From 426ba9bbefb36440e1193c200931de0596a52e14 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 9 Sep 2022 14:13:37 -0700 Subject: [PATCH 1/2] scan-build fixes, fix whitespaces, update help prompts --- src/benchmark/clu_benchmark.c | 15 +--- src/client/clu_client_setup.c | 8 +- src/clu_main.c | 10 +-- src/crypto/clu_crypto_setup.c | 2 +- src/crypto/clu_decrypt.c | 2 +- src/crypto/clu_encrypt.c | 2 +- src/crypto/clu_evp_crypto.c | 10 +-- src/dh/clu_dh.c | 2 +- src/genkey/clu_genkey.c | 2 +- src/pkcs/clu_pkcs12.c | 4 +- src/pkey/clu_pkey.c | 6 +- src/sign-verify/clu_crl_verify.c | 4 +- src/sign-verify/clu_sign_verify_setup.c | 6 +- src/sign-verify/clu_verify.c | 4 +- src/sign-verify/clu_x509_verify.c | 4 +- src/tools/clu_funcs.c | 104 ++++++++++++++---------- src/x509/clu_cert_setup.c | 4 +- src/x509/clu_config.c | 1 - src/x509/clu_request_setup.c | 4 +- src/x509/clu_x509_sign.c | 2 +- wolfclu/clu_header_main.h | 2 +- 21 files changed, 106 insertions(+), 92 deletions(-) diff --git a/src/benchmark/clu_benchmark.c b/src/benchmark/clu_benchmark.c index 899908fd..e8a5f2ac 100644 --- a/src/benchmark/clu_benchmark.c +++ b/src/benchmark/clu_benchmark.c @@ -29,7 +29,7 @@ #endif /* HAVE_BLAKE2 */ /* - * benchmarking funciton + * benchmarking funciton */ int wolfCLU_benchmark(int timer, int* option) { @@ -47,7 +47,6 @@ int wolfCLU_benchmark(int timer, int* option) WC_RNG rng; /* random number generator */ - int ret = 0; /* return variable */ double stop = 0.0; /* stop breaks loop */ double start; /* start time */ double currTime; /* current time*/ @@ -120,7 +119,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifdef WOLFSSL_AES_COUNTER /* aes-ctr test */ @@ -171,7 +169,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifndef NO_DES3 /* 3des test */ @@ -223,7 +220,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifdef HAVE_CAMELLIA #define CAM_SZ CAMELLIA_BLOCK_SIZE @@ -278,7 +274,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifndef NO_MD5 /* md5 test */ @@ -317,7 +312,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifndef NO_SHA /* sha test */ @@ -356,7 +350,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifndef NO_SHA256 #define SHA256_SZ WC_SHA256_DIGEST_SIZE @@ -397,7 +390,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifdef WOLFSSL_SHA384 #define SHA384_SZ WC_SHA384_DIGEST_SIZE @@ -437,7 +429,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifdef WOLFSSL_SHA512 #define SHA512_SZ WC_SHA512_DIGEST_SIZE @@ -477,7 +468,6 @@ int wolfCLU_benchmark(int timer, int* option) loop = 1; } i++; - ret = WOLFCLU_SUCCESS; #endif #ifdef HAVE_BLAKE2 /* blake2b test */ @@ -513,10 +503,9 @@ int wolfCLU_benchmark(int timer, int* option) XMEMSET(digest, 0, BLAKE2B_OUTBYTES); wolfCLU_freeBins(digest, plain, NULL, NULL, NULL); } - ret = WOLFCLU_SUCCESS; #endif wc_FreeRng(&rng); (void)blocks; (void)loop; - return ret; + return WOLFCLU_SUCCESS; } diff --git a/src/client/clu_client_setup.c b/src/client/clu_client_setup.c index 49c0b3b0..f658ea39 100644 --- a/src/client/clu_client_setup.c +++ b/src/client/clu_client_setup.c @@ -51,6 +51,8 @@ static void wolfCLU_ClientHelp(void) WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[fe80::63:57c0:9b88:77ca%%en0]:11111'"); WOLFCLU_LOG(WOLFCLU_L0, "\t\t-connect '[2001:4860:4860::8888]:443'"); WOLFCLU_LOG(WOLFCLU_L0, "\t-starttls "); + WOLFCLU_LOG(WOLFCLU_L0, "\t-CAfile "); + WOLFCLU_LOG(WOLFCLU_L0, "\t-verify_return_error close connection on verification error"); } static const char hostFlag[] = "-h"; @@ -173,9 +175,11 @@ int wolfCLU_Client(int argc, char** argv) XMEMCPY(host, optarg, idx); host[idx] = '\0'; } - ret = _addClientArg(clientArgv, hostFlag, &clientArgc); if (ret == WOLFCLU_SUCCESS) { - ret = _addClientArg(clientArgv, host, &clientArgc); + ret = _addClientArg(clientArgv, hostFlag, &clientArgc); + if (ret == WOLFCLU_SUCCESS) { + ret = _addClientArg(clientArgv, host, &clientArgc); + } } } } diff --git a/src/clu_main.c b/src/clu_main.c index f52701ce..663fc174 100644 --- a/src/clu_main.c +++ b/src/clu_main.c @@ -30,10 +30,10 @@ #include #include -#ifdef _WIN32 +#ifdef _WIN32 char* optarg; -int optind ; -int opterr ; +int optind; +int opterr; #endif @@ -168,7 +168,7 @@ int main(int argc, char** argv) /* retain old version of modes where '-' is used. i.e -x509, -req */ if (argc > 1 && argv[1] != NULL && argv[1][0] == '-') { - argv[1] = argv[1] + 1; + argv[1] = argv[1] + 1; flag = getMode(argv[1]); /* if -rsa was used then it is the older sign/verify version of rsa */ @@ -368,7 +368,7 @@ int clu_entry(const void* argument) command = (char*)buffer; - /* Determine the number of supplied arguments */ + /* Determine the number of supplied arguments */ for (i = 0; command[i] != '\0' && i < XSTRLEN(command); i++) { if (command[i]==' ') { argc++; diff --git a/src/crypto/clu_crypto_setup.c b/src/crypto/clu_crypto_setup.c index 5b9a6bb2..61e55543 100644 --- a/src/crypto/clu_crypto_setup.c +++ b/src/crypto/clu_crypto_setup.c @@ -54,7 +54,7 @@ static const struct option crypt_options[] = { /* returns WOLFCLU_SUCCESS on success */ int wolfCLU_setup(int argc, char** argv, char action) { -#ifndef WOLFCLU_NO_FILESYSTEM +#ifndef WOLFCLU_NO_FILESYSTEM int ret = 0; /* return variable */ char outNameEnc[256]; /* default outFile for encrypt */ char outNameDec[256]; /* default outfile for decrypt */ diff --git a/src/crypto/clu_decrypt.c b/src/crypto/clu_decrypt.c index 495138a1..f676ed46 100644 --- a/src/crypto/clu_decrypt.c +++ b/src/crypto/clu_decrypt.c @@ -116,7 +116,7 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size, } /* replicates old pwdKey if pwdKeys match */ if (ret == 0 && keyType == 1) { - if (wc_PBKDF2(key, pwdKey, (int) strlen((const char*)pwdKey), + if (wc_PBKDF2(key, pwdKey, (int) XSTRLEN((const char*)pwdKey), salt, SALT_SIZE, CLU_4K_TYPE, size, CLU_SHA256) != 0) { wolfCLU_LogError("pwdKey set error."); diff --git a/src/crypto/clu_encrypt.c b/src/crypto/clu_encrypt.c index 22a95cb4..c0bd86e2 100644 --- a/src/crypto/clu_encrypt.c +++ b/src/crypto/clu_encrypt.c @@ -65,7 +65,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size, "instead."); /* use user entered data to encrypt */ - inputLength = (int) strlen(in); + inputLength = (int) XSTRLEN(in); userInputBuffer = (char*) XMALLOC(inputLength, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (userInputBuffer == NULL) diff --git a/src/crypto/clu_evp_crypto.c b/src/crypto/clu_evp_crypto.c index a55eb3be..40d9014d 100644 --- a/src/crypto/clu_evp_crypto.c +++ b/src/crypto/clu_evp_crypto.c @@ -164,7 +164,7 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey, if (ret == WOLFCLU_SUCCESS) { if (pbkVersion == WOLFCLU_PBKDF2) { #ifdef HAVE_FIPS - if (strlen((const char*)pwdKey) < HMAC_FIPS_MIN_KEY) { + if (XSTRLEN((const char*)pwdKey) < HMAC_FIPS_MIN_KEY) { wolfCLU_LogError("For use with FIPS mode key needs to be" " at least %d characters long", HMAC_FIPS_MIN_KEY); ret = WOLFCLU_FATAL_ERROR; @@ -173,12 +173,12 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey, if (ret == WOLFCLU_SUCCESS) { if (noSalt) { ret = wolfSSL_PKCS5_PBKDF2_HMAC((const char*)pwdKey, - (int) strlen((const char*)pwdKey), NULL, 0, iter, + (int) XSTRLEN((const char*)pwdKey), NULL, 0, iter, hashType, keySz + ivSz, pwdKey); } else { ret = wolfSSL_PKCS5_PBKDF2_HMAC((const char*)pwdKey, - (int) strlen((const char*)pwdKey), salt, SALT_SIZE, iter, + (int) XSTRLEN((const char*)pwdKey), salt, SALT_SIZE, iter, hashType, keySz + ivSz, pwdKey); } if (ret != WOLFSSL_SUCCESS) { @@ -201,11 +201,11 @@ int wolfCLU_evp_crypto(const WOLFSSL_EVP_CIPHER* cphr, char* mode, byte* pwdKey, iter = 1; /* default value for interop */ if (noSalt) { ret = wolfSSL_EVP_BytesToKey(cphr, hashType, NULL, - pwdKey, (int)strlen((const char*)pwdKey), iter, key, iv); + pwdKey, (int)XSTRLEN((const char*)pwdKey), iter, key, iv); } else { ret = wolfSSL_EVP_BytesToKey(cphr, hashType, salt, - pwdKey, (int)strlen((const char*)pwdKey), iter, key, iv); + pwdKey, (int)XSTRLEN((const char*)pwdKey), iter, key, iv); } if (ret == 0) { wolfCLU_LogError("failed to create key, ret = %d", ret); diff --git a/src/dh/clu_dh.c b/src/dh/clu_dh.c index 3a9cfa98..b970c807 100644 --- a/src/dh/clu_dh.c +++ b/src/dh/clu_dh.c @@ -130,7 +130,7 @@ int wolfCLU_DhParamSetup(int argc, char** argv) if (ret == WOLFCLU_SUCCESS) { int i = 2; // start at 2 because wolfssl & dhparam will be in first and second - int found = 0; + int found = 0; while (i + 1 <= argc && !found) { /* confirm arg is a non '-' option that does not correspond * to an '-in' or '-out' file */ diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 0004bad0..72481c23 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -844,7 +844,7 @@ int wolfCLU_genKey_PWDBASED(WC_RNG* rng, byte* pwdKey, int size, byte* salt, salt[0] = 0; /* stretches pwdKey */ - ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey), + ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) XSTRLEN((const char*)pwdKey), salt, SALT_SIZE, CLU_4K_TYPE, size, CLU_SHA256); if (ret != 0) return ret; diff --git a/src/pkcs/clu_pkcs12.c b/src/pkcs/clu_pkcs12.c index 3a924210..09e09810 100644 --- a/src/pkcs/clu_pkcs12.c +++ b/src/pkcs/clu_pkcs12.c @@ -249,9 +249,9 @@ int wolfCLU_PKCS12(int argc, char** argv) #ifndef HAVE_PKCS12 wolfCLU_LogError("Recompile wolfSSL with PKCS12 support"); #endif -#ifdef WOLFCLU_NO_FILESYSTEM +#ifdef WOLFCLU_NO_FILESYSTEM wolfCLU_LogError("No filesystem support"); -#endif +#endif return WOLFCLU_FATAL_ERROR; #endif } diff --git a/src/pkey/clu_pkey.c b/src/pkey/clu_pkey.c index de67db0b..7db5531a 100644 --- a/src/pkey/clu_pkey.c +++ b/src/pkey/clu_pkey.c @@ -272,7 +272,7 @@ int wolfCLU_pKeyPEMtoPriKeyEnc(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, password, passwordSz); } if (der != NULL) - free(der); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); return ret; } @@ -560,7 +560,7 @@ int wolfCLU_pKeySetup(int argc, char** argv) } } if (der != NULL) - free(der); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); } } @@ -583,7 +583,7 @@ int wolfCLU_pKeySetup(int argc, char** argv) } if (der != NULL) { - free(der); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); } } diff --git a/src/sign-verify/clu_crl_verify.c b/src/sign-verify/clu_crl_verify.c index 7039ace8..ba4fd626 100644 --- a/src/sign-verify/clu_crl_verify.c +++ b/src/sign-verify/clu_crl_verify.c @@ -60,7 +60,7 @@ static void wolfCLU_CRLVerifyHelp(void) int wolfCLU_CRLVerify(int argc, char** argv) { -#if defined(HAVE_CRL) && !defined(WOLFCLU_NO_FILESYSTEM) +#if defined(HAVE_CRL) && !defined(WOLFCLU_NO_FILESYSTEM) int ret = WOLFCLU_SUCCESS; int inForm = PEM_FORM; int outForm = PEM_FORM; @@ -300,7 +300,7 @@ int wolfCLU_CRLVerify(int argc, char** argv) #endif #ifdef WOLFCLU_NO_FILESYSTEM wolfCLU_LogError("No filesystem support"); -#endif +#endif return WOLFCLU_FATAL_ERROR; #endif } diff --git a/src/sign-verify/clu_sign_verify_setup.c b/src/sign-verify/clu_sign_verify_setup.c index 73dfe0b5..a0232cdd 100644 --- a/src/sign-verify/clu_sign_verify_setup.c +++ b/src/sign-verify/clu_sign_verify_setup.c @@ -40,7 +40,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) int verifyCheck = 0; int pubInCheck = 0; - /* checkForArg doesn't look for "-" here, as it would have been + /* checkForArg doesn't look for "-" here, as it would have been * removed in clu_main.c if present */ if (wolfCLU_checkForArg("rsa", 3, argc, argv) > 0) { algCheck = RSA_SIG_VER; @@ -138,7 +138,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) ret = wolfCLU_checkForArg("-sigfile", 8, argc, argv); if (ret > 0) { - sig = XMALLOC(strlen(argv[ret+1]) + 1, HEAP_HINT, + sig = XMALLOC(XSTRLEN(argv[ret+1]) + 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { if (priv) @@ -205,7 +205,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) } else { /* No out needed for ECC verifying */ - /* ED25519 exceptions will need to be added at a later date */ + /* ED25519 exceptions will need to be added at a later date */ } } diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 17734f31..834961ad 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -308,7 +308,7 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, keyFileSz = (int)XFTELL(keyPathFile); keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf != NULL) { - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { XFCLOSE(keyPathFile); return WOLFCLU_FATAL_ERROR; @@ -410,7 +410,7 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, keyFileSz = (int)XFTELL(keyPathFile); keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf != NULL) { - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { XFCLOSE(keyPathFile); return WOLFCLU_FATAL_ERROR; diff --git a/src/sign-verify/clu_x509_verify.c b/src/sign-verify/clu_x509_verify.c index f127a4ce..c82f66db 100644 --- a/src/sign-verify/clu_x509_verify.c +++ b/src/sign-verify/clu_x509_verify.c @@ -93,7 +93,7 @@ int wolfCLU_x509Verify(int argc, char** argv) WOLFCLU_LOG(WOLFCLU_L0, "using CA file %s", optarg); caCert = optarg; break; - + case WOLFCLU_PARTIAL_CHAIN: partialChain = 1; break; @@ -141,7 +141,7 @@ int wolfCLU_x509Verify(int argc, char** argv) } /* Confirm CA file is root CA unless partialChain enabled */ - if (ret == WOLFCLU_SUCCESS){ + if (ret == WOLFCLU_SUCCESS){ if (!partialChain && caCert != NULL){ int error; diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c index a4d061e2..7f48d81d 100644 --- a/src/tools/clu_funcs.c +++ b/src/tools/clu_funcs.c @@ -31,6 +31,8 @@ #define SALT_SIZE 8 #define DES3_BLOCK_SIZE 24 +#define MAX_ENTRY_NAME 64 + static int loop = 0; static const struct option crypt_algo_options[] = { @@ -63,6 +65,7 @@ static const struct option crypt_algo_options[] = { WOLFCLU_LOG(WOLFCLU_L0, " "); WOLFCLU_LOG(WOLFCLU_L0, "Only set one of the following.\n"); WOLFCLU_LOG(WOLFCLU_L0, "ca Used for signing certificates"); + WOLFCLU_LOG(WOLFCLU_L0, "crl Used for parsing CRL files"); WOLFCLU_LOG(WOLFCLU_L0, "bench Benchmark one of the algorithms"); WOLFCLU_LOG(WOLFCLU_L0, "decrypt Decrypt an encrypted file"); WOLFCLU_LOG(WOLFCLU_L0, "dgst Used for verifying a signature"); @@ -73,16 +76,21 @@ static const struct option crypt_algo_options[] = { WOLFCLU_LOG(WOLFCLU_L0, "ed25519 Ed25519 signing and signature verification"); WOLFCLU_LOG(WOLFCLU_L0, "enc / encrypt Encrypt a file or some user input"); WOLFCLU_LOG(WOLFCLU_L0, "hash Hash a file or input"); - WOLFCLU_LOG(WOLFCLU_L0, "md5 Creates and MD5 hash"); + WOLFCLU_LOG(WOLFCLU_L0, "md5 Creates an MD5 hash"); WOLFCLU_LOG(WOLFCLU_L0, "pkey Used for key operations"); WOLFCLU_LOG(WOLFCLU_L0, "req Request for certificate generation"); WOLFCLU_LOG(WOLFCLU_L0, "-rsa Legacy RSA signing and signature verification"); WOLFCLU_LOG(WOLFCLU_L0, "rsa RSA key operations"); WOLFCLU_LOG(WOLFCLU_L0, "x509 X509 certificate processing"); WOLFCLU_LOG(WOLFCLU_L0, "verify X509 certificate verify"); + WOLFCLU_LOG(WOLFCLU_L0, "pkcs12 Used for parsing PKCS12 files"); WOLFCLU_LOG(WOLFCLU_L0, "s_client Basic TLS client for testing" " connection"); + WOLFCLU_LOG(WOLFCLU_L0, "sha256 Creates a SHA256 hash"); + WOLFCLU_LOG(WOLFCLU_L0, "sha384 Creates a SHA384 hash"); + WOLFCLU_LOG(WOLFCLU_L0, "sha512 Creates a SHA512 hash"); WOLFCLU_LOG(WOLFCLU_L0, "rand Generates random data"); + WOLFCLU_LOG(WOLFCLU_L0, "version Print wolfCLU/wolfSSL versions"); WOLFCLU_LOG(WOLFCLU_L0, " "); /*optional flags*/ WOLFCLU_LOG(WOLFCLU_L0, "Optional Flags.\n"); @@ -397,6 +405,11 @@ void wolfCLU_benchHelp() void wolfCLU_certHelp() { WOLFCLU_LOG(WOLFCLU_L0, "\n"); + WOLFCLU_LOG(WOLFCLU_L0, "-inform pem or der in format"); + WOLFCLU_LOG(WOLFCLU_L0, "-in the file to read from"); + WOLFCLU_LOG(WOLFCLU_L0, "-outform pem or der out format"); + WOLFCLU_LOG(WOLFCLU_L0, "-out output file to write to"); + WOLFCLU_LOG(WOLFCLU_L0, "-noout do not print output if set"); WOLFCLU_LOG(WOLFCLU_L0, "-subject print out the subject name"); WOLFCLU_LOG(WOLFCLU_L0, "-issuer print out the issuer name"); WOLFCLU_LOG(WOLFCLU_L0, "-serial print out the serial number in hex"); @@ -405,6 +418,9 @@ void wolfCLU_certHelp() WOLFCLU_LOG(WOLFCLU_L0, "-fingerprint print out the hash of the certificate in DER form"); WOLFCLU_LOG(WOLFCLU_L0, "-purpose print out the certificates purpose"); WOLFCLU_LOG(WOLFCLU_L0, "-hash print out the hash of the certificate subject name"); + WOLFCLU_LOG(WOLFCLU_L0, "-text print human readable text of X509"); + WOLFCLU_LOG(WOLFCLU_L0, "-modulus print out the RSA key modulus"); + WOLFCLU_LOG(WOLFCLU_L0, "-pubkey print out the Public Key"); WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************"); WOLFCLU_LOG(WOLFCLU_L0, "\nX509 USAGE: wolfssl -x509 -inform -in " "-outform -out \n"); @@ -468,7 +484,7 @@ void wolfCLU_signHelp(int keyType) for(i = 0; i < (int) sizeof(keysother)/(int) sizeof(keysother[0]); i++) { WOLFCLU_LOG(WOLFCLU_L0, "%s", keysother[i]); } - + WOLFCLU_LOG(WOLFCLU_L0, "\n***************************************************************"); switch(keyType) { #ifndef NO_RSA @@ -515,7 +531,7 @@ void wolfCLU_verifyHelp(int keyType) { for(i = 0; i < (int) sizeof(keysother)/(int) sizeof(keysother[0]); i++) { WOLFCLU_LOG(WOLFCLU_L0, "%s", keysother[i]); } - + WOLFCLU_LOG(WOLFCLU_L0, "\n***************************************************************"); switch(keyType) { #ifndef NO_RSA @@ -952,7 +968,7 @@ int wolfCLU_getAlgo(int argc, char** argv, int* alg, char** mode, int* size) */ void wolfCLU_append(char* s, char c) { - int len = (int) strlen(s); /* length of string*/ + int len = (int) XSTRLEN(s); /* length of string*/ s[len] = c; s[len+1] = '\0'; @@ -1214,38 +1230,46 @@ WOLFSSL_X509_NAME* wolfCLU_ParseX509NameString(const char* n, int nSz) return ret; } -size_t wolfCLU_getline(char **lineptr, size_t *len, FILE *fp) { +size_t wolfCLU_getline(char **lineptr, size_t *len, FILE *fp) +{ + + char line[MAX_ENTRY_NAME]; - char line[64]; + *len = sizeof(line); - *len = sizeof(line); - *lineptr = malloc(*len); + *lineptr = NULL; + if ((*lineptr = (char*)XMALLOC(*len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) + == NULL) { + XFREE(*lineptr, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return 0; + } - (*lineptr)[0] = '\0'; + (*lineptr)[0] = '\0'; - while(fgets(line, sizeof(line), fp) != NULL) { - size_t len_used = strlen(*lineptr); - size_t line_used = strlen(line); + while(fgets(line, sizeof(line), fp) != NULL) { + size_t len_used = XSTRLEN(*lineptr); + size_t line_used = XSTRLEN(line); - if(*len - len_used < line_used) { + if(*len - len_used < line_used) { *len *= 2; - - if((*lineptr = realloc(*lineptr, *len)) == NULL) { + + if((*lineptr = XREALLOC(*lineptr, *len, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)) == NULL) { return -1; } - } + } - memcpy(*lineptr + len_used, line, line_used); - len_used += line_used; - (*lineptr)[len_used] = '\0'; + XMEMCPY(*lineptr + len_used, line, line_used); + len_used += line_used; + (*lineptr)[len_used] = '\0'; - if((*lineptr)[len_used - 1] == '\n') { - (*lineptr)[len_used - 1]='\0'; - return len_used; - } - } + if((*lineptr)[len_used - 1] == '\n') { + (*lineptr)[len_used - 1]='\0'; + return len_used; + } + } - return -1; + return -1; } /* returns WOLFCLU_SUCCESS on success */ @@ -1264,50 +1288,50 @@ int wolfCLU_CreateX509Name(WOLFSSL_X509_NAME* name) ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_PRINTABLE, NID_countryName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "State or Province [Montana] : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_stateOrProvinceName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "Locality [Bozeman] : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_localityName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "Organization Name [wolfSSL] : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_organizationName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "Organization Unit [engineering] : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_organizationalUnitName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "Common Name : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_commonName, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fprintf(fout, "Email Address : "); ret = wolfCLU_getline(&in, &inSz, fin); if (ret > 0) { wolfCLU_AddNameEntry(name, CTC_UTF8, NID_emailAddress, in); - free(in); in = NULL; } + XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WOLFCLU_SUCCESS; } @@ -1475,24 +1499,22 @@ int wolfCLU_GetStdinPassword(byte* password, word32* passwordSz) #endif /* Not handling options char yet*/ -int wolfCLU_GetOpt(int argc, char** argv, const char *options, +int wolfCLU_GetOpt(int argc, char** argv, const char *options, const struct option *long_options, int *opt_index) { - int end = 0; /* variable used to exit while loops */ int i = optind; /* variable to keep track of starting option position */ int index = 0; /* index at which option was found */ - while(!end){ + while (1) { - /* set end to 1 if last option is reached */ + /* set end to 1 if last option is reached */ if (long_options[i].name == 0 ) { - end = 1; - return WOLFCLU_FATAL_ERROR; + return WOLFCLU_FATAL_ERROR; } else { - /* check if option is present in argv */ - index = wolfCLU_checkForArg(long_options[i].name, (int)strlen(long_options[i].name), argc, argv); + /* check if option is present in argv */ + index = wolfCLU_checkForArg(long_options[i].name, (int)XSTRLEN(long_options[i].name), argc, argv); optind++; /* if index matches *opt_index at first position or if index is found */ @@ -1509,6 +1531,6 @@ int wolfCLU_GetOpt(int argc, char** argv, const char *options, (void) *options; - return WOLFCLU_FATAL_ERROR; + return WOLFCLU_FATAL_ERROR; } diff --git a/src/x509/clu_cert_setup.c b/src/x509/clu_cert_setup.c index a80435f8..79478845 100644 --- a/src/x509/clu_cert_setup.c +++ b/src/x509/clu_cert_setup.c @@ -612,13 +612,13 @@ int wolfCLU_certSetup(int argc, char** argv) } wolfSSL_BIO_write(out, "\n", (int)XSTRLEN("\n")); - } + } else { char info[] = "Wrong Algorithm type"; wolfSSL_BIO_write(out, info, (int)XSTRLEN(info)); } - wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_EVP_PKEY_free(pkey); } } diff --git a/src/x509/clu_config.c b/src/x509/clu_config.c index 86337dec..5b19a970 100644 --- a/src/x509/clu_config.c +++ b/src/x509/clu_config.c @@ -610,7 +610,6 @@ static int wolfCLU_setDisNames(WOLFSSL_X509* x509, WOLFSSL_CONF* conf, } if (ret == WOLFCLU_SUCCESS) { - i = 0; for (i = 0; i < 10; i++) { XSNPRINTF(buf, sizeof(buf), "%d.organizationName", i); ret = CheckDisName(conf, sect, name, buf, NID_organizationName, diff --git a/src/x509/clu_request_setup.c b/src/x509/clu_request_setup.c index c25133f7..922a49f6 100644 --- a/src/x509/clu_request_setup.c +++ b/src/x509/clu_request_setup.c @@ -222,7 +222,7 @@ static int _wolfSSL_X509_extensions_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, wolfSSL_OBJ_obj2txt(buf, MAX_WIDTH, obj, 0); XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent + 4, ""); XSTRLCAT(scratch, buf, MAX_WIDTH); - + int crit = wolfSSL_X509_EXTENSION_get_critical(ext) ? 1 : 0; XSTRLCAT(scratch, crit ? ": Critical\n" : ":\n", crit ? 11 : 2); (void)crit; @@ -1039,7 +1039,7 @@ int wolfCLU_requestSetup(int argc, char** argv) if (!passout) { byte pass[MAX_PASSWORD_SIZE]; wolfCLU_GetStdinPassword(pass, (word32*)&passwordSz); - + if (pass[0] == '\0') { wolfCLU_LogError("Please enter a password"); ret = WOLFCLU_FATAL_ERROR; diff --git a/src/x509/clu_x509_sign.c b/src/x509/clu_x509_sign.c index 8cb8936a..abfb7ab7 100644 --- a/src/x509/clu_x509_sign.c +++ b/src/x509/clu_x509_sign.c @@ -376,7 +376,7 @@ static int wolfCLU_CertSignLog(WOLFCLU_CERT_SIGN* csign, WOLFSSL_X509* x509) char* subject; subject = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_subject_name(x509), - NULL, 0); + NULL, 0); if (wolfSSL_BIO_write(csign->dataBase, subject, (int)XSTRLEN(subject)) <= 0) { wolfCLU_LogError("Unable to write to data base"); diff --git a/wolfclu/clu_header_main.h b/wolfclu/clu_header_main.h index 6b4253f9..a064c1b7 100644 --- a/wolfclu/clu_header_main.h +++ b/wolfclu/clu_header_main.h @@ -131,7 +131,7 @@ extern "C" { #include #ifdef WOLFCLU_NO_FILESYSTEM - #define WOLFCLU_NO_TERM_SUPPORT + #define WOLFCLU_NO_TERM_SUPPORT #endif /* @VERSION From a0b7a56931466e3170add8024e15e276dc65c88d Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 12 Sep 2022 12:25:06 -0700 Subject: [PATCH 2/2] Changes for Release v0.1.0 --- ChangeLog.md | 28 ++++++++++++++++++++++++++++ configure.ac | 4 ++-- wolfclu/version.h | 4 ++-- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 04a306b5..2140e621 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,31 @@ +# wolfCLU v0.1.0 (Sep 12, 2022) +### Fixes and Enhancements +- Fix for buffer issue with s_client +- Add fsanitize testing with github actions +- Update dhparam to read mod size from different location in arguments +- Fix for x509 encoding modifying the cert +- Fix for supporting more alt names and skipping count +- Add -CAfile and verify_return_error flags for s_client command +- Expand testing with additional unit tests and Jenkins nightly test +- Fix for enc edge cases +- Fix x509 command to use piped input +- Support for building on Windows +- Add -pass flag to enc command +- Add -partial_chain arg for verify command +- Add -modulus flag for x509 command +- Handle additional CSR attribute print outs +- Add -passout flag to req command +- Fix for enc with nosalt +- Update m4 files +- Fix for parsing basic constraint from conf file +- Improve error logging +- IPV6 parsing support for s_client command +- Support for building with FIPS wolfSSL +- Add -text flag for crl command +- Support for building on FreeRTOS +- Add disable filesystem configure +- Support for creating req with attributes + # wolfCLU v0.0.8 (Mar 04, 2022) ### Commands Added - Add rand command diff --git a/configure.ac b/configure.ac index d613ab9a..98cefbf9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac # -# Copyright (C) 2006-2020 wolfSSL Inc. +# Copyright (C) 2006-2022 wolfSSL Inc. # All rights reserved. # # This file is part of wolfssl command line utility. @@ -10,7 +10,7 @@ #requires user to have AutoConf version 2.63 or greater. AC_PREREQ([2.63]) -AC_INIT([wolfclu], [0.0.8], [http://www.wolfssl.com]) +AC_INIT([wolfclu], [0.1.0], [http://www.wolfssl.com]) #a helpful directory to keep clutter out of root AC_CONFIG_AUX_DIR([build-aux]) diff --git a/wolfclu/version.h b/wolfclu/version.h index 2db29aa8..d78b29cc 100644 --- a/wolfclu/version.h +++ b/wolfclu/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define CLUWOLFSSL_VERSION_STRING "0.0.8" -#define CLUWOLFSSL_VERSION_HEX 0x00000008 +#define CLUWOLFSSL_VERSION_STRING "0.1.0" +#define CLUWOLFSSL_VERSION_HEX 0x00001000 #ifdef __cplusplus }