7 +376,7 @@ SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if (!ASN1_STRING_cmp(id->zone, zone)) + if (!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; } return NULL; -- cgit v1.2.3-55-g6feb