feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7143 from julek-wolfssl/zd/17303

Browse Source 
EVP_Cipher: correct parameter checking
This commit is contained in:
Sean Parkinson
2024-01-23 07:15:20 +10:00
committed by GitHub
parent eb1fff3ad3 fc7143a8f4
commit b0de0a1c95
3 changed files with 91 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
.github/workflows/libssh2.yml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: libssh2 Tests
on:
workflow_call:
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
check: false # config is already tested in many other PRB's
install: true
- name: Upload built lib
uses: actions/upload-artifact@v3
with:
name: wolf-install-libssh2
path: build-dir
retention-days: 1
libssh2_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.11.0 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
with:
name: wolf-install-libssh2
path: build-dir
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: libssh2/libssh2
ref: libssh2-${{ matrix.ref }}
path: libssh2
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm libssh2 built with wolfSSL
working-directory: ./libssh2
run: ldd src/.libs/libssh2.so | grep wolfssl

2
.github/workflows/main.yml vendored
View File

@@ -42,6 +42,8 @@ jobs:
uses: ./.github/workflows/packaging.yml
memcached:
uses: ./.github/workflows/memcached.yml
libssh2:
uses: ./.github/workflows/libssh2.yml
# TODO: Currently this test fails. Enable it once it becomes passing.
# haproxy:
# uses: ./.github/workflows/haproxy.yml

55
wolfcrypt/src/evp.c
View File

@@ -8110,6 +8110,26 @@ void wolfSSL_EVP_init(void)
}
#endif /* !NO_AES || !NO_DES3 */
static int IsCipherTypeAEAD(unsigned char cipherType)
{
switch (cipherType) {
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE:
case AES_128_CCM_TYPE:
case AES_192_CCM_TYPE:
case AES_256_CCM_TYPE:
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
case SM4_GCM_TYPE:
case SM4_CCM_TYPE:
return 1;
default:
return 0;
}
}
/* Return length on ok */
int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
word32 len)
@@ -8118,34 +8138,21 @@ void wolfSSL_EVP_init(void)
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
if (ctx == NULL || ((src == NULL || dst == NULL) &&
(TRUE
#ifdef HAVE_AESGCM
&& ctx->cipherType != AES_128_GCM_TYPE &&
ctx->cipherType != AES_192_GCM_TYPE &&
ctx->cipherType != AES_256_GCM_TYPE
#endif
#ifdef HAVE_AESCCM
&& ctx->cipherType != AES_128_CCM_TYPE &&
ctx->cipherType != AES_192_CCM_TYPE &&
ctx->cipherType != AES_256_CCM_TYPE
#endif
#ifdef HAVE_ARIA
&& ctx->cipherType != ARIA_128_GCM_TYPE &&
ctx->cipherType != ARIA_192_GCM_TYPE &&
ctx->cipherType != ARIA_256_GCM_TYPE
#endif
#ifdef WOLFSSL_SM4_GCM
&& ctx->cipherType != SM4_GCM_TYPE
#endif
#ifdef WOLFSSL_SM4_CCM
&& ctx->cipherType != SM4_CCM_TYPE
#endif
))) {
if (ctx == NULL) {
WOLFSSL_MSG("Bad argument.");
return WOLFSSL_FATAL_ERROR;
}
if (!IsCipherTypeAEAD(ctx->cipherType)) {
/* No-op for non-AEAD ciphers */
if (src == NULL && dst == NULL && len == 0)
return 0;
if (src == NULL || dst == NULL) {
WOLFSSL_MSG("Bad argument.");
return WOLFSSL_FATAL_ERROR;
}
}
if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
WOLFSSL_MSG("Cipher operation not initialized. Call "
"wolfSSL_EVP_CipherInit.");