diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml new file mode 100644 index 000000000..ec82ce1da --- /dev/null +++ b/.github/workflows/libssh2.yml @@ -0,0 +1,58 @@ +name: libssh2 Tests + +on: + workflow_call: + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + check: false # config is already tested in many other PRB's + install: true + + - name: Upload built lib + uses: actions/upload-artifact@v3 + with: + name: wolf-install-libssh2 + path: build-dir + retention-days: 1 + + libssh2_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 1.11.0 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 8 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v3 + with: + name: wolf-install-libssh2 + path: build-dir + + - name: Build and test libssh2 + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: libssh2/libssh2 + ref: libssh2-${{ matrix.ref }} + path: libssh2 + configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir + check: true + + - name: Confirm libssh2 built with wolfSSL + working-directory: ./libssh2 + run: ldd src/.libs/libssh2.so | grep wolfssl diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b1e63a32e..a813f44c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,6 +42,8 @@ jobs: uses: ./.github/workflows/packaging.yml memcached: uses: ./.github/workflows/memcached.yml + libssh2: + uses: ./.github/workflows/libssh2.yml # TODO: Currently this test fails. Enable it once it becomes passing. # haproxy: # uses: ./.github/workflows/haproxy.yml diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index b36df7828..c0488430a 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -8110,6 +8110,26 @@ void wolfSSL_EVP_init(void) } #endif /* !NO_AES || !NO_DES3 */ + static int IsCipherTypeAEAD(unsigned char cipherType) + { + switch (cipherType) { + case AES_128_GCM_TYPE: + case AES_192_GCM_TYPE: + case AES_256_GCM_TYPE: + case AES_128_CCM_TYPE: + case AES_192_CCM_TYPE: + case AES_256_CCM_TYPE: + case ARIA_128_GCM_TYPE: + case ARIA_192_GCM_TYPE: + case ARIA_256_GCM_TYPE: + case SM4_GCM_TYPE: + case SM4_CCM_TYPE: + return 1; + default: + return 0; + } + } + /* Return length on ok */ int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) @@ -8118,34 +8138,21 @@ void wolfSSL_EVP_init(void) WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); - if (ctx == NULL || ((src == NULL || dst == NULL) && - (TRUE - #ifdef HAVE_AESGCM - && ctx->cipherType != AES_128_GCM_TYPE && - ctx->cipherType != AES_192_GCM_TYPE && - ctx->cipherType != AES_256_GCM_TYPE - #endif - #ifdef HAVE_AESCCM - && ctx->cipherType != AES_128_CCM_TYPE && - ctx->cipherType != AES_192_CCM_TYPE && - ctx->cipherType != AES_256_CCM_TYPE - #endif - #ifdef HAVE_ARIA - && ctx->cipherType != ARIA_128_GCM_TYPE && - ctx->cipherType != ARIA_192_GCM_TYPE && - ctx->cipherType != ARIA_256_GCM_TYPE - #endif - #ifdef WOLFSSL_SM4_GCM - && ctx->cipherType != SM4_GCM_TYPE - #endif - #ifdef WOLFSSL_SM4_CCM - && ctx->cipherType != SM4_CCM_TYPE - #endif - ))) { + if (ctx == NULL) { WOLFSSL_MSG("Bad argument."); return WOLFSSL_FATAL_ERROR; } + if (!IsCipherTypeAEAD(ctx->cipherType)) { + /* No-op for non-AEAD ciphers */ + if (src == NULL && dst == NULL && len == 0) + return 0; + if (src == NULL || dst == NULL) { + WOLFSSL_MSG("Bad argument."); + return WOLFSSL_FATAL_ERROR; + } + } + if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { WOLFSSL_MSG("Cipher operation not initialized. Call " "wolfSSL_EVP_CipherInit.");