bin2bn(): When len==0, just return a zero BIGNUM

This allows calls with s==NULL and len==0 to be safe.  It probably already
was, but address sanitizers could still complain.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 4fe6ce071a3b01f6952ac2b056c816260d75c920..9d665c26fc4187a9696cc6a1315571252fb2e880 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -446,6 +446,15 @@ static BIGNUM *bin2bn(const unsigned char *s, int len, BIGNUM *ret,
         return NULL;
     bn_check_top(ret);
 
+    /*
+     * If the input has no bits, the number is considered zero.
+     * This makes calls with s==NULL and len==0 safe.
+     */
+    if (len == 0) {
+        BN_clear(ret);
+        return ret;
+    }
+
     /*
      * The loop that does the work iterates from least to most
      * significant BIGNUM chunk, so we adapt parameters to transfer