From: Richard Levitte <levitte@openssl.org>
Date: Tue, 10 Jan 2023 07:27:44 +0000 (+0100)
Subject: OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated
X-Git-Tag: openssl-3.2.0-alpha1~1538
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c455f87aebf245814ba58d6a398b45ca4e80d1d7;p=thirdparty%2Fopenssl.git

OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated

A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or
UNSIGNED INTEGER) data type are expected to have at least one data byte
allocated, containing a zero.  This wasn't handled correctly.

Fixes #20011

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20013)
---

diff --git a/crypto/param_build.c b/crypto/param_build.c
index f00c0aa8096..ae215ff5aad 100644
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -218,6 +218,10 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
         }
         if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
             secure = 1;
+
+        /* The BIGNUM is zero, we must transfer at least one byte */
+        if (sz == 0)
+            sz++;
     }
     pd = param_push(bld, key, sz, sz, type, secure);
     if (pd == NULL)