diff --git a/.github/workflows/symbol-prefixes.yml b/.github/workflows/symbol-prefixes.yml new file mode 100644 index 000000000..b4201d0dc --- /dev/null +++ b/.github/workflows/symbol-prefixes.yml @@ -0,0 +1,64 @@ +name: WOLFSSL_API_PREFIX_MAP + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + make_and_analyze: + strategy: + matrix: + config: [ + '--enable-all CFLAGS=-DWOLFSSL_API_PREFIX_MAP' + ] + name: make and analyze + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-22.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 6 + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST + run: | + ./autogen.sh || $(exit 2) + ./configure ${{ matrix.config }} || $(exit 3) + make -j 4 || $(exit 4) + # ignore properly prefixed symbols, and symbols associated with asm implementations (all internal) regardless of prefix: + readelf --symbols --wide src/.libs/libwolfssl.so | \ + awk ' \ + BEGIN { \ + unprefixed_public_symbols = 0; \ + } \ + { \ + if (($7 == "UND") || \ + ($8 ~ /^(wc_|wolf|WOLF|__pfx|fe_|sp_[a-zA-Z090-0_]*[0-9])/) || \ + ($8 ~ /(_avx[12]|_AVX[12]|_sse[12]|_SSE[12]|_aesni|_AESNI|_bmi2|_x64$)/)) \ + { \ + next; \ + } \ + } \ + { \ + if (($4 == "FUNC") && ($5 == "GLOBAL") && ($6 == "DEFAULT")) { \ + ++unprefixed_public_symbols; \ + print; \ + } \ + } \ + END { \ + if (unprefixed_public_symbols) { \ + print unprefixed_public_symbols " unprefixed public symbols found." >"/dev/stderr"; + exit(1); \ + } else { \ + print "no unprefixed public symbols found." + exit(0); \ + } \ + }' || $(exit 5) diff --git a/configure.ac b/configure.ac index e81eb771f..c454ff14e 100644 --- a/configure.ac +++ b/configure.ac @@ -1385,6 +1385,10 @@ then test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes test "$enable_aessiv" = "" && enable_aessiv=yes test "$enable_aeseax" = "" && enable_aeseax=yes + test "$enable_mlkem" = "" && test "$enable_kyber" = "" && enable_mlkem=yes + test "$enable_mldsa" = "" && test "$enable_dilithium" = "" && enable_mldsa=yes + test "$enable_xmss" = "" && enable_xmss=yes + test "$enable_lms" = "" && enable_lms=yes if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" then @@ -1503,14 +1507,14 @@ AC_ARG_WITH([liboqs], # MLKEM # Used: # - SHA3, Shake128 and Shake256 -AC_ARG_ENABLE([kyber], - [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])], +AC_ARG_ENABLE([mlkem], + [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])], [ ENABLED_MLKEM=$enableval ], [ ENABLED_MLKEM=no ] ) -# note, inherits default from "kyber" clause above. -AC_ARG_ENABLE([mlkem], - [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])], +# note, inherits default from "mlkem" clause above. +AC_ARG_ENABLE([kyber], + [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])], [ ENABLED_MLKEM=$enableval ] ) @@ -1639,11 +1643,16 @@ fi # Dilithium # - SHA3, Shake128, Shake256 and AES-CTR -AC_ARG_ENABLE([dilithium], - [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (default: disabled)])], +AC_ARG_ENABLE([mldsa], + [AS_HELP_STRING([--enable-mldsa],[Enable MLDSA (default: disabled)])], [ ENABLED_DILITHIUM=$enableval ], [ ENABLED_DILITHIUM=no ] ) +# note, inherits default from "mldsa" clause above. +AC_ARG_ENABLE([dilithium], + [AS_HELP_STRING([--enable-dilithium],[Enable Dilithium/MLDSA (default: disabled)])], + [ ENABLED_DILITHIUM=$enableval ] + ) ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM ENABLED_DILITHIUM_MAKE_KEY=no @@ -4924,15 +4933,6 @@ AC_ARG_ENABLE([tlsv12], [ ENABLED_TLSV12=yes ] ) -if test "$ENABLED_CRYPTONLY" = "yes" -then - ENABLED_TLSV12=no -fi -if test "$ENABLED_TLSV12" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS" -fi - # STACK SIZE info for testwolfcrypt and examples AC_ARG_ENABLE([stacksize], [AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])], diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 10bf17cb0..16dbf02cc 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -228,6 +228,15 @@ #include + #ifdef CONFIG_KASAN + #ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() kasan_disable_current() + #endif + #ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() kasan_enable_current() + #endif + #endif + #if defined(CONFIG_FORTIFY_SOURCE) && \ !