From f1ec1ee1a3ee541b318d0d841aad19f6c105f479 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Fri, 29 Aug 2025 10:02:39 +0200
Subject: [PATCH 1/2] crypto/rand/randfile.c: avoid signed integer overflow in
 RAND_load_file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.

Reported-by: Liu-Ermeng <liuermeng2@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)

(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/rand/randfile.c      | 4 ++++
 doc/man3/RAND_load_file.pod | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 86c322473c..01f3b611d9 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -167,6 +167,10 @@ int RAND_load_file(const char *file, long bytes)
         /* If given a bytecount, and we did it, break. */
         if (bytes > 0 && (bytes -= i) <= 0)
             break;
+
+        /* We can hit a signed integer overflow on the next iteration */
+        if (ret > INT_MAX - RAND_LOAD_BUF_SIZE)
+            break;
     }
 
     OPENSSL_cleanse(buf, sizeof(buf));
diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod
index baca54cb3c..fd00bf883d 100644
--- a/doc/man3/RAND_load_file.pod
+++ b/doc/man3/RAND_load_file.pod
@@ -20,6 +20,8 @@ RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is nonnegative,
 up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
+RAND_load_file() can read less than the complete file or the requested number
+of bytes if it doesn't fit in the return value type.
 Do not load the same file multiple times unless its contents have
 been updated by RAND_write_file() between reads.
 Also, note that B<filename> should be adequately protected so that an
-- 
Gitee


From 086d7c0eaed39a7b84482421a7ad9830d1d38d8e Mon Sep 17 00:00:00 2001
From: jing-wang177 <wangjing561@huawei.com>
Date: Thu, 11 Sep 2025 16:49:10 +0800
Subject: [PATCH 2/2] =?UTF-8?q?openssl=E6=BC=8F=E6=B4=9E=E5=9B=9E=E5=90=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/x509/x509_vpm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index b4f4c45998..fa87bdd028 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -608,6 +608,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);
-- 
Gitee