add compiler visibility detection, default hide, add external API linkage and internal LOCAL linkage

.gitignore

@@ -1,13 +1,14 @@
 *.lo
 *.la
 *.o
-*.m4
 *.deps
 *.libs
 *sh
 *.cache
 config*
 stamp*
+libtool.m4
+lt*.m4
 Makefile.in
 Makefile
 depcomp

configure.in

@@ -33,6 +33,7 @@ AC_CHECK_LIBM
 
 AC_CHECK_HEADERS(errno.h)
 
+
 OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
 OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
 OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
@@ -457,6 +458,9 @@ AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
 fi])
 
 
+PANDORA_VISIBILITY
+CFLAGS="$CFLAGS $CFLAG_VISIBILITY"
+
 AC_SUBST(CFLAGS)
 AC_SUBST(LIBS)
 

ctaocrypt/include/arc4.h

@@ -43,8 +43,8 @@ typedef struct Arc4 {
     byte state[ARC4_STATE_SIZE];
 } Arc4;
 
-void Arc4Process(Arc4*, byte*, const byte*, word32);
+CYASSL_API void Arc4Process(Arc4*, byte*, const byte*, word32);
-void Arc4SetKey(Arc4*, const byte*, word32);
+CYASSL_API void Arc4SetKey(Arc4*, const byte*, word32);
 
 
 #ifdef __cplusplus

ctaocrypt/include/asn.h

@@ -238,48 +238,59 @@ struct Signer {
 };
 
 
-void InitDecodedCert(DecodedCert*, byte*, void*);
+CYASSL_API void InitDecodedCert(DecodedCert*, byte*, void*);
-void FreeDecodedCert(DecodedCert*);
+CYASSL_API void FreeDecodedCert(DecodedCert*);
-int  ParseCert(DecodedCert*, word32, int type, int verify, Signer* signer);
+CYASSL_API int  ParseCert(DecodedCert*, word32, int type, int verify,
-int  ParseCertRelative(DecodedCert*, word32, int type, int verify,
+                          Signer* signer);
+CYASSL_LOCAL int ParseCertRelative(DecodedCert*, word32, int type, int verify,
                                    Signer* signer);
 
-word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,int hashOID);
+CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
+                                    int hashOID);
 
-Signer* MakeSigner(void*);
+CYASSL_LOCAL Signer* MakeSigner(void*);
-void    FreeSigners(Signer*, void*);
+CYASSL_LOCAL void    FreeSigners(Signer*, void*);
 
 
-int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
+CYASSL_API int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
-int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
+                                   word32);
-int ToTraditional(byte* buffer, word32 length);
+CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
-int ToTraditionalEnc(byte* buffer, word32 length, const char*, int);
+                                  word32);
+CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
+CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
 
 #ifndef NO_DH
-int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32);
+CYASSL_API int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
-int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz);
+                           word32);
+CYASSL_API int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
+                        word32 gSz);
 #endif
 
 #ifndef NO_DSA
-int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
+CYASSL_API int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
-int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
+                                  word32);
+CYASSL_API int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
+                                   word32);
 #endif
 
 #ifdef CYASSL_KEY_GEN
-int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
+CYASSL_API int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
 #endif
 
 #ifdef HAVE_ECC
     /* ASN sig helpers */
-    int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s);
+    CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
-    int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s);
+                                      mp_int* s);
+    CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
+                                       mp_int* r, mp_int* s);
     /* private key helpers */
-    int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,ecc_key*,word32);
+    CYASSL_LOCAL int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,
+                                         ecc_key*,word32);
 #endif
 
 #if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
-int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz,
+CYASSL_API int DerToPem(const byte* der, word32 derSz, byte* output,
-             int type);
+                        word32 outputSz, int type);
 #endif
 
 #ifdef CYASSL_CERT_GEN
@@ -331,14 +342,15 @@ typedef struct Cert {
    subject    = blank
    keyType    = RSA_KEY (default)
 */
-void InitCert(Cert*);
+CYASSL_API void InitCert(Cert*);
-int  MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
+CYASSL_API int  MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
+CYASSL_API int  SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
+CYASSL_API int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-int  SetIssuer(Cert*, const char*);
+                             RNG*);
+CYASSL_API int  SetIssuer(Cert*, const char*);
 #ifdef HAVE_NTRU
-int  MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey,
+CYASSL_API int  MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
-                  word16 keySz, RNG*);
+                             const byte* ntruKey, word16 keySz, RNG*);
 #endif
 
 

ctaocrypt/include/coding.h

@@ -31,11 +31,15 @@
 
 
 /* decode needed by CyaSSL */
-int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
+CYASSL_LOCAL int Base64Decode(const byte* in, word32 inLen, byte* out,
+                              word32* outLen);
 
 #if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(CYASSL_KEY_GEN)  || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER)
     /* encode isn't */
-    int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen);
+    CYASSL_LOCAL
+    int Base64Encode(const byte* in, word32 inLen, byte* out,
+                                  word32* outLen);
+    CYASSL_LOCAL 
     int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
 #endif
 

ctaocrypt/include/config.h

@@ -40,6 +40,10 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #define HAVE_UNISTD_H 1
 
+/* Define to 1 or 0, depending whether the compiler supports simple visibility
+   declarations. */
+#define HAVE_VISIBILITY 1
+
 /* Define to the sub-directory in which libtool stores uninstalled libraries.
    */
 #define LT_OBJDIR ".libs/"

ctaocrypt/include/config.h.in

@@ -39,6 +39,10 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
+/* Define to 1 or 0, depending whether the compiler supports simple visibility
+   declarations. */
+#undef HAVE_VISIBILITY
+
 /* Define to the sub-directory in which libtool stores uninstalled libraries.
    */
 #undef LT_OBJDIR

ctaocrypt/include/ctc_aes.h

@@ -69,9 +69,10 @@ typedef struct Aes {
 } Aes;
 
 
-int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir);
+CYASSL_API int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
-void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+                          int dir);
-void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_dh.h

@@ -40,13 +40,14 @@ typedef struct DhKey {
 } DhKey;
 
 
-void InitDhKey(DhKey* key);
+CYASSL_API void InitDhKey(DhKey* key);
-void FreeDhKey(DhKey* key);
+CYASSL_API void FreeDhKey(DhKey* key);
 
-int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
+CYASSL_API int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv,
-                      byte* pub, word32* pubSz);
+                                 word32* privSz, byte* pub, word32* pubSz);
-int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
+CYASSL_API int DhAgree(DhKey* key, byte* agree, word32* agreeSz,
-            word32 privSz, const byte* otherPub, word32 pubSz);
+                       const byte* priv, word32 privSz, const byte* otherPub,
+                       word32 pubSz);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_dsa.h

@@ -45,11 +45,12 @@ typedef struct DsaKey {
 } DsaKey;
 
 
-void InitDsaKey(DsaKey* key);
+CYASSL_API void InitDsaKey(DsaKey* key);
-void FreeDsaKey(DsaKey* key);
+CYASSL_API void FreeDsaKey(DsaKey* key);
 
-int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng);
+CYASSL_API int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng);
-int DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer);
+CYASSL_API int DsaVerify(const byte* digest, const byte* sig, DsaKey* key,
+                         int* answer);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_ecc.h

@@ -80,28 +80,36 @@ typedef struct {
 extern const ecc_set_type ecc_sets[];
 
 
+CYASSL_LOCAL
 int ecc_make_key(RNG* rng, int keysize, ecc_key* key);
+CYASSL_LOCAL
 int ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen);
-
+CYASSL_LOCAL 
 int ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, 
                   RNG* rng, ecc_key* key);
+CYASSL_LOCAL 
 int ecc_verify_hash(const byte* sig, word32 siglen, byte* hash, word32 hashlen, 
                     int* stat, ecc_key* key);
-
+CYASSL_LOCAL
 void ecc_init(ecc_key* key);
+CYASSL_LOCAL
 void ecc_free(ecc_key* key);
 
 
 /* ASN key helpers */
+CYASSL_LOCAL
 int ecc_export_x963(ecc_key*, byte* out, word32* outLen);
+CYASSL_LOCAL
 int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
-
+CYASSL_LOCAL
 int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
                            word32 pubSz, ecc_key* key);
 
 /* size helper */
+CYASSL_LOCAL
 int ecc_size(ecc_key* key);
+CYASSL_LOCAL
 int ecc_sig_size(ecc_key* key);
 
 /* TODO: fix mutex types */

ctaocrypt/include/ctc_hmac.h

@@ -70,9 +70,10 @@ typedef struct Hmac {
 } Hmac;
 
 
-void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); /* does init */
+/* does init */
-void HmacUpdate(Hmac*, const byte*, word32);
+CYASSL_API void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
-void HmacFinal(Hmac*, byte*);
+CYASSL_API void HmacUpdate(Hmac*, const byte*, word32);
+CYASSL_API void HmacFinal(Hmac*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_md4.h

