[openssl.org #2049] [patch] x509 -text incorrectly shows serial# as negative numbers

Annie Yousar via RT Fri, 23 Sep 2011 02:05:03 -0700

This is the bug fix I found:
--- openssl-1.0.0e/crypto/asn1/t_x509.c   2011-09-19 11:26:44
+++ openssl-patches/1.0.0/crypto/asn1/t_x509.c   2011-09-19 16:57:11
@@ -141,5 +141,5 @@
                        {
                        l=ASN1_INTEGER_get(bs);
-                       if (l < 0)
+                       if (bs->type == V_ASN1_NEG_INTEGER)
                                {
                                l= -l;


Explanation:
The ASN1 integer serialNumber is negative if and only if its type is
V_ASN1_NEG_INTEGER.
Therefore the check (l < 0) is not applicable here. Full stop.

A closer look shows that the conversion procedure ASN1_INTEGER_get
returns a negative long in case the serial is greater 231-1, e.g.
0xAA121314.

Regards,
Ann.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

[openssl.org #2049] [patch] x509 -text incorrectly shows serial# as negative numbers

Reply via email to