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \ (defined(HAVE_LINUXKM_PIE_SUPPORT) || \ @@ -1286,12 +1295,13 @@ #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */ #endif /* !BUILDING_WOLFSSL */ - /* Copied from wc_port.h: For FIPS keep the function names the same */ - #ifdef HAVE_FIPS - #define wc_InitMutex InitMutex - #define wc_FreeMutex FreeMutex - #define wc_LockMutex LockMutex - #define wc_UnLockMutex UnLockMutex + /* Copied from wc_port.h */ + #if defined(HAVE_FIPS) && !defined(WOLFSSL_API_PREFIX_MAP) + /* For FIPS keep the function names the same */ + #define wc_InitMutex InitMutex + #define wc_FreeMutex FreeMutex + #define wc_LockMutex LockMutex + #define wc_UnLockMutex UnLockMutex #endif /* HAVE_FIPS */ #ifdef WOLFSSL_LINUXKM_USE_MUTEXES diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 184c54e36..af9e1a891 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -9817,4 +9817,17 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h) } #endif /* !ED25519_SMALL */ + +/* if HAVE_ED25519 but not HAVE_CURVE25519, and an asm implementation is built, + * then curve25519() won't get its WOLFSSL_LOCAL attribute unless we dummy-call + * it here. + */ +#if defined(WOLFSSL_API_PREFIX_MAP) && !defined(HAVE_CURVE25519) && \ + !defined(FREESCALE_LTC_ECC) +WOLFSSL_LOCAL void _wc_curve25519_dummy(void); +WOLFSSL_LOCAL void _wc_curve25519_dummy(void) { + (void)curve25519((byte *)0, (byte *)0, (const byte *)0); +} +#endif + #endif /* HAVE_ED25519 */ diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 80286eb97..c1f0fb808 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -139,14 +139,14 @@ static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER; * ctx Poly1305 context. * m One block of message data. */ -extern void poly1305_block_avx(Poly1305* ctx, const unsigned char *m); +WOLFSSL_LOCAL void poly1305_block_avx(Poly1305* ctx, const unsigned char *m); /* Process multiple blocks (n * 16 bytes) of data. * * ctx Poly1305 context. * m Blocks of message data. * bytes The number of bytes to process. */ -extern void poly1305_blocks_avx(Poly1305* ctx, const unsigned char* m, +WOLFSSL_LOCAL void poly1305_blocks_avx(Poly1305* ctx, const unsigned char* m, size_t bytes); /* Set the key to use when processing data. * Initialize the context. @@ -154,14 +154,14 @@ extern void poly1305_blocks_avx(Poly1305* ctx, const unsigned char* m, * ctx Poly1305 context. * key The key data (16 bytes). */ -extern void poly1305_setkey_avx(Poly1305* ctx, const byte* key); +WOLFSSL_LOCAL void poly1305_setkey_avx(Poly1305* ctx, const byte* key); /* Calculate the final result - authentication data. * Zeros out the private data in the context. * * ctx Poly1305 context. * mac Buffer to hold 16 bytes. */ -extern void poly1305_final_avx(Poly1305* ctx, byte* mac); +WOLFSSL_LOCAL void poly1305_final_avx(Poly1305* ctx, byte* mac); #endif #ifdef HAVE_INTEL_AVX2 @@ -171,13 +171,13 @@ extern void poly1305_final_avx(Poly1305* ctx, byte* mac); * m Blocks of message data. * bytes The number of bytes to process. */ -extern void poly1305_blocks_avx2(Poly1305* ctx, const unsigned