2
0

wolfssl.ads 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631
  1. -- wolfssl.ads
  2. --
  3. -- Copyright (C) 2006-2023 wolfSSL Inc.
  4. --
  5. -- This file is part of wolfSSL.
  6. --
  7. -- wolfSSL is free software; you can redistribute it and/or modify
  8. -- it under the terms of the GNU General Public License as published by
  9. -- the Free Software Foundation; either version 2 of the License, or
  10. -- (at your option) any later version.
  11. --
  12. -- wolfSSL is distributed in the hope that it will be useful,
  13. -- but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. -- GNU General Public License for more details.
  16. --
  17. -- You should have received a copy of the GNU General Public License
  18. -- along with this program; if not, write to the Free Software
  19. -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. --
  21. with GNAT.Sockets;
  22. with Interfaces.C;
  23. -- This package is annotated "with SPARK_Mode" that SPARK can verify
  24. -- the API of this package is used correctly.
  25. package WolfSSL with SPARK_Mode is
  26. type Subprogram_Result is new Integer;
  27. Success : constant Subprogram_Result;
  28. Failure : constant Subprogram_Result;
  29. function Initialize return Subprogram_Result;
  30. -- Initializes the wolfSSL library for use. Must be called once per
  31. -- application and before any other call to the library.
  32. function Finalize return Subprogram_Result;
  33. -- Un-initializes the wolfSSL library from further use.
  34. -- Doesn't have to be called, though it will free any resources
  35. -- used by the library.
  36. subtype char_array is Interfaces.C.char_array; -- Remove?
  37. subtype Byte_Type is Interfaces.C.char;
  38. subtype Byte_Index is Interfaces.C.size_t range 0 .. 16_000;
  39. subtype Byte_Array is Interfaces.C.char_array;
  40. type Context_Type is limited private;
  41. -- Instances of this type are called SSL Contexts.
  42. function Is_Valid (Context : Context_Type) return Boolean;
  43. -- Indicates if the SSL Context has successfully been initialized.
  44. -- If initialized, the SSL Context has allocated resources
  45. -- that needs to be deallocated before application exit.
  46. type Method_Type is limited private;
  47. function TLSv1_2_Server_Method return Method_Type;
  48. -- This function is used to indicate that the application is a server
  49. -- and will only support the TLS 1.2 protocol.
  50. function TLSv1_2_Client_Method return Method_Type;
  51. -- This function is used to indicate that the application is a client
  52. -- and will only support the TLS 1.2 protocol.
  53. function TLSv1_3_Server_Method return Method_Type;
  54. -- This function is used to indicate that the application is a server
  55. -- and will only support the TLS 1.3 protocol.
  56. function TLSv1_3_Client_Method return Method_Type;
  57. -- This function is used to indicate that the application is a client
  58. -- and will only support the TLS 1.3 protocol.
  59. function DTLSv1_2_Server_Method return Method_Type;
  60. -- This function is used to indicate that the application is a server
  61. -- and will only support the DTLS 1.2 protocol.
  62. function DTLSv1_2_Client_Method return Method_Type;
  63. -- This function is used to indicate that the application is a client
  64. -- and will only support the DTLS 1.2 protocol.
  65. function DTLSv1_3_Server_Method return Method_Type;
  66. -- This function is used to indicate that the application is a server
  67. -- and will only support the DTLS 1.3 protocol.
  68. function DTLSv1_3_Client_Method return Method_Type;
  69. -- This function is used to indicate that the application is a client
  70. -- and will only support the DTLS 1.3 protocol.
  71. procedure Create_Context (Method : Method_Type;
  72. Context : out Context_Type);
  73. -- This function creates a new SSL context, taking a desired SSL/TLS
  74. -- protocol method for input.
  75. -- If successful Is_Valid (Context) = True, otherwise False.
  76. procedure Free (Context : in out Context_Type) with
  77. Pre => Is_Valid (Context),
  78. Post => not Is_Valid (Context);
  79. -- This function frees an allocated SSL Context object.
  80. type Mode_Type is private;
  81. function "&" (Left, Right : Mode_Type) return Mode_Type;
  82. Verify_None : constant Mode_Type;
  83. -- Client mode: the client will not verify the certificate received
  84. -- from the server and the handshake will continue as normal.
  85. --
  86. -- Server mode: the server will not send a certificate request to
  87. -- the client. As such, client verification will not be enabled.
  88. Verify_Peer : constant Mode_Type;
  89. -- Client mode: the client will verify the certificate received from
  90. -- the server during the handshake. This is turned on by default
  91. -- in wolfSSL, therefore, using this option has no effect.
  92. --
  93. -- Server mode: the server will send a certificate request to
  94. -- the client and verify the client certificate received.
  95. Verify_Fail_If_No_Peer_Cert : constant Mode_Type;
  96. -- Client mode: no effect when used on the client side.
  97. --
  98. -- Server mode: the verification will fail on the server side if
  99. -- the client fails to send a certificate when requested to do so
  100. -- (when using Verify_Peer on the SSL server).
  101. Verify_Client_Once : constant Mode_Type;
  102. Verify_Post_Handshake : constant Mode_Type;
  103. Verify_Fail_Except_Psk : constant Mode_Type;
  104. -- Client mode: no effect when used on the client side.
  105. --
  106. -- Server mode: the verification is the same as
  107. -- Verify_Fail_If_No_Peer_Cert except in the case of a PSK connection.
  108. -- If a PSK connection is being made then the connection
  109. -- will go through without a peer cert.
  110. Verify_Default : constant Mode_Type;
  111. procedure Set_Verify (Context : Context_Type;
  112. Mode : Mode_Type) with
  113. Pre => Is_Valid (Context);
  114. -- This function sets the verification method for remote peers
  115. type File_Format is private;
  116. Format_Asn1 : constant File_Format;
  117. Format_Pem : constant File_Format;
  118. Format_Default : constant File_Format;
  119. function Use_Certificate_File (Context : Context_Type;
  120. File : String;
  121. Format : File_Format)
  122. return Subprogram_Result with
  123. Pre => Is_Valid (Context);
  124. -- This function loads a certificate file into the SSL context.
  125. -- The file is provided by the file argument. The format argument
  126. -- specifies the format type of the file, either ASN1 or
  127. -- PEM file types. Please see the examples for proper usage.
  128. function Use_Certificate_Buffer (Context : Context_Type;
  129. Input : char_array;
  130. Format : File_Format)
  131. return Subprogram_Result with
  132. Pre => Is_Valid (Context);
  133. -- This function loads a certificate buffer into the SSL Context.
  134. -- It behaves like the non-buffered version (Use_Certificate_File),
  135. -- only differing in its ability to be called with a buffer as input
  136. -- instead of a file. The buffer is provided by the Input argument.
  137. -- Format specifies the format type of the buffer; ASN1 or PEM.
  138. -- Please see the examples for proper usage.
  139. function Use_Private_Key_File (Context : Context_Type;
  140. File : String;
  141. Format : File_Format)
  142. return Subprogram_Result with
  143. Pre => Is_Valid (Context);
  144. -- This function loads a private key file into the SSL context.
  145. -- The file is provided by the File argument. The Format argument
  146. -- specifies the format type of the file - ASN1 or PEM.
  147. -- Please see the examples for proper usage.
  148. function Use_Private_Key_Buffer (Context : Context_Type;
  149. Input : Byte_Array;
  150. Format : File_Format)
  151. return Subprogram_Result with
  152. Pre => Is_Valid (Context);
  153. -- This function loads a private key buffer into the SSL Context.
  154. -- It behaves like the non-buffered version (Use_Private_Key_File),
  155. -- only differing in its ability to be called with a buffer as input
  156. -- instead of a file. The buffer is provided by the Input argument.
  157. -- Format specifies the format type of the buffer; ASN1 or PEM.
  158. -- Please see the examples for proper usage.
  159. function Load_Verify_Locations (Context : Context_Type;
  160. File : String;
  161. Path : String)
  162. return Subprogram_Result with
  163. Pre => Is_Valid (Context);
  164. -- This function loads PEM-formatted CA certificate files into
  165. -- the SSL context. These certificates will be treated as trusted
  166. -- root certificates and used to verify certs received from peers
  167. -- during the SSL handshake. The root certificate file,
  168. -- provided by the File argument, may be a single certificate or
  169. -- a file containing multiple certificates. If multiple CA certs
  170. -- are included in the same file, wolfSSL will load them in the same
  171. -- order they are presented in the file. The path argument is
  172. -- a pointer to the name of a directory that contains certificates
  173. -- of trusted root CAs. If the value of File is not empty "",
  174. -- path may be specified as "" if not needed. If path is specified
  175. -- and NO_WOLFSSL_DIR was not defined when building the library,
  176. -- wolfSSL will load all CA certificates located in the given
  177. -- directory. This function will attempt to load all files in
  178. -- the directory. This function expects PEM formatted CERT_TYPE file
  179. -- with header "--BEGIN CERTIFICATE--".
  180. function Load_Verify_Buffer (Context : Context_Type;
  181. Input : Byte_Array;
  182. Format : File_Format)
  183. return Subprogram_Result with
  184. Pre => Is_Valid (Context);
  185. -- This function loads a CA certificate buffer into the SSL
  186. -- Context. It behaves like the non-buffered version, only differing
  187. -- in its ability to be called with a buffer as input instead of
  188. -- a file. The buffer is provided by the Input argument.
  189. -- Format specifies the format type of the buffer; ASN1 or PEM.
  190. -- More than one CA certificate may be loaded
  191. -- per buffer as long as the format is in PEM.
  192. -- Please see the examples for proper usage.
  193. type WolfSSL_Type is limited private;
  194. -- Instances of this type are called SSL Sessions.
  195. function Is_Valid (Ssl : WolfSSL_Type) return Boolean;
  196. -- Indicates if the SSL Session has successfully been initialized.
  197. -- If initialized, the SSL Session has allocated resources
  198. -- that needs to be deallocated before application exit.
  199. procedure Create_WolfSSL (Context : Context_Type;
  200. Ssl : out WolfSSL_Type) with
  201. Pre => Is_Valid (Context);
  202. -- This function creates a new SSL session, taking an already created
  203. -- SSL context as input.
  204. -- If successful Is_Valid (Ssl) = True, otherwise False.
  205. function Use_Certificate_File (Ssl : WolfSSL_Type;
  206. File : String;
  207. Format : File_Format)
  208. return Subprogram_Result with
  209. Pre => Is_Valid (Ssl);
  210. -- This function loads a certificate file into the SSL session.
  211. -- The certificate file is provided by the file argument.
  212. -- The format argument specifies the format type of the file
  213. -- either ASN1 or PEM.
  214. function Use_Certificate_Buffer (Ssl : WolfSSL_Type;
  215. Input : char_array;
  216. Format : File_Format)
  217. return Subprogram_Result with
  218. Pre => Is_Valid (Ssl);
  219. -- This function loads a certificate buffer into the SSL session
  220. -- object. It behaves like the non-buffered version, only differing
  221. -- in its ability to be called with a buffer as input instead
  222. -- of a file. The buffer is provided by the Input argument.
  223. -- Format specifies the format type of the buffer; ASN1 or PEM.
  224. -- Please see the examples for proper usage.
  225. function Use_Private_Key_File (Ssl : WolfSSL_Type;
  226. File : String;
  227. Format : File_Format)
  228. return Subprogram_Result with
  229. Pre => Is_Valid (Ssl);
  230. -- This function loads a private key file into the SSL session.
  231. -- The key file is provided by the File argument. The Format argument
  232. -- specifies the format type of the file - ASN1 or PEM.
  233. function Use_Private_Key_Buffer (Ssl : WolfSSL_Type;
  234. Input : Byte_Array;
  235. Format : File_Format)
  236. return Subprogram_Result with
  237. Pre => Is_Valid (Ssl);
  238. -- This function loads a private key buffer into the SSL session
  239. -- object. It behaves like the non-buffered version, only differing
  240. -- in its ability to be called with a buffer as input instead
  241. -- of a file. The buffer is provided by the Input argument.
  242. -- Format specifies the format type of the buffer; ASN1 or PEM.
  243. -- Please see the examples for proper usage.
  244. function DTLS_Set_Peer
  245. (Ssl : WolfSSL_Type;
  246. Address : GNAT.Sockets.Sock_Addr_Type)
  247. return Subprogram_Result with
  248. Pre => Is_Valid (Ssl);
  249. -- This function wraps the corresponding WolfSSL C function to allow
  250. -- clients to use Ada socket types when implementing a DTLS client.
  251. function Attach (Ssl : WolfSSL_Type;
  252. Socket : Integer)
  253. return Subprogram_Result with
  254. Pre => Is_Valid (Ssl);
  255. -- Attach wolfSSL to the socket.
  256. --
  257. -- This function assigns a file descriptor (Socket) as
  258. -- the input/output facility for the SSL connection.
  259. -- Typically this will be a socket file descriptor.
  260. procedure Keep_Arrays (Ssl : WolfSSL_Type) with
  261. Pre => Is_Valid (Ssl);
  262. -- Normally, at the end of the SSL handshake, wolfSSL frees
  263. -- temporary arrays. Calling this function before the handshake
  264. -- begins will prevent wolfSSL from freeing temporary arrays.
  265. -- Temporary arrays may be needed for things such as
  266. -- wolfSSL_get_keys() or PSK hints. When the user is done with
  267. -- temporary arrays, either Free_Arrays(..) may be called to free
  268. -- the resources immediately, or alternatively the resources will
  269. -- be freed when the associated SSL object is freed.
  270. procedure Free_Arrays (Ssl : WolfSSL_Type) with
  271. Pre => Is_Valid (Ssl);
  272. -- Normally, at the end of the SSL handshake, wolfSSL frees temporary
  273. -- arrays. If Keep_Arrays(..) has been called before the handshake,
  274. -- wolfSSL will not free temporary arrays. This function explicitly
  275. -- frees temporary arrays and should be called when the user is done
  276. -- with temporary arrays and does not want to wait for the SSL object
  277. -- to be freed to free these resources.
  278. function Accept_Connection (Ssl : WolfSSL_Type)
  279. return Subprogram_Result with
  280. Pre => Is_Valid (Ssl);
  281. -- The name of this function is not Accept (..) because the word
  282. -- "accept" is a reserved keyword in the Ada language.
  283. --
  284. -- This function is called on the server side and waits for an
  285. -- SSL client to initiate the SSL/TLS handshake. When this function
  286. -- is called, the underlying communication channel has already been
  287. -- set up. This function works with both blocking and
  288. -- non-blocking I/O. When the underlying I/O is non-blocking,
  289. -- Accept_Connection (..) will return when the underlying I/O could
  290. -- not satisfy the needs of Accept_Connection (..) to continue
  291. -- the handshake. In this case, a call to Get_Error(..) will
  292. -- yield either Error_Want_Read or Error_Want_Write.
  293. -- The calling process must then repeat the call to
  294. -- Accept_Connection (..) when data is available to read and
  295. -- wolfSSL will pick up where it left off. When using a
  296. -- non_blocking socket, nothing needs to be done, but select() can
  297. -- be used to check for the required condition.
  298. -- If the underlying I/O is blocking, Accept_Connection (..) will
  299. -- only return once the handshake has been finished or
  300. -- an error occurred.
  301. -- This record type has discriminants with default values to be able
  302. -- to compile this code under the restriction No Secondary Stack.
  303. type Read_Result (Success : Boolean := False;
  304. Last : Byte_Index := Byte_Index'Last) is record
  305. case Success is
  306. when True => Buffer : Byte_Array (1 .. Last);
  307. when False => Code : Subprogram_Result; -- Error code
  308. end case;
  309. end record;
  310. function Read (Ssl : WolfSSL_Type) return Read_Result with
  311. Pre => Is_Valid (Ssl);
  312. -- This function reads a number of bytes from the SSL session (ssl)
  313. -- internal read buffer into the buffer data. The bytes read are
  314. -- removed from the internal receive buffer.
