update headers to resolve clang-tidy carping (mostly bugprone-macro-parentheses and readability-named-parameter). also disables MSC C4028 because incompatible with readability-avoid-const-params-in-decls.

tests/unit.h

@@ -60,8 +60,8 @@
 } while(0)
 
 #define AssertInt(x, y, op, er) do {                                           \
-    int _x = (int)x;                                                                \
-    int _y = (int)y;                                                                \
+    int _x = (int)(x);                                                         \
+    int _y = (int)(y);                                                         \
                                                                                \
     Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));    \
 } while(0)
@@ -90,8 +90,8 @@
 #define AssertStrLE(x, y) AssertStr(x, y, <=,  >)
 
 #define AssertPtr(x, y, op, er) do {                                           \
-    void* _x = (void*)x;                                                       \
-    void* _y = (void*)y;                                                       \
+    void* _x = (void*)(x);                                                     \
+    void* _y = (void*)(y);                                                     \
     Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));    \
 } while(0)
 

wolfcrypt/benchmark/benchmark.h

@@ -40,17 +40,17 @@ int  benchmark_init(void);
 int  benchmark_free(void);
 void benchmark_configure(int block_size);
 
-void bench_des(int);
+void bench_des(int doAsync);
 void bench_idea(void);
-void bench_arc4(int);
+void bench_arc4(int doAsync);
 void bench_rabbit(void);
 void bench_chacha(void);
 void bench_chacha20_poly1305_aead(void);
-void bench_aescbc(int);
-void bench_aesgcm(int);
+void bench_aescbc(int doAsync);
+void bench_aesgcm(int doAsync);
 void bench_gmac(void);
 void bench_aesccm(void);
-void bench_aesecb(int);
+void bench_aesecb(int doAsync);
 void bench_aesxts(void);
 void bench_aesctr(void);
 void bench_aescfb(void);
@@ -58,35 +58,35 @@ void bench_aesofb(void);
 void bench_aessiv(void);
 void bench_poly1305(void);
 void bench_camellia(void);
-void bench_md5(int);
-void bench_sha(int);
-void bench_sha224(int);
-void bench_sha256(int);
-void bench_sha384(int);
-void bench_sha512(int);
-void bench_sha3_224(int);
-void bench_sha3_256(int);
-void bench_sha3_384(int);
-void bench_sha3_512(int);
+void bench_md5(int doAsync);
+void bench_sha(int doAsync);
+void bench_sha224(int doAsync);
+void bench_sha256(int doAsync);
+void bench_sha384(int doAsync);
+void bench_sha512(int doAsync);
+void bench_sha3_224(int doAsync);
+void bench_sha3_256(int doAsync);
+void bench_sha3_384(int doAsync);
+void bench_sha3_512(int doAsync);
 int  bench_ripemd(void);
 void bench_cmac(void);
 void bench_scrypt(void);
-void bench_hmac_md5(int);
-void bench_hmac_sha(int);
-void bench_hmac_sha224(int);
-void bench_hmac_sha256(int);
-void bench_hmac_sha384(int);
-void bench_hmac_sha512(int);
+void bench_hmac_md5(int doAsync);
+void bench_hmac_sha(int doAsync);
+void bench_hmac_sha224(int doAsync);
+void bench_hmac_sha256(int doAsync);
+void bench_hmac_sha384(int doAsync);
+void bench_hmac_sha512(int doAsync);
 void bench_siphash(void);
-void bench_rsaKeyGen(int);
-void bench_rsaKeyGen_size(int, int);
-void bench_rsa(int);
-void bench_rsa_key(int, int);
-void bench_dh(int);
+void bench_rsaKeyGen(int doAsync);
+void bench_rsaKeyGen_size(int doAsync, int keySz);
+void bench_rsa(int doAsync);
+void bench_rsa_key(int doAsync, int keySz);
+void bench_dh(int doAsync);
 void bench_ecc_curve(int curveId);
-void bench_eccMakeKey(int, int);
-void bench_ecc(int, int);
-void bench_eccEncrypt(int);
+void bench_eccMakeKey(int doAsync, int curveId);
+void bench_ecc(int doAsync, int curveId);
+void bench_eccEncrypt(int curveId);
 void bench_curve25519KeyGen(void);
 void bench_curve25519KeyAgree(void);
 void bench_ed25519KeyGen(void);

wolfssl/crl.h

@@ -34,12 +34,14 @@
     extern "C" {
 #endif
 
-WOLFSSL_LOCAL int  InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*);
-WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic);
-
-WOLFSSL_LOCAL int  LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon);
-WOLFSSL_LOCAL int  BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int, int);
-WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL*, DecodedCert*);
+WOLFSSL_LOCAL int  InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm);
+WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL* crl, int dynamic);
+
+WOLFSSL_LOCAL int  LoadCRL(WOLFSSL_CRL* crl, const char* path, int type,
+                           int monitor);
+WOLFSSL_LOCAL int  BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz,
+                                 int type, int verify);
+WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert);
 
 
 #ifdef __cplusplus

wolfssl/internal.h

@@ -1476,7 +1476,7 @@ enum Misc {
     TLS13_MAX_TICKET_AGE =  7*24*60*60,  /* max ticket age in seconds, 7 days */
 
 #ifndef MAX_WOLFSSL_FILE_SIZE
-    MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4,  /* 4 mb file size alloc limit */
+    MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4,  /* 4 mb file size alloc limit */
 #endif
 
 #if defined(HAVE_PQC)
@@ -1588,8 +1588,8 @@ enum Misc {
 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
 #ifndef MAX_CERTIFICATE_SZ
     #define MAX_CERTIFICATE_SZ \
-                CERT_HEADER_SZ + \
-                (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
+                (CERT_HEADER_SZ + \
+                (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH)
 #endif
 
 /* max size of a handshake message, currently set to the certificate */
@@ -1714,7 +1714,7 @@ typedef struct Suites Suites;
 
 
 /* defaults to client */
-WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
+WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
 
 WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
 WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
@@ -1734,14 +1734,14 @@ WOLFSSL_LOCAL int  HandleTlsResumption(WOLFSSL* ssl, int bogusID,
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL byte SuiteMac(byte* suite);
 #endif
-WOLFSSL_LOCAL int  DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
-                                 word32);
+WOLFSSL_LOCAL int  DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
+                             word32 helloSz);
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
                                      word32* inOutIdx, word32 helloSz);
 #endif
-WOLFSSL_LOCAL int  DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
-                                 word32);
+WOLFSSL_LOCAL int  DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
+                      word32 helloSz);
 WOLFSSL_LOCAL int  CompleteServerHello(WOLFSSL *ssl);
 WOLFSSL_LOCAL int  CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
 WOLFSSL_LOCAL int  PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
@@ -1895,8 +1895,9 @@ WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
                               word16 haveAnon, int side);
 
 WOLFSSL_LOCAL int  MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
-WOLFSSL_LOCAL int  SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
-WOLFSSL_LOCAL int  SetSuitesHashSigAlgo(Suites*, const char* list);
+WOLFSSL_LOCAL int  SetCipherList(WOLFSSL_CTX* ctx, Suites* suites,
+                                 const char* list);
+WOLFSSL_LOCAL int  SetSuitesHashSigAlgo(Suites* suites, const char* list);
 
 #ifndef PSK_TYPES_DEFINED
     typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
@@ -2107,11 +2108,15 @@ struct WOLFSSL_CERT_MANAGER {
 
 };
 
-WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
-WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
-WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
-WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
-WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm,
+                                   const char* fname);
+WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm,
+                                      const char* fname);
+WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem,
+                                      int sz, int* used);
+WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm,
+                                         const void* mem, int sz);
+WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm);
 WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
                                     long sz, int format, int err_val);
 
@@ -2406,7 +2411,7 @@ WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
                                word16 size, byte options, void* heap);
 
-WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
+WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, byte option);
 
 #endif /* HAVE_ALPN */
 
@@ -3087,11 +3092,11 @@ struct WOLFSSL_CTX {
 };
 
 WOLFSSL_LOCAL
-int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
+int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap);
 WOLFSSL_LOCAL
-void FreeSSL_Ctx(WOLFSSL_CTX*);
+void FreeSSL_Ctx(WOLFSSL_CTX* ctx);
 WOLFSSL_LOCAL
-void SSL_CtxResourceFree(WOLFSSL_CTX*);
+void SSL_CtxResourceFree(WOLFSSL_CTX* ctx);
 
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data);
@@ -3166,10 +3171,10 @@ enum SignatureAlgorithm {
 };
 
 #define PSS_RSAE_TO_PSS_PSS(macAlgo) \
-    (macAlgo + (pss_sha256 - sha256_mac))
+    ((macAlgo) + (pss_sha256 - sha256_mac))
 
 #define PSS_PSS_HASH_TO_MAC(macAlgo) \
-    (macAlgo - (pss_sha256 - sha256_mac))
+    ((macAlgo) - (pss_sha256 - sha256_mac))
 
 enum SigAlgRsaPss {
     pss_sha256  = 0x09,
@@ -3439,16 +3444,17 @@ struct WOLFSSL_SESSION {
 
 
 WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_NewSession(void* heap);
-WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL*, byte*, byte);
-WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionRef(WOLFSSL*);
-WOLFSSL_LOCAL int              wolfSSL_SetSession(WOLFSSL*, WOLFSSL_SESSION*);
-WOLFSSL_LOCAL void             wolfSSL_FreeSession(WOLFSSL_SESSION*);
+WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession(
+    WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts);
+WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionRef(WOLFSSL* ssl);
+WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session);
+WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_SESSION* session);
 
 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
 
 #ifndef NO_CLIENT_CACHE
-    WOLFSSL_LOCAL
-    WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL*, const byte*, int);
+    WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionClient(
+        WOLFSSL* ssl, const byte* id, int len);
 #endif
 
 /* client connect state for nonblocking restart */
@@ -4600,22 +4606,22 @@ struct WOLFSSL {
  * Always use SSL specific objects when available and revert to CTX otherwise.
  */
 #ifdef WOLFSSL_LOCAL_X509_STORE
-#define SSL_CM(ssl) (ssl->x509_store_pt ? ssl->x509_store_pt->cm : ssl->ctx->cm)
-#define SSL_STORE(ssl) (ssl->x509_store_pt ? ssl->x509_store_pt : \
-                  (ssl->ctx->x509_store_pt ? ssl->ctx->x509_store_pt : \
-                                            &ssl->ctx->x509_store))
+#define SSL_CM(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt->cm : (ssl)->ctx->cm)
+#define SSL_STORE(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt : \
+                  ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt : \
+                                            &(ssl)->ctx->x509_store))
 #else
-#define SSL_CM(ssl) ssl->ctx->cm
+#define SSL_CM(ssl) (ssl)->ctx->cm
 #endif
 
-#define SSL_CA_NAMES(ssl) (ssl->ca_names != NULL ? ssl->ca_names : \
-        ssl->ctx->ca_names)
+#define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? (ssl)->ca_names : \
+        (ssl)->ctx->ca_names)
 
 WOLFSSL_LOCAL int  SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
-WOLFSSL_LOCAL int  SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
-WOLFSSL_LOCAL int  InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
-WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap);
-WOLFSSL_API   void SSL_ResourceFree(WOLFSSL*);   /* Micrium uses */
+WOLFSSL_LOCAL int  SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
+WOLFSSL_LOCAL int  InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
+WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap);
+WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
 
 
 #ifndef NO_CERTS
@@ -4633,24 +4639,17 @@ WOLFSSL_API   void SSL_ResourceFree(WOLFSSL*);   /* Micrium uses */
 
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
-    WOLFSSL_LOCAL
-    void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
-    WOLFSSL_LOCAL
-    void FinishHandShakeInfo(HandShakeInfo*);
-    WOLFSSL_LOCAL
-    void AddPacketName(WOLFSSL* ssl, const char* name);
+    WOLFSSL_LOCAL void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl);
+    WOLFSSL_LOCAL void FinishHandShakeInfo(HandShakeInfo* info);
+    WOLFSSL_LOCAL void AddPacketName(WOLFSSL* ssl, const char* name);
 
-    WOLFSSL_LOCAL
-    void InitTimeoutInfo(TimeoutInfo*);
-    WOLFSSL_LOCAL
-    void FreeTimeoutInfo(TimeoutInfo*, void*);
-    WOLFSSL_LOCAL
-    void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
+    WOLFSSL_LOCAL void InitTimeoutInfo(TimeoutInfo* info);
+    WOLFSSL_LOCAL void FreeTimeoutInfo(TimeoutInfo* info, void* heap);
+    WOLFSSL_LOCAL void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
                              const byte* data, int sz, int written, void* heap);
-    WOLFSSL_LOCAL
-    void AddLateName(const char*, TimeoutInfo*);
-    WOLFSSL_LOCAL
-    void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
+    WOLFSSL_LOCAL void AddLateName(const char* name, TimeoutInfo* info);
+    WOLFSSL_LOCAL void AddLateRecordHeader(const RecordLayerHeader* rl,
+                                           TimeoutInfo* info);
 #endif
 
 
@@ -4737,44 +4736,45 @@ extern const WOLF_EC_NIST_NAME kNistCurves[];
 #endif
 
 /* internal functions */
-WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
-WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
-WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
-WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
+WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl);
+WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl);
+WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
+WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz);
 #ifdef WOLFSSL_TLS13
-WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
+WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType);
 #endif
-WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
-WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
+WOLFSSL_LOCAL int SendCertificate(WOLFSSL* ssl);
+WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL* ssl);
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
+WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
+                       buffer* response);
 #endif
 #if defined(HAVE_SECURE_RENEGOTIATION) && \
     !defined(WOLFSSL_NO_SERVER)
-WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
+WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl);
 #endif
-WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
-WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
-WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
-WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
-WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
-WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
-WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
-WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL*, int);
+WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl);
+WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl);
+WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl);
+WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek);
+WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl);
+WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type);
+WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl);
+WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr);
 
