Avoid potential overflow to the sign bit when shifting left 24 places

Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #11857)
openssl · May 20, 2020 · 1d05eb5 · 1d05eb5
1 parent cbeb0bf
commit 1d05eb5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
@@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
     int neg = 0;
     BIGNUM *a = NULL;
 
-    if (n < 4) {
+    if (n < 4 || (d[0] & 0x80) != 0) {
         BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
         return NULL;
     }