Merge pull request #113 from lealem47/release

JacobBarthelmeh · web-flow · commit d830c2eb885d · 2022-09-13T10:59:42.000-06:00
Release v0.1.0
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,3 +1,31 @@
+# wolfCLU v0.1.0 (Sep 12, 2022)
+### Fixes and Enhancements
+- Fix for buffer issue with s_client
+- Add fsanitize testing with github actions
+- Update dhparam to read mod size from different location in arguments
+- Fix for x509 encoding modifying the cert
+- Fix for supporting more alt names and skipping count
+- Add -CAfile and verify_return_error flags for s_client command
+- Expand testing with additional unit tests and Jenkins nightly test
+- Fix for enc edge cases
+- Fix x509 command to use piped input
+- Support for building on Windows
+- Add -pass flag to enc command
+- Add -partial_chain arg for verify command
+- Add -modulus flag for x509 command
+- Handle additional CSR attribute print outs
+- Add -passout flag to req command
+- Fix for enc with nosalt
+- Update m4 files
+- Fix for parsing basic constraint from conf file
+- Improve error logging
+- IPV6 parsing support for s_client command
+- Support for building with FIPS wolfSSL
+- Add -text flag for crl command
+- Support for building on FreeRTOS
+- Add disable filesystem configure
+- Support for creating req with attributes
+
 # wolfCLU v0.0.8 (Mar 04, 2022)
 ### Commands Added
 - Add rand command
diff --git a/configure.ac b/configure.ac
@@ -1,6 +1,6 @@
 # configure.ac
 #
-# Copyright (C) 2006-2020 wolfSSL Inc.
+# Copyright (C) 2006-2022 wolfSSL Inc.
 # All rights reserved.
 #
 # This file is part of wolfssl command line utility.
@@ -10,7 +10,7 @@
 #requires user to have AutoConf version 2.63 or greater.
 AC_PREREQ([2.63])
 
-AC_INIT([wolfclu], [0.0.8], [http://www.wolfssl.com])
+AC_INIT([wolfclu], [0.1.0], [http://www.wolfssl.com])
 
 #a helpful directory to keep clutter out of root
 AC_CONFIG_AUX_DIR([build-aux])
diff --git a/src/benchmark/clu_benchmark.c b/src/benchmark/clu_benchmark.c
@@ -29,7 +29,7 @@
 #endif /* HAVE_BLAKE2 */
 
 /*
- * benchmarking funciton 
+ * benchmarking funciton
  */
 int wolfCLU_benchmark(int timer, int* option)
 {
@@ -47,7 +47,6 @@ int wolfCLU_benchmark(int timer, int* option)
 
     WC_RNG rng;                     /* random number generator */
 
-    int             ret  = 0;       /* return variable */
     double          stop = 0.0;     /* stop breaks loop */
     double          start;          /* start time */
     double          currTime;       /* current time*/
@@ -120,7 +119,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
     /* aes-ctr test */
@@ -171,7 +169,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifndef NO_DES3
     /* 3des test */
@@ -223,7 +220,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifdef HAVE_CAMELLIA
     #define CAM_SZ CAMELLIA_BLOCK_SIZE
@@ -278,7 +274,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifndef NO_MD5
     /* md5 test */
@@ -317,7 +312,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifndef NO_SHA
     /* sha test */
@@ -356,7 +350,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifndef NO_SHA256
     #define SHA256_SZ WC_SHA256_DIGEST_SIZE
@@ -397,7 +390,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifdef WOLFSSL_SHA384
     #define SHA384_SZ WC_SHA384_DIGEST_SIZE
@@ -437,7 +429,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifdef WOLFSSL_SHA512
     #define SHA512_SZ WC_SHA512_DIGEST_SIZE
@@ -477,7 +468,6 @@ int wolfCLU_benchmark(int timer, int* option)
         loop = 1;
     }
     i++;
-    ret = WOLFCLU_SUCCESS;
 #endif
 #ifdef HAVE_BLAKE2
     /* blake2b test */
@@ -513,10 +503,9 @@ int wolfCLU_benchmark(int timer, int* option)
         XMEMSET(digest, 0, BLAKE2B_OUTBYTES);
         wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
     }
-    ret = WOLFCLU_SUCCESS;
 #endif
     wc_FreeRng(&rng);
     (void)blocks;
     (void)loop;
-    return ret;
+    return WOLFCLU_SUCCESS;
 }
diff --git a/src/client/clu_client_setup.c b/src/client/clu_client_setup.c
@@ -51,6 +51,8 @@ static void wolfCLU_ClientHelp(void)
     WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[fe80::63:57c0:9b88:77ca%%en0]:11111'");
     WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[2001:4860:4860::8888]:443'");
     WOLFCLU_LOG(WOLFCLU_L0, "\t-starttls <proto, i.e. smtp>");
+    WOLFCLU_LOG(WOLFCLU_L0, "\t-CAfile <ca file name>");
+    WOLFCLU_LOG(WOLFCLU_L0, "\t-verify_return_error close connection on verification error");
 }
 
