From 026fa2dd4e8137ccb01aca5c99992346e1572a3d Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Fri, 21 Nov 2025 17:43:55 +0000 Subject: [PATCH 01/13] Fix issues with the API documentation --- doc/dox_comments/header_files/aes.h | 2 +- doc/dox_comments/header_files/asn_public.h | 3 +- doc/dox_comments/header_files/camellia.h | 14 +- .../header_files/chacha20_poly1305.h | 8 +- doc/dox_comments/header_files/dh.h | 6 +- doc/dox_comments/header_files/ecc.h | 10 +- doc/dox_comments/header_files/ed448.h | 22 +-- doc/dox_comments/header_files/hash.h | 9 +- doc/dox_comments/header_files/md2.h | 6 +- doc/dox_comments/header_files/md4.h | 6 +- doc/dox_comments/header_files/md5.h | 4 +- doc/dox_comments/header_files/memory.h | 48 +++--- doc/dox_comments/header_files/pkcs11.h | 2 +- doc/dox_comments/header_files/pkcs7.h | 26 ++-- doc/dox_comments/header_files/poly1305.h | 4 +- doc/dox_comments/header_files/random.h | 6 +- doc/dox_comments/header_files/ripemd.h | 2 +- doc/dox_comments/header_files/rsa.h | 12 +- doc/dox_comments/header_files/sha.h | 4 +- doc/dox_comments/header_files/sha256.h | 6 +- doc/dox_comments/header_files/sha3.h | 21 ++- doc/dox_comments/header_files/sha512.h | 4 +- doc/dox_comments/header_files/ssl.h | 147 +++++++++--------- doc/dox_comments/header_files/wolfio.h | 6 +- 24 files changed, 193 insertions(+), 185 deletions(-) diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h index 94a34cb85..5baeb1462 100644 --- a/doc/dox_comments/header_files/aes.h +++ b/doc/dox_comments/header_files/aes.h @@ -1021,7 +1021,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId); \sa wc_AesInit */ -int wc_AesFree(Aes* aes); +void wc_AesFree(Aes* aes); /*! \ingroup AES diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h index d8507078d..aa8ed94d3 100644 --- a/doc/dox_comments/header_files/asn_public.h +++ b/doc/dox_comments/header_files/asn_public.h @@ -19,7 +19,7 @@ \sa wc_MakeCert \sa wc_MakeCertReq */ -int wc_InitCert(Cert*); +int wc_InitCert(Cert* cert); /*! \ingroup ASN @@ -2524,4 +2524,3 @@ int wc_Asn1_SetFile(Asn1* asn1, XFILE file); */ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data, word32 len); - diff --git a/doc/dox_comments/header_files/camellia.h b/doc/dox_comments/header_files/camellia.h index 19cd5bace..c6aaf6a9a 100644 --- a/doc/dox_comments/header_files/camellia.h +++ b/doc/dox_comments/header_files/camellia.h @@ -35,8 +35,8 @@ \sa wc_CamelliaCbcEncrypt \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaSetKey(Camellia* cam, - const byte* key, word32 len, const byte* iv); +int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, + const byte* iv); /*! \ingroup Camellia @@ -64,7 +64,7 @@ int wc_CamelliaSetKey(Camellia* cam, \sa wc_CamelliaSetKey */ -int wc_CamelliaSetIV(Camellia* cam, const byte* iv); +int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv); /*! \ingroup Camellia @@ -92,7 +92,7 @@ int wc_CamelliaSetIV(Camellia* cam, const byte* iv); \sa wc_CamelliaDecryptDirect */ -int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, +int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! @@ -122,7 +122,7 @@ int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, \sa wc_CamelliaEncryptDirect */ -int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, +int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! @@ -151,7 +151,7 @@ int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaCbcEncrypt(Camellia* cam, +int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); /*! @@ -180,5 +180,5 @@ int wc_CamelliaCbcEncrypt(Camellia* cam, \sa wc_CamelliaCbcEncrypt */ -int wc_CamelliaCbcDecrypt(Camellia* cam, +int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); diff --git a/doc/dox_comments/header_files/chacha20_poly1305.h b/doc/dox_comments/header_files/chacha20_poly1305.h index 057d274c2..53e2f5ef2 100644 --- a/doc/dox_comments/header_files/chacha20_poly1305.h +++ b/doc/dox_comments/header_files/chacha20_poly1305.h @@ -50,8 +50,8 @@ int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inPlaintext, const word32 inPlaintextLen, + const byte* inAAD, word32 inAADLen, + const byte* inPlaintext, word32 inPlaintextLen, byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); @@ -118,7 +118,7 @@ int wc_ChaCha20Poly1305_Encrypt( int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inCiphertext, const word32 inCiphertextLen, + const byte* inAAD, word32 inAADLen, + const byte* inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); diff --git a/doc/dox_comments/header_files/dh.h b/doc/dox_comments/header_files/dh.h index 775749bd7..d2a3868c7 100644 --- a/doc/dox_comments/header_files/dh.h +++ b/doc/dox_comments/header_files/dh.h @@ -40,7 +40,7 @@ int wc_InitDhKey(DhKey* key); \sa wc_InitDhKey */ -void wc_FreeDhKey(DhKey* key); +int wc_FreeDhKey(DhKey* key); /*! \ingroup Diffie-Hellman @@ -185,7 +185,7 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, \sa wc_DhSetKey */ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, - word32); + word32 inSz); /*! \ingroup Diffie-Hellman @@ -396,5 +396,5 @@ int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, /*! \ingroup Diffie-Hellman -*/ + */ int wc_FreeDhKey(DhKey* key); diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h index a129546a9..5becaf5a9 100644 --- a/doc/dox_comments/header_files/ecc.h +++ b/doc/dox_comments/header_files/ecc.h @@ -885,7 +885,7 @@ void wc_ecc_del_point(ecc_point* p); \sa wc_ecc_del_point */ -int wc_ecc_copy_point(ecc_point* p, ecc_point *r); +int wc_ecc_copy_point(const ecc_point* p, ecc_point *r); /*! \ingroup ECC @@ -1003,7 +1003,7 @@ int wc_ecc_point_is_at_infinity(ecc_point *p); \sa none */ -int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, +int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); /*! @@ -1534,7 +1534,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, \sa wc_ecc_export_point_der */ -int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, +int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx, ecc_point* point); /*! @@ -1621,7 +1621,7 @@ int wc_ecc_sig_size_calc(int sz); \sa wc_ecc_sig_size_calc */ -int wc_ecc_sig_size(ecc_key* key); +int wc_ecc_sig_size(const ecc_key* key); /*! @@ -1681,7 +1681,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); \sa wc_ecc_ctx_new */ -void wc_ecc_ctx_free(ecEncCtx*); +void wc_ecc_ctx_free(ecEncCtx* ctx); /*! \ingroup ECC diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h index 2f186b56b..dab8874b3 100644 --- a/doc/dox_comments/header_files/ed448.h +++ b/doc/dox_comments/header_files/ed448.h @@ -124,8 +124,9 @@ int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key); \sa wc_ed448_verify_msg */ -int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, - word32 *outlen, ed448_key* key); +int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed448_key* key, + const byte* context, byte contextLen); /*! \ingroup ED448 @@ -685,7 +686,7 @@ int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz, \sa wc_ed448_export_private_only */ -int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_public(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 @@ -725,7 +726,8 @@ int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen); \sa wc_ed448_import_private_key_ex */ -int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private_only(const ed448_key* key, byte* out, + word32* outLen); /*! \ingroup ED448 @@ -768,7 +770,7 @@ int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); \sa wc_ed448_export_private_only */ -int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 @@ -815,7 +817,7 @@ int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); \sa wc_ed448_export_public */ -int wc_ed448_export_key(ed448_key* key, +int wc_ed448_export_key(const ed448_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); @@ -879,7 +881,7 @@ int wc_ed448_check_key(ed448_key* key); \sa wc_ed448_make_key */ -int wc_ed448_size(ed448_key* key); +int wc_ed448_size(const ed448_key* key); /*! \ingroup ED448 @@ -908,7 +910,7 @@ int wc_ed448_size(ed448_key* key); \sa wc_ed448_pub_size */ -int wc_ed448_priv_size(ed448_key* key); +int wc_ed448_priv_size(const ed448_key* key); /*! \ingroup ED448 @@ -935,7 +937,7 @@ int wc_ed448_priv_size(ed448_key* key); \sa wc_ed448_priv_size */ -int wc_ed448_pub_size(ed448_key* key); +int wc_ed448_pub_size(const ed448_key* key); /*! \ingroup ED448 @@ -963,4 +965,4 @@ int wc_ed448_pub_size(ed448_key* key); \sa wc_ed448_sign_msg */ -int wc_ed448_sig_size(ed448_key* key); +int wc_ed448_sig_size(const ed448_key* key); diff --git a/doc/dox_comments/header_files/hash.h b/doc/dox_comments/header_files/hash.h index 5fcc2e7b5..a1c97c008 100644 --- a/doc/dox_comments/header_files/hash.h +++ b/doc/dox_comments/header_files/hash.h @@ -98,6 +98,7 @@ int wc_Hash(enum wc_HashType hash_type, \param data the data to hash \param len the length of data \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -365,7 +366,8 @@ int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash); \sa wc_Shake128_Update \sa wc_Shake128_Final */ -int wc_Shake128Hash(const byte* data, word32 len, byte* hash); +int wc_Shake128Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); /*! \ingroup SHA @@ -380,6 +382,7 @@ int wc_Shake128Hash(const byte* data, word32 len, byte* hash); \param data the data to hash \param len the length of data \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -390,7 +393,7 @@ int wc_Shake128Hash(const byte* data, word32 len, byte* hash); \sa wc_Shake256_Update \sa wc_Shake256_Final */ -int wc_Shake256Hash(const byte* data, word32 len, byte* hash); - +int wc_Shake256Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); diff --git a/doc/dox_comments/header_files/md2.h b/doc/dox_comments/header_files/md2.h index a35ba3ae2..237db76ac 100644 --- a/doc/dox_comments/header_files/md2.h +++ b/doc/dox_comments/header_files/md2.h @@ -24,7 +24,7 @@ \sa wc_Md2Update \sa wc_Md2Final */ -void wc_InitMd2(Md2*); +void wc_InitMd2(wc_Md2* md2); /*! \ingroup MD2 @@ -57,7 +57,7 @@ void wc_InitMd2(Md2*); \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Update(Md2* md2, const byte* data, word32 len); +void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len); /*! \ingroup MD2 @@ -88,7 +88,7 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len); \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Final(Md2* md2, byte* hash); +void wc_Md2Final(wc_Md2* md2, byte* hash); /*! \ingroup MD2 diff --git a/doc/dox_comments/header_files/md4.h b/doc/dox_comments/header_files/md4.h index 9422f0f81..d9503fc95 100644 --- a/doc/dox_comments/header_files/md4.h +++ b/doc/dox_comments/header_files/md4.h @@ -24,7 +24,7 @@ \sa wc_Md4Update \sa wc_Md4Final */ -void wc_InitMd4(Md4*); +void