From f27d71b3d8cefa3759c789e2768a2410ad5b7ac5 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 1 Nov 2024 11:31:27 -0600 Subject: [PATCH 1/5] fix for smallstack and expand help menu --- src/genkey/clu_genkey.c | 19 +++++++++++-------- src/genkey/clu_genkey_setup.c | 9 ++++----- src/tools/clu_funcs.c | 10 +++++++++- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index d5cfe65..41877bd 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -1064,7 +1064,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, #ifdef WOLFSSL_SMALL_STACK dilithium_key* key; - key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), key.HEAP_HINT, + key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), HEAP_HINT, DYNAMIC_TYPE_DILITHIUM); if (key == NULL) { return MEMORY_E; @@ -1081,7 +1081,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, if (wc_dilithium_init(key) != 0) { wolfCLU_LogError("Failed to initialize Dilithium Key.\nRET: %d", ret); #ifdef WOLFSSL_SMALL_STACK - wc_dilithium_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM); #endif return ret; } @@ -1089,16 +1089,18 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, /* set the level of the dilithium key */ if (wc_dilithium_set_level(key, level) != 0) { - #ifdef WOLFSSL_SMALL_STACK wc_dilithium_free(key); + #ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM); #endif return WOLFCLU_FAILURE; } /* make the dilithium key */ if (wc_dilithium_make_key(key, rng) != 0) { - #ifdef WOLFSSL_SMALL_STACK wc_dilithium_free(key); + #ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM); #endif return WOLFCLU_FAILURE; } @@ -1162,7 +1164,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, ret = OUTPUT_FILE_ERROR; } } - + if (ret == WOLFCLU_SUCCESS) { if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) { ret = OUTPUT_FILE_ERROR; @@ -1222,7 +1224,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, ret = OUTPUT_FILE_ERROR; } } - + if (ret == WOLFCLU_SUCCESS) { if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) { ret = OUTPUT_FILE_ERROR; @@ -1253,8 +1255,9 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } -#ifdef WOLFSSL_SMALL_STACK wc_dilithium_free(key); +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM); #endif return ret; @@ -1266,7 +1269,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt, (void)keySz; (void)level; (void)withAlg; - + return NOT_COMPILED_IN; #endif /* HAVE_DILITHIUM */ } diff --git a/src/genkey/clu_genkey_setup.c b/src/genkey/clu_genkey_setup.c index bc42b37..af71576 100644 --- a/src/genkey/clu_genkey_setup.c +++ b/src/genkey/clu_genkey_setup.c @@ -334,13 +334,12 @@ int wolfCLU_genKeySetup(int argc, char** argv) } WOLFCLU_LOG(WOLFCLU_L0, "using Dilithium%d", level); - ret = wolfCLU_genKey_Dilithium(&rng, keyOutFName, directiveArg, formatArg, - keySz, level, withAlg); - + ret = wolfCLU_genKey_Dilithium(&rng, keyOutFName, directiveArg, + formatArg, keySz, level, withAlg); #else wolfCLU_LogError("Invalid option, Dithium not enabled."); - WOLFCLU_LOG(WOLFCLU_L0, "Please re-configure wolfSSL with --enable-dilithium, " - "--enable-experimental and try again"); + WOLFCLU_LOG(WOLFCLU_L0, "Please re-configure wolfSSL with " + "--enable-dilithium, --enable-experimental and try again"); wc_FreeRng(&rng); return NOT_COMPILED_IN; #endif /* HAVE_DILITHIUM */ diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c index 02a4566..1ae87af 100644 --- a/src/tools/clu_funcs.c +++ b/src/tools/clu_funcs.c @@ -451,6 +451,9 @@ void wolfCLU_genKeyHelp(void) #endif #ifdef HAVE_ECC ,"ecc" + #endif + #ifdef HAVE_DILITHIUM + ,"dilithium" #endif }; @@ -464,7 +467,12 @@ void wolfCLU_genKeyHelp(void) "-out -outform -output \n"); WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************"); WOLFCLU_LOG(WOLFCLU_L0, "\nEXAMPLE: \n\nwolfssl -genkey rsa -size 2048 -out mykey -outform der " - " -output KEYPAIR" + " -output KEYPAIR"); +#ifdef HAVE_DILITHIUM + WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey dilithium -level " + "[2|3|5] -out mykey -outform der -output KEYPAIR"); +#endif + WOLFCLU_LOG(WOLFCLU_L0, "\n\nThe above command would output the files: mykey.priv " " and mykey.pub\nChanging the -output option to just PRIV would only" "\noutput the mykey.priv and using just PUB would only output" From 1ee035092abfff8a8e2ab172c03ef60101997219 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 1 Nov 2024 11:46:44 -0600 Subject: [PATCH 2/5] expand fsanitize github action --- .github/workflows/fsanitize-check.yml | 100 +++++++++++++++++--------- 1 file changed, 67 insertions(+), 33 deletions(-) diff --git a/.github/workflows/fsanitize-check.yml b/.github/workflows/fsanitize-check.yml index d971779..da5edb8 100644 --- a/.github/workflows/fsanitize-check.yml +++ b/.github/workflows/fsanitize-check.yml @@ -7,39 +7,73 @@ on: branches: [ '*' ] jobs: - build: + build_wolfssl: + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + config: [ + # Add new configs here and make wolfclu matrix match + '--enable-wolfclu', + '--enable-wolfclu --enable-smallstack', + '--enable-wolfclu --enable-experimental --enable-dilithium', + '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium', + ] + name: Build wolfssl + runs-on: ${{ matrix.os }} + timeout-minutes: 4 + steps: + - name: Checking cache for wolfssl + uses: actions/cache@v4 + id: cache-wolfssl + with: + path: build-dir/ + key: wolfclu-fsanitize-check-wolfssl-${{ strategy.job-index }}-${{ matrix.os }} + lookup-only: true - runs-on: ubuntu-latest + - name: Checkout, build, and install wolfssl + if: steps.cache-wolfssl.outputs.cache-hit != 'true' + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: wolfssl/wolfssl + ref: master + path: wolfssl + configure: ${{ matrix.config }} CC="gcc -fsanitize=address" + check: false + install: true + build_wolfclu: + needs: build_wolfssl + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + config: [ + '--enable-wolfclu', + '--enable-wolfclu --enable-smallstack', + '--enable-wolfclu --enable-experimental --enable-dilithium', + '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium', + ] + name: Build wolfclu + runs-on: ${{ matrix.os }} + timeout-minutes: 4 steps: - - uses: actions/checkout@master - with: - repository: wolfssl/wolfssl - path: wolfssl - - name: wolfssl autogen - working-directory: ./wolfssl - run: ./autogen.sh - - name: wolfssl configure - working-directory: ./wolfssl - run: ./configure --enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7 - - name: wolfssl make - working-directory: ./wolfssl - run: make - - name: wolfssl make install - working-directory: ./wolfssl - run: sudo make install - - name: ldconfig - working-directory: ./wolfssl - run: sudo ldconfig - - uses: actions/checkout@master - - name: autogen - run: ./autogen.sh - - name: configure - run: ./configure CC="gcc -fsanitize=address" - - name: make - run: make - - name: make check - run: make check - - name: display log - if: always() - run: cat test-suite.log + - name: Checking cache for wolfssl + uses: actions/cache@v4 + with: + path: build-dir/ + key: wolfclu-fsanitize-check-wolfssl-${{ strategy.job-index }}-${{ matrix.os }} + fail-on-cache-miss: true + + - name: Checkout, build, and test wolfclu + uses: wolfSSL/actions-build-autotools-project@v1 + env: + LD_LIBRARY_PATH: ${{ github.workspace }}/build-dir/lib + with: + repository: wolfssl/wolfclu + path: wolfclu + configure: CC="gcc -fsanitize=address" LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include" + check: true + - name: display log + if: always() + run: cat test-suite.log From 4e5a566c6319246907621177e7ae2483812d1e8d Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 1 Nov 2024 13:51:15 -0600 Subject: [PATCH 3/5] fix warning with gcc-12 compile --- src/pkcs/clu_pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pkcs/clu_pkcs7.c b/src/pkcs/clu_pkcs7.c index bd1fd77..e85ef4b 100644 --- a/src/pkcs/clu_pkcs7.c +++ b/src/pkcs/clu_pkcs7.c @@ -68,7 +68,7 @@ int wolfCLU_PKCS7(int argc, char** argv) byte* buf = NULL; byte* derContent = NULL; int bufSz; - int derContentSz; + int derContentSz = 0; int freePkcs7 = 0; opterr = 0; /* do not display unrecognized options */ From 9e18bd84a23992561c10d8ab7467eff92628574c Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 Nov 2024 09:29:26 -0700 Subject: [PATCH 4/5] check if test-suite.log exists before cat --- .github/workflows/fsanitize-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fsanitize-check.yml b/.github/workflows/fsanitize-check.yml index da5edb8..ccfc142 100644 --- a/.github/workflows/fsanitize-check.yml +++ b/.github/workflows/fsanitize-check.yml @@ -76,4 +76,4 @@ jobs: check: true - name: display log if: always() - run: cat test-suite.log + run: if [ -f test-suite.log ]; then cat test-suite.log; else echo "No test log"; fi From 05e1100a737177c497f2e682686d0743bba8b3be Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 14 Nov 2024 14:36:39 -0700 Subject: [PATCH 5/5] add CRL and DSA testing back and touch up help menu --- .github/workflows/fsanitize-check.yml | 2 ++ src/tools/clu_funcs.c | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/fsanitize-check.yml b/.github/workflows/fsanitize-check.yml index ccfc142..26a1bc3 100644 --- a/.github/workflows/fsanitize-check.yml +++ b/.github/workflows/fsanitize-check.yml @@ -15,6 +15,7 @@ jobs: config: [ # Add new configs here and make wolfclu matrix match '--enable-wolfclu', + '--enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7', '--enable-wolfclu --enable-smallstack', '--enable-wolfclu --enable-experimental --enable-dilithium', '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium', @@ -50,6 +51,7 @@ jobs: os: [ ubuntu-latest ] config: [ '--enable-wolfclu', + '--enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7', '--enable-wolfclu --enable-smallstack', '--enable-wolfclu --enable-experimental --enable-dilithium', '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium', diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c index 1ae87af..43065c7 100644 --- a/src/tools/clu_funcs.c +++ b/src/tools/clu_funcs.c @@ -83,6 +83,7 @@ static const struct option crypt_algo_options[] = { WOLFCLU_LOG(WOLFCLU_L0, "rsa RSA key operations"); WOLFCLU_LOG(WOLFCLU_L0, "x509 X509 certificate processing"); WOLFCLU_LOG(WOLFCLU_L0, "verify X509 certificate verify"); + WOLFCLU_LOG(WOLFCLU_L0, "pkcs7 Used for parsing PKCS7 files"); WOLFCLU_LOG(WOLFCLU_L0, "pkcs12 Used for parsing PKCS12 files"); WOLFCLU_LOG(WOLFCLU_L0, "s_server Basic TLS server for testing" " connection");