New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added NULL check to BN_clear() & BN_CTX_end() #8518
Conversation
Is it worthwhile making this change in 1.1.1 too? Just to keep the code more in sync. |
I agree. Thus later patches using these functions will be consistent when they are being ported back to 1.1.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, and agreed on 1.1.1. I can merge
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #8518)
Very nice. Now do a PR to update the docs. |
BN_clear_free & BN_CTX_free() both do a NULL check, so it makes sense to also do the NULL
check inside BN_clear() and BN_CTX_end() since these are commonly called at the end of a function in a similar location to the free calls.
BN_clear() is only used in new code so this is not much of a change.
BN_CTX_end() is commonly called before BN_CTX_free() and quite often already does the NULL check
(so moving it inside the function should not be too much overhead). The normal case is that it is not NULL so calling the function is normally required.
This cleanup addresses quite a few coverity issues (in RSA code related to both BN_clear & BN_CTX_end)
Checklist