wc_InitMd4(wc_Md4* md4); /*! \ingroup MD4 @@ -57,7 +57,7 @@ void wc_InitMd4(Md4*); \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Update(Md4* md4, const byte* data, word32 len); +void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len); /*! \ingroup MD4 @@ -85,4 +85,4 @@ void wc_Md4Update(Md4* md4, const byte* data, word32 len); \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Final(Md4* md4, byte* hash); +void wc_Md4Final(wc_Md4* md4, byte* hash); diff --git a/doc/dox_comments/header_files/md5.h b/doc/dox_comments/header_files/md5.h index 6f94646e8..c14f16217 100644 --- a/doc/dox_comments/header_files/md5.h +++ b/doc/dox_comments/header_files/md5.h @@ -33,7 +33,7 @@ \sa wc_Md5Update \sa wc_Md5Final */ -int wc_InitMd5(wc_Md5*); +int wc_InitMd5(wc_Md5* md5); /*! \ingroup MD5 @@ -148,7 +148,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash); \sa wc_Md5Update \sa wc_Md5Final */ -void wc_Md5Free(wc_Md5*); +void wc_Md5Free(wc_Md5* md5); /*! \ingroup MD5 diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index 84742f9dd..038b87d3e 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -47,6 +47,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type); \param ptr pointer to the memory to be freed. \param heap heap hint to use for memory. Can be NULL \param type dynamic type (see DYNAMIC_TYPE_ list in types.h) + \param func name of calling function (for allocation tracking) + \param line source line number of call site _Example_ \code @@ -65,7 +67,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type); \sa XFREE \sa XREALLOC */ -void wolfSSL_Free(void *ptr, void* heap, int type); +void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, + unsigned int line); /*! \ingroup Memory @@ -148,9 +151,8 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type); \sa none */ -int wolfSSL_SetAllocators(wolfSSL_Malloc_cb, - wolfSSL_Free_cb, - wolfSSL_Realloc_cb); +int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, wolfSSL_Free_cb ff, + wolfSSL_Realloc_cb rf); /*! \ingroup Memory @@ -380,7 +382,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); \return If successful, 0 will be returned. \return All unsuccessful return values will be less than 0. - \param hint WOLFSSL_HEAP_HINT structure to use + \param pHint WOLFSSL_HEAP_HINT structure to use \param buf memory to use for all operations. \param sz size of memory buffer being passed in. \param flag type of memory. @@ -410,8 +412,8 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); \sa none */ -int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, - int flag, int max); +int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, + unsigned int sz, int flag, int max); /*! \ingroup Memory @@ -424,13 +426,14 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned in \return If successful, 0 will be returned. \return All unsuccessful return values will be less than 0. - \param hint WOLFSSL_HEAP_HINT structure to use + \param pHint WOLFSSL_HEAP_HINT handle to initialize + \param listSz number of entries in the size and distribution lists + \param sizeList array of bucket sizes to use + \param distList distribution list matching sizeList \param buf memory to use for all operations. \param sz size of memory buffer being passed in. \param flag type of memory. \param max max concurrent operations (handshakes, IO). - \param bucket_sizes array of bucket sizes to use - \param bucket_count number of bucket sizes in the array _Example_ \code @@ -439,14 +442,16 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned in unsigned char memory[MAX]; int memorySz = MAX; int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; - word16 bucket_sizes[] = {64, 128, 256, 512, 1024}; - int bucket_count = 5; + const word32 sizeList[] = {64, 128, 256, 512, 1024}; + const word32 distList[] = {1, 1, 1, 1, 1}; + unsigned int listSz = (unsigned int)(sizeof(sizeList)/ + sizeof(sizeList[0])); ... // load in memory for use with custom bucket sizes - ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0, - bucket_sizes, bucket_count); + ret = wc_LoadStaticMemory_ex(&hint, listSz, sizeList, distList, + memory, memorySz, flag, 0); if (ret != SSL_SUCCESS) { // handle error case } @@ -460,8 +465,9 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned in \sa wc_LoadStaticMemory \sa wc_UnloadStaticMemory */ -int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, - int flag, int max, word16* bucket_sizes, int bucket_count); +int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, unsigned int listSz, + const word32 *sizeList, const word32 *distList, + unsigned char* buf, unsigned int sz, int flag, int max); /*! \ingroup Memory @@ -560,7 +566,7 @@ WOLFSSL_HEAP_HINT* wolfSSL_GetGlobalHeapHint(void); \sa none */ -int wolfSSL_SetDebugMemoryCb(wolfSSL_DebugMemoryCb cb); +void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb); /*! \ingroup Memory @@ -591,16 +597,13 @@ int wolfSSL_SetDebugMemoryCb(wolfSSL_DebugMemoryCb cb); ... // cleanup when done - ret = wc_UnloadStaticMemory(&hint); - if (ret != 0) { - // handle error case - } + wc_UnloadStaticMemory(&hint); \endcode \sa wc_LoadStaticMemory \sa wc_LoadStaticMemory_ex */ -int wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* hint); +void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap); /*! \ingroup Memory @@ -636,4 +639,3 @@ int wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* hint); int wolfSSL_StaticBufferSz_ex(unsigned int listSz, const word32 *sizeList, const word32 *distList, byte* buffer, word32 sz, int flag); - diff --git a/doc/dox_comments/header_files/pkcs11.h b/doc/dox_comments/header_files/pkcs11.h index 4394dd48f..190c86a06 100644 --- a/doc/dox_comments/header_files/pkcs11.h +++ b/doc/dox_comments/header_files/pkcs11.h @@ -34,7 +34,7 @@ void wc_Pkcs11Token_Close(Pkcs11Token* token); /*! \ingroup PKCS11 */ -int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, +int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key); /*! \ingroup PKCS11 diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h index 31498ef9c..925c5223b 100644 --- a/doc/dox_comments/header_files/pkcs7.h +++ b/doc/dox_comments/header_files/pkcs7.h @@ -60,13 +60,13 @@ typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz, \param pkcs7 pointer to the PKCS7 structure in which to store the decoded cert - \param cert pointer to a buffer containing a DER formatted ASN.1 + \param der pointer to a buffer containing a DER formatted ASN.1 certificate with which to initialize the PKCS7 structure - \param certSz size of the certificate buffer + \param derSz size of the certificate buffer _Example_ \code - PKCS7 pkcs7; + wc_PKCS7 pkcs7; byte derBuff[] = { }; // initialize with DER-encoded certificate if ( wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)) != 0 ) { // error parsing certificate into pkcs7 format @@ -75,7 +75,7 @@ typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz, \sa wc_PKCS7_Free */ -int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); +int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz); /*! \ingroup PKCS7 @@ -96,7 +96,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); \sa wc_PKCS7_InitWithCert */ -void wc_PKCS7_Free(PKCS7* pkcs7); +void wc_PKCS7_Free(wc_PKCS7* pkcs7); /*! \ingroup PKCS7 @@ -139,7 +139,7 @@ void wc_PKCS7_Free(PKCS7* pkcs7); \sa wc_PKCS7_InitWithCert */ -int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, +int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -217,7 +217,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData */ -int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -317,7 +317,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData_ex */ -int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, word32* outputFootSz); @@ -394,7 +394,7 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData */ -int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, +int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz); @@ -493,7 +493,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData_ex */ -int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz); @@ -565,7 +565,7 @@ int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_DecodeEnvelopedData */ -int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -651,7 +651,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeEnvelopedData */ -int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, +int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /*! @@ -725,7 +725,7 @@ int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz, \sa wc_PKCS7_InitWithCert */ -int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, +int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /*! diff --git a/doc/dox_comments/header_files/poly1305.h b/doc/dox_comments/header_files/poly1305.h index f0c138296..725526e23 100644 --- a/doc/dox_comments/header_files/poly1305.h +++ b/doc/dox_comments/header_files/poly1305.h @@ -135,5 +135,5 @@ int wc_Poly1305Final(Poly1305* poly1305, byte* tag); \sa wc_Poly1305Update \sa wcPoly1305Final */ -int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, - byte* input, word32 sz, byte* tag, word32 tagSz); +int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, + const byte* input, word32 sz, byte* tag, word32 tagSz); diff --git a/doc/dox_comments/header_files/random.h b/doc/dox_comments/header_files/random.h index d7647142c..80a16b501 100644 --- a/doc/dox_comments/header_files/random.h +++ b/doc/dox_comments/header_files/random.h @@ -24,7 +24,7 @@ \sa wc_FreeNetRandom */ -int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout); +int wc_InitNetRandom(const char*, wnr_hmac_key, int); /*! \ingroup Random @@ -95,7 +95,7 @@ int wc_FreeNetRandom(void); \sa wc_FreeRng \sa wc_RNG_HealthTest */ -int wc_InitRng(WC_RNG*); +int wc_InitRng(WC_RNG* rng); /*! \ingroup Random @@ -241,7 +241,7 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b); \sa wc_RNG_GenerateByte, \sa wc_RNG_HealthTest */ -int wc_FreeRng(WC_RNG*); +int wc_FreeRng(WC_RNG* rng); /*! \ingroup Random diff --git a/doc/dox_comments/header_files/ripemd.h b/doc/dox_comments/header_files/ripemd.h index d413418e8..91b9dff95 100644 --- a/doc/dox_comments/header_files/ripemd.h +++ b/doc/dox_comments/header_files/ripemd.h @@ -23,7 +23,7 @@ \sa wc_RipeMdUpdate \sa wc_RipeMdFinal */ -int wc_InitRipeMd(RipeMd*); +int wc_InitRipeMd(RipeMd* ripemd); /*! \ingroup RIPEMD diff --git a/doc/dox_comments/header_files/rsa.h b/doc/dox_comments/header_files/rsa.h index 5df2dc1f1..a70da29c7 100644 --- a/doc/dox_comments/header_files/rsa.h +++ b/doc/dox_comments/header_files/rsa.h @@ -522,7 +522,7 @@ int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, \sa wc_RsaPSS_CheckPadding \sa wc_RsaSetRNG */ -int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, +int wc_RsaPSS_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key); @@ -651,7 +651,7 @@ int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, \sa wc_RsaSetRNG */ -int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, +int wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen, byte* out, word32 outLen, const byte* digest, word32 digestLen, enum wc_HashType hash, int mgf, @@ -927,7 +927,7 @@ int wc_RsaPSS_VerifyCheckInline_ex(byte* in, word32 inLen, byte** out, \sa wc_RsaPSS_CheckPadding_ex \sa wc_RsaSetRNG */ -int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType); /*! @@ -992,7 +992,7 @@ int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, \sa wc_RsaPSS_VerifyCheckInline_ex \sa wc_RsaPSS_CheckPadding */ -int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); /*! \ingroup RSA @@ -1012,7 +1012,7 @@ int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaEncryptSize(RsaKey* key); +int wc_RsaEncryptSize(const RsaKey* key); /*! \ingroup RSA @@ -1389,7 +1389,7 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, +int wc_RsaFlattenPublicKey(const RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz); /*! diff --git a/doc/dox_comments/header_files/sha.h b/doc/dox_comments/header_files/sha.h index 6eadc64af..56a9382d4 100644 --- a/doc/dox_comments/header_files/sha.h +++ b/doc/dox_comments/header_files/sha.h @@ -24,7 +24,7 @@ \sa wc_ShaUpdate \sa wc_ShaFinal */ -int wc_InitSha(wc_Sha*); +int wc_InitSha(wc_Sha* sha); /*! \ingroup SHA @@ -112,7 +112,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash); \sa wc_ShaUpdate \sa wc_ShaFinal */ -void wc_ShaFree(wc_Sha*); +void wc_ShaFree(wc_Sha* sha); /*! \ingroup SHA diff --git a/doc/dox_comments/header_files/sha256.h b/doc/dox_comments/header_files/sha256.h index 0e6968ff3..93bfd836f 100644 --- a/doc/dox_comments/header_files/sha256.h +++ b/doc/dox_comments/header_files/sha256.h @@ -24,7 +24,7 @@ \sa wc_Sha256Update \sa wc_Sha256Final */ -int wc_InitSha256(wc_Sha256*); +int wc_InitSha256(wc_Sha256* sha); /*! \ingroup SHA @@ -121,7 +121,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash); \sa wc_Sha256Update \sa wc_Sha256Final */ -void wc_Sha256Free(wc_Sha256*); +void wc_Sha256Free(wc_Sha256* sha256); /*! \ingroup SHA @@ -175,7 +175,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash); \sa wc_Sha224Update \sa wc_Sha224Final */ -int wc_InitSha224(wc_Sha224*); +int wc_InitSha224(wc_Sha224* sha224); /*! \ingroup SHA diff --git a/doc/dox_comments/header_files/sha3.h b/doc/dox_comments/header_files/sha3.h index fbd38ceff..afb434e7b 100644 --- a/doc/dox_comments/header_files/sha3.h +++ b/doc/dox_comments/header_files/sha3.h @@ -121,7 +121,7 @@ int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash); \sa wc_Sha3_224_Update \sa wc_Sha3_224_Final */ -void wc_Sha3_224_Free(wc_Sha3*); +void wc_Sha3_224_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -306,7 +306,7 @@ int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash); \sa wc_Sha3_256_Update \sa wc_Sha3_256_Final */ -void wc_Sha3_256_Free(wc_Sha3*); +void wc_Sha3_256_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -491,7 +491,7 @@ int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash); \sa wc_Sha3_384_Update \sa wc_Sha3_384_Final */ -void wc_Sha3_384_Free(wc_Sha3*); +void wc_Sha3_384_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -676,7 +676,7 @@ int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash); \sa wc_Sha3_512_Update \sa wc_Sha3_512_Final */ -void wc_Sha3_512_Free(wc_Sha3*); +void wc_Sha3_512_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -809,6 +809,7 @@ int wc_Shake128_Update(wc_Shake* sha, const byte* data, word32 len); \param shake pointer to the shake structure to use for encryption \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -829,7 +830,7 @@ int wc_Shake128_Update(wc_Shake* sha, const byte* data, word32 len); \sa wc_Shake128_GetHash \sa wc_InitShake128 */ -int wc_Shake128_Final(wc_Shake* shake, byte* hash); +int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen); /*! \ingroup SHA @@ -930,7 +931,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt); \sa wc_Shake128_Update \sa wc_Shake128_Final */ -void wc_Shake128_Free(wc_Shake*); +void wc_Shake128_Free(wc_Shake* shake); /*! \ingroup SHA @@ -990,7 +991,7 @@ int wc_Shake128_GetHash(wc_Shake* shake, byte* hash); \sa wc_InitShake128 \sa wc_Shake128_GetHash */ -int wc_Shake128_Copy(wc_Shake* shake, wc_Shake* dst); +int wc_Shake128_Copy(wc_Shake* src, wc_Sha3* dst); /*! \ingroup SHA @@ -1185,7 +1186,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt); \sa wc_Shake256_Update \sa wc_Shake256_Final */ -void wc_Shake256_Free(wc_Shake*); +void wc_Shake256_Free(wc_Shake* shake); /*! \ingroup SHA @@ -1245,6 +1246,4 @@ int wc_Shake256_GetHash(wc_Shake* shake, byte* hash); \sa wc_InitShake256 \sa wc_Shake256_GetHash */ -int wc_Shake256_Copy(wc_Shake* shake, wc_Shake* dst); - - +int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); diff --git a/doc/dox_comments/header_files/sha512.h b/doc/dox_comments/header_files/sha512.h index 4fd14b4d2..915ae77a1 100644 --- a/doc/dox_comments/header_files/sha512.h +++ b/doc/dox_comments/header_files/sha512.h @@ -24,7 +24,7 @@ \sa wc_Sha512Update \sa wc_Sha512Final */ -int wc_InitSha512(wc_Sha512*); +int wc_InitSha512(wc_Sha512* sha); /*! \ingroup SHA @@ -116,7 +116,7 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash); \sa wc_Sha384Update \sa wc_Sha384Final */ -int wc_InitSha384(wc_Sha384*); +int wc_InitSha384(wc_Sha384* sha); /*! \ingroup SHA diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 56e5656a6..4829d3884 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -721,7 +721,7 @@ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value); \sa wolfSSL_CTX_new \sa wolfSSL_CTX_dtls_set_export */ -int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, +int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz); @@ -1229,7 +1229,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, \sa wolfSSL_use_certificate_chain_file */ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, - const char* path, unsigned int flags); + const char* path, word32 flags); /*! \ingroup CertsKeys @@ -2019,7 +2019,7 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); \sa wolfSSL_set_read_fd \sa wolfSSL_set_write_fd */ -int wolfSSL_get_fd(const WOLFSSL*); +int wolfSSL_get_fd(const WOLFSSL* ssl); /*! \ingroup IO @@ -2046,7 +2046,7 @@ int wolfSSL_get_fd(const WOLFSSL*); \sa wolfSSL_set_read_fd \sa wolfSSL_set_write_fd */ -int wolfSSL_get_wfd(const WOLFSSL*); +int wolfSSL_get_wfd(const WOLFSSL* ssl); /*! \ingroup Setup @@ -2316,7 +2316,7 @@ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); \sa wolfSSL_get_error \sa wolfSSL_connect */ -int wolfSSL_accept(WOLFSSL*); +int wolfSSL_accept(WOLFSSL* ssl); /*! \ingroup IO @@ -2382,7 +2382,7 @@ int wolfDTLS_accept_stateless(WOLFSSL* ssl); \sa wolfSSL_new \sa wolfSSL_free */ -void wolfSSL_CTX_free(WOLFSSL_CTX*); +void wolfSSL_CTX_free(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -2406,7 +2406,7 @@ void wolfSSL_CTX_free(WOLFSSL_CTX*); \sa wolfSSL_new \sa wolfSSL_CTX_free */ -void wolfSSL_free(WOLFSSL*); +void wolfSSL_free(WOLFSSL* ssl); /*! \ingroup TLS @@ -2452,7 +2452,7 @@ void wolfSSL_free(WOLFSSL*); \sa wolfSSL_free \sa wolfSSL_CTX_free */ -int wolfSSL_shutdown(WOLFSSL*); +int wolfSSL_shutdown(WOLFSSL* ssl); /*! \ingroup IO @@ -2847,7 +2847,7 @@ int wolfSSL_GetSessionIndex(WOLFSSL* ssl); \sa LockMutex \sa wolfSSL_GetSessionIndex */ -int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session); +int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); /*! \ingroup IO @@ -3054,7 +3054,7 @@ void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx); \sa wolfSSL_read \sa wolfSSL_peek */ -int wolfSSL_pending(WOLFSSL*); +int wolfSSL_pending(WOLFSSL* ssl); /*! \ingroup Debug @@ -3786,7 +3786,7 @@ void wolfSSL_dtls13_set_send_more_acks(WOLFSSL *ssl, int value); \sa wolfSSL_dtls_set_timeout_max \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout); /*! \brief This function sets the maximum dtls timeout. @@ -3814,7 +3814,7 @@ int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); \sa wolfSSL_dtls_set_timeout_init \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout); /*! \brief When using non-blocking sockets with DTLS, this function should @@ -4208,7 +4208,7 @@ int wolfSSL_session_reused(WOLFSSL* ssl); \sa wolfSSL_get_keys \sa wolfSSL_set_shutdown */ -int wolfSSL_is_init_finished(WOLFSSL* ssl); +int wolfSSL_is_init_finished(const WOLFSSL* ssl); /*! \ingroup IO @@ -4644,7 +4644,7 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem \sa wolfSSL_BIO_new, wolfSSL_BIO_free */ -int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *bio); +int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); /*! \ingroup IO @@ -5004,7 +5004,7 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert); \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA */ -int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert); +int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); /*! \ingroup CertsKeys @@ -5068,7 +5068,7 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid, \sa wolfSSL_X509_notAfter \sa wolfSSL_X509_free */ -int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert); +int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); /*! \brief This function frees a WOLFSSL_X509 structure. @@ -5726,7 +5726,7 @@ long wolfSSL_set_options(WOLFSSL *s, long op); \sa wolfSSL_free \sa wolfSSL_set_options */ -long wolfSSL_get_options(const WOLFSSL *ssl); +long wolfSSL_get_options(const WOLFSSL *s); /*! \ingroup Setup @@ -5752,7 +5752,7 @@ long wolfSSL_get_options(const WOLFSSL *ssl); \sa wolfSSL_new \sa wolfSSL_free */ -long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg); +long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); /*! \ingroup openSSL @@ -5950,7 +5950,7 @@ void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx, \sa wolfSSL_set_psk_server_callback */ void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, - wc_psk_client_callback); + wc_psk_client_callback cb); /*! \ingroup CertsKeys @@ -6244,7 +6244,7 @@ void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx); \sa none */ -int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); +int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -6368,7 +6368,7 @@ WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); \sa wolfSSL_want_write \sa wolfSSL_get_error */ -int wolfSSL_want_read(WOLFSSL*); +int wolfSSL_want_read(WOLFSSL* ssl); /*! \ingroup Debug @@ -6398,7 +6398,7 @@ int wolfSSL_want_read(WOLFSSL*); \sa wolfSSL_want_read \sa