From 7054f42f47971eb9b8f8ee3c8e95f9aaa30a3eb4 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 1 Jan 2024 18:33:04 +0000
Subject: [PATCH] Fix bounds check in EVP_PKEY_CTX_get_keygen_info()

Replace > with >= for the upper array bound to disallow a 4 byte
overread. For RSA you can read the padding mode and for DH past
the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use
this, so we can't kill it easily.

ok miod
---
 lib/libcrypto/evp/pmeth_gn.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c
index c91076b8db2..ce7b107c7ad 100644
--- a/lib/libcrypto/evp/pmeth_gn.c
+++ b/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.15 2024/01/01 18:33:04 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -197,7 +197,7 @@ EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
 {
 	if (idx == -1)
 		return ctx->keygen_info_count;
-	if (idx < 0 || idx > ctx->keygen_info_count)
+	if (idx < 0 || idx >= ctx->keygen_info_count)
 		return 0;
 	return ctx->keygen_info[idx];
 }
-- 
2.20.1