 static const char hostFlag[]       = "-h";
@@ -173,9 +175,11 @@ int wolfCLU_Client(int argc, char** argv)
                             XMEMCPY(host, optarg, idx);
                             host[idx] = '\0';
                         }
-                        ret = _addClientArg(clientArgv, hostFlag, &clientArgc);
                         if (ret == WOLFCLU_SUCCESS) {
-                            ret = _addClientArg(clientArgv, host, &clientArgc);
+                            ret = _addClientArg(clientArgv, hostFlag, &clientArgc);
+                            if (ret == WOLFCLU_SUCCESS) {
+                                ret = _addClientArg(clientArgv, host, &clientArgc);
+                            }
                         }
                     }
                 }
diff --git a/src/clu_main.c b/src/clu_main.c
@@ -30,10 +30,10 @@
 #include <wolfclu/sign-verify/clu_sign_verify_setup.h>
 #include <wolfclu/sign-verify/clu_verify.h>
 
-#ifdef _WIN32 
+#ifdef _WIN32
 char* optarg;
-int   optind ;
-int   opterr ;
+int   optind;
+int   opterr;
 #endif
 
 
@@ -168,7 +168,7 @@ int main(int argc, char** argv)
 
     /* retain old version of modes where '-' is used. i.e -x509, -req */
     if (argc > 1 && argv[1] != NULL && argv[1][0] == '-') {
-        argv[1] = argv[1] + 1; 
+        argv[1] = argv[1] + 1;
         flag = getMode(argv[1]);
 
         /* if -rsa was used then it is the older sign/verify version of rsa */
@@ -368,7 +368,7 @@ int clu_entry(const void* argument)
 
     command = (char*)buffer;
 
-    /* Determine the number of supplied arguments */ 
+    /* Determine the number of supplied arguments */
     for (i = 0; command[i] != '\0' && i < XSTRLEN(command); i++) {
         if (command[i]==' ') {
             argc++;
diff --git a/src/crypto/clu_crypto_setup.c b/src/crypto/clu_crypto_setup.c
@@ -54,7 +54,7 @@ static const struct option crypt_options[] = {
 /* returns WOLFCLU_SUCCESS on success */
 int wolfCLU_setup(int argc, char** argv, char action)
 {
-#ifndef WOLFCLU_NO_FILESYSTEM 
+#ifndef WOLFCLU_NO_FILESYSTEM
     int      ret        =   0;  /* return variable */
     char     outNameEnc[256];     /* default outFile for encrypt */
     char     outNameDec[256];     /* default outfile for decrypt */
diff --git a/src/crypto/clu_decrypt.c b/src/crypto/clu_decrypt.c
@@ -116,7 +116,7 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
     }
     /* replicates old pwdKey if pwdKeys match */
     if (ret == 0 && keyType == 1) {
-        if (wc_PBKDF2(key, pwdKey, (int) strlen((const char*)pwdKey),
+        if (wc_PBKDF2(key, pwdKey, (int) XSTRLEN((const char*)pwdKey),
                       salt, SALT_SIZE, CLU_4K_TYPE, size,
                       CLU_SHA256) != 0) {
             wolfCLU_LogError("pwdKey set error.");
diff --git a/src/crypto/clu_encrypt.c b/src/crypto/clu_encrypt.c
@@ -65,7 +65,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
                 "instead.");
 