wolfSSL_get_error */ -int wolfSSL_want_write(WOLFSSL*); +int wolfSSL_want_write(WOLFSSL* ssl); /*! \ingroup Setup @@ -6977,7 +6977,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*); \sa wolfSSL_X509_get_isCA \sa wolfSSL_get_peer_certificate */ -int wolfSSL_X509_version(WOLFSSL_X509*); +int wolfSSL_X509_version(WOLFSSL_X509* x509); /*! \ingroup CertsKeys @@ -7632,7 +7632,7 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* f, \sa wolfSSL_GetDhKey_Sz \sa wolfSSL_CTX_SetTMpDH_file */ -int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16); +int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits); /*! \ingroup CertsKeys @@ -7754,7 +7754,7 @@ int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits); \sa wolfSSL_SetTmpDH \sa wolfSSL_CTX_SetTmpDH_file */ -int wolfSSL_GetDhKey_Sz(WOLFSSL*); +int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -7844,7 +7844,7 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz); \sa wolfSSL_SetMinEccKey_Sz */ -int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz); +int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz); /*! \ingroup CertsKeys @@ -7985,7 +7985,7 @@ int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, \sa LockMutex \sa UnlockMutex */ -int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); +int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx); /*! @@ -8049,7 +8049,7 @@ int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx); \sa wolfSSL_CTX_trust_peer_buffer \sa wolfSSL_CTX_trust_peer_cert */ -int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); +int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -8581,7 +8581,7 @@ int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, \sa wolfSSL_CTX_UnloadCAs */ -int wolfSSL_UnloadCertsKeys(WOLFSSL*); +int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl); /*! \ingroup Setup @@ -8606,7 +8606,7 @@ int wolfSSL_UnloadCertsKeys(WOLFSSL*); \sa wolfSSL_set_group_messages \sa wolfSSL_CTX_new */ -int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); +int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -8631,7 +8631,7 @@ int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); \sa wolfSSL_CTX_set_group_messages \sa wolfSSL_new */ -int wolfSSL_set_group_messages(WOLFSSL*); +int wolfSSL_set_group_messages(WOLFSSL* ssl); /*! \brief This function sets the fuzzer callback. @@ -8695,8 +8695,8 @@ void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); \sa wc_RNG_GenerateBlock */ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, - const unsigned char* secret, - unsigned int secretSz); + const byte* secret, + word32 secretSz); /*! \brief This function retrieves the random number. @@ -8850,7 +8850,7 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz); \sa wolfSSL_GetOutputSize */ -int wolfSSL_GetMaxOutputSize(WOLFSSL*); +int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl); /*! \ingroup Setup @@ -8910,7 +8910,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version); \sa wolfSSL_SetMacEncryptCtx \sa wolfSSL_GetMacEncryptCtx */ -void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb); +void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb); /*! \brief Allows caller to set the Atomic User Record Processing Mac/Encrypt @@ -9127,7 +9127,7 @@ const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetKeySize(WOLFSSL*); +int wolfSSL_GetKeySize(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -9157,7 +9157,7 @@ int wolfSSL_GetKeySize(WOLFSSL*); \sa wolfSSL_GetClientWriteIV \sa wolfSSL_GetServerWriteIV */ -int wolfSSL_GetIVSize(WOLFSSL*); +int wolfSSL_GetIVSize(WOLFSSL* ssl); /*! \brief Allows retrieval of the side of this WOLFSSL connection. @@ -9177,7 +9177,7 @@ int wolfSSL_GetIVSize(WOLFSSL*); \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetSide(WOLFSSL*); +int wolfSSL_GetSide(WOLFSSL* ssl); /*! \brief Allows caller to determine if the negotiated protocol version @@ -9196,7 +9196,7 @@ int wolfSSL_GetSide(WOLFSSL*); \sa wolfSSL_GetSide */ -int wolfSSL_IsTLSv1_1(WOLFSSL*); +int wolfSSL_IsTLSv1_1(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated bulk cipher algorithm @@ -9217,7 +9217,7 @@ int wolfSSL_IsTLSv1_1(WOLFSSL*); \sa wolfSSL_GetCipherBlockSize \sa wolfSSL_GetKeySize */ -int wolfSSL_GetBulkCipher(WOLFSSL*); +int wolfSSL_GetBulkCipher(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated cipher block size from @@ -9237,7 +9237,7 @@ int wolfSSL_GetBulkCipher(WOLFSSL*); \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetCipherBlockSize(WOLFSSL*); +int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated aead mac size from the @@ -9257,7 +9257,7 @@ int wolfSSL_GetCipherBlockSize(WOLFSSL*); \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetAeadMacSize(WOLFSSL*); +int wolfSSL_GetAeadMacSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated (h)mac size from the @@ -9277,7 +9277,7 @@ int wolfSSL_GetAeadMacSize(WOLFSSL*); \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetHmacSize(WOLFSSL*); +int wolfSSL_GetHmacSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated (h)mac type from the @@ -9298,7 +9298,7 @@ int wolfSSL_GetHmacSize(WOLFSSL*); \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacSize */ -int wolfSSL_GetHmacType(WOLFSSL*); +int wolfSSL_GetHmacType(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated cipher type @@ -9318,7 +9318,7 @@ int wolfSSL_GetHmacType(WOLFSSL*); \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetCipherType(WOLFSSL*); +int wolfSSL_GetCipherType(WOLFSSL* ssl); /*! \brief Allows caller to set the Hmac Inner vector for message @@ -9861,7 +9861,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); \sa wolfSSL_CertManagerNew */ -void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); +void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -9941,7 +9941,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f, \sa cm_pick_method */ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm, - const unsigned char* in, long sz, int format); + const unsigned char* buff, long sz, + int format); /*! \ingroup CertManager @@ -10198,7 +10199,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, \sa InitDecodedCert */ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager @@ -10273,7 +10274,7 @@ int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, \sa wolfSSL_CertManagerEnableCRL */ -int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -10533,7 +10534,7 @@ int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm); \sa CheckCertOCSP */ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager @@ -10594,7 +10595,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, \sa wolfSSL_DisableCRL */ -int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -10871,7 +10872,7 @@ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options); \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_DisableOCSP(WOLFSSL*); +int wolfSSL_DisableOCSP(WOLFSSL* ssl); /*! \brief This function sets the ocspOverrideURL member in the @@ -11131,7 +11132,7 @@ int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options); \sa wolfSSL_DisableOCSP \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); +int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx); /*! \brief This function manually sets the URL for OCSP to use. By default, @@ -11226,7 +11227,7 @@ int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, \sa wolfSSL_CertManagerEnableOCSPStapling \sa InitOCSP */ -int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx); /*! \ingroup CertsKeys @@ -11252,7 +11253,7 @@ int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); \sa wolfSSL_FreeArrays */ -void wolfSSL_KeepArrays(WOLFSSL*); +void wolfSSL_KeepArrays(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -11277,7 +11278,7 @@ void wolfSSL_KeepArrays(WOLFSSL*); \sa wolfSSL_KeepArrays */ -void wolfSSL_FreeArrays(WOLFSSL*); +void wolfSSL_FreeArrays(WOLFSSL* ssl); /*! \brief This function enables the use of Server Name Indication in the SSL @@ -12379,7 +12380,7 @@ int wolfSSL_send_SessionTicket(WOLFSSL* ssl); \sa wolfSSL_CTX_set_TicketEncCtx */ int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, - SessionTicketEncCb); + SessionTicketEncCb cb); /*! \brief This function sets the session ticket hint relayed to the client. @@ -12399,7 +12400,7 @@ int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, \sa wolfSSL_CTX_set_TicketEncCb */ -int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); +int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint); /*! \brief This function sets the session ticket encrypt user context for the @@ -12420,7 +12421,7 @@ int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); \sa wolfSSL_CTX_set_TicketEncCb */ -int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); +int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx); /*! \brief This function gets the session ticket encrypt user context for the @@ -12690,7 +12691,7 @@ int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, \sa wolfSSL_connect_ex */ -int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb, +int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); /*! @@ -12800,8 +12801,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl); \endcode */ -int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, - int nid, int lastPos); +int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); /*! \ingroup CertsKeys @@ -12918,8 +12918,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); \sa wolfSSL_new \sa wolfSSL_free */ -int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, - int derSz); +int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, + int derSz); /*! \ingroup CertsKeys @@ -12980,7 +12980,7 @@ int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); \sa wolfSSL_use_PrivateKey */ int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, - unsigned char* der, long derSz); + const unsigned char* der, long derSz); /*! \ingroup CertsKeys @@ -14071,7 +14071,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl); \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list); +int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list); /*! \ingroup Setup @@ -14109,7 +14109,7 @@ int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list); \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list); +int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list); /*! \ingroup TLS @@ -14284,7 +14284,7 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); \sa wolfSSL_accept_TLSv13 \sa wolfSSL_accept */ -int wolfSSL_connect_TLSv13(WOLFSSL*); +int wolfSSL_connect_TLSv13(WOLFSSL* ssl); /*! \ingroup IO @@ -15023,8 +15023,8 @@ int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and