Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number

When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER, negative input values should not be accepted. Fixes #17103 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17104)
author: Richard Levitte <levitte@openssl.org> 2021-11-22 17:08:19 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-11-24 19:18:19 +0100
commit: 8585b5bc62d0bf394ca6adf24f8590e9b9b18402 (patch)
tree: 0f19c6184648cbb605ec8b419b2723db46b0f542 /crypto/params_from_text.c
parent: b556713a6f2884eadc7f56428bc82a844e9a49e0 (diff)
download: openssl-new-8585b5bc62d0bf394ca6adf24f8590e9b9b18402.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
index 84851edc47..43323c3707 100644
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@@ -54,6 +54,12 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
         if (r == 0 || *tmpbn == NULL)
             return 0;
 
+        if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER
+            && BN_is_negative(*tmpbn)) {
+            ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INVALID_NEGATIVE_VALUE);
+            return 0;
+        }
+
         /*
          * 2s complement negate, part 1
          *
author	Richard Levitte <levitte@openssl.org>	2021-11-22 17:08:19 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-11-24 19:18:19 +0100
commit	8585b5bc62d0bf394ca6adf24f8590e9b9b18402 (patch)
tree	0f19c6184648cbb605ec8b419b2723db46b0f542 /crypto/params_from_text.c
parent	b556713a6f2884eadc7f56428bc82a844e9a49e0 (diff)
download	openssl-new-8585b5bc62d0bf394ca6adf24f8590e9b9b18402.tar.gz