Merge pull request #156 from JacobBarthelmeh/ml-dsa

add testing for ML-DSA and minor help menu fixes
wolfSSL · Nov 14, 2024 · 2a8730c · 2a8730c
2 parents 59b0884 + 05e1100
commit 2a8730c
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 48 deletions.
diff --git a/.github/workflows/fsanitize-check.yml b/.github/workflows/fsanitize-check.yml
@@ -7,39 +7,75 @@ on:
     branches: [ '*' ]
 
 jobs:
-  build:
+  build_wolfssl:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        config: [
+          # Add new configs here and make wolfclu matrix match
+          '--enable-wolfclu',
+          '--enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7',
+          '--enable-wolfclu --enable-smallstack',
+          '--enable-wolfclu --enable-experimental --enable-dilithium',
+          '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium',
+        ]
+    name: Build wolfssl
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 4
+    steps:
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        id: cache-wolfssl
+        with:
+          path: build-dir/
+          key: wolfclu-fsanitize-check-wolfssl-${{ strategy.job-index }}-${{ matrix.os }}
+          lookup-only: true
 
-    runs-on: ubuntu-latest
+      - name: Checkout, build, and install wolfssl
+        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfssl/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ matrix.config }} CC="gcc -fsanitize=address"
+          check: false
+          install: true
 
+  build_wolfclu:
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        config: [
+          '--enable-wolfclu',
+          '--enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7',
+          '--enable-wolfclu --enable-smallstack',
+          '--enable-wolfclu --enable-experimental --enable-dilithium',
+          '--enable-wolfclu --enable-smallstack --enable-experimental --enable-dilithium',
+        ]
+    name: Build wolfclu
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 4
     steps:
-    - uses: actions/checkout@master
-      with:
-        repository: wolfssl/wolfssl
-        path: wolfssl
-    - name: wolfssl autogen
-      working-directory: ./wolfssl        
-      run: ./autogen.sh
-    - name: wolfssl configure
-      working-directory: ./wolfssl 
-      run: ./configure --enable-wolfclu --enable-crl --enable-dsa --enable-pkcs7
-    - name: wolfssl make
-      working-directory: ./wolfssl
-      run: make
-    - name: wolfssl make install
-      working-directory: ./wolfssl
-      run: sudo make install
-    - name: ldconfig
-      working-directory: ./wolfssl
-      run: sudo ldconfig 
-    - uses: actions/checkout@master
-    - name: autogen
-      run: ./autogen.sh
-    - name: configure
-      run: ./configure CC="gcc -fsanitize=address"
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: display log
-      if: always()
-      run: cat test-suite.log
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        with:
+          path: build-dir/
+          key: wolfclu-fsanitize-check-wolfssl-${{ strategy.job-index }}-${{ matrix.os }}
+          fail-on-cache-miss: true
+
+      - name: Checkout, build, and test wolfclu
+        uses: wolfSSL/actions-build-autotools-project@v1
+        env:
+          LD_LIBRARY_PATH: ${{ github.workspace }}/build-dir/lib
+        with:
+          repository: wolfssl/wolfclu
+          path: wolfclu
+          configure: CC="gcc -fsanitize=address" LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include"
+          check: true
+      - name: display log
+        if: always()
+        run: if [ -f test-suite.log ]; then cat test-suite.log; else echo "No test log"; fi
diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c
@@ -1064,7 +1064,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
 
 #ifdef WOLFSSL_SMALL_STACK
     dilithium_key* key;
-    key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), key.HEAP_HINT,
+    key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), HEAP_HINT,
             DYNAMIC_TYPE_DILITHIUM);
     if (key == NULL) {
         return MEMORY_E;
@@ -1081,24 +1081,26 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
     if (wc_dilithium_init(key) != 0) {
         wolfCLU_LogError("Failed to initialize Dilithium Key.\nRET: %d", ret);
     #ifdef WOLFSSL_SMALL_STACK
-        wc_dilithium_free(key);
+        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM);
     #endif
         return ret;
     }
     XMEMSET(key, 0, sizeof(dilithium_key));
 
     /* set the level of the dilithium key */
     if (wc_dilithium_set_level(key, level) != 0) {
-    #ifdef WOLFSSL_SMALL_STACK
         wc_dilithium_free(key);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM);
     #endif
         return WOLFCLU_FAILURE;
     }
 