-WOLFSSL_LOCAL const char* AlertTypeToString(int);
+WOLFSSL_LOCAL const char* AlertTypeToString(int type);
 
-WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
-WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
+WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl);
+WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl);
 
-WOLFSSL_LOCAL int AddSession(WOLFSSL*);
+WOLFSSL_LOCAL int AddSession(WOLFSSL* ssl);
 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
 
 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
-WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
+WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv);
 WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
 
 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
@@ -4783,7 +4783,7 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
 
 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
 
-WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
+WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length);
 WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment);
 
 #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
@@ -4875,7 +4875,7 @@ WOLFSSL_LOCAL  int CheckAvailableSize(WOLFSSL *ssl, int size);
 WOLFSSL_LOCAL  int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
 
 #ifndef NO_TLS
-    WOLFSSL_LOCAL int  MakeTlsMasterSecret(WOLFSSL*);
+    WOLFSSL_LOCAL int  MakeTlsMasterSecret(WOLFSSL* ssl);
 #ifndef WOLFSSL_AEAD_ONLY
     WOLFSSL_LOCAL int  TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
                                 word32 sz, int padSz, int content, int verify, int epochOrder);
@@ -4883,37 +4883,42 @@ WOLFSSL_LOCAL  int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
 #endif
 
 #ifndef NO_WOLFSSL_CLIENT
-    WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
+    WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl);
     #ifdef WOLFSSL_TLS13
-    WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
+    WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL* ssl);
     #endif
-    WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
-    WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
+    WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL* ssl);
+    WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL* ssl);
 #endif /* NO_WOLFSSL_CLIENT */
 
 #ifndef NO_WOLFSSL_SERVER
-    WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
-    WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
+    WOLFSSL_LOCAL int SendServerHello(WOLFSSL* ssl);
+    WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl);
 #endif /* NO_WOLFSSL_SERVER */
 
 #ifdef WOLFSSL_DTLS
-    WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
-    WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
-    WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
+    WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, void* heap);
+    WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap);
+    WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg* head, void* heap);
     WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
-    WOLFSSL_LOCAL int  DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte,
-                                                       word32, word32, void*);
-    WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32);
-    WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32,
-                                                byte, word32, word32, void*);
-    WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
-
-    WOLFSSL_LOCAL int  DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType);
-    WOLFSSL_LOCAL int  DtlsMsgPoolTimeout(WOLFSSL*);
-    WOLFSSL_LOCAL int  VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
-    WOLFSSL_LOCAL int  VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head);
-    WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
-    WOLFSSL_LOCAL int  DtlsMsgPoolSend(WOLFSSL*, int);
+    WOLFSSL_LOCAL int  DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch,
+                                  const byte* data, byte type,
+                                  word32 fragOffset, word32 fragSz, void* heap);
+    WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 epoch, word32 seq);
+    WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL* ssl, word32 epoch, word32 seq,
+                                    const byte* data, word32 dataSz, byte type,
+                                    word32 fragOffset, word32 fragSz,
+                                    void* heap);
+    WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item);
+
+    WOLFSSL_LOCAL int  DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data,
+                                       word32 dataSz, enum HandShakeType type);
+    WOLFSSL_LOCAL int  DtlsMsgPoolTimeout(WOLFSSL* ssl);
+    WOLFSSL_LOCAL int  VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type,
+                                                word32 fragOffset);
+    WOLFSSL_LOCAL int  VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item);
+    WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl);
+    WOLFSSL_LOCAL int  DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket);
 #endif /* WOLFSSL_DTLS */
 
 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
@@ -4935,11 +4940,14 @@ WOLFSSL_LOCAL  int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
 WOLFSSL_LOCAL word32  LowResTimer(void);
 
 #ifndef NO_CERTS
-    WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
+    WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag,
+                                    void* heap);
     WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
-    WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
-    WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
-    WOLFSSL_LOCAL int  CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
+    WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag,
+                                void* heap);
+    WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509);
+    WOLFSSL_LOCAL int  CopyDecodedToX509(WOLFSSL_X509* x509,
+                                         DecodedCert* dCert);
 #endif
 
 #ifndef MAX_CIPHER_NAME
@@ -4969,15 +4977,15 @@ typedef struct CipherSuiteInfo {
 
 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
 WOLFSSL_LOCAL int GetCipherNamesSize(void);
-WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
+WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite);
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
 /* used in wolfSSL_sk_CIPHER_description */
 #define MAX_SEGMENTS    5
 #define MAX_SEGMENT_SZ 20
-WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*);
+WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher);
 WOLFSSL_LOCAL const char* GetCipherSegment(const WOLFSSL_CIPHER* cipher,
                                            char n[][MAX_SEGMENT_SZ]);
-WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor);
+WOLFSSL_LOCAL const char* GetCipherProtocol(byte minor);
 WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
 WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
 WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
@@ -4985,7 +4993,7 @@ WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
 WOLFSSL_LOCAL int SetCipherBits(const char* enc);
 WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]);
 #endif
-WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
+WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
@@ -4998,7 +5006,7 @@ enum encrypt_side {
     ENCRYPT_AND_DECRYPT_SIDE
 };
 
-WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
+WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 
 /* Set*Internal and Set*External functions */
 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);

wolfssl/ocsp.h

@@ -50,13 +50,13 @@ typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
 typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
 #endif
 
-WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
-WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
+WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm);
+WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic);
 
-WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
-                                           WOLFSSL_BUFFER_INFO* responseBuffer);
-WOLFSSL_LOCAL int  CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*,
-                             WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
+WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert,
+                                 WOLFSSL_BUFFER_INFO* responseBuffer);
+WOLFSSL_LOCAL int  CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert,
+                                    WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
 WOLFSSL_LOCAL int  CheckOcspRequest(WOLFSSL_OCSP* ocsp,
                  OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
 WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
@@ -103,14 +103,17 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
     unsigned char** data);
 WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
     WOLFSSL_OCSP_CERTID *cid);
-WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*);
+WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(
+    WOLFSSL_OCSP_CERTID* id);
 #ifndef NO_BIO
 WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
     WOLFSSL_OCSP_REQUEST *req);
 #endif
 
-WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **);
-WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single);
+WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id,
+                                        unsigned char** data);
+WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
+    const WOLFSSL_OCSP_SINGLERESP *single);
 WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b);
 WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
                                                 int *reason,
@@ -118,7 +121,8 @@ WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
                                                 WOLFSSL_ASN1_TIME **thisupd,
                                                 WOLFSSL_ASN1_TIME **nextupd);
 WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
-WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx);
+WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(
+    WOLFSSL_OCSP_BASICRESP *bs, int idx);
 
 #endif
 #ifdef OPENSSL_EXTRA
@@ -128,9 +132,9 @@ WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
     WOLFSSL_OCSP_BASICRESP* bs);
 WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s);
 
-WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**,
-  WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**,
-  WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*);
+WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
+  WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash,
+  WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid);
 
 WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req,
         unsigned char* val, int sz);

wolfssl/openssl/aes.h

@@ -46,25 +46,24 @@ typedef struct WOLFSSL_AES_KEY {
 } WOLFSSL_AES_KEY;
 typedef WOLFSSL_AES_KEY AES_KEY;
 
-WOLFSSL_API int wolfSSL_AES_set_encrypt_key
-    (const unsigned char *, const int bits, AES_KEY *);
-WOLFSSL_API int wolfSSL_AES_set_decrypt_key
-    (const unsigned char *, const int bits, AES_KEY *);
-WOLFSSL_API void wolfSSL_AES_cbc_encrypt
-    (const unsigned char *in, unsigned char* out, size_t len,
-     AES_KEY *key, unsigned char* iv, const int enc);
-WOLFSSL_API void wolfSSL_AES_ecb_encrypt
-    (const unsigned char *in, unsigned char* out,
-     AES_KEY *key, const int enc);
-WOLFSSL_API void wolfSSL_AES_cfb128_encrypt
-    (const unsigned char *in, unsigned char* out, size_t len,
-     AES_KEY *key, unsigned char* iv, int* num, const int enc);
-WOLFSSL_API int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-                 unsigned char *out,
-                 const unsigned char *in, unsigned int inlen);
-WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-                   unsigned char *out,
-                   const unsigned char *in, unsigned int inlen);
+WOLFSSL_API int wolfSSL_AES_set_encrypt_key(
+    const unsigned char *key, int bits, AES_KEY *aes);
+WOLFSSL_API int wolfSSL_AES_set_decrypt_key(
+    const unsigned char *key, int bits, AES_KEY *aes);
+WOLFSSL_API void wolfSSL_AES_cbc_encrypt(
+    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    unsigned char* iv, int enc);
+WOLFSSL_API void wolfSSL_AES_ecb_encrypt(
+    const unsigned char *in, unsigned char* out, AES_KEY *key, int enc);
+WOLFSSL_API void wolfSSL_AES_cfb128_encrypt(
+    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    unsigned char* iv, int* num, int enc);
+WOLFSSL_API int wolfSSL_AES_wrap_key(
+    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    const unsigned char *in, unsigned int inlen);
+WOLFSSL_API int wolfSSL_AES_unwrap_key(
+    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    const unsigned char *in, unsigned int inlen);
 
 #define AES_cbc_encrypt     wolfSSL_AES_cbc_encrypt
 #define AES_ecb_encrypt     wolfSSL_AES_ecb_encrypt
@@ -75,10 +74,10 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
 #define AES_unwrap_key      wolfSSL_AES_unwrap_key
 
 #ifdef WOLFSSL_AES_DIRECT
-WOLFSSL_API void wolfSSL_AES_encrypt
-    (const unsigned char* input, unsigned char* output, AES_KEY *);
-WOLFSSL_API void wolfSSL_AES_decrypt
-    (const unsigned char* input, unsigned char* output, AES_KEY *);
+WOLFSSL_API void wolfSSL_AES_encrypt(
+    const unsigned char* input, unsigned char* output, AES_KEY *key);
+WOLFSSL_API void wolfSSL_AES_decrypt(
+    const unsigned char* input, unsigned char* output, AES_KEY *key);
 
 #define AES_encrypt         wolfSSL_AES_encrypt
 #define AES_decrypt         wolfSSL_AES_decrypt

wolfssl/openssl/asn1.h

@@ -107,7 +107,7 @@
 
 
 WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
-    const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*);
+    const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
 
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
 
@@ -164,6 +164,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
                                       const WOLFSSL_ASN1_ITEM *tpl);
 
 /* Need function declaration otherwise compiler complains */
+// NOLINTBEGIN(readability-named-parameter)
 #define IMPLEMENT_ASN1_FUNCTIONS(type) \
     type *type##_new(void); \
     type *type##_new(void){ \
@@ -178,6 +179,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
     { \
         return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
     }
+// NOLINTEND(readability-named-parameter)
 
 #endif /* OPENSSL_ALL */
 

wolfssl/openssl/bn.h

@@ -54,100 +54,107 @@ typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
 typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
-WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
+WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx);
+WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
 #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
-WOLFSSL_API void           wolfSSL_BN_init(WOLFSSL_BIGNUM *);
+WOLFSSL_API void           wolfSSL_BN_init(WOLFSSL_BIGNUM* bn);
 #endif
-WOLFSSL_API void           wolfSSL_BN_free(WOLFSSL_BIGNUM*);
-WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
-WOLFSSL_API void           wolfSSL_BN_clear(WOLFSSL_BIGNUM*);
-
-
-WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-                             const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-        WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
-WOLFSSL_API int wolfSSL_BN_div(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-        const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
+WOLFSSL_API void           wolfSSL_BN_free(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API void           wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn);
+
+
+WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
+                             const WOLFSSL_BIGNUM* b);
+WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a,
+                               WOLFSSL_BIGNUM *b, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_BN_div(WOLFSSL_BIGNUM* dv, WOLFSSL_BIGNUM* rem,
+                   const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* d,
+                   WOLFSSL_BN_CTX* ctx);
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-WOLFSSL_API int wolfSSL_BN_gcd(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-                               WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_BN_gcd(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a,
+                               WOLFSSL_BIGNUM* b, WOLFSSL_BN_CTX* ctx);
 #endif
-WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-                             const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
+                  const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c);
 WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
-        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+      const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
-        const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
 
 
-WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn);
 
-WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
 
-WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b);
 
-WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
-                                WOLFSSL_BIGNUM* ret);
+WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
+                                              WOLFSSL_BIGNUM* ret);
 
-WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
+WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n);
 
-WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
-        int bottom);
+WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top,
+                                       int bottom);
 WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range);
-WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
-WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
-WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
-
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
-                                            const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
-WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
-WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
-WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
-WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-                               WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom);
+WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n);
+WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r,
+                                            const WOLFSSL_BIGNUM* bn);
+
+WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str);
+WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn);
+
+WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
+                                  int n);
+WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
+WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
+WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn);
+
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a,
+                               WOLFSSL_BIGNUM* b);
 WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
                                    const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m,
                                    WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM* bn);
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
-WOLFSSL_API int wolfSSL_BN_generate_prime_ex(WOLFSSL_BIGNUM*, int, int,
-    const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, WOLFSSL_BN_GENCB*);
-WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
-                                       WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
-                                                 WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_generate_prime_ex(
+    WOLFSSL_BIGNUM* prime, int bits, int safe, const WOLFSSL_BIGNUM* add,
+    const WOLFSSL_BIGNUM* rem, WOLFSSL_BN_GENCB* cb);
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
+                           WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
+                                                 WOLFSSL_BN_ULONG w);
 #endif
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-    WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*);
+    WOLFSSL_API int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn);
 #endif
-WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn,
+                                  int n);
 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-                                        const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
+    WOLFSSL_BIGNUM *r,
+    WOLFSSL_BIGNUM *a,
+    const WOLFSSL_BIGNUM *n,
+    WOLFSSL_BN_CTX *ctx);
 
 typedef WOLFSSL_BIGNUM BIGNUM;
 typedef WOLFSSL_BN_CTX BN_CTX;

wolfssl/openssl/cmac.h

@@ -38,11 +38,14 @@ typedef WOLFSSL_CMAC_CTX CMAC_CTX;
 WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void);
 WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx);
 WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx(
-    WOLFSSL_CMAC_CTX*);
-WOLFSSL_API int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX*, const void*, size_t ,
-    const WOLFSSL_EVP_CIPHER*, WOLFSSL_ENGINE*);
-WOLFSSL_API int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX*, const void*, size_t);
-WOLFSSL_API int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX*, unsigned char*, size_t*);
+    WOLFSSL_CMAC_CTX* ctx);
+WOLFSSL_API int wolfSSL_CMAC_Init(
+    WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
+    const WOLFSSL_EVP_CIPHER* cipher, WOLFSSL_ENGINE* engine);
+WOLFSSL_API int wolfSSL_CMAC_Update(
+    WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len);
+WOLFSSL_API int wolfSSL_CMAC_Final(
+    WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len);
 
 #define CMAC_CTX_new              wolfSSL_CMAC_CTX_new
 #define CMAC_CTX_free             wolfSSL_CMAC_CTX_free

wolfssl/openssl/crypto.h

@@ -52,7 +52,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
 WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
 
 #ifdef OPENSSL_EXTRA
-WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
+WOLFSSL_API void wolfSSL_OPENSSL_free(void* p);
 WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
 WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);

wolfssl/openssl/des.h

@@ -62,8 +62,8 @@ WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
                                                WOLFSSL_DES_key_schedule* key);
 WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
                                                WOLFSSL_DES_key_schedule* key);
-WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*,
-                                             WOLFSSL_DES_key_schedule*);
+WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
+                                               WOLFSSL_DES_key_schedule* key);
 WOLFSSL_API int  wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
                                      WOLFSSL_DES_key_schedule* schedule);
 WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
@@ -81,10 +81,10 @@ WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
                       WOLFSSL_DES_key_schedule* schedule,
                       WOLFSSL_DES_cblock* ivec, int enc);
 
-WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*);
-WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*,
-                                       WOLFSSL_DES_key_schedule*, int);
-WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*);
+WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes);
+WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
+             WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc);
+WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes);
 
 
 typedef WOLFSSL_DES_cblock DES_cblock;

wolfssl/openssl/dh.h

@@ -58,18 +58,19 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
                                          const unsigned char **pp, long length);
 WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
-WOLFSSL_API void        wolfSSL_DH_free(WOLFSSL_DH*);
+WOLFSSL_API void        wolfSSL_DH_free(WOLFSSL_DH* dh);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
 
 WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
-WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);
-WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh);
+WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub,
-                                     WOLFSSL_DH*);
-WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz);
-WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH*, long);
-WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
-    WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*);
+                                     WOLFSSL_DH* dh);
+WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
+                                   int derSz);
+WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
+WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
+    WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g);
 
 #define DH_new  wolfSSL_DH_new
 #define DH_free wolfSSL_DH_free
@@ -86,7 +87,7 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
 #define DH_get0_pqg     wolfSSL_DH_get0_pqg
 #define DH_get0_key     wolfSSL_DH_get0_key
 #define DH_set0_key     wolfSSL_DH_set0_key
-#define DH_bits(x)      (BN_num_bits(x->p))
+#define DH_bits(x)      (BN_num_bits((x)->p))
 
 #define DH_GENERATOR_2                  2
 #define DH_CHECK_P_NOT_PRIME            0x01

wolfssl/openssl/dsa.h

@@ -56,18 +56,18 @@ struct WOLFSSL_DSA {
 
 
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
-WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
+WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA* dsa);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-WOLFSSL_API int wolfSSL_DSA_print_fp(XFILE, WOLFSSL_DSA*, int);
+WOLFSSL_API int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent);
 #endif /* !NO_FILESYSTEM && NO_STDIO_FILESYSTEM */
 
-WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
+WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa);
 
 typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits,
                    unsigned char* seed, int seedLen, int* counterRet,
                    unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg);
-WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
+WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
                    unsigned char* seed, int seedLen, int* counterRet,
                    unsigned long* hRet, void* cb);
 
@@ -82,17 +82,17 @@ WOLFSSL_API int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
         WOLFSSL_BIGNUM *priv_key);
 
 
-WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_DSA_LoadDer(
+    WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz);
 
-WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*,
-                                       int sz, int opt);
+WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(
+    WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz, int opt);
 
-WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
-                                    unsigned char* sigRet, WOLFSSL_DSA* dsa);
+WOLFSSL_API int wolfSSL_DSA_do_sign(
+    const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa);
 
-WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
-                                      unsigned char* sig,
-                                      WOLFSSL_DSA* dsa, int *dsacheck);
+WOLFSSL_API int wolfSSL_DSA_do_verify(
+    const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck);
 
 WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
 
@@ -112,9 +112,10 @@ WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
                                          WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
 
-WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA*, unsigned char**);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA**,
-                                               const unsigned char **, long);
+WOLFSSL_API int wolfSSL_i2d_DSAparams(
+    const WOLFSSL_DSA* dsa, unsigned char** out);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
+    WOLFSSL_DSA** dsa, const unsigned char** der, long derLen);
 
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2

wolfssl/openssl/ecdsa.h

@@ -46,10 +46,10 @@ struct WOLFSSL_ECDSA_SIG {
 
 WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
 WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
-WOLFSSL_API void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG*,
-     const WOLFSSL_BIGNUM**, const WOLFSSL_BIGNUM**);
-WOLFSSL_API int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG*, WOLFSSL_BIGNUM*,
-    WOLFSSL_BIGNUM*);
+WOLFSSL_API void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig,
+    const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s);
+WOLFSSL_API int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r,
+    WOLFSSL_BIGNUM* s);
 WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst,
                                                      int dgst_len,
                                                      WOLFSSL_EC_KEY *eckey);

wolfssl/openssl/evp.h

@@ -75,7 +75,7 @@
 #ifndef NO_MD5
     WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
 #endif
-WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *);
+WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *prompt);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
@@ -464,10 +464,10 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void);
 #define EVP_PKEY_PRINT_INDENT_MAX    128
 
 WOLFSSL_API void wolfSSL_EVP_init(void);
-WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* );
-WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD*);
-WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD*);
-WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD*);
+WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type);
 
 WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
 WOLFSSL_API void                wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
@@ -520,17 +520,17 @@ WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned c
                               WOLFSSL_ENGINE* eng);
 
 
-WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
-                              const WOLFSSL_EVP_MD*, const unsigned char*,
-                              const unsigned char*, int, int, unsigned char*,
-                              unsigned char*);
+WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
+                       const WOLFSSL_EVP_MD* md, const byte* salt,
+                       const byte* data, int sz, int count, byte* key, byte* iv);
 
 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, \
                                              int type, int arg, void *ptr);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_iv_length(
+                                    const WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher);
 WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c);
 
 
@@ -597,8 +597,8 @@ WOLFSSL_API int  wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
                           unsigned char* dst, unsigned char* src,
                           unsigned int len);
 
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int id);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey,
@@ -609,8 +609,8 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key);
 WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key);
@@ -664,7 +664,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
-WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
 WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);

wolfssl/openssl/md4.h

@@ -41,9 +41,10 @@ typedef struct WOLFSSL_MD4_CTX {
 } WOLFSSL_MD4_CTX;
 
 
-WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*);
-WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long);
-WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*);
+WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4);
+WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
+                       unsigned long len);
+WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4);
 
 
 typedef WOLFSSL_MD4_CTX MD4_CTX;

wolfssl/openssl/md5.h

@@ -49,12 +49,14 @@ typedef struct WOLFSSL_MD5_CTX {
 #endif
 } WOLFSSL_MD5_CTX;
 
-WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
-WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
-WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
-
-WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char*, size_t, unsigned char*);
+WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5);
+WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
+                           unsigned long sz);
+WOLFSSL_API int wolfSSL_MD5_Final(unsigned char* output, WOLFSSL_MD5_CTX* md5);
+WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* data);
+
+WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len,
+            unsigned char* hash);
 
 typedef WOLFSSL_MD5_CTX MD5_CTX;
 

wolfssl/openssl/ocsp.h

@@ -34,7 +34,7 @@
 #define OCSP_CERTID               WOLFSSL_OCSP_CERTID
 #define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
 
-#define OCSP_REVOKED_STATUS_NOSTATUS     -1
+#define OCSP_REVOKED_STATUS_NOSTATUS     (-1)
 
 
 #define OCSP_RESPONSE_STATUS_SUCCESSFUL  0

wolfssl/openssl/pem.h

@@ -47,9 +47,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
                                         wc_pem_password_cb* cb, void* arg);
 WOLFSSL_API
 WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio,
-                                                  WOLFSSL_RSA**,
-                                                  wc_pem_password_cb* cb,
-                                                  void* arg);
+        WOLFSSL_RSA** rsa, wc_pem_password_cb* cb, void* pass);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa);
@@ -160,9 +158,9 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
 /* EVP_KEY */
 WOLFSSL_API
 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
-                                                  WOLFSSL_EVP_PKEY**,
+                                                  WOLFSSL_EVP_PKEY** key,
                                                   wc_pem_password_cb* cb,
-                                                  void* arg);
+                                                  void* pass);
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
                                               WOLFSSL_EVP_PKEY **key,

wolfssl/openssl/rsa.h

@@ -50,11 +50,11 @@
 #define RSA_FLAG_NO_CONSTTIME           (1 << 8)
 
 /* Salt length same as digest length */
-#define RSA_PSS_SALTLEN_DIGEST   -1
+#define RSA_PSS_SALTLEN_DIGEST   (-1)
 /* Old max salt length */
-#define RSA_PSS_SALTLEN_MAX_SIGN -2
+#define RSA_PSS_SALTLEN_MAX_SIGN (-2)
 /* Max salt length */
-#define RSA_PSS_SALTLEN_MAX      -3
+#define RSA_PSS_SALTLEN_MAX      (-3)
 
 typedef struct WOLFSSL_RSA_METHOD {
     int flags;
@@ -103,43 +103,49 @@ typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
-WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA*);
+WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA* rsa);
 
-WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
-                                          void* cb);
+WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits,
+                                            WOLFSSL_BIGNUM* bn, void* cb);
 
-WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
-WOLFSSL_API int wolfSSL_RSA_check_key(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn);
+WOLFSSL_API int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
-                                       unsigned char* to, WOLFSSL_RSA*, int padding);
+                                       unsigned char* to, WOLFSSL_RSA* rsa,
+                                       int padding);
 WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
-                                       unsigned char* to, WOLFSSL_RSA*, int padding);
+                                       unsigned char* to, WOLFSSL_RSA* rsa,
+                                       int padding);
 WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, const unsigned char* in,
                             unsigned char* out, WOLFSSL_RSA* rsa, int padding);
 
-WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa);
+WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*, int);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa,
+                               int flag);
 WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*, int, int);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag,
+                               int padding);
 WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
                                unsigned int mLen, const unsigned char* sig,
-                               unsigned int sigLen, WOLFSSL_RSA*);
+                               unsigned int sigLen, WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
                                unsigned int mLen, const unsigned char* sig,
                                unsigned int sigLen, WOLFSSL_RSA* rsa,
                                int padding);
 WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
-                                  unsigned char* to, WOLFSSL_RSA*, int padding);
-WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
-WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
+                               unsigned char* to, WOLFSSL_RSA* rsa, int padding);
+WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa);
+WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa,
+                               const unsigned char* derBuf, int derSz);
+WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa,
+                               const unsigned char* derBuf, int derSz, int opt);
 
 WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags);
 WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth);

wolfssl/openssl/sha.h

@@ -49,16 +49,18 @@ typedef struct WOLFSSL_SHA_CTX {
     #endif
 } WOLFSSL_SHA_CTX;
 
-WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*,
-                                          const unsigned char *data);
+WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
+                           unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha,
+                                         const unsigned char* data);
 /* SHA1 points to above, shouldn't use SHA0 ever */
-WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*,
+WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
+                            unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
                                           const unsigned char *data);
 enum {
     SHA_DIGEST_LENGTH = 20
@@ -95,10 +97,10 @@ typedef struct WOLFSSL_SHA224_CTX {
     ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA224_CTX;
 
-WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*);
-WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*,
-                                         unsigned long);
-WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*);
+WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
+                           unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha);
 
 enum {
     SHA224_DIGEST_LENGTH = 28
@@ -129,11 +131,11 @@ typedef struct WOLFSSL_SHA256_CTX {
     ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA256_CTX;
 
-WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
-WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
-                                 unsigned long);
-WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
-WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*,
+WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256);
+WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
+                              unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
                                                 const unsigned char *data);
 enum {
     SHA256_DIGEST_LENGTH = 32
@@ -172,10 +174,10 @@ typedef struct WOLFSSL_SHA384_CTX {
     void* holder[(268 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA384_CTX;
 
-WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
-WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
-                                         unsigned long);
-WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
+WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
+                           unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha);
 
 enum {
     SHA384_DIGEST_LENGTH = 48
@@ -201,12 +203,12 @@ typedef struct WOLFSSL_SHA512_CTX {
     void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA512_CTX;
 
-WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*,
-                                        const unsigned char*);
+WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha,
+                                      const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
+                                         const unsigned char* data);
 enum {
     SHA512_DIGEST_LENGTH = 64
 };
@@ -228,12 +230,13 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX;
 typedef WOLFSSL_SHA512_224_CTX SHA512_224_CTX;
 
-WOLFSSL_API int wolfSSL_SHA512_224_Init(WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_224_Update(WOLFSSL_SHA512_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API int wolfSSL_SHA512_224_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX*,
-                                        const unsigned char*);
+WOLFSSL_API int wolfSSL_SHA512_224_Init(WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_224_Update(WOLFSSL_SHA512_224_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output,
+                                         WOLFSSL_SHA512_224_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
+                                          const unsigned char* data);
 
 
 #define SHA512_224_Init   wolfSSL_SHA512_224_Init
@@ -250,12 +253,12 @@ WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX*,
 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_256_CTX;
 typedef WOLFSSL_SHA512_256_CTX SHA512_256_CTX;
 
-WOLFSSL_API int wolfSSL_SHA512_256_Init(WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_256_Update(WOLFSSL_SHA512_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API int wolfSSL_SHA512_256_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX*,
-                                        const unsigned char*);
+WOLFSSL_API int wolfSSL_SHA512_256_Init(WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_256_Update(WOLFSSL_SHA512_256_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
+                                          const unsigned char* data);
 
 #define SHA512_256_Init   wolfSSL_SHA512_256_Init
 #define SHA512_256_Update wolfSSL_SHA512_256_Update

wolfssl/openssl/sha3.h

@@ -47,10 +47,11 @@ struct WOLFSSL_SHA3_CTX {
 #ifndef WOLFSSL_NOSHA3_224
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_224_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX*);
-WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char*, WOLFSSL_SHA3_224_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX* sha, const void* input,
+                           unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char* output,
+                           WOLFSSL_SHA3_224_CTX* sha);
 
 enum {
     SHA3_224_DIGEST_LENGTH = 28
@@ -71,10 +72,11 @@ typedef WOLFSSL_SHA3_224_CTX SHA3_224_CTX;
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_256_CTX;
 
 
-WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX*);
-WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char*, WOLFSSL_SHA3_256_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_256_CTX* sha);
 
 enum {
     SHA3_256_DIGEST_LENGTH = 32
@@ -94,10 +96,11 @@ typedef WOLFSSL_SHA3_256_CTX SHA3_256_CTX;
 
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_384_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX*);
-WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX*, const void*,
-                                         unsigned long);
-WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char*, WOLFSSL_SHA3_384_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_384_CTX* sha);
 
 enum {
     SHA3_384_DIGEST_LENGTH = 48
@@ -117,10 +120,11 @@ typedef WOLFSSL_SHA3_384_CTX SHA3_384_CTX;
 
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_512_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX*);
-WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX*, const void*,
-                                         unsigned long);
-WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char*, WOLFSSL_SHA3_512_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_512_CTX* sha);
 
 enum {
     SHA3_512_DIGEST_LENGTH = 64

wolfssl/openssl/ssl.h

@@ -288,8 +288,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_connect                     wolfSSL_connect
 #define SSL_clear                       wolfSSL_clear
 #define SSL_state                       wolfSSL_state
-#define SSL_read_early_data(ssl, d, dLen, len)   wolfSSL_read_early_data(ssl, d, (int)dLen, (int *)len)
-#define SSL_write_early_data(ssl, d, dLen, len)  wolfSSL_write_early_data(ssl, d, (int)dLen, (int *)len)
+#define SSL_read_early_data(ssl, d, dLen, len)   wolfSSL_read_early_data(ssl, d, (int)(dLen), (int *)(len))
+#define SSL_write_early_data(ssl, d, dLen, len)  wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len))
 
 #define SSL_write                       wolfSSL_write
 #define SSL_read                        wolfSSL_read
@@ -878,7 +878,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_default_passwd_cb   wolfSSL_CTX_set_default_passwd_cb
 
 #define SSL_CTX_set_timeout(ctx, to)    \
-                                 wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
+                                 wolfSSL_CTX_set_timeout(ctx, (unsigned int)(to))
 #define SSL_CTX_set_info_callback       wolfSSL_CTX_set_info_callback
 #define SSL_CTX_set_alpn_protos         wolfSSL_CTX_set_alpn_protos
 
@@ -1089,7 +1089,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_get_srtp_profiles                wolfSSL_get_srtp_profiles
 
 #ifndef NO_WOLFSSL_STUB
-#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; })
+#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)(ssl); (void)(cb); })
 #endif
 
 #define SSL_CTX_use_certificate         wolfSSL_CTX_use_certificate
@@ -1426,7 +1426,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
  * PEM_read_bio_X509 is called and the return error is lost.
  * The error that needs to be detected is: SSL_NO_PEM_HEADER.
  */
-#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL)
+#define ERR_GET_FUNC(l) (int)((((unsigned long)(l)) >> 12L) & 0xfffL)
 
 #define PEM_F_PEM_DEF_CALLBACK  100
 

wolfssl/openssl/stack.h

@@ -30,8 +30,8 @@
 
 typedef void (*wolfSSL_sk_freefunc)(void *);
 
-WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
-WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
+WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc f);
+WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *sk);
 WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
 WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);

wolfssl/test.h

@@ -262,7 +262,7 @@
         typedef void*         THREAD_RETURN;
         typedef pthread_t     THREAD_TYPE;
         #define WOLFSSL_THREAD
-        #define INFINITE -1
+        #define INFINITE (-1)
         #define WAIT_OBJECT_0 0L
     #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) || defined(FREESCALE_MQX)
         typedef unsigned int  THREAD_RETURN;
@@ -546,7 +546,7 @@ typedef struct func_args {
     #define printf dc_log_printf
 #endif
 
-void wait_tcp_ready(func_args*);
+void wait_tcp_ready(func_args* args);
 
 #ifdef WOLFSSL_ZEPHYR
 typedef void THREAD_FUNC(void*, void*, void*);
@@ -554,8 +554,8 @@ typedef void THREAD_FUNC(void*, void*, void*);
 typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
 #endif
 
-void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
-void join_thread(THREAD_TYPE);
+void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread);
+void join_thread(THREAD_TYPE thread);
 
 /* wolfSSL */
 #ifndef TEST_IPV6
@@ -872,7 +872,7 @@ static WC_INLINE int mygetopt_long(int argc, char** argv, const char* optstring,
                     c = i->value;
                     myoptind++;
                     if (longindex)
-                        *longindex = (int)((i - longopts) / sizeof *i);
+                        *longindex = (int)((size_t)(i - longopts) / sizeof i[0]);
                     if (i->takes_arg) {
                         if (myoptind < argc) {
                             if (i->takes_arg == 1 || argv[myoptind][0] != '-') {
@@ -895,7 +895,7 @@ static WC_INLINE int mygetopt_long(int argc, char** argv, const char* optstring,
         myoptind++;
     }
 
-    c  = *next++;
+    c  = (int)(unsigned char)*next++;
     /* The C++ strchr can return a different value */
     cp = (char*)strchr(optstring, c);
 

wolfssl/wolfcrypt/arc4.h

@@ -53,11 +53,12 @@ typedef struct Arc4 {
     void* heap;
 } Arc4;
 
-WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32);
-WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32);
+WOLFSSL_API int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in,
+                               word32 length);
+WOLFSSL_API int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length);
 
-WOLFSSL_API int  wc_Arc4Init(Arc4*, void*, int);
-WOLFSSL_API void wc_Arc4Free(Arc4*);
+WOLFSSL_API int  wc_Arc4Init(Arc4* arc4, void* heap, int devId);
+WOLFSSL_API void wc_Arc4Free(Arc4* arc4);
 
 #ifdef __cplusplus
     } /* extern "C" */

wolfssl/wolfcrypt/asn.h

@@ -599,7 +599,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  * @return  Unused bits byte in BIT_STRING.
  */
 #define GetASNItem_UnusedBits(dataASN)                                 \
-    (*(dataASN.data.ref.data - 1))
+    (*((dataASN).data.ref.data - 1))
 
 /* Set the data items at indices start to end inclusive to not be encoded.
  *
@@ -610,8 +610,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASNItem_NoOut(dataASN, start, end)                          \
     do {                                                               \
         int ii;                                                        \
-        for (ii = start; ii <= end; ii++) {                            \
-            dataASN[ii].noOut = 1;                                     \
+        for (ii = (start); ii <= (end); ii++) {                        \
+            (dataASN)[ii].noOut = 1;                                   \
         }                                                              \
     }                                                                  \
     while (0)
@@ -625,10 +625,10 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASNItem_NoOutBelow(dataASN, asn, node, dataASNLen)          \
     do {                                                               \
         int ii;                                                        \
-        for (ii = node + 1; ii < (int)(dataASNLen); ii++) {            \
-            if (asn[ii].depth <= asn[node].depth)                      \
+        for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) {          \
+            if ((asn)[ii].depth <= (asn)[node].depth)                  \
                 break;                                                 \
-            dataASN[ii].noOut = 1;                                     \
+            (dataASN)[ii].noOut = 1;                                   \
         }                                                              \
     }                                                                  \
     while (0)
@@ -643,11 +643,11 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASNItem_NoOutNode(dataASN, asn, node, dataASNLen)           \
     do {                                                               \
         int ii;                                                        \
-        dataASN[node].noOut = 1;                                       \
-        for (ii = node + 1; ii < (int)(dataASNLen); ii++) {            \
-            if (asn[ii].depth <= asn[node].depth)                      \
+        (dataASN)[node].noOut = 1;                                     \
+        for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) {          \
+            if ((asn)[ii].depth <= (asn)[node].depth)                  \
                 break;                                                 \
-            dataASN[ii].noOut = 1;                                     \
+            (dataASN)[ii].noOut = 1;                                   \
         }                                                              \
     }                                                                  \
     while (0)
@@ -1797,42 +1797,46 @@ WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
                                 word32* derSz);
 
-WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
-WOLFSSL_ASN_API DNS_entry* AltNameNew(void*);
+WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap);
+WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap);
 #ifndef IGNORE_NAME_CONSTRAINTS
-    WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
+    WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry* names, void* heap);
 #endif /* IGNORE_NAME_CONSTRAINTS */
-WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
-WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
-WOLFSSL_ASN_API int  ParseCert(DecodedCert*, int type, int verify, void* cm);
-
-WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
-                                  const byte *in, word32 inSz);
+WOLFSSL_ASN_API void InitDecodedCert(DecodedCert* cert, const byte* source,
+                                     word32 inSz, void* heap);
+WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert);
+WOLFSSL_ASN_API int  ParseCert(DecodedCert* cert, int type, int verify,
+                               void* cm);
+
+WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
+                                  word32 inSz);
 WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
                                   const char *in, void* heap);
 WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
         void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
 #ifdef WOLFSSL_CERT_REQ
-WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
-        const byte* pubKey, word32 pubKeySz, int pubKeyOID);
+WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
+        void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
 #endif /* WOLFSSL_CERT_REQ */
 WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
                         int sigAlgoType);
-WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
-WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
+WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify,
+                                    void* cm);
+WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify);
 #ifdef WOLFSSL_ASN_TEMPLATE
-WOLFSSL_LOCAL int DecodeCert(DecodedCert*, int verify, int* criticalExt);
+WOLFSSL_LOCAL int DecodeCert(DecodedCert* cert, int verify, int* criticalExt);
 #endif
 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
 
 WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
-WOLFSSL_LOCAL Signer* MakeSigner(void*);
-WOLFSSL_LOCAL void    FreeSigner(Signer*, void*);
-WOLFSSL_LOCAL void    FreeSignerTable(Signer**, int, void*);
+WOLFSSL_LOCAL Signer* MakeSigner(void* heap);
+WOLFSSL_LOCAL void    FreeSigner(Signer* signer, void* heap);
+WOLFSSL_LOCAL void    FreeSignerTable(Signer** table, int rows, void* heap);
 #ifdef WOLFSSL_TRUST_PEER_CERT
-WOLFSSL_LOCAL void    FreeTrustedPeer(TrustedPeerCert*, void*);
-WOLFSSL_LOCAL void    FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
+WOLFSSL_LOCAL void    FreeTrustedPeer(TrustedPeerCert* tp, void* heap);
+WOLFSSL_LOCAL void    FreeTrustedPeerTable(TrustedPeerCert** table, int rows,
+                                           void* heap);
 #endif /* WOLFSSL_TRUST_PEER_CERT */
 
 WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
@@ -1842,8 +1846,8 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
                                       word32 length);
 WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
                                          word32 length, word32* algId);
-WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int,
-                                   word32* algId);
+WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password,
+                     int passwordSz, word32* algId);
 WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
         word32* outSz, const char* password, int passwordSz, int vPKCS,
         int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
@@ -1958,7 +1962,8 @@ WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g)
 WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
                         DhKey* key, word32 inSz);
 #endif
-WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
+WOLFSSL_LOCAL int FlattenAltNames(byte* output, word32 outputSz,
+                                  const DNS_entry* names);
 
 WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
         char nameType, byte type);
@@ -2172,17 +2177,22 @@ struct OcspRequest {
     void*  ssl;
 };
 
-WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*);
-WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*);
-WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
+WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single,
+                     CertStatus* status, byte* source, word32 inSz, void* heap);
+WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp);
+WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
+                                     int noVerify);
 
-WOLFSSL_LOCAL int    InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
-WOLFSSL_LOCAL void   FreeOcspRequest(OcspRequest*);
-WOLFSSL_LOCAL int    EncodeOcspRequest(OcspRequest*, byte*, word32);
-WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);
+WOLFSSL_LOCAL int    InitOcspRequest(OcspRequest* req, DecodedCert* cert,
+                                     byte useNonce, void* heap);
+WOLFSSL_LOCAL void   FreeOcspRequest(OcspRequest* req);
+WOLFSSL_LOCAL int    EncodeOcspRequest(OcspRequest* req, byte* output,
+                                       word32 size);
+WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output,
+                                                 word32 size);
 
 
-WOLFSSL_LOCAL int  CompareOcspReqResp(OcspRequest*, OcspResponse*);
+WOLFSSL_LOCAL int  CompareOcspReqResp(OcspRequest* req, OcspResponse* resp);
 
 
 #endif /* HAVE_OCSP */
@@ -2222,14 +2232,15 @@ struct DecodedCRL {
 #endif
 };
 
-WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap);
+WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);
 WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
                                       const byte* toBeSigned, word32 tbsSz,
                                       const byte* signature, word32 sigSz,
                                       word32 signatureOID, Signer *ca,
                                       void* heap);
-WOLFSSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
-WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
+WOLFSSL_LOCAL int  ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz,
+                            void* cm);
+WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
 
 
 #endif /* HAVE_CRL */

wolfssl/wolfcrypt/asn_public.h

@@ -445,39 +445,39 @@ typedef struct Cert {
    isCA       = 0 (false)
    keyType    = RSA_KEY (default)
 */
-WOLFSSL_API int wc_InitCert(Cert*);
-WOLFSSL_API int wc_InitCert_ex(Cert*, void*, int);
+WOLFSSL_API int wc_InitCert(Cert* cert);
+WOLFSSL_API int wc_InitCert_ex(Cert* cert, void* heap, int devId);
 WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
-                                int keyType, void* key, WC_RNG* rng);
-WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             ecc_key*, WC_RNG*);
+                               int keyType, void* key, WC_RNG* rng);
+WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz,
+                            RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
 #ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
-                                       int, void*);
-    WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
-                                    RsaKey*, ecc_key*);
-#endif
-WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
-                                word32 buffSz, int keyType, void* key,
-                                WC_RNG* rng);
-WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
-                             word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
-WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             WC_RNG*);
-WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
-WOLFSSL_API int wc_SetSubject(Cert*, const char*);
+    WOLFSSL_API int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz,
+                                      int keyType, void* key);
+    WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
+                   RsaKey* rsaKey, ecc_key* eccKey);
+#endif
+WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf,
+                               word32 buffSz, int keyType, void* key,
+                               WC_RNG* rng);
+WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
+                            RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
+WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
+                                RsaKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile);
+WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile);
 #ifdef WOLFSSL_ALT_NAMES
-    WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
+    WOLFSSL_API int wc_SetAltNames(Cert* cert, const char* file);
 #endif
 
 #ifdef WOLFSSL_CERT_GEN_CACHE
 WOLFSSL_API void wc_SetCert_Free(Cert* cert);
 #endif
 
-WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz);
+WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz);
+WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz);
+WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz);
 
 #ifndef NO_ASN_TIME
 WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before,
@@ -547,10 +547,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
     WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
               DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat);
 
-    WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
-                                   unsigned char*, int, const char*);
-    WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
-                                    unsigned char*, int, int);
+    WOLFSSL_API int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
+                        unsigned char* buff, int buffSz, const char* pass);
+    WOLFSSL_API int wc_CertPemToDer(const unsigned char* pem, int pemSz,
+                        unsigned char* buff, int buffSz, int type);
 #endif /* WOLFSSL_PEM_TO_DER */
 
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
@@ -560,8 +560,8 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
         WOLFSSL_API int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der);
     #endif
 
-    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
-                                      unsigned char*, int);
+    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
+                           unsigned char* buff, int buffSz);
 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
 
 #ifdef WOLFSSL_CERT_GEN
@@ -598,8 +598,8 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
 
 #ifndef NO_DSA
     /* DSA parameter DER helper functions */
-    WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx,
-                                       DsaKey*, word32);
+    WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key,
+                        word32 inSz);
     WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output,
         word32 inLen);
     WOLFSSL_API int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output,
@@ -615,23 +615,23 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
 
 #ifdef HAVE_ECC
     /* private key helpers */
-    WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
-                                           ecc_key*, word32);
-    WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
+    WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                           ecc_key* key, word32 inSz);
+    WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen);
     WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
                                           word32 inLen);
-    WOLFSSL_API int wc_EccKeyDerSize(ecc_key*, int pub);
+    WOLFSSL_API int wc_EccKeyDerSize(ecc_key* key, int pub);
     WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output,
                                             word32* outLen);
     WOLFSSL_API int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
                                      word32* outLen);
 
     /* public key helper */
-    WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
-                                              ecc_key*, word32);
-    WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
+    WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
+                          ecc_key* key, word32 inSz);
+    WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output,
                                          word32 inLen, int with_AlgCurve);
-    WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve);
+    WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve);
 #endif
 
 /* RFC 5958 (Asymmetric Key Packages) */
@@ -655,55 +655,76 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
 
 #ifdef HAVE_ED25519
 #ifdef HAVE_ED25519_KEY_IMPORT
-WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, ed25519_key*, word32);
-WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, ed25519_key*, word32);
+WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                               ed25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx,
+                              ed25519_key* key, word32 inSz);
 #endif
 #ifdef HAVE_ED25519_KEY_EXPORT
-WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key*, byte*, word32);
-WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key*, byte*, word32);
-WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte*, word32, int);
+WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
+                                   word32 inLen);
+WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
+                                          word32 inLen);
+WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output,
+                                         word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_ED25519 */
 
 #ifdef HAVE_CURVE25519
 #ifdef HAVE_CURVE25519_KEY_IMPORT
-WOLFSSL_API int wc_Curve25519PrivateKeyDecode(const byte*, word32*, curve25519_key*, word32);
-WOLFSSL_API int wc_Curve25519PublicKeyDecode(const byte*, word32*, curve25519_key*, word32);
+WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve25519PublicKeyDecode(
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
 #endif
 #ifdef HAVE_CURVE25519_KEY_EXPORT
-WOLFSSL_API int wc_Curve25519PrivateKeyToDer(curve25519_key*, byte*, word32);
-WOLFSSL_API int wc_Curve25519PublicKeyToDer(curve25519_key*, byte*, word32, int);
+WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Curve25519PublicKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_CURVE25519 */
 
 #ifdef HAVE_ED448
 #ifdef HAVE_ED448_KEY_IMPORT
-WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*, ed448_key*, word32);
-WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*, ed448_key*, word32);
+WOLFSSL_API int wc_Ed448PrivateKeyDecode(
+    const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz);
+WOLFSSL_API int wc_Ed448PublicKeyDecode(
+    const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz);
 #endif
 #ifdef HAVE_ED448_KEY_EXPORT
-WOLFSSL_API int wc_Ed448KeyToDer(ed448_key*, byte*, word32);
-WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key*, byte*, word32);
-WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte*, word32, int);
+WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Ed448PrivateKeyToDer(
+    ed448_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Ed448PublicKeyToDer(
+    ed448_key* key, byte* output, word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_ED448 */
 
 #ifdef HAVE_PQC
-WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte*, word32*, falcon_key*, word32);
-WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte*, word32*, falcon_key*, word32);
-WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key*, byte*, word32);
-WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key*, byte*, word32);
-WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key*, byte*, word32, int);
+WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                     falcon_key* key, word32 inSz);
+WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
+                                    falcon_key* key, word32 inSz);
+WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output,
+                                          word32 inLen);
+WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output,
+                                         word32 inLen, int withAlg);
 #endif /* HAVE_PQC */
 
 #ifdef HAVE_CURVE448
 #ifdef HAVE_CURVE448_KEY_IMPORT
-WOLFSSL_API int wc_Curve448PrivateKeyDecode(const byte*, word32*, curve448_key*, word32);
-WOLFSSL_API int wc_Curve448PublicKeyDecode(const byte*, word32*, curve448_key*, word32);
+WOLFSSL_API int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                               curve448_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx,
+                              curve448_key* key, word32 inSz);
 #endif
 #ifdef HAVE_CURVE448_KEY_EXPORT
-WOLFSSL_API int wc_Curve448PrivateKeyToDer(curve448_key*, byte*, word32);
-WOLFSSL_API int wc_Curve448PublicKeyToDer(curve448_key*, byte*, word32, int);
+WOLFSSL_API int wc_Curve448PrivateKeyToDer(curve448_key* key, byte* output,
+                                           word32 inLen);
+WOLFSSL_API int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output,
+                                          word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_CURVE448 */
 
@@ -718,11 +739,16 @@ WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
 WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
         byte* key, word32 keySz, int algoID, const byte* curveOID,
         word32 oidSz);
-WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32*, const char*,
-        int, int, int, int, byte*, word32, int, WC_RNG*, void*);
-WOLFSSL_API int wc_DecryptPKCS8Key(byte*, word32, const char*, int);
-WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*,
-        const char*, int, int, int, int, byte*, word32, int, WC_RNG*, void*);
+WOLFSSL_API int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
+        const char* password, int passwordSz, int vPKCS, int pbeOid,
+        int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng,
+        void* heap);
+WOLFSSL_API int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
+        int passwordSz);
+WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte* key, word32 keySz, byte* out,
+        word32* outSz, const char* password, int passwordSz, int vPKCS,
+        int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt,
+        WC_RNG* rng, void* heap);
 
 #ifndef NO_ASN_TIME
 /* Time */
@@ -769,9 +795,11 @@ WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalS
 /* Forward declaration needed, as DecodedCert is defined in asn.h.*/
 struct DecodedCert;
 
-WOLFSSL_API void wc_InitDecodedCert(struct DecodedCert*, const byte*, word32, void*);
-WOLFSSL_API void wc_FreeDecodedCert(struct DecodedCert*);
-WOLFSSL_API int  wc_ParseCert(struct DecodedCert*, int, int, void*);
+WOLFSSL_API void wc_InitDecodedCert(
+    struct DecodedCert* cert, const byte* source, word32 inSz, void* heap);
+WOLFSSL_API void wc_FreeDecodedCert(struct DecodedCert* cert);
+WOLFSSL_API int  wc_ParseCert(
+    struct DecodedCert* cert, int type, int verify, void* cm);
 
 WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
                                         byte* derKey, word32* derKeySz);

wolfssl/wolfcrypt/blake2-int.h

@@ -130,36 +130,36 @@
 #pragma pack(pop)
 
   /* Streaming API */
-  int blake2s_init( blake2s_state *S, const byte outlen );
-  int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2s_init( blake2s_state *S, byte outlen );
+  int blake2s_init_key( blake2s_state *S, byte outlen, const void *key, byte keylen );
   int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
   int blake2s_update( blake2s_state *S, const byte *in, word32 inlen );
   int blake2s_final( blake2s_state *S, byte *out, byte outlen );
 
-  int blake2b_init( blake2b_state *S, const byte outlen );
-  int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2b_init( blake2b_state *S, byte outlen );
+  int blake2b_init_key( blake2b_state *S, byte outlen, const void *key, byte keylen );
   int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
   int blake2b_update( blake2b_state *S, const byte *in, word64 inlen );
   int blake2b_final( blake2b_state *S, byte *out, byte outlen );
 
-  int blake2sp_init( blake2sp_state *S, const byte outlen );
-  int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2sp_init( blake2sp_state *S, byte outlen );
+  int blake2sp_init_key( blake2sp_state *S, byte outlen, const void *key, byte keylen );
   int blake2sp_update( blake2sp_state *S, const byte *in, word32 inlen );
   int blake2sp_final( blake2sp_state *S, byte *out, byte outlen );
 
-  int blake2bp_init( blake2bp_state *S, const byte outlen );
-  int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2bp_init( blake2bp_state *S, byte outlen );
+  int blake2bp_init_key( blake2bp_state *S, byte outlen, const void *key, byte keylen );
   int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen );
   int blake2bp_final( blake2bp_state *S, byte *out, byte outlen );
 
   /* Simple API */
-  int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
-  int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+  int blake2s( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen );
+  int blake2b( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen );
 
-  int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
-  int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+  int blake2sp( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen );
+  int blake2bp( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen );
 
-  static WC_INLINE int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen )
+  static WC_INLINE int blake2( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen )
   {
     return blake2b( out, in, key, outlen, inlen, keylen );
   }

wolfssl/wolfcrypt/blake2.h

@@ -75,17 +75,19 @@ typedef struct Blake2s {
 
 
 #ifdef HAVE_BLAKE2B
-WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32);
-WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32);
-WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
-WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
+WOLFSSL_API int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
+WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz,
+                                       const byte *key, word32 keylen);
+WOLFSSL_API int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz);
+WOLFSSL_API int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz);
 #endif
 
