From 46f423b8b93a627a31788dedd69aed14326f1f0f Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Wed, 27 Jul 2022 11:08:32 -0500 Subject: [PATCH 01/12] Added ABI macros for managing interface changes --- src/ocsp.c | 1 + wolfcrypt/src/ecc.c | 8 ++++++++ wolfcrypt/src/wc_port.c | 2 ++ wolfssl/wolfcrypt/ecc.h | 14 +++++++------- wolfssl/wolfcrypt/random.h | 2 +- wolfssl/wolfcrypt/wc_port.h | 7 +++++-- 6 files changed, 24 insertions(+), 10 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index d29cb54cc..3bb41c29b 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1244,6 +1244,7 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, #ifndef HAVE_FIPS wc_InitRng_ex(&rng, req->heap, INVALID_DEVID) #else +WOLFSSL_ABI wc_InitRng(&rng) #endif != 0) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index b5c789d58..7923985df 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4219,6 +4219,7 @@ static void wc_ecc_free_async(ecc_key* key) outlen [in/out] The max size and resulting size of the shared secret return MP_OKAY if successful */ +WOLFSSL_ABI int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen) { @@ -5438,6 +5439,7 @@ void wc_ecc_key_free(ecc_key* key) return MP_OKAY if successful, upon error all allocated memory will be freed */ +WOLFSSL_ABI int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key) { return wc_ecc_make_key_ex(rng, keysize, key, ECC_CURVE_DEF); @@ -5518,6 +5520,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) return ret; } +WOLFSSL_ABI int wc_ecc_init(ecc_key* key) { #ifdef WOLFSSL_QNX_CAAM @@ -9376,6 +9379,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) /* perform sanity checks on ecc key validity, 0 on success */ +WOLFSSL_ABI int wc_ecc_check_key(ecc_key* key) { int ret; @@ -10394,6 +10398,7 @@ static int ecc_public_key_size(ecc_key* key, word32* sz) #endif /* key size in octets */ +WOLFSSL_ABI int wc_ecc_size(ecc_key* key) { if (key == NULL || key->dp == NULL) @@ -10403,6 +10408,7 @@ int wc_ecc_size(ecc_key* key) } /* maximum signature size based on key size */ +WOLFSSL_ABI int wc_ecc_sig_size_calc(int sz) { int maxSigSz = 0; @@ -10420,6 +10426,7 @@ int wc_ecc_sig_size_calc(int sz) } /* maximum signature size based on actual key curve */ +WOLFSSL_ABI int wc_ecc_sig_size(const ecc_key* key) { int maxSigSz; @@ -12262,6 +12269,7 @@ void wc_ecc_fp_init(void) /** Free the Fixed Point cache */ +WOLFSSL_ABI void wc_ecc_fp_free(void) { #if !defined(WOLFSSL_SP_MATH) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 6764cd7ac..dcafa1da4 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -126,6 +126,7 @@ static volatile int initRefCount = 0; /* Used to initialize state for wolfcrypt return 0 on success */ +WOLFSSL_ABI int wolfCrypt_Init(void) { int ret = 0; @@ -361,6 +362,7 @@ long wolfCrypt_heap_peakBytes_checkpoint(void) { #endif /* return success value is the same as wolfCrypt_Init */ +WOLFSSL_ABI int wolfCrypt_Cleanup(void) { int ret = 0; diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index cf7ede4ff..84c45c667 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -558,7 +558,7 @@ WOLFSSL_LOCAL int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); @@ -569,7 +569,7 @@ WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); @@ -577,7 +577,7 @@ WOLFSSL_API int wc_ecc_get_generator(ecc_point* ecp, int curve_idx); #ifdef HAVE_ECC_DHE -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen); WOLFSSL_LOCAL @@ -646,7 +646,7 @@ WOLFSSL_ABI WOLFSSL_API int wc_ecc_free(ecc_key* key); WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API void wc_ecc_fp_free(void); WOLFSSL_LOCAL void wc_ecc_fp_init(void); @@ -800,11 +800,11 @@ int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx, #endif /* HAVE_ECC_KEY_IMPORT */ /* size helper */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_size(ecc_key* key); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sig_size_calc(int sz); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sig_size(const ecc_key* key); WOLFSSL_API diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 1b12dd850..28ac8f640 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -216,7 +216,7 @@ WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng); #ifndef WC_NO_RNG -WOLFSSL_API int wc_InitRng(WC_RNG* rng); +WOLFSSL_ABI WOLFSSL_API int wc_InitRng(WC_RNG* rng); WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 0dd9cc75c..2c8185c80 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -358,9 +358,12 @@ WOLFSSL_API int wc_LockMutex_ex(int flag, int type, const char* file, int line); WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); #endif +#define WOLFSSL_ABI + /* TODO: Fix this. The above is a hack for now - UP */ + /* main crypto initialization function */ -WOLFSSL_API int wolfCrypt_Init(void); -WOLFSSL_API int wolfCrypt_Cleanup(void); +WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Init(void); +WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void); From b200d65a6a52960f2d3f5b0e943a5e4ef1b14e60 Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Thu, 28 Jul 2022 09:59:41 -0500 Subject: [PATCH 02/12] Added new ABI reference hooks. This is round two, more to come. --- wolfcrypt/src/asn.c | 5 +++++ wolfcrypt/src/chacha20_poly1305.c | 2 ++ wolfcrypt/src/ecc.c | 7 +++++++ wolfcrypt/src/error.c | 1 + wolfssl/wolfcrypt/asn_public.h | 10 +++++----- wolfssl/wolfcrypt/chacha20_poly1305.h | 4 ++-- wolfssl/wolfcrypt/ecc.h | 14 +++++++------- wolfssl/wolfcrypt/error-crypt.h | 2 +- 8 files changed, 30 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2c35cca5d..99c9abb30 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20790,6 +20790,7 @@ static int wc_EncryptedInfoAppend(char* dest, int destSz, char* cipherInfo) #ifdef WOLFSSL_DER_TO_PEM /* Used for compatibility API */ +WOLFSSL_ABI int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, int type) { @@ -22590,6 +22591,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, * @return BAD_FUNC_ARG when key or key's parameters is NULL. * @return MEMORY_E when dynamic memory allocation failed. */ +WOLFSSL_ABI int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve) { @@ -29043,6 +29045,7 @@ enum { #define eccKeyASN_Length (sizeof(eccKeyASN) / sizeof(ASNItem)) #endif +WOLFSSL_ABI int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { @@ -29319,6 +29322,7 @@ static int EccKeyParamCopy(char** dst, char* src) #endif /* !WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_CUSTOM_CURVES */ +WOLFSSL_ABI int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { @@ -29932,6 +29936,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ +WOLFSSL_ABI int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) { return wc_BuildEccKeyDer(key, output, &inLen, 1, 1); diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index c8ae19d47..701687e5b 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -47,6 +47,7 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm. #endif #define CHACHA20_POLY1305_AEAD_INITIAL_COUNTER 0 +WOLFSSL_ABI int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], @@ -79,6 +80,7 @@ int wc_ChaCha20Poly1305_Encrypt( return ret; } +WOLFSSL_ABI int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7923985df..2a89d5758 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7446,6 +7446,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, key The corresponding public ECC key return MP_OKAY if successful (even if the signature is not valid) */ +WOLFSSL_ABI int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key) { @@ -8591,6 +8592,7 @@ done: #endif /* HAVE_COMP_KEY */ /* export public ECC key in ANSI X9.63 format */ +WOLFSSL_ABI int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) { int ret = MP_OKAY; @@ -8688,6 +8690,7 @@ done: /* export public ECC key in ANSI X9.63 format, extended with * compression option */ +WOLFSSL_ABI int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed) { @@ -9762,6 +9765,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, /* export ecc private key only raw, outLen is in/out size as unsigned bin return MP_OKAY on success */ +WOLFSSL_ABI int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen) { if (out == NULL || outLen == NULL) { @@ -9961,6 +9965,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, } /* ecc private key import, public key in ANSI X9.63 format, private raw */ +WOLFSSL_ABI int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key) { @@ -9978,6 +9983,7 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, outlen [in/out] output buffer size, output signature size return MP_OKAY on success */ +WOLFSSL_ABI int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen) { int err; @@ -10353,6 +10359,7 @@ int wc_ecc_import_unsigned(ecc_key* key, const byte* qx, const byte* qy, curveName ECC curve name, from ecc_sets[] return MP_OKAY on success */ +WOLFSSL_ABI int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, const char* d, const char* curveName) { diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 49ae1bcc7..b301ef919 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -34,6 +34,7 @@ #endif #ifndef NO_ERROR_STRINGS +WOLFSSL_ABI const char* wc_GetErrorString(int error) { switch (error) { diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f17eb7394..da508799a 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -613,7 +613,7 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #endif /* WOLFSSL_CERT_GEN */ #ifdef WOLFSSL_DER_TO_PEM - WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, + WOLFSSL_ABI WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz, int type); WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outputSz, byte *cipherIno, int type); @@ -658,9 +658,9 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #ifdef HAVE_ECC /* private key helpers */ - WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, + WOLFSSL_ABI WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz); - WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen); + WOLFSSL_ABI WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_EccKeyDerSize(ecc_key* key, int pub); @@ -670,9 +670,9 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); word32* outLen); /* public key helper */ - WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, + WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz); - WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output, + WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve); WOLFSSL_API int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve, diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index fdeb3aa87..1d3510e81 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -86,7 +86,7 @@ typedef struct ChaChaPoly_Aead { * concatenating a constant value. */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], @@ -95,7 +95,7 @@ int wc_ChaCha20Poly1305_Encrypt( byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 84c45c667..1cff7d6f3 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -619,7 +619,7 @@ int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key); #endif /* HAVE_ECC_SIGN */ #ifdef HAVE_ECC_VERIFY -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key); WOLFSSL_API @@ -722,9 +722,9 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #ifdef HAVE_ECC_KEY_EXPORT /* ASN key helpers */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed); /* extended functionality with compressed option */ @@ -736,13 +736,13 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); WOLFSSL_API int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, int curve_id); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key); WOLFSSL_API int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key, int curve_id); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); WOLFSSL_API int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, @@ -750,7 +750,7 @@ int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, WOLFSSL_API int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, const char* d, const char* curveName); WOLFSSL_API @@ -766,7 +766,7 @@ WOLFSSL_API int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, byte* qy, word32* qyLen, byte* d, word32* dLen, int encType); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 9bcc08785..6b841d7cd 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -269,7 +269,7 @@ enum { #else WOLFSSL_API void wc_ErrorString(int err, char* buff); -WOLFSSL_API const char* wc_GetErrorString(int error); +WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif #ifdef __cplusplus From cc8fb1f97843aeb5449a36c4ad1d079b4e1cccf0 Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Thu, 28 Jul 2022 16:30:38 -0500 Subject: [PATCH 03/12] git push origin ms_abi --- wolfssl/wolfcrypt/visibility.h | 6 ++++++ wolfssl/wolfcrypt/wc_port.h | 3 --- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index b93e6859c..36332f31d 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -77,5 +77,11 @@ #endif /* BUILDING_WOLFSSL */ #endif /* HAVE_FIPS */ + +/* WOLFSSL_ABI is used for public API symbols that must not change + * their signature. + */ +#define WOLFSSL_ABI + #endif /* WOLF_CRYPT_VISIBILITY_H */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 2c8185c80..51ed220ea 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -358,9 +358,6 @@ WOLFSSL_API int wc_LockMutex_ex(int flag, int type, const char* file, int line); WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); #endif -#define WOLFSSL_ABI - /* TODO: Fix this. The above is a hack for now - UP */ - /* main crypto initialization function */ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Init(void); WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); From f2677c29ec1de6fa0b56a8b3d549e20395a6b52c Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Tue, 2 Aug 2022 07:20:33 -0500 Subject: [PATCH 04/12] Removed duplicate WOLFSSL_ABI tag. --- wolfssl/wolfcrypt/types.h | 3 --- wolfssl/wolfcrypt/visibility.h | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index cac7558ff..fc9183fa0 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -39,9 +39,6 @@ decouple library dependencies with standard string, memory and so on. #endif - #define WOLFSSL_ABI - /* Tag for all the