  315. -- If necessary Read(..) will negotiate an SSL/TLS session
  316. -- if the handshake has not already
  317. -- been performed yet by Connect(..) or Accept_Connection (..).
  318. -- The SSL/TLS protocol uses SSL records which have a maximum size
  319. -- of 16kB (the max record size can be controlled by the
  320. -- MAX_RECORD_SIZE define in /wolfssl/internal.h). As such, wolfSSL
  321. -- needs to read an entire SSL record internally before it is able
  322. -- to process and decrypt the record. Because of this, a call to
  323. -- Read(..) will only be able to return the maximum buffer
  324. -- size which has been decrypted at the time of calling. There may
  325. -- be additional not-yet-decrypted data waiting in the internal
  326. -- wolfSSL receive buffer which will be retrieved and decrypted with
  327. -- the next call to Read(..).
  328. -- This record type has discriminants with default values to be able
  329. -- to compile this code under the restriction No Secondary Stack.
  330. type Write_Result (Success : Boolean := False) is record
  331. case Success is
  332. when True => Bytes_Written : Byte_Index;
  333. when False => Code : Subprogram_Result; -- Error code
  334. end case;
  335. end record;
  336. function Write (Ssl : WolfSSL_Type;
  337. Data : Byte_Array) return Write_Result with
  338. Pre => Is_Valid (Ssl);
  339. -- The number of bytes written is returned.
  340. -- This function writes bytes from the buffer, Data,
  341. -- to the SSL connection, ssl. If necessary, Write(..) will
  342. -- negotiate an SSL/TLS session if the handshake has not already
  343. -- been performed yet by Connect(..) or Accept_Connection(..).
  344. -- Write(..) works with both blocking and non-blocking I/O.
  345. -- When the underlying I/O is non-blocking, Write(..) will return
  346. -- when the underlying I/O could not satisfy the needs of Write(..)
  347. -- to continue. In this case, a call to Get_Error(..) will
  348. -- yield either Error_Want_Read or Error_Want_Write.
  349. -- The calling process must then repeat the call to Write(..)
  350. -- when the underlying I/O is ready. If the underlying I/O is
  351. -- blocking, Write(..) will only return once the buffer data
  352. -- has been completely written or an error occurred.
  353. function Shutdown (Ssl : WolfSSL_Type) return Subprogram_Result with
  354. Pre => Is_Valid (Ssl);
  355. -- This function shuts down an active SSL/TLS connection using
  356. -- the SSL session, ssl. This function will try to send a
  357. -- "close notify" alert to the peer. The calling application can
  358. -- choose to wait for the peer to send its "close notify" alert
  359. -- in response or just go ahead and shut down the underlying
  360. -- connection after directly calling wolfSSL_shutdown (to save
  361. -- resources). Either option is allowed by the TLS specification.
  362. -- If the underlying connection will be used again in the future,
  363. -- the complete two_directional shutdown procedure must be performed
  364. -- to keep synchronization intact between the peers.
  365. -- Shutdown(..) works with both blocking and non_blocking I/O.
  366. -- When the underlying I/O is non_blocking, Shutdown(..) will
  367. -- return an error if the underlying I/O could not satisfy the needs
  368. -- of Shutdown(..) to continue. In this case, a call to
  369. -- Get_Error(..) will yield either Error_Want_Read or
  370. -- Error_Want_Write. The calling process must then repeat
  371. -- the call to Shutdown() when the underlying I/O is ready.
  372. procedure Free (Ssl : in out WolfSSL_Type) with
  373. Pre => Is_Valid (Ssl),
  374. Post => not Is_Valid (Ssl);
  375. -- Frees the resources allocated by the SSL session object.
  376. function Connect (Ssl : WolfSSL_Type) return Subprogram_Result with
  377. Pre => Is_Valid (Ssl);
  378. -- This function is called on the client side and initiates
  379. -- an SSL/TLS handshake with a server. When this function is called,
  380. -- the underlying communication channel has already been set up.
  381. -- Connect(..) works with both blocking and non_blocking I/O.
  382. -- When the underlying I/O is non_blocking, Connect(..) will
  383. -- return when the underlying I/O could not satisfy the needs
  384. -- of wolfSSL_connect to continue the handshake. In this case,
  385. -- a call to Get_Error(..) will yield either
  386. -- Error_Want_Read or SSL_ERROR_WANT_WRITE. The calling process
  387. -- must then repeat the call to Connect(..) when
  388. -- the underlying I/O is ready and wolfSSL will pick up where
  389. -- it left off. When using a non_blocking socket, nothing needs
  390. -- to be done, but select() can be used to check for the required
  391. -- condition. If the underlying I/O is blocking, Connect(..)
  392. -- will only return once the handshake has been finished or an error
  393. -- occurred. wolfSSL takes a different approach to certificate
  394. -- verification than OpenSSL does. The default policy for the client
  395. -- is to verify the server, this means that if you don't load CAs
  396. -- to verify the server you'll get a connect error,
  397. -- unable to verify. It you want to mimic OpenSSL behavior
  398. -- of having SSL_connect succeed even if verifying the server fails
  399. -- and reducing security you can do this by calling:
  400. -- Set_Verify (Ctx, Verify_None, 0); before calling
  401. -- Create_WolfSSL(...); Though it's not recommended.
  402. type Error_Code is new Integer;
  403. Error_Want_Read : constant Error_Code;
  404. Error_Want_Write : constant Error_Code;
  405. function Get_Error (Ssl : WolfSSL_Type;
  406. Result : Subprogram_Result) return Error_Code;
  407. -- This function returns a unique error code describing why
  408. -- the previous API function call (Connect, Accept_Connection,
  409. -- Read, Write, etc.) resulted in an error return code.
  410. -- After Get_Error is called and returns the unique error code,
  411. -- wolfSSL_ERR_error_string() may be called to get a human readable
  412. -- error string.
  413. subtype Error_Message_Index is Natural range 0 .. 80;
  414. -- The default error message length is 80 in WolfSSL unless
  415. -- configured to another value. See the result
  416. -- of the Max_Error_Size function.
  417. type Error_Message (Last : Error_Message_Index := 0) is record
  418. Text : String (1 .. Last);
  419. end record;
  420. function Error (Code : Error_Code) return Error_Message;
  421. -- This function converts an error code returned by Get_Error(..)
  422. -- into a more human readable error string. Code is the error code
  423. -- returned by Get_error(). The maximum length of error strings is
  424. -- 80 characters by default, as defined by MAX_ERROR_SZ
  425. -- is wolfssl/wolfcrypt/error.h.
  426. function Max_Error_Size return Natural;
  427. -- Returns the value of the defined MAX_ERROR_SZ integer
  428. -- in wolfssl/wolfcrypt/error.h.
  429. private
  430. pragma SPARK_Mode (Off);
  431. subtype int is Interfaces.C.int; use type int;
  432. type Opaque_Method is limited null record;
  433. type Opaque_Context is limited null record;
  434. type Opaque_WolfSSL is limited null record;
  435. -- Access-to-object types with convention C uses the same amount of
  436. -- memory for storing pointers as is done in the C programming
  437. -- language. The following access type definitions are used in
  438. -- the Ada binding to the WolfSSL library:
  439. type Context_Type is access Opaque_Context with Convention => C;
  440. type Method_Type is access Opaque_Method with Convention => C;
  441. type WolfSSL_Type is access Opaque_WolfSSL with Convention => C;
  442. subtype Unsigned_32 is Interfaces.Unsigned_32; use type Unsigned_32;
  443. type Mode_Type is new Unsigned_32;
  444. -- The following imported subprograms are used to initialize
  445. -- the constants defined in the public part of this package
  446. -- specification. They cannot therefore be moved to the body
  447. -- of this package.
