From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 19 May 2020 08:51:53 +0000 (+0200)
Subject: Avoid potential overflow to the sign bit when shifting left 24 places
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5156ecbe691c964ae528c74f94d5b515aeb25542;p=oweals%2Fopenssl.git

Avoid potential overflow to the sign bit when shifting left 24 places

Although there are platforms where int is 64 bit, 2GiB large BIGNUMs
instead of 4GiB should be "big enough for everybody".

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

(cherry picked from commit 1d05eb55caa8965a151360c2469c463ecd990987)
---

diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
index bdbe822415..b6e35a8ed9 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
     int neg = 0;
     BIGNUM *a = NULL;
 
-    if (n < 4) {
+    if (n < 4 || (d[0] & 0x80) != 0) {
         BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
         return NULL;
     }