@@ -50,9 +50,9 @@ typedef struct Md4 {
 } Md4;
 
 
-void InitMd4(Md4*);
+CYASSL_API void InitMd4(Md4*);
-void Md4Update(Md4*, const byte*, word32);
+CYASSL_API void Md4Update(Md4*, const byte*, word32);
-void Md4Final(Md4*, byte*);
+CYASSL_API void Md4Final(Md4*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_md5.h

@@ -49,9 +49,9 @@ typedef struct Md5 {
 } Md5;
 
 
-void InitMd5(Md5*);
+CYASSL_API void InitMd5(Md5*);
-void Md5Update(Md5*, const byte*, word32);
+CYASSL_API void Md5Update(Md5*, const byte*, word32);
-void Md5Final(Md5*, byte*);
+CYASSL_API void Md5Final(Md5*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_ripemd.h

@@ -52,9 +52,9 @@ typedef struct RipeMd {
 } RipeMd;
 
 
-void InitRipeMd(RipeMd*);
+CYASSL_API void InitRipeMd(RipeMd*);
-void RipeMdUpdate(RipeMd*, const byte*, word32);
+CYASSL_API void RipeMdUpdate(RipeMd*, const byte*, word32);
-void RipeMdFinal(RipeMd*, byte*);
+CYASSL_API void RipeMdFinal(RipeMd*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/ctc_rsa.h

@@ -45,24 +45,25 @@ typedef struct RsaKey {
 } RsaKey;
 
 
-void InitRsaKey(RsaKey* key, void*);
+CYASSL_API void InitRsaKey(RsaKey* key, void*);
-void FreeRsaKey(RsaKey* key);
+CYASSL_API void FreeRsaKey(RsaKey* key);
 
-int  RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
+CYASSL_API int  RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                      RsaKey* key, RNG* rng);
+                                 word32 outLen, RsaKey* key, RNG* rng);
-int  RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key);
+CYASSL_API int  RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
-int  RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
                                         RsaKey* key);
-int  RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
+CYASSL_API int  RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
-                 RsaKey* key, RNG* rng);
+                                  word32 outLen, RsaKey* key);
-int  RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key);
+CYASSL_API int  RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-int  RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
+                            word32 outLen, RsaKey* key, RNG* rng);
+CYASSL_API int  RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
                                     RsaKey* key);
-
+CYASSL_API int  RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
-int  RsaEncryptSize(RsaKey* key);
+                              word32 outLen, RsaKey* key);
+CYASSL_API int  RsaEncryptSize(RsaKey* key);
 
 #ifdef CYASSL_KEY_GEN
-    int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
+    CYASSL_API int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
 #endif
 
 

ctaocrypt/include/ctc_sha.h

@@ -50,9 +50,9 @@ typedef struct Sha {
 } Sha;
 
 
-void InitSha(Sha*);
+CYASSL_API void InitSha(Sha*);
-void ShaUpdate(Sha*, const byte*, word32);
+CYASSL_API void ShaUpdate(Sha*, const byte*, word32);
-void ShaFinal(Sha*, byte*);
+CYASSL_API void ShaFinal(Sha*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/cyassl_memory.h

@@ -37,13 +37,13 @@ typedef void (*CyaSSL_Free_cb)(void *ptr);
 typedef void *(*CyaSSL_Realloc_cb)(void *ptr, size_t size);
 
 
-int CyaSSL_SetAllocators(CyaSSL_Malloc_cb  malloc_function,
+CYASSL_API int CyaSSL_SetAllocators(CyaSSL_Malloc_cb  malloc_function,
                                     CyaSSL_Free_cb    free_function,
                                     CyaSSL_Realloc_cb realloc_function);
 
-void* CyaSSL_Malloc(size_t size);
+CYASSL_API void* CyaSSL_Malloc(size_t size);
-void  CyaSSL_Free(void *ptr);
+CYASSL_API void  CyaSSL_Free(void *ptr);
-void* CyaSSL_Realloc(void *ptr, size_t size);
+CYASSL_API void* CyaSSL_Realloc(void *ptr, size_t size);
 
 
 

ctaocrypt/include/des3.h

@@ -57,13 +57,13 @@ typedef struct Des3 {
 } Des3;
 
 
-void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
+CYASSL_API void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
-void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
-void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
 
-void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir);
+CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
-void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
-void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
 
 
 #ifdef __cplusplus

ctaocrypt/include/hc128.h

@@ -44,8 +44,8 @@ typedef struct HC128 {
 } HC128;
 
 
-void Hc128_Process(HC128*, byte*, const byte*, word32);
+CYASSL_API void Hc128_Process(HC128*, byte*, const byte*, word32);
-void Hc128_SetKey(HC128*, const byte* key, const byte* iv);
+CYASSL_API void Hc128_SetKey(HC128*, const byte* key, const byte* iv);
 
 
 #ifdef __cplusplus

ctaocrypt/include/logging.h

@@ -41,7 +41,7 @@ enum  CYA_Log_Levels {
 typedef void (*CyaSSL_Logging_cb)(const int logLevel,
                                   const char *const logMessage);
 
-int CyaSSL_SetLoggingCb(CyaSSL_Logging_cb log_function);
+CYASSL_API int CyaSSL_SetLoggingCb(CyaSSL_Logging_cb log_function);
 
 
 #ifdef DEBUG_CYASSL

ctaocrypt/include/misc.h

@@ -34,14 +34,21 @@
 
 
 #ifdef NO_INLINE
+CYASSL_LOCAL
 word32 rotlFixed(word32, word32);
+CYASSL_LOCAL
 word32 rotrFixed(word32, word32);
 
+CYASSL_LOCAL
 word32 ByteReverseWord32(word32);
+CYASSL_LOCAL
 void   ByteReverseWords(word32*, const word32*, word32);
+CYASSL_LOCAL
 void   ByteReverseBytes(byte*, const byte*, word32);
 
+CYASSL_LOCAL
 void XorWords(word*, const word*, word32);
+CYASSL_LOCAL
 void xorbuf(byte*, const byte*, word32);
 #endif /* NO_INLINE */
 

ctaocrypt/include/os_settings.h

@@ -41,10 +41,12 @@
 /* Uncomment next line if using Mbed */
 /* #define MBED */
 
-#ifdef USE_CYASSL_CONFIG
+#if defined(USE_CYASSL_CONFIG) || defined(HAVE_CONFIG_H)
     #include "config.h"   /* may not want global HAVE_CONFIG_H */
 #endif
 
+#include "visibility.h"
+
 #ifdef IPHONE
     #define SIZEOF_LONG_LONG 8
 #endif

ctaocrypt/include/pwdbased.h

@@ -34,13 +34,15 @@
 #endif
 
 
-int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
+CYASSL_API int PBKDF1(byte* output, const byte* passwd, int pLen,
-           int sLen, int iterations, int kLen, int hashType);
+                      const byte* salt, int sLen, int iterations, int kLen,
-int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
+                      int hashType);
-           int sLen, int iterations, int kLen, int hashType);
+CYASSL_API int PBKDF2(byte* output, const byte* passwd, int pLen,
-
+                      const byte* salt, int sLen, int iterations, int kLen,
-int PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, const byte* salt,
+                      int hashType);
-                 int sLen, int iterations, int kLen, int hashType, int purpose);
+CYASSL_API int PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
+                            const byte* salt, int sLen, int iterations,
+                            int kLen, int hashType, int purpose);
 
 
 #ifdef __cplusplus

ctaocrypt/include/rabbit.h

@@ -47,8 +47,8 @@ typedef struct Rabbit {
 } Rabbit;
 
 
-void RabbitProcess(Rabbit*, byte*, const byte*, word32);
+CYASSL_API void RabbitProcess(Rabbit*, byte*, const byte*, word32);
-void RabbitSetKey(Rabbit*, const byte* key, const byte* iv);
+CYASSL_API void RabbitSetKey(Rabbit*, const byte* key, const byte* iv);
 
 
 #ifdef __cplusplus

ctaocrypt/include/random.h

@@ -49,6 +49,7 @@ typedef struct OS_Seed {
     #endif
 } OS_Seed;
 
+CYASSL_LOCAL
 int GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 
 
@@ -59,9 +60,9 @@ typedef struct RNG {
 } RNG;
 
 
-int  InitRng(RNG*);
+CYASSL_API int  InitRng(RNG*);
-void RNG_GenerateBlock(RNG*, byte*, word32 sz);
+CYASSL_API void RNG_GenerateBlock(RNG*, byte*, word32 sz);
-byte RNG_GenerateByte(RNG*);
+CYASSL_API byte RNG_GenerateByte(RNG*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/sha256.h

@@ -55,9 +55,9 @@ typedef struct Sha256 {
 } Sha256;
 