 #ifdef HAVE_BLAKE2S
-WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32);
-WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32);
-WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32);
-WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32);
+WOLFSSL_API int wc_InitBlake2s(Blake2s* b2s, word32 digestSz);
+WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz,
+                                       const byte *key, word32 keylen);
+WOLFSSL_API int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz);
+WOLFSSL_API int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz);
 #endif
 
 

wolfssl/wolfcrypt/chacha20_poly1305.h

@@ -90,8 +90,8 @@ WOLFSSL_API
 int wc_ChaCha20Poly1305_Encrypt(
                 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
                 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
-                const byte* inAAD, const word32 inAADLen,
-                const byte* inPlaintext, const word32 inPlaintextLen,
+                const byte* inAAD, word32 inAADLen,
+                const byte* inPlaintext, word32 inPlaintextLen,
                 byte* outCiphertext,
                 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
 
@@ -99,8 +99,8 @@ WOLFSSL_API
 int wc_ChaCha20Poly1305_Decrypt(
                 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
                 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
-                const byte* inAAD, const word32 inAADLen,
-                const byte* inCiphertext, const word32 inCiphertextLen,
+                const byte* inAAD, word32 inAADLen,
+                const byte* inCiphertext, word32 inCiphertextLen,
                 const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
                 byte* outPlaintext);
 
@@ -134,18 +134,18 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Init(
     int isEncrypt);
 
 WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
-    byte *dst, const size_t dst_space,
-    const byte *src, const size_t src_len,
-    const byte *ad, const size_t ad_len,
-    const byte *nonce, const size_t nonce_len,
-    const byte *key, const size_t key_len);
+    byte *dst, size_t dst_space,
+    const byte *src, size_t src_len,
+    const byte *ad, size_t ad_len,
+    const byte *nonce, size_t nonce_len,
+    const byte *key, size_t key_len);
 
 WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
-    byte *dst, const size_t dst_space,
-    const byte *src, const size_t src_len,
-    const byte *ad, const size_t ad_len,
-    const byte *nonce, const size_t nonce_len,
-    const byte *key, const size_t key_len);
+    byte *dst, size_t dst_space,
+    const byte *src, size_t src_len,
+    const byte *ad, size_t ad_len,
+    const byte *nonce, size_t nonce_len,
+    const byte *key, size_t key_len);
 
 #endif /* HAVE_XCHACHA */
 

wolfssl/wolfcrypt/des3.h

@@ -146,8 +146,8 @@ WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
 
 /* These are only required when using either:
   static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */
-WOLFSSL_API int  wc_Des3Init(Des3*, void*, int);
-WOLFSSL_API void wc_Des3Free(Des3*);
+WOLFSSL_API int  wc_Des3Init(Des3* des3, void* heap, int devId);
+WOLFSSL_API void wc_Des3Free(Des3* des3);
 
 #ifdef __cplusplus
     } /* extern "C" */

wolfssl/wolfcrypt/dh.h

@@ -120,7 +120,7 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        word32 pubSz);
 
 WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
-                           word32); /* wc_DhKeyDecode is in asn.c */
+                           word32 inSz); /* wc_DhKeyDecode is in asn.c */
 
 WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                         word32 gSz);

wolfssl/wolfcrypt/dsa.h

@@ -84,9 +84,9 @@ WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
 WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                      DsaKey*, word32);
+                                      DsaKey* key, word32 inSz);
 WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                       DsaKey*, word32);
+                                       DsaKey* key, word32 inSz);
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key,
                                    int outLen, int with_header);

wolfssl/wolfcrypt/ecc.h

@@ -523,8 +523,8 @@ struct ecc_key {
 };
 
 
-WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*);
-WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*);
+WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void* heap);
+WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
 
 
 /* ECC predefined curve sets  */
@@ -544,8 +544,8 @@ ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* B, mp_int* kB,
                 ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
 
-ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
-ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct);
+ECC_API int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp);
+ECC_API int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct);
 ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
                                      mp_int* a, mp_int* modulus, mp_digit mp);
 ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
@@ -723,9 +723,10 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 #ifdef HAVE_ECC_KEY_EXPORT
 /* ASN key helpers */
 WOLFSSL_API
-int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
+int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
 WOLFSSL_API
-int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
+int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
+                          int compressed);
     /* extended functionality with compressed option */
 #endif /* HAVE_ECC_KEY_EXPORT */
 
@@ -777,13 +778,13 @@ int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
 
 #ifdef HAVE_ECC_KEY_EXPORT
 WOLFSSL_API
-int wc_ecc_export_point_der_ex(const int curve_idx, ecc_point* point, byte* out,
+int wc_ecc_export_point_der_ex(int curve_idx, ecc_point* point, byte* out,
                                word32* outLen, int compressed);
 WOLFSSL_API
-int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
+int wc_ecc_export_point_der(int curve_idx, ecc_point* point,
                             byte* out, word32* outLen);
 WOLFSSL_LOCAL
-int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
+int wc_ecc_export_point_der_compressed(int curve_idx, ecc_point* point,
                                        byte* out, word32* outLen);
 #endif /* HAVE_ECC_KEY_EXPORT */
 
@@ -791,10 +792,10 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
 #ifdef HAVE_ECC_KEY_IMPORT
 WOLFSSL_API
 int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
-                               const int curve_idx, ecc_point* point,
+                               int curve_idx, ecc_point* point,
                                int shortKeySize);
 WOLFSSL_API
-int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx,
+int wc_ecc_import_point_der(const byte* in, word32 inLen, int curve_idx,
                             ecc_point* point);
 #endif /* HAVE_ECC_KEY_IMPORT */
 
@@ -855,16 +856,16 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
 WOLFSSL_API
 ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
 WOLFSSL_API
-void wc_ecc_ctx_free(ecEncCtx*);
+void wc_ecc_ctx_free(ecEncCtx* ctx);
 WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*);  /* reset for use again w/o alloc/free */
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng);  /* reset for use again w/o alloc/free */
 
 WOLFSSL_API
-const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
+const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx);
 WOLFSSL_API
-int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
+int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt);
 WOLFSSL_API
-int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
+int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz);
 
 WOLFSSL_API
 int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,

wolfssl/wolfcrypt/ed25519.h

@@ -190,7 +190,7 @@ int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
 
 #ifdef HAVE_ED25519_KEY_EXPORT
 WOLFSSL_API
-int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
+int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
 WOLFSSL_API

wolfssl/wolfcrypt/ed448.h

@@ -172,7 +172,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
 
 #ifdef HAVE_ED448_KEY_EXPORT
 WOLFSSL_API
-int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen);
+int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 WOLFSSL_API

wolfssl/wolfcrypt/fe_448.h

@@ -68,25 +68,25 @@ WOLFSSL_LOCAL void fe448_reduce(fe448*);
 #else
 #define fe448_reduce(a)
 #endif
-WOLFSSL_LOCAL void fe448_neg(fe448*,const fe448*);
-WOLFSSL_LOCAL void fe448_add(fe448*, const fe448*, const fe448*);
-WOLFSSL_LOCAL void fe448_sub(fe448*, const fe448*, const fe448*);
-WOLFSSL_LOCAL void fe448_mul(fe448*,const fe448*,const fe448*);
-WOLFSSL_LOCAL void fe448_sqr(fe448*, const fe448*);
-WOLFSSL_LOCAL void fe448_mul39081(fe448*, const fe448*);
-WOLFSSL_LOCAL void fe448_invert(fe448*, const fe448*);
-
-WOLFSSL_LOCAL void fe448_0(fe448*);
-WOLFSSL_LOCAL void fe448_1(fe448*);
-WOLFSSL_LOCAL void fe448_copy(fe448*, const fe448*);
-WOLFSSL_LOCAL int  fe448_isnonzero(const fe448*);
-WOLFSSL_LOCAL int  fe448_isnegative(const fe448*);
-
-WOLFSSL_LOCAL void fe448_from_bytes(fe448*,const unsigned char *);
-WOLFSSL_LOCAL void fe448_to_bytes(unsigned char *, const fe448*);
-
-WOLFSSL_LOCAL void fe448_cmov(fe448*,const fe448*, int);
-WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_neg(fe448* r, const fe448* a);
+WOLFSSL_LOCAL void fe448_add(fe448* r, const fe448* a, const fe448* b);
+WOLFSSL_LOCAL void fe448_sub(fe448* r, const fe448* a, const fe448* b);
+WOLFSSL_LOCAL void fe448_mul(fe448* r, const fe448* a, const fe448* b);
+WOLFSSL_LOCAL void fe448_sqr(fe448* r, const fe448* a);
+WOLFSSL_LOCAL void fe448_mul39081(fe448* r, const fe448* a);
+WOLFSSL_LOCAL void fe448_invert(fe448* r, const fe448* a);
+
+WOLFSSL_LOCAL void fe448_0(fe448* a);
+WOLFSSL_LOCAL void fe448_1(fe448* a);
+WOLFSSL_LOCAL void fe448_copy(fe448* d, const fe448* a);
+WOLFSSL_LOCAL int  fe448_isnonzero(const fe448* a);
+WOLFSSL_LOCAL int  fe448_isnegative(const fe448* a);
+
+WOLFSSL_LOCAL void fe448_from_bytes(fe448* r, const unsigned char* b);
+WOLFSSL_LOCAL void fe448_to_bytes(unsigned char* b, const fe448* a);
+
+WOLFSSL_LOCAL void fe448_cmov(fe448* a, const fe448* b, int c);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448* r, const fe448* a);
 
 #else
 
@@ -94,21 +94,21 @@ WOLFSSL_LOCAL void fe448_init(void);
 WOLFSSL_LOCAL int  curve448(byte* r, const byte* n, const byte* a);
 
 #define fe448_reduce(a)
-WOLFSSL_LOCAL void fe448_neg(word8*,const word8*);
-WOLFSSL_LOCAL void fe448_add(word8*, const word8*, const word8*);
-WOLFSSL_LOCAL void fe448_sub(word8*, const word8*, const word8*);
-WOLFSSL_LOCAL void fe448_mul(word8*,const word8*,const word8*);
-WOLFSSL_LOCAL void fe448_sqr(word8*, const word8*);
-WOLFSSL_LOCAL void fe448_mul39081(word8*, const word8*);
-WOLFSSL_LOCAL void fe448_invert(word8*, const word8*);
 
-WOLFSSL_LOCAL void fe448_copy(word8*, const word8*);
-WOLFSSL_LOCAL int  fe448_isnonzero(const word8*);
+WOLFSSL_LOCAL void fe448_neg(word8* r, const word8* a);
+WOLFSSL_LOCAL void fe448_add(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_sub(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_mul(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_sqr(word8* r, const word8* a);
+WOLFSSL_LOCAL void fe448_mul39081(word8* r, const word8* a);
+WOLFSSL_LOCAL void fe448_invert(word8* r, const word8* a);
 
 WOLFSSL_LOCAL void fe448_norm(byte *a);
+WOLFSSL_LOCAL void fe448_copy(word8* d, const word8* a);
+WOLFSSL_LOCAL int  fe448_isnonzero(const word8* a);
 
-WOLFSSL_LOCAL void fe448_cmov(word8*,const word8*, int);
-WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8*,const word8*);
+WOLFSSL_LOCAL void fe448_cmov(word8* a, const word8* b, int c);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8* r, const word8* a);
 
 #endif /* !CURVE448_SMALL || !ED448_SMALL */
 

wolfssl/wolfcrypt/fe_operations.h

@@ -91,29 +91,29 @@ WOLFSSL_LOCAL int  curve25519(byte * q, const byte * n, const byte * p);
     typedef sword32  fe[10];
 #endif
 
-WOLFSSL_LOCAL void fe_copy(fe, const fe);
-WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
-WOLFSSL_LOCAL void fe_neg(fe,const fe);
-WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
-WOLFSSL_LOCAL void fe_invert(fe, const fe);
-WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
+WOLFSSL_LOCAL void fe_copy(fe h,const fe f);
+WOLFSSL_LOCAL void fe_add(fe h,const fe f,const fe g);
+WOLFSSL_LOCAL void fe_neg(fe h,const fe f);
+WOLFSSL_LOCAL void fe_sub(fe h,const fe f,const fe g);
+WOLFSSL_LOCAL void fe_invert(fe out,const fe z);
+WOLFSSL_LOCAL void fe_mul(fe h,const fe f,const fe g);
 
 
 /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
    work. */
 
-WOLFSSL_LOCAL void fe_0(fe);
-WOLFSSL_LOCAL void fe_1(fe);
-WOLFSSL_LOCAL int  fe_isnonzero(const fe);
-WOLFSSL_LOCAL int  fe_isnegative(const fe);
-WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
-WOLFSSL_LOCAL void fe_sq(fe, const fe);
-WOLFSSL_LOCAL void fe_sq2(fe,const fe);
-WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
-WOLFSSL_LOCAL void fe_cswap(fe, fe, int);
-WOLFSSL_LOCAL void fe_mul121666(fe,fe);
-WOLFSSL_LOCAL void fe_cmov(fe,const fe, int);
-WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
+WOLFSSL_LOCAL void fe_0(fe h);
+WOLFSSL_LOCAL void fe_1(fe h);
+WOLFSSL_LOCAL int  fe_isnonzero(const fe f);
+WOLFSSL_LOCAL int  fe_isnegative(const fe f);
+WOLFSSL_LOCAL void fe_tobytes(unsigned char *s,const fe h);
+WOLFSSL_LOCAL void fe_sq(fe h,const fe f);
+WOLFSSL_LOCAL void fe_sq2(fe h,const fe f);
+WOLFSSL_LOCAL void fe_frombytes(fe h,const unsigned char *s);
+WOLFSSL_LOCAL void fe_cswap(fe f, fe g, int b);
+WOLFSSL_LOCAL void fe_mul121666(fe h,fe f);
+WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b);
+WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z);
 
