Commit db3178f420 for openssl.org

commit db3178f4203415f9b25dce42881cf97d2808dc39
Author: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date:   Tue Mar 31 23:53:47 2026 +0800

    ecp_s390x_nistp.c: Reject negative digest length to prevent size_t underflow

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Wed Apr 15 11:01:20 2026
    (Merged from https://github.com/openssl/openssl/pull/30648)

diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index d940e9106b..4b3fbb2f79 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -145,6 +145,11 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
 #endif
     int off;

+    if (dgstlen < 0) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+        return NULL;
+    }
+
     group = EC_KEY_get0_group(eckey);
     order = EC_GROUP_get0_order(group);
     privkey = EC_KEY_get0_private_key(eckey);
@@ -285,6 +290,11 @@ static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
     const EC_POINT *pubkey;
     int off;

+    if (dgstlen < 0) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+        return -1;
+    }
+
     group = EC_KEY_get0_group(eckey);
     pubkey = EC_KEY_get0_public_key(eckey);
     if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {