Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number

When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER, negative input values should not be accepted. Fixes #17103 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17104)
2021-11-22 17:08:19 +01:00 · 2021-11-22 17:08:19 +01:00 · 8585b5bc62
parent b556713a6f
commit 8585b5bc62
4 changed files with 10 additions and 0 deletions
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@ -29,6 +29,8 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
    "insufficient param size"},
    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE),
    "insufficient secure data space"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE),
+    "invalid negative value"},
    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT),
    "invalid null argument"},
    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE),
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@ -434,6 +434,7 @@ CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
 CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space
 CRYPTO_R_INSUFFICIENT_PARAM_SIZE:107:insufficient param size
 CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE:108:insufficient secure data space
+CRYPTO_R_INVALID_NEGATIVE_VALUE:122:invalid negative value
 CRYPTO_R_INVALID_NULL_ARGUMENT:109:invalid null argument
 CRYPTO_R_INVALID_OSSL_PARAM_TYPE:110:invalid ossl param type
 CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@ -54,6 +54,12 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
        if (r == 0 || *tmpbn == NULL)
            return 0;

+        if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER
+            && BN_is_negative(*tmpbn)) {
+            ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INVALID_NEGATIVE_VALUE);
+            return 0;
+        }
+
        /*
         * 2s complement negate, part 1
         *
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@ -28,6 +28,7 @@
 # define CRYPTO_R_INSUFFICIENT_DATA_SPACE                 106
 # define CRYPTO_R_INSUFFICIENT_PARAM_SIZE                 107
 # define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE          108
+# define CRYPTO_R_INVALID_NEGATIVE_VALUE                  122
 # define CRYPTO_R_INVALID_NULL_ARGUMENT                   109
 # define CRYPTO_R_INVALID_OSSL_PARAM_TYPE                 110
 # define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103