         /* use user entered data to encrypt */
-        inputLength = (int) strlen(in);
+        inputLength = (int) XSTRLEN(in);
         userInputBuffer = (char*) XMALLOC(inputLength, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
         if (userInputBuffer == NULL)
diff --git a/src/crypto/clu_evp_crypto.c b/src/crypto/clu_evp_crypto.c
@@ -164,7 +164,7 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey,
     if (ret == WOLFCLU_SUCCESS) {
         if (pbkVersion == WOLFCLU_PBKDF2) {
         #ifdef HAVE_FIPS
-            if (strlen((const char*)pwdKey) < HMAC_FIPS_MIN_KEY) {
+            if (XSTRLEN((const char*)pwdKey) < HMAC_FIPS_MIN_KEY) {
                 wolfCLU_LogError("For use with FIPS mode key needs to be"
                         " at least %d characters long", HMAC_FIPS_MIN_KEY);
                 ret = WOLFCLU_FATAL_ERROR;
@@ -173,12 +173,12 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey,
             if (ret == WOLFCLU_SUCCESS) {
                 if (noSalt) {
                     ret = wolfSSL_PKCS5_PBKDF2_HMAC((const char*)pwdKey,
-                    (int) strlen((const char*)pwdKey), NULL, 0, iter,
+                    (int) XSTRLEN((const char*)pwdKey), NULL, 0, iter,
                     hashType, keySz + ivSz, pwdKey);
                 }
                 else {
                     ret = wolfSSL_PKCS5_PBKDF2_HMAC((const char*)pwdKey,
-                    (int) strlen((const char*)pwdKey), salt, SALT_SIZE, iter,
+                    (int) XSTRLEN((const char*)pwdKey), salt, SALT_SIZE, iter,
                     hashType, keySz + ivSz, pwdKey);
                 }
                 if (ret != WOLFSSL_SUCCESS) {
@@ -201,11 +201,11 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey,
             iter = 1; /* default value for interop */
             if (noSalt) {
                 ret = wolfSSL_EVP_BytesToKey(cphr, hashType, NULL,
-                    pwdKey, (int)strlen((const char*)pwdKey), iter, key, iv);
+                    pwdKey, (int)XSTRLEN((const char*)pwdKey), iter, key, iv);
             }
             else {
                 ret = wolfSSL_EVP_BytesToKey(cphr, hashType, salt,
-                    pwdKey, (int)strlen((const char*)pwdKey), iter, key, iv);
+                    pwdKey, (int)XSTRLEN((const char*)pwdKey), iter, key, iv);
             }
             if (ret == 0) {
                 wolfCLU_LogError("failed to create key, ret = %d", ret);
diff --git a/src/dh/clu_dh.c b/src/dh/clu_dh.c
@@ -130,7 +130,7 @@ int wolfCLU_DhParamSetup(int argc, char** argv)
 
     if (ret == WOLFCLU_SUCCESS) {
         int i = 2; // start at 2 because wolfssl & dhparam will be in first and second
-        int found = 0; 
+        int found = 0;
         while (i + 1 <= argc && !found) {
             /* confirm arg is a non '-' option that does not correspond
              * to an '-in' or '-out' file */
diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c
@@ -844,7 +844,7 @@ int wolfCLU_genKey_PWDBASED(WC_RNG* rng, byte* pwdKey, int size, byte* salt,
         salt[0] = 0;
 
     /* stretches pwdKey */
-    ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey),
+    ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) XSTRLEN((const char*)pwdKey),
                           salt, SALT_SIZE, CLU_4K_TYPE, size, CLU_SHA256);
     if (ret != 0)
         return ret;
diff --git a/src/pkcs/clu_pkcs12.c b/src/pkcs/clu_pkcs12.c
@@ -249,9 +249,9 @@ int wolfCLU_PKCS12(int argc, char** argv)
 #ifndef HAVE_PKCS12
     wolfCLU_LogError("Recompile wolfSSL with PKCS12 support");
 #endif
-#ifdef WOLFCLU_NO_FILESYSTEM 
+#ifdef WOLFCLU_NO_FILESYSTEM
     wolfCLU_LogError("No filesystem support");
-#endif    
+#endif
     return WOLFCLU_FATAL_ERROR;
 #endif
 }
diff --git a/src/pkey/clu_pkey.c b/src/pkey/clu_pkey.c
@@ -272,7 +272,7 @@ int wolfCLU_pKeyPEMtoPriKeyEnc(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey,
                 password, passwordSz);
     }
     if (der != NULL)
-        free(der);
+        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
     return ret;
 }
 