RSA_PKCS1_PADDING are currently supported for signing. */ -int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, +int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, int padding); /*! @@ -15066,8 +15066,11 @@ unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s); \return The new index value to be used with the external data API for this object class. - */ -int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*); +*/ +int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); /*! \ingroup Setup diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h index 8823383ca..8a35464ab 100644 --- a/doc/dox_comments/header_files/wolfio.h +++ b/doc/dox_comments/header_files/wolfio.h @@ -115,7 +115,7 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); \sa wolfSSL_SSLSetIORecv \sa wolfSSL_dtls_get_current_timeout */ -int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); +int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx); /*! \brief This function is the send embedded callback. @@ -189,8 +189,8 @@ int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); \sa wolfSSL_CTX_SetGenCookie */ -int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, - int sz, void*); +int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, + int sz, void *ctx); /*! \brief This function frees the response buffer. From 26206821ff0e7e1db465f887a0c1fe0f1a57ed49 Mon Sep 17 00:00:00 2001 From: Joseph Chen Date: Wed, 26 Nov 2025 16:05:05 +0800 Subject: [PATCH 02/13] Prefer ARMASM over MMCAU for AES CBC when both enabled --- wolfcrypt/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 49b89dac2..1dba1b6df 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5887,7 +5887,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif /* HAVE_AES_DECRYPT */ -#elif defined(FREESCALE_MMCAU) +#elif defined(FREESCALE_MMCAU) && !defined(WOLFSSL_ARMASM) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int offset = 0; From 10efcd978718798484f6f498ade9ec2ac1944538 Mon Sep 17 00:00:00 2001 From: Joseph Chen Date: Thu, 27 Nov 2025 10:03:04 +0800 Subject: [PATCH 03/13] Enhance MQX platform support and integration --- src/sniffer.c | 19 ++++++++++++++++++- src/ssl.c | 4 ++++ wolfssl/wolfcrypt/settings.h | 3 +-- wolfssl/wolfcrypt/wc_port.h | 1 + wolfssl/wolfio.h | 7 +++++++ 5 files changed, 31 insertions(+), 3 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 6854d5800..f65455b66 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -56,15 +56,23 @@ /* default */ #define XINET_NTOA inet_ntoa #define XINET_ATON inet_aton +#ifdef FREESCALE_MQX + #define XINET_PTON(a,b,c,d) inet_pton((a),(b),(c),(d)) +#else #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) +#endif #define XINET_NTOP inet_ntop #define XINET_ADDR inet_addr #define XHTONS htons #define XNTOHS ntohs #define XHTONL htonl #define XNTOHL ntohl +#ifdef FREESCALE_MQX + #define XINADDR_NONE INADDR_BROADCAST +#else #define XINADDR_NONE INADDR_NONE #endif +#endif #if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) #ifdef WOLFSSL_SNIFFER @@ -76,7 +84,7 @@ #ifdef TCP_PROTOCOL #undef TCP_PROTOCOL #endif -#else +#elif !defined(FREESCALE_MQX) #ifndef _WIN32 #include #else @@ -1817,6 +1825,9 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, address, serverIp.ip6, sizeof(serverIp.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, address, serverIp.ip6, + sizeof(serverIp.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, address, serverIp.ip6) == 1) #endif @@ -7672,6 +7683,9 @@ int ssl_RemoveSession(const char* clientIp, int clientPort, #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, sizeof(clientAddr.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, + sizeof(clientAddr.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6) == 1) #endif @@ -7691,6 +7705,9 @@ int ssl_RemoveSession(const char* clientIp, int clientPort, #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6, sizeof(serverAddr.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, + sizeof(clientAddr.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6) == 1) #endif diff --git a/src/ssl.c b/src/ssl.c index 2cda8ea4d..3afe949af 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21390,7 +21390,11 @@ WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa) } buf[WOLFSSL_IP6_ADDR_LEN] = '\0'; +#ifdef FREESCALE_MQX + if (XINET_PTON(af, ipa, (void*)buf, sizeof(buf)) != RTCS_OK) { +#else if (XINET_PTON(af, ipa, (void*)buf) != 1) { +#endif WOLFSSL_MSG("Error parsing IP address"); return NULL; } diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9b02060de..2f916b2c0 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1853,8 +1853,7 @@ extern void uITRON4_free(void *p) ; #else #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));} #endif - - /* Note: MQX has no realloc, using fastmath above */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), (void *)_mem_realloc((p), (n))) #endif #ifdef USE_FAST_MATH /* Undef first to avoid re-definition if user_settings.h defines */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 22a3ee498..513ba98ff 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -935,6 +935,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END IO_SEEK_END #define XBADFILE NULL #define XFGETS fgets + #define XFPRINTF fprintf #elif defined(WOLFSSL_DEOS) #define NO_FILESYSTEM diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index ad8b56410..2ddd830ef 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -602,6 +602,11 @@ WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, } while(0) #endif #define StartTCP() WC_DO_NOTHING +#elif defined(FREESCALE_MQX) + #ifndef CloseSocket + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() WC_DO_NOTHING #else #ifndef CloseSocket #define CloseSocket(s) close(s) @@ -987,6 +992,8 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #else #define XINET_PTON(a,b,c) InetPton((a),(PCWSTR)(b),(c)) #endif + #elif defined(FREESCALE_MQX) + #define XINET_PTON(a,b,c,d) inet_pton((a),(b),(c),(d)) #else #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) #endif From 9a699c04ea17f3a0c75fa455ea7f56533c79f14b Mon Sep 17 00:00:00 2001 From: Sameeh Jubran Date: Wed, 26 Nov 2025 05:37:19 +0000 Subject: [PATCH 04/13] linuxkm: Fix spinlock initialization on Tegra kernels for __SPIN_LOCK_UNLOCKED macro incompatibility Tegra vendor kernels (L4T / NVIDIA Yocto BSP) fail to compile the wolfSSL Linux kernel module due to the use of the legacy assignment form of the spinlock initializer: m->lock = __SPIN_LOCK_UNLOCKED(m); On Tegra, __SPIN_LOCK_UNLOCKED() expands to a braced-struct initializer that is *not* valid as an assignment expression, causing: error: expected expression before '{' token This patch applies a Tegra-specific workaround by replacing the assignment with the stable kernel API: spin_lock_init(&m->lock); This is guarded behind CONFIG_ARCH_TEGRA so that non-Tegra platforms retain the current initialization behavior until further validation is completed. This fix restores successful kernel module builds on NVIDIA Tegra-based Yocto images without modifying behavior on other architectures. Signed-off-by: Sameeh Jubran --- .wolfssl_known_macro_extras | 1 + linuxkm/linuxkm_wc_port.h | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 2c460c174..ca9dc8cce 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -52,6 +52,7 @@ CONFIG_ARCH_CHIP_STM32F746ZG CONFIG_ARCH_CHIP_STM32H743ZI CONFIG_ARCH_CHIP_STM32L552ZE CONFIG_ARCH_POSIX +CONFIG_ARCH_TEGRA CONFIG_ARM CONFIG_ARM64 CONFIG_BOARD_NATIVE_POSIX diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 834e95819..b5b4e675e 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -1444,7 +1444,12 @@ static __always_inline int wc_InitMutex(wolfSSL_Mutex* m) { + /* Tegra vendor kernels do not support assignment of __SPIN_LOCK_UNLOCKED() */ + # ifndef CONFIG_ARCH_TEGRA m->lock = __SPIN_LOCK_UNLOCKED(m); + # else + spin_lock_init(&m->lock); + #endif m->irq_flags = 0; return 0; From cd99aa2f0ecfc424e734728fbf1d1139f7445aeb Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 1 Dec 2025 09:43:15 -0600 Subject: [PATCH 05/13] bsdkm: return cleanup. --- bsdkm/wolfkmod.c | 48 ++++++++++++++++++++---------------------------- 1 file changed, 20 insertions(+), 28 deletions(-) diff --git a/bsdkm/wolfkmod.c b/bsdkm/wolfkmod.c index 1a22f3328..41420a096 100644 --- a/bsdkm/wolfkmod.c +++ b/bsdkm/wolfkmod.c @@ -52,17 +52,17 @@ static int wolfkmod_init(void) ret = wolfCrypt_Init(); if (ret != 0) { printf("error: wolfCrypt_Init failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; + return (ECANCELED); } #else ret = wolfSSL_Init(); if (ret != WOLFSSL_SUCCESS) { printf("error: wolfSSL_Init failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; + return (ECANCELED); } #endif - return ret; + return (0); } static int wolfkmod_cleanup(void) @@ -73,25 +73,21 @@ static int wolfkmod_cleanup(void) ret = wolfCrypt_Cleanup(); if (ret != 0) { printf("error: wolfCrypt_Cleanup failed: %s\n", wc_GetErrorString(ret)); - } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("info: wolfCrypt " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + return (ECANCELED); } #else ret = wolfSSL_Cleanup(); if (ret != WOLFSSL_SUCCESS) { printf("error: wolfSSL_Cleanup failed: %s\n", wc_GetErrorString(ret)); + return (ECANCELED); } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("info: wolfSSL " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ - } - #endif + #endif /* WOLFCRYPT_ONLY */ - return ret; + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + printf("info: libwolfssl " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (0); } static int wolfkmod_load(void) @@ -100,7 +96,7 @@ static int wolfkmod_load(void) ret = wolfkmod_init(); if (ret != 0) { - return -ECANCELED; + return (ECANCELED); } #ifndef NO_CRYPT_TEST @@ -108,13 +104,11 @@ static int wolfkmod_load(void) if (ret != 0) { printf("error: wolfcrypt test failed with return code: %d\n", ret); (void)wolfkmod_cleanup(); - return -ECANCELED; - } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("wolfCrypt self-test passed.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + return (ECANCELED); } + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + printf("info: wolfCrypt self-test passed.\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ #endif /* NO_CRYPT_TEST */ /** @@ -122,11 +116,9 @@ static int wolfkmod_load(void) * and related. * */ - if (ret == 0) { - printf("info: libwolfssl loaded\n"); - } + printf("info: libwolfssl loaded\n"); - return ret; + return (0); } static int wolfkmod_unload(void) @@ -144,7 +136,7 @@ static int wolfkmod_unload(void) printf("info: libwolfssl unloaded\n"); } - return ret; + return (ret); } /* see /usr/include/sys/module.h for more info. */ @@ -172,7 +164,7 @@ wolfkmod_event(struct module * m, int what, void * arg) (void)m; (void)arg; - return ret; + return (ret); } static moduledata_t libwolfmod = { From c63df82f0dc2b7e181319c431474b13ff32184e0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 2 Dec 2025 10:46:43 +0100 Subject: [PATCH 06/13] Update sha384 and sha512 certs - Print errors in logs on failure --- .github/workflows/hostap-vm.