Commit c9d87ccc50 for openssl.org

commit c9d87ccc50eea86163facc5bfcca66294932e72c
Author: Bob Beck <beck@openssl.org>
Date:   Thu May 7 15:30:03 2026 -0600

    Correct ASN1_STRING_set() behaviour to match the documentation

    ASN1_STRING_set() has never promised to call strlen() for other
    negative values.  Other values here likely indicate an error,
    such as an integer overflow.  Call strlen() only if the length
    provided is -1.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
    MergeDate: Mon May 11 00:34:25 2026
    (Merged from https://github.com/openssl/openssl/pull/31113)

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 4d61dfca54..28898b49ff 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -289,7 +289,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
     const char *data = _data;
     size_t len;

-    if (len_in < 0) {
+    if (len_in < -1) {
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
+        return 0;
+    }
+    if (len_in == -1) {
         if (data == NULL)
             return 0;
         len = strlen(data);