 
-void InitSha256(Sha256*);
+CYASSL_API void InitSha256(Sha256*);
-void Sha256Update(Sha256*, const byte*, word32);
+CYASSL_API void Sha256Update(Sha256*, const byte*, word32);
-void Sha256Final(Sha256*, byte*);
+CYASSL_API void Sha256Final(Sha256*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/sha512.h

@@ -52,9 +52,9 @@ typedef struct Sha512 {
 } Sha512;
 
 
-void InitSha512(Sha512*);
+CYASSL_API void InitSha512(Sha512*);
-void Sha512Update(Sha512*, const byte*, word32);
+CYASSL_API void Sha512Update(Sha512*, const byte*, word32);
-void Sha512Final(Sha512*, byte*);
+CYASSL_API void Sha512Final(Sha512*, byte*);
 
 
 #ifdef __cplusplus

ctaocrypt/include/visibility.h

@@ -0,0 +1,67 @@
+/* visibility.h
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* Visibility control macros */
+
+#ifndef CTAO_CRYPT_VISIBILITY_H
+#define CTAO_CRYPT_VISIBILITY_H
+
+/* CYASSL_API is used for the public API symbols.
+        It either imports or exports (or does nothing for static builds)
+
+   CYASSL_LOCAL is used for non-API symbols (private).
+*/
+
+#if defined(BUILDING_CYASSL)
+    #if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY
+        #define CYASSL_API   __attribute__ ((visibility("default")))
+        #define CYASSL_LOCAL __attribute__ ((visibility("hidden")))
+    #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
+        #define CYASSL_API   __global  
+        #define CYASSL_LOCAL __hidden
+    #elif defined(_MSC_VER)
+        #ifdef CYASSL_DLL
+            #define CYASSL_API extern __declspec(dllexport)
+        #else
+            #define CYASSL_API
+        #endif
+        #define CYASSL_LOCAL
+    #else
+        #define CYASSL_API
+        #define CYASSL_LOCAL
+    #endif /* HAVE_VISIBILITY */
+#else /* BUILDING_CYASSL */
+    #if defined(_MSC_VER)
+        #ifdef CYASSL_DLL
+            #define CYASSL_API extern __declspec(dllimport)
+        #else
+            #define CYASSL_API
+        #endif
+        #define CYASSL_LOCAL
+    #else
+        #define CYASSL_API
+        #define CYASSL_LOCAL
+    #endif
+#endif /* BUILDING_CYASSL */
+
+
+#endif /* CTAO_CRYPT_VISIBILITY_H */
+

examples/echoserver/echoserver.c

@@ -27,7 +27,7 @@ static void SignalReady(void* args)
 }
 
 
-THREAD_RETURN CYASSL_API echoserver_test(void* args)
+THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 {
     SOCKET_T    sockfd = 0;
     SSL_METHOD* method = 0;

examples/server/server.c

@@ -39,7 +39,7 @@
 #endif
 
 
-THREAD_RETURN CYASSL_API server_test(void* args)
+THREAD_RETURN CYASSL_THREAD server_test(void* args)
 {
     SOCKET_T sockfd   = 0;
     int      clientfd = 0;

include/cyassl_error.h

@@ -107,6 +107,7 @@ enum CyaSSL_ErrorCodes {
 #endif
 
 
+CYASSL_LOCAL
 void SetErrorString(int error, char* buffer);
 
 

include/cyassl_int.h

@@ -428,13 +428,13 @@ typedef struct ProtocolVersion {
 } ProtocolVersion;
 
 
-ProtocolVersion MakeSSLv3(void);
+CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
-ProtocolVersion MakeTLSv1(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
-ProtocolVersion MakeTLSv1_1(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
-ProtocolVersion MakeTLSv1_2(void);
+CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
 
 #ifdef CYASSL_DTLS
-    ProtocolVersion MakeDTLSv1(void);
+    CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
 #endif
 
 
@@ -475,11 +475,12 @@ struct SSL_METHOD {
 
 
 /* defautls to client */
-void InitSSL_Method(SSL_METHOD*, ProtocolVersion);
+CYASSL_LOCAL void InitSSL_Method(SSL_METHOD*, ProtocolVersion);
 
 /* for sniffer */
-int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff);
+CYASSL_LOCAL int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx,
-int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx);
+                            int sniff);
+CYASSL_LOCAL int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx);
 
 
 /* CyaSSL buffer type */
@@ -559,7 +560,9 @@ typedef struct Suites {
 } Suites;
 
 
+CYASSL_LOCAL
 void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
+CYASSL_LOCAL
 int  SetCipherList(SSL_CTX* ctx, const char* list);
 
 #ifndef PSK_TYPES_DEFINED
@@ -572,11 +575,14 @@ int  SetCipherList(SSL_CTX* ctx, const char* list);
 
 #ifndef CYASSL_USER_IO
     /* default IO callbacks */
+    CYASSL_LOCAL
     int EmbedReceive(char *buf, int sz, void *ctx);
+    CYASSL_LOCAL 
     int EmbedSend(char *buf, int sz, void *ctx);
 #endif
 
 #ifdef CYASSL_DTLS
+    CYASSL_LOCAL
     int IsUDP(void*);
 #endif
 
@@ -624,14 +630,21 @@ struct SSL_CTX {
 };
 
 
+CYASSL_LOCAL
 void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*);
+CYASSL_LOCAL
 void FreeSSL_Ctx(SSL_CTX*);
+CYASSL_LOCAL
 void SSL_CtxResourceFree(SSL_CTX*);
 
+CYASSL_LOCAL
 int DeriveTlsKeys(SSL* ssl);
+CYASSL_LOCAL
 int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
                           word32 inSz, word16 sz);
+CYASSL_LOCAL
 int AddCA(SSL_CTX* ctx, buffer der);
+CYASSL_LOCAL
 int IsCA(SSL_CTX* ctx, byte* hash);
 
 /* All cipher suite related info */
@@ -813,7 +826,9 @@ struct SSL_SESSION {
 };
 
 
+CYASSL_LOCAL
 SSL_SESSION* GetSession(SSL*, byte*);
+CYASSL_LOCAL
 int          SetSession(SSL*, SSL_SESSION*);
 
 typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int);
@@ -1038,9 +1053,11 @@ struct SSL {
 };
 
 
+CYASSL_LOCAL
 int  InitSSL(SSL*, SSL_CTX*);
+CYASSL_LOCAL
 void FreeSSL(SSL*);
-void SSL_ResourceFree(SSL*);
+CYASSL_API void SSL_ResourceFree(SSL*);   /* Micrium uses */
 
 
 enum {
@@ -1060,14 +1077,22 @@ typedef struct EncryptedInfo {
 
 
 #ifdef CYASSL_CALLBACKS
+    CYASSL_LOCAL
     void InitHandShakeInfo(HandShakeInfo*);
+    CYASSL_LOCAL 
     void FinishHandShakeInfo(HandShakeInfo*, const SSL*);
+    CYASSL_LOCAL 
     void AddPacketName(const char*, HandShakeInfo*);
 
+    CYASSL_LOCAL
     void InitTimeoutInfo(TimeoutInfo*);
+    CYASSL_LOCAL 
     void FreeTimeoutInfo(TimeoutInfo*, void*);
+    CYASSL_LOCAL 
     void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
+    CYASSL_LOCAL 
     void AddLateName(const char*, TimeoutInfo*);
+    CYASSL_LOCAL 
     void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
 #endif
 
@@ -1158,41 +1183,41 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
 
 
 /* internal functions */
-int SendChangeCipher(SSL*);
+CYASSL_LOCAL int SendChangeCipher(SSL*);
-int SendData(SSL*, const void*, int);
+CYASSL_LOCAL int SendData(SSL*, const void*, int);
-int SendCertificate(SSL*);
+CYASSL_LOCAL int SendCertificate(SSL*);
-int SendCertificateRequest(SSL*);
+CYASSL_LOCAL int SendCertificateRequest(SSL*);
-int SendServerKeyExchange(SSL*);
+CYASSL_LOCAL int SendServerKeyExchange(SSL*);
-int SendBuffered(SSL*);
+CYASSL_LOCAL int SendBuffered(SSL*);
-int ReceiveData(SSL*, byte*, int);
+CYASSL_LOCAL int ReceiveData(SSL*, byte*, int);
-int SendFinished(SSL*);
+CYASSL_LOCAL int SendFinished(SSL*);
-int SendAlert(SSL*, int, int);
+CYASSL_LOCAL int SendAlert(SSL*, int, int);
-int ProcessReply(SSL*);
+CYASSL_LOCAL int ProcessReply(SSL*);
 
-int SetCipherSpecs(SSL*);
+CYASSL_LOCAL int SetCipherSpecs(SSL*);
-int MakeMasterSecret(SSL*);
+CYASSL_LOCAL int MakeMasterSecret(SSL*);
 
