From c69b6fb6d1a003d450394c7f2105da9dd383b090 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 7 Nov 2019 13:03:12 -0800 Subject: [PATCH 1/4] wolfSSL ABI 1. Add a blank #define WOLFSSL_ABI to tag functions as part of the ABI to remind developers there are rules about those functions specifically. 2. Added allocators and deallocators for WC_RNG objects and ecc_key objects so they don't have to be used on the stack. 3. Add tests for the new allocators. --- wolfcrypt/src/ecc.c | 32 +++++++++++++ wolfcrypt/src/random.c | 32 +++++++++++++ wolfcrypt/test/test.c | 96 +++++++++++++++++++++++++++++--------- wolfssl/wolfcrypt/ecc.h | 4 ++ wolfssl/wolfcrypt/random.h | 5 ++ wolfssl/wolfcrypt/types.h | 4 ++ 6 files changed, 152 insertions(+), 21 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7b6630508..af62eac39 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4272,6 +4272,38 @@ static void wc_ecc_dump_oids(void) } #endif /* ECC_DUMP_OID */ + +WOLFSSL_ABI +ecc_key* wc_ecc_key_new(void* heap) +{ + ecc_key* key; + + key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC); + if (key) { + if (wc_ecc_init_ex(key, heap, INVALID_DEVID) != 0) { + XFREE(key, heap, DYNAMIC_TYPE_ECC); + key = NULL; + } + } + + return key; +} + + +WOLFSSL_ABI +void wc_ecc_key_free(ecc_key* key) +{ + if (key) { + void* heap = key->heap; + + wc_ecc_free(key); + ForceZero(key, sizeof(ecc_key)); + XFREE(key, heap, DYNAMIC_TYPE_ECC); + (void)heap; + } +} + + /** Make a new ECC key rng An active RNG state diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 6f78b8bb1..5bdb9c5c8 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -830,6 +830,38 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, } +WOLFSSL_ABI +WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap) +{ + WC_RNG* rng; + + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG); + if (rng) { + int error = _InitRng(rng, nonce, nonceSz, heap, INVALID_DEVID) != 0; + if (error) { + XFREE(rng, heap, DYNAMIC_TYPE_RNG); + rng = NULL; + } + } + + return rng; +} + + +WOLFSSL_ABI +void wc_rng_free(WC_RNG* rng) +{ + if (rng) { + void* heap = rng->heap; + + wc_FreeRng(rng); + ForceZero(rng, sizeof(WC_RNG)); + XFREE(rng, heap, DYNAMIC_TYPE_RNG); + (void)heap; + } +} + + int wc_InitRng(WC_RNG* rng) { return _InitRng(rng, NULL, 0, NULL, INVALID_DEVID); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d2ff1f381..5e2a0f00d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8728,24 +8728,16 @@ int idea_test(void) #ifndef WC_NO_RNG -static int random_rng_test(void) +static int _rng_test(WC_RNG* rng, int errorOffset) { - WC_RNG rng; byte block[32]; int ret, i; -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) return -6300; - XMEMSET(block, 0, sizeof(block)); - ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); + ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); if (ret != 0) { - ret = -6301; + ret = -1; goto exit; } @@ -8757,43 +8749,79 @@ static int random_rng_test(void) } /* All zeros count check */ if (ret >= (int)sizeof(block)) { - ret = -6302; + ret = -2; goto exit; } - ret = wc_RNG_GenerateByte(&rng, block); + ret = wc_RNG_GenerateByte(rng, block); if (ret != 0) { - ret = -6303; + ret = -3; goto exit; } /* Parameter validation testing. */ ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); if (ret != BAD_FUNC_ARG) { - ret = -6304; + ret = -4; goto exit; } - ret = wc_RNG_GenerateBlock(&rng, NULL, sizeof(block)); + ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block)); if (ret != BAD_FUNC_ARG) { - ret = -6305; + ret = -5; goto exit; } ret = wc_RNG_GenerateByte(NULL, block); if (ret != BAD_FUNC_ARG) { - ret = -6306; + ret = -6; goto exit; } - ret = wc_RNG_GenerateByte(&rng, NULL); + ret = wc_RNG_GenerateByte(rng, NULL); if (ret != BAD_FUNC_ARG) { - ret = -6307; + ret = -7; goto exit; } ret = 0; + exit: + if (ret != 0) + ret += errorOffset; + + return ret; +} + + +static int random_rng_test(void) +{ + byte nonce[8] = { 0 }; + WC_RNG localRng; + WC_RNG* rng; + int ret; + + rng = &localRng; + /* Test stack based RNG. */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(rng); +#endif + if (ret != 0) return -6300; + + ret = _rng_test(rng, -6300); + /* Make sure and free RNG */ - wc_FreeRng(&rng); + wc_FreeRng(rng); + + if (ret != 0) return ret; + + /* Test dynamic RNG. */ + rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); + if (rng == NULL) return -6310; + + ret = _rng_test(rng, -6310); + + wc_rng_free(rng); return ret; } @@ -18374,6 +18402,27 @@ exit: } #endif /* WOLFSSL_CERT_GEN */ +/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ +static int ecc_test_allocator(WC_RNG* rng) +{ + ecc_key* key; + int ret; + + key = wc_ecc_key_new(HEAP_HINT); + if (key == NULL) { + ERROR_OUT(-8532, exit); + } + + ret = wc_ecc_make_key(rng, 32, key); + if (ret != 0) { + ERROR_OUT(-8533, exit); + } + +exit: + wc_ecc_key_free(key); + return ret; +} + int ecc_test(void) { int ret; @@ -18502,6 +18551,11 @@ int ecc_test(void) } #endif + ret = ecc_test_allocator(&rng); + if (ret != 0) { + printf("ecc_test_allocator failed!: %d\n", ret); + } + done: wc_FreeRng(&rng); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index ac34e2bd0..a7124991a 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -403,6 +403,10 @@ struct ecc_key { }; +WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*); +WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*); + + /* ECC predefined curve sets */ extern const ecc_set_type ecc_sets[]; diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 62eb25979..e6ecf19a3 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -199,6 +199,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); WOLFSSL_API int wc_FreeNetRandom(void); #endif /* HAVE_WNR */ + +WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte*, word32, void*); +WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG*); + + #ifndef WC_NO_RNG WOLFSSL_API int wc_InitRng(WC_RNG*); WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 483c6a2ce..16d7bb01e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -34,6 +34,10 @@ #endif + #define WOLFSSL_ABI + /* Tag for all the APIs that are a part of the fixed ABI. */ + + #if defined(WORDS_BIGENDIAN) #define BIG_ENDIAN_ORDER #endif From c6fa49d4b4cd9876d5315b544d30c24ad890d3ea Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 8 Nov 2019 15:04:45 -0800 Subject: [PATCH 2/4] wolfSSL ABI Add the ABI tag to the prescribed list of functions in the header and source files. --- src/ssl.c | 43 ++++++++++++++++ src/tls.c | 2 + wolfcrypt/src/ecc.c | 4 ++ wolfssl/ssl.h | 110 ++++++++++++++++++++++------------------ wolfssl/wolfcrypt/ecc.h | 11 ++-- 5 files changed, 115 insertions(+), 55 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index f058f21ed..9ec0bb0f3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -365,6 +365,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) } +WOLFSSL_ABI WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) { #ifdef WOLFSSL_HEAP_TEST @@ -376,6 +377,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) } +WOLFSSL_ABI void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) { WOLFSSL_ENTER("SSL_CTX_free"); @@ -462,6 +464,7 @@ int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx) #endif +WOLFSSL_ABI WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx) { WOLFSSL* ssl = NULL; @@ -485,6 +488,7 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx) } +WOLFSSL_ABI void wolfSSL_free(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_free"); @@ -680,6 +684,7 @@ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value) #endif +WOLFSSL_ABI int wolfSSL_set_fd(WOLFSSL* ssl, int fd) { int ret; @@ -1813,6 +1818,7 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) #endif /* !NO_DH */ +WOLFSSL_ABI int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) { int ret; @@ -1949,6 +1955,7 @@ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz) } +WOLFSSL_ABI int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) { WOLFSSL_ENTER("wolfSSL_read()"); @@ -1984,6 +1991,7 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) /* helpers to set the device id, WOLFSSL_SUCCESS on ok */ +WOLFSSL_ABI int wolfSSL_SetDevId(WOLFSSL* ssl, int devId) { if (ssl == NULL) @@ -1993,6 +2001,8 @@ int wolfSSL_SetDevId(WOLFSSL* ssl, int devId) return WOLFSSL_SUCCESS; } + +WOLFSSL_ABI int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId) { if (ctx == NULL) @@ -2026,6 +2036,7 @@ void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl) #ifdef HAVE_SNI +WOLFSSL_ABI int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size) { if (ssl == NULL) @@ -2035,6 +2046,7 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size) } +WOLFSSL_ABI int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size) { @@ -2377,6 +2389,7 @@ int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name) /* Application-Layer Protocol Negotiation */ #ifdef HAVE_ALPN +WOLFSSL_ABI int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, word32 protocol_name_listSz, byte options) { @@ -2822,6 +2835,7 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags) /* WOLFSSL_SUCCESS on ok */ +WOLFSSL_ABI int wolfSSL_shutdown(WOLFSSL* ssl) { int ret = WOLFSSL_FATAL_ERROR; @@ -2897,6 +2911,7 @@ int wolfSSL_state(WOLFSSL* ssl) } +WOLFSSL_ABI int wolfSSL_get_error(WOLFSSL* ssl, int ret) { WOLFSSL_ENTER("SSL_get_error"); @@ -3868,6 +3883,7 @@ void wolfSSL_ERR_dump_errors_fp(XFILE fp) #endif #endif +WOLFSSL_ABI int wolfSSL_pending(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_pending"); @@ -3968,6 +3984,7 @@ static int SetMinVersionHelper(byte* minVersion, int version) /* Set minimum downgrade version allowed, WOLFSSL_SUCCESS on ok */ +WOLFSSL_ABI int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version) { WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion"); @@ -4730,6 +4747,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif /* NO_SESSION_CACHE */ +WOLFSSL_ABI int wolfSSL_Init(void) { WOLFSSL_ENTER("wolfSSL_Init"); @@ -6466,6 +6484,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, return ret; } +WOLFSSL_ABI int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) { @@ -6854,6 +6873,7 @@ int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, +WOLFSSL_ABI int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, int format) { @@ -6868,6 +6888,7 @@ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, } +WOLFSSL_ABI int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format) { @@ -6928,6 +6949,7 @@ long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) } +WOLFSSL_ABI int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) { /* process up to MAX_CHAIN_DEPTH plus subject cert */ @@ -9335,6 +9357,7 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz) #ifndef NO_FILESYSTEM +WOLFSSL_ABI int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) { WOLFSSL_ENTER("wolfSSL_use_certificate_file"); @@ -9352,6 +9375,7 @@ int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) } +WOLFSSL_ABI int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format) { WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file"); @@ -9369,6 +9393,7 @@ int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format) } +WOLFSSL_ABI int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) { /* process up to MAX_CHAIN_DEPTH plus subject cert */ @@ -9698,6 +9723,7 @@ int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx) #ifndef NO_SESSION_CACHE +WOLFSSL_ABI WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_get_session"); @@ -9708,6 +9734,7 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) } +WOLFSSL_ABI int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session) { WOLFSSL_ENTER("SSL_set_session"); @@ -10076,6 +10103,7 @@ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx) #ifndef NO_SESSION_CACHE /* on by default if built in but allow user to turn off */ +WOLFSSL_ABI long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode) { WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode"); @@ -11037,6 +11065,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* please see note at top of README if you get an error from connect */ + WOLFSSL_ABI int wolfSSL_connect(WOLFSSL* ssl) { #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)) @@ -11797,6 +11826,7 @@ static WC_INLINE word32 HashSession(const byte* sessionID, word32 len, int* erro } +WOLFSSL_ABI void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm) { /* static table now, no flushing needed */ @@ -11806,6 +11836,7 @@ void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm) /* set ssl session timeout in seconds */ +WOLFSSL_ABI int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) { if (ssl == NULL) @@ -11820,6 +11851,7 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) /* set ctx session timeout in seconds */ +WOLFSSL_ABI int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) { if (ctx == NULL) @@ -12705,6 +12737,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, /* call before SSL_connect, if verifying will add name check to date check and signature check */ +WOLFSSL_ABI int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) { WOLFSSL_ENTER("wolfSSL_check_domain_name"); @@ -17592,6 +17625,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifdef KEEP_PEER_CERT + WOLFSSL_ABI WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_get_peer_certificate"); @@ -17660,6 +17694,7 @@ void wolfSSL_X509_free(WOLFSSL_X509* x509) /* copy name into in buffer, at most sz bytes, if buffer is null will malloc buffer, call responsible for freeing */ +WOLFSSL_ABI char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) { int copySz; @@ -17757,6 +17792,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) #if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ defined(SESSION_CERTS) /* return the next, if any, altname from the peer cert */ + WOLFSSL_ABI char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) { char* ret = NULL; @@ -17922,6 +17958,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) /* used by JSSE (not a standard compatibility function) */ /* this is not thread safe */ + WOLFSSL_ABI const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) { static byte notBeforeData[CTC_DATE_SIZE]; /* temp buffer for date */ @@ -17939,6 +17976,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) } /* used by JSSE (not a standard compatibility function) */ /* this is not thread safe */ + WOLFSSL_ABI const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) { static byte notAfterData[CTC_DATE_SIZE]; /* temp buffer for date */ @@ -18763,6 +18801,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) #endif /* NO_STDIO_FILESYSTEM */ +WOLFSSL_ABI WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) { #ifdef WOLFSSL_SMALL_STACK @@ -19609,6 +19648,7 @@ WOLFSSL_X509* wolfSSL_X509_new(void) return x509; } +WOLFSSL_ABI WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("wolfSSL_X509_get_subject_name"); @@ -19660,6 +19700,7 @@ unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509) } #endif +WOLFSSL_ABI WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("X509_get_issuer_name"); @@ -33309,6 +33350,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, /* get session ID */ +WOLFSSL_ABI const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session) { WOLFSSL_ENTER("wolfSSL_get_sessionID"); @@ -33353,6 +33395,7 @@ void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) return NULL; } +WOLFSSL_ABI void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) { if (ctx) diff --git a/src/tls.c b/src/tls.c index fd441f171..865078a11 100644 --- a/src/tls.c +++ b/src/tls.c @@ -11028,6 +11028,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 + WOLFSSL_ABI WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) { return wolfTLSv1_2_client_method_ex(NULL); @@ -11050,6 +11051,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, * * returns the method data for a TLS v1.3 client. */ + WOLFSSL_ABI WOLFSSL_METHOD* wolfTLSv1_3_client_method(void) { return wolfTLSv1_3_client_method_ex(NULL); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index af62eac39..b407b6a40 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4024,6 +4024,7 @@ int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut) } +WOLFSSL_ABI int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) { int err; @@ -4318,6 +4319,7 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key) } /* Setup dynamic pointers if using normal math for proper freeing */ +WOLFSSL_ABI int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) { int ret = 0; @@ -4627,6 +4629,7 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out, key A private ECC key return MP_OKAY if successful */ +WOLFSSL_ABI int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key) { @@ -5080,6 +5083,7 @@ void wc_ecc_free_curve(const ecc_set_type* curve, void* heap) Free an ECC key from memory key The key you wish to free */ +WOLFSSL_ABI int wc_ecc_free(ecc_key* key) { if (key == NULL) { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bc162965f..e19ca3a54 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -683,11 +683,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); #endif #ifdef WOLFSSL_DTLS @@ -745,8 +745,10 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) -WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, + const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, + const char*, int); #endif @@ -765,13 +767,13 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, const char*, unsigned int); -WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, - const char*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, + const char*, const char*); #ifdef WOLFSSL_TRUST_PEER_CERT WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); #endif -WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, - const char *file); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file( + WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); @@ -779,9 +781,12 @@ WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, in WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); -WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); -WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); -WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, + int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, + int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, + const char*); WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, const char *file, int format); WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); @@ -799,13 +804,13 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); #endif /* !NO_FILESYSTEM && !NO_CERTS */ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); -WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); -WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int); WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int); WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); @@ -822,9 +827,9 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); /* please see note at top of README if you get an error from connect */ -WOLFSSL_API int wolfSSL_connect(WOLFSSL*); -WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); -WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_accept(WOLFSSL*); #ifdef WOLFSSL_TLS13 @@ -855,22 +860,22 @@ WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*); WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*); #endif #endif -WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); -WOLFSSL_API void wolfSSL_free(WOLFSSL*); -WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); -WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) @@ -920,11 +925,12 @@ WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callbac WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); -WOLFSSL_API int wolfSSL_pending(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*); WOLFSSL_API void wolfSSL_load_error_strings(void); WOLFSSL_API int wolfSSL_library_init(void); -WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long); +WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, + long); #ifdef HAVE_SECRET_CALLBACK typedef int (*SessionSecretCb)(WOLFSSL* ssl, @@ -1239,9 +1245,12 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); -WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, + char*, int); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( + WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( + WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); @@ -1903,7 +1912,7 @@ WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, const unsigned char*, unsigned int); -WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); #ifdef OPENSSL_EXTRA @@ -1954,10 +1963,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); /* call before SSL_connect, if verifying will add name check to date check and signature check */ -WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*); /* need to call once to load library (session cache) */ -WOLFSSL_API int wolfSSL_Init(void); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ WOLFSSL_API int wolfSSL_Cleanup(void); @@ -1971,8 +1980,8 @@ WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); /* turn on wolfSSL data compression */ WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); -WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx, void (*cb)(const WOLFSSL* ssl, Timeval* out_clock)); @@ -1997,18 +2006,19 @@ WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, unsigned char* buf, int inLen, int* outLen); -WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); +WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID( + const WOLFSSL_SESSION* s); WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*); -WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509); -WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); -WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); @@ -2027,7 +2037,7 @@ WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif -WOLFSSL_API WOLFSSL_X509* +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( @@ -2235,8 +2245,8 @@ enum { WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); -WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); -WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX*, int); +WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); @@ -2372,7 +2382,8 @@ typedef int (*CallbackEccSign)(WOLFSSL* ssl, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, + CallbackEccSign); WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); @@ -2630,8 +2641,8 @@ WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); /* async additions */ #define wolfSSL_UseAsync wolfSSL_SetDevId #define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId -WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); -WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); /* helpers to get device id and heap */ WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); @@ -2647,10 +2658,10 @@ enum { WOLFSSL_SNI_HOST_NAME = 0 }; -WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, - const void* data, unsigned short size); -WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, - const void* data, unsigned short size); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL*, unsigned char, + const void*, unsigned short); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX*, unsigned char, + const void*, unsigned short); #ifndef NO_WOLFSSL_SERVER @@ -2729,7 +2740,8 @@ typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, void *arg); #endif -WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, +WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, + char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index a7124991a..7cfa95215 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -435,9 +435,8 @@ ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, WOLFSSL_API int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); -WOLFSSL_API -int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, - int curve_id); +WOLFSSL_ABI WOLFSSL_API +int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API @@ -465,7 +464,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, #endif /* HAVE_ECC_DHE */ #ifdef HAVE_ECC_SIGN -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key); WOLFSSL_API @@ -484,7 +483,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, WOLFSSL_API int wc_ecc_init(ecc_key* key); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); #ifdef HAVE_PKCS11 WOLFSSL_API @@ -495,7 +494,7 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, WOLFSSL_LOCAL void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); #endif -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_free(ecc_key* key); WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); From 5a21cec030045b8b88d9d290b3ad99fe59974d02 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 11 Nov 2019 10:12:20 -0800 Subject: [PATCH 3/4] wolfSSL ABI Add ABI tags to the functions wolfSSL_Cleanup() to match wolfSSL_Init(), wolfSSL_X509_free to match wolfSSL_load_certificate_file() which allocates memory. --- src/ssl.c | 2 ++ wolfssl/ssl.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9ec0bb0f3..68790bd90 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11760,6 +11760,7 @@ int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx) #endif /* NO_HANDSHAKE_DONE_CB */ +WOLFSSL_ABI int wolfSSL_Cleanup(void) { int ret = WOLFSSL_SUCCESS; @@ -17685,6 +17686,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } /* Frees an external WOLFSSL_X509 structure */ +WOLFSSL_ABI void wolfSSL_X509_free(WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_FreeX509"); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e19ca3a54..449140d04 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1968,7 +1968,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*); /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ -WOLFSSL_API int wolfSSL_Cleanup(void); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); @@ -2002,7 +2002,7 @@ WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); /* free X509 */ #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) -WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, unsigned char* buf, int inLen, int* outLen); From 682cf6deac8d5e3c5cf9c629c3ba09a86ae9a505 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 11 Nov 2019 15:15:04 -0800 Subject: [PATCH 4/4] wolfSSL ABI Hide the RNG and ecc_key allocators from FIPS mode builds. --- wolfcrypt/test/test.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5e2a0f00d..0c98f6c1f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8794,7 +8794,6 @@ exit: static int random_rng_test(void) { - byte nonce[8] = { 0 }; WC_RNG localRng; WC_RNG* rng; int ret; @@ -8815,13 +8814,18 @@ static int random_rng_test(void) if (ret != 0) return ret; - /* Test dynamic RNG. */ - rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); - if (rng == NULL) return -6310; +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + { + byte nonce[8] = { 0 }; + /* Test dynamic RNG. */ + rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); + if (rng == NULL) return -6310; - ret = _rng_test(rng, -6310); + ret = _rng_test(rng, -6310); - wc_rng_free(rng); + wc_rng_free(rng); + } +#endif return ret; } @@ -18402,11 +18406,12 @@ exit: } #endif /* WOLFSSL_CERT_GEN */ +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ static int ecc_test_allocator(WC_RNG* rng) { + int ret = 0; ecc_key* key; - int ret; key = wc_ecc_key_new(HEAP_HINT); if (key == NULL) { @@ -18422,6 +18427,7 @@ exit: wc_ecc_key_free(key); return ret; } +#endif int ecc_test(void) { @@ -18550,11 +18556,12 @@ int ecc_test(void) goto done; } #endif - +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) ret = ecc_test_allocator(&rng); if (ret != 0) { printf("ecc_test_allocator failed!: %d\n", ret); } +#endif done: wc_FreeRng(&rng);