Commit a06897df77 for openssl.org
commit a06897df7788a5163f1c39b3759e64cd9b62225c
Author: Richard Levitte <levitte@openssl.org>
Date: Thu Oct 9 19:55:47 2025 +0200
Fix BN_DEBUG: ossl_assert() → assert()
ossl_assert() has been modified so much that it no longer fits the
purpose of bn_check_top() when BN_DEBUG is defined in a debug build,
which is to abort and tell where the BIGNUM is inconsistent. This
is by design.
This has remained undiscovered because no one has tried BN_DEBUG
for quite a while.
Assertions in bn_check_top() are also rearranged to better show what
the actual problem is.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28801)
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index 10b93729a7..bb889d6116 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -158,6 +158,10 @@
*/
# ifdef BN_DEBUG
+
+/* ossl_assert() isn't fit for BN_DEBUG purposes, use assert() instead */
+# include <assert.h>
+
/*
* The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
* bn_correct_top, in other words such vectors are permitted to have zeros
@@ -192,9 +196,11 @@
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
int _top = _bnum2->top; \
- (void)ossl_assert((_top == 0 && !_bnum2->neg) || \
- (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
- || _bnum2->d[_top - 1] != 0))); \
+ if (_top == 0) { \
+ assert(!_bnum2->neg); \
+ } else if ((_bnum2->flags & BN_FLG_FIXED_TOP) == 0) { \
+ assert(_bnum2->d[_top - 1] != 0); \
+ } \
bn_pollute(_bnum2); \
} \
} while(0)