F 569 : Fix stack buffer overflow in encryption setup

src/crypto/clu_crypto_setup.c

@@ -346,8 +346,31 @@ int wolfCLU_setup(int argc, char** argv, char action)
         while (ret == 0) {
             WOLFCLU_LOG(WOLFCLU_L0,
                     "-in flag was not set, please enter a string or"
-                   "file name to be encrypted: ");
-            ret = (int) scanf("%s", inName);
+                   " file name to be encrypted: ");
+            if (fgets(inName, sizeof(inName), stdin) == NULL) {
+                /* EOF or read error: cannot prompt further */
+                wolfCLU_LogError("failed to read input file name");
+                wolfCLU_freeBins(pwdKey, iv, key, NULL, NULL);
+                if (mode != NULL)
+                    XFREE(mode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+                return WOLFCLU_FATAL_ERROR;
+            }
+            /* If no newline is present, the line was too long: flush and
+             * re-prompt rather than proceeding with a truncated filename. */
+            if (strchr(inName, '\n') == NULL) {
+                int ch;
+                do {
+                    ch = getchar();
+                } while (ch != '\n' && ch != EOF);
+                wolfCLU_LogError("input too long, please try again");
+                continue;
+            }
+            inName[strcspn(inName, "\n")] = '\0';
+            /* Do not accept an empty string as valid input */
+            if (inName[0] == '\0') {
+                continue;
+            }
+            ret = 1;
         }
         in = inName;
         WOLFCLU_LOG(WOLFCLU_L0, "Encrypting :\"%s\"", inName);
@@ -397,8 +420,28 @@ int wolfCLU_setup(int argc, char** argv, char action)
                 while (ret == 0) {
                     WOLFCLU_LOG(WOLFCLU_L0,
                             "Please enter a name for the output file: ");
-                    ret = (int) scanf("%s", outNameEnc);
-                    out = (ret > 0) ? outNameEnc : '\0';
+                    if (fgets(outNameEnc, sizeof(outNameEnc), stdin) == NULL) {
+                        /* EOF or read error: cannot prompt further */
+                        wolfCLU_LogError("failed to read output file name");
+                        wolfCLU_freeBins(pwdKey, iv, key, NULL, NULL);
+                        if (mode != NULL)
+                            XFREE(mode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+                        return WOLFCLU_FATAL_ERROR;
+                    }
+                    if (strchr(outNameEnc, '\n') == NULL) {
+                        int ch;
+                        do {
+                            ch = getchar();
+                        } while (ch != '\n' && ch != EOF);
+                        wolfCLU_LogError("input too long, please try again");
+                        continue;
+                    }
+                    outNameEnc[strcspn(outNameEnc, "\n")] = '\0';
+                    if (outNameEnc[0] == '\0') {
+                        continue;
+                    }
+                    out = outNameEnc;
+                    ret = 1;
                 }
             }
             ret = wolfCLU_encrypt(alg, mode, pwdKey, key, keySize, in, out,
@@ -419,8 +462,28 @@ int wolfCLU_setup(int argc, char** argv, char action)
                 while (ret == 0) {
                     WOLFCLU_LOG(WOLFCLU_L0,
                             "Please enter a name for the output file: ");
-                    ret = (int) scanf("%s", outNameDec);
-                    out = (ret > 0) ? outNameDec : '\0';
+                    if (fgets(outNameDec, sizeof(outNameDec), stdin) == NULL) {
+                        /* EOF or read error: cannot prompt further */
+                        wolfCLU_LogError("failed to read output file name");
+                        wolfCLU_freeBins(pwdKey, iv, key, NULL, NULL);
+                        if (mode != NULL)
+                            XFREE(mode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+                        return WOLFCLU_FATAL_ERROR;
+                    }
+                    if (strchr(outNameDec, '\n') == NULL) {
+                        int ch;
+                        do {
+                            ch = getchar();
+                        } while (ch != '\n' && ch != EOF);
+                        wolfCLU_LogError("input too long, please try again");
+                        continue;
+                    }
+                    outNameDec[strcspn(outNameDec, "\n")] = '\0';
+                    if (outNameDec[0] == '\0') {
+                        continue;
+                    }
+                    out = outNameDec;
+                    ret = 1;
                 }
             }
             ret = wolfCLU_decrypt(alg, mode, pwdKey, key, keySize, in, out,

src/x509/clu_x509_sign.c

@@ -257,7 +257,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
     const char *altSigAlgOid        = "2.5.29.73";
     const char *altSigValOid        = "2.5.29.74";
 
-    /* 
+    /*
      * LARGE_TEMO_SZ defines the size of temporary buffers used for signature key,
      * verification key and signature value buffers.
      * The value 11264 is enough for P-521 and ML-DSA-87 PEM certs.
@@ -397,7 +397,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
                 ret = WOLFCLU_FATAL_ERROR;
             }
         }
-        
+
         if (ret == 0) {
             XMEMSET(caKeyBuf, 0, caKeySz); /* clear original buffer */
             caKeySz = derObj->length;
@@ -667,13 +667,13 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
 
     if (ret == WOLFCLU_SUCCESS) {
         switch (level) {
-            case 2: 
+            case 2:
                 newCert.sigType = CTC_SHA256wECDSA;
                 break;
-            case 3: 
+            case 3:
                 newCert.sigType = CTC_SHA384wECDSA;
                 break;
-            case 5: 
+            case 5:
                 newCert.sigType = CTC_SHA512wECDSA;
                 break;
         }
@@ -691,7 +691,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
             else {
                 ret = WOLFCLU_SUCCESS;
             }
-        }        
+        }
     }
 
     if (ret == WOLFCLU_SUCCESS) {
@@ -715,7 +715,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
     }
 
     if (ret == WOLFCLU_SUCCESS && isCA) {
-        ret = wc_MakeCert(&newCert, scratchBuf, 
+        ret = wc_MakeCert(&newCert, scratchBuf,
                             scratchSz, NULL, &caKey, &rng);
         if (ret <= 0) {
             wolfCLU_LogError("Error making certificate");
@@ -732,7 +732,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
                 scratchSz = ret;
                 ret = WOLFCLU_SUCCESS;
             }
-        }        
+        }
     }
     else if (ret == WOLFCLU_SUCCESS && !isCA) {
         ret = wc_MakeCert(&newCert, scratchBuf, scratchSz,
@@ -1274,7 +1274,13 @@ int wolfCLU_CertSign(WOLFCLU_CERT_SIGN* csign, WOLFSSL_X509* x509)
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
 