  448. function WolfSSL_Verify_None return int with
  449. Convention => C,
  450. External_Name => "get_wolfssl_verify_none",
  451. Import => True;
  452. function WolfSSL_Verify_Peer return int with
  453. Convention => C,
  454. External_Name => "get_wolfssl_verify_peer",
  455. Import => True;
  456. function WolfSSL_Verify_Fail_If_No_Peer_Cert return int with
  457. Convention => C,
  458. External_Name => "get_wolfssl_verify_fail_if_no_peer_cert",
  459. Import => True;
  460. function WolfSSL_Verify_Client_Once return int with
  461. Convention => C,
  462. External_Name => "get_wolfssl_verify_client_once",
  463. Import => True;
  464. function WolfSSL_Verify_Post_Handshake return int with
  465. Convention => C,
  466. External_Name => "get_wolfssl_verify_post_handshake",
  467. Import => True;
  468. function WolfSSL_Verify_Fail_Except_Psk return int with
  469. Convention => C,
  470. External_Name => "get_wolfssl_verify_fail_except_psk",
  471. Import => True;
  472. function WolfSSL_Verify_Default return int with
  473. Convention => C,
  474. External_Name => "get_wolfssl_verify_default",
  475. Import => True;
  476. Verify_None : constant Mode_Type := Mode_Type (WolfSSL_Verify_None);
  477. Verify_Peer : constant Mode_Type := Mode_Type (WolfSSL_Verify_Peer);
  478. Verify_Fail_If_No_Peer_Cert : constant Mode_Type :=
  479. Mode_Type (WolfSSL_Verify_Fail_If_No_Peer_Cert);
  480. Verify_Client_Once : constant Mode_Type :=
  481. Mode_Type (WolfSSL_Verify_Client_Once);
  482. Verify_Post_Handshake : constant Mode_Type :=
  483. Mode_Type (WolfSSL_Verify_Post_Handshake);
  484. Verify_Fail_Except_Psk : constant Mode_Type :=
  485. Mode_Type (WolfSSL_Verify_Fail_Except_Psk);
  486. Verify_Default : constant Mode_Type :=
  487. Mode_Type (WolfSSL_Verify_Default);
  488. type File_Format is new Unsigned_32;
  489. function WolfSSL_Filetype_Asn1 return int with
  490. Convention => C,
  491. External_Name => "get_wolfssl_filetype_asn1",
  492. Import => True;
  493. function WolfSSL_Filetype_Pem return int with
  494. Convention => C,
  495. External_Name => "get_wolfssl_filetype_pem",
  496. Import => True;
  497. function WolfSSL_Filetype_Default return int with
  498. Convention => C,
  499. External_Name => "get_wolfssl_filetype_default",
  500. Import => True;
  501. Format_Asn1 : constant File_Format :=
  502. File_Format (WolfSSL_Filetype_Asn1);
  503. Format_Pem : constant File_Format :=
  504. File_Format (WolfSSL_Filetype_Pem);
  505. Format_Default : constant File_Format :=
  506. File_Format (WolfSSL_Filetype_Default);
  507. function Get_WolfSSL_Success return int with
  508. Convention => C,
  509. External_Name => "get_wolfssl_success",
  510. Import => True;
  511. function Get_WolfSSL_Failure return int with
  512. Convention => C,
  513. External_Name => "get_wolfssl_failure",
  514. Import => True;
  515. Success : constant Subprogram_Result :=
  516. Subprogram_Result (Get_WolfSSL_Success);
  517. Failure : constant Subprogram_Result :=
  518. Subprogram_Result (Get_WolfSSL_Failure);
  519. function Get_WolfSSL_Error_Want_Read return int with
  520. Convention => C,
  521. External_Name => "get_wolfssl_error_want_read",
  522. Import => True;
  523. function Get_WolfSSL_Error_Want_Write return int with
  524. Convention => C,
  525. External_Name => "get_wolfssl_error_want_write",
  526. Import => True;
  527. Error_Want_Read : constant Error_Code :=
  528. Error_Code (Get_WolfSSL_Error_Want_Read);
  529. Error_Want_Write : constant Error_Code :=
  530. Error_Code (Get_WolfSSL_Error_Want_Write);
  531. end WolfSSL;