Merge pull request #71 from JacobBarthelmeh/release

Release version 0.0.8

Author: dgarske

ChangeLog.md

@@ -1,3 +1,36 @@
+# wolfCLU v0.0.8 (Mar 04, 2022)
+### Commands Added
+- Add rand command
+- Add PKCS12 parsing support and command
+- Add a basic s_client command for simple TLS client connections
+- Add support for x509 verify command
+- Add initial rsa command support
+- Add CRL verify command
+- Add ca command
+- Add dsaparam command
+- Add sha hash commands (sha256, sha384, sha512)
+- Add dhparam command
+
+### Fixes and Enhancements
+- Support for parsing multiple organization names with conf file
+- Set the default certificate request version to 3
+- Add print out of private key to PKEY command
+- Added support for -nosalt option
+- Fix for RSA free with dgst command
+- Testing with FIPS 140-3 wolfCrypt
+- Add -subj support to req command
+- Fix for -base64 with enc
+- Fix for piping errors to stderr instead of stdout
+- Removed testing-certs directory in favor of certs directory
+- Fix for handling large file sizes with dgst and hash command
+- Expanded req command to handle -text, -noout, -extensions and -verify
+- Expanded x509 command to handle -subject, -issuer, -serial, -dates, -email, -fingerprint, -purpose, -hash
+- Added -text support to ecparam command
+- Added support for -sign with dgst command
+- Tied in github actions for continuous integration testing
+- Added support for creating encrypted private keys with -newkey
+
+
 # wolfCLU v0.0.6 (Nov 09, 2021)
 
 - Add ecparam for ECC key generation with parameters
@@ -8,7 +41,7 @@
 - Add support for parsing a config file when creating a certificate or CSR
 - Refactor all file calls to use XFILE wrapping
 - Refactor strncmp and other system calls to use the X* wrapping
-- Formating on if else newlines throughout wolfCLU
+- Formatting on if else newlines throughout wolfCLU
 - Change the name of bundle created with 'make dist'
 - Add some error print outs and checking with FIPS builds
 - Add check for warnings (Wall) as errors and the resulting fixes

configure.ac

@@ -10,7 +10,7 @@
 #requires user to have AutoConf version 2.63 or greater.
 AC_PREREQ([2.63])
 
-AC_INIT([wolfclu], [0.0.7], [http://www.wolfssl.com])
+AC_INIT([wolfclu], [0.0.8], [http://www.wolfssl.com])
 
 #a helpful directory to keep clutter out of root
 AC_CONFIG_AUX_DIR([build-aux])

src/dh/clu_dh.c

@@ -106,7 +106,7 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
             case WOLFCLU_GEN_KEY:
                 genKey = 1;
                 break;
-            
+
             case WOLFCLU_CHECK:
                 check = 1;
                 break;
@@ -271,7 +271,7 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
         if (outBuf != NULL)
             XFREE(outBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-   
+
      /* Check if parameters are valid */
     if(ret == WOLFCLU_SUCCESS && check){
         byte p[WOLFSSL_MAX_DH_BITS/8];
@@ -282,7 +282,7 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
         p_len = (word32)sizeof(p);
         q_len = (word32)sizeof(q);
         g_len = (word32)sizeof(g);
-        
+
         /* Export DH parameters */
         if (wc_DhExportParamsRaw(&dh, p, &p_len, q, &q_len, g, &g_len) != 0) {
             WOLFCLU_LOG(WOLFCLU_E0, "Failed to export DH params");
@@ -302,9 +302,9 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
     /* print out the dh key */
     if (ret == WOLFCLU_SUCCESS && genKey) {
         byte priv[WOLFSSL_MAX_DH_BITS/8];
-        byte pub[WOLFSSL_MAX_DH_BITS/8]; 
+        byte pub[WOLFSSL_MAX_DH_BITS/8];
         word32 privSz   = (word32)sizeof(priv);
-        word32 pubSz    = (word32)sizeof(pub);        
+        word32 pubSz    = (word32)sizeof(pub);
         byte* outBuf    = NULL;
         byte* pem       = NULL;
         word32 outBufSz = 0;
@@ -315,13 +315,12 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
             ret = WOLFCLU_FATAL_ERROR;
         }
 