char* m, +WOLFSSL_LOCAL void poly1305_blocks_avx2(Poly1305* ctx, const unsigned char* m, size_t bytes); /* Calculate R^1, R^2, R^3 and R^4 and store them in the context. * * ctx Poly1305 context. */ -extern void poly1305_calc_powers_avx2(Poly1305* ctx); +WOLFSSL_LOCAL void poly1305_calc_powers_avx2(Poly1305* ctx); /* Set the key to use when processing data. * Initialize the context. * Calls AVX set key function as final function calls AVX code. @@ -185,7 +185,7 @@ extern void poly1305_calc_powers_avx2(Poly1305* ctx); * ctx Poly1305 context. * key The key data (16 bytes). */ -extern void poly1305_setkey_avx2(Poly1305* ctx, const byte* key); +WOLFSSL_LOCAL void poly1305_setkey_avx2(Poly1305* ctx, const byte* key); /* Calculate the final result - authentication data. * Zeros out the private data in the context. * Calls AVX final function to quickly process last blocks. @@ -193,7 +193,7 @@ extern void poly1305_setkey_avx2(Poly1305* ctx, const byte* key); * ctx Poly1305 context. * mac Buffer to hold 16 bytes - authentication data. */ -extern void poly1305_final_avx2(Poly1305* ctx, byte* mac); +WOLFSSL_LOCAL void poly1305_final_avx2(Poly1305* ctx, byte* mac); #endif #ifdef __cplusplus diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 80dd1d54a..20e3009e5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -608,14 +608,12 @@ static wc_test_ret_t hkdf_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void); #endif #endif /* HAVE_HKDF && ! NO_HMAC */ -#ifdef WOLFSSL_HAVE_PRF -#if defined(HAVE_HKDF) && !defined(NO_HMAC) -#ifdef WOLFSSL_BASE16 +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void); -#endif /* WOLFSSL_BASE16 */ -#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ -#endif /* WOLFSSL_HAVE_PRF */ -#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +#endif +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); @@ -1921,27 +1919,26 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ PRIVATE_KEY_LOCK(); #endif /* WOLFSSL_WOLFSSH */ -#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) PRIVATE_KEY_UNLOCK(); if ( (ret = prf_test()) != 0) TEST_FAIL("PRF test failed!\n", ret); else TEST_PASS("PRF test passed!\n"); PRIVATE_KEY_LOCK(); -#endif +#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */ -#ifdef WOLFSSL_HAVE_PRF -#if defined (HAVE_HKDF) && !defined(NO_HMAC) -#ifdef WOLFSSL_BASE16 +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) PRIVATE_KEY_UNLOCK(); if ( (ret = tls12_kdf_test()) != 0) TEST_FAIL("TLSv1.2 KDF test failed!\n", ret); else TEST_PASS("TLSv1.2 KDF test passed!\n"); PRIVATE_KEY_LOCK(); -#endif /* WOLFSSL_BASE16 */ -#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ -#endif /* WOLFSSL_HAVE_PRF */ +#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */ + /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 PRIVATE_KEY_UNLOCK(); @@ -28154,7 +28151,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void) #endif /* WOLFSSL_WOLFSSH */ -#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) #define DIGL 12 #define SECL 48 #define LBSL 63 @@ -28203,11 +28201,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void) return 0; } -#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */ -#ifdef WOLFSSL_HAVE_PRF -#if defined(HAVE_HKDF) && !defined(NO_HMAC) -#ifdef WOLFSSL_BASE16 +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void) { const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089" @@ -28252,16 +28249,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void) if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) { printf(" wc_PRF_TLSv12: Private key locked.