Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits

The failure would be caught later on, so this went unnoticed, until someone tried with just one hex digit, which was simply ignored. Fixes #23373 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23374)
author: Richard Levitte <levitte@openssl.org> 2024-01-23 13:17:31 +0100
committer: Tomas Mraz <tomas@openssl.org> 2024-01-25 16:36:55 +0100
commit: ea6268cfceaba24328d66bd14bfc97c4fac14a58 (patch)
tree: 863e8f4e99fe549205c7a22370b0c52ab65a0a76 /crypto/params_from_text.c
parent: 8a85df7c60ba1372ee98acc5982e902d75f52130 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c
index 38e0927195..1591029817 100644
--- a/crypto/params_from_text.c
+++ b/crypto/params_from_text.c
@@ -115,7 +115,13 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
         break;
     case OSSL_PARAM_OCTET_STRING:
         if (*ishex) {
-            *buf_n = strlen(value) >> 1;
+            size_t hexdigits = strlen(value);
+            if ((hexdigits % 2) != 0) {
+                /* We don't accept an odd number of hex digits */
+                ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+                return 0;
+            }
+            *buf_n = hexdigits >> 1;
         } else {
             *buf_n = value_n;
         }
author	Richard Levitte <levitte@openssl.org>	2024-01-23 13:17:31 +0100
committer	Tomas Mraz <tomas@openssl.org>	2024-01-25 16:36:55 +0100
commit	ea6268cfceaba24328d66bd14bfc97c4fac14a58 (patch)
tree	863e8f4e99fe549205c7a22370b0c52ab65a0a76 /crypto/params_from_text.c
parent	8a85df7c60ba1372ee98acc5982e902d75f52130 (diff)