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 77f7007c3..47e053baa 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -232,6 +232,7 @@ jobs: working-directory: hostap/tests/hwsim/auth_serv run: | ./update.sh + ./sha512-generate.sh # Force regeneration of rsa3072-ca.key to get rsa3072-generate.sh to # correctly update all the certs rm rsa3072-ca.key @@ -331,6 +332,10 @@ jobs: rm -r /tmp/hwsim-test-logs done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests + - name: show errors + if: ${{ failure() && steps.testing.outcome == 'failure' }} + run: grep -riP 'fail|error' /tmp/hwsim-test-logs/latest + # The logs are quite big. It hasn't been useful so far so let's not waste # precious gh space. #- name: zip logs From 7b82224462757d2dddf095a7665904f058c712ed Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 3 Dec 2025 10:47:21 +0100 Subject: [PATCH 07/13] tests: add unit coverage for GetCAByAKID --- tests/api/test_x509.c | 93 +++++++++++++++++++++++++++++++++++++++++ tests/api/test_x509.h | 4 +- wolfssl/internal.h | 2 +- wolfssl/wolfcrypt/asn.h | 2 +- 4 files changed, 98 insertions(+), 3 deletions(-) diff --git a/tests/api/test_x509.c b/tests/api/test_x509.c index 5f4300b88..3ef0889a1 100644 --- a/tests/api/test_x509.c +++ b/tests/api/test_x509.c @@ -36,6 +36,9 @@ #include #include +#include +#include + #if defined(OPENSSL_ALL) && \ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) #define HAVE_TEST_X509_RFC2818_VERIFICATION_CALLBACK @@ -148,3 +151,93 @@ int test_x509_rfc2818_verification_callback(void) #endif return EXPECT_RESULT(); } + +/* Basic unit coverage for GetCAByAKID. + * + * These tests construct a minimal WOLFSSL_CERT_MANAGER and Signer objects in + * memory and then call GetCAByAKID directly, verifying that: + * - a NULL or incomplete input returns NULL, + * - a matching issuer/serial pair returns the expected Signer, and + * - a non-matching pair returns NULL. + * + * These tests are intended to check the behaviour of the lookup logic itself; + * they do not exercise certificate parsing or real CA loading. + */ +int test_x509_GetCAByAKID(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_AKID_NAME + WOLFSSL_CERT_MANAGER cm; + Signer signerA; + Signer signerB; + Signer* found; + byte issuerBuf[] = { 0x01, 0x02, 0x03, 0x04 }; + byte serialBuf[] = { 0x0a, 0x0b, 0x0c, 0x0d }; + byte wrongSerial[] = { 0x07, 0x07, 0x07, 0x07 }; + byte issuerHash[SIGNER_DIGEST_SIZE]; + byte serialHash[SIGNER_DIGEST_SIZE]; + word32 row; + + XMEMSET(&cm, 0, sizeof(cm)); + XMEMSET(&signerA, 0, sizeof(signerA)); + XMEMSET(&signerB, 0, sizeof(signerB)); + + /* Initialize CA mutex so GetCAByAKID can lock/unlock it. */ + ExpectIntEQ(wc_InitMutex(&cm.caLock), 0); + + /* Place both signers into the same CA table bucket. */ + row = 0; + cm.caTable[row] = &signerA; + signerA.next = &signerB; + signerB.next = NULL; + + /* Pre-compute the expected name and serial hashes using the same helper + * that GetCAByAKID uses internally. */ + ExpectIntEQ(CalcHashId(issuerBuf, sizeof(issuerBuf), issuerHash), 0); + ExpectIntEQ(CalcHashId(serialBuf, sizeof(serialBuf), serialHash), 0); + + /* Configure signerA as the matching signer. */ + XMEMCPY(signerA.issuerNameHash, issuerHash, SIGNER_DIGEST_SIZE); + XMEMCPY(signerA.serialHash, serialHash, SIGNER_DIGEST_SIZE); + + /* Configure signerB with different hashes so it should not match. */ + XMEMSET(signerB.issuerNameHash, 0x11, SIGNER_DIGEST_SIZE); + XMEMSET(signerB.serialHash, 0x22, SIGNER_DIGEST_SIZE); + + /* 1) NULL manager should yield NULL. */ + found = GetCAByAKID(NULL, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 2) NULL issuer should yield NULL. */ + found = GetCAByAKID(&cm, NULL, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 3) NULL serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + NULL, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 4) Zero-length issuer/serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, 0, serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, 0); + ExpectNull(found); + + /* 5) Non-matching serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + wrongSerial, (word32)sizeof(wrongSerial)); + ExpectNull(found); + + /* 6) Matching issuer/serial should return signerA. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectPtrEq(found, &signerA); + + wc_FreeMutex(&cm.caLock); + +#endif /* WOLFSSL_AKID_NAME */ + return EXPECT_RESULT(); +} diff --git a/tests/api/test_x509.h b/tests/api/test_x509.h index f8d53f3fd..ab1a4a874 100644 --- a/tests/api/test_x509.h +++ b/tests/api/test_x509.h @@ -23,8 +23,10 @@ #define WOLFCRYPT_TEST_X509_H int test_x509_rfc2818_verification_callback(void); +int test_x509_GetCAByAKID(void); #define TEST_X509_DECLS \ - TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback) + TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback), \ + TEST_DECL_GROUP("x509", test_x509_GetCAByAKID) #endif /* WOLFCRYPT_TEST_X509_H */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9dc54ab8e..f51033978 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6698,7 +6698,7 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); #endif #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID) - WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer, + WOLFSSL_TEST_VIS Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, const byte* serial, word32 serialSz); #endif #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 43a9249ca..e41f8f08e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2060,7 +2060,7 @@ typedef enum MimeStatus #endif /* HAVE_SMIME */ WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); -WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); +WOLFSSL_TEST_VIS int CalcHashId(const byte* data, word32 len, byte* hash); WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg); WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash, From 995e63f6e11f6d022e6edf37efd05634e5ca8ffb Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 3 Dec 2025 10:29:59 +0100 Subject: [PATCH 08/13] Fix AKID CA lookup The `authorityCertIssuer` field refers to the Issuer field of the CA being looked up and not its Subject field. --- src/ssl.c | 2 +- wolfcrypt/src/asn.c | 2 +- wolfssl/wolfcrypt/asn.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2cda8ea4d..fa8f3dc74 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5760,7 +5760,7 @@ Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { for (signers = cm->caTable[row]; signers != NULL; signers = signers->next) { - if (XMEMCMP(signers->subjectNameHash, nameHash, SIGNER_DIGEST_SIZE) + if (XMEMCMP(signers->issuerNameHash, nameHash, SIGNER_DIGEST_SIZE) == 0 && XMEMCMP(signers->serialHash, serialHash, SIGNER_DIGEST_SIZE) == 0) { ret = signers; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e54c9cc99..8d5f765b5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -26077,7 +26077,7 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) #endif XMEMCPY(signer->subjectNameHash, cert->subjectHash, SIGNER_DIGEST_SIZE); - #if defined(HAVE_OCSP) || defined(HAVE_CRL) + #if defined(HAVE_OCSP) || defined(HAVE_CRL) || defined(WOLFSSL_AKID_NAME) XMEMCPY(signer->issuerNameHash, cert->issuerHash, SIGNER_DIGEST_SIZE); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e41f8f08e..e9dd8834f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1957,7 +1957,7 @@ struct Signer { #endif /* !IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ - #if defined(HAVE_OCSP) || defined(HAVE_CRL) + #if defined(HAVE_OCSP) || defined(HAVE_CRL) || defined(WOLFSSL_AKID_NAME) byte issuerNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of issuer names in certificate. * Used in OCSP to check for authorized From 32c6f8f2a0323d57d9f1c7b773f18c07e6e5edbe Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 3 Dec 2025 11:36:39 +0100 Subject: [PATCH 09/13] Fix prefix errors --- wolfssl/internal.h | 4 ++++ wolfssl/wolfcrypt/asn.h | 31 ++++++++++++++++--------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f51033978..b6e482d50 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6694,6 +6694,10 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, DecodedCert* cert); #endif + #ifdef WOLFSSL_API_PREFIX_MAP + #define GetCAByAKID wolfSSL_GetCAByAKID + #endif + #ifndef GetCA WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e9dd8834f..dd5263191 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2059,21 +2059,6 @@ typedef enum MimeStatus } MimeStatus; #endif /* HAVE_SMIME */ -WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); -WOLFSSL_TEST_VIS int CalcHashId(const byte* data, word32 len, byte* hash); -WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, - int hashAlg); -WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash, - int hashAlg); -WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); - -#ifdef ASN_BER_TO_DER -WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, - word32* derSz); -#endif -WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, - byte* out, word32* outSz, word32* idx); - #ifdef WOLFSSL_API_PREFIX_MAP #define FreeAltNames wc_FreeAltNames #define AltNameNew wc_AltNameNew @@ -2098,8 +2083,24 @@ WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, #define GetASNTag wc_GetASNTag #define SetAlgoID wc_SetAlgoID #define SetAsymKeyDer wc_SetAsymKeyDer + #define CalcHashId wc_CalcHashId #endif /* WOLFSSL_API_PREFIX_MAP */ +WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); +WOLFSSL_TEST_VIS int CalcHashId(const byte* data, word32 len, byte* hash); +WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, + int hashAlg); +WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash, + int hashAlg); +WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); + +#ifdef ASN_BER_TO_DER +WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, + word32* derSz); +#endif +WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, + byte* out, word32* outSz, word32* idx); + WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap); WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap); WOLFSSL_ASN_API DNS_entry* AltNameDup(DNS_entry* from, void* heap); From 22eedeea86169a681570edb11028470ebf199f78 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 3 Dec 2025 13:26:12 +0100 Subject: [PATCH 