\n"); } - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_EC(ret); } if (XMEMCMP(result, ms, msSz) != 0) return WC_TEST_RET_ENC_NC; return 0; } -#endif /* WOLFSSL_BASE16 */ -#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ -#endif /* WOLFSSL_HAVE_PRF */ +#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */ + /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4915d5c00..e88cc6e74 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -7000,6 +7000,12 @@ WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl); #endif #ifdef WOLFSSL_DTLS13 + #ifdef WOLFSSL_API_PREFIX_MAP + #define Dtls13GetEpoch wolfSSL_Dtls13GetEpoch + #define Dtls13CheckEpoch wolfSSL_Dtls13CheckEpoch + #define Dtls13WriteAckMessage wolfSSL_Dtls13WriteAckMessage + #define Dtls13RtxAddAck wolfSSL_Dtls13RtxAddAck + #endif WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, w64wrapper epochNumber); @@ -7096,6 +7102,9 @@ typedef struct CRYPTO_EX_cb_ctx { } CRYPTO_EX_cb_ctx; WOLFSSL_TEST_VIS extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session; +#ifdef WOLFSSL_API_PREFIX_MAP + #define crypto_ex_cb_free wolfSSL_crypto_ex_cb_free +#endif WOLFSSL_TEST_VIS void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx); WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj, CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data); diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h index 879cc7212..a9cc47584 100644 --- a/wolfssl/wolfcrypt/ge_operations.h +++ b/wolfssl/wolfcrypt/ge_operations.h @@ -114,14 +114,14 @@ typedef struct { } ge_cached; #ifdef CURVED25519_ASM -void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); -void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); -void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p); +WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); +WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); +WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p); #define ge_p3_dbl(r, p) ge_p2_dbl((ge_p1p1 *)(r), (ge_p2 *)(p)) -void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); -void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); -void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); -void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +WOLFSSL_LOCAL void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); +WOLFSSL_LOCAL void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); +WOLFSSL_LOCAL void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +WOLFSSL_LOCAL void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); #endif #endif /* !ED25519_SMALL */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index deae051ff..b66db7d66 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3662,7 +3662,8 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_API_PREFIX_MAP #define WOLFSSL_API_PREFIX_MAP #endif - #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG + #if defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) && \ + !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG) #define WOLFSSL_KERNEL_VERBOSE_DEBUG #endif #ifdef HAVE_CONFIG_H @@ -3714,17 +3715,27 @@ extern void uITRON4_free(void *p) ; #define NO_STRING_H /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */ #undef HAVE_LIMITS_H - #define NO_LIMITS_H - #define NO_STDLIB_H - #define NO_STDINT_H - #define NO_CTYPE_H + #ifndef NO_LIMITS_H + #define NO_LIMITS_H + #endif + #ifndef NO_STDLIB_H + #define NO_STDLIB_H + #endif + #ifndef NO_STDINT_H + #define NO_STDINT_H + #endif + #ifndef NO_CTYPE_H + #define NO_CTYPE_H + #endif #undef HAVE_ERRNO_H #undef HAVE_THREAD_LS #undef HAVE_ATEXIT #undef WOLFSSL_HAVE_MIN #undef WOLFSSL_HAVE_MAX #undef WOLFSSL_HAVE_ASSERT_H - #define WOLFSSL_NO_ASSERT_H + #ifndef WOLFSSL_NO_ASSERT_H + #define WOLFSSL_NO_ASSERT_H + #endif #ifndef WOLFSSL_NO_GETPID #define WOLFSSL_NO_GETPID #endif /* WOLFSSL_NO_GETPID */ @@ -3743,10 +3754,18 @@ extern void uITRON4_free(void *p) ; #endif #ifdef HAVE_LINUXKM_PIE_SUPPORT - #define WC_NO_INTERNAL_FUNCTION_POINTERS - #define WOLFSSL_ECC_CURVE_STATIC - #define WOLFSSL_NAMES_STATIC - #define WOLFSSL_NO_PUBLIC_FFDHE + #ifndef WC_NO_INTERNAL_FUNCTION_POINTERS + #define WC_NO_INTERNAL_FUNCTION_POINTERS + #endif + #ifndef WOLFSSL_ECC_CURVE_STATIC + #define WOLFSSL_ECC_CURVE_STATIC + #endif + #ifndef WOLFSSL_NAMES_STATIC + #define WOLFSSL_NAMES_STATIC + #endif + #ifndef WOLFSSL_NO_PUBLIC_FFDHE + #define WOLFSSL_NO_PUBLIC_FFDHE + #endif #undef HAVE_PUBLIC_FFDHE #endif @@ -3775,15 +3794,6 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ASN_INT_LEAD_0_ANY #endif - #ifdef CONFIG_KASAN - #ifndef WC_SANITIZE_DISABLE - #define WC_SANITIZE_DISABLE() kasan_disable_current() - #endif - #ifndef WC_SANITIZE_ENABLE - #define WC_SANITIZE_ENABLE() kasan_enable_current() - #endif - #endif - #if !defined(WC_RESEED_INTERVAL) && defined(LINUXKM_LKCAPI_REGISTER) /* If installing handlers, use the maximum reseed interval allowed by * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 6cdf8c656..024c0fcd0 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -348,12 +348,17 @@ #endif #endif -/* For FIPS keep the function names the same */ -#ifdef HAVE_FIPS -#define wc_InitMutex InitMutex -#define wc_FreeMutex FreeMutex -#define wc_LockMutex LockMutex -#define wc_UnLockMutex UnLockMutex +#ifdef WOLFSSL_API_PREFIX_MAP + #define InitMutex wc_InitMutex + #define FreeMutex wc_FreeMutex + #define LockMutex wc_LockMutex + #define UnLockMutex wc_UnLockMutex +#elif defined(HAVE_FIPS) + /* For FIPS keep the function names the same */ + #define wc_InitMutex InitMutex + #define wc_FreeMutex FreeMutex + #define wc_LockMutex LockMutex + #define wc_UnLockMutex UnLockMutex #endif /* HAVE_FIPS */ #ifdef SINGLE_THREADED diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index acd6676f8..ac821bbe7 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -626,6 +626,20 @@ WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); #if defined(USE_WOLFSSL_IO) /* default IO callbacks */ + + #ifdef WOLFSSL_API_PREFIX_MAP + #define EmbedReceive wolfSSL_EmbedReceive + #define EmbedSend wolfSSL_EmbedSend + #ifdef WOLFSSL_DTLS + #define EmbedReceiveFrom wolfSSL_EmbedReceiveFrom + #define EmbedSendTo wolfSSL_EmbedSendTo + #define EmbedGenerateCookie wolfSSL_EmbedGenerateCookie + #ifdef WOLFSSL_MULTICAST + #define EmbedReceiveFromMcast wolfSSL_EmbedReceiveFromMcast + #endif /* WOLFSSL_MULTICAST */ + #endif /* WOLFSSL_DTLS */ + #endif /* WOLFSSL_API_PREFIX_MAP */ + WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); @@ -658,6 +672,10 @@ typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx); unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, void* heap); + #ifdef WOLFSSL_API_PREFIX_MAP + #define EmbedOcspLookup wolfSSL_EmbedOcspLookup + #define EmbedOcspRespFree wolfSSL_EmbedOcspRespFree + #endif WOLFSSL_API int EmbedOcspLookup(void* ctx, const char* url, int urlSz, byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf); WOLFSSL_API void EmbedOcspRespFree(void* ctx, byte *resp); @@ -669,6 +687,9 @@ typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx); WOLFSSL_API int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, unsigned char* httpBuf, int httpBufSz); + #ifdef WOLFSSL_API_PREFIX_MAP + #define EmbedCrlLookup wolfSSL_EmbedCrlLookup + #endif WOLFSSL_API int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz); #endif