APIs that are a part of the fixed ABI. */ - /* * This struct is used multiple time by other structs and * needs to be defined somewhere that all structs can import diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 36332f31d..7db963a57 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -79,9 +79,9 @@ #endif /* HAVE_FIPS */ /* WOLFSSL_ABI is used for public API symbols that must not change - * their signature. + * their signature. This tag is used for all APIs that are a + * part of the fixed ABI. */ #define WOLFSSL_ABI #endif /* WOLF_CRYPT_VISIBILITY_H */ - From d283510aa99dcb94eb79973ce47e9b71521bba7f Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Tue, 2 Aug 2022 07:54:05 -0500 Subject: [PATCH 05/12] Revert "Removed duplicate WOLFSSL_ABI tag." This reverts commit d17021bc4e8e3f12b0c0406f7fe400ed4c0bc2cd. --- wolfssl/wolfcrypt/types.h | 3 +++ wolfssl/wolfcrypt/visibility.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index fc9183fa0..cac7558ff 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -39,6 +39,9 @@ decouple library dependencies with standard string, memory and so on. #endif + #define WOLFSSL_ABI + /* Tag for all the APIs that are a part of the fixed ABI. */ + /* * This struct is used multiple time by other structs and * needs to be defined somewhere that all structs can import diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 7db963a57..36332f31d 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -79,9 +79,9 @@ #endif /* HAVE_FIPS */ /* WOLFSSL_ABI is used for public API symbols that must not change - * their signature. This tag is used for all APIs that are a - * part of the fixed ABI. + * their signature. */ #define WOLFSSL_ABI #endif /* WOLF_CRYPT_VISIBILITY_H */ + From 65d402d8d7d08d5b54a26d357bc047ad6e997f04 Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Tue, 2 Aug 2022 07:57:26 -0500 Subject: [PATCH 06/12] Revert "Revert "Removed duplicate WOLFSSL_ABI tag."" This reverts commit e5c51b2638a374aa987c30be8598a78e3f370c7a. --- wolfssl/wolfcrypt/types.h | 3 --- wolfssl/wolfcrypt/visibility.h | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index cac7558ff..fc9183fa0 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -39,9 +39,6 @@ decouple library dependencies with standard string, memory and so on. #endif - #define WOLFSSL_ABI - /* Tag for all the APIs that are a part of the fixed ABI. */ - /* * This struct is used multiple time by other structs and * needs to be defined somewhere that all structs can import diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 36332f31d..7db963a57 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -79,9 +79,9 @@ #endif /* HAVE_FIPS */ /* WOLFSSL_ABI is used for public API symbols that must not change - * their signature. + * their signature. This tag is used for all APIs that are a + * part of the fixed ABI. */ #define WOLFSSL_ABI #endif /* WOLF_CRYPT_VISIBILITY_H */ - From c9c19c82b33f65c2ba219017c75d527f15b3299f Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Fri, 5 Aug 2022 16:26:20 -0500 Subject: [PATCH 07/12] Added next set of ABI for ECC APIs --- wolfcrypt/src/ecc.c | 5 +++++ wolfssl/wolfcrypt/ecc.h | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 2a89d5758..a4aa72e89 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -12540,6 +12540,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng) /* allow ecc context reset so user doesn't have to init/free for reuse */ +WOLFSSL_ABI int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng) { if (ctx == NULL || rng == NULL) @@ -12572,6 +12573,7 @@ ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap) /* alloc/init and set defaults, return new Context */ +WOLFSSL_ABI ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) { return wc_ecc_ctx_new_ex(flags, rng, NULL); @@ -12579,6 +12581,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) /* free any resources, clear any keys */ +WOLFSSL_ABI void wc_ecc_ctx_free(ecEncCtx* ctx) { if (ctx) { @@ -12987,6 +12990,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ctx holds non default algos and inputs msgSz should be the right size for encAlgo, i.e., already padded return 0 on success */ +WOLFSSL_ABI int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx) { @@ -12996,6 +13000,7 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, /* ecc decrypt with shared secret run through kdf ctx holds non default algos and inputs return 0 on success */ +WOLFSSL_ABI int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx) { diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 1cff7d6f3..8fccf494a 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -857,13 +857,13 @@ enum ecFlags { typedef struct ecEncCtx ecEncCtx; -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); WOLFSSL_API ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API void wc_ecc_ctx_free(ecEncCtx* ctx); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng); /* reset for use again w/o alloc/free */ WOLFSSL_API @@ -878,13 +878,13 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); WOLFSSL_API int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); WOLFSSL_API int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx, int compressed); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); From b0aaf4a23d607984f419f4da7a95d68d97393516 Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Mon, 8 Aug 2022 10:16:05 -0500 Subject: [PATCH 08/12] Minor ABI updates. --- wolfcrypt/src/asn.c | 1 + wolfcrypt/src/random.c | 3 ++- wolfssl/wolfcrypt/asn_public.h | 2 +- wolfssl/wolfcrypt/ecc.h | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 99c9abb30..2aaa7e31c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22314,6 +22314,7 @@ static word32 SetUTF8String(word32 len, byte* output) /* wc_SetCert_Free is only public when WOLFSSL_CERT_GEN_CACHE is not defined */ static #endif +WOLFSSL_ABI void wc_SetCert_Free(Cert* cert) { if (cert != NULL) { diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 2407e805b..05de07d80 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -70,6 +70,7 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId) return InitRng_fips(rng); } +WOLFSSL_ABI int wc_InitRng(WC_RNG* rng) { return InitRng_fips(rng); @@ -951,7 +952,7 @@ void wc_rng_free(WC_RNG* rng) } } - +WOLFSSL_ABI int wc_InitRng(WC_RNG* rng) { return _InitRng(rng, NULL, 0, NULL, INVALID_DEVID); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index da508799a..b487c4f41 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -504,7 +504,7 @@ WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); #endif #ifdef WOLFSSL_CERT_GEN_CACHE -WOLFSSL_API void wc_SetCert_Free(Cert* cert); +WOLFSSL_ABI WOLFSSL_API void wc_SetCert_Free(Cert* cert); #endif WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 8fccf494a..d25e4fb4b 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -627,7 +627,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key); #endif /* HAVE_ECC_VERIFY */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); From f8c9393235fd74ff774f855bdd3c5b672cb4e83f Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Mon, 8 Aug 2022 18:12:06 -0500 Subject: [PATCH 09/12] Added ABI tags for certs, wc_CertNew(), wc_CertFree() wc_CertNew() and wc_CertFree() is for use by ABI type aplications, and others, for having wolfCrypt perform the new/free of the certification structure w/o the application needing too, and more importantly, needing to contain knowledge of the structure. --- wolfcrypt/src/asn.c | 42 ++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/asn_public.h | 30 ++++++++++++------------ 2 files changed, 58 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2aaa7e31c..5bfb9c56f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22214,11 +22214,40 @@ int wc_InitCert_ex(Cert* cert, void* heap, int devId) return 0; } +WOLFSSL_ABI int wc_InitCert(Cert* cert) { return wc_InitCert_ex(cert, NULL, INVALID_DEVID); } +WOLFSSL_ABI +Cert* wc_CertNew(void* heap) +{ + Cert* certNew; + + certNew = (Cert*)XMALLOC(sizeof(certNew), heap, DYNAMIC_TYPE_CERT); + if (certNew) { + if (wc_InitCert_ex(certNew, NULL, INVALID_DEVID) != 0) { + XFREE(certNew, heap, DYNAMIC_TYPE_CERT); + certNew = NULL; + } + } + + return certNew; +} + +WOLFSSL_ABI +void wc_CertFree(Cert* cert) +{ + if (cert) { + void* heap = cert->heap; + + ForceZero(cert, sizeof(cert)); + XFREE(cert, heap, DYNAMIC_TYPE_CERT); + (void)heap; + } +} + /* DER encoded x509 Certificate */ typedef struct DerCert { byte size[MAX_LENGTH_SZ]; /* length encoded */ @@ -26297,6 +26326,7 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, } /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ +WOLFSSL_ABI int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) { @@ -27108,6 +27138,7 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, ed25519Key, ed448Key, falconKey); } +WOLFSSL_ABI int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey) { @@ -27230,6 +27261,7 @@ int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz, NULL, rng); } +WOLFSSL_ABI int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, RsaKey* key, WC_RNG* rng) { @@ -27248,6 +27280,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, /* Get raw subject from cert, which may contain OIDs not parsed by Decode. The raw subject pointer will only be valid while "cert" is valid. */ +WOLFSSL_ABI int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert) { int rc = BAD_FUNC_ARG; @@ -28007,6 +28040,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) } /* Set cert issuer from issuerFile in PEM */ +WOLFSSL_ABI int wc_SetIssuer(Cert* cert, const char* issuerFile) { int ret; @@ -28028,6 +28062,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) /* Set cert subject from subjectFile in PEM */ +WOLFSSL_ABI int wc_SetSubject(Cert* cert, const char* subjectFile) { int ret; @@ -28049,6 +28084,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) #ifdef WOLFSSL_ALT_NAMES /* Set alt names from file in PEM */ +WOLFSSL_ABI int wc_SetAltNames(Cert* cert, const char* file) { int ret; @@ -28073,6 +28109,7 @@ int wc_SetAltNames(Cert* cert, const char* file) #endif /* !NO_FILESYSTEM */ /* Set cert issuer from DER buffer */ +WOLFSSL_ABI int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) { int ret = 0; @@ -28101,6 +28138,7 @@ int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) } /* Set cert subject from DER buffer */ +WOLFSSL_ABI int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz) { int ret = 0; @@ -28127,6 +28165,7 @@ int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz) } #ifdef WOLFSSL_CERT_EXT /* Set cert raw subject from DER buffer */ +WOLFSSL_ABI int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz) { int ret = 0; @@ -28159,6 +28198,7 @@ int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz) } /* Set cert raw issuer from DER buffer */ +WOLFSSL_ABI int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz) { int ret = 0; @@ -28194,6 +28234,7 @@ int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz) #ifdef WOLFSSL_ALT_NAMES /* Set cert alt names from DER buffer */ +WOLFSSL_ABI int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz) { int ret = 0; @@ -28220,6 +28261,7 @@ int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz) } /* Set cert dates from DER buffer */ +WOLFSSL_ABI int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) { int ret = 0; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index b487c4f41..f5624e1ab 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -478,16 +478,18 @@ typedef struct Cert { isCA = 0 (false) keyType = RSA_KEY (default) */ -WOLFSSL_API int wc_InitCert(Cert* cert); +WOLFSSL_ABI WOLFSSL_API int wc_InitCert(Cert* cert); +WOLFSSL_ABI WOLFSSL_API Cert* wc_CertNew(void* heap); +WOLFSSL_ABI WOLFSSL_API void wc_CertFree(Cert* cert); WOLFSSL_API int wc_InitCert_ex(Cert* cert, void* heap, int devId); WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng); -WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, +WOLFSSL_ABI WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key); - WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, + WOLFSSL_ABI WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey); #endif WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf, @@ -495,22 +497,22 @@ WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf, WC_RNG* rng); WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); -WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, +WOLFSSL_ABI WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, RsaKey* key, WC_RNG* rng); -WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile); -WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); +WOLFSSL_ABI WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile); +WOLFSSL_ABI WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); #ifdef WOLFSSL_ALT_NAMES - WOLFSSL_API int wc_SetAltNames(Cert* cert, const char* file); + WOLFSSL_ABI WOLFSSL_API int wc_SetAltNames(Cert* cert, const char* file); #endif #ifdef WOLFSSL_CERT_GEN_CACHE WOLFSSL_ABI WOLFSSL_API void wc_SetCert_Free(Cert* cert); #endif -WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz); #ifndef NO_ASN_TIME WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, @@ -529,9 +531,9 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey); WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); -WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); -WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); -WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); +WOLFSSL_ABI WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); /* Set the KeyUsage. * Value is a string separated tokens with ','. Accepted tokens are : From 5049b16325701b72ca4c8a2ac741446e64cf27f9 Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Mon, 8 Aug 2022 19:43:54 -0500 Subject: [PATCH 10/12] Param correction. --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5bfb9c56f..916a692bb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22227,7 +22227,7 @@ Cert* wc_CertNew(void* heap) certNew = (Cert*)XMALLOC(sizeof(certNew), heap, DYNAMIC_TYPE_CERT); if (certNew) { - if (wc_InitCert_ex(certNew, NULL, INVALID_DEVID) != 0) { + if (wc_InitCert_ex(certNew, heap, INVALID_DEVID) != 0) { XFREE(certNew, heap, DYNAMIC_TYPE_CERT); certNew = NULL; } From 5ef47cc86ffa3fc790968344e7c1f21bcc5a452b Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Wed, 10 Aug 2022 17:18:38 -0500 Subject: [PATCH 11/12] Addressed code review. --- src/ocsp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index 3bb41c29b..d29cb54cc 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1244,7 +1244,6 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, #ifndef HAVE_FIPS wc_InitRng_ex(&rng, req->heap, INVALID_DEVID) #else -WOLFSSL_ABI wc_InitRng(&rng) #endif != 0) { From 7e00b32c7168e4a8e5dc5345432ea4d9dda57faa Mon Sep 17 00:00:00 2001 From: Uriah Pollock Date: Sun, 14 Aug 2022 20:16:42 -0500 Subject: [PATCH 12/12] Corrected line spacing incorrect arg passings. --- wolfcrypt/src/asn.c | 5 +++-- wolfssl/wolfcrypt/asn_public.h | 39 ++++++++++++++++++++++------------ 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 916a692bb..60d8f801a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22225,7 +22225,8 @@ Cert* wc_CertNew(void* heap) { Cert* certNew; - certNew = (Cert*)XMALLOC(sizeof(certNew), heap, DYNAMIC_TYPE_CERT); + certNew = (Cert*)XMALLOC(sizeof(Cert), heap, DYNAMIC_TYPE_CERT); + if (certNew) { if (wc_InitCert_ex(certNew, heap, INVALID_DEVID) != 0) { XFREE(certNew, heap, DYNAMIC_TYPE_CERT); @@ -22242,7 +22243,7 @@ void wc_CertFree(Cert* cert) if (cert) { void* heap = cert->heap; - ForceZero(cert, sizeof(cert)); + ForceZero(cert, sizeof(Cert)); XFREE(cert, heap, DYNAMIC_TYPE_CERT); (void)heap; } diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f5624e1ab..7b35117ce 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -484,12 +484,14 @@ WOLFSSL_ABI WOLFSSL_API void wc_CertFree(Cert* cert); WOLFSSL_API int wc_InitCert_ex(Cert* cert, void* heap, int devId); WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng); -WOLFSSL_ABI WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, +WOLFSSL_ABI +WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key); - WOLFSSL_ABI WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, + WOLFSSL_ABI + WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey); #endif WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf, @@ -497,7 +499,8 @@ WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf, WC_RNG* rng); WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); -WOLFSSL_ABI WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, +WOLFSSL_ABI +WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, RsaKey* key, WC_RNG* rng); WOLFSSL_ABI WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile); WOLFSSL_ABI WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); @@ -509,10 +512,14 @@ WOLFSSL_ABI WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); WOLFSSL_ABI WOLFSSL_API void wc_SetCert_Free(Cert* cert); #endif -WOLFSSL_ABI WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_ABI WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_ABI WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz); -WOLFSSL_ABI WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz); #ifndef NO_ASN_TIME WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, @@ -532,8 +539,10 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey); WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); WOLFSSL_ABI WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); -WOLFSSL_ABI WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); -WOLFSSL_ABI WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); /* Set the KeyUsage. * Value is a string separated tokens with ','. Accepted tokens are : @@ -615,7 +624,8 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #endif /* WOLFSSL_CERT_GEN */ #ifdef WOLFSSL_DER_TO_PEM - WOLFSSL_ABI WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, + WOLFSSL_ABI + WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz, int type); WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outputSz, byte *cipherIno, int type); @@ -660,9 +670,11 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #ifdef HAVE_ECC /* private key helpers */ - WOLFSSL_ABI WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, + WOLFSSL_ABI + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz); - WOLFSSL_ABI WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen); + WOLFSSL_ABI + WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_EccKeyDerSize(ecc_key* key, int pub); @@ -672,7 +684,8 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); word32* outLen); /* public key helper */ - WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, + WOLFSSL_ABI + WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz); WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve);