Fix ASN1_INTEGER handling.

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER tag: V_ASN1_NEG_INTEGER is an internal only value which is never used for on the wire encoding. Thanks to David Benjamin <davidben@google.com> for reporting this bug. This was found using libFuzzer. RT#4364 (part)CVE-2016-2108. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-04-15 02:37:09 +0100
committer: Matt Caswell <matt@openssl.org> 2016-05-03 13:06:15 +0100
commit: d7ab691bc479d3cf2eea07329db6ce0e2589f0b9 (patch)
tree: ad78427ab9613eaf07a1e4d48e5680cc9b2dc81c /crypto/asn1/a_type.c
parent: d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (diff)
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index 8dea2e0e5c..e132b0c40a 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -122,9 +122,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
         result = 0;             /* They do not have content. */
         break;
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
     case V_ASN1_BIT_STRING:
     case V_ASN1_OCTET_STRING:
     case V_ASN1_SEQUENCE:
author	Dr. Stephen Henson <steve@openssl.org>	2016-04-15 02:37:09 +0100
committer	Matt Caswell <matt@openssl.org>	2016-05-03 13:06:15 +0100
commit	d7ab691bc479d3cf2eea07329db6ce0e2589f0b9 (patch)
tree	ad78427ab9613eaf07a1e4d48e5680cc9b2dc81c /crypto/asn1/a_type.c
parent	d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (diff)