From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Thu, 27 Jul 2023 18:03:16 +0000 (+0200)
Subject: crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_g... 
X-Git-Tag: openssl-3.3.0-alpha1~386
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d61a03794326fc4e4605e98343b784058cb453e;p=thirdparty%2Fopenssl.git

crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
---

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 23b3a8bd051..91876ee948e 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -683,7 +683,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         if (rid == OSSL_CMP_CERTREQID_NONE) {
             /* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */
             rid = ossl_cmp_asn1_get_int(crep->certReqId);
-            if (rid != OSSL_CMP_CERTREQID_NONE) {
+            if (rid < OSSL_CMP_CERTREQID_NONE) {
                 ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
                 return 0;
             }
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 2b421ee83bc..a7e22d874ad 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -984,7 +984,7 @@ static int suitable_rid(const ASN1_INTEGER *certReqId, int rid)
         return 1;
 
     trid = ossl_cmp_asn1_get_int(certReqId);
-    if (trid < OSSL_CMP_CERTREQID_NONE) {
+    if (trid <= OSSL_CMP_CERTREQID_INVALID) {
         ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
         return 0;
     }