From b5992183ef86510bda13fd9674c1a55a9ea26f03 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 3 Aug 2025 10:32:04 +0000
Subject: Avoid signed overflow in BN_mul()

Reported by smatch via jsg.
ok beck jsing kenjiro
---
 src/lib/libcrypto/bn/bn_mul.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index bdeb9b0fe8..7ec7d43437 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mul.c,v 1.39 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn_mul.c,v 1.40 2025/08/03 10:32:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,6 +57,7 @@
  */
 
 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
@@ -338,9 +339,9 @@ BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	if (rr == NULL)
 		goto err;
 
-	rn = a->top + b->top;
-	if (rn < a->top)
+	if (a->top > INT_MAX - b->top)
 		goto err;
+	rn = a->top + b->top;
 	if (!bn_wexpand(rr, rn))
 		goto err;
 
-- 
cgit v1.2.3-55-g6feb