From: Richard Levitte <levitte@openssl.org>
Date: Mon, 22 Nov 2021 16:08:19 +0000 (+0100)
Subject: Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number
X-Git-Tag: openssl-3.2.0-alpha1~3288
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8585b5bc62d0bf394ca6adf24f8590e9b9b18402;p=thirdparty%2Fopenssl.git

Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number

When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER,
negative input values should not be accepted.

Fixes #17103

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
---

diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 79c1a905957..8574f31a812 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -29,6 +29,8 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
     "insufficient param size"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE),
     "insufficient secure data space"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE),
+    "invalid negative value"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT),
     "invalid null argument"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index b47293a27ac..777a0de19d7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -434,6 +434,7 @@ CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
 CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space
 CRYPTO_R_INSUFFICIENT_PARAM_SIZE:107:insufficient param size
 CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE:108:insufficient secure data space
+CRYPTO_R_INVALID_NEGATIVE_VALUE:122:invalid negative value
 CRYPTO_R_INVALID_NULL_ARGUMENT:109:invalid null argument
 CRYPTO_R_INVALID_OSSL_PARAM_TYPE:110:invalid ossl param type
 CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits
diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
index 84851edc47e..43323c37075 100644
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@@ -54,6 +54,12 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
         if (r == 0 || *tmpbn == NULL)
             return 0;
 
+        if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER
+            && BN_is_negative(*tmpbn)) {
+            ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INVALID_NEGATIVE_VALUE);
+            return 0;
+        }
+
         /*
          * 2s complement negate, part 1
          *
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index 67996680896..c6a04d9b973 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -28,6 +28,7 @@
 # define CRYPTO_R_INSUFFICIENT_DATA_SPACE                 106
 # define CRYPTO_R_INSUFFICIENT_PARAM_SIZE                 107
 # define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE          108
+# define CRYPTO_R_INVALID_NEGATIVE_VALUE                  122
 # define CRYPTO_R_INVALID_NULL_ARGUMENT                   109
 # define CRYPTO_R_INVALID_OSSL_PARAM_TYPE                 110
 # define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103