-int  AddSession(SSL*);
+CYASSL_LOCAL int  AddSession(SSL*);
-int  DeriveKeys(SSL* ssl);
+CYASSL_LOCAL int  DeriveKeys(SSL* ssl);
-int  StoreKeys(SSL* ssl, const byte* keyData);
+CYASSL_LOCAL int  StoreKeys(SSL* ssl, const byte* keyData);
 
-int IsTLS(const SSL* ssl);
+CYASSL_LOCAL int IsTLS(const SSL* ssl);
-int IsAtLeastTLSv1_2(const SSL* ssl);
+CYASSL_LOCAL int IsAtLeastTLSv1_2(const SSL* ssl);
 
-void ShrinkInputBuffer(SSL* ssl, int forcedFree);
+CYASSL_LOCAL void ShrinkInputBuffer(SSL* ssl, int forcedFree);
-void ShrinkOutputBuffer(SSL* ssl);
+CYASSL_LOCAL void ShrinkOutputBuffer(SSL* ssl);
 
 #ifndef NO_CYASSL_CLIENT
-    int SendClientHello(SSL*);
+    CYASSL_LOCAL int SendClientHello(SSL*);
-    int SendClientKeyExchange(SSL*);
+    CYASSL_LOCAL int SendClientKeyExchange(SSL*);
-    int SendCertificateVerify(SSL*);
+    CYASSL_LOCAL int SendCertificateVerify(SSL*);
 #endif /* NO_CYASSL_CLIENT */
 
 #ifndef NO_CYASSL_SERVER
-    int SendServerHello(SSL*);
+    CYASSL_LOCAL int SendServerHello(SSL*);
-    int SendServerHelloDone(SSL*);
+    CYASSL_LOCAL int SendServerHelloDone(SSL*);
     #ifdef CYASSL_DTLS
-        int SendHelloVerifyRequest(SSL*);
+        CYASSL_LOCAL int SendHelloVerifyRequest(SSL*);
     #endif
 #endif /* NO_CYASSL_SERVER */
 
@@ -1206,8 +1231,8 @@ void ShrinkOutputBuffer(SSL* ssl);
 
 typedef double timer_d;
 
-timer_d Timer(void);
+CYASSL_LOCAL timer_d Timer(void);
-word32  LowResTimer(void);
+CYASSL_LOCAL word32  LowResTimer(void);
 
 
 #ifdef SINGLE_THREADED
@@ -1226,10 +1251,10 @@ word32  LowResTimer(void);
     #endif /* USE_WINDOWS_API */
 #endif /* SINGLE_THREADED */
 
-int InitMutex(CyaSSL_Mutex*);
+CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
-int FreeMutex(CyaSSL_Mutex*);
+CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
-int LockMutex(CyaSSL_Mutex*);
+CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
-int UnLockMutex(CyaSSL_Mutex*);
+CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
 
 
 

include/openssl/crypto.h

@@ -7,8 +7,8 @@
 #include "prefix_crypto.h"
 #endif
 
-const char*   SSLeay_version(int type);
+CYASSL_API const char*   SSLeay_version(int type);
-unsigned long SSLeay(void);
+CYASSL_API unsigned long SSLeay(void);
 
 
 #define SSLEAY_VERSION 0x0090600fL

include/openssl/cyassl_test.h

@@ -71,16 +71,16 @@
 #ifdef SINGLE_THREADED
     typedef unsigned int  THREAD_RETURN;
     typedef void*         THREAD_TYPE;
-    #define CYASSL_API
+    #define CYASSL_THREAD
 #else
     #ifndef _POSIX_THREADS
         typedef unsigned int  THREAD_RETURN;
         typedef HANDLE        THREAD_TYPE;
-        #define CYASSL_API __stdcall
+        #define CYASSL_THREAD __stdcall
     #else
         typedef void*         THREAD_RETURN;
         typedef pthread_t     THREAD_TYPE;
-        #define CYASSL_API 
+        #define CYASSL_THREAD
     #endif
 #endif
 
@@ -137,7 +137,7 @@ typedef struct func_args {
 } func_args;
 
 
-typedef THREAD_RETURN CYASSL_API THREAD_FUNC(void*);
+typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);
 
 void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
 void join_thread(THREAD_TYPE);

include/openssl/des.h

@@ -49,18 +49,18 @@ enum {
 };
 
 
-void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
+CYASSL_API void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
-int  DES_key_sched(const_DES_cblock* key, DES_key_schedule* schedule);
+CYASSL_API int  DES_key_sched(const_DES_cblock* key,DES_key_schedule* schedule);
-void DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
+CYASSL_API void DES_cbc_encrypt(const unsigned char* input,
-                     long length, DES_key_schedule* schedule, DES_cblock* ivec,
+                     unsigned char* output, long length,
-                     int enc);
+                     DES_key_schedule* schedule, DES_cblock* ivec, int enc);
-void DES_ncbc_encrypt(const unsigned char* input, unsigned char* output,
+CYASSL_API void DES_ncbc_encrypt(const unsigned char* input,
-                      long length, DES_key_schedule* schedule, DES_cblock* ivec,
+                      unsigned char* output, long length,
-                      int enc);
+                      DES_key_schedule* schedule, DES_cblock* ivec, int enc);
 
-
+CYASSL_API void DES_set_odd_parity(DES_cblock*);
-void DES_set_odd_parity(DES_cblock*);
+CYASSL_API void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*,
-void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
+                                int);
 
 #ifdef __cplusplus
     } /* extern "C" */

include/openssl/evp.h

@@ -44,8 +44,8 @@
 typedef char EVP_MD;
 typedef char EVP_CIPHER;
 
-const EVP_MD* EVP_md5(void);
+CYASSL_API const EVP_MD* EVP_md5(void);
-const EVP_MD* EVP_sha1(void);
+CYASSL_API const EVP_MD* EVP_sha1(void);
 
 
 typedef union {
@@ -60,16 +60,19 @@ typedef struct EVP_MD_CTX {
 } EVP_MD_CTX;
 
 
-void EVP_MD_CTX_init(EVP_MD_CTX* ctx);
+CYASSL_API void EVP_MD_CTX_init(EVP_MD_CTX* ctx);
-int  EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx);
+CYASSL_API int  EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx);
 
-int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type);
+CYASSL_API int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type);
-int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, unsigned long sz);
+CYASSL_API int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data,
-int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s);
+                                unsigned long sz);
-int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s);
+CYASSL_API int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md,
-
+                               unsigned int* s);
-int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const unsigned char*,
+CYASSL_API int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md,
-                const unsigned char*, int, int, unsigned char*, unsigned char*);
+                                  unsigned int* s);
+CYASSL_API int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*,
+                              const unsigned char*, const unsigned char*,
+                              int, int, unsigned char*, unsigned char*);
 
 #ifdef __cplusplus
     } /* extern "C" */

include/openssl/hmac.h

@@ -40,8 +40,9 @@
 #endif
 
 
-unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len,
+CYASSL_API unsigned char* HMAC(const EVP_MD* evp_md, const void* key,
-    const unsigned char* d, int n, unsigned char* md, unsigned int* md_len);
+                               int key_len, const unsigned char* d, int n,
+                               unsigned char* md, unsigned int* md_len);
 
 
 #ifdef __cplusplus

include/openssl/md5.h

@@ -17,9 +17,9 @@ typedef struct MD5_CTX {
     int holder[24];   /* big enough to hold ctaocrypt md5, but check on init */
 } MD5_CTX;
 
-void MD5_Init(MD5_CTX*);
+CYASSL_API void MD5_Init(MD5_CTX*);
-void MD5_Update(MD5_CTX*, const void*, unsigned long);
+CYASSL_API void MD5_Update(MD5_CTX*, const void*, unsigned long);
-void MD5_Final(unsigned char*, MD5_CTX*);
+CYASSL_API void MD5_Final(unsigned char*, MD5_CTX*);
 
 
 

include/openssl/sha.h

@@ -17,14 +17,14 @@ typedef struct SHA_CTX {
     int holder[24];   /* big enough to hold ctaocrypt sha, but check on init */
 } SHA_CTX;
 
-void SHA_Init(SHA_CTX*);
+CYASSL_API void SHA_Init(SHA_CTX*);
-void SHA_Update(SHA_CTX*, const void*, unsigned long);
+CYASSL_API void SHA_Update(SHA_CTX*, const void*, unsigned long);
-void SHA_Final(unsigned char*, SHA_CTX*);
+CYASSL_API void SHA_Final(unsigned char*, SHA_CTX*);
 