@@ -560,7 +560,7 @@ int wolfCLU_pKeySetup(int argc, char** argv)
                 }
             }
             if (der != NULL)
-                free(der);
+                XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
         }
     }
 
@@ -583,7 +583,7 @@ int wolfCLU_pKeySetup(int argc, char** argv)
                 }
 
                 if (der != NULL) {
-                    free(der);
+                    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
                 }
             }
 
diff --git a/src/sign-verify/clu_crl_verify.c b/src/sign-verify/clu_crl_verify.c
@@ -60,7 +60,7 @@ static void wolfCLU_CRLVerifyHelp(void)
 
 int wolfCLU_CRLVerify(int argc, char** argv)
 {
-#if defined(HAVE_CRL) && !defined(WOLFCLU_NO_FILESYSTEM) 
+#if defined(HAVE_CRL) && !defined(WOLFCLU_NO_FILESYSTEM)
     int ret     = WOLFCLU_SUCCESS;
     int inForm  = PEM_FORM;
     int outForm = PEM_FORM;
@@ -300,7 +300,7 @@ int wolfCLU_CRLVerify(int argc, char** argv)
 #endif
 #ifdef WOLFCLU_NO_FILESYSTEM
     wolfCLU_LogError("No filesystem support");
-#endif 
+#endif
     return WOLFCLU_FATAL_ERROR;
 #endif
 }
diff --git a/src/sign-verify/clu_sign_verify_setup.c b/src/sign-verify/clu_sign_verify_setup.c
@@ -40,7 +40,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
     int     verifyCheck = 0;
     int     pubInCheck  = 0;
 
-    /* checkForArg doesn't look for "-" here, as it would have been 
+    /* checkForArg doesn't look for "-" here, as it would have been
      * removed in clu_main.c if present */
     if (wolfCLU_checkForArg("rsa", 3, argc, argv) > 0) {
         algCheck = RSA_SIG_VER;
@@ -138,7 +138,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
 
     ret = wolfCLU_checkForArg("-sigfile", 8, argc, argv);
     if (ret > 0) {
-        sig = XMALLOC(strlen(argv[ret+1]) + 1, HEAP_HINT,
+        sig = XMALLOC(XSTRLEN(argv[ret+1]) + 1, HEAP_HINT,
                       DYNAMIC_TYPE_TMP_BUFFER);
         if (sig == NULL) {
             if (priv)
@@ -205,7 +205,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
         }
         else {
             /* No out needed for ECC verifying */
-            /* ED25519 exceptions will need to be added at a later date */ 
+            /* ED25519 exceptions will need to be added at a later date */
         }
     }
 
diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c
@@ -308,7 +308,7 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath,
         keyFileSz = (int)XFTELL(keyPathFile);
         keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (keyBuf != NULL) {
-            if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || 
+            if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 ||
                    (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) {
                 XFCLOSE(keyPathFile);
                 return WOLFCLU_FATAL_ERROR;
@@ -410,7 +410,7 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz,
     keyFileSz = (int)XFTELL(keyPathFile);
     keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (keyBuf != NULL) {
-        if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || 
+        if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 ||
                    (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) {
                 XFCLOSE(keyPathFile);
                 return WOLFCLU_FATAL_ERROR;
diff --git a/src/sign-verify/clu_x509_verify.c b/src/sign-verify/clu_x509_verify.c
diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c
diff --git a/src/x509/clu_cert_setup.c b/src/x509/clu_cert_setup.c
diff --git a/src/x509/clu_config.c b/src/x509/clu_config.c
diff --git a/src/x509/clu_request_setup.c b/src/x509/clu_request_setup.c
diff --git a/src/x509/clu_x509_sign.c b/src/x509/clu_x509_sign.c
diff --git a/wolfclu/clu_header_main.h b/wolfclu/clu_header_main.h
diff --git a/wolfclu/version.h b/wolfclu/version.h

