wolfssl: require v5.4.0 for AES-GCM

Also re-enable tests in wolfSSL Linux CI jobs. That wolfSSL is v5.2.0, which is broken with AES-GCM enabled. This patch is part of a series of fixes to make wolfSSL AES-GCM support work together with libssh2. Ref: libssh2#1020 Ref: libssh2#1299 Cherry-picked from libssh2#1407 Closes libssh2#1411
vszakats · Jun 24, 2024 · cbb1389 · cbb1389
1 parent fbd9d19
commit cbb1389
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -284,7 +284,7 @@ jobs:
         if: ${{ matrix.build == 'cmake' }}
         run: cmake --build bld --parallel 5 --target package
       - name: 'cmake tests'
-        if: ${{ matrix.build == 'cmake' && matrix.crypto != 'wolfSSL' }}
+        if: ${{ matrix.build == 'cmake' }}
         timeout-minutes: 10
         run: |
           export OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server)

diff --git a/src/openssl.h b/src/openssl.h
@@ -167,8 +167,11 @@
 # define LIBSSH2_AES_CBC 0
 #endif
 
+/* wolfSSL v5.4.0 is required due to possibly this bug:
+   https://github.com/wolfSSL/wolfssl/pull/5205
+   Before this release, all libssh2 tests crash with AES-GCM enabled */
 #if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) || \
-    (defined(LIBSSH2_WOLFSSL) && \
+    (defined(LIBSSH2_WOLFSSL) && LIBWOLFSSL_VERSION_HEX >= 0x05004000 && \
     defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM))
 # define LIBSSH2_AES_GCM 1
 #else