     /* make the dilithium key */
     if (wc_dilithium_make_key(key, rng) != 0) {
-    #ifdef WOLFSSL_SMALL_STACK
         wc_dilithium_free(key);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM);
     #endif
         return WOLFCLU_FAILURE;
     }
@@ -1162,7 +1164,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
                         ret = OUTPUT_FILE_ERROR;
                     }
                 }
-                
+
                 if (ret == WOLFCLU_SUCCESS) {
                     if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) {
                         ret = OUTPUT_FILE_ERROR;
@@ -1222,7 +1224,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
                         ret = OUTPUT_FILE_ERROR;
                     }
                 }
-                
+
                 if (ret == WOLFCLU_SUCCESS) {
                     if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) {
                         ret = OUTPUT_FILE_ERROR;
@@ -1253,8 +1255,9 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
         XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
-#ifdef WOLFSSL_SMALL_STACK
     wc_dilithium_free(key);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_DILITHIUM);
 #endif
 
     return ret;
@@ -1266,7 +1269,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
     (void)keySz;
     (void)level;
     (void)withAlg;
-    
+
     return NOT_COMPILED_IN;
 #endif /* HAVE_DILITHIUM */
 }

diff --git a/src/genkey/clu_genkey_setup.c b/src/genkey/clu_genkey_setup.c
@@ -334,13 +334,12 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         }
 
         WOLFCLU_LOG(WOLFCLU_L0, "using Dilithium%d", level);
-        ret = wolfCLU_genKey_Dilithium(&rng, keyOutFName, directiveArg, formatArg,
-                                        keySz, level, withAlg);
-
+        ret = wolfCLU_genKey_Dilithium(&rng, keyOutFName, directiveArg,
+            formatArg, keySz, level, withAlg);
     #else
         wolfCLU_LogError("Invalid option, Dithium not enabled.");
-        WOLFCLU_LOG(WOLFCLU_L0, "Please re-configure wolfSSL with --enable-dilithium, "
-                "--enable-experimental and try again");
+        WOLFCLU_LOG(WOLFCLU_L0, "Please re-configure wolfSSL with "
+                "--enable-dilithium, --enable-experimental and try again");
         wc_FreeRng(&rng);
         return NOT_COMPILED_IN;
     #endif  /* HAVE_DILITHIUM */

diff --git a/src/pkcs/clu_pkcs7.c b/src/pkcs/clu_pkcs7.c
@@ -68,7 +68,7 @@ int wolfCLU_PKCS7(int argc, char** argv)
     byte* buf = NULL;
     byte* derContent = NULL;
     int   bufSz;
-    int   derContentSz;
+    int   derContentSz = 0;
     int   freePkcs7 = 0;
 
     opterr = 0; /* do not display unrecognized options */

diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c
@@ -83,6 +83,7 @@ static const struct option crypt_algo_options[] = {
     WOLFCLU_LOG(WOLFCLU_L0, "rsa            RSA key operations");
     WOLFCLU_LOG(WOLFCLU_L0, "x509           X509 certificate processing");
     WOLFCLU_LOG(WOLFCLU_L0, "verify         X509 certificate verify");
+    WOLFCLU_LOG(WOLFCLU_L0, "pkcs7          Used for parsing PKCS7 files");
     WOLFCLU_LOG(WOLFCLU_L0, "pkcs12         Used for parsing PKCS12 files");
     WOLFCLU_LOG(WOLFCLU_L0, "s_server       Basic TLS server for testing"
                                            " connection");
@@ -451,6 +452,9 @@ void wolfCLU_genKeyHelp(void)
     #endif
     #ifdef HAVE_ECC
         ,"ecc"
+    #endif
+    #ifdef HAVE_DILITHIUM
+        ,"dilithium"
     #endif
         };
 
@@ -464,7 +468,12 @@ void wolfCLU_genKeyHelp(void)
            "-out <filename> -outform <PEM or DER> -output <PUB/PRIV/KEYPAIR> \n");
     WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************");
     WOLFCLU_LOG(WOLFCLU_L0, "\nEXAMPLE: \n\nwolfssl -genkey rsa -size 2048 -out mykey -outform der "
-           " -output KEYPAIR"
+           " -output KEYPAIR");
+#ifdef HAVE_DILITHIUM
+    WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey dilithium -level "
+           "[2|3|5] -out mykey -outform der -output KEYPAIR");
+#endif
+    WOLFCLU_LOG(WOLFCLU_L0,
            "\n\nThe above command would output the files: mykey.priv "
            " and mykey.pub\nChanging the -output option to just PRIV would only"
            "\noutput the mykey.priv and using just PUB would only output"