wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh 9.6p1 fixes

Browse Source 
- wolfSSL_DSA_set0_key: allow setting just the public key
- radix16: allow skipping the end of line whitespace
- Add openssh action
This commit is contained in:
Juliusz Sosinowicz
2024-01-31 13:36:34 +01:00
parent f9bf96d9ba
commit 335c51987e
7 changed files with 109 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
.github/workflows/openssh.yml vendored Normal file
View File

@@ -0,0 +1,72 @@
name: openssh Tests
on:
workflow_call:
# TODO: remove this from PR
push:
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
retention-days: 1
openssh_check:
strategy:
fail-fast: false
matrix:
include:
- git_ref: 'V_9_6_P1'
osp_ver: '9.6'
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
# TODO: update with wolfssl repo after merge
repository: julek-wolfssl/osp
ref: openssh-9.6
path: osp
- name: Build and test openssh
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: openssh/openssh-portable
ref: ${{ matrix.git_ref }}
path: openssh
patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |
# Run all the tests except (t-exec) as it takes too long
make file-tests interop-tests extra-tests unit

8
src/pk.c
View File

@@ -5033,15 +5033,19 @@ int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
WOLFSSL_ENTER("wolfSSL_DSA_set0_key");
/* The private key may be NULL */
if (pub_key == NULL) {
if (d->pub_key == NULL && pub_key == NULL) {
WOLFSSL_MSG("Bad parameter");
return 0;
}
if (pub_key != NULL) {
wolfSSL_BN_free(d->pub_key);
wolfSSL_BN_free(d->priv_key);
d->pub_key = pub_key;
}
if (priv_key != NULL) {
wolfSSL_BN_free(d->priv_key);
d->priv_key = priv_key;
}
return 1;
}

12
wolfcrypt/src/misc.c
View File

@@ -545,6 +545,18 @@ WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
return 0;
}
WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
{
switch (ch) {
case ' ':
case '\t':
case '\n':
return 1;
default:
return 0;
}
}
#ifndef WOLFSSL_NO_CT_OPS
/* Constant time - mask set when a > b. */
WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)

7
wolfcrypt/src/sp_int.c
View File

@@ -18068,6 +18068,8 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
unsigned int s = 0;
unsigned int j = 0;
sp_int_digit d;
/* Skip whitespace at end of line */
int eol_done = 0;
/* Make all nibbles in digit 0. */
d = 0;
@@ -18078,9 +18080,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
int ch = (int)HexCharToByte(in[i]);
/* Check for invalid character. */
if (ch < 0) {
if (!eol_done && CharIsWhiteSpace(in[i]))
continue;
err = MP_VAL;
break;
}
eol_done = 1;
/* Check whether we have filled the digit. */
if (s == SP_WORD_SIZE) {
@@ -18150,6 +18155,8 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
ch -= '0';
}
else {
if (CharIsWhiteSpace(ch))
continue;
/* Return error on invalid character. */
err = MP_VAL;
break;

5
wolfcrypt/src/tfm.c
View File

@@ -5945,6 +5945,8 @@ static int fp_read_radix_16(fp_int *a, const char *str)
{
int i, j, k, neg;
int ch;
/* Skip whitespace at end of line */
int eol_done = 0;
/* if the leading digit is a
* minus set the sign to negative.
@@ -5961,8 +5963,11 @@ static int fp_read_radix_16(fp_int *a, const char *str)
for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) {
ch = (int)HexCharToByte(str[i]);
if (ch < 0) {
if (!eol_done && CharIsWhiteSpace(str[i]))
continue;
return FP_VAL;
}
eol_done = 1;
k += j == DIGIT_BIT;
j &= DIGIT_BIT - 1;

5
wolfssl/openssl/opensslv.h
View File

@@ -36,7 +36,8 @@
/* valid version */
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL)
defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \
defined(WOLFSSL_OPENSSH)
/* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100003L
#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB)
@@ -45,7 +46,7 @@
#elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
#define OPENSSL_VERSION_NUMBER 0x1010000fL
#elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001040L

1
wolfssl/wolfcrypt/misc.h
View File

@@ -114,6 +114,7 @@ word32 btoi(byte b);
WOLFSSL_LOCAL signed char HexCharToByte(char ch);
WOLFSSL_LOCAL char ByteToHex(byte in);
WOLFSSL_LOCAL int ByteToHexStr(byte in, char* out);
WOLFSSL_LOCAL int CharIsWhiteSpace(char ch);
WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);