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`# configure.ac`
`2`	`2`	`#`
`3`		`-# Copyright (C) 2006-2020 wolfSSL Inc.`
	`3`	`+# Copyright (C) 2006-2022 wolfSSL Inc.`
`4`	`4`	`# All rights reserved.`
`5`	`5`	`#`
`6`	`6`	`# This file is part of wolfssl command line utility.`
`@@ -10,7 +10,7 @@`
`10`	`10`	`#requires user to have AutoConf version 2.63 or greater.`
`11`	`11`	`AC_PREREQ([2.63])`
`12`	`12`
`13`		`-AC_INIT([wolfclu], [0.0.8], [http://www.wolfssl.com])`
	`13`	`+AC_INIT([wolfclu], [0.1.0], [http://www.wolfssl.com])`
`14`	`14`
`15`	`15`	`#a helpful directory to keep clutter out of root`
`16`	`16`	`AC_CONFIG_AUX_DIR([build-aux])`
Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ static void wolfCLU_ClientHelp(void)`
`51`	`51`	`WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[fe80::63:57c0:9b88:77ca%%en0]:11111'");`
`52`	`52`	`WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[2001:4860:4860::8888]:443'");`
`53`	`53`	`WOLFCLU_LOG(WOLFCLU_L0, "\t-starttls <proto, i.e. smtp>");`
	`54`	`+ WOLFCLU_LOG(WOLFCLU_L0, "\t-CAfile <ca file name>");`
	`55`	`+ WOLFCLU_LOG(WOLFCLU_L0, "\t-verify_return_error close connection on verification error");`
`54`	`56`	`}`
`55`	`57`
`56`	`58`	`static const char hostFlag[] = "-h";`
`@@ -173,9 +175,11 @@ int wolfCLU_Client(int argc, char** argv)`
`173`	`175`	`XMEMCPY(host, optarg, idx);`
`174`	`176`	`host[idx] = '\0';`
`175`	`177`	`}`
`176`		`- ret = _addClientArg(clientArgv, hostFlag, &clientArgc);`
`177`	`178`	`if (ret == WOLFCLU_SUCCESS) {`
`178`		`- ret = _addClientArg(clientArgv, host, &clientArgc);`
	`179`	`+ ret = _addClientArg(clientArgv, hostFlag, &clientArgc);`
	`180`	`+ if (ret == WOLFCLU_SUCCESS) {`
	`181`	`+ ret = _addClientArg(clientArgv, host, &clientArgc);`
	`182`	`+ }`
`179`	`183`	`}`
`180`	`184`	`}`
`181`	`185`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ static const struct option crypt_options[] = {`
`54`	`54`	`/* returns WOLFCLU_SUCCESS on success */`
`55`	`55`	`int wolfCLU_setup(int argc, char** argv, char action)`
`56`	`56`	`{`
`57`		`-#ifndef WOLFCLU_NO_FILESYSTEM`
	`57`	`+#ifndef WOLFCLU_NO_FILESYSTEM`
`58`	`58`	`int ret = 0; /* return variable */`
`59`	`59`	`char outNameEnc[256]; /* default outFile for encrypt */`
`60`	`60`	`char outNameDec[256]; /* default outfile for decrypt */`
Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,`
`116`	`116`	`}`
`117`	`117`	`/* replicates old pwdKey if pwdKeys match */`
`118`	`118`	`if (ret == 0 && keyType == 1) {`
`119`		`- if (wc_PBKDF2(key, pwdKey, (int) strlen((const char*)pwdKey),`
	`119`	`+ if (wc_PBKDF2(key, pwdKey, (int) XSTRLEN((const char*)pwdKey),`
`120`	`120`	`salt, SALT_SIZE, CLU_4K_TYPE, size,`
`121`	`121`	`CLU_SHA256) != 0) {`
`122`	`122`	`wolfCLU_LogError("pwdKey set error.");`