Add static check in BN_hex2bn Fixes #17298 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17299)

commit: 7c78bd4be810ddceb8f13585a921946cc98f5fbd [log] [tgz]
author: Kan <chenxinpingc2306@163.com> Fri Dec 17 00:35:32 2021 +0800
committer: Pauli <pauli@openssl.org> Thu Dec 23 12:52:53 2021 +1100
tree: b0bcac78955b2f209671ae691512439e410561de
parent: a595e3286ae9f033c56452967b3add2145f9085f [diff]
diff --git a/crypto/bn/bn_conv.c b/crypto/bn/bn_conv.c
index 6757f3d..75054f5 100644
--- a/crypto/bn/bn_conv.c
+++ b/crypto/bn/bn_conv.c

@@ -154,6 +154,10 @@
             return 0;
     } else {
         ret = *bn;
+        if (BN_get_flags(ret, BN_FLG_STATIC_DATA)) {
+            ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
         BN_zero(ret);
     }
commit	7c78bd4be810ddceb8f13585a921946cc98f5fbd	[log] [tgz]
author	Kan <chenxinpingc2306@163.com>	Fri Dec 17 00:35:32 2021 +0800
committer	Pauli <pauli@openssl.org>	Thu Dec 23 12:52:53 2021 +1100
tree	b0bcac78955b2f209671ae691512439e410561de
parent	a595e3286ae9f033c56452967b3add2145f9085f [diff]