From: Richard Levitte Date: Thu, 9 Oct 2025 17:55:47 +0000 (+0200) Subject: Fix BN_DEBUG: ossl_assert() → assert() X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a06897df7788a5163f1c39b3759e64cd9b62225c;p=thirdparty%2Fopenssl.git Fix BN_DEBUG: ossl_assert() → assert() ossl_assert() has been modified so much that it no longer fits the purpose of bn_check_top() when BN_DEBUG is defined in a debug build, which is to abort and tell where the BIGNUM is inconsistent. This is by design. This has remained undiscovered because no one has tried BN_DEBUG for quite a while. Assertions in bn_check_top() are also rearranged to better show what the actual problem is. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28801) --- diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h index 10b93729a73..bb889d6116f 100644 --- a/crypto/bn/bn_local.h +++ b/crypto/bn/bn_local.h @@ -158,6 +158,10 @@ */ # ifdef BN_DEBUG + +/* ossl_assert() isn't fit for BN_DEBUG purposes, use assert() instead */ +# include + /* * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with * bn_correct_top, in other words such vectors are permitted to have zeros @@ -192,9 +196,11 @@ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ int _top = _bnum2->top; \ - (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ - (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[_top - 1] != 0))); \ + if (_top == 0) { \ + assert(!_bnum2->neg); \ + } else if ((_bnum2->flags & BN_FLG_FIXED_TOP) == 0) { \ + assert(_bnum2->d[_top - 1] != 0); \ + } \ bn_pollute(_bnum2); \ } \ } while(0)