 /* SHA1 points to above, shouldn't use SHA0 ever */
-void SHA1_Init(SHA_CTX*);
+CYASSL_API void SHA1_Init(SHA_CTX*);
-void SHA1_Update(SHA_CTX*, const void*, unsigned long);
+CYASSL_API void SHA1_Update(SHA_CTX*, const void*, unsigned long);
-void SHA1_Final(unsigned char*, SHA_CTX*);
+CYASSL_API void SHA1_Final(unsigned char*, SHA_CTX*);
 
 enum {
     SHA_DIGEST_LENGTH = 20

include/openssl/ssl.h

@@ -125,246 +125,251 @@ typedef struct X509_STORE_CTX {
 } X509_STORE_CTX;
 
 
-SSL_METHOD *SSLv3_server_method(void);
+CYASSL_API SSL_METHOD *SSLv3_server_method(void);
-SSL_METHOD *SSLv3_client_method(void);
+CYASSL_API SSL_METHOD *SSLv3_client_method(void);
-SSL_METHOD *TLSv1_server_method(void);  
+CYASSL_API SSL_METHOD *TLSv1_server_method(void);  
-SSL_METHOD *TLSv1_client_method(void);
+CYASSL_API SSL_METHOD *TLSv1_client_method(void);
-SSL_METHOD *TLSv1_1_server_method(void);  
+CYASSL_API SSL_METHOD *TLSv1_1_server_method(void);  
-SSL_METHOD *TLSv1_1_client_method(void);
+CYASSL_API SSL_METHOD *TLSv1_1_client_method(void);
-SSL_METHOD *TLSv1_2_server_method(void);  
+CYASSL_API SSL_METHOD *TLSv1_2_server_method(void);  
-SSL_METHOD *TLSv1_2_client_method(void);
+CYASSL_API SSL_METHOD *TLSv1_2_client_method(void);
 
 #ifdef CYASSL_DTLS
-    SSL_METHOD *DTLSv1_client_method(void);
+    CYASSL_API SSL_METHOD *DTLSv1_client_method(void);
-    SSL_METHOD *DTLSv1_server_method(void);
+    CYASSL_API SSL_METHOD *DTLSv1_server_method(void);
 #endif
 
 #ifndef NO_FILESYSTEM
 
-int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
+CYASSL_API int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
+CYASSL_API int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
-int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
+CYASSL_API int SSL_CTX_load_verify_locations(SSL_CTX*, const char*,const char*);
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+CYASSL_API int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *file);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
+CYASSL_API int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
 
 #ifdef CYASSL_DER_LOAD
-    int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int);
+    CYASSL_API int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int);
 #endif
 
 #ifdef HAVE_NTRU
-    int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU 
+    CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*);
-                                                             private key blob */
+    /* load NTRU private key blob */
 #endif
 
-int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
+CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
 
 #endif /* NO_FILESYSTEM */
 
-SSL_CTX* SSL_CTX_new(SSL_METHOD*);
+CYASSL_API SSL_CTX* SSL_CTX_new(SSL_METHOD*);
-SSL* SSL_new(SSL_CTX*);
+CYASSL_API SSL* SSL_new(SSL_CTX*);
-int  SSL_set_fd (SSL*, int);
+CYASSL_API int  SSL_set_fd (SSL*, int);
-int  SSL_get_fd(const SSL*);
+CYASSL_API int  SSL_get_fd(const SSL*);
-int  SSL_connect(SSL*);                   /* please see note at top of README
+CYASSL_API int  SSL_connect(SSL*);           /* please see note at top of README
                                              if you get an error from connect */
-int  SSL_write(SSL*, const void*, int);
+CYASSL_API int  SSL_write(SSL*, const void*, int);
-int  SSL_read(SSL*, void*, int);
+CYASSL_API int  SSL_read(SSL*, void*, int);
-int  SSL_accept(SSL*);
+CYASSL_API int  SSL_accept(SSL*);
-void SSL_CTX_free(SSL_CTX*);
+CYASSL_API void SSL_CTX_free(SSL_CTX*);
-void SSL_free(SSL*);
+CYASSL_API void SSL_free(SSL*);
-int  SSL_shutdown(SSL*);
+CYASSL_API int  SSL_shutdown(SSL*);
 
-void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int);
+CYASSL_API void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int);
 
-int  SSL_get_error(SSL*, int);
+CYASSL_API int  SSL_get_error(SSL*, int);
 
-int          SSL_set_session(SSL *ssl, SSL_SESSION *session);
+CYASSL_API int          SSL_set_session(SSL *ssl, SSL_SESSION *session);
-SSL_SESSION* SSL_get_session(SSL* ssl);
+CYASSL_API SSL_SESSION* SSL_get_session(SSL* ssl);
-void         SSL_flush_sessions(SSL_CTX *ctx, long tm);
+CYASSL_API void         SSL_flush_sessions(SSL_CTX *ctx, long tm);
 
 
 typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
 typedef int (*pem_password_cb)(char*, int, int, void*);
 
-void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback);
+CYASSL_API void SSL_CTX_set_verify(SSL_CTX*,int,VerifyCallback verify_callback);
 
 
-int  SSL_pending(SSL*);
+CYASSL_API int  SSL_pending(SSL*);
 
 
-void SSL_load_error_strings(void);
+CYASSL_API void SSL_load_error_strings(void);
-int  SSL_library_init(void);
+CYASSL_API int  SSL_library_init(void);
-long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
+CYASSL_API long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
 
 /* only supports full name from cipher_name[] delimited by : */
-int  SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
+CYASSL_API int  SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
 
-char* ERR_error_string(unsigned long,char*);
+CYASSL_API char* ERR_error_string(unsigned long,char*);
-void  ERR_error_string_n(unsigned long e, char *buf, unsigned long len);
+CYASSL_API void  ERR_error_string_n(unsigned long e,char *buf,unsigned long sz);
 
 
 /* extras */
 
 #define STACK_OF(x) x
 
-int  SSL_set_ex_data(SSL*, int, void*);
+CYASSL_API int  SSL_set_ex_data(SSL*, int, void*);
-int  SSL_get_shutdown(const SSL*);
+CYASSL_API int  SSL_get_shutdown(const SSL*);
-int  SSL_set_rfd(SSL*, int);
+CYASSL_API int  SSL_set_rfd(SSL*, int);
-int  SSL_set_wfd(SSL*, int);
+CYASSL_API int  SSL_set_wfd(SSL*, int);
-void SSL_set_shutdown(SSL*, int);
+CYASSL_API void SSL_set_shutdown(SSL*, int);
-int  SSL_set_session_id_context(SSL*, const unsigned char*, unsigned int);
+CYASSL_API int  SSL_set_session_id_context(SSL*, const unsigned char*,
-void SSL_set_connect_state(SSL*);
+                                           unsigned int);
-void SSL_set_accept_state(SSL*);
+CYASSL_API void SSL_set_connect_state(SSL*);
-int  SSL_session_reused(SSL*);
+CYASSL_API void SSL_set_accept_state(SSL*);
-void SSL_SESSION_free(SSL_SESSION* session);
+CYASSL_API int  SSL_session_reused(SSL*);
+CYASSL_API void SSL_SESSION_free(SSL_SESSION* session);
 
-const char*  SSL_get_version(SSL*);
+CYASSL_API const char*  SSL_get_version(SSL*);
-SSL_CIPHER*  SSL_get_current_cipher(SSL*);
+CYASSL_API SSL_CIPHER*  SSL_get_current_cipher(SSL*);
-char*        SSL_CIPHER_description(SSL_CIPHER*, char*, int);
+CYASSL_API char*        SSL_CIPHER_description(SSL_CIPHER*, char*, int);
-const char*  SSL_CIPHER_get_name(const SSL_CIPHER* cipher);
+CYASSL_API const char*  SSL_CIPHER_get_name(const SSL_CIPHER* cipher);
-SSL_SESSION* SSL_get1_session(SSL* ssl);  /* what's ref count */
+CYASSL_API SSL_SESSION* SSL_get1_session(SSL* ssl);  /* what's ref count */
 
-void X509_free(X509*);
+CYASSL_API void X509_free(X509*);
-void OPENSSL_free(void*);
+CYASSL_API void OPENSSL_free(void*);
 
-int OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl);
+CYASSL_API int OCSP_parse_url(char* url, char** host, char** port, char** path,
+                              int* ssl);
 
-SSL_METHOD* SSLv23_client_method(void);
+CYASSL_API SSL_METHOD* SSLv23_client_method(void);
-SSL_METHOD* SSLv2_client_method(void);
+CYASSL_API SSL_METHOD* SSLv2_client_method(void);
-SSL_METHOD* SSLv2_server_method(void);
+CYASSL_API SSL_METHOD* SSLv2_server_method(void);
 
