This allows calls with s==NULL and len==0 to be safe. It probably already
was, but address sanitizers could still complain.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)
return NULL;
bn_check_top(ret);
+ /*
+ * If the input has no bits, the number is considered zero.
+ * This makes calls with s==NULL and len==0 safe.
+ */
+ if (len == 0) {
+ BN_clear(ret);
+ return ret;
+ }
+
/*
* The loop that does the work iterates from least to most
* significant BIGNUM chunk, so we adapt parameters to transfer