diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-07-27 20:03:16 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-08-03 09:29:41 +0200 |
commit | 2c8d9f19e351a84d4329fbe2f68a4a8a49cad3ef (patch) | |
tree | 0e9a40b956fbee0840ee1f3f64332f389b10d319 /crypto/cmp | |
parent | bdb1f6b74486daa1971b928528109a4c67cf2eb9 (diff) |
crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21579)
Diffstat (limited to 'crypto/cmp')
-rw-r--r-- | crypto/cmp/cmp_asn.c | 8 | ||||
-rw-r--r-- | crypto/cmp/cmp_client.c | 2 | ||||
-rw-r--r-- | crypto/cmp/cmp_status.c | 5 |
3 files changed, 9 insertions, 6 deletions
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index 73bc6363e0..4cf203f8e4 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -306,22 +306,22 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, return 1; } -/* get ASN.1 encoded integer, return -1 on error */ +/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) { int64_t res; if (!ASN1_INTEGER_get_int64(&res, a)) { ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER); - return -1; + return -2; } if (res < INT_MIN) { ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL); - return -1; + return -2; } if (res > INT_MAX) { ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE); - return -1; + return -2; } return (int)res; } diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index fbbcdd21d2..0c39b13f91 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -587,7 +587,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, return 0; if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */ rid = ossl_cmp_asn1_get_int(crep->certReqId); - if (rid != OSSL_CMP_CERTREQID_NONE) { + if (rid < OSSL_CMP_CERTREQID_NONE) { ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID); return 0; } diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index 5c02faec10..ecb97854d9 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -30,9 +30,12 @@ int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si) { + int res ; + if (!ossl_assert(si != NULL && si->status != NULL)) return -1; - return ossl_cmp_asn1_get_int(si->status); + res = ossl_cmp_asn1_get_int(si->status); + return res == -2 ? -1 : res; } const char *ossl_cmp_PKIStatus_to_string(int status) |