-void MD4_Init(MD4_CTX*);
+CYASSL_API void MD4_Init(MD4_CTX*);
-void MD4_Update(MD4_CTX*, const void*, unsigned long);
+CYASSL_API void MD4_Update(MD4_CTX*, const void*, unsigned long);
-void MD4_Final(unsigned char*, MD4_CTX*);
+CYASSL_API void MD4_Final(unsigned char*, MD4_CTX*);
 
-BIO* BIO_new(BIO_METHOD*);
+CYASSL_API BIO* BIO_new(BIO_METHOD*);
-int  BIO_free(BIO*);
+CYASSL_API int  BIO_free(BIO*);
-int  BIO_free_all(BIO*);
+CYASSL_API int  BIO_free_all(BIO*);
-int  BIO_read(BIO*, void*, int);
+CYASSL_API int  BIO_read(BIO*, void*, int);
-int  BIO_write(BIO*, const void*, int);
+CYASSL_API int  BIO_write(BIO*, const void*, int);
-BIO* BIO_push(BIO*, BIO* append);
+CYASSL_API BIO* BIO_push(BIO*, BIO* append);
-BIO* BIO_pop(BIO*);
+CYASSL_API BIO* BIO_pop(BIO*);
-int  BIO_flush(BIO*);
+CYASSL_API int  BIO_flush(BIO*);
-int  BIO_pending(BIO*);
+CYASSL_API int  BIO_pending(BIO*);
 
-BIO_METHOD* BIO_f_buffer(void);
+CYASSL_API BIO_METHOD* BIO_f_buffer(void);
-long        BIO_set_write_buffer_size(BIO*, long size);
+CYASSL_API long        BIO_set_write_buffer_size(BIO*, long size);
-BIO_METHOD* BIO_f_ssl(void);
+CYASSL_API BIO_METHOD* BIO_f_ssl(void);
-BIO*        BIO_new_socket(int sfd, int flag);
+CYASSL_API BIO*        BIO_new_socket(int sfd, int flag);
-void        SSL_set_bio(SSL*, BIO* rd, BIO* wr);
+CYASSL_API void        SSL_set_bio(SSL*, BIO* rd, BIO* wr);
-int         BIO_eof(BIO*);
+CYASSL_API int         BIO_eof(BIO*);
-long        BIO_set_ssl(BIO*, SSL*, int flag);
+CYASSL_API long        BIO_set_ssl(BIO*, SSL*, int flag);
 
-BIO_METHOD* BIO_s_mem(void);
+CYASSL_API BIO_METHOD* BIO_s_mem(void);
-BIO_METHOD* BIO_f_base64(void);
+CYASSL_API BIO_METHOD* BIO_f_base64(void);
-void        BIO_set_flags(BIO*, int);
+CYASSL_API void        BIO_set_flags(BIO*, int);
 
-void OpenSSL_add_all_algorithms(void);
+CYASSL_API void OpenSSL_add_all_algorithms(void);
-int  SSLeay_add_ssl_algorithms(void);
+CYASSL_API int  SSLeay_add_ssl_algorithms(void);
-int  SSLeay_add_all_algorithms(void);
+CYASSL_API int  SSLeay_add_all_algorithms(void);
 
-void        RAND_screen(void);
+CYASSL_API void        RAND_screen(void);
-const char* RAND_file_name(char*, unsigned long);
+CYASSL_API const char* RAND_file_name(char*, unsigned long);
-int         RAND_write_file(const char*);
+CYASSL_API int         RAND_write_file(const char*);
-int         RAND_load_file(const char*, long);
+CYASSL_API int         RAND_load_file(const char*, long);
-int         RAND_egd(const char*);
+CYASSL_API int         RAND_egd(const char*);
 
-COMP_METHOD* COMP_zlib(void);
+CYASSL_API COMP_METHOD* COMP_zlib(void);
-COMP_METHOD* COMP_rle(void);
+CYASSL_API COMP_METHOD* COMP_rle(void);
-int SSL_COMP_add_compression_method(int, void*);
+CYASSL_API int SSL_COMP_add_compression_method(int, void*);
 
-int SSL_get_ex_new_index(long, void*, void*, void*, void*);
+CYASSL_API int SSL_get_ex_new_index(long, void*, void*, void*, void*);
 
-void CRYPTO_set_id_callback(unsigned long (*f)(void));
+CYASSL_API void CRYPTO_set_id_callback(unsigned long (*f)(void));
-void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int));
+CYASSL_API void CRYPTO_set_locking_callback(void (*f)(int, int, const char*,
-void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)(const char*,
                                                       int));
-void CRYPTO_set_dynlock_lock_callback(void (*f)(int, CRYPTO_dynlock_value*,
+CYASSL_API void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)
-                                                const char*, int));
+                                                   (const char*, int));
-void CRYPTO_set_dynlock_destroy_callback(void (*f)(CRYPTO_dynlock_value*,
+CYASSL_API void CRYPTO_set_dynlock_lock_callback(void (*f)(int,
-                                                   const char*, int));
+                                      CRYPTO_dynlock_value*, const char*, int));
+CYASSL_API void CRYPTO_set_dynlock_destroy_callback(void (*f)
+                                     (CRYPTO_dynlock_value*, const char*, int));
 
-X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
+CYASSL_API X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
-int   X509_STORE_CTX_get_error(X509_STORE_CTX*);
+CYASSL_API int   X509_STORE_CTX_get_error(X509_STORE_CTX*);
-int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
+CYASSL_API int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
 
-char*       X509_NAME_oneline(X509_NAME*, char*, int);
+CYASSL_API char*       X509_NAME_oneline(X509_NAME*, char*, int);
-X509_NAME*  X509_get_issuer_name(X509*);
+CYASSL_API X509_NAME*  X509_get_issuer_name(X509*);
-X509_NAME*  X509_get_subject_name(X509*);
+CYASSL_API X509_NAME*  X509_get_subject_name(X509*);
-const char* X509_verify_cert_error_string(long);
+CYASSL_API const char* X509_verify_cert_error_string(long);
 
-int                 X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
+CYASSL_API int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
-int                 X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
+CYASSL_API int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
-X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
+CYASSL_API X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
+CYASSL_API X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
 
-X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
+CYASSL_API X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
-X509_STORE*  X509_STORE_new(void);
+CYASSL_API X509_STORE*  X509_STORE_new(void);
-int          X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*,
+CYASSL_API int          X509_STORE_get_by_subject(X509_STORE_CTX*, int,
-                                       X509_OBJECT*);
+                                                  X509_NAME*, X509_OBJECT*);
-int  X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*, STACK_OF(X509)*);
+CYASSL_API int  X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*,
-void X509_STORE_CTX_cleanup(X509_STORE_CTX*);
+                                    STACK_OF(X509)*);
+CYASSL_API void X509_STORE_CTX_cleanup(X509_STORE_CTX*);
 
-ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*);
+CYASSL_API ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*);
-ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*);
+CYASSL_API ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*);
 
-EVP_PKEY* X509_get_pubkey(X509*);
+CYASSL_API EVP_PKEY* X509_get_pubkey(X509*);
-int       X509_CRL_verify(X509_CRL*, EVP_PKEY*);
+CYASSL_API int       X509_CRL_verify(X509_CRL*, EVP_PKEY*);
-void      X509_STORE_CTX_set_error(X509_STORE_CTX*, int);
+CYASSL_API void      X509_STORE_CTX_set_error(X509_STORE_CTX*, int);
-void      X509_OBJECT_free_contents(X509_OBJECT*);
+CYASSL_API void      X509_OBJECT_free_contents(X509_OBJECT*);
-void      EVP_PKEY_free(EVP_PKEY*);
+CYASSL_API void      EVP_PKEY_free(EVP_PKEY*);
-int       X509_cmp_current_time(const ASN1_TIME*);
+CYASSL_API int       X509_cmp_current_time(const ASN1_TIME*);
-int       sk_X509_REVOKED_num(X509_REVOKED*);
+CYASSL_API int       sk_X509_REVOKED_num(X509_REVOKED*);
 
-X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*);
+CYASSL_API X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*);
-X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int);
+CYASSL_API X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int);
 
-ASN1_INTEGER* X509_get_serialNumber(X509*);
+CYASSL_API ASN1_INTEGER* X509_get_serialNumber(X509*);
 
-int ASN1_TIME_print(BIO*, const ASN1_TIME*);
+CYASSL_API int ASN1_TIME_print(BIO*, const ASN1_TIME*);
 
-int  ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*);
+CYASSL_API int  ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*);
-long ASN1_INTEGER_get(const ASN1_INTEGER*);
+CYASSL_API long ASN1_INTEGER_get(const ASN1_INTEGER*);
 
-STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*);
+CYASSL_API STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*);
 
-void  SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*);
+CYASSL_API void  SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*);
-void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int);
+CYASSL_API void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int);
-int   SSL_get_ex_data_X509_STORE_CTX_idx(void);
+CYASSL_API int   SSL_get_ex_data_X509_STORE_CTX_idx(void);
-void* SSL_get_ex_data(const SSL*, int);
+CYASSL_API void* SSL_get_ex_data(const SSL*, int);
 
