Add BN_bn2binpad API and enable OpenVPN master CI testing#10148
Add BN_bn2binpad API and enable OpenVPN master CI testing#10148julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds OpenSSL-compatible BN_bn2binpad support to wolfSSL’s OpenSSL shim layer and updates the OpenVPN GitHub Actions workflow to test against OpenVPN master again now that the API exists.
Changes:
- Added
wolfSSL_BN_bn2binpaddeclaration +BN_bn2binpadmacro mapping. - Implemented
wolfSSL_BN_bn2binpadwith left-zero-padding semantics and size checks. - Expanded BN API tests and updated OpenVPN CI matrix to include
master.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| wolfssl/openssl/bn.h | Exposes wolfSSL_BN_bn2binpad and maps BN_bn2binpad to it. |
| src/ssl_bn.c | Implements wolfSSL_BN_bn2binpad encoding/padding behavior. |
| tests/api/test_ossl_bn.c | Adds coverage for BN_bn2binpad success/error cases. |
| .github/workflows/openvpn.yml | Re-enables testing against OpenVPN master in CI matrix. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
julek-wolfssl
force-pushed
the
openvpn-master-bn2binpad
branch
from
d8e9584 to
312de40
Compare
julek-wolfssl
force-pushed
the
openvpn-master-bn2binpad
branch
from
312de40 to
175cdaa
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (numBytes > toLen) { | ||
| WOLFSSL_MSG("BN too large for toLen"); | ||
| return WOLFSSL_FATAL_ERROR; | ||
| } |
There was a problem hiding this comment.
The API contract in the comment says this function returns -1 on error, but the implementation returns WOLFSSL_FATAL_ERROR. This works only if WOLFSSL_FATAL_ERROR is guaranteed to be -1 across all builds/configurations. To keep OpenSSL-compat behavior explicit and stable, return -1 directly (or ensure WOLFSSL_FATAL_ERROR is definitionally -1 for this API surface).
| ExpectIntEQ(BN_bn2binpad(NULL, padOut, sizeof(padOut)), -1); | ||
| ExpectIntEQ(BN_bn2binpad(&emptyBN, padOut, sizeof(padOut)), -1); | ||
| ExpectIntEQ(BN_bn2binpad(a, NULL, sizeof(padOut)), -1); |
There was a problem hiding this comment.
sizeof(padOut) is a size_t but BN_bn2binpad takes an int length. Some toolchains treat this as a sign-conversion warning (and in general it’s safer to avoid implicit narrowing). Consider casting explicitly, e.g. (int)sizeof(padOut), for the test calls that pass sizeof(...).
| ExpectIntEQ(BN_bn2binpad(NULL, padOut, sizeof(padOut)), -1); | |
| ExpectIntEQ(BN_bn2binpad(&emptyBN, padOut, sizeof(padOut)), -1); | |
| ExpectIntEQ(BN_bn2binpad(a, NULL, sizeof(padOut)), -1); | |
| ExpectIntEQ(BN_bn2binpad(NULL, padOut, (int)sizeof(padOut)), -1); | |
| ExpectIntEQ(BN_bn2binpad(&emptyBN, padOut, (int)sizeof(padOut)), -1); | |
| ExpectIntEQ(BN_bn2binpad(a, NULL, (int)sizeof(padOut)), -1); |
| check_hidden: true | ||
| # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive) | ||
| ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te,HSI,failT, | ||
| ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te,HSI,failT,toLen, |
There was a problem hiding this comment.
The workflow comment says ignore_words_list should be sorted alphabetically (case sensitive). Adding toLen at the end breaks that rule; please insert it in sorted order to keep the list maintainable and consistent with the documented expectation.
| ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te,HSI,failT,toLen, | |
| ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,ser,siz,te,toLen,userA,Te,HSI,failT, |
julek-wolfssl
force-pushed
the
openvpn-master-bn2binpad
branch
from
175cdaa to
0c43158
Compare
No description provided.