forked from wolfSSL/wolfssl
Merge pull request #7143 from julek-wolfssl/zd/17303
EVP_Cipher: correct parameter checking
This commit is contained in:
Sean Parkinson
GitHub
58
.github/workflows/libssh2.yml
vendored
Normal file
58
.github/workflows/libssh2.yml
vendored
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
name: libssh2 Tests
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build_wolfssl:
|
||||||
|
name: Build wolfSSL
|
||||||
|
# Just to keep it the same as the testing target
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
# This should be a safe limit for the tests to run.
|
||||||
|
timeout-minutes: 4
|
||||||
|
steps:
|
||||||
|
- name: Build wolfSSL
|
||||||
|
uses: wolfSSL/actions-build-autotools-project@v1
|
||||||
|
with:
|
||||||
|
path: wolfssl
|
||||||
|
configure: --enable-all
|
||||||
|
check: false # config is already tested in many other PRB's
|
||||||
|
install: true
|
||||||
|
|
||||||
|
- name: Upload built lib
|
||||||
|
uses: actions/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: wolf-install-libssh2
|
||||||
|
path: build-dir
|
||||||
|
retention-days: 1
|
||||||
|
|
||||||
|
libssh2_check:
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
# List of releases to test
|
||||||
|
ref: [ 1.11.0 ]
|
||||||
|
name: ${{ matrix.ref }}
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
# This should be a safe limit for the tests to run.
|
||||||
|
timeout-minutes: 8
|
||||||
|
needs: build_wolfssl
|
||||||
|
steps:
|
||||||
|
- name: Download lib
|
||||||
|
uses: actions/download-artifact@v3
|
||||||
|
with:
|
||||||
|
name: wolf-install-libssh2
|
||||||
|
path: build-dir
|
||||||
|
|
||||||
|
- name: Build and test libssh2
|
||||||
|
uses: wolfSSL/actions-build-autotools-project@v1
|
||||||
|
with:
|
||||||
|
repository: libssh2/libssh2
|
||||||
|
ref: libssh2-${{ matrix.ref }}
|
||||||
|
path: libssh2
|
||||||
|
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
|
||||||
|
check: true
|
||||||
|
|
||||||
|
- name: Confirm libssh2 built with wolfSSL
|
||||||
|
working-directory: ./libssh2
|
||||||
|
run: ldd src/.libs/libssh2.so | grep wolfssl
|
||||||
2
.github/workflows/main.yml
vendored
2
.github/workflows/main.yml
vendored
@@ -42,6 +42,8 @@ jobs:
|
|||||||
uses: ./.github/workflows/packaging.yml
|
uses: ./.github/workflows/packaging.yml
|
||||||
memcached:
|
memcached:
|
||||||
uses: ./.github/workflows/memcached.yml
|
uses: ./.github/workflows/memcached.yml
|
||||||
|
libssh2:
|
||||||
|
uses: ./.github/workflows/libssh2.yml
|
||||||
# TODO: Currently this test fails. Enable it once it becomes passing.
|
# TODO: Currently this test fails. Enable it once it becomes passing.
|
||||||
# haproxy:
|
# haproxy:
|
||||||
# uses: ./.github/workflows/haproxy.yml
|
# uses: ./.github/workflows/haproxy.yml
|
||||||
|
|||||||
@@ -8110,6 +8110,26 @@ void wolfSSL_EVP_init(void)
|
|||||||
}
|
}
|
||||||
#endif /* !NO_AES || !NO_DES3 */
|
#endif /* !NO_AES || !NO_DES3 */
|
||||||
|
|
||||||
|
static int IsCipherTypeAEAD(unsigned char cipherType)
|
||||||
|
{
|
||||||
|
switch (cipherType) {
|
||||||
|
case AES_128_GCM_TYPE:
|
||||||
|
case AES_192_GCM_TYPE:
|
||||||
|
case AES_256_GCM_TYPE:
|
||||||
|
case AES_128_CCM_TYPE:
|
||||||
|
case AES_192_CCM_TYPE:
|
||||||
|
case AES_256_CCM_TYPE:
|
||||||
|
case ARIA_128_GCM_TYPE:
|
||||||
|
case ARIA_192_GCM_TYPE:
|
||||||
|
case ARIA_256_GCM_TYPE:
|
||||||
|
case SM4_GCM_TYPE:
|
||||||
|
case SM4_CCM_TYPE:
|
||||||
|
return 1;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Return length on ok */
|
/* Return length on ok */
|
||||||
int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
|
int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
|
||||||
word32 len)
|
word32 len)
|
||||||
@@ -8118,34 +8138,21 @@ void wolfSSL_EVP_init(void)
|
|||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
|
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
|
||||||
|
|
||||||
if (ctx == NULL || ((src == NULL || dst == NULL) &&
|
if (ctx == NULL) {
|
||||||
(TRUE
|
|
||||||
#ifdef HAVE_AESGCM
|
|
||||||
&& ctx->cipherType != AES_128_GCM_TYPE &&
|
|
||||||
ctx->cipherType != AES_192_GCM_TYPE &&
|
|
||||||
ctx->cipherType != AES_256_GCM_TYPE
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_AESCCM
|
|
||||||
&& ctx->cipherType != AES_128_CCM_TYPE &&
|
|
||||||
ctx->cipherType != AES_192_CCM_TYPE &&
|
|
||||||
ctx->cipherType != AES_256_CCM_TYPE
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_ARIA
|
|
||||||
&& ctx->cipherType != ARIA_128_GCM_TYPE &&
|
|
||||||
ctx->cipherType != ARIA_192_GCM_TYPE &&
|
|
||||||
ctx->cipherType != ARIA_256_GCM_TYPE
|
|
||||||
#endif
|
|
||||||
#ifdef WOLFSSL_SM4_GCM
|
|
||||||
&& ctx->cipherType != SM4_GCM_TYPE
|
|
||||||
#endif
|
|
||||||
#ifdef WOLFSSL_SM4_CCM
|
|
||||||
&& ctx->cipherType != SM4_CCM_TYPE
|
|
||||||
#endif
|
|
||||||
))) {
|
|
||||||
WOLFSSL_MSG("Bad argument.");
|
WOLFSSL_MSG("Bad argument.");
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!IsCipherTypeAEAD(ctx->cipherType)) {
|
||||||
|
/* No-op for non-AEAD ciphers */
|
||||||
|
if (src == NULL && dst == NULL && len == 0)
|
||||||
|
return 0;
|
||||||
|
if (src == NULL || dst == NULL) {
|
||||||
|
WOLFSSL_MSG("Bad argument.");
|
||||||
|
return WOLFSSL_FATAL_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
|
if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
|
||||||
WOLFSSL_MSG("Cipher operation not initialized. Call "
|
WOLFSSL_MSG("Cipher operation not initialized. Call "
|
||||||
"wolfSSL_EVP_CipherInit.");
|
"wolfSSL_EVP_CipherInit.");
|
||||||
|
|||||||
Reference in New Issue
Block a user