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
+CYASSL_API void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*,void* userdata);
-void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
+CYASSL_API void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
 
 
-long SSL_CTX_set_timeout(SSL_CTX*, long);
+CYASSL_API long SSL_CTX_set_timeout(SSL_CTX*, long);
-void SSL_CTX_set_info_callback(SSL_CTX*, void (*)(void));
+CYASSL_API void SSL_CTX_set_info_callback(SSL_CTX*, void (*)(void));
 
-unsigned long ERR_peek_error(void);
+CYASSL_API unsigned long ERR_peek_error(void);
-int           ERR_GET_REASON(int);
+CYASSL_API int           ERR_GET_REASON(int);
 
-char* SSL_alert_type_string_long(int);
+CYASSL_API char* SSL_alert_type_string_long(int);
-char* SSL_alert_desc_string_long(int);
+CYASSL_API char* SSL_alert_desc_string_long(int);
-char* SSL_state_string_long(SSL*);
+CYASSL_API char* SSL_state_string_long(SSL*);
 
-void RSA_free(RSA*);
+CYASSL_API void RSA_free(RSA*);
-RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
+CYASSL_API RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*),
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
+                                 void*);
+CYASSL_API void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
 
-int PEM_def_callback(char*, int num, int w, void* key);
+CYASSL_API int PEM_def_callback(char*, int num, int w, void* key);
 
-long SSL_CTX_sess_accept(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_accept(SSL_CTX*);
-long SSL_CTX_sess_connect(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_connect(SSL_CTX*);
-long SSL_CTX_sess_accept_good(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_accept_good(SSL_CTX*);
-long SSL_CTX_sess_connect_good(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_connect_good(SSL_CTX*);
-long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
-long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
-long SSL_CTX_sess_hits(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_hits(SSL_CTX*);
-long SSL_CTX_sess_cb_hits(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_cb_hits(SSL_CTX*);
-long SSL_CTX_sess_cache_full(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_cache_full(SSL_CTX*);
-long SSL_CTX_sess_misses(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_misses(SSL_CTX*);
-long SSL_CTX_sess_timeouts(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_timeouts(SSL_CTX*);
-long SSL_CTX_sess_number(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_number(SSL_CTX*);
-long SSL_CTX_sess_get_cache_size(SSL_CTX*);
+CYASSL_API long SSL_CTX_sess_get_cache_size(SSL_CTX*);
 
 
 #define SSL_DEFAULT_CIPHER_LIST ""   /* default all */
@@ -463,7 +468,7 @@ enum {
 #ifndef NO_FILESYSTEM
 /* CyaSSL extension, provide last error from SSL_get_error
    since not using thread storage error queue */
-void  ERR_print_errors_fp(FILE*, int err);
+CYASSL_API void  ERR_print_errors_fp(FILE*, int err);
 #endif
 
 enum { /* ssl Constants */
@@ -523,19 +528,21 @@ enum { /* ssl Constants */
 #ifndef NO_PSK
     typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
                                     unsigned int, unsigned char*, unsigned int);
-    void SSL_CTX_set_psk_client_callback(SSL_CTX*, psk_client_callback);
+    CYASSL_API void SSL_CTX_set_psk_client_callback(SSL_CTX*,
-    void SSL_set_psk_client_callback(SSL*, psk_client_callback);
+                                                    psk_client_callback);
+    CYASSL_API void SSL_set_psk_client_callback(SSL*, psk_client_callback);
 
-    const char* SSL_get_psk_identity_hint(const SSL*);
+    CYASSL_API const char* SSL_get_psk_identity_hint(const SSL*);
-    const char* SSL_get_psk_identity(const SSL*);
+    CYASSL_API const char* SSL_get_psk_identity(const SSL*);
 
-    int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*);
+    CYASSL_API int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*);
-    int SSL_use_psk_identity_hint(SSL*, const char*);
+    CYASSL_API int SSL_use_psk_identity_hint(SSL*, const char*);
 
     typedef unsigned int (*psk_server_callback)(SSL*, const char*,
                           unsigned char*, unsigned int);
-    void SSL_CTX_set_psk_server_callback(SSL_CTX*, psk_server_callback);
+    CYASSL_API void SSL_CTX_set_psk_server_callback(SSL_CTX*,
-    void SSL_set_psk_server_callback(SSL*, psk_server_callback);
+                                                    psk_server_callback);
+    CYASSL_API void SSL_set_psk_server_callback(SSL*, psk_server_callback);
 
     #define PSK_TYPES_DEFINED
 #endif /* NO_PSK */
@@ -547,59 +554,62 @@ enum {  /* ERR Constants */
     ERR_TXT_STRING = 1
 };
 
-unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
+CYASSL_API unsigned long ERR_get_error_line_data(const char**, int*,
+                                                 const char**, int *);
 
-unsigned long ERR_get_error(void);
+CYASSL_API unsigned long ERR_get_error(void);
-void          ERR_clear_error(void);
+CYASSL_API void          ERR_clear_error(void);
 
 
-int  RAND_status(void);
+CYASSL_API int  RAND_status(void);
-int  RAND_bytes(unsigned char* buf, int num);
+CYASSL_API int  RAND_bytes(unsigned char* buf, int num);
-SSL_METHOD *SSLv23_server_method(void);
+CYASSL_API SSL_METHOD *SSLv23_server_method(void);
-long SSL_CTX_set_options(SSL_CTX*, long);
+CYASSL_API long SSL_CTX_set_options(SSL_CTX*, long);
-int  SSL_CTX_check_private_key(SSL_CTX*);
+CYASSL_API int  SSL_CTX_check_private_key(SSL_CTX*);
 
 
-void ERR_free_strings(void);
+CYASSL_API void ERR_free_strings(void);
-void ERR_remove_state(unsigned long);
+CYASSL_API void ERR_remove_state(unsigned long);
-void EVP_cleanup(void);
+CYASSL_API void EVP_cleanup(void);
 
-void CRYPTO_cleanup_all_ex_data(void);
+CYASSL_API void CRYPTO_cleanup_all_ex_data(void);
-long SSL_CTX_set_mode(SSL_CTX* ctx, long mode);
+CYASSL_API long SSL_CTX_set_mode(SSL_CTX* ctx, long mode);
-long SSL_CTX_get_mode(SSL_CTX* ctx);
+CYASSL_API long SSL_CTX_get_mode(SSL_CTX* ctx);
-void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m);
+CYASSL_API void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m);
 
-long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
+CYASSL_API long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
 
-int  SSL_CTX_set_default_verify_paths(SSL_CTX*);
+CYASSL_API int  SSL_CTX_set_default_verify_paths(SSL_CTX*);
-int  SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
+CYASSL_API int  SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
                                     unsigned int);
 
-X509*      SSL_get_peer_certificate(SSL* ssl);
+CYASSL_API X509*      SSL_get_peer_certificate(SSL* ssl);
 
-int SSL_want_read(SSL*);
+CYASSL_API int SSL_want_read(SSL*);
-int SSL_want_write(SSL*);
+CYASSL_API int SSL_want_write(SSL*);
 
-int BIO_printf(BIO*, const char*, ...);
+CYASSL_API int BIO_printf(BIO*, const char*, ...);
-int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*);
+CYASSL_API int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*);
 
-int   sk_num(X509_REVOKED*);
+CYASSL_API int   sk_num(X509_REVOKED*);
-void* sk_value(X509_REVOKED*, int);
+CYASSL_API void* sk_value(X509_REVOKED*, int);
 
 /* stunnel 4.28 needs */
-void* SSL_CTX_get_ex_data(const SSL_CTX*, int);
+CYASSL_API void* SSL_CTX_get_ex_data(const SSL_CTX*, int);
-int   SSL_CTX_set_ex_data(SSL_CTX*, int, void*);
+CYASSL_API int   SSL_CTX_set_ex_data(SSL_CTX*, int, void*);
-void  SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*, unsigned char*,
+CYASSL_API void  SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*,
-                                                         int, int*));
+                                         unsigned char*, int, int*));
-void  SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*, SSL_SESSION*));
+CYASSL_API void  SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*,SSL_SESSION*));
-void  SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*, SSL_SESSION*));
+CYASSL_API void  SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*,
+                                                                SSL_SESSION*));
 
-int          i2d_SSL_SESSION(SSL_SESSION*, unsigned char**);
+CYASSL_API int          i2d_SSL_SESSION(SSL_SESSION*, unsigned char**);
-SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**, long);
+CYASSL_API SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**,
+                                        long);
 
