diff options
author | kasper3 <33230602+kasper3@users.noreply.github.com> | 2018-06-18 18:52:28 +0300 |
---|---|---|
committer | Marek Safar <marek.safar@gmail.com> | 2018-06-19 12:33:12 +0300 |
commit | a81ee32770b5fdc65b1c5fb664404ce1d736b342 (patch) | |
tree | 8685b7327a1d76192987dedcc4095b3e7078de37 | |
parent | eaca84d38d1e8c037c7ba47a70046f2f5d395de5 (diff) |
Convert S.S.Cryptography.Native.Apple to C (#30448)
* Rename extension .cpp to .c
* Convert S.S.Cryptography.Native.Apple to C
* Use memset instead of consts for zero-init
30 files changed, 945 insertions, 907 deletions
diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt b/src/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt index 762f405923..5639a85dc4 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt @@ -9,21 +9,21 @@ find_library(COREFOUNDATION_LIBRARY CoreFoundation) find_library(SECURITY_LIBRARY Security) set(NATIVECRYPTO_SOURCES - pal_digest.cpp - pal_ecc.cpp - pal_hmac.cpp - pal_keyagree.cpp - pal_keychain.cpp + pal_digest.c + pal_ecc.c + pal_hmac.c + pal_keyagree.c + pal_keychain.c pal_random.c - pal_rsa.cpp - pal_sec.cpp - pal_seckey.cpp - pal_signverify.cpp - pal_ssl.cpp - pal_symmetric.cpp - pal_trust.cpp - pal_x509.cpp - pal_x509chain.cpp + pal_rsa.c + pal_sec.c + pal_seckey.c + pal_signverify.c + pal_ssl.c + pal_symmetric.c + pal_trust.c + pal_x509.c + pal_x509chain.c ) add_library(System.Security.Cryptography.Native.Apple diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.c index 11b86fcee3..56d4c839ca 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.c @@ -23,22 +23,22 @@ struct digest_ctx_st } d; }; -extern "C" void AppleCryptoNative_DigestFree(DigestCtx* pDigest) +void AppleCryptoNative_DigestFree(DigestCtx* pDigest) { - if (pDigest != nullptr) + if (pDigest != NULL) { free(pDigest); } } -extern "C" DigestCtx* AppleCryptoNative_DigestCreate(PAL_HashAlgorithm algorithm, int32_t* pcbDigest) +DigestCtx* AppleCryptoNative_DigestCreate(PAL_HashAlgorithm algorithm, int32_t* pcbDigest) { - if (pcbDigest == nullptr) - return nullptr; + if (pcbDigest == NULL) + return NULL; - DigestCtx* digestCtx = reinterpret_cast<DigestCtx*>(malloc(sizeof(DigestCtx))); - if (digestCtx == nullptr) - return nullptr; + DigestCtx* digestCtx = (DigestCtx*)malloc(sizeof(DigestCtx)); + if (digestCtx == NULL) + return NULL; digestCtx->algorithm = algorithm; @@ -67,21 +67,21 @@ extern "C" DigestCtx* AppleCryptoNative_DigestCreate(PAL_HashAlgorithm algorithm default: *pcbDigest = -1; free(digestCtx); - return nullptr; + return NULL; } digestCtx->cbDigest = *pcbDigest; return digestCtx; } -extern "C" int32_t AppleCryptoNative_DigestUpdate(DigestCtx* ctx, uint8_t* pBuf, int32_t cbBuf) +int32_t AppleCryptoNative_DigestUpdate(DigestCtx* ctx, uint8_t* pBuf, int32_t cbBuf) { if (cbBuf == 0) return 1; - if (ctx == nullptr || pBuf == nullptr) + if (ctx == NULL || pBuf == NULL) return -1; - CC_LONG bufSize = static_cast<CC_LONG>(cbBuf); + CC_LONG bufSize = (CC_LONG)cbBuf; switch (ctx->algorithm) { @@ -100,9 +100,9 @@ extern "C" int32_t AppleCryptoNative_DigestUpdate(DigestCtx* ctx, uint8_t* pBuf, } } -extern "C" int32_t AppleCryptoNative_DigestFinal(DigestCtx* ctx, uint8_t* pOutput, int32_t cbOutput) +int32_t AppleCryptoNative_DigestFinal(DigestCtx* ctx, uint8_t* pOutput, int32_t cbOutput) { - if (ctx == nullptr || pOutput == nullptr || cbOutput < ctx->cbDigest) + if (ctx == NULL || pOutput == NULL || cbOutput < ctx->cbDigest) return -1; int32_t ret = 0; diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.h index b098632215..5d31aa21c8 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_digest.h @@ -5,6 +5,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <CommonCrypto/CommonCrypto.h> #include <CommonCrypto/CommonHMAC.h> @@ -25,7 +26,7 @@ typedef struct digest_ctx_st DigestCtx; /* Free the resources held by a DigestCtx */ -extern "C" void AppleCryptoNative_DigestFree(DigestCtx* pDigest); +DLLEXPORT void AppleCryptoNative_DigestFree(DigestCtx* pDigest); /* Create a digest handle for the specified algorithm. @@ -34,18 +35,18 @@ Returns NULL when the algorithm is unknown, or pcbDigest is NULL; otherwise retu to a digest context suitable for calling DigestUpdate and DigestFinal on and sets pcbDigest to the size of the digest output. */ -extern "C" DigestCtx* AppleCryptoNative_DigestCreate(PAL_HashAlgorithm algorithm, int32_t* pcbDigest); +DLLEXPORT DigestCtx* AppleCryptoNative_DigestCreate(PAL_HashAlgorithm algorithm, int32_t* pcbDigest); /* Apply cbBuf bytes of data from pBuf to the ongoing digest represented in ctx. Returns 1 on success, 0 on failure, any other value on invalid inputs/state. */ -extern "C" int32_t AppleCryptoNative_DigestUpdate(DigestCtx* ctx, uint8_t* pBuf, int32_t cbBuf); +DLLEXPORT int32_t AppleCryptoNative_DigestUpdate(DigestCtx* ctx, uint8_t* pBuf, int32_t cbBuf); /* Complete the digest in ctx, copying the results to pOutput, and reset ctx for a new digest. Returns 1 on success, 0 on failure, any other value on invalid inputs/state. */ -extern "C" int32_t AppleCryptoNative_DigestFinal(DigestCtx* ctx, uint8_t* pOutput, int32_t cbOutput); +DLLEXPORT int32_t AppleCryptoNative_DigestFinal(DigestCtx* ctx, uint8_t* pOutput, int32_t cbOutput); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c index 6c7a468907..8bcb5e514f 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c @@ -4,23 +4,23 @@ #include "pal_ecc.h" -extern "C" int32_t AppleCryptoNative_EccGenerateKey( +int32_t AppleCryptoNative_EccGenerateKey( int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus) { - if (pPublicKey != nullptr) - *pPublicKey = nullptr; - if (pPrivateKey != nullptr) - *pPrivateKey = nullptr; + if (pPublicKey != NULL) + *pPublicKey = NULL; + if (pPrivateKey != NULL) + *pPrivateKey = NULL; - if (pPublicKey == nullptr || pPrivateKey == nullptr || pOSStatus == nullptr) + if (pPublicKey == NULL || pPrivateKey == NULL || pOSStatus == NULL) return kErrorBadInput; - CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(nullptr, 2, &kCFTypeDictionaryKeyCallBacks, nullptr); + CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, NULL); - CFNumberRef cfKeySizeValue = CFNumberCreate(nullptr, kCFNumberIntType, &keySizeBits); + CFNumberRef cfKeySizeValue = CFNumberCreate(NULL, kCFNumberIntType, &keySizeBits); OSStatus status; - if (attributes != nullptr && cfKeySizeValue != nullptr) + if (attributes != NULL && cfKeySizeValue != NULL) { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeEC); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); @@ -43,18 +43,18 @@ extern "C" int32_t AppleCryptoNative_EccGenerateKey( status = errSecAllocate; } - if (attributes != nullptr) + if (attributes != NULL) CFRelease(attributes); - if (cfKeySizeValue != nullptr) + if (cfKeySizeValue != NULL) CFRelease(cfKeySizeValue); *pOSStatus = status; return status == noErr; } -extern "C" uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey) +uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey) { - if (publicKey == nullptr) + if (publicKey == NULL) { return 0; } diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h index d6253b883d..71df9e25fd 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h @@ -5,6 +5,7 @@ #pragma once #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -13,15 +14,15 @@ Generate an ECC keypair of the specified size. Returns 1 on success, 0 on failure. On failure, *pOSStatus should carry the OS failure code. */ -extern "C" int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, - SecKeychainRef tempKeychain, - SecKeyRef* pPublicKey, - SecKeyRef* pPrivateKey, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, + SecKeychainRef tempKeychain, + SecKeyRef* pPublicKey, + SecKeyRef* pPrivateKey, + int32_t* pOSStatus); /* Get the keysize, in bits, of an ECC key. Returns the keysize, in bits, of the ECC key, or 0 on error. */ -extern "C" uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey); +DLLEXPORT uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.c index 8e4f559279..1ab7dc8acb 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.c @@ -10,9 +10,9 @@ struct hmac_ctx_st CCHmacContext hmac; }; -extern "C" void AppleCryptoNative_HmacFree(HmacCtx* pHmac) +void AppleCryptoNative_HmacFree(HmacCtx* pHmac) { - if (pHmac != nullptr) + if (pHmac != NULL) { free(pHmac); } @@ -57,21 +57,21 @@ static int32_t GetHmacOutputSize(PAL_HashAlgorithm algorithm) } } -extern "C" HmacCtx* AppleCryptoNative_HmacCreate(PAL_HashAlgorithm algorithm, int32_t* pcbHmac) +HmacCtx* AppleCryptoNative_HmacCreate(PAL_HashAlgorithm algorithm, int32_t* pcbHmac) { - if (pcbHmac == nullptr) - return nullptr; + if (pcbHmac == NULL) + return NULL; CCHmacAlgorithm appleAlgId = PalAlgorithmToAppleAlgorithm(algorithm); if (appleAlgId == UINT_MAX) { *pcbHmac = -1; - return nullptr; + return NULL; } - HmacCtx* hmacCtx = reinterpret_cast<HmacCtx*>(malloc(sizeof(HmacCtx))); - if (hmacCtx == nullptr) + HmacCtx* hmacCtx = (HmacCtx*)malloc(sizeof(HmacCtx)); + if (hmacCtx == NULL) return hmacCtx; hmacCtx->appleAlgId = appleAlgId; @@ -79,33 +79,33 @@ extern "C" HmacCtx* AppleCryptoNative_HmacCreate(PAL_HashAlgorithm algorithm, in return hmacCtx; } -extern "C" int32_t AppleCryptoNative_HmacInit(HmacCtx* ctx, uint8_t* pbKey, int32_t cbKey) +int32_t AppleCryptoNative_HmacInit(HmacCtx* ctx, uint8_t* pbKey, int32_t cbKey) { - if (ctx == nullptr || cbKey < 0) + if (ctx == NULL || cbKey < 0) return 0; - if (cbKey != 0 && pbKey == nullptr) + if (cbKey != 0 && pbKey == NULL) return 0; // No return value - CCHmacInit(&ctx->hmac, ctx->appleAlgId, pbKey, static_cast<size_t>(cbKey)); + CCHmacInit(&ctx->hmac, ctx->appleAlgId, pbKey, (size_t)cbKey); return 1; } -extern "C" int32_t AppleCryptoNative_HmacUpdate(HmacCtx* ctx, uint8_t* pbData, int32_t cbData) +int32_t AppleCryptoNative_HmacUpdate(HmacCtx* ctx, uint8_t* pbData, int32_t cbData) { if (cbData == 0) return 1; - if (ctx == nullptr || pbData == nullptr) + if (ctx == NULL || pbData == NULL) return 0; // No return value - CCHmacUpdate(&ctx->hmac, pbData, static_cast<size_t>(cbData)); + CCHmacUpdate(&ctx->hmac, pbData, (size_t)cbData); return 1; } -extern "C" int32_t AppleCryptoNative_HmacFinal(HmacCtx* ctx, uint8_t* pbOutput) +int32_t AppleCryptoNative_HmacFinal(HmacCtx* ctx, uint8_t* pbOutput) { - if (ctx == nullptr || pbOutput == nullptr) + if (ctx == NULL || pbOutput == NULL) return 0; // No return value diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.h index 4bb3f2961f..12682347c8 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_hmac.h @@ -6,13 +6,14 @@ #include "pal_digest.h" #include "pal_types.h" +#include "pal_compiler.h" typedef struct hmac_ctx_st HmacCtx; /* Free a HmacCtx created by AppleCryptoNative_HmacCreate */ -extern "C" void AppleCryptoNative_HmacFree(HmacCtx* pHmac); +DLLEXPORT void AppleCryptoNative_HmacFree(HmacCtx* pHmac); /* Create an HmacCtx for the specified algorithm, receiving the hash output size in pcbHmac. @@ -22,25 +23,25 @@ it should be freed via AppleCryptoNative_HmacFree regardless of a negative pbHma Returns NULL on error, an unkeyed HmacCtx otherwise. */ -extern "C" HmacCtx* AppleCryptoNative_HmacCreate(PAL_HashAlgorithm algorithm, int32_t* pcbHmac); +DLLEXPORT HmacCtx* AppleCryptoNative_HmacCreate(PAL_HashAlgorithm algorithm, int32_t* pcbHmac); /* Initialize an HMAC to the correct key and start state. Returns 1 on success, 0 on error. */ -extern "C" int32_t AppleCryptoNative_HmacInit(HmacCtx* ctx, uint8_t* pbKey, int32_t cbKey); +DLLEXPORT int32_t AppleCryptoNative_HmacInit(HmacCtx* ctx, uint8_t* pbKey, int32_t cbKey); /* Add data into the HMAC Returns 1 on success, 0 on error. */ -extern "C" int32_t AppleCryptoNative_HmacUpdate(HmacCtx* ctx, uint8_t* pbData, int32_t cbData); +DLLEXPORT int32_t AppleCryptoNative_HmacUpdate(HmacCtx* ctx, uint8_t* pbData, int32_t cbData); /* Complete the HMAC and copy the result into pbOutput. Returns 1 on success, 0 on error. */ -extern "C" int32_t AppleCryptoNative_HmacFinal(HmacCtx* ctx, uint8_t* pbOutput); +DLLEXPORT int32_t AppleCryptoNative_HmacFinal(HmacCtx* ctx, uint8_t* pbOutput); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.c index 12561d0265..b16b3b3745 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.c @@ -4,24 +4,24 @@ #include "pal_keyagree.h" -extern "C" int32_t +int32_t AppleCryptoNative_EcdhKeyAgree(SecKeyRef privateKey, SecKeyRef publicKey, CFDataRef* pAgreeOut, CFErrorRef* pErrorOut) { - if (pAgreeOut != nullptr) - *pAgreeOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pAgreeOut != NULL) + *pAgreeOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (privateKey == nullptr || publicKey == nullptr) + if (privateKey == NULL || publicKey == NULL) return kErrorBadInput; - CFDictionaryRef dict = nullptr; + CFDictionaryRef dict = NULL; *pAgreeOut = SecKeyCopyKeyExchangeResult(privateKey, kSecKeyAlgorithmECDHKeyExchangeStandard, publicKey, dict, pErrorOut); - if (*pErrorOut != nullptr) + if (*pErrorOut != NULL) return kErrorSeeError; - return *pAgreeOut != nullptr; + return *pAgreeOut != NULL; } diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.h index fcb2097618..32c65f635a 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyagree.h @@ -5,6 +5,7 @@ #pragma once #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -13,5 +14,5 @@ Perform the EC Diffie-Hellman key agreement between the provided keys. Follows pal_seckey return conventions. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_EcdhKeyAgree(SecKeyRef privateKey, SecKeyRef publicKey, CFDataRef* pAgreeOut, CFErrorRef* pErrorOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c index 0a2d18832a..d73fde5640 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c @@ -4,15 +4,15 @@ #include "pal_keychain.h" -extern "C" int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut) +int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut) { - if (pKeychainOut != nullptr) - *pKeychainOut = nullptr; + if (pKeychainOut != NULL) + *pKeychainOut = NULL; - if (item == nullptr) + if (item == NULL) return errSecNoSuchKeychain; - auto itemType = CFGetTypeID(item); + CFTypeID itemType = CFGetTypeID(item); if (itemType == SecKeyGetTypeID() || itemType == SecIdentityGetTypeID() || itemType == SecCertificateGetTypeID()) { @@ -35,39 +35,39 @@ extern "C" int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItem return errSecParam; } -extern "C" int32_t AppleCryptoNative_SecKeychainCreate(const char* pathName, - uint32_t passphraseLength, - const uint8_t* passphraseUtf8, - SecKeychainRef* pKeychainOut) +int32_t AppleCryptoNative_SecKeychainCreate(const char* pathName, + uint32_t passphraseLength, + const uint8_t* passphraseUtf8, + SecKeychainRef* pKeychainOut) { - return SecKeychainCreate(pathName, passphraseLength, passphraseUtf8, false, nullptr, pKeychainOut); + return SecKeychainCreate(pathName, passphraseLength, passphraseUtf8, false, NULL, pKeychainOut); } -extern "C" int32_t AppleCryptoNative_SecKeychainDelete(SecKeychainRef keychain) +int32_t AppleCryptoNative_SecKeychainDelete(SecKeychainRef keychain) { return SecKeychainDelete(keychain); } -extern "C" int32_t AppleCryptoNative_SecKeychainCopyDefault(SecKeychainRef* pKeychainOut) +int32_t AppleCryptoNative_SecKeychainCopyDefault(SecKeychainRef* pKeychainOut) { - if (pKeychainOut != nullptr) - *pKeychainOut = nullptr; + if (pKeychainOut != NULL) + *pKeychainOut = NULL; return SecKeychainCopyDefault(pKeychainOut); } -extern "C" int32_t AppleCryptoNative_SecKeychainOpen(const char* pszKeychainPath, SecKeychainRef* pKeychainOut) +int32_t AppleCryptoNative_SecKeychainOpen(const char* pszKeychainPath, SecKeychainRef* pKeychainOut) { - if (pKeychainOut != nullptr) - *pKeychainOut = nullptr; + if (pKeychainOut != NULL) + *pKeychainOut = NULL; - if (pszKeychainPath == nullptr) + if (pszKeychainPath == NULL) return errSecParam; return SecKeychainOpen(pszKeychainPath, pKeychainOut); } -extern "C" int32_t AppleCryptoNative_SetKeychainNeverLock(SecKeychainRef keychain) +int32_t AppleCryptoNative_SetKeychainNeverLock(SecKeychainRef keychain) { SecKeychainSettings settings = { .version = SEC_KEYCHAIN_SETTINGS_VERS1, .useLockInterval = 0, .lockOnSleep = 0, .lockInterval = INT_MAX, @@ -79,28 +79,28 @@ extern "C" int32_t AppleCryptoNative_SetKeychainNeverLock(SecKeychainRef keychai static int32_t EnumerateKeychain(SecKeychainRef keychain, CFStringRef matchType, CFArrayRef* pCertsOut, int32_t* pOSStatus) { - if (pCertsOut != nullptr) - *pCertsOut = nullptr; - if (pOSStatus != nullptr) + if (pCertsOut != NULL) + *pCertsOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - assert(matchType != nullptr); + assert(matchType != NULL); - if (keychain == nullptr || pCertsOut == nullptr || pOSStatus == nullptr) + if (keychain == NULL || pCertsOut == NULL || pOSStatus == NULL) return -1; CFMutableDictionaryRef query = CFDictionaryCreateMutable( kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - if (query == nullptr) + if (query == NULL) return -2; int32_t ret = 0; - CFTypeRef result = nullptr; + CFTypeRef result = NULL; CFArrayRef searchList = CFArrayCreate( - nullptr, const_cast<const void**>(reinterpret_cast<void**>(&keychain)), 1, &kCFTypeArrayCallBacks); + NULL, (void**)(&keychain), 1, &kCFTypeArrayCallBacks); - if (searchList == nullptr) + if (searchList == NULL) { ret = -3; } @@ -115,14 +115,14 @@ EnumerateKeychain(SecKeychainRef keychain, CFStringRef matchType, CFArrayRef* pC if (*pOSStatus == noErr) { - if (result == nullptr || CFGetTypeID(result) != CFArrayGetTypeID()) + if (result == NULL || CFGetTypeID(result) != CFArrayGetTypeID()) { ret = -3; } else { CFRetain(result); - *pCertsOut = reinterpret_cast<CFArrayRef>(result); + *pCertsOut = (CFArrayRef)result; ret = 1; } } @@ -137,25 +137,25 @@ EnumerateKeychain(SecKeychainRef keychain, CFStringRef matchType, CFArrayRef* pC } } - if (searchList != nullptr) + if (searchList != NULL) CFRelease(searchList); - if (result != nullptr) + if (result != NULL) CFRelease(result); CFRelease(query); return ret; } -extern "C" int32_t +int32_t AppleCryptoNative_SecKeychainEnumerateCerts(SecKeychainRef keychain, CFArrayRef* pCertsOut, int32_t* pOSStatus) { return EnumerateKeychain(keychain, kSecClassCertificate, pCertsOut, pOSStatus); } -extern "C" int32_t AppleCryptoNative_SecKeychainEnumerateIdentities(SecKeychainRef keychain, - CFArrayRef* pIdentitiesOut, - int32_t* pOSStatus) +int32_t AppleCryptoNative_SecKeychainEnumerateIdentities(SecKeychainRef keychain, + CFArrayRef* pIdentitiesOut, + int32_t* pOSStatus) { return EnumerateKeychain(keychain, kSecClassIdentity, pIdentitiesOut, pOSStatus); } @@ -165,21 +165,21 @@ static OSStatus DeleteInKeychain(CFTypeRef needle, SecKeychainRef haystack) CFMutableDictionaryRef query = CFDictionaryCreateMutable( kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - if (query == nullptr) + if (query == NULL) return errSecAllocate; CFArrayRef searchList = CFArrayCreate( - nullptr, const_cast<const void**>(reinterpret_cast<void**>(&haystack)), 1, &kCFTypeArrayCallBacks); + NULL, (void**)(&haystack), 1, &kCFTypeArrayCallBacks); - if (searchList == nullptr) + if (searchList == NULL) { CFRelease(query); return errSecAllocate; } - CFArrayRef itemMatch = CFArrayCreate(nullptr, reinterpret_cast<const void**>(&needle), 1, &kCFTypeArrayCallBacks); + CFArrayRef itemMatch = CFArrayCreate(NULL, (const void**)(&needle), 1, &kCFTypeArrayCallBacks); - if (itemMatch == nullptr) + if (itemMatch == NULL) { CFRelease(searchList); CFRelease(query); @@ -216,29 +216,32 @@ static OSStatus DeleteInKeychain(CFTypeRef needle, SecKeychainRef haystack) return status; } -extern "C" int32_t +typedef const struct OpaqueSecCertificateRef * ConstSecCertificateRef; +typedef const struct OpaqueSecIdentityRef * ConstSecIdentityRef; + +int32_t AppleCryptoNative_X509StoreAddCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, int32_t* pOSStatus) { - if (pOSStatus != nullptr) + if (pOSStatus != NULL) *pOSStatus = noErr; - if (certOrIdentity == nullptr || keychain == nullptr || pOSStatus == nullptr) + if (certOrIdentity == NULL || keychain == NULL || pOSStatus == NULL) return -1; - SecCertificateRef cert = nullptr; - SecKeyRef privateKey = nullptr; + SecCertificateRef cert = NULL; + SecKeyRef privateKey = NULL; - auto inputType = CFGetTypeID(certOrIdentity); + CFTypeID inputType = CFGetTypeID(certOrIdentity); OSStatus status = noErr; if (inputType == SecCertificateGetTypeID()) { - cert = reinterpret_cast<SecCertificateRef>(const_cast<void*>(certOrIdentity)); + cert = (ConstSecCertificateRef)certOrIdentity; CFRetain(cert); } else if (inputType == SecIdentityGetTypeID()) { - SecIdentityRef identity = reinterpret_cast<SecIdentityRef>(const_cast<void*>(certOrIdentity)); + SecIdentityRef identity = (ConstSecIdentityRef)certOrIdentity; status = SecIdentityCopyCertificate(identity, &cert); if (status == noErr) @@ -251,15 +254,15 @@ AppleCryptoNative_X509StoreAddCertificate(CFTypeRef certOrIdentity, SecKeychainR return -1; } - SecKeychainItemRef itemCopy = nullptr; + SecKeychainItemRef itemCopy = NULL; // Copy the private key into the new keychain first, because it can fail due to // non-exportability. Certificates can only fail for things like I/O errors saving the // keychain back to disk. - if (status == noErr && privateKey != nullptr) + if (status == noErr && privateKey != NULL) { status = - SecKeychainItemCreateCopy(reinterpret_cast<SecKeychainItemRef>(privateKey), keychain, nullptr, &itemCopy); + SecKeychainItemCreateCopy((SecKeychainItemRef)privateKey, keychain, NULL, &itemCopy); } if (status == errSecDuplicateItem) @@ -267,18 +270,18 @@ AppleCryptoNative_X509StoreAddCertificate(CFTypeRef certOrIdentity, SecKeychainR status = noErr; } - // Since we don't care about the itemCopy we'd ideally pass nullptr to SecKeychainItemCreateCopy, + // Since we don't care about the itemCopy we'd ideally pass NULL to SecKeychainItemCreateCopy, // but even though the documentation says it can be null, clang gives an error that null isn't // allowed. - if (itemCopy != nullptr) + if (itemCopy != NULL) { CFRelease(itemCopy); - itemCopy = nullptr; + itemCopy = NULL; } - if (status == noErr && cert != nullptr) + if (status == noErr && cert != NULL) { - status = SecKeychainItemCreateCopy(reinterpret_cast<SecKeychainItemRef>(cert), keychain, nullptr, &itemCopy); + status = SecKeychainItemCreateCopy((SecKeychainItemRef)cert, keychain, NULL, &itemCopy); } if (status == errSecDuplicateItem) @@ -286,51 +289,51 @@ AppleCryptoNative_X509StoreAddCertificate(CFTypeRef certOrIdentity, SecKeychainR status = noErr; } - if (itemCopy != nullptr) + if (itemCopy != NULL) { CFRelease(itemCopy); - itemCopy = nullptr; + itemCopy = NULL; } - if (privateKey != nullptr) + if (privateKey != NULL) { CFRelease(privateKey); - privateKey = nullptr; + privateKey = NULL; } - if (cert != nullptr) + if (cert != NULL) { CFRelease(cert); - cert = nullptr; + cert = NULL; } *pOSStatus = status; return status == noErr; } -extern "C" int32_t +int32_t AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, int32_t* pOSStatus) { - if (pOSStatus != nullptr) + if (pOSStatus != NULL) *pOSStatus = noErr; - if (certOrIdentity == nullptr || keychain == nullptr || pOSStatus == nullptr) + if (certOrIdentity == NULL || keychain == NULL || pOSStatus == NULL) return -1; - SecCertificateRef cert = nullptr; - SecIdentityRef identity = nullptr; + SecCertificateRef cert = NULL; + SecIdentityRef identity = NULL; - auto inputType = CFGetTypeID(certOrIdentity); + CFTypeID inputType = CFGetTypeID(certOrIdentity); OSStatus status = noErr; if (inputType == SecCertificateGetTypeID()) { - cert = reinterpret_cast<SecCertificateRef>(const_cast<void*>(certOrIdentity)); + cert = (ConstSecCertificateRef)certOrIdentity; CFRetain(cert); } else if (inputType == SecIdentityGetTypeID()) { - identity = reinterpret_cast<SecIdentityRef>(const_cast<void*>(certOrIdentity)); + identity = (ConstSecIdentityRef)certOrIdentity; status = SecIdentityCopyCertificate(identity, &cert); if (status != noErr) @@ -347,17 +350,17 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha const int32_t kErrorUserTrust = 2; const int32_t kErrorAdminTrust = 3; - CFArrayRef settings = nullptr; + CFArrayRef settings = NULL; if (status == noErr) { status = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainUser, &settings); } - if (settings != nullptr) + if (settings != NULL) { CFRelease(settings); - settings = nullptr; + settings = NULL; } if (status == noErr) @@ -368,10 +371,10 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha status = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainAdmin, &settings); - if (settings != nullptr) + if (settings != NULL) { CFRelease(settings); - settings = nullptr; + settings = NULL; } if (status == noErr) diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h index 6a00dd6e66..96ca92ed56 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h @@ -5,6 +5,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -17,7 +18,7 @@ Errors of the item having no keychain are suppressed, returning success (0) with For all other situations, see SecKeychainItemCopyKeychain documentation. */ -extern "C" int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut); /* Create a keychain at the specified location with a given (UTF-8 encoded) lock passphrase. @@ -27,17 +28,17 @@ Returns the result of SecKeychainCreate. Output: pKeychainOut: The SecKeychainRef created by this function */ -extern "C" int32_t AppleCryptoNative_SecKeychainCreate(const char* pathName, - uint32_t passphraseLength, - const uint8_t* passphraseUtf8, - SecKeychainRef* pKeychainOut); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainCreate(const char* pathName, + uint32_t passphraseLength, + const uint8_t* passphraseUtf8, + SecKeychainRef* pKeychainOut); /* Delete a keychain, including the file on disk. Returns the result of SecKeychainDelete */ -extern "C" int32_t AppleCryptoNative_SecKeychainDelete(SecKeychainRef keychain); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainDelete(SecKeychainRef keychain); /* Open the default keychain. @@ -48,7 +49,7 @@ Returns the result of SecKeychainCopyDefault. Output: pKeyChainOut: Receives the SecKeychainRef for the default keychain. */ -extern "C" int32_t AppleCryptoNative_SecKeychainCopyDefault(SecKeychainRef* pKeychainOut); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainCopyDefault(SecKeychainRef* pKeychainOut); /* Open the named keychain (full path to the file). @@ -58,14 +59,14 @@ Returns the result of SecKeychainOpen. Output: pKeychainOut: Receives the SecKeychainRef for the named keychain. */ -extern "C" int32_t AppleCryptoNative_SecKeychainOpen(const char* pszKeychainPath, SecKeychainRef* pKeychainOut); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainOpen(const char* pszKeychainPath, SecKeychainRef* pKeychainOut); /* Set a keychain to never (automatically) lock. Returns the result of SecKeychainSetSettings to a never-auto-lock policy. */ -extern "C" int32_t AppleCryptoNative_SetKeychainNeverLock(SecKeychainRef keychain); +DLLEXPORT int32_t AppleCryptoNative_SetKeychainNeverLock(SecKeychainRef keychain); /* Enumerate the certificate objects within the given keychain. @@ -77,7 +78,7 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SecKeychainEnumerateCerts(SecKeychainRef keychain, CFArrayRef* pCertsOut, int32_t* pOSStatus); /* @@ -93,9 +94,9 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t AppleCryptoNative_SecKeychainEnumerateIdentities(SecKeychainRef keychain, - CFArrayRef* pIdentitiesOut, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_SecKeychainEnumerateIdentities(SecKeychainRef keychain, + CFArrayRef* pIdentitiesOut, + int32_t* pOSStatus); /* Add a certificate from the specified keychain. @@ -108,7 +109,7 @@ any other value is invalid Output: pOSStatus: Receives the last OSStatus value.. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_X509StoreAddCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, int32_t* pOSStatus); /* @@ -124,5 +125,5 @@ any other value is invalid Output: pOSStatus: Receives the last OSStatus value.. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, int32_t* pOSStatus); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c index d4c321fc6f..f2bc5da9e0 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c @@ -7,25 +7,25 @@ static int32_t ExecuteCFDataTransform( SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); -extern "C" int32_t AppleCryptoNative_RsaGenerateKey( +int32_t AppleCryptoNative_RsaGenerateKey( int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus) { - if (pPublicKey != nullptr) - *pPublicKey = nullptr; - if (pPrivateKey != nullptr) - *pPrivateKey = nullptr; + if (pPublicKey != NULL) + *pPublicKey = NULL; + if (pPrivateKey != NULL) + *pPrivateKey = NULL; - if (pPublicKey == nullptr || pPrivateKey == nullptr || pOSStatus == nullptr) + if (pPublicKey == NULL || pPrivateKey == NULL || pOSStatus == NULL) return kErrorBadInput; if (keySizeBits < 384 || keySizeBits > 16384) return -2; - CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(nullptr, 2, &kCFTypeDictionaryKeyCallBacks, nullptr); + CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, NULL); - CFNumberRef cfKeySizeValue = CFNumberCreate(nullptr, kCFNumberIntType, &keySizeBits); + CFNumberRef cfKeySizeValue = CFNumberCreate(NULL, kCFNumberIntType, &keySizeBits); OSStatus status; - if (attributes != nullptr && cfKeySizeValue != nullptr) + if (attributes != NULL && cfKeySizeValue != NULL) { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeRSA); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); @@ -48,9 +48,9 @@ extern "C" int32_t AppleCryptoNative_RsaGenerateKey( status = errSecAllocate; } - if (attributes != nullptr) + if (attributes != NULL) CFRelease(attributes); - if (cfKeySizeValue != nullptr) + if (cfKeySizeValue != NULL) CFRelease(cfKeySizeValue); *pOSStatus = status; @@ -80,19 +80,19 @@ static int32_t ExecuteOaepTransform(SecTransformRef xform, return ExecuteCFDataTransform(xform, pbData, cbData, pDataOut, pErrorOut); } -extern "C" int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mfgAlgorithm, - CFDataRef* pDecryptedOut, - CFErrorRef* pErrorOut) +int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mfgAlgorithm, + CFDataRef* pDecryptedOut, + CFErrorRef* pErrorOut) { - if (pDecryptedOut != nullptr) - *pDecryptedOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pDecryptedOut != NULL) + *pDecryptedOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (privateKey == nullptr || pbData == nullptr || cbData < 0 || pDecryptedOut == nullptr || pErrorOut == nullptr) + if (privateKey == NULL || pbData == NULL || cbData < 0 || pDecryptedOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } @@ -100,9 +100,9 @@ extern "C" int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, int32_t ret = kErrorSeeError; SecTransformRef decryptor = SecDecryptTransformCreate(privateKey, pErrorOut); - if (decryptor != nullptr) + if (decryptor != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { ret = ExecuteOaepTransform(decryptor, pbData, cbData, mfgAlgorithm, pDecryptedOut, pErrorOut); } @@ -113,15 +113,15 @@ extern "C" int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, return ret; } -extern "C" int32_t AppleCryptoNative_RsaDecryptPkcs( +int32_t AppleCryptoNative_RsaDecryptPkcs( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDecryptedOut, CFErrorRef* pErrorOut) { - if (pDecryptedOut != nullptr) - *pDecryptedOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pDecryptedOut != NULL) + *pDecryptedOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (privateKey == nullptr || pbData == nullptr || cbData < 0 || pDecryptedOut == nullptr || pErrorOut == nullptr) + if (privateKey == NULL || pbData == NULL || cbData < 0 || pDecryptedOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } @@ -129,9 +129,9 @@ extern "C" int32_t AppleCryptoNative_RsaDecryptPkcs( int32_t ret = kErrorSeeError; SecTransformRef decryptor = SecDecryptTransformCreate(privateKey, pErrorOut); - if (decryptor != nullptr) + if (decryptor != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { ret = ExecuteCFDataTransform(decryptor, pbData, cbData, pDecryptedOut, pErrorOut); } @@ -142,19 +142,19 @@ extern "C" int32_t AppleCryptoNative_RsaDecryptPkcs( return ret; } -extern "C" int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mgfAlgorithm, - CFDataRef* pEncryptedOut, - CFErrorRef* pErrorOut) +int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mgfAlgorithm, + CFDataRef* pEncryptedOut, + CFErrorRef* pErrorOut) { - if (pEncryptedOut != nullptr) - *pEncryptedOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pEncryptedOut != NULL) + *pEncryptedOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (publicKey == nullptr || pbData == nullptr || cbData < 0 || pEncryptedOut == nullptr || pErrorOut == nullptr) + if (publicKey == NULL || pbData == NULL || cbData < 0 || pEncryptedOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } @@ -162,9 +162,9 @@ extern "C" int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, int32_t ret = kErrorSeeError; SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut); - if (encryptor != nullptr) + if (encryptor != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { ret = ExecuteOaepTransform(encryptor, pbData, cbData, mgfAlgorithm, pEncryptedOut, pErrorOut); } @@ -175,15 +175,15 @@ extern "C" int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, return ret; } -extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs( +int32_t AppleCryptoNative_RsaEncryptPkcs( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut) { - if (pEncryptedOut != nullptr) - *pEncryptedOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pEncryptedOut != NULL) + *pEncryptedOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (publicKey == nullptr || pbData == nullptr || cbData < 0 || pEncryptedOut == nullptr || pErrorOut == nullptr) + if (publicKey == NULL || pbData == NULL || cbData < 0 || pEncryptedOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } @@ -191,9 +191,9 @@ extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs( int32_t ret = kErrorSeeError; SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut); - if (encryptor != nullptr) + if (encryptor != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { ret = ExecuteCFDataTransform(encryptor, pbData, cbData, pEncryptedOut, pErrorOut); } @@ -207,21 +207,21 @@ extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs( static int32_t ExecuteCFDataTransform( SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { - if (xform == nullptr || pbData == nullptr || cbData < 0 || pDataOut == nullptr || pErrorOut == nullptr) + if (xform == NULL || pbData == NULL || cbData < 0 || pDataOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } - *pDataOut = nullptr; - *pErrorOut = nullptr; + *pDataOut = NULL; + *pErrorOut = NULL; - CFTypeRef xformOutput = nullptr; - CFDataRef cfData = nullptr; + CFTypeRef xformOutput = NULL; + CFDataRef cfData = NULL; int32_t ret = INT_MIN; - cfData = CFDataCreateWithBytesNoCopy(nullptr, pbData, cbData, kCFAllocatorNull); + cfData = CFDataCreateWithBytesNoCopy(NULL, pbData, cbData, kCFAllocatorNull); - if (cfData == nullptr) + if (cfData == NULL) { // This probably means that there wasn't enough memory available, but no // particular failure cases are described. @@ -236,7 +236,7 @@ static int32_t ExecuteCFDataTransform( xformOutput = SecTransformExecute(xform, pErrorOut); - if (xformOutput == nullptr || *pErrorOut != nullptr) + if (xformOutput == NULL || *pErrorOut != NULL) { ret = kErrorSeeError; goto cleanup; @@ -244,7 +244,7 @@ static int32_t ExecuteCFDataTransform( if (CFGetTypeID(xformOutput) == CFDataGetTypeID()) { - CFDataRef cfDataOut = reinterpret_cast<CFDataRef>(const_cast<void*>(xformOutput)); + CFDataRef cfDataOut = (CFDataRef)xformOutput; CFRetain(cfDataOut); *pDataOut = cfDataOut; ret = 1; @@ -255,12 +255,12 @@ static int32_t ExecuteCFDataTransform( } cleanup: - if (xformOutput != nullptr) + if (xformOutput != NULL) { CFRelease(xformOutput); } - if (cfData != nullptr) + if (cfData != NULL) { CFRelease(cfData); } @@ -276,33 +276,33 @@ static int32_t RsaPrimitive(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef func(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*)) { - if (pDataOut != nullptr) - *pDataOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pDataOut != NULL) + *pDataOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (key == nullptr || pbData == nullptr || cbData < 0 || pDataOut == nullptr || pErrorOut == nullptr) + if (key == NULL || pbData == NULL || cbData < 0 || pDataOut == NULL || pErrorOut == NULL) { return kErrorBadInput; } - assert(func != nullptr); + assert(func != NULL); - CFDataRef input = CFDataCreateWithBytesNoCopy(nullptr, pbData, cbData, kCFAllocatorNull); + CFDataRef input = CFDataCreateWithBytesNoCopy(NULL, pbData, cbData, kCFAllocatorNull); CFDataRef output = func(key, algorithm, input, pErrorOut); - if (*pErrorOut != nullptr) + if (*pErrorOut != NULL) { - if (output != nullptr) + if (output != NULL) { CFRelease(output); - output = nullptr; + output = NULL; } return kErrorSeeError; } - if (output == nullptr) + if (output == NULL) { return kErrorUnknownState; } @@ -311,28 +311,28 @@ static int32_t RsaPrimitive(SecKeyRef key, return 1; } -extern "C" int32_t AppleCryptoNative_RsaSignaturePrimitive( +int32_t AppleCryptoNative_RsaSignaturePrimitive( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { return RsaPrimitive( privateKey, pbData, cbData, pDataOut, pErrorOut, kSecKeyAlgorithmRSASignatureRaw, SecKeyCreateSignature); } -extern "C" int32_t AppleCryptoNative_RsaDecryptionPrimitive( +int32_t AppleCryptoNative_RsaDecryptionPrimitive( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { return RsaPrimitive( privateKey, pbData, cbData, pDataOut, pErrorOut, kSecKeyAlgorithmRSAEncryptionRaw, SecKeyCreateDecryptedData); } -extern "C" int32_t AppleCryptoNative_RsaEncryptionPrimitive( +int32_t AppleCryptoNative_RsaEncryptionPrimitive( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { return RsaPrimitive( publicKey, pbData, cbData, pDataOut, pErrorOut, kSecKeyAlgorithmRSAEncryptionRaw, SecKeyCreateEncryptedData); } -extern "C" int32_t AppleCryptoNative_RsaVerificationPrimitive( +int32_t AppleCryptoNative_RsaVerificationPrimitive( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { // Since there's not an API which will give back the still-padded signature block with diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h index 7ffae7b8ad..ae2a8fd0f4 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h @@ -6,6 +6,7 @@ #include "pal_digest.h" #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -14,30 +15,30 @@ Generate a new RSA keypair with the specified key size, in bits. Returns 1 on success, 0 on failure. On failure, *pOSStatus should contain the OS reported error. */ -extern "C" int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits, - SecKeychainRef tempKeychain, - SecKeyRef* pPublicKey, - SecKeyRef* pPrivateKey, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits, + SecKeychainRef tempKeychain, + SecKeyRef* pPublicKey, + SecKeyRef* pPrivateKey, + int32_t* pOSStatus); /* Decrypt the contents of pbData using the provided privateKey under OAEP padding. Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mfgAlgorithm, - CFDataRef* pDecryptedOut, - CFErrorRef* pErrorOut); +DLLEXPORT int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mfgAlgorithm, + CFDataRef* pDecryptedOut, + CFErrorRef* pErrorOut); /* Decrypt the contents of pbData using the provided privateKey under PKCS#1 padding. Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaDecryptPkcs( +DLLEXPORT int32_t AppleCryptoNative_RsaDecryptPkcs( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDecryptedOut, CFErrorRef* pErrorOut); /* @@ -45,19 +46,19 @@ Encrypt pbData for the provided publicKey using OAEP padding. Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mgfAlgorithm, - CFDataRef* pEncryptedOut, - CFErrorRef* pErrorOut); +DLLEXPORT int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mgfAlgorithm, + CFDataRef* pEncryptedOut, + CFErrorRef* pErrorOut); /* Encrypt pbData for the provided publicKey using PKCS#1 padding. Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs( +DLLEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut); /* @@ -65,7 +66,7 @@ Apply an RSA private key to a signing operation on data which was already padded Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaSignaturePrimitive( +DLLEXPORT int32_t AppleCryptoNative_RsaSignaturePrimitive( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); /* @@ -73,7 +74,7 @@ Apply an RSA private key to an encryption operation to emit data which is still Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaDecryptionPrimitive( +DLLEXPORT int32_t AppleCryptoNative_RsaDecryptionPrimitive( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); /* @@ -81,7 +82,7 @@ Apply an RSA public key to an encryption operation on data which was already pad Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaEncryptionPrimitive( +DLLEXPORT int32_t AppleCryptoNative_RsaEncryptionPrimitive( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); /* @@ -89,5 +90,5 @@ Apply an RSA public key to a signing operation to emit data which is still padde Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_RsaVerificationPrimitive( +DLLEXPORT int32_t AppleCryptoNative_RsaVerificationPrimitive( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c index 72b37d43f5..5abbf37db2 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c @@ -4,7 +4,7 @@ #include "pal_sec.h" -extern "C" CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus) +CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus) { - return SecCopyErrorMessageString(osStatus, nullptr); + return SecCopyErrorMessageString(osStatus, NULL); } diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h index c00b3f74a0..4317d7268a 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h @@ -6,6 +6,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -14,4 +15,4 @@ Get an error message for an OSStatus error from the security library. Returns NULL if no message is available for the code. */ -extern "C" CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus); +DLLEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c index c88d30cb65..364c71fab1 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c @@ -4,26 +4,28 @@ #include "pal_seckey.h" -extern "C" int32_t AppleCryptoNative_SecKeyExport( +int32_t AppleCryptoNative_SecKeyExport( SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus) { - if (ppDataOut != nullptr) - *ppDataOut = nullptr; - if (pOSStatus != nullptr) + if (ppDataOut != NULL) + *ppDataOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (pKey == nullptr || ppDataOut == nullptr || pOSStatus == nullptr) + if (pKey == NULL || ppDataOut == NULL || pOSStatus == NULL) { return kErrorBadInput; } SecExternalFormat dataFormat = kSecFormatOpenSSL; - SecItemImportExportKeyParameters keyParams = {}; + SecItemImportExportKeyParameters keyParams; + memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; if (exportPrivate) { - if (cfExportPassphrase == nullptr) + if (cfExportPassphrase == NULL) { return kErrorBadInput; } @@ -37,22 +39,24 @@ extern "C" int32_t AppleCryptoNative_SecKeyExport( return (*pOSStatus == noErr); } -extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( +typedef const struct OpaqueSecKeyRef* ConstSecKeyRef; + +int32_t AppleCryptoNative_SecKeyImportEphemeral( uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus) { - if (ppKeyOut != nullptr) - *ppKeyOut = nullptr; - if (pOSStatus != nullptr) + if (ppKeyOut != NULL) + *ppKeyOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (pbKeyBlob == nullptr || cbKeyBlob < 0 || isPrivateKey < 0 || isPrivateKey > 1 || ppKeyOut == nullptr || - pOSStatus == nullptr) + if (pbKeyBlob == NULL || cbKeyBlob < 0 || isPrivateKey < 0 || isPrivateKey > 1 || ppKeyOut == NULL || + pOSStatus == NULL) { return kErrorBadInput; } int32_t ret = 0; - CFDataRef cfData = CFDataCreateWithBytesNoCopy(nullptr, pbKeyBlob, cbKeyBlob, kCFAllocatorNull); + CFDataRef cfData = CFDataCreateWithBytesNoCopy(NULL, pbKeyBlob, cbKeyBlob, kCFAllocatorNull); SecExternalFormat dataFormat = kSecFormatOpenSSL; SecExternalFormat actualFormat = dataFormat; @@ -61,10 +65,10 @@ extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( SecExternalItemType actualType = itemType; CFIndex itemCount; - CFArrayRef outItems = nullptr; - CFTypeRef outItem = nullptr; + CFArrayRef outItems = NULL; + CFTypeRef outItem = NULL; - *pOSStatus = SecItemImport(cfData, nullptr, &actualFormat, &actualType, 0, nullptr, nullptr, &outItems); + *pOSStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, NULL, NULL, &outItems); if (*pOSStatus != noErr) { @@ -78,7 +82,7 @@ extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( goto cleanup; } - if (outItems == nullptr) + if (outItems == NULL) { ret = -3; goto cleanup; @@ -100,7 +104,7 @@ extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( outItem = CFArrayGetValueAtIndex(outItems, 0); - if (outItem == nullptr) + if (outItem == NULL) { ret = -6; goto cleanup; @@ -113,11 +117,11 @@ extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( } CFRetain(outItem); - *ppKeyOut = reinterpret_cast<SecKeyRef>(const_cast<void*>(outItem)); + *ppKeyOut = (ConstSecKeyRef)outItem; ret = 1; cleanup: - if (outItems != nullptr) + if (outItems != NULL) { CFRelease(outItems); } @@ -126,9 +130,9 @@ cleanup: return ret; } -extern "C" uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey) +uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey) { - if (publicKey == nullptr) + if (publicKey == NULL) { return 0; } @@ -139,32 +143,34 @@ extern "C" uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef pu OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type) { SecExternalFormat dataFormat = kSecFormatOpenSSL; - CFDataRef exportData = nullptr; + CFDataRef exportData = NULL; + + SecItemImportExportKeyParameters keyParams; + memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); - SecItemImportExportKeyParameters keyParams = {}; keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; keyParams.passphrase = CFSTR("ExportImportPassphrase"); OSStatus status = SecItemExport(*key, dataFormat, 0, &keyParams, &exportData); CFRelease(*key); - *key = nullptr; + *key = NULL; SecExternalFormat actualFormat = dataFormat; SecExternalItemType actualType = type; - CFArrayRef outItems = nullptr; + CFArrayRef outItems = NULL; if (status == noErr) { - status = SecItemImport(exportData, nullptr, &actualFormat, &actualType, 0, nullptr, nullptr, &outItems); + status = SecItemImport(exportData, NULL, &actualFormat, &actualType, 0, NULL, NULL, &outItems); } CFRelease(exportData); - exportData = nullptr; + exportData = NULL; CFRelease(keyParams.passphrase); - keyParams.passphrase = nullptr; + keyParams.passphrase = NULL; - if (status == noErr && outItems != nullptr) + if (status == noErr && outItems != NULL) { CFIndex count = CFArrayGetCount(outItems); @@ -175,7 +181,7 @@ OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type) if (CFGetTypeID(outItem) == SecKeyGetTypeID()) { CFRetain(outItem); - *key = reinterpret_cast<SecKeyRef>(const_cast<void*>(outItem)); + *key = (ConstSecKeyRef)outItem; return noErr; } diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h index 1f32f4e705..a0f0f39b34 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h @@ -5,6 +5,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -30,7 +31,7 @@ An export passphrase is required for private keys, and ignored for public keys. Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_SecKeyExport( +DLLEXPORT int32_t AppleCryptoNative_SecKeyExport( SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus); /* @@ -45,7 +46,7 @@ but is in fact the X.509 SubjectPublicKeyInfo structure. Returns 1 on success, 0 on failure (*pOSStatus should be set) and negative numbers for various state machine errors. */ -extern "C" int32_t AppleCryptoNative_SecKeyImportEphemeral( +DLLEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral( uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus); /* @@ -56,7 +57,7 @@ For ECC the value should not be used. 0 is returned for invalid inputs. */ -extern "C" uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey); +DLLEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey); /* Export a key and re-import it to the NULL keychain. diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c index e47969929a..fe791cba0a 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c @@ -18,20 +18,20 @@ static int32_t GenerateSignature(SecKeyRef privateKey, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut) { - if (pSignatureOut != nullptr) - *pSignatureOut = nullptr; - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pSignatureOut != NULL) + *pSignatureOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (privateKey == nullptr || pbDataHash == nullptr || cbDataHash < 0 || pSignatureOut == nullptr || - pErrorOut == nullptr) + if (privateKey == NULL || pbDataHash == NULL || cbDataHash < 0 || pSignatureOut == NULL || + pErrorOut == NULL) { return kErrorBadInput; } - CFDataRef dataHash = CFDataCreateWithBytesNoCopy(nullptr, pbDataHash, cbDataHash, kCFAllocatorNull); + CFDataRef dataHash = CFDataCreateWithBytesNoCopy(NULL, pbDataHash, cbDataHash, kCFAllocatorNull); - if (dataHash == nullptr) + if (dataHash == NULL) { return kErrorUnknownState; } @@ -39,9 +39,9 @@ static int32_t GenerateSignature(SecKeyRef privateKey, int32_t ret = kErrorSeeError; SecTransformRef signer = SecSignTransformCreate(privateKey, pErrorOut); - if (signer != nullptr) + if (signer != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { if (ConfigureSignVerifyTransform(signer, dataHash, hashAlgorithm, useHashAlgorithm, pErrorOut)) { @@ -56,18 +56,18 @@ static int32_t GenerateSignature(SecKeyRef privateKey, return ret; } -extern "C" int32_t AppleCryptoNative_GenerateSignature( +int32_t AppleCryptoNative_GenerateSignature( SecKeyRef privateKey, uint8_t* pbDataHash, int32_t cbDataHash, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut) { return GenerateSignature(privateKey, pbDataHash, cbDataHash, PAL_Unknown, false, pSignatureOut, pErrorOut); } -extern "C" int32_t AppleCryptoNative_GenerateSignatureWithHashAlgorithm(SecKeyRef privateKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - PAL_HashAlgorithm hashAlgorithm, - CFDataRef* pSignatureOut, - CFErrorRef* pErrorOut) +int32_t AppleCryptoNative_GenerateSignatureWithHashAlgorithm(SecKeyRef privateKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + PAL_HashAlgorithm hashAlgorithm, + CFDataRef* pSignatureOut, + CFErrorRef* pErrorOut) { return GenerateSignature(privateKey, pbDataHash, cbDataHash, hashAlgorithm, true, pSignatureOut, pErrorOut); } @@ -81,23 +81,23 @@ static int32_t VerifySignature(SecKeyRef publicKey, bool useHashAlgorithm, CFErrorRef* pErrorOut) { - if (pErrorOut != nullptr) - *pErrorOut = nullptr; + if (pErrorOut != NULL) + *pErrorOut = NULL; - if (publicKey == nullptr || pbDataHash == nullptr || cbDataHash < 0 || pbSignature == nullptr || cbSignature < 0 || - pErrorOut == nullptr) + if (publicKey == NULL || pbDataHash == NULL || cbDataHash < 0 || pbSignature == NULL || cbSignature < 0 || + pErrorOut == NULL) return kErrorBadInput; - CFDataRef dataHash = CFDataCreateWithBytesNoCopy(nullptr, pbDataHash, cbDataHash, kCFAllocatorNull); + CFDataRef dataHash = CFDataCreateWithBytesNoCopy(NULL, pbDataHash, cbDataHash, kCFAllocatorNull); - if (dataHash == nullptr) + if (dataHash == NULL) { return kErrorUnknownState; } - CFDataRef signature = CFDataCreateWithBytesNoCopy(nullptr, pbSignature, cbSignature, kCFAllocatorNull); + CFDataRef signature = CFDataCreateWithBytesNoCopy(NULL, pbSignature, cbSignature, kCFAllocatorNull); - if (signature == nullptr) + if (signature == NULL) { CFRelease(dataHash); return kErrorUnknownState; @@ -106,9 +106,9 @@ static int32_t VerifySignature(SecKeyRef publicKey, int32_t ret = kErrorSeeError; SecTransformRef verifier = SecVerifyTransformCreate(publicKey, signature, pErrorOut); - if (verifier != nullptr) + if (verifier != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { if (ConfigureSignVerifyTransform(verifier, dataHash, hashAlgorithm, useHashAlgorithm, pErrorOut)) { @@ -125,38 +125,38 @@ static int32_t VerifySignature(SecKeyRef publicKey, return ret; } -extern "C" int32_t AppleCryptoNative_VerifySignatureWithHashAlgorithm(SecKeyRef publicKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - uint8_t* pbSignature, - int32_t cbSignature, - PAL_HashAlgorithm hashAlgorithm, - CFErrorRef* pErrorOut) +int32_t AppleCryptoNative_VerifySignatureWithHashAlgorithm(SecKeyRef publicKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + uint8_t* pbSignature, + int32_t cbSignature, + PAL_HashAlgorithm hashAlgorithm, + CFErrorRef* pErrorOut) { return VerifySignature(publicKey, pbDataHash, cbDataHash, pbSignature, cbSignature, hashAlgorithm, true, pErrorOut); } -extern "C" int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - uint8_t* pbSignature, - int32_t cbSignature, - CFErrorRef* pErrorOut) +int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + uint8_t* pbSignature, + int32_t cbSignature, + CFErrorRef* pErrorOut) { return VerifySignature(publicKey, pbDataHash, cbDataHash, pbSignature, cbSignature, PAL_Unknown, false, pErrorOut); } static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut) { - assert(signer != nullptr); - assert(pSignatureOut != nullptr); - assert(pErrorOut != nullptr); + assert(signer != NULL); + assert(pSignatureOut != NULL); + assert(pErrorOut != NULL); int32_t ret = INT_MIN; CFTypeRef signerResponse = SecTransformExecute(signer, pErrorOut); - CFDataRef signature = nullptr; + CFDataRef signature = NULL; - if (signerResponse == nullptr || *pErrorOut != nullptr) + if (signerResponse == NULL || *pErrorOut != NULL) { ret = kErrorSeeError; goto cleanup; @@ -168,7 +168,7 @@ static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatur goto cleanup; } - signature = reinterpret_cast<CFDataRef>(const_cast<void*>(signerResponse)); + signature = (CFDataRef)signerResponse; if (CFDataGetLength(signature) > 0) { @@ -181,11 +181,11 @@ static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatur else { ret = kErrorUnknownState; - *pSignatureOut = nullptr; + *pSignatureOut = NULL; } cleanup: - if (signerResponse != nullptr) + if (signerResponse != NULL) { CFRelease(signerResponse); } @@ -195,15 +195,15 @@ cleanup: static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut) { - assert(verifier != nullptr); - assert(pErrorOut != nullptr); + assert(verifier != NULL); + assert(pErrorOut != NULL); int32_t ret = kErrorSeeError; CFTypeRef verifierResponse = SecTransformExecute(verifier, pErrorOut); - if (verifierResponse != nullptr) + if (verifierResponse != NULL) { - if (*pErrorOut == nullptr) + if (*pErrorOut == NULL) { ret = (verifierResponse == kCFBooleanTrue); } @@ -232,7 +232,7 @@ static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, if (includeHashAlgorithm) { - CFStringRef cfHashName = nullptr; + CFStringRef cfHashName = NULL; int32_t hashSize = 0; switch (hashAlgorithm) @@ -266,9 +266,9 @@ static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, if (hashSize != 0) { - CFNumberRef cfHashSize = CFNumberCreate(nullptr, kCFNumberIntType, &hashSize); + CFNumberRef cfHashSize = CFNumberCreate(NULL, kCFNumberIntType, &hashSize); - if (cfHashSize == nullptr) + if (cfHashSize == NULL) { return 0; } diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h index 164bb4d611..d872649be6 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h @@ -6,6 +6,7 @@ #include "pal_digest.h" #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -14,7 +15,7 @@ Generate a signature for algorithms which require only the data hash blob, like Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_GenerateSignature( +DLLEXPORT int32_t AppleCryptoNative_GenerateSignature( SecKeyRef privateKey, uint8_t* pbDataHash, int32_t cbDataHash, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut); /* @@ -22,12 +23,12 @@ Generate a signature for algorithms which require the pair of (dataHash, algorit Follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_GenerateSignatureWithHashAlgorithm(SecKeyRef privateKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - PAL_HashAlgorithm hashAlgorithm, - CFDataRef* pSignatureOut, - CFErrorRef* pErrorOut); +DLLEXPORT int32_t AppleCryptoNative_GenerateSignatureWithHashAlgorithm(SecKeyRef privateKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + PAL_HashAlgorithm hashAlgorithm, + CFDataRef* pSignatureOut, + CFErrorRef* pErrorOut); /* Verify a signature for algorithms which only require the data hash blob, like DSA and ECDSA. @@ -35,13 +36,13 @@ Verify a signature for algorithms which only require the data hash blob, like DS Returns 1 when the signature is correct, 0 when it is incorrect, and otherwise follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_VerifySignatureWithHashAlgorithm(SecKeyRef publicKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - uint8_t* pbSignature, - int32_t cbSignature, - PAL_HashAlgorithm hashAlgorithm, - CFErrorRef* pErrorOut); +DLLEXPORT int32_t AppleCryptoNative_VerifySignatureWithHashAlgorithm(SecKeyRef publicKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + uint8_t* pbSignature, + int32_t cbSignature, + PAL_HashAlgorithm hashAlgorithm, + CFErrorRef* pErrorOut); /* Verify a signature for algorithms which require the pair of (dataHash, algorithmId), like RSA. @@ -49,9 +50,9 @@ Verify a signature for algorithms which require the pair of (dataHash, algorithm Returns 1 when the signature is correct, 0 when it is incorrect, and otherwise follows pal_seckey return conventions. */ -extern "C" int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey, - uint8_t* pbDataHash, - int32_t cbDataHash, - uint8_t* pbSignature, - int32_t cbSignature, - CFErrorRef* pErrorOut); +DLLEXPORT int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey, + uint8_t* pbDataHash, + int32_t cbDataHash, + uint8_t* pbSignature, + int32_t cbSignature, + CFErrorRef* pErrorOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c index dca5c7a013..b74819caba 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c @@ -4,15 +4,15 @@ #include "pal_ssl.h" -extern "C" SSLContextRef AppleCryptoNative_SslCreateContext(int32_t isServer) +SSLContextRef AppleCryptoNative_SslCreateContext(int32_t isServer) { if (isServer != 0 && isServer != 1) - return nullptr; + return NULL; - return SSLCreateContext(nullptr, isServer ? kSSLServerSide : kSSLClientSide, kSSLStreamType); + return SSLCreateContext(NULL, isServer ? kSSLServerSide : kSSLClientSide, kSSLStreamType); } -extern "C" int32_t AppleCryptoNative_SslSetAcceptClientCert(SSLContextRef sslContext) +int32_t AppleCryptoNative_SslSetAcceptClientCert(SSLContextRef sslContext) { // NULL and other illegal values are handled by the underlying API return SSLSetClientSideAuthenticate(sslContext, kTryAuthenticate); @@ -38,7 +38,7 @@ static SSLProtocol PalSslProtocolToSslProtocol(PAL_SslProtocol palProtocolId) } } -extern "C" int32_t AppleCryptoNative_SslSetMinProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol) +int32_t AppleCryptoNative_SslSetMinProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol) { SSLProtocol protocol = PalSslProtocolToSslProtocol(sslProtocol); @@ -49,7 +49,7 @@ extern "C" int32_t AppleCryptoNative_SslSetMinProtocolVersion(SSLContextRef sslC return SSLSetProtocolVersionMin(sslContext, protocol); } -extern "C" int32_t AppleCryptoNative_SslSetMaxProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol) +int32_t AppleCryptoNative_SslSetMaxProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol) { SSLProtocol protocol = PalSslProtocolToSslProtocol(sslProtocol); @@ -60,30 +60,30 @@ extern "C" int32_t AppleCryptoNative_SslSetMaxProtocolVersion(SSLContextRef sslC return SSLSetProtocolVersionMax(sslContext, protocol); } -extern "C" int32_t +int32_t AppleCryptoNative_SslCopyCertChain(SSLContextRef sslContext, SecTrustRef* pChainOut, int32_t* pOSStatus) { - if (pChainOut != nullptr) - *pChainOut = nullptr; - if (pOSStatus != nullptr) + if (pChainOut != NULL) + *pChainOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (sslContext == nullptr || pChainOut == nullptr || pOSStatus == nullptr) + if (sslContext == NULL || pChainOut == NULL || pOSStatus == NULL) return -1; *pOSStatus = SSLCopyPeerTrust(sslContext, pChainOut); return *pOSStatus == noErr; } -extern "C" int32_t +int32_t AppleCryptoNative_SslCopyCADistinguishedNames(SSLContextRef sslContext, CFArrayRef* pArrayOut, int32_t* pOSStatus) { - if (pArrayOut != nullptr) - *pArrayOut = nullptr; - if (pOSStatus != nullptr) + if (pArrayOut != NULL) + *pArrayOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (sslContext == nullptr || pArrayOut == nullptr || pOSStatus == nullptr) + if (sslContext == NULL || pArrayOut == NULL || pOSStatus == NULL) return -1; *pOSStatus = SSLCopyDistinguishedNames(sslContext, pArrayOut); @@ -96,7 +96,7 @@ static int32_t AppleCryptoNative_SslSetSessionOption(SSLContextRef sslContext, int32_t value, int32_t* pOSStatus) { - if (sslContext == nullptr) + if (sslContext == NULL) return -1; if (value != 0 && value != 1) @@ -107,33 +107,33 @@ static int32_t AppleCryptoNative_SslSetSessionOption(SSLContextRef sslContext, return *pOSStatus == noErr; } -extern "C" int32_t +int32_t AppleCryptoNative_SslSetBreakOnServerAuth(SSLContextRef sslContext, int32_t setBreak, int32_t* pOSStatus) { return AppleCryptoNative_SslSetSessionOption(sslContext, kSSLSessionOptionBreakOnServerAuth, setBreak, pOSStatus); } -extern "C" int32_t +int32_t AppleCryptoNative_SslSetBreakOnClientAuth(SSLContextRef sslContext, int32_t setBreak, int32_t* pOSStatus) { return AppleCryptoNative_SslSetSessionOption(sslContext, kSSLSessionOptionBreakOnClientAuth, setBreak, pOSStatus); } -extern "C" int32_t AppleCryptoNative_SslSetCertificate(SSLContextRef sslContext, CFArrayRef certRefs) +int32_t AppleCryptoNative_SslSetCertificate(SSLContextRef sslContext, CFArrayRef certRefs) { // The underlying call handles NULL inputs, so just pass it through return SSLSetCertificate(sslContext, certRefs); } -extern "C" int32_t AppleCryptoNative_SslSetTargetName(SSLContextRef sslContext, - const char* pszTargetName, - int32_t cbTargetName, - int32_t* pOSStatus) +int32_t AppleCryptoNative_SslSetTargetName(SSLContextRef sslContext, + const char* pszTargetName, + int32_t cbTargetName, + int32_t* pOSStatus) { - if (pOSStatus != nullptr) + if (pOSStatus != NULL) *pOSStatus = noErr; - if (sslContext == nullptr || pszTargetName == nullptr || pOSStatus == nullptr) + if (sslContext == NULL || pszTargetName == NULL || pOSStatus == NULL) return -1; if (cbTargetName < 0) @@ -147,21 +147,21 @@ extern "C" int32_t AppleCryptoNative_SslSetTargetName(SSLContextRef sslContext, // listen to this. So, if we've already set it, don't set it again. if (*pOSStatus == noErr && currentLength == 0) { - *pOSStatus = SSLSetPeerDomainName(sslContext, pszTargetName, static_cast<size_t>(cbTargetName)); + *pOSStatus = SSLSetPeerDomainName(sslContext, pszTargetName, (size_t)cbTargetName); } return *pOSStatus == noErr; } -extern "C" int32_t +int32_t AppleCryptoNative_SslSetIoCallbacks(SSLContextRef sslContext, SSLReadFunc readFunc, SSLWriteFunc writeFunc) { return SSLSetIOFuncs(sslContext, readFunc, writeFunc); } -extern "C" PAL_TlsHandshakeState AppleCryptoNative_SslHandshake(SSLContextRef sslContext) +PAL_TlsHandshakeState AppleCryptoNative_SslHandshake(SSLContextRef sslContext) { - if (sslContext == nullptr) + if (sslContext == NULL) return PAL_TlsHandshakeState_Unknown; OSStatus osStatus = SSLHandshake(sslContext); @@ -194,34 +194,34 @@ static PAL_TlsIo OSStatusToPAL_TlsIo(OSStatus status) } } -extern "C" PAL_TlsIo +PAL_TlsIo AppleCryptoNative_SslWrite(SSLContextRef sslContext, const uint8_t* buf, uint32_t bufLen, uint32_t* bytesWritten) { - if (bytesWritten == nullptr) + if (bytesWritten == NULL) return PAL_TlsIo_Unknown; - size_t expected = static_cast<size_t>(bufLen); + size_t expected = (size_t)bufLen; size_t totalWritten; OSStatus status = SSLWrite(sslContext, buf, expected, &totalWritten); if (status != noErr) { - *bytesWritten = static_cast<uint32_t>(totalWritten); + *bytesWritten = (uint32_t)totalWritten; return OSStatusToPAL_TlsIo(status); } return PAL_TlsIo_Success; } -extern "C" PAL_TlsIo +PAL_TlsIo AppleCryptoNative_SslRead(SSLContextRef sslContext, uint8_t* buf, uint32_t bufLen, uint32_t* written) { - if (written == nullptr) + if (written == NULL) return PAL_TlsIo_Unknown; size_t writtenSize = 0; - size_t bufSize = static_cast<size_t>(bufLen); + size_t bufSize = (size_t)bufLen; OSStatus status = SSLRead(sslContext, buf, bufSize, &writtenSize); @@ -232,11 +232,12 @@ AppleCryptoNative_SslRead(SSLContextRef sslContext, uint8_t* buf, uint32_t bufLe return PAL_TlsIo_Unknown; } - *written = static_cast<uint32_t>(writtenSize); + *written = (uint32_t)writtenSize; if (writtenSize == 0 && status == errSSLWouldBlock) { - SSLSessionState state = {}; + SSLSessionState state; + memset(&state, 0, sizeof(SSLSessionState)); OSStatus localStatus = SSLGetSessionState(sslContext, &state); if (localStatus == noErr && state == kSSLHandshake) @@ -248,25 +249,25 @@ AppleCryptoNative_SslRead(SSLContextRef sslContext, uint8_t* buf, uint32_t bufLe return OSStatusToPAL_TlsIo(status); } -extern "C" int32_t +int32_t AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHostname, CFDateRef notBefore) { - if (sslContext == nullptr || notBefore == nullptr) + if (sslContext == NULL || notBefore == NULL) return -1; - if (cfHostname == nullptr) + if (cfHostname == NULL) return -2; SecPolicyRef sslPolicy = SecPolicyCreateSSL(true, cfHostname); - if (sslPolicy == nullptr) + if (sslPolicy == NULL) return -3; CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - if (certs == nullptr) + if (certs == NULL) return -4; - SecTrustRef existingTrust = nullptr; + SecTrustRef existingTrust = NULL; OSStatus osStatus = SSLCopyPeerTrust(sslContext, &existingTrust); if (osStatus != noErr) @@ -277,7 +278,7 @@ AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHos CFMutableArrayRef anchors = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - if (anchors == nullptr) + if (anchors == NULL) { CFRelease(certs); return -6; @@ -298,7 +299,7 @@ AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHos } } - SecTrustRef trust = nullptr; + SecTrustRef trust = NULL; osStatus = SecTrustCreateWithCertificates(certs, sslPolicy, &trust); int32_t ret = INT_MIN; @@ -314,7 +315,8 @@ AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHos if (osStatus == noErr) { - SecTrustResultType trustResult = {}; + SecTrustResultType trustResult; + memset(&trustResult, 0, sizeof(SecTrustResultType)); osStatus = SecTrustEvaluate(trust, &trustResult); @@ -336,30 +338,30 @@ AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHos } } - if (trust != nullptr) + if (trust != NULL) CFRelease(trust); - if (certs != nullptr) + if (certs != NULL) CFRelease(certs); - if (anchors != nullptr) + if (anchors != NULL) CFRelease(anchors); CFRelease(sslPolicy); return ret; } -extern "C" int32_t AppleCryptoNative_SslShutdown(SSLContextRef sslContext) +int32_t AppleCryptoNative_SslShutdown(SSLContextRef sslContext) { return SSLClose(sslContext); } -extern "C" int32_t AppleCryptoNative_SslGetProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol* pProtocol) +int32_t AppleCryptoNative_SslGetProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol* pProtocol) { - if (pProtocol != nullptr) + if (pProtocol != NULL) *pProtocol = 0; - if (sslContext == nullptr || pProtocol == nullptr) + if (sslContext == NULL || pProtocol == NULL) return errSecParam; SSLProtocol protocol = kSSLProtocolUnknown; @@ -386,9 +388,9 @@ extern "C" int32_t AppleCryptoNative_SslGetProtocolVersion(SSLContextRef sslCont return osStatus; } -extern "C" int32_t AppleCryptoNative_SslGetCipherSuite(SSLContextRef sslContext, uint32_t* pCipherSuiteOut) +int32_t AppleCryptoNative_SslGetCipherSuite(SSLContextRef sslContext, uint32_t* pCipherSuiteOut) { - if (pCipherSuiteOut == nullptr) + if (pCipherSuiteOut == NULL) *pCipherSuiteOut = 0; return SSLGetNegotiatedCipher(sslContext, pCipherSuiteOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h index adc4754c41..1d9bec4d4b 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h @@ -4,6 +4,7 @@ #pragma once +#include "pal_compiler.h" #include <Security/Security.h> enum @@ -42,28 +43,28 @@ Create an SSL context, for the Server or Client role as determined by isServer. Returns NULL if an invalid boolean is given for isServer, an SSLContextRef otherwise. */ -extern "C" SSLContextRef AppleCryptoNative_SslCreateContext(int32_t isServer); +DLLEXPORT SSLContextRef AppleCryptoNative_SslCreateContext(int32_t isServer); /* Indicate that an SSL Context (in server mode) should allow a client to present a mutual auth cert. Returns The result of SSLSetClientSideAuthenticate */ -extern "C" int32_t AppleCryptoNative_SslSetAcceptClientCert(SSLContextRef sslContext); +DLLEXPORT int32_t AppleCryptoNative_SslSetAcceptClientCert(SSLContextRef sslContext); /* Assign a minimum to the TLS protocol version for this connection. Returns the output of SSLSetProtocolVersionMin */ -extern "C" int32_t AppleCryptoNative_SslSetMinProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol); +DLLEXPORT int32_t AppleCryptoNative_SslSetMinProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol); /* Assign a maximum to the TLS protocol version for this connection. Returns the output of SSLSetProtocolVersionMax */ -extern "C" int32_t AppleCryptoNative_SslSetMaxProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol); +DLLEXPORT int32_t AppleCryptoNative_SslSetMaxProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol sslProtocol); /* Get the SecTrustRef from the SSL context which represents the certificte chain. @@ -74,7 +75,7 @@ Output: pChainOut: Receives the SecTrustRef representing the populated chain pOSStatus: Receives the value returned by SSLCopyPeerTrust */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslCopyCertChain(SSLContextRef sslContext, SecTrustRef* pChainOut, int32_t* pOSStatus); /* @@ -88,7 +89,7 @@ values sent by the server. pOSStatus: Receives the output of SSLCopyDistinguishedNames. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslCopyCADistinguishedNames(SSLContextRef sslContext, CFArrayRef* pArrayOut, int32_t* pOSStatus); /* @@ -99,7 +100,7 @@ Returns 1 on success, 0 on failure, other values on invalid state. Output: pOSStatus: Receives the value returned by SSLSetSessionOption */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslSetBreakOnServerAuth(SSLContextRef sslContext, int32_t setBreak, int32_t* pOSStatus); /* @@ -110,7 +111,7 @@ Returns 1 on success, 0 on failure, other values on invalid state. Output: pOSStatus: Receives the value returned by SSLSetSessionOption */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslSetBreakOnClientAuth(SSLContextRef sslContext, int32_t setBreak, int32_t* pOSStatus); /* @@ -122,7 +123,7 @@ intermediate (non-root) certificate. Returns the output of SSLSetCertificate */ -extern "C" int32_t AppleCryptoNative_SslSetCertificate(SSLContextRef sslContext, CFArrayRef certRefs); +DLLEXPORT int32_t AppleCryptoNative_SslSetCertificate(SSLContextRef sslContext, CFArrayRef certRefs); /* Set the target hostname for SNI. pszTargetName must already be converted for IDNA if required. @@ -132,17 +133,17 @@ Returns 1 on success, 0 on failure, other values for invalid state. Output: pOSStatus: Receives the value for SSLSetPeerDomainName */ -extern "C" int32_t AppleCryptoNative_SslSetTargetName(SSLContextRef sslContext, - const char* pszTargetName, - int32_t cbTargetName, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_SslSetTargetName(SSLContextRef sslContext, + const char* pszTargetName, + int32_t cbTargetName, + int32_t* pOSStatus); /* Register the callbacks for reading and writing data to the SSL context. Returns the output of SSLSetIOFuncs. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslSetIoCallbacks(SSLContextRef sslContext, SSLReadFunc readFunc, SSLWriteFunc writeFunc); /* @@ -150,7 +151,7 @@ Pump the TLS handshake. Returns an indication of what state the error is in. Any negative number means an error occurred. */ -extern "C" PAL_TlsHandshakeState AppleCryptoNative_SslHandshake(SSLContextRef sslContext); +DLLEXPORT PAL_TlsHandshakeState AppleCryptoNative_SslHandshake(SSLContextRef sslContext); /* Take bufLen bytes of cleartext data from buf and encrypt/frame the data. @@ -163,7 +164,7 @@ bytesWritten: When any value other than PAL_TlsIo_Success is returned, receives which were read from buf. On PAL_TlsIo_Success the parameter is not written through (but must still not be NULL) */ -extern "C" PAL_TlsIo +DLLEXPORT PAL_TlsIo AppleCryptoNative_SslWrite(SSLContextRef sslContext, const uint8_t* buf, uint32_t bufLen, uint32_t* bytesWritten); /* @@ -176,7 +177,7 @@ Returns a PAL_TlsIo code indicating how to proceed. Output: written: Receives the number of bytes written into buf */ -extern "C" PAL_TlsIo +DLLEXPORT PAL_TlsIo AppleCryptoNative_SslRead(SSLContextRef sslContext, uint8_t* buf, uint32_t bufLen, uint32_t* written); /* @@ -187,7 +188,7 @@ the certificate being expired (or not yet valid). Returns 1 on match, 0 on mismatch, any other value indicates an invalid state. */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringRef cfHostname, CFDateRef notBefore); /* @@ -195,7 +196,7 @@ Generate a TLS Close alert to terminate the session. Returns the output of SSLClose */ -extern "C" int32_t AppleCryptoNative_SslShutdown(SSLContextRef sslContext); +DLLEXPORT int32_t AppleCryptoNative_SslShutdown(SSLContextRef sslContext); /* Retrieve the TLS Protocol Version (e.g. TLS1.2) for the current session. @@ -205,7 +206,7 @@ Returns the output of SSLGetNegotiatedProtocolVersion. Output: pProtocol: Receives the protocol ID. PAL_SslProtocol_None is issued on error or an unknown mapping. */ -extern "C" int32_t AppleCryptoNative_SslGetProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol* pProtocol); +DLLEXPORT int32_t AppleCryptoNative_SslGetProtocolVersion(SSLContextRef sslContext, PAL_SslProtocol* pProtocol); /* Retrieve the TLS Cipher Suite which was negotiated for the current session. @@ -216,4 +217,4 @@ Output: pProtocol: The TLS CipherSuite value (from the RFC), e.g. ((uint32_t)0xC030) for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ -extern "C" int32_t AppleCryptoNative_SslGetCipherSuite(SSLContextRef sslContext, uint32_t* pCipherSuiteOut); +DLLEXPORT int32_t AppleCryptoNative_SslGetCipherSuite(SSLContextRef sslContext, uint32_t* pCipherSuiteOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.c b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.c new file mode 100644 index 0000000000..e46dc8149c --- /dev/null +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.c @@ -0,0 +1,141 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +#include "pal_symmetric.h" + +#include <assert.h> + +c_static_assert(PAL_OperationEncrypt == kCCEncrypt); +c_static_assert(PAL_OperationDecrypt == kCCDecrypt); + +c_static_assert(PAL_AlgorithmAES == kCCAlgorithmAES128); +c_static_assert(PAL_AlgorithmDES == kCCAlgorithmDES); +c_static_assert(PAL_Algorithm3DES == kCCAlgorithm3DES); +c_static_assert(PAL_AlgorithmRC2 == kCCAlgorithmRC2); + +c_static_assert(PAL_ChainingModeECB == kCCModeECB); +c_static_assert(PAL_ChainingModeCBC == kCCModeCBC); + +c_static_assert(PAL_PaddingModeNone == ccNoPadding); +c_static_assert(PAL_PaddingModePkcs7 == ccPKCS7Padding); + +// No PAL_SymmetricOptions are currently mapped, so no asserts required. + +void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor) +{ + if (cryptor != NULL) + { + CCCryptorRelease(cryptor); + } +} + +int32_t AppleCryptoNative_CryptorCreate(PAL_SymmetricOperation operation, + PAL_SymmetricAlgorithm algorithm, + PAL_ChainingMode chainingMode, + PAL_PaddingMode paddingMode, + const uint8_t* pbKey, + int32_t cbKey, + const uint8_t* pbIv, + PAL_SymmetricOptions options, + CCCryptorRef* ppCryptorOut, + int32_t* pccStatus) +{ + if (pccStatus == NULL) + return -1; + + *pccStatus = 0; + + if (pbKey == NULL || cbKey < 1 || ppCryptorOut == NULL) + return -1; + if (pbIv == NULL && chainingMode != PAL_ChainingModeECB) + return -1; + + // Ensure we aren't passing through things we don't understand + assert(operation == PAL_OperationEncrypt || operation == PAL_OperationDecrypt); + assert(algorithm == PAL_AlgorithmAES || algorithm == PAL_AlgorithmDES || algorithm == PAL_Algorithm3DES || + algorithm == PAL_AlgorithmRC2); + assert(chainingMode == PAL_ChainingModeECB || chainingMode == PAL_ChainingModeCBC); + assert(paddingMode == PAL_PaddingModeNone || paddingMode == PAL_PaddingModePkcs7); + assert(options == 0); + + CCStatus status = CCCryptorCreateWithMode(operation, + chainingMode, + algorithm, + paddingMode, + pbIv, + pbKey, + (size_t)cbKey, + /* tweak is not supported */ NULL, + 0, + /* numRounds is not supported */ 0, + options, + ppCryptorOut); + + *pccStatus = status; + return status == kCCSuccess; +} + +int32_t AppleCryptoNative_CryptorUpdate(CCCryptorRef cryptor, + const uint8_t* pbData, + int32_t cbData, + uint32_t* pbOutput, + int32_t cbOutput, + int32_t* pcbWritten, + int32_t* pccStatus) +{ + if (pccStatus == NULL) + return -1; + + *pccStatus = 0; + + if (pbData == NULL || cbData < 0 || pbOutput == NULL || cbOutput < cbData || pcbWritten == NULL) + return -1; + + CCStatus status = CCCryptorUpdate(cryptor, + pbData, + (size_t)cbData, + pbOutput, + (size_t)cbOutput, + (size_t*)pcbWritten); + + *pccStatus = status; + return status == kCCSuccess; +} + +int32_t AppleCryptoNative_CryptorFinal( + CCCryptorRef cryptor, uint8_t* pbOutput, int32_t cbOutput, int32_t* pcbWritten, int32_t* pccStatus) +{ + if (pccStatus == NULL) + return -1; + + *pccStatus = 0; + + if (pbOutput == NULL || cbOutput < 0 || pcbWritten == NULL) + return -1; + + CCStatus status = + CCCryptorFinal(cryptor, pbOutput, (size_t)cbOutput, (size_t*)pcbWritten); + + *pccStatus = status; + return status == kCCSuccess; +} + +int32_t AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pccStatus) +{ + if (pccStatus == NULL) + return -1; + + *pccStatus = 0; + + if (cryptor == NULL) + return -1; + + // 10.13 Beta reports an error when resetting ECB, which is the only mode which has a null IV. + if (pbIv == NULL) + return 1; + + CCStatus status = CCCryptorReset(cryptor, pbIv); + *pccStatus = status; + return status == kCCSuccess; +} diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.cpp deleted file mode 100644 index 1be9e47691..0000000000 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.cpp +++ /dev/null @@ -1,141 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -#include "pal_symmetric.h" - -#include <assert.h> - -static_assert(PAL_OperationEncrypt == kCCEncrypt, ""); -static_assert(PAL_OperationDecrypt == kCCDecrypt, ""); - -static_assert(PAL_AlgorithmAES == kCCAlgorithmAES128, ""); -static_assert(PAL_AlgorithmDES == kCCAlgorithmDES, ""); -static_assert(PAL_Algorithm3DES == kCCAlgorithm3DES, ""); -static_assert(PAL_AlgorithmRC2 == kCCAlgorithmRC2, ""); - -static_assert(PAL_ChainingModeECB == kCCModeECB, ""); -static_assert(PAL_ChainingModeCBC == kCCModeCBC, ""); - -static_assert(PAL_PaddingModeNone == ccNoPadding, ""); -static_assert(PAL_PaddingModePkcs7 == ccPKCS7Padding, ""); - -// No PAL_SymmetricOptions are currently mapped, so no asserts required. - -extern "C" void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor) -{ - if (cryptor != nullptr) - { - CCCryptorRelease(cryptor); - } -} - -extern "C" int32_t AppleCryptoNative_CryptorCreate(PAL_SymmetricOperation operation, - PAL_SymmetricAlgorithm algorithm, - PAL_ChainingMode chainingMode, - PAL_PaddingMode paddingMode, - const uint8_t* pbKey, - int32_t cbKey, - const uint8_t* pbIv, - PAL_SymmetricOptions options, - CCCryptorRef* ppCryptorOut, - int32_t* pccStatus) -{ - if (pccStatus == nullptr) - return -1; - - *pccStatus = 0; - - if (pbKey == nullptr || cbKey < 1 || ppCryptorOut == nullptr) - return -1; - if (pbIv == nullptr && chainingMode != PAL_ChainingModeECB) - return -1; - - // Ensure we aren't passing through things we don't understand - assert(operation == PAL_OperationEncrypt || operation == PAL_OperationDecrypt); - assert(algorithm == PAL_AlgorithmAES || algorithm == PAL_AlgorithmDES || algorithm == PAL_Algorithm3DES || - algorithm == PAL_AlgorithmRC2); - assert(chainingMode == PAL_ChainingModeECB || chainingMode == PAL_ChainingModeCBC); - assert(paddingMode == PAL_PaddingModeNone || paddingMode == PAL_PaddingModePkcs7); - assert(options == 0); - - CCStatus status = CCCryptorCreateWithMode(operation, - chainingMode, - algorithm, - paddingMode, - pbIv, - pbKey, - static_cast<size_t>(cbKey), - /* tweak is not supported */ nullptr, - 0, - /* numRounds is not supported */ 0, - options, - ppCryptorOut); - - *pccStatus = status; - return status == kCCSuccess; -} - -extern "C" int32_t AppleCryptoNative_CryptorUpdate(CCCryptorRef cryptor, - const uint8_t* pbData, - int32_t cbData, - uint32_t* pbOutput, - int32_t cbOutput, - int32_t* pcbWritten, - int32_t* pccStatus) -{ - if (pccStatus == nullptr) - return -1; - - *pccStatus = 0; - - if (pbData == nullptr || cbData < 0 || pbOutput == nullptr || cbOutput < cbData || pcbWritten == nullptr) - return -1; - - CCStatus status = CCCryptorUpdate(cryptor, - pbData, - static_cast<size_t>(cbData), - pbOutput, - static_cast<size_t>(cbOutput), - reinterpret_cast<size_t*>(pcbWritten)); - - *pccStatus = status; - return status == kCCSuccess; -} - -extern "C" int32_t AppleCryptoNative_CryptorFinal( - CCCryptorRef cryptor, uint8_t* pbOutput, int32_t cbOutput, int32_t* pcbWritten, int32_t* pccStatus) -{ - if (pccStatus == nullptr) - return -1; - - *pccStatus = 0; - - if (pbOutput == nullptr || cbOutput < 0 || pcbWritten == nullptr) - return -1; - - CCStatus status = - CCCryptorFinal(cryptor, pbOutput, static_cast<size_t>(cbOutput), reinterpret_cast<size_t*>(pcbWritten)); - - *pccStatus = status; - return status == kCCSuccess; -} - -extern "C" int32_t AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pccStatus) -{ - if (pccStatus == nullptr) - return -1; - - *pccStatus = 0; - - if (cryptor == nullptr) - return -1; - - // 10.13 Beta reports an error when resetting ECB, which is the only mode which has a null IV. - if (pbIv == nullptr) - return 1; - - CCStatus status = CCCryptorReset(cryptor, pbIv); - *pccStatus = status; - return status == kCCSuccess; -} diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.h index feed47a5ce..458f96a869 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_symmetric.h @@ -5,6 +5,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <CommonCrypto/CommonCrypto.h> #include <CommonCrypto/CommonCryptor.h> @@ -53,7 +54,7 @@ typedef uint32_t PAL_SymmetricOptions; /* Free a CCCryptor created by AppleCryptoNative_CryptorCreate. */ -extern "C" void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor); +DLLEXPORT void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor); /* Create a CCCryptor for the described symmetric algorithm with a chosen operation, chainingMode, @@ -65,36 +66,36 @@ algorithm and assumed valid. pbIv is only allowed to be NULL for PAL_ChainingMod Returns 1 on success, 0 on system error, -1 on input error. */ -extern "C" int32_t AppleCryptoNative_CryptorCreate(PAL_SymmetricOperation operation, - PAL_SymmetricAlgorithm algorithm, - PAL_ChainingMode chainingMode, - PAL_PaddingMode paddingMode, - const uint8_t* pbKey, - int32_t cbKey, - const uint8_t* pbIv, - PAL_SymmetricOptions options, - CCCryptorRef* ppCryptorOut, - int32_t* pkCCStatus); +DLLEXPORT int32_t AppleCryptoNative_CryptorCreate(PAL_SymmetricOperation operation, + PAL_SymmetricAlgorithm algorithm, + PAL_ChainingMode chainingMode, + PAL_PaddingMode paddingMode, + const uint8_t* pbKey, + int32_t cbKey, + const uint8_t* pbIv, + PAL_SymmetricOptions options, + CCCryptorRef* ppCryptorOut, + int32_t* pkCCStatus); /* Shims CCCryptorUpdate, updating *pkCCStatus as its output. Returns 1 on success, 0 on system error, -1 on input error. */ -extern "C" int32_t AppleCryptoNative_CryptorUpdate(CCCryptorRef cryptor, - const uint8_t* pbData, - int32_t cbData, - uint32_t* pbOutput, - int32_t cbOutput, - int32_t* pcbWritten, - int32_t* pkCCStatus); +DLLEXPORT int32_t AppleCryptoNative_CryptorUpdate(CCCryptorRef cryptor, + const uint8_t* pbData, + int32_t cbData, + uint32_t* pbOutput, + int32_t cbOutput, + int32_t* pcbWritten, + int32_t* pkCCStatus); /* Shims CCCryptorFinal, updating *pkCCStatus as its output. Returns 1 on success, 0 on system error, -1 on input error. */ -extern "C" int32_t AppleCryptoNative_CryptorFinal( +DLLEXPORT int32_t AppleCryptoNative_CryptorFinal( CCCryptorRef cryptor, uint8_t* pbOutput, int32_t cbOutput, int32_t* pcbWritten, int32_t* pkCCStatus); /* @@ -102,4 +103,4 @@ Shims CCCryptorReset, updating *pkCCStatus as its output. Returns 1 on success, 0 on system error, -1 on input error. */ -extern "C" int32_t AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pkCCStatus); +DLLEXPORT int32_t AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pkCCStatus); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c index e100eac406..80f1770574 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c @@ -9,11 +9,11 @@ static bool CheckTrustMatch(SecCertificateRef cert, SecTrustSettingsResult result, OSStatus* pOSStatus) { - CFArrayRef settings = nullptr; + CFArrayRef settings = NULL; *pOSStatus = SecTrustSettingsCopyTrustSettings(cert, domain, &settings); bool isMatch = false; - if (*pOSStatus == noErr && settings != nullptr) + if (*pOSStatus == noErr && settings != NULL) { CFIndex count = CFArrayGetCount(settings); @@ -26,8 +26,8 @@ static bool CheckTrustMatch(SecCertificateRef cert, } else { - auto dictionaryTypeId = CFDictionaryGetTypeID(); - auto numberTypeId = CFNumberGetTypeID(); + CFTypeID dictionaryTypeId = CFDictionaryGetTypeID(); + CFTypeID numberTypeId = CFNumberGetTypeID(); for (CFIndex i = 0; i < count; i++) { @@ -38,7 +38,7 @@ static bool CheckTrustMatch(SecCertificateRef cert, continue; } - CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(obj); + CFDictionaryRef dict = (CFDictionaryRef)obj; if (CFDictionaryGetCount(dict) > 1) { @@ -54,10 +54,11 @@ static bool CheckTrustMatch(SecCertificateRef cert, CFTypeRef val = CFDictionaryGetValue(dict, kSecTrustSettingsResult); - if (val != nullptr && CFGetTypeID(val) == numberTypeId) + if (val != NULL && CFGetTypeID(val) == numberTypeId) { - CFNumberRef cfNum = reinterpret_cast<CFNumberRef>(val); - SecTrustSettingsResult trustValue = {}; + CFNumberRef cfNum = (CFNumberRef)val; + SecTrustSettingsResult trustValue; + memset(&trustValue, 0, sizeof(SecTrustSettingsResult)); if (CFNumberGetValue(cfNum, kCFNumberSInt32Type, &trustValue)) { @@ -69,48 +70,50 @@ static bool CheckTrustMatch(SecCertificateRef cert, } } - if (settings != nullptr) + if (settings != NULL) CFRelease(settings); return isMatch; } +typedef const struct OpaqueSecCertificateRef * ConstSecCertificateRef; + static int32_t EnumerateTrust(SecTrustSettingsDomain domain, SecTrustSettingsResult result, CFMutableArrayRef* pCertsRef, int32_t* pOSStatus) { - if (pOSStatus != nullptr) + if (pOSStatus != NULL) *pOSStatus = noErr; - if (pCertsRef == nullptr || pOSStatus == nullptr) + if (pCertsRef == NULL || pOSStatus == NULL) return -1; CFMutableArrayRef outArray; - if (*pCertsRef != nullptr) + if (*pCertsRef != NULL) { outArray = *pCertsRef; } else { - outArray = CFArrayCreateMutable(nullptr, 0, &kCFTypeArrayCallBacks); + outArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); *pCertsRef = outArray; } - if (outArray == nullptr) + if (outArray == NULL) { *pOSStatus = errSecAllocate; return 0; } - CFArrayRef certsWithTrusts = nullptr; + CFArrayRef certsWithTrusts = NULL; *pOSStatus = SecTrustSettingsCopyCertificates(domain, &certsWithTrusts); if (*pOSStatus == noErr) { CFIndex count = CFArrayGetCount(certsWithTrusts); - auto certTypeId = SecCertificateGetTypeID(); + CFTypeID certTypeId = SecCertificateGetTypeID(); for (CFIndex i = 0; i < count; i++) { @@ -121,7 +124,7 @@ static int32_t EnumerateTrust(SecTrustSettingsDomain domain, continue; } - SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(const_cast<void*>(obj)); + SecCertificateRef cert = (ConstSecCertificateRef)obj; bool isMatch = CheckTrustMatch(cert, domain, result, pOSStatus); if (*pOSStatus != noErr) @@ -142,7 +145,7 @@ static int32_t EnumerateTrust(SecTrustSettingsDomain domain, *pOSStatus = noErr; } - if (certsWithTrusts != nullptr) + if (certsWithTrusts != NULL) { CFRelease(certsWithTrusts); } @@ -154,29 +157,29 @@ static int32_t EnumerateTrust(SecTrustSettingsDomain domain, if (ret == 0 || CFArrayGetCount(outArray) == 0) { CFRelease(outArray); - *pCertsRef = nullptr; + *pCertsRef = NULL; } return ret; } -extern "C" int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) +int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) { - if (pCertsOut != nullptr) - *pCertsOut = nullptr; + if (pCertsOut != NULL) + *pCertsOut = NULL; return EnumerateTrust(kSecTrustSettingsDomainUser, kSecTrustSettingsResultTrustRoot, - const_cast<CFMutableArrayRef*>(pCertsOut), + pCertsOut, pOSStatusOut); } -extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) +int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) { - if (pCertsOut != nullptr) - *pCertsOut = nullptr; + if (pCertsOut != NULL) + *pCertsOut = NULL; - CFMutableArrayRef* pCertsRef = const_cast<CFMutableArrayRef*>(pCertsOut); + CFMutableArrayRef* pCertsRef = pCertsOut; int32_t ret = EnumerateTrust(kSecTrustSettingsDomainAdmin, kSecTrustSettingsResultTrustRoot, pCertsRef, pOSStatusOut); @@ -189,23 +192,23 @@ extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCert return ret; } -extern "C" int32_t AppleCryptoNative_StoreEnumerateUserDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) +int32_t AppleCryptoNative_StoreEnumerateUserDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) { - if (pCertsOut != nullptr) - *pCertsOut = nullptr; + if (pCertsOut != NULL) + *pCertsOut = NULL; return EnumerateTrust(kSecTrustSettingsDomainUser, kSecTrustSettingsResultDeny, - const_cast<CFMutableArrayRef*>(pCertsOut), + pCertsOut, pOSStatusOut); } -extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) +int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut) { - if (pCertsOut != nullptr) - *pCertsOut = nullptr; + if (pCertsOut != NULL) + *pCertsOut = NULL; - CFMutableArrayRef* pCertsRef = const_cast<CFMutableArrayRef*>(pCertsOut); + CFMutableArrayRef* pCertsRef = pCertsOut; int32_t ret = EnumerateTrust(kSecTrustSettingsDomainAdmin, kSecTrustSettingsResultDeny, pCertsRef, pOSStatusOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h index cea21a72c4..80ae252199 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h @@ -5,6 +5,7 @@ #pragma once #include "pal_types.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -18,7 +19,7 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); /* Enumerate the certificates which are root trusted by the machine ("admin" and "system" domains). @@ -33,11 +34,11 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); -extern "C" int32_t AppleCryptoNative_StoreEnumerateUserDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateUserDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); -extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); /* Enumerate the certificates which are disallowed by the user. @@ -49,7 +50,7 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateUserRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); /* Enumerate the certificates which are disallowed by the machine ("admin" and "system" domains). @@ -64,4 +65,4 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou (including a single match). pOSStatus: Receives the last OSStatus value. */ -extern "C" int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +DLLEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineRoot(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c index d120cbc857..f5d51eae58 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c @@ -7,27 +7,30 @@ static const int32_t kErrOutItemsNull = -3; static const int32_t kErrOutItemsEmpty = -2; -extern "C" int32_t +typedef const struct OpaqueSecCertificateRef * ConstSecCertificateRef; +typedef const struct OpaqueSecIdentityRef * ConstSecIdentityRef; + +int32_t AppleCryptoNative_X509DemuxAndRetainHandle(CFTypeRef handle, SecCertificateRef* pCertOut, SecIdentityRef* pIdentityOut) { - if (pCertOut != nullptr) - *pCertOut = nullptr; - if (pIdentityOut != nullptr) - *pIdentityOut = nullptr; + if (pCertOut != NULL) + *pCertOut = NULL; + if (pIdentityOut != NULL) + *pIdentityOut = NULL; - if (handle == nullptr || pCertOut == nullptr || pIdentityOut == nullptr) + if (handle == NULL || pCertOut == NULL || pIdentityOut == NULL) return kErrorBadInput; - auto objectType = CFGetTypeID(handle); - void* nonConstHandle = const_cast<void*>(handle); + CFTypeID objectType = CFGetTypeID(handle); + void* nonConstHandle = handle; if (objectType == SecIdentityGetTypeID()) { - *pIdentityOut = reinterpret_cast<SecIdentityRef>(nonConstHandle); + *pIdentityOut = (ConstSecIdentityRef)nonConstHandle; } else if (objectType == SecCertificateGetTypeID()) { - *pCertOut = reinterpret_cast<SecCertificateRef>(nonConstHandle); + *pCertOut = (ConstSecCertificateRef)nonConstHandle; } else { @@ -38,29 +41,29 @@ AppleCryptoNative_X509DemuxAndRetainHandle(CFTypeRef handle, SecCertificateRef* return 1; } -extern "C" int32_t +int32_t AppleCryptoNative_X509GetPublicKey(SecCertificateRef cert, SecKeyRef* pPublicKeyOut, int32_t* pOSStatusOut) { - if (pPublicKeyOut != nullptr) - *pPublicKeyOut = nullptr; - if (pOSStatusOut != nullptr) + if (pPublicKeyOut != NULL) + *pPublicKeyOut = NULL; + if (pOSStatusOut != NULL) *pOSStatusOut = noErr; - if (cert == nullptr || pPublicKeyOut == nullptr || pOSStatusOut == nullptr) + if (cert == NULL || pPublicKeyOut == NULL || pOSStatusOut == NULL) return kErrorBadInput; *pOSStatusOut = SecCertificateCopyPublicKey(cert, pPublicKeyOut); return (*pOSStatusOut == noErr); } -extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_t cbData) +PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_t cbData) { - if (pbData == nullptr || cbData < 0) + if (pbData == NULL || cbData < 0) return PAL_X509Unknown; - CFDataRef cfData = CFDataCreateWithBytesNoCopy(nullptr, pbData, cbData, kCFAllocatorNull); + CFDataRef cfData = CFDataCreateWithBytesNoCopy(NULL, pbData, cbData, kCFAllocatorNull); - if (cfData == nullptr) + if (cfData == NULL) return PAL_X509Unknown; // The sniffing order is: @@ -74,9 +77,9 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD // // Likewise, if the X509 DER check isn't done first, Apple will report it as // being a PKCS#7. - SecCertificateRef certref = SecCertificateCreateWithData(nullptr, cfData); + SecCertificateRef certref = SecCertificateCreateWithData(NULL, cfData); - if (certref != nullptr) + if (certref != NULL) { CFRelease(certref); return PAL_Certificate; @@ -87,7 +90,7 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD SecExternalItemType itemType = kSecItemTypeAggregate; SecExternalItemType actualType = itemType; - OSStatus osStatus = SecItemImport(cfData, nullptr, &actualFormat, &actualType, 0, nullptr, nullptr, nullptr); + OSStatus osStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, NULL, NULL, NULL); if (osStatus == noErr) { @@ -102,7 +105,7 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD itemType = kSecItemTypeAggregate; actualType = itemType; - osStatus = SecItemImport(cfData, nullptr, &actualFormat, &actualType, 0, nullptr, nullptr, nullptr); + osStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, NULL, NULL, NULL); if (osStatus == errSecPassphraseRequired) { @@ -111,14 +114,16 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD itemType = kSecItemTypeAggregate; actualType = itemType; - SecItemImportExportKeyParameters importParams = {}; + SecItemImportExportKeyParameters importParams; + memset(&importParams, 0, sizeof(SecItemImportExportKeyParameters)); + importParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; importParams.passphrase = CFSTR(""); - osStatus = SecItemImport(cfData, nullptr, &actualFormat, &actualType, 0, &importParams, nullptr, nullptr); + osStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, &importParams, NULL, NULL); CFRelease(importParams.passphrase); - importParams.passphrase = nullptr; + importParams.passphrase = NULL; } if (osStatus == noErr || osStatus == errSecPkcs12VerifyFailure) @@ -134,7 +139,7 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD itemType = kSecItemTypeCertificate; actualType = itemType; - osStatus = SecItemImport(cfData, nullptr, &actualFormat, &actualType, 0, nullptr, nullptr, nullptr); + osStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, NULL, NULL, NULL); if (osStatus == noErr) { @@ -149,10 +154,10 @@ extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbD static int32_t ProcessCertificateTypeReturn(CFArrayRef items, SecCertificateRef* pCertOut, SecIdentityRef* pIdentityOut) { - assert(pCertOut != nullptr && *pCertOut == nullptr); - assert(pIdentityOut != nullptr && *pIdentityOut == nullptr); + assert(pCertOut != NULL && *pCertOut == NULL); + assert(pIdentityOut != NULL && *pIdentityOut == NULL); - if (items == nullptr) + if (items == NULL) { return kErrOutItemsNull; } @@ -164,25 +169,25 @@ static int32_t ProcessCertificateTypeReturn(CFArrayRef items, SecCertificateRef* return kErrOutItemsEmpty; } - CFTypeRef bestItem = nullptr; + CFTypeRef bestItem = NULL; for (CFIndex i = 0; i < itemCount; i++) { CFTypeRef current = CFArrayGetValueAtIndex(items, i); - auto currentItemType = CFGetTypeID(current); + CFTypeID currentItemType = CFGetTypeID(current); if (currentItemType == SecIdentityGetTypeID()) { bestItem = current; break; } - else if (bestItem == nullptr && currentItemType == SecCertificateGetTypeID()) + else if (bestItem == NULL && currentItemType == SecCertificateGetTypeID()) { bestItem = current; } } - if (bestItem == nullptr) + if (bestItem == NULL) { return -13; } @@ -190,14 +195,14 @@ static int32_t ProcessCertificateTypeReturn(CFArrayRef items, SecCertificateRef* if (CFGetTypeID(bestItem) == SecCertificateGetTypeID()) { CFRetain(bestItem); - *pCertOut = reinterpret_cast<SecCertificateRef>(const_cast<void*>(bestItem)); + *pCertOut = (ConstSecCertificateRef)bestItem; return 1; } if (CFGetTypeID(bestItem) == SecIdentityGetTypeID()) { CFRetain(bestItem); - *pIdentityOut = reinterpret_cast<SecIdentityRef>(const_cast<void*>(bestItem)); + *pIdentityOut = (ConstSecIdentityRef)bestItem; return 1; } @@ -205,19 +210,19 @@ static int32_t ProcessCertificateTypeReturn(CFArrayRef items, SecCertificateRef* return -19; } -extern "C" int32_t AppleCryptoNative_X509CopyCertFromIdentity(SecIdentityRef identity, SecCertificateRef* pCertOut) +int32_t AppleCryptoNative_X509CopyCertFromIdentity(SecIdentityRef identity, SecCertificateRef* pCertOut) { - if (pCertOut != nullptr) - *pCertOut = nullptr; + if (pCertOut != NULL) + *pCertOut = NULL; // This function handles null inputs for both identity and cert. return SecIdentityCopyCertificate(identity, pCertOut); } -extern "C" int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut) +int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut) { - if (pPrivateKeyOut != nullptr) - *pPrivateKeyOut = nullptr; + if (pPrivateKeyOut != NULL) + *pPrivateKeyOut = NULL; // This function handles null inputs for both identity and key return SecIdentityCopyPrivateKey(identity, pPrivateKeyOut); @@ -234,19 +239,21 @@ static int32_t ReadX509(uint8_t* pbData, CFArrayRef* pCollectionOut, int32_t* pOSStatus) { - assert(pbData != nullptr); + assert(pbData != NULL); assert(cbData >= 0); - assert((pCertOut == nullptr) == (pIdentityOut == nullptr)); - assert((pCertOut == nullptr) != (pCollectionOut == nullptr)); + assert((pCertOut == NULL) == (pIdentityOut == NULL)); + assert((pCertOut == NULL) != (pCollectionOut == NULL)); SecExternalFormat dataFormat; SecExternalItemType itemType; int32_t ret = 0; - CFArrayRef outItems = nullptr; - CFMutableArrayRef keyAttributes = nullptr; - SecKeychainRef importKeychain = nullptr; + CFArrayRef outItems = NULL; + CFMutableArrayRef keyAttributes = NULL; + SecKeychainRef importKeychain = NULL; + + SecItemImportExportKeyParameters importParams; + memset(&importParams, 0, sizeof(SecItemImportExportKeyParameters)); - SecItemImportExportKeyParameters importParams = {}; importParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; if (contentType == PAL_Certificate) @@ -267,27 +274,27 @@ static int32_t ReadX509(uint8_t* pbData, importParams.passphrase = cfPfxPassphrase; importKeychain = keychain; - if (keychain == nullptr) + if (keychain == NULL) { return kErrorBadInput; } - // if keyAttributes is nullptr then it uses SENSITIVE | EXTRACTABLE + // if keyAttributes is NULL then it uses SENSITIVE | EXTRACTABLE // so if !exportable was requested, assert SENSITIVE. if (!exportable) { - keyAttributes = CFArrayCreateMutable(nullptr, 9, &kCFTypeArrayCallBacks); + keyAttributes = CFArrayCreateMutable(NULL, 9, &kCFTypeArrayCallBacks); - if (keyAttributes == nullptr) + if (keyAttributes == NULL) { *pOSStatus = errSecAllocate; return 0; } int32_t sensitiveValue = CSSM_KEYATTR_SENSITIVE; - CFNumberRef sensitive = CFNumberCreate(nullptr, kCFNumberSInt32Type, &sensitiveValue); + CFNumberRef sensitive = CFNumberCreate(NULL, kCFNumberSInt32Type, &sensitiveValue); - if (sensitive == nullptr) + if (sensitive == NULL) { CFRelease(keyAttributes); *pOSStatus = errSecAllocate; @@ -306,38 +313,38 @@ static int32_t ReadX509(uint8_t* pbData, return 0; } - CFDataRef cfData = CFDataCreateWithBytesNoCopy(nullptr, pbData, cbData, kCFAllocatorNull); + CFDataRef cfData = CFDataCreateWithBytesNoCopy(NULL, pbData, cbData, kCFAllocatorNull); - if (cfData == nullptr) + if (cfData == NULL) { *pOSStatus = errSecAllocate; } if (*pOSStatus == noErr) { - *pOSStatus = SecItemImport(cfData, nullptr, &dataFormat, &itemType, 0, &importParams, keychain, &outItems); + *pOSStatus = SecItemImport(cfData, NULL, &dataFormat, &itemType, 0, &importParams, keychain, &outItems); } - if (contentType == PAL_Pkcs12 && *pOSStatus == errSecPassphraseRequired && cfPfxPassphrase == nullptr) + if (contentType == PAL_Pkcs12 && *pOSStatus == errSecPassphraseRequired && cfPfxPassphrase == NULL) { - if (outItems != nullptr) + if (outItems != NULL) { CFRelease(outItems); - outItems = nullptr; + outItems = NULL; } // Try again with the empty string passphrase. importParams.passphrase = CFSTR(""); - *pOSStatus = SecItemImport(cfData, nullptr, &dataFormat, &itemType, 0, &importParams, keychain, &outItems); + *pOSStatus = SecItemImport(cfData, NULL, &dataFormat, &itemType, 0, &importParams, keychain, &outItems); CFRelease(importParams.passphrase); - importParams.passphrase = nullptr; + importParams.passphrase = NULL; } if (*pOSStatus == noErr) { - if (pCollectionOut != nullptr) + if (pCollectionOut != NULL) { CFRetain(outItems); *pCollectionOut = outItems; @@ -349,12 +356,12 @@ static int32_t ReadX509(uint8_t* pbData, } } - if (keyAttributes != nullptr) + if (keyAttributes != NULL) { CFRelease(keyAttributes); } - if (outItems != nullptr) + if (outItems != NULL) { // In the event this is returned via pCollectionOut it was already // CFRetain()ed, so always CFRelease here. @@ -365,21 +372,21 @@ static int32_t ReadX509(uint8_t* pbData, return ret; } -extern "C" int32_t AppleCryptoNative_X509ImportCollection(uint8_t* pbData, - int32_t cbData, - PAL_X509ContentType contentType, - CFStringRef cfPfxPassphrase, - SecKeychainRef keychain, - int32_t exportable, - CFArrayRef* pCollectionOut, - int32_t* pOSStatus) +int32_t AppleCryptoNative_X509ImportCollection(uint8_t* pbData, + int32_t cbData, + PAL_X509ContentType contentType, + CFStringRef cfPfxPassphrase, + SecKeychainRef keychain, + int32_t exportable, + CFArrayRef* pCollectionOut, + int32_t* pOSStatus) { - if (pCollectionOut != nullptr) - *pCollectionOut = nullptr; - if (pOSStatus != nullptr) + if (pCollectionOut != NULL) + *pCollectionOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (pbData == nullptr || cbData < 0 || pCollectionOut == nullptr || pOSStatus == nullptr || + if (pbData == NULL || cbData < 0 || pCollectionOut == NULL || pOSStatus == NULL || exportable != !!exportable) { return kErrorBadInput; @@ -390,31 +397,31 @@ extern "C" int32_t AppleCryptoNative_X509ImportCollection(uint8_t* pbData, contentType, cfPfxPassphrase, keychain, - static_cast<bool>(exportable), - nullptr, - nullptr, + (bool)exportable, + NULL, + NULL, pCollectionOut, pOSStatus); } -extern "C" int32_t AppleCryptoNative_X509ImportCertificate(uint8_t* pbData, - int32_t cbData, - PAL_X509ContentType contentType, - CFStringRef cfPfxPassphrase, - SecKeychainRef keychain, - int32_t exportable, - SecCertificateRef* pCertOut, - SecIdentityRef* pIdentityOut, - int32_t* pOSStatus) +int32_t AppleCryptoNative_X509ImportCertificate(uint8_t* pbData, + int32_t cbData, + PAL_X509ContentType contentType, + CFStringRef cfPfxPassphrase, + SecKeychainRef keychain, + int32_t exportable, + SecCertificateRef* pCertOut, + SecIdentityRef* pIdentityOut, + int32_t* pOSStatus) { - if (pCertOut != nullptr) - *pCertOut = nullptr; - if (pIdentityOut != nullptr) - *pIdentityOut = nullptr; - if (pOSStatus != nullptr) + if (pCertOut != NULL) + *pCertOut = NULL; + if (pIdentityOut != NULL) + *pIdentityOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (pbData == nullptr || cbData < 0 || pCertOut == nullptr || pIdentityOut == nullptr || pOSStatus == nullptr || + if (pbData == NULL || cbData < 0 || pCertOut == NULL || pIdentityOut == NULL || pOSStatus == NULL || exportable != !!exportable) { return kErrorBadInput; @@ -425,25 +432,25 @@ extern "C" int32_t AppleCryptoNative_X509ImportCertificate(uint8_t* pbData, contentType, cfPfxPassphrase, keychain, - static_cast<bool>(exportable), + (bool)exportable, pCertOut, pIdentityOut, - nullptr, + NULL, pOSStatus); } -extern "C" int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, - PAL_X509ContentType type, - CFStringRef cfExportPassphrase, - CFDataRef* pExportOut, - int32_t* pOSStatus) +int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, + PAL_X509ContentType type, + CFStringRef cfExportPassphrase, + CFDataRef* pExportOut, + int32_t* pOSStatus) { - if (pExportOut != nullptr) - *pExportOut = nullptr; - if (pOSStatus != nullptr) + if (pExportOut != NULL) + *pExportOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (data == nullptr || pExportOut == nullptr || pOSStatus == nullptr) + if (data == NULL || pExportOut == NULL || pOSStatus == NULL) { return kErrorBadInput; } @@ -462,7 +469,9 @@ extern "C" int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, return kErrorBadInput; } - SecItemImportExportKeyParameters keyParams = {}; + SecItemImportExportKeyParameters keyParams; + memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; keyParams.passphrase = cfExportPassphrase; @@ -471,18 +480,20 @@ extern "C" int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, return *pOSStatus == noErr; } -extern "C" int32_t AppleCryptoNative_X509GetRawData(SecCertificateRef cert, CFDataRef* ppDataOut, int32_t* pOSStatus) +int32_t AppleCryptoNative_X509GetRawData(SecCertificateRef cert, CFDataRef* ppDataOut, int32_t* pOSStatus) { - if (ppDataOut != nullptr) - *ppDataOut = nullptr; - if (pOSStatus != nullptr) + if (ppDataOut != NULL) + *ppDataOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (cert == nullptr || ppDataOut == nullptr || pOSStatus == nullptr) + if (cert == NULL || ppDataOut == NULL || pOSStatus == NULL) return kErrorBadInput; SecExternalFormat dataFormat = kSecFormatX509Cert; - SecItemImportExportKeyParameters keyParams = {}; + SecItemImportExportKeyParameters keyParams; + memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; *pOSStatus = SecItemExport(cert, dataFormat, 0, &keyParams, ppDataOut); @@ -497,9 +508,11 @@ static OSStatus AddKeyToKeychain(SecKeyRef privateKey, SecKeychainRef targetKeyc // c) Doesn't return/emit the imported key reference. // d) Works on private keys. SecExternalFormat dataFormat = kSecFormatWrappedPKCS8; - CFDataRef exportData = nullptr; + CFDataRef exportData = NULL; + + SecItemImportExportKeyParameters keyParams; + memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); - SecItemImportExportKeyParameters keyParams = {}; keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; keyParams.passphrase = CFSTR("ExportImportPassphrase"); @@ -507,47 +520,47 @@ static OSStatus AddKeyToKeychain(SecKeyRef privateKey, SecKeychainRef targetKeyc SecExternalFormat actualFormat = dataFormat; SecExternalItemType actualType = kSecItemTypePrivateKey; - CFArrayRef outItems = nullptr; + CFArrayRef outItems = NULL; if (status == noErr) { status = - SecItemImport(exportData, nullptr, &actualFormat, &actualType, 0, &keyParams, targetKeychain, &outItems); + SecItemImport(exportData, NULL, &actualFormat, &actualType, 0, &keyParams, targetKeychain, &outItems); } - if (exportData != nullptr) + if (exportData != NULL) CFRelease(exportData); CFRelease(keyParams.passphrase); - keyParams.passphrase = nullptr; + keyParams.passphrase = NULL; - if (outItems != nullptr) + if (outItems != NULL) CFRelease(outItems); return status; } -extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert, - SecKeyRef privateKey, - SecKeychainRef targetKeychain, - SecIdentityRef* pIdentityOut, - int32_t* pOSStatus) +int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert, + SecKeyRef privateKey, + SecKeychainRef targetKeychain, + SecIdentityRef* pIdentityOut, + int32_t* pOSStatus) { - if (pIdentityOut != nullptr) - *pIdentityOut = nullptr; - if (pOSStatus != nullptr) + if (pIdentityOut != NULL) + *pIdentityOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (cert == nullptr || privateKey == nullptr || targetKeychain == nullptr || pIdentityOut == nullptr || - pOSStatus == nullptr) + if (cert == NULL || privateKey == NULL || targetKeychain == NULL || pIdentityOut == NULL || + pOSStatus == NULL) { return -1; } - SecKeychainRef keyKeychain = nullptr; + SecKeychainRef keyKeychain = NULL; - OSStatus status = SecKeychainItemCopyKeychain(reinterpret_cast<SecKeychainItemRef>(privateKey), &keyKeychain); - SecKeychainItemRef itemCopy = nullptr; + OSStatus status = SecKeychainItemCopyKeychain((SecKeychainItemRef)privateKey, &keyKeychain); + SecKeychainItemRef itemCopy = NULL; // This only happens with an ephemeral key, so the keychain we're adding it to is temporary. if (status == errSecNoSuchKeychain) @@ -555,51 +568,51 @@ extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef ce status = AddKeyToKeychain(privateKey, targetKeychain); } - if (itemCopy != nullptr) + if (itemCopy != NULL) { CFRelease(itemCopy); } - CFMutableDictionaryRef query = nullptr; + CFMutableDictionaryRef query = NULL; if (status == noErr) { query = CFDictionaryCreateMutable( kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - if (query == nullptr) + if (query == NULL) { status = errSecAllocate; } } - CFArrayRef searchList = nullptr; + CFArrayRef searchList = NULL; if (status == noErr) { searchList = CFArrayCreate( - nullptr, const_cast<const void**>(reinterpret_cast<void**>(&targetKeychain)), 1, &kCFTypeArrayCallBacks); + NULL, (void**)(&targetKeychain), 1, &kCFTypeArrayCallBacks); - if (searchList == nullptr) + if (searchList == NULL) { status = errSecAllocate; } } - CFArrayRef itemMatch = nullptr; + CFArrayRef itemMatch = NULL; if (status == noErr) { itemMatch = CFArrayCreate( - nullptr, const_cast<const void**>(reinterpret_cast<void**>(&cert)), 1, &kCFTypeArrayCallBacks); + NULL, (void**)(&cert), 1, &kCFTypeArrayCallBacks); - if (itemMatch == nullptr) + if (itemMatch == NULL) { status = errSecAllocate; } } - CFTypeRef result = nullptr; + CFTypeRef result = NULL; if (status == noErr) { @@ -610,10 +623,10 @@ extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef ce status = SecItemCopyMatching(query, &result); - if (status != noErr && result != nullptr) + if (status != noErr && result != NULL) { CFRelease(result); - result = nullptr; + result = NULL; } bool added = false; @@ -625,12 +638,12 @@ extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef ce added = (status == noErr); } - if (result == nullptr && status == noErr) + if (result == NULL && status == noErr) { status = SecItemCopyMatching(query, &result); } - if (result != nullptr && status == noErr) + if (result != NULL && status == noErr) { if (CFGetTypeID(result) != SecIdentityGetTypeID()) @@ -639,7 +652,7 @@ extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef ce } else { - SecIdentityRef identity = reinterpret_cast<SecIdentityRef>(const_cast<void*>(result)); + SecIdentityRef identity = (ConstSecIdentityRef)result; CFRetain(identity); *pIdentityOut = identity; } @@ -658,19 +671,19 @@ extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef ce } } - if (result != nullptr) + if (result != NULL) CFRelease(result); - if (itemMatch != nullptr) + if (itemMatch != NULL) CFRelease(itemMatch); - if (searchList != nullptr) + if (searchList != NULL) CFRelease(searchList); - if (query != nullptr) + if (query != NULL) CFRelease(query); - if (keyKeychain != nullptr) + if (keyKeychain != NULL) CFRelease(keyKeychain); *pOSStatus = status; diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h index 597ab28256..544a940e50 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h @@ -6,6 +6,7 @@ #include "pal_digest.h" #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -31,7 +32,7 @@ Output: pCertOut: If handle is a certificate, receives handle, otherwise NULL pIdentityut: If handle is an identity, receives handle, otherwise NULL */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_X509DemuxAndRetainHandle(CFTypeRef handle, SecCertificateRef* pCertOut, SecIdentityRef* pIdentityOut); /* @@ -43,7 +44,7 @@ Output: pPublicKeyOut: Receives a CFRetain()ed SecKeyRef for the public key pOSStatusOut: Receives the result of SecCertificateCopyPublicKey */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_X509GetPublicKey(SecCertificateRef cert, SecKeyRef* pPublicKeyOut, int32_t* pOSStatusOut); /* @@ -51,7 +52,7 @@ Determines the data type of the provided input. Returns the data (format) type of the provided input, PAL_X509Unknown if it cannot be determined. */ -extern "C" PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_t cbData); +DLLEXPORT PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_t cbData); /* Extract a SecCertificateRef for the certificate from an identity handle. @@ -61,7 +62,7 @@ Returns the result of SecIdentityCopyCertificate. Output: pCertOut: Receives a SecCertificateRef for the certificate associated with the identity */ -extern "C" int32_t AppleCryptoNative_X509CopyCertFromIdentity(SecIdentityRef identity, SecCertificateRef* pCertOut); +DLLEXPORT int32_t AppleCryptoNative_X509CopyCertFromIdentity(SecIdentityRef identity, SecCertificateRef* pCertOut); /* Extract a SecKeyRef for the private key from an identity handle. @@ -71,7 +72,7 @@ Returns the result of SecIdentityCopyPrivateKey Output: pPrivateKeyOut: Receives a SecKeyRef for the private key associated with the identity */ -extern "C" int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut); +DLLEXPORT int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut); /* Read cbData bytes of data from pbData and interpret it to a collection of certificates (or identities). @@ -89,14 +90,14 @@ pCollectionOut: Receives an array which contains SecCertificateRef, SecIdentityR read out of the provided blob pOSStatus: Receives the output of SecItemImport for the last attempted read */ -extern "C" int32_t AppleCryptoNative_X509ImportCollection(uint8_t* pbData, - int32_t cbData, - PAL_X509ContentType contentType, - CFStringRef cfPfxPassphrase, - SecKeychainRef keychain, - int32_t exportable, - CFArrayRef* pCollectionOut, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_X509ImportCollection(uint8_t* pbData, + int32_t cbData, + PAL_X509ContentType contentType, + CFStringRef cfPfxPassphrase, + SecKeychainRef keychain, + int32_t exportable, + CFArrayRef* pCollectionOut, + int32_t* pOSStatus); /* Read cbData bytes of data from pbData and interpret it to a single certificate (or identity). @@ -119,15 +120,15 @@ pCertOut: If the best matched value was a certificate, receives the SecCertifica pIdentityOut: If the best matched value was an identity, receives the SecIdentityRef, otherwise receives NULL pOSStatus: Receives the return of the last call to SecItemImport */ -extern "C" int32_t AppleCryptoNative_X509ImportCertificate(uint8_t* pbData, - int32_t cbData, - PAL_X509ContentType contentType, - CFStringRef cfPfxPassphrase, - SecKeychainRef keychain, - int32_t exportable, - SecCertificateRef* pCertOut, - SecIdentityRef* pIdentityOut, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_X509ImportCertificate(uint8_t* pbData, + int32_t cbData, + PAL_X509ContentType contentType, + CFStringRef cfPfxPassphrase, + SecKeychainRef keychain, + int32_t exportable, + SecCertificateRef* pCertOut, + SecIdentityRef* pIdentityOut, + int32_t* pOSStatus); /* Export the certificates (or identities) in data to the requested format type. @@ -140,7 +141,7 @@ Output: pExportOut: Receives a CFDataRef with the exported blob pOSStatus: Receives the result of SecItemExport */ -extern "C" int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, +DLLEXPORT int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, PAL_X509ContentType type, CFStringRef cfExportPassphrase, CFDataRef* pExportOut, @@ -155,7 +156,7 @@ Output: ppDataOut: Receives a CFDataRef with the exported blob pOSStatus: Receives the result of SecItemExport */ -extern "C" int32_t AppleCryptoNative_X509GetRawData(SecCertificateRef cert, CFDataRef* ppDataOut, int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_X509GetRawData(SecCertificateRef cert, CFDataRef* ppDataOut, int32_t* pOSStatus); /* Find a SecIdentityRef for the given cert and private key in the target keychain. @@ -168,8 +169,8 @@ Output: pIdentityOut: Receives the SecIdentityRef of the mated cert/key pair. pOSStatus: Receives the result of the last executed system call. */ -extern "C" int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert, - SecKeyRef privateKey, - SecKeychainRef targetKeychain, - SecIdentityRef* pIdentityOut, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert, + SecKeyRef privateKey, + SecKeychainRef targetKeychain, + SecIdentityRef* pIdentityOut, + int32_t* pOSStatus); diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.cpp b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.c index 4bed8b8940..276da31ff8 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.c @@ -8,44 +8,44 @@ #define kCFCoreFoundationVersionNumber10_12 1348.00 #endif -extern "C" SecPolicyRef AppleCryptoNative_X509ChainCreateDefaultPolicy() +SecPolicyRef AppleCryptoNative_X509ChainCreateDefaultPolicy() { // Disable on macOS 10.11 and lower due to segfaults within Security.framework. if (kCFCoreFoundationVersionNumber < kCFCoreFoundationVersionNumber10_12) - return nullptr; + return NULL; return SecPolicyCreateBasicX509(); } -extern "C" SecPolicyRef AppleCryptoNative_X509ChainCreateRevocationPolicy() +SecPolicyRef AppleCryptoNative_X509ChainCreateRevocationPolicy() { return SecPolicyCreateRevocation(kSecRevocationUseAnyAvailableMethod | kSecRevocationRequirePositiveResponse); } -extern "C" int32_t +int32_t AppleCryptoNative_X509ChainCreate(CFTypeRef certs, CFTypeRef policies, SecTrustRef* pTrustOut, int32_t* pOSStatus) { - if (pTrustOut != nullptr) - *pTrustOut = nullptr; - if (pOSStatus != nullptr) + if (pTrustOut != NULL) + *pTrustOut = NULL; + if (pOSStatus != NULL) *pOSStatus = noErr; - if (certs == nullptr || policies == nullptr || pTrustOut == nullptr || pOSStatus == nullptr) + if (certs == NULL || policies == NULL || pTrustOut == NULL || pOSStatus == NULL) return -1; *pOSStatus = SecTrustCreateWithCertificates(certs, policies, pTrustOut); return *pOSStatus == noErr; } -extern "C" int32_t AppleCryptoNative_X509ChainEvaluate(SecTrustRef chain, - CFDateRef cfEvaluationTime, - bool allowNetwork, - int32_t* pOSStatus) +int32_t AppleCryptoNative_X509ChainEvaluate(SecTrustRef chain, + CFDateRef cfEvaluationTime, + bool allowNetwork, + int32_t* pOSStatus) { - if (pOSStatus != nullptr) + if (pOSStatus != NULL) *pOSStatus = noErr; - if (chain == nullptr || pOSStatus == nullptr) + if (chain == NULL || pOSStatus == NULL) return -1; *pOSStatus = SecTrustSetVerifyDate(chain, cfEvaluationTime); @@ -85,39 +85,39 @@ extern "C" int32_t AppleCryptoNative_X509ChainEvaluate(SecTrustRef chain, return 1; } -extern "C" int64_t AppleCryptoNative_X509ChainGetChainSize(SecTrustRef chain) +int64_t AppleCryptoNative_X509ChainGetChainSize(SecTrustRef chain) { - if (chain == nullptr) + if (chain == NULL) return -1; return SecTrustGetCertificateCount(chain); } -extern "C" SecCertificateRef AppleCryptoNative_X509ChainGetCertificateAtIndex(SecTrustRef chain, int64_t index) +SecCertificateRef AppleCryptoNative_X509ChainGetCertificateAtIndex(SecTrustRef chain, int64_t index) { - if (chain == nullptr || index < 0) - return nullptr; + if (chain == NULL || index < 0) + return NULL; return SecTrustGetCertificateAtIndex(chain, index); } -extern "C" CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain) +CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain) { - if (chain == nullptr) + if (chain == NULL) { - return nullptr; + return NULL; } CFDictionaryRef detailsAndStuff = SecTrustCopyResult(chain); - CFArrayRef details = nullptr; + CFArrayRef details = NULL; - if (detailsAndStuff != nullptr) + if (detailsAndStuff != NULL) { CFTypeRef detailsPtr = CFDictionaryGetValue(detailsAndStuff, CFSTR("TrustResultDetails")); - if (detailsPtr != nullptr) + if (detailsPtr != NULL) { - details = reinterpret_cast<CFArrayRef>(const_cast<void*>(detailsPtr)); + details = (CFArrayRef)detailsPtr; CFRetain(details); } } @@ -131,9 +131,9 @@ static void MergeStatusCodes(CFTypeRef key, CFTypeRef value, void* context) // Windows (and therefore .NET) certificate status codes are defined on an int32_t. // The top 32 bits will be used to convey error information, the bottom 32 bits // as a data aggregator for the status codes. - uint64_t* pStatus = reinterpret_cast<uint64_t*>(context); + uint64_t* pStatus = (uint64_t*)context; - if (key == nullptr) + if (key == NULL) { return; } @@ -151,7 +151,7 @@ static void MergeStatusCodes(CFTypeRef key, CFTypeRef value, void* context) } (void)value; - CFStringRef keyString = reinterpret_cast<CFStringRef>(key); + CFStringRef keyString = (CFStringRef)key; if (CFEqual(keyString, CFSTR("NotValidBefore")) || CFEqual(keyString, CFSTR("ValidLeaf")) || CFEqual(keyString, CFSTR("ValidIntermediates")) || CFEqual(keyString, CFSTR("ValidRoot")) || @@ -195,19 +195,19 @@ static void MergeStatusCodes(CFTypeRef key, CFTypeRef value, void* context) } } -extern "C" int32_t AppleCryptoNative_X509ChainGetStatusAtIndex(CFArrayRef details, int64_t index, int32_t* pdwStatus) +int32_t AppleCryptoNative_X509ChainGetStatusAtIndex(CFArrayRef details, int64_t index, int32_t* pdwStatus) { - if (pdwStatus != nullptr) + if (pdwStatus != NULL) *pdwStatus = -1; - if (details == nullptr || index < 0 || pdwStatus == nullptr) + if (details == NULL || index < 0 || pdwStatus == NULL) { return -1; } CFTypeRef element = CFArrayGetValueAtIndex(details, index); - if (element == nullptr) + if (element == NULL) { return -2; } @@ -218,14 +218,14 @@ extern "C" int32_t AppleCryptoNative_X509ChainGetStatusAtIndex(CFArrayRef detail } uint64_t status = 0; - CFDictionaryRef statusCodes = reinterpret_cast<CFDictionaryRef>(const_cast<void*>(element)); + CFDictionaryRef statusCodes = (CFDictionaryRef)element; CFDictionaryApplyFunction(statusCodes, MergeStatusCodes, &status); - *pdwStatus = static_cast<int32_t>(status); - return static_cast<int32_t>(status >> 32); + *pdwStatus = (int32_t)status; + return (int32_t)(status >> 32); } -extern "C" int32_t AppleCryptoNative_GetOSStatusForChainStatus(PAL_X509ChainStatusFlags chainStatusFlag) +int32_t AppleCryptoNative_GetOSStatusForChainStatus(PAL_X509ChainStatusFlags chainStatusFlag) { switch (chainStatusFlag) { diff --git a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h index 0b03fcbded..f63aaa5d27 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h +++ b/src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h @@ -6,6 +6,7 @@ #include "pal_digest.h" #include "pal_seckey.h" +#include "pal_compiler.h" #include <Security/Security.h> @@ -40,23 +41,20 @@ enum }; typedef uint32_t PAL_X509ChainStatusFlags; -enum -{ - PAL_X509ChainErrorNone = 0, - PAL_X509ChainErrorUnknownValueType = 0x0001L << 32, - PAL_X509ChainErrorUnknownValue = 0x0002L << 32, -}; +#define PAL_X509ChainErrorNone 0 +#define PAL_X509ChainErrorUnknownValueType 0x0001L << 32 +#define PAL_X509ChainErrorUnknownValue 0x0002L << 32 typedef uint64_t PAL_X509ChainErrorFlags; /* Create a SecPolicyRef representing the basic X.509 policy */ -extern "C" SecPolicyRef AppleCryptoNative_X509ChainCreateDefaultPolicy(); +DLLEXPORT SecPolicyRef AppleCryptoNative_X509ChainCreateDefaultPolicy(void); /* Create a SecPolicyRef which checks for revocation (OCSP or CRL) */ -extern "C" SecPolicyRef AppleCryptoNative_X509ChainCreateRevocationPolicy(); +DLLEXPORT SecPolicyRef AppleCryptoNative_X509ChainCreateRevocationPolicy(void); /* Create a SecTrustRef to build a chain over the specified certificates with the given policies. @@ -71,7 +69,7 @@ Output: pTrustOut: Receives the SecTrustRef to build the chain, in an unbuilt state pOSStatus: Receives the result of SecTrustCreateWithCertificates */ -extern "C" int32_t +DLLEXPORT int32_t AppleCryptoNative_X509ChainCreate(CFTypeRef certs, CFTypeRef policies, SecTrustRef* pTrustOut, int32_t* pOSStatus); /* @@ -85,27 +83,27 @@ state. Note that an untrusted chain building successfully still returns 1. Output: pOSStatus: Receives the result of SecTrustEvaluate */ -extern "C" int32_t AppleCryptoNative_X509ChainEvaluate(SecTrustRef chain, - CFDateRef cfEvaluationTime, - bool allowNetwork, - int32_t* pOSStatus); +DLLEXPORT int32_t AppleCryptoNative_X509ChainEvaluate(SecTrustRef chain, + CFDateRef cfEvaluationTime, + bool allowNetwork, + int32_t* pOSStatus); /* Gets the number of certificates in the chain. */ -extern "C" int64_t AppleCryptoNative_X509ChainGetChainSize(SecTrustRef chain); +DLLEXPORT int64_t AppleCryptoNative_X509ChainGetChainSize(SecTrustRef chain); /* Fetches the SecCertificateRef at a given position in the chain. Position 0 is the End-Entity certificate, postiion 1 is the issuer of position 0, et cetera. */ -extern "C" SecCertificateRef AppleCryptoNative_X509ChainGetCertificateAtIndex(SecTrustRef chain, int64_t index); +DLLEXPORT SecCertificateRef AppleCryptoNative_X509ChainGetCertificateAtIndex(SecTrustRef chain, int64_t index); /* Get a CFRetain()ed array of dictionaries which contain the detailed results for each element in the certificate chain. */ -extern "C" CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain); +DLLEXPORT CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain); /* Get the PAL_X509ChainStatusFlags values for the certificate at the requested position within the @@ -116,7 +114,7 @@ Returns 0 on success, non-zero on error. Output: pdwStatus: Receives a flags value for the various status codes that went awry at the given position */ -extern "C" int32_t AppleCryptoNative_X509ChainGetStatusAtIndex(CFArrayRef details, int64_t index, int32_t* pdwStatus); +DLLEXPORT int32_t AppleCryptoNative_X509ChainGetStatusAtIndex(CFArrayRef details, int64_t index, int32_t* pdwStatus); /* Looks up the equivalent OSStatus code for a given PAL_X509ChainStatusFlags single-bit value. @@ -126,4 +124,4 @@ Returns errSecCoreFoundationUnknown on bad/unmapped input, otherwise the appropr Note that PAL_X509ChainNotTimeValid is an ambiguous code, it could be errSecCertificateExpired or errSecCertificateNotValidYet. A caller should resolve that code via other means. */ -extern "C" int32_t AppleCryptoNative_GetOSStatusForChainStatus(PAL_X509ChainStatusFlags chainStatusFlag); +DLLEXPORT int32_t AppleCryptoNative_GetOSStatusForChainStatus(PAL_X509ChainStatusFlags chainStatusFlag); |