Sākums Izpētīt Palīdzība
Pierakstīties
RISCI_ATOM
/
wolfssl
spogulis no https://github.com/wolfSSL/wolfssl.git
1
0
Atdalīts 0
Faili Problēmas 14 Vikivietne
Pārlūkot izejas kodu

Merge pull request #7143 from julek-wolfssl/zd/17303

EVP_Cipher: correct parameter checking
Sean Parkinson 4 mēneši atpakaļ
vecāks
eb1fff3ad3 fc7143a8f4
revīzija
b0de0a1c95
3 mainītis faili ar 91 papildinājumiem un 24 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 58 0
      .github/workflows/libssh2.yml
  2. 2 0
      .github/workflows/main.yml
  3. 31 24
      wolfcrypt/src/evp.c

+ 58 - 0
.github/workflows/libssh2.yml
Parādīt failu 

@@ -0,0 +1,58 @@
 
+name: libssh2 Tests
 
+
 
+on:
 
+  workflow_call:
 
+
 
+jobs:
 
+  build_wolfssl:
 
+    name: Build wolfSSL
 
+    # Just to keep it the same as the testing target
 
+    runs-on: ubuntu-latest
 
+    # This should be a safe limit for the tests to run.
 
+    timeout-minutes: 4
 
+    steps:
 
+      - name: Build wolfSSL
 
+        uses: wolfSSL/actions-build-autotools-project@v1
 
+        with:
 
+          path: wolfssl
 
+          configure: --enable-all
 
+          check: false # config is already tested in many other PRB's
 
+          install: true
 
+
 
+      - name: Upload built lib
 
+        uses: actions/upload-artifact@v3
 
+        with:
 
+          name: wolf-install-libssh2
 
+          path: build-dir
 
+          retention-days: 1
 
+
 
+  libssh2_check:
 
+    strategy:
 
+      fail-fast: false
 
+      matrix:
 
+        # List of releases to test
 
+        ref: [ 1.11.0 ]
 
+    name: ${{ matrix.ref }}
 
+    runs-on: ubuntu-latest
 
+    # This should be a safe limit for the tests to run.
 
+    timeout-minutes: 8
 
+    needs: build_wolfssl
 
+    steps:
 
+      - name: Download lib
 
+        uses: actions/download-artifact@v3
 
+        with:
 
+          name: wolf-install-libssh2
 
+          path: build-dir
 
+
 
+      - name: Build and test libssh2
 
+        uses: wolfSSL/actions-build-autotools-project@v1
 
+        with:
 
+          repository: libssh2/libssh2
 
+          ref: libssh2-${{ matrix.ref }}
 
+          path: libssh2
 
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
 
+          check: true
 
+
 
+      - name: Confirm libssh2 built with wolfSSL
 
+        working-directory: ./libssh2
 
+        run: ldd src/.libs/libssh2.so | grep wolfssl

+ 2 - 0
.github/workflows/main.yml
Parādīt failu 

@@ -42,6 +42,8 @@ jobs:
 
         uses: ./.github/workflows/packaging.yml
 
     memcached:
 
         uses: ./.github/workflows/memcached.yml
 
+    libssh2:
 
+        uses: ./.github/workflows/libssh2.yml
 
 # TODO: Currently this test fails. Enable it once it becomes passing.        
 #    haproxy:
 
 #        uses: ./.github/workflows/haproxy.yml

+ 31 - 24
wolfcrypt/src/evp.c
Parādīt failu 

@@ -8110,6 +8110,26 @@ void wolfSSL_EVP_init(void)
 
     }
 
 #endif /* !NO_AES || !NO_DES3 */
 
 
+    static int IsCipherTypeAEAD(unsigned char cipherType)
 
+    {
 
+        switch (cipherType) {
 
+            case AES_128_GCM_TYPE:
 
+            case AES_192_GCM_TYPE:
 
+            case AES_256_GCM_TYPE:
 
+            case AES_128_CCM_TYPE:
 
+            case AES_192_CCM_TYPE:
 
+            case AES_256_CCM_TYPE:
 
+            case ARIA_128_GCM_TYPE:
 
+            case ARIA_192_GCM_TYPE:
 
+            case ARIA_256_GCM_TYPE:
 
+            case SM4_GCM_TYPE:
 
+            case SM4_CCM_TYPE:
 
+                return 1;
 
+            default:
 
+                return 0;
 
+        }
 
+    }
 
+
 
     /* Return length on ok */
 
     int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
 
                            word32 len)
 
@@ -8118,34 +8138,21 @@ void wolfSSL_EVP_init(void)
 
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
 
-        if (ctx == NULL || ((src == NULL || dst == NULL) &&
 
-            (TRUE
 
-        #ifdef HAVE_AESGCM
 
-            && ctx->cipherType != AES_128_GCM_TYPE &&
 
-             ctx->cipherType != AES_192_GCM_TYPE &&
 
-             ctx->cipherType != AES_256_GCM_TYPE
 
-        #endif
 
-        #ifdef HAVE_AESCCM
 
-            && ctx->cipherType != AES_128_CCM_TYPE &&
 
-             ctx->cipherType != AES_192_CCM_TYPE &&
 
-             ctx->cipherType != AES_256_CCM_TYPE
 
-        #endif
 
-        #ifdef HAVE_ARIA
 
-            && ctx->cipherType != ARIA_128_GCM_TYPE &&
 
-             ctx->cipherType != ARIA_192_GCM_TYPE &&
 
-             ctx->cipherType != ARIA_256_GCM_TYPE
 
-        #endif
 
-        #ifdef WOLFSSL_SM4_GCM
 
-            && ctx->cipherType != SM4_GCM_TYPE
 
-        #endif
 
-        #ifdef WOLFSSL_SM4_CCM
 
-            && ctx->cipherType != SM4_CCM_TYPE
 
-        #endif
 
-            ))) {
 
+        if (ctx == NULL) {
 
             WOLFSSL_MSG("Bad argument.");
 
             return WOLFSSL_FATAL_ERROR;
 
         }
 
 
+        if (!IsCipherTypeAEAD(ctx->cipherType)) {
 
+            /* No-op for non-AEAD ciphers */
 
+            if (src == NULL && dst == NULL && len == 0)
 
+                return 0;
 
+            if (src == NULL || dst == NULL) {
 
+                WOLFSSL_MSG("Bad argument.");
 
+                return WOLFSSL_FATAL_ERROR;
 
+            }
 
+        }
 
+
 
         if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
 
             WOLFSSL_MSG("Cipher operation not initialized. Call "
 
                         "wolfSSL_EVP_CipherInit.");