-long SSL_SESSION_get_timeout(const SSL_SESSION*);
+CYASSL_API long SSL_SESSION_get_timeout(const SSL_SESSION*);
-long SSL_SESSION_get_time(const SSL_SESSION*);
+CYASSL_API long SSL_SESSION_get_time(const SSL_SESSION*);
-int  SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
+CYASSL_API int  SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
 
 /* extra ends */
 
@@ -608,61 +618,79 @@ int  SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
 
 /* call before SSL_connect, if verifying will add name check to
    date check and signature check */
-int CyaSSL_check_domain_name(SSL* ssl, const char* dn);
+CYASSL_API int CyaSSL_check_domain_name(SSL* ssl, const char* dn);
 
-int InitCyaSSL(void);   /* need to call once to load library (session cache) */
+/* need to call once to load library (session cache) */
-int FreeCyaSSL(void);   /* call when done to free session cache mutex        */
+CYASSL_API int InitCyaSSL(void);
+/* call when done to free session cache mutex        */
+CYASSL_API int FreeCyaSSL(void);
 
-int  CyaSSL_Debugging_ON(void);   /* turn logging on, only if compiled in */
+/* turn logging on, only if compiled in */
-void CyaSSL_Debugging_OFF(void);  /* turn logging off */
+CYASSL_API int  CyaSSL_Debugging_ON(void);
+/* turn logging off */
+CYASSL_API void CyaSSL_Debugging_OFF(void);
 
-int CyaSSL_negotiate(SSL* ssl);  /* do accept or connect depedning on side */
+/* do accept or connect depedning on side */
-int CyaSSL_set_compression(SSL* ssl);  /* turn on CyaSSL data compression */
+CYASSL_API int CyaSSL_negotiate(SSL* ssl);
+/* turn on CyaSSL data compression */
+CYASSL_API int CyaSSL_set_compression(SSL* ssl);
 
-int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU
+/* load NTRU private key blob */
-                                                             private key blob */
+CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*);
-X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl);   /* get CyaSSL peer X509_CHAIN */
+/* get CyaSSL peer X509_CHAIN */
-int  CyaSSL_get_chain_count(X509_CHAIN* chain);   /* peer chain count */
+CYASSL_API X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl);
-int  CyaSSL_get_chain_length(X509_CHAIN*, int idx); /* index cert length */
+/* peer chain count */
-unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx);   /* index cert */
+CYASSL_API int  CyaSSL_get_chain_count(X509_CHAIN* chain);
-int  CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx, unsigned char* buffer,
+/* index cert length */
-                          int inLen, int* outLen); /* get index cert in PEM */
+CYASSL_API int  CyaSSL_get_chain_length(X509_CHAIN*, int idx);
-const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* session);
+/* index cert */
-int  CyaSSL_X509_get_serial_number(X509*, unsigned char*, int*);
+CYASSL_API unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx);
+/* get index cert in PEM */
+CYASSL_API int  CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx,
+                                unsigned char* buffer, int inLen, int* outLen);
+CYASSL_API const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* sess);
+CYASSL_API int  CyaSSL_X509_get_serial_number(X509*, unsigned char*, int*);
 
 /* server CTX Diffie-Hellman parameters */
-int  CyaSSL_SetTmpDH(SSL*, unsigned char* p, int pSz, unsigned char* g,int gSz);
+CYASSL_API int  CyaSSL_SetTmpDH(SSL*, unsigned char* p, int pSz,
+                                unsigned char* g, int gSz);
 
 #ifndef _WIN32
     #ifndef NO_WRITEV
         #include <sys/uio.h>
         /* allow writev style writing */
-        int CyaSSL_writev(SSL* ssl, const struct iovec* iov, int iovcnt);
+        CYASSL_API int CyaSSL_writev(SSL* ssl, const struct iovec* iov,
+                                     int iovcnt);
     #endif
 #endif
 
 
 /* SSL_CTX versions */
-int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*, long, int);
+CYASSL_API int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*,
-int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int);
+                                             long, int);
-int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*, long, int);
+CYASSL_API int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*,                                                 long,int);
-int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,const unsigned char*,long);
+CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*,
+                                                long, int);
+CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*, 
+                                                    const unsigned char*, long);
 
 /* SSL versions */
-int CyaSSL_use_certificate_buffer(SSL*, const unsigned char*, long,int);
+CYASSL_API int CyaSSL_use_certificate_buffer(SSL*, const unsigned char*, long, 
-int CyaSSL_use_PrivateKey_buffer(SSL*, const unsigned char*, long, int);
+                                             int);
-int CyaSSL_use_certificate_chain_buffer(SSL*,const unsigned char*,long);
+CYASSL_API int CyaSSL_use_PrivateKey_buffer(SSL*, const unsigned char*, long,
-
+                                            int);
+CYASSL_API int CyaSSL_use_certificate_chain_buffer(SSL*,const unsigned char*, 
+                                                   long);
 
 /* I/O callbacks */
 typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
 typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
 
-void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
+CYASSL_API void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
-void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
+CYASSL_API void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
 
-void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
+CYASSL_API void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
-void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
+CYASSL_API void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
 
 
 #ifdef CYASSL_CALLBACKS
@@ -675,8 +703,10 @@ typedef int (*TimeoutCallBack)(TimeoutInfo*);
 
 /* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
    for diagnostics */
-int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval);
+CYASSL_API int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack,
-int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval);
+                                 Timeval);
+CYASSL_API int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack,
+                                Timeval);
 
 #endif /* CYASSL_CALLBACKS */
 

m4/pandora_visibility.m4

@@ -0,0 +1,56 @@
+dnl Copyright (C) 2005, 2008 Free Software Foundation, Inc.
+dnl Copyright (C) 2009 Monty Taylor
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl Tests whether the compiler supports the command-line option
+dnl -fvisibility=hidden and the function and variable attributes
+dnl __attribute__((__visibility__("hidden"))) and
+dnl __attribute__((__visibility__("default"))).
+dnl Does *not* test for __visibility__("protected") - which has tricky
+dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on
+dnl MacOS X.
+dnl Does *not* test for __visibility__("internal") - which has processor
+dnl dependent semantics.
+dnl Does *not* test for #pragma GCC visibility push(hidden) - which is
+dnl "really only recommended for legacy code".
+dnl Set the variable CFLAG_VISIBILITY.
+dnl Defines and sets the variable HAVE_VISIBILITY.
+
+AC_DEFUN([PANDORA_VISIBILITY],
+[
+  AC_REQUIRE([AC_PROG_CC])
+  CFLAG_VISIBILITY=
+  HAVE_VISIBILITY=0
+  AS_IF([test -n "$GCC"],[
+    AC_MSG_CHECKING([for simple visibility declarations])
+    AC_CACHE_VAL([gl_cv_cc_visibility], [
+      gl_save_CFLAGS="$CFLAGS"
+      CFLAGS="$CFLAGS -fvisibility=hidden"
+      AC_TRY_COMPILE(
+        [extern __attribute__((__visibility__("hidden"))) int hiddenvar;
+         extern __attribute__((__visibility__("default"))) int exportedvar;
+         extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
+         extern __attribute__((__visibility__("default"))) int exportedfunc (void);],
+        [],
+        [gl_cv_cc_visibility=yes],
+        [gl_cv_cc_visibility=no])
+      CFLAGS="$gl_save_CFLAGS"])
+    AC_MSG_RESULT([$gl_cv_cc_visibility])
+    if test $gl_cv_cc_visibility = yes; then
+      CFLAG_VISIBILITY="-fvisibility=hidden"
+      HAVE_VISIBILITY=1
+    fi
+  ])
+  AS_IF([test "x$SUNCC" = "xyes"],[
+    CFLAG_VISIBILITY="-xldscope=hidden"
+    HAVE_VISIBILITY=1
+  ])
+  AC_SUBST([CFLAG_VISIBILITY])
+  AC_SUBST([HAVE_VISIBILITY])
+  AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
+    [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
+])

src/Makefile.am

@@ -11,6 +11,7 @@ libcyassl_la_SOURCES = \
     ../ctaocrypt/src/pwdbased.c ../ctaocrypt/src/logging.c \
     ../ctaocrypt/src/cyassl_memory.c
 libcyassl_la_LDFLAGS = -no-undefined -version-info 1:0:0
+libcyassl_la_CFLAGS = -DBUILDING_CYASSL
 EXTRA_DIST = ../include/*.h ../include/openssl/*.h ../include/*.rc
 
 if BUILD_AESNI

testsuite/testsuite.c

@@ -15,8 +15,8 @@ void ctaocrypt_test(void*);
 void client_test(void*);
 void echoclient_test(void*);
 
-THREAD_RETURN CYASSL_API server_test(void*);
+THREAD_RETURN CYASSL_THREAD server_test(void*);
-THREAD_RETURN CYASSL_API echoserver_test(void*);
+THREAD_RETURN CYASSL_THREAD echoserver_test(void*);
 
 void file_test(char* file, byte* hash);