From 6e81bed7e73cc9f54a8b8d4fc0da3f9ff0b9dc68 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Wed, 13 Mar 2019 20:34:01 +0000 Subject: Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing --- lib/libcrypto/x509/x509_cmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libcrypto/x509/x509_cmp.c') diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index 2141f871e5e..6d6e8408994 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cmp.c,v 1.34 2018/08/24 19:59:32 tb Exp $ */ +/* $OpenBSD: x509_cmp.c,v 1.35 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -76,7 +76,7 @@ X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) ai = a->cert_info; bi = b->cert_info; - i = ASN1_STRING_cmp(ai->serialNumber, bi->serialNumber); + i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); if (i) return (i); return (X509_NAME_cmp(ai->issuer, bi->issuer)); -- cgit v1.2.3