-        /* get DER size (param has p,q,g and key has p,q,g,y,x) */
-        if (wc_DhParamsToDer(&dh, NULL, &outBufSz) != LENGTH_ONLY_E) {
-            WOLFCLU_LOG(WOLFCLU_E0, "Unable to get output buffer size");
-            ret = WOLFCLU_FATAL_ERROR;
-        }
-        else {
-            ret = WOLFCLU_SUCCESS;
+        if (ret == WOLFCLU_SUCCESS) {
+            /* get DER size (param has p,q,g and key has p,q,g,y,x) */
+            if (wc_DhParamsToDer(&dh, NULL, &outBufSz) != LENGTH_ONLY_E) {
+                WOLFCLU_LOG(WOLFCLU_E0, "Unable to get output buffer size");
+                ret = WOLFCLU_FATAL_ERROR;
+            }
         }
 
         if (ret == WOLFCLU_SUCCESS) {

src/genkey/clu_genkey.c

@@ -278,7 +278,7 @@ void wolfCLU_EcparamPrintOID(WOLFSSL_BIO* out, WOLFSSL_EC_KEY* key,
         if (fmt == PEM_FORM) {
             byte*  base64 = NULL;
             word32 base64Sz;
-    
+
             if (wolfSSL_BIO_write(out, header, (int)XSTRLEN(header)) <= 0) {
                 ret = WOLFCLU_FATAL_ERROR;
             }
@@ -326,6 +326,7 @@ void wolfCLU_EcparamPrintOID(WOLFSSL_BIO* out, WOLFSSL_EC_KEY* key,
     if (objOID != NULL) {
         XFREE(objOID, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
+    (void)ret;
 }
 
 WOLFSSL_EC_KEY* wolfCLU_GenKeyECC(char* name)
@@ -358,6 +359,12 @@ WOLFSSL_EC_KEY* wolfCLU_GenKeyECC(char* name)
             ret = WOLFCLU_FATAL_ERROR;
         }
     }
+
+    if (ret != WOLFCLU_SUCCESS) {
+        wolfSSL_EC_KEY_free(key);
+        key = NULL;
+    }
+
     return key;
 }
 #endif /* HAVE_ECC */

src/pkey/clu_pkey.c

@@ -194,7 +194,7 @@ static int wolfCLU_DerToEncryptedPEM(WOLFSSL_BIO* bio, byte* key, word32 keySz,
     /* convert to PEM format and output */
     if (ret == WOLFCLU_SUCCESS) {
         pemBufSz = wolfCLU_KeyDerToPem(out, outSz, &pemBuf,
-                PKCS8_ENC_PRIVATEKEY_TYPE, DYNAMIC_TYPE_PUBLIC_KEY);
+                PKCS8_ENC_PRIVATEKEY_TYPE, DYNAMIC_TYPE_PRIVATE_KEY);
         if (pemBufSz <= 0) {
             ret = WOLFCLU_FATAL_ERROR;
         }
@@ -206,6 +206,9 @@ static int wolfCLU_DerToEncryptedPEM(WOLFSSL_BIO* bio, byte* key, word32 keySz,
         }
     }
 
+    if (pemBuf != NULL) {
+        XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_PRIVATE_KEY);
+    }
     if (out != NULL) {
         XFREE(out, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }

src/x509/clu_request_setup.c

@@ -970,6 +970,7 @@ int wolfCLU_requestSetup(int argc, char** argv)
                 ret = wolfCLU_pKeyPEMtoPriKey(keyOutBio, pkey);
             }
         }
+        wolfSSL_BIO_free(keyOutBio);
     }
 
     (void)algCheck;

tests/genkey_sign_ver/genkey-sign-ver-test.sh

@@ -25,6 +25,7 @@
 
 
 cleanup_genkey_sign_ver(){
+    rm -f ecckey
     rm ecckey.priv
     rm ecckey.pub
     rm edkey.priv

tests/x509/x509-process-test.sh

@@ -119,10 +119,10 @@ run3() {
                    test.pem tmp.pem
     rm -f test.pem tmp.pem
     echo "TEST 3.b"
-    ./wolfssl x509 -inform pem -in certs/ca-cert.pem -outform der -out test.der
-    cert_test_case "-inform pem -outform der -in certs/ca-cert.pem -out tmp.der" \
-                    test.der tmp.der
-    rm -f test.pem tmp.pem
+    ./wolfssl x509 -inform pem -in certs/ca-cert.pem -outform der -out x509_test.der
+    cert_test_case "-inform pem -outform der -in certs/ca-cert.pem -out x509_tmp.der" \
+                    x509_test.der x509_tmp.der
+    rm -f x509_test.pem x509_tmp.pem
     echo "TEST 3.c"
     test_case "-in certs/server-cert.pem -subject -noout"
     EXPECTED="/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/[email protected]"

wolfclu/version.h

@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define CLUWOLFSSL_VERSION_STRING "0.0.7"
-#define CLUWOLFSSL_VERSION_HEX 0x00000007
+#define CLUWOLFSSL_VERSION_STRING "0.0.8"
+#define CLUWOLFSSL_VERSION_HEX 0x00000008
 
 #ifdef __cplusplus
 }