Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
wolfssl: fix
EVP_Cipher()
use with v5.6.0 and older
Add workaround for the wolfSSL `EVP_Cipher(*p, NULL, NULL, 0)` bug to make libssh2 work with wolfSSL v5.6.0 and older. wolfSSL fixed this issue in v5.7.0: wolfSSL/wolfssl#7143 wolfSSL/wolfssl@b0de0a1 Without our local workaround: - v5.3.0 and older fail most tests: Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604211476#step:17:1263 - v5.4.0, v5.5.x, v5.6.0 fail these: ``` 29 - test_read-aes128-cbc (Failed) 30 - test_read-aes128-ctr (Failed) 32 - test_read-aes192-cbc (Failed) 33 - test_read-aes192-ctr (Failed) 34 - test_read-aes256-cbc (Failed) 35 - test_read-aes256-ctr (Failed) ``` Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604233819#step:17:978 Oddly enough the workaround breaks OpenSSL tests, so only enable it for the affected wolfSSL versions. Also add new build-from-source wolfSSL CI job to test the new codepath. wolfSSL has a build bug where `wolfssl/options.h` and `wolfssl/version.h` are not copied to the `install` destination with autotools. With CMake it has a different bug where `wolfcrypt/sp_int.h` is not copied (with v5.4.0). And another with CMake where `FIPS_mode()` remains missing (with v5.6.0 and earlier.) Therefore use CMake with v5.5.4 and a workaround for `FIPS_mode()`. Another option is autotools with v5.4.0 and a workaround for `install`, but CMake builds quicker. Regression-from 3c953c0 libssh2#797 Fixes libssh2#1020 Fixes libssh2#1299 Assisted-by: Michael Buckley via libssh2#1394 Closes libssh2#1394 (another attempt to fix the mentioned wolfSSL bug) Closes libssh2#1407
- Loading branch information