 /* 64 type needed for SHA512 */
 WOLFSSL_LOCAL word64 load_3(const unsigned char *in);

wolfssl/wolfcrypt/ge_448.h

@@ -59,18 +59,15 @@ typedef struct {
 } ge448_p2;
 
 
-WOLFSSL_LOCAL int  ge448_compress_key(byte*, const byte*, const byte*);
-WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *,
-                                                   const unsigned char *);
-
-WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *,
-                                                   const unsigned char *,
-                                                   const ge448_p2 *,
-                                                   const unsigned char *);
-WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2 *, const unsigned char *);
-WOLFSSL_LOCAL void sc448_reduce(byte*);
-WOLFSSL_LOCAL void sc448_muladd(byte*, const byte*, const byte*, const byte*);
-WOLFSSL_LOCAL void ge448_to_bytes(unsigned char *, const ge448_p2 *);
+WOLFSSL_LOCAL int  ge448_compress_key(byte* out, const byte* xIn, const byte* yIn);
+WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b);
+
+WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
+                                    const ge448_p2 *A, const byte *b);
+WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2* h, const byte* a);
+WOLFSSL_LOCAL void sc448_reduce(byte* b);
+WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d);
+WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h);
 
 
 #ifndef ED448_SMALL

wolfssl/wolfcrypt/ge_operations.h

@@ -73,16 +73,16 @@ typedef struct {
 
 WOLFSSL_LOCAL int  ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
                                                                 word32 keySz);
-WOLFSSL_LOCAL int  ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL int  ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s);
 
-WOLFSSL_LOCAL int  ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
-                                         const ge_p3 *,const unsigned char *);
-WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL int  ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
+                                 const ge_p3 *A, const unsigned char *b);
+WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *h,const unsigned char *a);
 WOLFSSL_LOCAL void sc_reduce(byte* s);
 WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b,
                              const byte* c);
-WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
-WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+WOLFSSL_LOCAL void ge_tobytes(unsigned char *s,const ge_p2 *h);
+WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *s,const ge_p3 *h);
 
 
 #ifndef ED25519_SMALL

wolfssl/wolfcrypt/hash.h

@@ -184,39 +184,39 @@ WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 
 #ifndef NO_SHA
 #include <wolfssl/wolfcrypt/sha.h>
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+WOLFSSL_API int wc_ShaHash(const byte* data, word32 len, byte* hash);
 #endif
 
 #ifdef WOLFSSL_SHA224
 #include <wolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 #endif /* defined(WOLFSSL_SHA224) */
 
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 #endif
 
 #ifdef WOLFSSL_SHA384
 #include <wolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha384Hash(const byte* data, word32 len, byte* hash);
 #endif /* defined(WOLFSSL_SHA384) */
 
 #ifdef WOLFSSL_SHA512
 #include <wolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha512_224Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha512_256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash);
 #endif /* WOLFSSL_SHA512 */
 
 #ifdef WOLFSSL_SHA3
 #include <wolfssl/wolfcrypt/sha3.h>
-WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash);
 #ifdef WOLFSSL_SHAKE256
-WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32);
+WOLFSSL_API int wc_Shake256Hash(const byte* data, word32 len, byte* hash, word32 hashLen);
 #endif
 #endif /* WOLFSSL_SHA3 */
 

wolfssl/wolfcrypt/hmac.h

@@ -180,14 +180,14 @@ struct Hmac {
 #endif /* HAVE_FIPS */
 
 /* does init */
-WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
-WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
-WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
+WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
+WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
+WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out);
 #ifdef WOLFSSL_KCAPI_HMAC
-WOLFSSL_API int wc_HmacSetKey_Software(Hmac*, int type, const byte* key,
+WOLFSSL_API int wc_HmacSetKey_Software(Hmac* hmac, int type, const byte* key,
                                        word32 keySz);
-WOLFSSL_API int wc_HmacUpdate_Software(Hmac*, const byte*, word32);
-WOLFSSL_API int wc_HmacFinal_Software(Hmac*, byte*);
+WOLFSSL_API int wc_HmacUpdate_Software(Hmac* hmac, const byte* in, word32 sz);
+WOLFSSL_API int wc_HmacFinal_Software(Hmac* hmac, byte* out);
 #endif
 WOLFSSL_API int wc_HmacSizeByType(int type);
 
@@ -198,7 +198,7 @@ WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
 WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
                                   int devId);
 #endif
-WOLFSSL_API void wc_HmacFree(Hmac*);
+WOLFSSL_API void wc_HmacFree(Hmac* hmac);
 
 WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
 

wolfssl/wolfcrypt/md2.h

@@ -54,10 +54,10 @@ typedef struct Md2 {
 } Md2;
 
 
-WOLFSSL_API void wc_InitMd2(Md2*);
-WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32);
-WOLFSSL_API void wc_Md2Final(Md2*, byte*);
-WOLFSSL_API int  wc_Md2Hash(const byte*, word32, byte*);
+WOLFSSL_API void wc_InitMd2(Md2* md2);
+WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len);
+WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash);
+WOLFSSL_API int  wc_Md2Hash(const byte* data, word32 len, byte* hash);
 
 
 #ifdef __cplusplus

wolfssl/wolfcrypt/md4.h

@@ -53,9 +53,9 @@ typedef struct Md4 {
 } Md4;
 
 
-WOLFSSL_API void wc_InitMd4(Md4*);
-WOLFSSL_API void wc_Md4Update(Md4*, const byte*, word32);
-WOLFSSL_API void wc_Md4Final(Md4*, byte*);
+WOLFSSL_API void wc_InitMd4(Md4* md4);
+WOLFSSL_API void wc_Md4Update(Md4* md4, const byte* data, word32 len);
+WOLFSSL_API void wc_Md4Final(Md4* md4, byte* hash);
 
 
 #ifdef __cplusplus

wolfssl/wolfcrypt/md5.h

@@ -107,17 +107,17 @@ typedef struct wc_Md5 {
 
 #endif /* WOLFSSL_TI_HASH */
 
-WOLFSSL_API int wc_InitMd5(wc_Md5*);
-WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
-WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
-WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
-WOLFSSL_API void wc_Md5Free(wc_Md5*);
+WOLFSSL_API int wc_InitMd5(wc_Md5* md5);
+WOLFSSL_API int wc_InitMd5_ex(wc_Md5* md5, void* heap, int devId);
+WOLFSSL_API int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
+WOLFSSL_API int wc_Md5Final(wc_Md5* md5, byte* hash);
+WOLFSSL_API void wc_Md5Free(wc_Md5* md5);
 #ifdef OPENSSL_EXTRA
-WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*);
+WOLFSSL_API int wc_Md5Transform(wc_Md5* md5, const byte* data);
 #endif
 
-WOLFSSL_API int  wc_Md5GetHash(wc_Md5*, byte*);
-WOLFSSL_API int  wc_Md5Copy(wc_Md5*, wc_Md5*);
+WOLFSSL_API int  wc_Md5GetHash(wc_Md5* md5, byte* hash);
+WOLFSSL_API int  wc_Md5Copy(wc_Md5* src, wc_Md5* dst);
 
 #ifdef WOLFSSL_PIC32MZ_HASH
 WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);

wolfssl/wolfcrypt/memory.h

@@ -83,12 +83,12 @@
 #endif /* WOLFSSL_STATIC_MEMORY */
 
 /* Public get/set functions */
-WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
-                                      wolfSSL_Free_cb,
-                                      wolfSSL_Realloc_cb);
-WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
-                                      wolfSSL_Free_cb*,
-                                      wolfSSL_Realloc_cb*);
+WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf,
+                                      wolfSSL_Free_cb ff,
+                                      wolfSSL_Realloc_cb rf);
+WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
+                                      wolfSSL_Free_cb* ff,
+                                      wolfSSL_Realloc_cb* rf);
 
 #ifdef WOLFSSL_STATIC_MEMORY
     #define WOLFSSL_STATIC_TIMEOUT 1

wolfssl/wolfcrypt/pkcs12.h

@@ -50,7 +50,7 @@ WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void);
 WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12);
 WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12);
 #ifndef NO_FILESYSTEM
-WOLFSSL_API int wc_d2i_PKCS12_fp(const char*, WC_PKCS12**);
+WOLFSSL_API int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12);
 #endif
 WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz);
 WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,

wolfssl/wolfcrypt/poly1305.h

@@ -110,7 +110,7 @@ typedef struct Poly1305 {
 
 WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
     word32 kySz);
-WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32);
+WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
 
 /* AEAD Functions */

wolfssl/wolfcrypt/random.h

@@ -206,19 +206,19 @@ WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 #endif /* HAVE_WNR */
 
 
-WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte*, word32, void*);
-WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG*);
+WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap);
+WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng);
 
 
 #ifndef WC_NO_RNG
-WOLFSSL_API int  wc_InitRng(WC_RNG*);
+WOLFSSL_API int  wc_InitRng(WC_RNG* rng);
 WOLFSSL_API int  wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
 WOLFSSL_API int  wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
 WOLFSSL_API int  wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
                                     void* heap, int devId);
-WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
-WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG*, byte*);
-WOLFSSL_API int  wc_FreeRng(WC_RNG*);
+WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
+WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
+WOLFSSL_API int  wc_FreeRng(WC_RNG* rng);
 #else
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #define wc_InitRng(rng) NOT_COMPILED_IN

wolfssl/wolfcrypt/ripemd.h

@@ -54,9 +54,9 @@ typedef struct RipeMd {
 } RipeMd;
 
 
-WOLFSSL_API int wc_InitRipeMd(RipeMd*);
-WOLFSSL_API int wc_RipeMdUpdate(RipeMd*, const byte*, word32);
-WOLFSSL_API int wc_RipeMdFinal(RipeMd*, byte*);
+WOLFSSL_API int wc_InitRipeMd(RipeMd* ripemd);
+WOLFSSL_API int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len);
+WOLFSSL_API int wc_RipeMdFinal(RipeMd* ripemd, byte* hash);
 
 
 #ifdef __cplusplus

wolfssl/wolfcrypt/rsa.h

@@ -303,14 +303,14 @@ WOLFSSL_API int  wc_RsaEncryptSize(const RsaKey* key);
         (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
 /* to avoid asn duplicate symbols @wc_fips */
 WOLFSSL_API int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
+                                        RsaKey* key, word32 inSz);
 WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
+                                       RsaKey* key, word32 inSz);
 WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
                                         const byte* e, word32 eSz, RsaKey* key);
 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
         defined(WOLFSSL_KCAPI_RSA)
-    WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
+    WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
 #endif
 
 #ifdef WC_RSA_BLINDING
@@ -358,8 +358,8 @@ WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
-                                                                       word32*);
+WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz,
+                                        byte* n, word32* nSz);
 WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
                                 byte* e, word32* eSz,
                                 byte* n, word32* nSz,

wolfssl/wolfcrypt/settings.h

@@ -239,7 +239,7 @@
     #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
 #endif
 
-#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) ((major * 256) + minor)
+#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) (((major) * 256) + (minor))
 #if !defined(HAVE_FIPS)
     #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(0,0)
 #elif !defined(HAVE_FIPS_VERSION)

wolfssl/wolfcrypt/sha.h

@@ -168,17 +168,17 @@ struct wc_Sha {
 
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int wc_InitSha(wc_Sha*);
+WOLFSSL_API int wc_InitSha(wc_Sha* sha);
 WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId);
-WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32);
-WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*);
-WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*);
-WOLFSSL_API void wc_ShaFree(wc_Sha*);
+WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_ShaFinalRaw(wc_Sha* sha, byte* hash);
+WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, byte* hash);
+WOLFSSL_API void wc_ShaFree(wc_Sha* sha);
 
-WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
-WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
+WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, byte* hash);
+WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst);
 #if defined(OPENSSL_EXTRA)
-WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
+WOLFSSL_API int wc_ShaTransform(wc_Sha* sha, const unsigned char* data);
 #endif
 
 #ifdef WOLFSSL_PIC32MZ_HASH

wolfssl/wolfcrypt/sha256.h

@@ -220,20 +220,20 @@ struct wc_Sha256 {
 
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int wc_InitSha256(wc_Sha256*);
-WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int);
-WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
-WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
-WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
+WOLFSSL_API int wc_InitSha256(wc_Sha256* sha);
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId);
+WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash);
+WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
+WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256);
 #if defined(OPENSSL_EXTRA)
-WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*);
+WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data);
 #endif
-WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
 
 #ifdef WOLFSSL_PIC32MZ_HASH
-WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
+WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len);
 #endif
 
 #ifdef WOLFSSL_HASH_FLAGS
@@ -272,13 +272,13 @@ enum {
 #endif
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int wc_InitSha224(wc_Sha224*);
-WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int);
-WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32);
-WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*);
-WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
+WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224);
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId);
+WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, byte* hash);
+WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224);
 
-WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash);
 WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
 
 #ifdef WOLFSSL_HASH_FLAGS

wolfssl/wolfcrypt/sha3.h

@@ -129,39 +129,39 @@ typedef wc_Sha3 wc_Shake;
 #endif
 
 
-WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int);
-WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3*, const byte*, word32);
-WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3*, byte*);
-WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3*);
-WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId);
+WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3* sha3, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash);
+WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3* sha3);
+WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3* sha3, byte* hash);
 WOLFSSL_API int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst);
 
-WOLFSSL_API int wc_InitSha3_256(wc_Sha3*, void*, int);
-WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3*, const byte*, word32);
-WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3*, byte*);
-WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3*);
-WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_InitSha3_256(wc_Sha3* sha3, void* heap, int devId);
+WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3* sha3, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash);
+WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3* sha3);
+WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3* sha3, byte* hash);
 WOLFSSL_API int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst);
 
-WOLFSSL_API int wc_InitSha3_384(wc_Sha3*, void*, int);
-WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3*, const byte*, word32);
-WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3*, byte*);
-WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3*);
-WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_InitSha3_384(wc_Sha3* sha3, void* heap, int devId);
+WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3* sha3, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash);
+WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3* sha3);
+WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3* sha3, byte* hash);
 WOLFSSL_API int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst);
 
-WOLFSSL_API int wc_InitSha3_512(wc_Sha3*, void*, int);
-WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3*, const byte*, word32);
-WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3*, byte*);
-WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*);
-WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_InitSha3_512(wc_Sha3* sha3, void* heap, int devId);
+WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3* sha3, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash);
+WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3* sha3);
+WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash);
 WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst);
 
 #ifndef WOLFSSL_NO_SHAKE256
-WOLFSSL_API int wc_InitShake256(wc_Shake*, void*, int);
-WOLFSSL_API int wc_Shake256_Update(wc_Shake*, const byte*, word32);
-WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32);
-WOLFSSL_API void wc_Shake256_Free(wc_Shake*);
+WOLFSSL_API int wc_InitShake256(wc_Shake* shake, void* heap, int devId);
+WOLFSSL_API int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len);
+WOLFSSL_API int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen);
+WOLFSSL_API void wc_Shake256_Free(wc_Shake* shake);
 WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
 #endif
 

wolfssl/wolfcrypt/sha512.h

@@ -205,14 +205,14 @@ struct wc_Sha512 {
 #ifdef WOLFSSL_SHA512
 
 
-WOLFSSL_API int wc_InitSha512(wc_Sha512*);
-WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int);
-WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32);
-WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*);
-WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*);
-WOLFSSL_API void wc_Sha512Free(wc_Sha512*);
-
-WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*);
+WOLFSSL_API int wc_InitSha512(wc_Sha512* sha);
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId);
+WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha);
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash);
 WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
 
 #ifdef WOLFSSL_HASH_FLAGS
@@ -225,13 +225,13 @@ WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
 #endif
 
 #if !defined(WOLFSSL_NOSHA512_224)
-WOLFSSL_API int wc_InitSha512_224(wc_Sha512*);
-WOLFSSL_API int wc_InitSha512_224_ex(wc_Sha512*, void*, int);
-WOLFSSL_API int wc_Sha512_224Update(wc_Sha512*, const byte*, word32);
-WOLFSSL_API int wc_Sha512_224FinalRaw(wc_Sha512*, byte*);
-WOLFSSL_API int wc_Sha512_224Final(wc_Sha512*, byte*);
-WOLFSSL_API void wc_Sha512_224Free(wc_Sha512*);
-WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512*, byte*);
+WOLFSSL_API int wc_InitSha512_224(wc_Sha512* sha);
+WOLFSSL_API int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devId);
+WOLFSSL_API int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API void wc_Sha512_224Free(wc_Sha512* sha);
+WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash);
 WOLFSSL_API int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst);
 #ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags);
@@ -245,13 +245,13 @@ WOLFSSL_API int wc_Sha512_224Transform(wc_Sha512* sha,
 #endif /* !WOLFSSL_NOSHA512_224 */
 
 #if !defined(WOLFSSL_NOSHA512_256)
-WOLFSSL_API int wc_InitSha512_256(wc_Sha512*);
-WOLFSSL_API int wc_InitSha512_256_ex(wc_Sha512*, void*, int);
-WOLFSSL_API int wc_Sha512_256Update(wc_Sha512*, const byte*, word32);
-WOLFSSL_API int wc_Sha512_256FinalRaw(wc_Sha512*, byte*);
-WOLFSSL_API int wc_Sha512_256Final(wc_Sha512*, byte*);
-WOLFSSL_API void wc_Sha512_256Free(wc_Sha512*);
-WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512*, byte*);
+WOLFSSL_API int wc_InitSha512_256(wc_Sha512* sha);
+WOLFSSL_API int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devId);
+WOLFSSL_API int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash);
+WOLFSSL_API void wc_Sha512_256Free(wc_Sha512* sha);
+WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash);
 WOLFSSL_API int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst);
 #ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags);
@@ -300,14 +300,14 @@ enum {
 #endif
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int wc_InitSha384(wc_Sha384*);
-WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int);
-WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32);
-WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*);
-WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*);
-WOLFSSL_API void wc_Sha384Free(wc_Sha384*);
+WOLFSSL_API int wc_InitSha384(wc_Sha384* sha);
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId);
+WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len);
+WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash);
+WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, byte* hash);
+WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha);
 
-WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*);
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash);
 WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
 
 #ifdef WOLFSSL_HASH_FLAGS

wolfssl/wolfcrypt/sp_int.h

@@ -639,9 +639,9 @@ typedef struct sp_ecc_ctx {
 #define sp_clamp(a)                                               \
     do {                                                          \
         int ii;                                                   \
-        for (ii = a->used - 1; ii >= 0 && a->dp[ii] == 0; ii--) { \
+        for (ii = (a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
         }                                                         \
-        a->used = ii + 1;                                         \
+        (a)->used = ii + 1;                                       \
     } while (0)
 
 /* Check the compiled and linked math implementation are the same.
@@ -691,21 +691,21 @@ typedef struct sp_ecc_ctx {
 /** Result of comparison is they are equal. */
 #define MP_EQ    0
 /** Result of comparison is that the first number is less than second. */
-#define MP_LT    -1
+#define MP_LT    (-1)
 
 /* ERROR VALUES */
 /** Error value on success. */
 #define MP_OKAY          0
 /** Error value when dynamic memory allocation fails. */
-#define MP_MEM          -2
+#define MP_MEM          (-2)
 /** Error value when value passed is not able to be used. */
-#define MP_VAL          -3
+#define MP_VAL          (-3)
 /** Error value when non-blocking operation is returning after partial
  * completion.
  */
-#define FP_WOULDBLOCK   -4
+#define FP_WOULDBLOCK   (-4)
 /* Unused error. Defined for backward compatability. */
-#define MP_NOT_INF      -5
+#define MP_NOT_INF      (-5)
 /* Unused error. Defined for backward compatability. */
 #define MP_RANGE        MP_NOT_INF
 
@@ -817,7 +817,7 @@ MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem);
 #endif
 #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \
     defined(HAVE_COMP_KEY))
-MP_API int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r);
+MP_API int sp_mod_d(sp_int* a, sp_int_digit d, sp_int_digit* r);
 #endif
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
 MP_API int sp_div_2_mod_ct (sp_int* a, sp_int* b, sp_int* c);
@@ -910,7 +910,7 @@ WOLFSSL_API word32 CheckRunTimeFastMath(void);
 #define mp_mul_2(a, r)                      sp_mul_2d(a, 1, r)
 #define mp_div_3(a, r, rem)                 sp_div_d(a, 3, r, rem)
 #define mp_rshb(A,x)                        sp_rshb(A,x,A)
-#define mp_is_bit_set(a,b)                  sp_is_bit_set(a,(unsigned int)b)
+#define mp_is_bit_set(a,b)                  sp_is_bit_set(a,(unsigned int)(b))
 #define mp_montgomery_reduce                sp_mont_red
 #define mp_montgomery_setup                 sp_mont_setup
 #define mp_montgomery_calc_normalization    sp_mont_norm

wolfssl/wolfcrypt/tfm.h

@@ -303,13 +303,13 @@
 
 /* return codes */
 #define FP_OKAY      0
-#define FP_VAL      -1
-#define FP_MEM      -2
-#define FP_NOT_INF  -3
-#define FP_WOULDBLOCK -4
+#define FP_VAL      (-1)
+#define FP_MEM      (-2)
+#define FP_NOT_INF  (-3)
+#define FP_WOULDBLOCK (-4)
 
 /* equalities */
-#define FP_LT        -1   /* less than */
+#define FP_LT        (-1)   /* less than */
 #define FP_EQ         0   /* equal to */
 #define FP_GT         1   /* greater than */
 
@@ -445,8 +445,8 @@ MP_API void fp_free(fp_int* a);
     (((a)->used > 0  && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
 #define fp_isneg(a)  (((a)->sign != FP_ZPOS) ? FP_YES : FP_NO)
 #define fp_isword(a, w) \
-    (((((a)->used == 1) && ((a)->dp[0] == w)) || \
-                               ((w == 0) && ((a)->used == 0))) ? FP_YES : FP_NO)
+    (((((a)->used == 1) && ((a)->dp[0] == (w))) || \
+                               (((w) == 0) && ((a)->used == 0))) ? FP_YES : FP_NO)
 
 /* set to a small digit */
 void fp_set(fp_int *a, fp_digit b);

wolfssl/wolfcrypt/types.h

@@ -506,19 +506,19 @@ decouple library dependencies with standard string, memory and so on.
     #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK)
         #define WC_DECLARE_VAR_IS_HEAP_ALLOC
         #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
+            VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
         #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
             VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
             int idx##VAR_NAME, inner_idx_##VAR_NAME; \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
                     for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \
-                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
                     } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
-                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
+                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
                     } \
                     break; \
                 } \
@@ -526,8 +526,8 @@ decouple library dependencies with standard string, memory and so on.
         #define WC_FREE_VAR(VAR_NAME, HEAP) \
             XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
         #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                XFREE(VAR_NAME[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
             }
 
         #define WC_DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
@@ -548,22 +548,22 @@ decouple library dependencies with standard string, memory and so on.
             VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
             int idx##VAR_NAME, inner_idx_##VAR_NAME;
         #define WC_DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
-                if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
                     for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
-                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
+                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
                     } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
-                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
+                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
                     } \
                     break; \
                 } \
             }
         #define WC_FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                XFREE(VAR_NAME[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
             }
     #endif
 
@@ -1073,7 +1073,7 @@ decouple library dependencies with standard string, memory and so on.
     #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
 
     /* invalid device id */
-    #define INVALID_DEVID    -2
+    #define INVALID_DEVID    (-2)
 
 
     /* AESNI requires alignment and ARMASM gains some performance from it
@@ -1335,6 +1335,15 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
 
+    #ifdef _MSC_VER
+        /* disable buggy MSC warning (incompatible with clang-tidy
+         * readability-avoid-const-params-in-decls)
+         * "warning C4028: formal parameter x different from declaration"
+         */
+        #pragma warning(disable: 4028)
+    #endif
+
+
     #ifdef __cplusplus
         }   /* extern "C" */
     #endif

wolfssl/wolfcrypt/wc_port.h

@@ -298,11 +298,11 @@
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 /* Mutex functions */
-WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex*);
+WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m);
 WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
-WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex*);
-WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex*);
-WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex*);
+WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex* m);
+WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex* m);
+WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex* m);
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
 /* dynamically set which mutex to use. unlock / lock is controlled by flag */
 typedef void (mutex_cb)(int flag, int type, const char* file, int line);
@@ -624,13 +624,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
         char name[MAX_FILENAME_SZ];
     } ReadDirCtx;
 
-    #define WC_READDIR_NOFILE -1
+    #define WC_READDIR_NOFILE (-1)
 
     WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
     WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
     WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
 #endif /* !NO_WOLFSSL_DIR */
-    #define WC_ISFILEEXIST_NOFILE -1
+    #define WC_ISFILEEXIST_NOFILE (-1)
 
     WOLFSSL_API int wc_FileExists(const char* fname);
 

wolfssl/wolfio.h

@@ -349,7 +349,7 @@
 #else
     typedef int SOCKET_T;
     #ifndef SOCKET_INVALID
-        #define SOCKET_INVALID -1
+        #define SOCKET_INVALID (-1)
     #endif
 #endif
 
@@ -436,13 +436,14 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
     #ifdef WOLFSSL_DTLS
-        WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
-        WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-        WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
-                                           int sz, void*);
+        WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz,
+                                         void *ctx);
+        WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+        WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz,
+                                            void *ctx);
         #ifdef WOLFSSL_MULTICAST
-            WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl,
-                                                  char* buf, int sz, void*);
+            WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf,
+                                                  int sz, void *ctx);
         #endif /* WOLFSSL_MULTICAST */
     #endif /* WOLFSSL_DTLS */
 #endif /* USE_WOLFSSL_IO */
@@ -454,9 +455,9 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         void* heap);
 
-    WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
-                                   int, unsigned char**);
-    WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
+    WOLFSSL_API int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
+                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf);
+    WOLFSSL_API void EmbedOcspRespFree(void* ctx, byte *resp);
 #endif
 
 #ifdef HAVE_CRL_IO
@@ -489,10 +490,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 /* I/O callbacks */
 typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
 typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
-WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
-WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL*, CallbackIORecv);
-WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL*, CallbackIOSend);
+WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv);
+WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend);
+WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv);
+WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend);
 /* deprecated old name */
 #define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv
 #define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend
@@ -694,7 +695,8 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 #ifdef WOLFSSL_DTLS
     typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
                                      void* ctx);
-    WOLFSSL_API void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
+    WOLFSSL_API void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx,
+                                               CallbackGenCookie cb);
     WOLFSSL_API void  wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
     WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);