From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 31 Mar 2026 15:53:47 +0000 (+0800)
Subject: ecp_s390x_nistp.c: Reject negative digest length to prevent size_t underflow
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db3178f4203415f9b25dce42881cf97d2808dc39;p=thirdparty%2Fopenssl.git

ecp_s390x_nistp.c: Reject negative digest length to prevent size_t underflow

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed Apr 15 11:01:20 2026
(Merged from https://github.com/openssl/openssl/pull/30648)
---

diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index d940e9106b8..4b3fbb2f796 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -145,6 +145,11 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
 #endif
     int off;
 
+    if (dgstlen < 0) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+        return NULL;
+    }
+
     group = EC_KEY_get0_group(eckey);
     order = EC_GROUP_get0_order(group);
     privkey = EC_KEY_get0_private_key(eckey);
@@ -285,6 +290,11 @@ static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
     const EC_POINT *pubkey;
     int off;
 
+    if (dgstlen < 0) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+        return -1;
+    }
+
     group = EC_KEY_get0_group(eckey);
     pubkey = EC_KEY_get0_public_key(eckey);
     if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {