Skip to content

Commit

Permalink
Merge pull request #168 from JacobBarthelmeh/release
Browse files Browse the repository at this point in the history 
release version 0.1.7
  • Loading branch information
@dgarske
dgarske authored Jan 27, 2025
2 parents 809381e + 0df9596 commit cdc723c
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 27 deletions.
10 changes: 10 additions & 0 deletions ChangeLog.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
# wolfCLU v0.1.7 (Jan 27, 2025)
- Initial support for XMSS-XMSS^MT gnkey, sign and verify (PR 163)
- Support longer certificate chains (PR 162)
- Fix for setting wrong version in CSRs (PR 154)
- Fix DIlithium pem header and sign-verify without level option (PR 158)
- Fix typo VERIFY_USE_PREVERIFY in src/client/client.c and src/server/server.c
(PR 160)
- Fix for change to OBJ sn2nid behavior in wolfSSL (PR 166)


# wolfCLU v0.1.6 (Nov 11, 2024)
- Expanded continuous integration tests with more GitHub actions added (PR 142,
146, 147)
Expand Down
2 changes: 1 addition & 1 deletion configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#requires user to have AutoConf version 2.63 or greater.
AC_PREREQ([2.63])

AC_INIT([wolfclu], [0.1.6], [http://www.wolfssl.com])
AC_INIT([wolfclu], [0.1.7], [http://www.wolfssl.com])

#a helpful directory to keep clutter out of root
AC_CONFIG_AUX_DIR([build-aux])
Expand Down
33 changes: 21 additions & 12 deletions src/sign-verify/clu_sign.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,16 +589,17 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
if (wc_dilithium_init(key) != 0) {
wolfCLU_LogError("Failed to initialize Dilithium Key.\nRET: %d", ret);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFCLU_FAILURE;
}
XMEMSET(key, 0, sizeof(dilithium_key));

if (wc_InitRng(&rng) != 0) {
wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFCLU_FAILURE;
}
Expand All @@ -608,8 +609,9 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
if (privKeyFile == NULL) {
wolfCLU_LogError("Faild to open Private key FILE.");
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -620,8 +622,9 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
if (privBuf == NULL) {
XFCLOSE(privKeyFile);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
Expand All @@ -633,8 +636,9 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
wolfCLU_Log(WOLFCLU_L0, "incorecct size: %d", privFileSz);
XFREE(privBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -647,8 +651,9 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret);
XFREE(privBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -659,12 +664,13 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri

/* retrieving private key and staoring in the Dilithium key */
ret = wc_Dilithium_PrivateKeyDecode(privBuf, &index, key, privBufSz);
XFREE(privBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != 0) {
wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret);
XFREE(privBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -675,20 +681,22 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
if (outBuf == NULL) {
XFREE(privBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}

/* sign the message usign Dilithium private key */
ret = wc_dilithium_sign_msg(data, dataSz, outBuf, &outBufSz, key, &rng);
if (ret != 0) {
wolfCLU_LogError("Failed to sign data with Dilithium private key.\nRET: %d", ret);
XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -701,9 +709,10 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri

XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
wc_dilithium_free(key);

#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif

return WOLFCLU_SUCCESS;
Expand Down
26 changes: 16 additions & 10 deletions src/sign-verify/clu_verify.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -755,7 +755,7 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
if (ret != 0) {
wolfCLU_LogError("Failed to initialize Dilithium Key.\nRET: %d", ret);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -765,8 +765,9 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
keyFile = XFOPEN(keyPath, "rb");
if (keyFile == NULL) {
wolfCLU_LogError("Faild to open Private key FILE.");
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_FUNC_ARG;
}
Expand All @@ -777,8 +778,9 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
if (keyBuf == NULL) {
wolfCLU_LogError("Failed to malloc key buffer.");
XFCLOSE(keyFile);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
Expand All @@ -788,8 +790,9 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
(int)XFREAD(keyBuf, 1, keyFileSz, keyFile) != keyFileSz) {
wolfCLU_LogError("Failed to read public key.\nRET: %d", ret);
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFCLU_FATAL_ERROR;
}
Expand All @@ -802,8 +805,9 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
if (ret < 0) {
wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret);
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -814,23 +818,24 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,

/* retrieving public key and storing in the dilithium key */
ret = wc_Dilithium_PublicKeyDecode(keyBuf, &index, key, keyBufSz);
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != 0) {
wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret);
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

/* verify the massage using the dilithium public key */
ret = wc_dilithium_verify_msg(sig, sigSz, msg, msgLen, &res, key);
if (ret != 0) {
wolfCLU_LogError("Failed to verify data with Dilithium public key.\n"
"RET: %d", ret);
#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
Expand All @@ -840,9 +845,10 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
else {
wolfCLU_LogError("Invalid Signature.");
}
wc_dilithium_free(key);

#ifdef WOLFSSL_SMALL_STACK
wc_dilithium_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif

return WOLFCLU_SUCCESS;
Expand Down
6 changes: 4 additions & 2 deletions tests/genkey_sign_ver/genkey-sign-ver-test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ SIGOUTNAME="ed-signed.sig"
DERPEMRAW="raw"
gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW}

if grep -q "#define HAVE_DILITHIUM" /usr/local/include/wolfssl/options.h; then
if ./wolfssl -genkey -h 2>&1 | grep -A6 "Available keys with current configure" | grep dilithium; then
ALGORITHM="dilithium"
KEYFILENAME="mldsakey"
SIGOUTNAME="mldsa-signed.sig"
Expand All @@ -221,7 +221,9 @@ do
done
fi

if grep -q "#define WOLFSSL_HAVE_XMSS" /usr/local/include/wolfssl/options.h; then
# Check if xmss is availabe
if ./wolfssl xmss -help 2>&1 | grep -A6 "Available keys with current configure" | grep xmss; then
printf "Testing XMSS sign/verify\n"
ALGORITHM="xmss"
SIGOUTNAME="xmss-signed.sig"
DERPEMRAW="raw"
Expand Down
4 changes: 2 additions & 2 deletions wolfclu/version.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@
extern "C" {
#endif

#define CLUWOLFSSL_VERSION_STRING "0.1.6"
#define CLUWOLFSSL_VERSION_HEX 0x00001006
#define CLUWOLFSSL_VERSION_STRING "0.1.7"
#define CLUWOLFSSL_VERSION_HEX 0x00001007

#ifdef __cplusplus
}
Expand Down

0 comments on commit cdc723c

Please sign in to comment.