10/13] fixup! tests: add unit coverage for GetCAByAKID --- wolfssl/internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index b6e482d50..ed3d6be98 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6694,14 +6694,14 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, DecodedCert* cert); #endif - #ifdef WOLFSSL_API_PREFIX_MAP - #define GetCAByAKID wolfSSL_GetCAByAKID - #endif #ifndef GetCA WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); #endif #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID) + #ifdef WOLFSSL_API_PREFIX_MAP + #define GetCAByAKID wolfSSL_GetCAByAKID + #endif WOLFSSL_TEST_VIS Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, const byte* serial, word32 serialSz); #endif From c4e9ca4eca52628e489d79d86e5a07db3524e507 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 3 Dec 2025 14:56:52 +0000 Subject: [PATCH 11/13] Fix some errors in the doc edits --- doc/dox_comments/header_files/ed448.h | 3 +++ doc/dox_comments/header_files/memory.h | 7 ++----- doc/dox_comments/header_files/random.h | 2 +- doc/dox_comments/header_files/wolfio.h | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h index dab8874b3..6b0a4eeab 100644 --- a/doc/dox_comments/header_files/ed448.h +++ b/doc/dox_comments/header_files/ed448.h @@ -99,6 +99,9 @@ int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key); bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. + \param [in] context Pointer to the buffer containing the context for which + message is being signed. + \param [in] contextLen Length of the context buffer. _Example_ \code diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index 038b87d3e..2f5e9cce1 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -47,8 +47,6 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type); \param ptr pointer to the memory to be freed. \param heap heap hint to use for memory. Can be NULL \param type dynamic type (see DYNAMIC_TYPE_ list in types.h) - \param func name of calling function (for allocation tracking) - \param line source line number of call site _Example_ \code @@ -56,7 +54,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type); // process data as desired ... if(tenInts) { - wolfSSL_Free(tenInts); + wolfSSL_Free(tenInts, NULL, DYNAMIC_TYPE_TMP_BUFFER); } \endcode @@ -67,8 +65,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type); \sa XFREE \sa XREALLOC */ -void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, - unsigned int line); +void wolfSSL_Free(void *ptr, void* heap, int type); /*! \ingroup Memory diff --git a/doc/dox_comments/header_files/random.h b/doc/dox_comments/header_files/random.h index 80a16b501..8d415db21 100644 --- a/doc/dox_comments/header_files/random.h +++ b/doc/dox_comments/header_files/random.h @@ -24,7 +24,7 @@ \sa wc_FreeNetRandom */ -int wc_InitNetRandom(const char*, wnr_hmac_key, int); +int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout); /*! \ingroup Random diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h index 8a35464ab..2197dbcc0 100644 --- a/doc/dox_comments/header_files/wolfio.h +++ b/doc/dox_comments/header_files/wolfio.h @@ -115,7 +115,7 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); \sa wolfSSL_SSLSetIORecv \sa wolfSSL_dtls_get_current_timeout */ -int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx); +int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! \brief This function is the send embedded callback. @@ -189,8 +189,8 @@ int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); \sa wolfSSL_CTX_SetGenCookie */ -int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, - int sz, void *ctx); +int EmbedGenerateCookie(WOLFSSL* ssl, byte* buf, + int sz, void* ctx); /*! \brief This function frees the response buffer. From 590a02e541e2374b7c123ebbcb1f9c6575a60d18 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 3 Dec 2025 15:15:32 +0000 Subject: [PATCH 12/13] Fix Doxygen parameters --- doc/dox_comments/header_files/aes.h | 108 ++++++++++----------- doc/dox_comments/header_files/curve25519.h | 4 +- doc/dox_comments/header_files/curve448.h | 2 +- doc/dox_comments/header_files/ed25519.h | 2 +- doc/dox_comments/header_files/ed448.h | 24 +++-- doc/dox_comments/header_files/ssl.h | 25 +++-- 6 files changed, 90 insertions(+), 75 deletions(-) diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h index 5baeb1462..281029854 100644 --- a/doc/dox_comments/header_files/aes.h +++ b/doc/dox_comments/header_files/aes.h @@ -1203,19 +1203,19 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, \return other negative error values returned if AES or CMAC operations fail. - \param key buffer containing the key to use - \param keySz length of the key buffer in bytes + \param [in] key buffer containing the key to use + \param [in] keySz length of the key buffer in bytes \param[out] out buffer to hold the ciphertext. Should be the same length as the plaintext buffer - \param in plaintext buffer to encrypt - \param inSz length of plaintext buffer - \param nonce the cryptographic nonce to use for EAX operations - \param nonceSz length of nonce buffer in bytes + \param [in] in plaintext buffer to encrypt + \param [in] inSz length of plaintext buffer + \param [in] nonce the cryptographic nonce to use for EAX operations + \param [in] nonceSz length of nonce buffer in bytes \param[out] authTag pointer to the buffer in which to store the authentication tag - \param authTagSz length of the desired authentication tag - \param authIn pointer to the buffer containing input data to authenticate - \param authInSz length of the input authentication data + \param [in] authTagSz length of the desired authentication tag + \param [in] authIn pointer to the buffer containing input data to authenticate + \param [in] authInSz length of the input authentication data _Example_ \code @@ -1266,19 +1266,19 @@ WOLFSSL_API int wc_AesEaxEncryptAuth(const byte* key, word32 keySz, byte* out, \return other negative error values returned if AES or CMAC operations fail. - \param key byte buffer containing the key to use - \param keySz length of the key buffer in bytes + \param [in] key byte buffer containing the key to use + \param [in] keySz length of the key buffer in bytes \param[out] out buffer to hold the plaintext. Should be the same length as the input ciphertext buffer - \param in ciphertext buffer to decrypt - \param inSz length of ciphertext buffer - \param nonce the cryptographic nonce to use for EAX operations - \param nonceSz length of nonce buffer in bytes - \param authTag buffer that holds the authentication tag to check the + \param [in] in ciphertext buffer to decrypt + \param [in] inSz length of ciphertext buffer + \param [in] nonce the cryptographic nonce to use for EAX operations + \param [in] nonceSz length of nonce buffer in bytes + \param [in] authTag buffer that holds the authentication tag to check the authenticity of the data against - \param authTagSz Length of the input authentication tag - \param authIn pointer to the buffer containing input data to authenticate - \param authInSz length of the input authentication data + \param [in] authTagSz Length of the input authentication tag + \param [in] authIn pointer to the buffer containing input data to authenticate + \param [in] authInSz length of the input authentication data _Example_ \code @@ -1390,13 +1390,13 @@ WOLFSSL_API int wc_AesEaxInit(AesEax* eax, \return 0 on success \return error code on failure - \param eax AES EAX structure holding the context of the AEAD operation + \param [in] eax AES EAX structure holding the context of the AEAD operation \param[out] out output buffer holding the ciphertext - \param in input buffer holding the plaintext to encrypt - \param inSz size in bytes of the input data buffer - \param authIn (optional) input data to add to the authentication stream + \param [in] in input buffer holding the plaintext to encrypt + \param [in] inSz size in bytes of the input data buffer + \param [in] authIn (optional) input data to add to the authentication stream This argument should be NULL if not used - \param authInSz size in bytes of the input authentication data + \param [in] authInSz size in bytes of the input authentication data _Example_ \code @@ -1455,13 +1455,13 @@ WOLFSSL_API int wc_AesEaxEncryptUpdate(AesEax* eax, byte* out, \return 0 on success \return error code on failure - \param eax AES EAX structure holding the context of the AEAD operation + \param [in] eax AES EAX structure holding the context of the AEAD operation \param[out] out output buffer holding the decrypted plaintext - \param in input buffer holding the ciphertext - \param inSz size in bytes of the input data buffer - \param authIn (optional) input data to add to the authentication stream + \param [in] in input buffer holding the ciphertext + \param [in] inSz size in bytes of the input data buffer + \param [in] authIn (optional) input data to add to the authentication stream This argument should be NULL if not used - \param authInSz size in bytes of the input authentication data + \param [in] authInSz size in bytes of the input authentication data _Example_ @@ -1742,13 +1742,13 @@ WOLFSSL_API int wc_AesEaxFree(AesEax* eax); \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for encryption failures. - \param key pointer to the AES key used for encryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for encryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the encrypted ciphertext. Must be at least the size of the input. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. - \param iv pointer to the initialization vector (IV) used for encryption. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for encryption. Must be 16 bytes. _Example_ @@ -1780,13 +1780,13 @@ int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for encryption failures. - \param key pointer to the AES key used for encryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for encryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the encrypted ciphertext. Must be at least the same size as the input plaintext. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. - \param iv pointer to the initialization vector (IV) used for encryption. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for encryption. Must be 16 bytes. _Example_ \code @@ -1813,13 +1813,13 @@ int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, \return 0 on successful decryption. \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for decryption failures. - \param key pointer to the AES key used for decryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for decryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the decrypted plaintext. Must be at least the same size as the input ciphertext. - \param in pointer to the ciphertext input data to decrypt. - \param inSz size of the ciphertext input data in bytes. - \param iv pointer to the initialization vector (IV) used for decryption. + \param [in] in pointer to the ciphertext input data to decrypt. + \param [in] inSz size of the ciphertext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for decryption. Must be 16 bytes. _Example_ \code @@ -1845,14 +1845,14 @@ int wc_AesCtsDecrypt(const byte* key, word32 keySz, byte* out, It processes a chunk of plaintext and stores intermediate data. \return 0 on successful processing. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the encrypted ciphertext. Must be large enough to store the output from this update step. \param[out] outSz size in bytes of the output data written to the \c out buffer. - On input, it should contain the maximum number of bytes that can - be written to the \c out buffer. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. + On input, it should contain the maximum number of bytes that can + be written to the \c out buffer. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. _Example_ \code Aes aes; @@ -1880,7 +1880,7 @@ int wc_AesCtsEncryptUpdate(Aes* aes, byte* out, word32* outSz, It processes any remaining plaintext and completes the encryption. \return 0 on successful encryption completion. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the final encrypted ciphertext. Must be large enough to store any remaining ciphertext from this final step. \param[out] outSz size in bytes of the output data written to the \c out buffer. @@ -1913,14 +1913,14 @@ int wc_AesCtsEncryptFinal(Aes* aes, byte* out, word32* outSz); It processes a chunk of ciphertext and stores intermediate data. \return 0 on successful processing. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the decrypted plaintext. Must be large enough to store the output from this update step. \param[out] outSz size in bytes of the output data written to the \c out buffer. On input, it should contain the maximum number of bytes that can be written to the \c out buffer. - \param in pointer to the ciphertext input data to decrypt. - \param inSz size of the ciphertext input data in bytes. + \param [in] in pointer to the ciphertext input data to decrypt. + \param [in] inSz size of the ciphertext input data in bytes. _Example_ \code Aes aes; @@ -1948,7 +1948,7 @@ int wc_AesCtsDecryptUpdate(Aes* aes, byte* out, word32* outSz, It processes any remaining ciphertext and completes the decryption. \return 0 on successful decryption completion. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the final decrypted plaintext. Must be large enough to store any remaining plaintext from this final step. \param[out] outSz size in bytes of the output data written to the \c out buffer. diff --git a/doc/dox_comments/header_files/curve25519.h b/doc/dox_comments/header_files/curve25519.h index 6d625cb05..1c12300bc 100644 --- a/doc/dox_comments/header_files/curve25519.h +++ b/doc/dox_comments/header_files/curve25519.h @@ -108,7 +108,7 @@ int wc_curve25519_shared_secret(curve25519_key* private_key, the received public key. \param [out] out Pointer to a buffer in which to store the 32 byte computed secret key. - \param pin,out] outlen Pointer in which to store the length written to the + \param [in,out] outlen Pointer in which to store the length written to the output buffer. \param [in] endian EC25519_BIG_ENDIAN or EC25519_LITTLE_ENDIAN to set which form to use. @@ -537,7 +537,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen, \return BAD_FUNC_ARG Returned if any of the input parameters are NULL. \param [in] pub Pointer to the buffer containing the public key to check. - \param [in] pubLen Length of the public key to check. + \param [in] pubSz Length of the public key to check. \param [in] endian EC25519_BIG_ENDIAN or EC25519_LITTLE_ENDIAN to set which form to use. diff --git a/doc/dox_comments/header_files/curve448.h b/doc/dox_comments/header_files/curve448.h index 7219b7beb..8e0e125a0 100644 --- a/doc/dox_comments/header_files/curve448.h +++ b/doc/dox_comments/header_files/curve448.h @@ -533,7 +533,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen, \return BAD_FUNC_ARG Returned if any of the input parameters are NULL. \param [in] pub Pointer to the buffer containing the public key to check. - \param [in] pubLen Length of the public key to check. + \param [in] pubSz Length of the public key to check. \param [in] endian EC448_BIG_ENDIAN or EC448_LITTLE_ENDIAN to set which form to use. diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h index d165da255..977a8e4a9 100644 --- a/doc/dox_comments/header_files/ed25519.h +++ b/doc/dox_comments/header_files/ed25519.h @@ -201,7 +201,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out, to sign. \param [in] hashLen Length of the hash of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed25519_key with which to generate the signature. diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h index 6b0a4eeab..b6fad7a97 100644 --- a/doc/dox_comments/header_files/ed448.h +++ b/doc/dox_comments/header_files/ed448.h @@ -12,10 +12,8 @@ during function execution. \param [in] key Pointer to the ed448_key for which to generate a key. - \param [out] out Pointer to the buffer in which to store the public key. - \param [in,out] outLen Pointer to a word32 object with the size available - in out. Set with the number of bytes written to out after successfully - exporting the public key. + \param [out] pubKey Pointer to the buffer in which to store the public key. + \param [in] pubKeySz Size of the pubKey buffer in bytes. _Example_ \code @@ -93,9 +91,9 @@ int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key); function execution. \param [in] in Pointer to the buffer containing the message to sign. - \param [in] inlen Length of the message to sign. + \param [in] inLen Length of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. @@ -149,7 +147,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, to sign. \param [in] hashLen Length of the hash of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. @@ -202,9 +200,9 @@ int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out, function execution. \param [in] in Pointer to the buffer containing the message to sign. - \param [in] inlen Length of the message to sign. + \param [in] inLen Length of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. @@ -261,6 +259,8 @@ int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out, \param [in] siglen Length of the signature to verify. \param [in] msg Pointer to the buffer containing the message to verify. \param [in] msgLen Length of the message to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which @@ -314,7 +314,9 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg, \param [in] siglen Length of the signature to verify. \param [in] hash Pointer to the buffer containing the hash of the message to verify. - \param [in] hashLen Length of the hash to verify. + \param [in] hashlen Length of the hash to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which @@ -368,6 +370,8 @@ int wc_ed448ph_verify_hash(const byte* sig, word32 siglen, const byte* hash, \param [in] siglen Length of the signature to verify. \param [in] msg Pointer to the buffer containing the message to verify. \param [in] msgLen Length of the message to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4829d3884..bd772f244 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -15061,8 +15061,18 @@ unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s); - wolfSSL_SESSION_get_ex_new_index - wolfSSL_X509_get_ex_new_index - \param [in] All input parameters are ignored. The callback functions are not - supported with wolfSSL. + \param [in] class_index Identifier for the object class the external data + index applies to. Ignored by wolfSSL. + \param [in] argl Optional long argument passed through for compatibility. + Ignored by wolfSSL. + \param [in] argp Optional pointer argument passed through for compatibility. + Ignored by wolfSSL. + \param [in] new_func Pointer to an external data constructor callback. + Ignored by wolfSSL. + \param [in] dup_func Pointer to an external data duplicate callback. + Ignored by wolfSSL. + \param [in] free_func Pointer to an external data destructor callback. + Ignored by wolfSSL. \return The new index value to be used with the external data API for this object class. @@ -15829,11 +15839,12 @@ void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, ciphersuites and signature algorithms. \param [in] ssl The WOLFSSL object to extract the lists from. - \param [out] optional suites Raw and unfiltered list of client ciphersuites - \param [out] optional suiteSz Size of suites in bytes - \param [out] optional hashSigAlgo Raw and unfiltered list of client - signature algorithms - \param [out] optional hashSigAlgoSz Size of hashSigAlgo in bytes + \param [out] suites Raw and unfiltered list of client ciphersuites. + May be NULL if no suites are available. + \param [out] suiteSz Size of suites in bytes. + \param [out] hashSigAlgo Raw and unfiltered list of client signature + algorithms. May be NULL if not provided. + \param [out] hashSigAlgoSz Size of hashSigAlgo in bytes. \return WOLFSSL_SUCCESS when suites available \return WOLFSSL_FAILURE when suites not available From 2376e484d8bc0e4a969fae8b564551fc75b6c4e2 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 3 Dec 2025 15:21:11 +0000 Subject: [PATCH 13/13] Fix return values --- doc/dox_comments/header_files/memory.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h index 2f5e9cce1..fe18397db 100644 --- a/doc/dox_comments/header_files/memory.h +++ b/doc/dox_comments/header_files/memory.h @@ -376,8 +376,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); buffers to themselves for their lifetime. WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running - \return If successful, 0 will be returned. - \return All unsuccessful return values will be less than 0. + \return none This function does not return a value. \param pHint WOLFSSL_HEAP_HINT structure to use \param buf memory to use for all operations. @@ -420,8 +419,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, into functions. This extended version allows for custom bucket sizes and distributions instead of using the default predefined sizes. - \return If successful, 0 will be returned. - \return All unsuccessful return values will be less than 0. + \return none This function does not return a value. \param pHint WOLFSSL_HEAP_HINT handle to initialize \param listSz number of entries in the size and distribution lists