From 260a721cbe76bd0ea22d87ca57a8bb32afcf9506 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Mon, 24 Jun 2024 13:12:05 +0200
Subject: [PATCH] wolfssl: require v5.4.0 for AES-GCM

Earlier versions crash while running tests.

This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.

Possibly related is this wolfSSL bugfix patch, released in v5.4.0:
https://github.com/wolfSSL/wolfssl/pull/5205
https://github.com/wolfSSL/wolfssl/commit/fb3c611275dfe454c331baa0818445a0406c208a
"Fix another AES-GCM EVP control command issue"

Ref: #1020
Ref: #1299
Cherry-picked from #1407
Closes #1411
---
 src/openssl.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/openssl.h b/src/openssl.h
index 30e5e0bd..a929126e 100644
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -167,8 +167,11 @@
 # define LIBSSH2_AES_CBC 0
 #endif
 
+/* wolfSSL v5.4.0 is required due to possibly this bug:
+   https://github.com/wolfSSL/wolfssl/pull/5205
+   Before this release, all libssh2 tests crash with AES-GCM enabled */
 #if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) || \
-    (defined(LIBSSH2_WOLFSSL) && \
+    (defined(LIBSSH2_WOLFSSL) && LIBWOLFSSL_VERSION_HEX >= 0x05004000 && \
     defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM))
 # define LIBSSH2_AES_GCM 1
 #else