Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D-w46_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGkjkiQ2oFEyC0sxw3OHhO-2B1Wj0a7sQ-2B6BaR-2B9EtTk6uy7wcyC56XuDU4GAwcGKPYhQufibixeZ9rZ3oElVxChN2yhzxyB45lAlaKKnNYts27s10LIrJl3EGN03dyXMupZ2U9kGgpXmY1UuZfsCMx1zmLwHc4NNzt3pBCD-2BYVaWZGnPha2-2FI6JWLcJNnhA3vv8-3D Build ID: 420949 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 162bd56e99b2e73cfdc6777acb3f1b3dafccc9ba (commit)
from 37dc4f9530d131b4f581582c34c08074abbc9923 (commit)
- Log -
commit 162bd56e99b2e73cfdc6777acb3f1b3dafccc9ba
Author: Richard Levitte
Date: Thu Nov 25 09:55:09 2021 +0100
TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)
---
Summary of changes:
test/bntest.c | 34 +++---
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/test/bntest.c b/test/bntest.c
index 236501e679..b58028a301 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -27,7 +27,6 @@
/*
* Things in boring, not in openssl. TODO we should add them.
*/
-#define HAVE_BN_PADDED 0
#define HAVE_BN_SQRT 0
typedef struct filetest_st {
@@ -1731,52 +1730,52 @@ static int file_gcd(STANZA *s)
static int test_bn2padded(void)
{
-#if HAVE_BN_PADDED
uint8_t zeros[256], out[256], reference[128];
-BIGNUM *n = BN_new();
+size_t bytes;
+BIGNUM *n;
int st = 0;
/* Test edge case at 0. */
-if (n == NULL)
+if (!TEST_ptr((n = BN_new(
goto err;
-if (!TEST_true(BN_bn2bin_padded(NULL, 0, n)))
+if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0))
goto err;
memset(out, -1, sizeof(out));
-if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)))
goto err;
memset(zeros, 0, sizeof(zeros));
if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out)))
goto err;
/* Test a random numbers at various byte lengths. */
-for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
+for (bytes = 128 - 7; bytes <= 128; bytes++) {
# define TOP_BIT_ON 0
# define BOTTOM_BIT_NOTOUCH 0
if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH)))
goto err;
-if (!TEST_int_eq(BN_num_bytes(n),A) bytes
-|| TEST_int_eq(BN_bn2bin(n, reference), bytes))
+if (!TEST_int_eq(BN_num_bytes(n), bytes)
+|| !TEST_int_eq(BN_bn2bin(n, reference), bytes))
goto err;
/* Empty buffer should fail. */
-if (!TEST_int_eq(BN_bn2bin_padded(NULL, 0, n)), 0)
+if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1))
goto err;
/* One byte short should fail. */
-if (BN_bn2bin_padded(out, bytes - 1, n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1))
goto err;
/* Exactly right size should encode. */
-if (!TEST_true(BN_bn2bin_padded(out, bytes, n))
-|| TEST_mem_eq(out, bytes, reference, bytes))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes)
+|| !TEST_mem_eq(out, bytes, reference, bytes))
goto err;
/* Pad up one byte extra. */
-if (!TEST_true(BN_bn2bin_padded(out, bytes + 1, n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1)
|| !TEST_mem_eq(out + 1, bytes, reference, bytes)
|| !TEST_mem_eq(out, 1, zeros, 1))
goto err;
/* Pad up to 256. */
-if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n)
+if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))
|| !TEST_mem_eq(out + sizeof(out) - bytes, bytes,
reference, bytes)
-|| !TEST_mem_eq(out, sizseof(out) - bytes,
+|| !TEST_mem_eq(out, sizeof(out) - bytes,
zeros, sizeof(out) - bytes))
goto err;
}
@@ -1785,9 +1784,6 @@ static int test_bn2padded(void)
err:
BN_free(n);
return st;
-#else
-return ctx != NULL;
-#endif
}
static int test_dec2bn(void)
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 015e3f59434651c454c94888d0c6d57c2203cd42 (commit)
from 0c9afd6918dfe5e818b3545ede88011adeb6e76b (commit)
- Log -
commit 015e3f59434651c454c94888d0c6d57c2203cd42
Author: Richard Levitte
Date: Thu Nov 25 09:55:09 2021 +0100
TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)
---
Summary of changes:
test/bntest.c | 34 +++---
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/test/bntest.c b/test/bntest.c
index 86fa163c6e..87e5c4065b 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -30,7 +30,6 @@
/*
* Things in boring, not in openssl.
*/
-#define HAVE_BN_PADDED 0
#define HAVE_BN_SQRT 0
typedef struct filetest_st {
@@ -1734,52 +1733,52 @@ static int file_gcd(STANZA *s)
static int test_bn2padded(void)
{
-#if HAVE_BN_PADDED
uint8_t zeros[256], out[256], reference[128];
-BIGNUM *n = BN_new();
+size_t bytes;
+BIGNUM *n;
int st = 0;
/* Test edge case at 0. */
-if (n == NULL)
+if (!TEST_ptr((n = BN_new(
goto err;
-if (!TEST_true(BN_bn2bin_padded(NULL, 0, n)))
+if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0))
goto err;
memset(out, -1, sizeof(out));
-if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)))
goto err;
memset(zeros, 0, sizeof(zeros));
if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out)))
goto err;
/* Test a random numbers at various byte lengths. */
-for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
+for (bytes = 128 - 7; bytes <= 128; bytes++) {
# define TOP_BIT_ON 0
# define BOTTOM_BIT_NOTOUCH 0
if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH)))
goto err;
-if (!TEST_int_eq(BN_num_bytes(n),A) bytes
-|| TEST_int_eq(BN_bn2bin(n, reference), bytes))
+if (!TEST_int_eq(BN_num_bytes(n), bytes)
+|| !TEST_int_eq(BN_bn2bin(n, reference), bytes))
goto err;
/* Empty buffer should fail. */
-if (!TEST_int_eq(BN_bn2bin_padded(NULL, 0, n)), 0)
+if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1))
goto err;
/* One byte short should fail. */
-if (BN_bn2bin_padded(out, bytes - 1, n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1))
goto err;
/* Exactly right size should encode. */
-if (!TEST_true(BN_bn2bin_padded(out, bytes, n))
-|| TEST_mem_eq(out, bytes, reference, bytes))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes)
+|| !TEST_mem_eq(out, bytes, reference, bytes))
goto err;
/* Pad up one byte extra. */
-if (!TEST_true(BN_bn2bin_padded(out, bytes + 1, n))
+if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1)
|| !TEST_mem_eq(out + 1, bytes, reference, bytes)
|| !TEST_mem_eq(out, 1, zeros, 1))
goto err;
/* Pad up to 256. */
-if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n)
+if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))
|| !TEST_mem_eq(out + sizeof(out) - bytes, bytes,
reference, bytes)
-|| !TEST_mem_eq(out, sizseof(out) - bytes,
+|| !TEST_mem_eq(out, sizeof(out) - bytes,
zeros, sizeof(out) - bytes))
goto err;
}
@@ -1788,9 +1787,6 @@ static int test_bn2padded(void)
err:
BN_free(n);
return st;
-#else
-return ctx != NULL;
-#endif
}
static int test_dec2bn(void)
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 0c9afd6918dfe5e818b3545ede88011adeb6e76b (commit) from 09e1818a54cad2d348138427234660fcabae793e (commit) - Log - commit 0c9afd6918dfe5e818b3545ede88011adeb6e76b Author: Dmitry Belyavskiy Date: Tue Nov 23 15:18:52 2021 +0100 More detailed explanation how do engines work in 3.0 Related: #16868, #17081, #17107 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17115) (cherry picked from commit 29a27cb2c5c1757831f42117871f8c59058343a9) --- Summary of changes: doc/man7/migration_guide.pod | 15 +++ 1 file changed, 15 insertions(+) diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 627173f180..67e102fa4c 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -121,6 +121,21 @@ FIPS module, as detailed below. Authors and maintainers of external engines are strongly encouraged to refactor their code transforming engines into providers using the new Provider API and avoiding deprecated methods. +=head3 Support of legacy engines + +If openssl is not built without engine support or deprecated API support, engines +will still work. However, their applicability will be limited. + +New algorithms provided via engines will still work. + +Engine-backed keys can be loaded via custom B implementation. +In this case the B objects created via L +will be concidered legacy and will continue to work. + +To ensure the future compatibility, the engines should be turned to providers. +To prefer the provider-based hardware offload, you can specify the default +properties to prefer your provider. + =head3 Versioning Scheme The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
[openssl] master update
The branch master has been updated via 29a27cb2c5c1757831f42117871f8c59058343a9 (commit) from d724da69389196cdb9ef8db036656882fbc5a6ab (commit) - Log - commit 29a27cb2c5c1757831f42117871f8c59058343a9 Author: Dmitry Belyavskiy Date: Tue Nov 23 15:18:52 2021 +0100 More detailed explanation how do engines work in 3.0 Related: #16868, #17081, #17107 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17115) --- Summary of changes: doc/man7/migration_guide.pod | 15 +++ 1 file changed, 15 insertions(+) diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 627173f180..67e102fa4c 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -121,6 +121,21 @@ FIPS module, as detailed below. Authors and maintainers of external engines are strongly encouraged to refactor their code transforming engines into providers using the new Provider API and avoiding deprecated methods. +=head3 Support of legacy engines + +If openssl is not built without engine support or deprecated API support, engines +will still work. However, their applicability will be limited. + +New algorithms provided via engines will still work. + +Engine-backed keys can be loaded via custom B implementation. +In this case the B objects created via L +will be concidered legacy and will continue to work. + +To ensure the future compatibility, the engines should be turned to providers. +To prefer the provider-based hardware offload, you can specify the default +properties to prefer your provider. + =head3 Versioning Scheme The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