-    #if LIBWOLFSSL_VERSION_HEX > 0x05001000
+    #if LIBWOLFSSL_VERSION_HEX >= 0x05009000
+            case WC_HASH_TYPE_SHA512_224:
+            case WC_HASH_TYPE_SHA512_256:
+            case WC_HASH_TYPE_SHAKE128:
+            case WC_HASH_TYPE_SHAKE256:
+            case WC_HASH_TYPE_SM3:
+    #elif LIBWOLFSSL_VERSION_HEX > 0x05001000
         #ifndef WOLFSSL_NOSHA512_224
             case WC_HASH_TYPE_SHA512_224:
         #endif

tests/encrypt/enc-test.sh

@@ -185,5 +185,89 @@ fi
 rm -f test-dec.der
 rm -f test-enc.der
 
+# Regression tests for stack buffer overflow fix (scanf -> fgets)
+
+# Test: -in not provided, filename supplied via stdin to exercise the inName Path
+printf "certs/crl.der\n" | ./wolfssl enc -aes-128-cbc -out test-stdin-in.enc -k "testpass" > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: enc with stdin input (no -in flag)"
+    exit 99
+fi
+./wolfssl enc -d -aes-128-cbc -in test-stdin-in.enc -out test-stdin-in.dec -k "testpass" > /dev/null 2>&1
+diff certs/crl.der test-stdin-in.dec > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: stdin enc/dec roundtrip mismatch"
+    exit 99
+fi
+rm -f test-stdin-in.enc test-stdin-in.dec
+
+
+# Test: outNameEnc/outNameDec via stdin (non-EVP path, Camellia)
+./wolfssl enc -camellia-128-cbc -in certs/crl.der -out test-cam-probe.enc -k "testpass" > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    # outNameEnc: -out omitted, filename supplied via stdin
+    printf "test-cam-stdin.enc\n" | ./wolfssl enc -camellia-128-cbc -in certs/crl.der -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia enc with stdin output name (no -out flag)"
+        exit 99
+    fi
+
+    # outNameDec: -out omitted, filename supplied via stdin
+    printf "test-cam-stdin.dec\n" | ./wolfssl enc -d -camellia-128-cbc -in test-cam-stdin.enc -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia dec with stdin output name (no -out flag)"
+        exit 99
+    fi
+    diff certs/crl.der test-cam-stdin.dec > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia stdin outName enc/dec roundtrip mismatch"
+        exit 99
+    fi
+
+    rm -f test-cam-stdin.enc test-cam-stdin.dec
+fi
+
+rm -f test-cam-probe.enc
+
+# Test: inName empty line is rejected, re-prompt accepts valid filename
+printf "\ncerts/crl.der\n" | ./wolfssl enc -aes-128-cbc -out test-empty-in.enc -k "testpass" > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: enc should accept filename after empty line on stdin (-in path)"
+    exit 99
+fi
+./wolfssl enc -d -aes-128-cbc -in test-empty-in.enc -out test-empty-in.dec -k "testpass" > /dev/null 2>&1
+diff certs/crl.der test-empty-in.dec > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: enc/dec roundtrip mismatch after empty-line re-prompt (-in path)"
+    exit 99
+fi
+rm -f test-empty-in.enc test-empty-in.dec
+
+# Test: outNameEnc/outNameDec empty line is rejected (non-EVP path, Camellia)
+./wolfssl enc -camellia-128-cbc -in certs/crl.der -out test-cam-probe2.enc -k "testpass" > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    rm -f test-cam-probe2.enc
+
+    # outNameEnc: empty line rejected, then valid output name accepted
+    printf "\ntest-cam-empty.enc\n" | ./wolfssl enc -camellia-128-cbc -in certs/crl.der -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia enc should accept output name after empty line (outNameEnc)"
+        exit 99
+    fi
+
+    # outNameDec: empty line rejected, then valid output name accepted
+    printf "\ntest-cam-empty.dec\n" | ./wolfssl enc -d -camellia-128-cbc -in test-cam-empty.enc -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia dec should accept output name after empty line (outNameDec)"
+        exit 99
+    fi
+    diff certs/crl.der test-cam-empty.dec > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: enc/dec roundtrip mismatch after empty-line re-prompt (outNameEnc/Dec)"
+        exit 99
+    fi
+    rm -f test-cam-empty.enc test-cam-empty.dec
+fi
+
 echo "Done"
 exit 0

tests/ocsp/ocsp-interop-test.sh

@@ -293,7 +293,7 @@ if [ $RESULT = 0 ]; then
 fi
 
 # Check for error message
-grep -qi "fail\|error\|not found\|unable" "$TEST_DIR/test6.log"
+grep -qi "fail\|error\|not found\|unable\|no such\|could not" "$TEST_DIR/test6.log"
 if [ $? != 0 ]; then
     echo "Test 6 failed: expected error message about invalid file"
     exit 99