From 1d61a03794326fc4e4605e98343b784058cb453e Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Thu, 27 Jul 2023 20:03:16 +0200
Subject: [PATCH] crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error
 result of ossl_cmp_asn1_get_int()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
---
 crypto/cmp/cmp_client.c | 2 +-
 crypto/cmp/cmp_msg.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 23b3a8bd05..91876ee948 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -683,7 +683,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         if (rid == OSSL_CMP_CERTREQID_NONE) {
             /* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */
             rid = ossl_cmp_asn1_get_int(crep->certReqId);
-            if (rid != OSSL_CMP_CERTREQID_NONE) {
+            if (rid < OSSL_CMP_CERTREQID_NONE) {
                 ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
                 return 0;
             }
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 2b421ee83b..a7e22d874a 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -984,7 +984,7 @@ static int suitable_rid(const ASN1_INTEGER *certReqId, int rid)
         return 1;
 
     trid = ossl_cmp_asn1_get_int(certReqId);
-    if (trid < OSSL_CMP_CERTREQID_NONE) {
+    if (trid <= OSSL_CMP_CERTREQID_INVALID) {
         ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
         return 0;
     }
-- 
2.34.1