Skip to content

Centralize AES cipher lifecycle#1043

Merged
aidangarske merged 1 commit into
wolfSSL:masterfrom
ejohnstown:aesgcm-init
Jul 9, 2026
Merged

Centralize AES cipher lifecycle#1043
aidangarske merged 1 commit into
wolfSSL:masterfrom
ejohnstown:aesgcm-init

Conversation

@ejohnstown

@ejohnstown ejohnstown commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

The encrypt/decrypt Aes contexts were keyed and freed without ever calling wc_AesInit. Centralize the lifecycle instead of sprinkling init calls:

  • Add CipherSetKey() (init + key) and CipherClear() (free only if inited).
  • Use them in DoNewKeys(), SendNewKeys(), and SshResourceFree(), replacing the duplicated per-cipher switch blocks.
  • Add cipherType/isInit to Ciphers so init is lazy per cipher type and wc_AesFree is never called on an uninitialized context.

Copilot AI review requested due to automatic review settings June 17, 2026 22:36

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates wolfSSH session initialization to properly initialize the AES cipher contexts in SshInit() before they are configured and later freed, aligning usage with wolfCrypt’s wc_AesInit()/wc_AesFree() lifecycle expectations.

Changes:

  • Add wc_AesInit() calls for ssh->encryptCipher.aes and ssh->decryptCipher.aes during SshInit().
  • Add an early failure path when cipher initialization fails.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/internal.c Outdated
@ejohnstown ejohnstown marked this pull request as draft June 17, 2026 22:40
@ejohnstown ejohnstown changed the title Init AES contexts in SshInit Centralize AES cipher lifecycle Jul 6, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread src/internal.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1043

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@ejohnstown ejohnstown marked this pull request as ready for review July 6, 2026 21:41
@aidangarske aidangarske self-requested a review July 7, 2026 22:09

@aidangarske aidangarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skoll Multi-Scan Review

Modes: review + review-security + bugsOverall recommendation: COMMENT
Findings: 4 total — 4 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)

Posted findings

  • [Medium] [review+review-security] New cipher lifecycle state and error/cleanup paths in CipherSetKey/CipherClear lack regression coveragesrc/internal.c:1202-1344
  • [Low] [review+review-security] New code uses truthiness pointer checks instead of explicit != NULLsrc/internal.c:1204,1272,1293
  • [Info] [review+review-security] Missing space around assignment operatorsrc/internal.c:1233
  • [Info] [review+review-security] DoNewKeys now errors on unknown peer cipher instead of silently succeedingsrc/internal.c:6668

Review generated by Skoll

Comment thread src/internal.c
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
Comment thread src/internal.c
Comment thread src/internal.c
Comment thread src/internal.c Outdated
- Add CipherSetKey()/CipherClear() to init, key, and free the Aes
  contexts; init lazily and track isInit/cipherType.
- Free only inited contexts, fixing wc_AesFree on uninitialized ones.
- DoNewKeys now fails an unknown peer cipher with WS_INVALID_ALGO_ID
  instead of WS_SUCCESS, matching SendNewKeys.
- Add regression coverage for isInit/cipherType and a never-keyed free.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

Comment thread src/internal.c
Comment thread src/internal.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1043

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

@aidangarske aidangarske merged commit 75c5adb into wolfSSL:master Jul 9, 2026
189 of 190 checks passed
@ejohnstown ejohnstown deleted the aesgcm-init branch July 9, 2026 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants