ssl.h 478 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363
  1. /*!
  2. \brief This function initializes the DTLS v1.2 client method.
  3. \return pointer This function returns a pointer to a new
  4. WOLFSSL_METHOD structure.
  5. \param none No parameters.
  6. _Example_
  7. \code
  8. wolfSSL_Init();
  9. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
  10. WOLFSSL* ssl = wolfSSL_new(ctx);
  11. \endcode
  12. \sa wolfSSL_Init
  13. \sa wolfSSL_CTX_new
  14. */
  15. WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
  16. /*!
  17. \ingroup Setup
  18. \brief This function returns a WOLFSSL_METHOD similar to
  19. wolfSSLv23_client_method except that it is not determined
  20. which side yet (server/client).
  21. \return WOLFSSL_METHOD* On successful creations returns a WOLFSSL_METHOD
  22. pointer
  23. \return NULL Null if memory allocation error or failure to create method
  24. \param none No parameters.
  25. _Example_
  26. \code
  27. WOLFSSL* ctx;
  28. ctx = wolfSSL_CTX_new(wolfSSLv23_method());
  29. // check ret value
  30. \endcode
  31. \sa wolfSSL_new
  32. \sa wolfSSL_free
  33. */
  34. WOLFSSL_METHOD *wolfSSLv23_method(void);
  35. /*!
  36. \ingroup Setup
  37. \brief The wolfSSLv3_server_method() function is used to indicate
  38. that the application is a server and will only support the SSL 3.0
  39. protocol. This function allocates memory for and initializes a new
  40. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  41. with wolfSSL_CTX_new().
  42. \return * If successful, the call will return a pointer to the newly
  43. created WOLFSSL_METHOD structure.
  44. \return FAIL If memory allocation fails when calling XMALLOC, the
  45. failure value of the underlying malloc() implementation will be returned
  46. (typically NULL with errno will be set to ENOMEM).
  47. \param none No parameters.
  48. _Example_
  49. \code
  50. #include <wolfssl/ssl.h>
  51. WOLFSSL_METHOD* method;
  52. WOLFSSL_CTX* ctx;
  53. method = wolfSSLv3_server_method();
  54. if (method == NULL) {
  55. unable to get method
  56. }
  57. ctx = wolfSSL_CTX_new(method);
  58. ...
  59. \endcode
  60. \sa wolfTLSv1_server_method
  61. \sa wolfTLSv1_1_server_method
  62. \sa wolfTLSv1_2_server_method
  63. \sa wolfTLSv1_3_server_method
  64. \sa wolfDTLSv1_server_method
  65. \sa wolfSSLv23_server_method
  66. \sa wolfSSL_CTX_new
  67. */
  68. WOLFSSL_METHOD *wolfSSLv3_server_method(void);
  69. /*!
  70. \ingroup Setup
  71. \brief The wolfSSLv3_client_method() function is used to indicate
  72. that the application is a client and will only support the SSL 3.0
  73. protocol. This function allocates memory for and initializes a
  74. new wolfSSL_METHOD structure to be used when creating the SSL/TLS
  75. context with wolfSSL_CTX_new().
  76. \return * If successful, the call will return a pointer to the newly
  77. created WOLFSSL_METHOD structure.
  78. \return FAIL If memory allocation fails when calling XMALLOC, the
  79. failure value of the underlying malloc() implementation will be
  80. returned (typically NULL with errno will be set to ENOMEM).
  81. \param none No parameters.
  82. _Example_
  83. \code
  84. #include <wolfssl/ssl.h>
  85. WOLFSSL_METHOD* method;
  86. WOLFSSL_CTX* ctx;
  87. method = wolfSSLv3_client_method();
  88. if (method == NULL) {
  89. unable to get method
  90. }
  91. ctx = wolfSSL_CTX_new(method);
  92. ...
  93. \endcode
  94. \sa wolfTLSv1_client_method
  95. \sa wolfTLSv1_1_client_method
  96. \sa wolfTLSv1_2_client_method
  97. \sa wolfTLSv1_3_client_method
  98. \sa wolfDTLSv1_client_method
  99. \sa wolfSSLv23_client_method
  100. \sa wolfSSL_CTX_new
  101. */
  102. WOLFSSL_METHOD *wolfSSLv3_client_method(void);
  103. /*!
  104. \ingroup Setup
  105. \brief The wolfTLSv1_server_method() function is used to indicate that the
  106. application is a server and will only support the TLS 1.0 protocol. This
  107. function allocates memory for and initializes a new wolfSSL_METHOD
  108. structure to be used when creating the SSL/TLS context with
  109. wolfSSL_CTX_new().
  110. \return * If successful, the call will return a pointer to the newly
  111. created WOLFSSL_METHOD structure.
  112. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  113. value of the underlying malloc() implementation will be returned
  114. (typically NULL with errno will be set to ENOMEM).
  115. \param none No parameters.
  116. _Example_
  117. \code
  118. #include <wolfssl/ssl.h>
  119. WOLFSSL_METHOD* method;
  120. WOLFSSL_CTX* ctx;
  121. method = wolfTLSv1_server_method();
  122. if (method == NULL) {
  123. unable to get method
  124. }
  125. ctx = wolfSSL_CTX_new(method);
  126. ...
  127. \endcode
  128. \sa wolfSSLv3_server_method
  129. \sa wolfTLSv1_1_server_method
  130. \sa wolfTLSv1_2_server_method
  131. \sa wolfTLSv1_3_server_method
  132. \sa wolfDTLSv1_server_method
  133. \sa wolfSSLv23_server_method
  134. \sa wolfSSL_CTX_new
  135. */
  136. WOLFSSL_METHOD *wolfTLSv1_server_method(void);
  137. /*!
  138. \ingroup Setup
  139. \brief The wolfTLSv1_client_method() function is used to indicate
  140. that the application is a client and will only support the TLS 1.0
  141. protocol. This function allocates memory for and initializes a new
  142. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  143. with wolfSSL_CTX_new().
  144. \return * If successful, the call will return a pointer to the newly
  145. created WOLFSSL_METHOD structure.
  146. \return FAIL If memory allocation fails when calling XMALLOC,
  147. the failure value of the underlying malloc() implementation
  148. will be returned (typically NULL with errno will be set to ENOMEM).
  149. \param none No parameters.
  150. _Example_
  151. \code
  152. #include <wolfssl/ssl.h>
  153. WOLFSSL_METHOD* method;
  154. WOLFSSL_CTX* ctx;
  155. method = wolfTLSv1_client_method();
  156. if (method == NULL) {
  157. unable to get method
  158. }
  159. ctx = wolfSSL_CTX_new(method);
  160. ...
  161. \endcode
  162. \sa wolfSSLv3_client_method
  163. \sa wolfTLSv1_1_client_method
  164. \sa wolfTLSv1_2_client_method
  165. \sa wolfTLSv1_3_client_method
  166. \sa wolfDTLSv1_client_method
  167. \sa wolfSSLv23_client_method
  168. \sa wolfSSL_CTX_new
  169. */
  170. WOLFSSL_METHOD *wolfTLSv1_client_method(void);
  171. /*!
  172. \ingroup Setup
  173. \brief The wolfTLSv1_1_server_method() function is used to indicate
  174. that the application is a server and will only support the TLS 1.1
  175. protocol. This function allocates memory for and initializes a new
  176. wolfSSL_METHOD structure to be used when creating the SSL/TLS
  177. context with wolfSSL_CTX_new().
  178. \return * If successful, the call will return a pointer to the newly
  179. created WOLFSSL_METHOD structure.
  180. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  181. value of the underlying malloc() implementation will be returned
  182. (typically NULL with errno will be set to ENOMEM).
  183. \param none No parameters.
  184. _Example_
  185. \code
  186. #include <wolfssl/ssl.h>
  187. WOLFSSL_METHOD* method;
  188. WOLFSSL_CTX* ctx;
  189. method = wolfTLSv1_1_server_method();
  190. if (method == NULL) {
  191. // unable to get method
  192. }
  193. ctx = wolfSSL_CTX_new(method);
  194. ...
  195. \endcode
  196. \sa wolfSSLv3_server_method
  197. \sa wolfTLSv1_server_method
  198. \sa wolfTLSv1_2_server_method
  199. \sa wolfTLSv1_3_server_method
  200. \sa wolfDTLSv1_server_method
  201. \sa wolfSSLv23_server_method
  202. \sa wolfSSL_CTX_new
  203. */
  204. WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
  205. /*!
  206. \ingroup Setup
  207. \brief The wolfTLSv1_1_client_method() function is used to indicate
  208. that the application is a client and will only support the TLS 1.0
  209. protocol. This function allocates memory for and initializes a
  210. new wolfSSL_METHOD structure to be used when creating the SSL/TLS
  211. context with wolfSSL_CTX_new().
  212. \return * If successful, the call will return a pointer to the
  213. newly created WOLFSSL_METHOD structure.
  214. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  215. value of the underlying malloc() implementation will be returned
  216. (typically NULL with errno will be set to ENOMEM).
  217. \param none No parameters.
  218. _Example_
  219. \code
  220. #include <wolfssl/ssl.h>
  221. WOLFSSL_METHOD* method;
  222. WOLFSSL_CTX* ctx;
  223. method = wolfTLSv1_1_client_method();
  224. if (method == NULL) {
  225. // unable to get method
  226. }
  227. ctx = wolfSSL_CTX_new(method);
  228. ...
  229. \endcode
  230. \sa wolfSSLv3_client_method
  231. \sa wolfTLSv1_client_method
  232. \sa wolfTLSv1_2_client_method
  233. \sa wolfTLSv1_3_client_method
  234. \sa wolfDTLSv1_client_method
  235. \sa wolfSSLv23_client_method
  236. \sa wolfSSL_CTX_new
  237. */
  238. WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
  239. /*!
  240. \ingroup Setup
  241. \brief The wolfTLSv1_2_server_method() function is used to indicate
  242. that the application is a server and will only support the TLS 1.2
  243. protocol. This function allocates memory for and initializes a new
  244. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  245. with wolfSSL_CTX_new().
  246. \return * If successful, the call will return a pointer to the newly
  247. created WOLFSSL_METHOD structure.
  248. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  249. value of the underlying malloc() implementation will be returned
  250. (typically NULL with errno will be set to ENOMEM).
  251. \param none No parameters.
  252. _Example_
  253. \code
  254. #include <wolfssl/ssl.h>
  255. WOLFSSL_METHOD* method;
  256. WOLFSSL_CTX* ctx;
  257. method = wolfTLSv1_2_server_method();
  258. if (method == NULL) {
  259. // unable to get method
  260. }
  261. ctx = wolfSSL_CTX_new(method);
  262. ...
  263. \endcode
  264. \sa wolfSSLv3_server_method
  265. \sa wolfTLSv1_server_method
  266. \sa wolfTLSv1_1_server_method
  267. \sa wolfTLSv1_3_server_method
  268. \sa wolfDTLSv1_server_method
  269. \sa wolfSSLv23_server_method
  270. \sa wolfSSL_CTX_new
  271. */
  272. WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
  273. /*!
  274. \ingroup Setup
  275. \brief The wolfTLSv1_2_client_method() function is used to indicate
  276. that the application is a client and will only support the TLS 1.2
  277. protocol. This function allocates memory for and initializes a new
  278. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  279. with wolfSSL_CTX_new().
  280. \return * If successful, the call will return a pointer to the newly
  281. created WOLFSSL_METHOD structure.
  282. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  283. value of the underlying malloc() implementation will be returned
  284. (typically NULL with errno will be set to ENOMEM).
  285. \param none No parameters.
  286. _Example_
  287. \code
  288. #include <wolfssl/ssl.h>
  289. WOLFSSL_METHOD* method;
  290. WOLFSSL_CTX* ctx;
  291. method = wolfTLSv1_2_client_method();
  292. if (method == NULL) {
  293. // unable to get method
  294. }
  295. ctx = wolfSSL_CTX_new(method);
  296. ...
  297. \endcode
  298. \sa wolfSSLv3_client_method
  299. \sa wolfTLSv1_client_method
  300. \sa wolfTLSv1_1_client_method
  301. \sa wolfTLSv1_3_client_method
  302. \sa wolfDTLSv1_client_method
  303. \sa wolfSSLv23_client_method
  304. \sa wolfSSL_CTX_new
  305. */
  306. WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
  307. /*!
  308. \ingroup Setup
  309. \brief The wolfDTLSv1_client_method() function is used to indicate that
  310. the application is a client and will only support the DTLS 1.0 protocol.
  311. This function allocates memory for and initializes a new
  312. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  313. with wolfSSL_CTX_new(). This function is only available when wolfSSL has
  314. been compiled with DTLS support (--enable-dtls,
  315. or by defining wolfSSL_DTLS).
  316. \return * If successful, the call will return a pointer to the newly
  317. created WOLFSSL_METHOD structure.
  318. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  319. value of the underlying malloc() implementation will be returned
  320. (typically NULL with errno will be set to ENOMEM).
  321. \param none No parameters.
  322. _Example_
  323. \code
  324. WOLFSSL_METHOD* method;
  325. WOLFSSL_CTX* ctx;
  326. method = wolfDTLSv1_client_method();
  327. if (method == NULL) {
  328. // unable to get method
  329. }
  330. ctx = wolfSSL_CTX_new(method);
  331. ...
  332. \endcode
  333. \sa wolfSSLv3_client_method
  334. \sa wolfTLSv1_client_method
  335. \sa wolfTLSv1_1_client_method
  336. \sa wolfTLSv1_2_client_method
  337. \sa wolfTLSv1_3_client_method
  338. \sa wolfSSLv23_client_method
  339. \sa wolfSSL_CTX_new
  340. */
  341. WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
  342. /*!
  343. \ingroup Setup
  344. \brief The wolfDTLSv1_server_method() function is used to indicate
  345. that the application is a server and will only support the DTLS 1.0
  346. protocol. This function allocates memory for and initializes a
  347. new wolfSSL_METHOD structure to be used when creating the SSL/TLS
  348. context with wolfSSL_CTX_new(). This function is only available
  349. when wolfSSL has been compiled with DTLS support (--enable-dtls,
  350. or by defining wolfSSL_DTLS).
  351. \return * If successful, the call will return a pointer to the newly
  352. created WOLFSSL_METHOD structure.
  353. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  354. value of the underlying malloc() implementation will be returned
  355. (typically NULL with errno will be set to ENOMEM).
  356. \param none No parameters.
  357. _Example_
  358. \code
  359. WOLFSSL_METHOD* method;
  360. WOLFSSL_CTX* ctx;
  361. method = wolfDTLSv1_server_method();
  362. if (method == NULL) {
  363. // unable to get method
  364. }
  365. ctx = wolfSSL_CTX_new(method);
  366. ...
  367. \endcode
  368. \sa wolfSSLv3_server_method
  369. \sa wolfTLSv1_server_method
  370. \sa wolfTLSv1_1_server_method
  371. \sa wolfTLSv1_2_server_method
  372. \sa wolfTLSv1_3_server_method
  373. \sa wolfSSLv23_server_method
  374. \sa wolfSSL_CTX_new
  375. */
  376. WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
  377. /*!
  378. \ingroup Setup
  379. \brief The wolfDTLSv1_3_server_method() function is used to indicate that
  380. the application is a server and will only support the DTLS 1.3
  381. protocol. This function allocates memory for and initializes a new
  382. wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
  383. wolfSSL_CTX_new(). This function is only available when wolfSSL has been
  384. compiled with DTLSv1.3 support (--enable-dtls13, or by defining
  385. wolfSSL_DTLS13).
  386. \return * If successful, the call will return a pointer to the newly
  387. created WOLFSSL_METHOD structure.
  388. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  389. value of the underlying malloc() implementation will be returned
  390. (typically NULL with errno will be set to ENOMEM).
  391. \param none No parameters.
  392. _Example_
  393. \code
  394. WOLFSSL_METHOD* method;
  395. WOLFSSL_CTX* ctx;
  396. method = wolfDTLSv1_3_server_method();
  397. if (method == NULL) {
  398. // unable to get method
  399. }
  400. ctx = wolfSSL_CTX_new(method);
  401. ...
  402. \endcode
  403. \sa wolfDTLSv1_3_client_method
  404. */
  405. WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
  406. /*!
  407. \ingroup Setup
  408. \brief The wolfDTLSv1_3_client_method() function is used to indicate that
  409. the application is a client and will only support the DTLS 1.3
  410. protocol. This function allocates memory for and initializes a new
  411. wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
  412. wolfSSL_CTX_new(). This function is only available when wolfSSL has been
  413. compiled with DTLSv1.3 support (--enable-dtls13, or by defining
  414. wolfSSL_DTLS13).
  415. \return * If successful, the call will return a pointer to the newly
  416. created WOLFSSL_METHOD structure.
  417. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  418. value of the underlying malloc() implementation will be returned
  419. (typically NULL with errno will be set to ENOMEM).
  420. \param none No parameters.
  421. _Example_
  422. \code
  423. WOLFSSL_METHOD* method;
  424. WOLFSSL_CTX* ctx;
  425. method = wolfDTLSv1_3_client_method();
  426. if (method == NULL) {
  427. // unable to get method
  428. }
  429. ctx = wolfSSL_CTX_new(method);
  430. ...
  431. \endcode
  432. \sa wolfDTLSv1_3_server_method
  433. */
  434. WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void);
  435. /*!
  436. \ingroup Setup
  437. \brief The wolfDTLS_server_method() function is used to indicate that the
  438. application is a server and will support the highest version of DTLS
  439. available and all the version up to the minimum version allowed. The
  440. default minimum version allowed is based on the define
  441. WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
  442. wolfSSL_SetMinVersion(). This function allocates memory for and initializes
  443. a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  444. with wolfSSL_CTX_new(). This function is only available when wolfSSL has
  445. been compiled with DTLS support (--enable-dtls, or by defining
  446. wolfSSL_DTLS).
  447. \return * If successful, the call will return a pointer to the newly
  448. created WOLFSSL_METHOD structure.
  449. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  450. value of the underlying malloc() implementation will be returned
  451. (typically NULL with errno will be set to ENOMEM).
  452. \param none No parameters.
  453. _Example_
  454. \code
  455. WOLFSSL_METHOD* method;
  456. WOLFSSL_CTX* ctx;
  457. method = wolfDTLS_server_method();
  458. if (method == NULL) {
  459. // unable to get method
  460. }
  461. ctx = wolfSSL_CTX_new(method);
  462. ...
  463. \endcode
  464. \sa wolfDTLS_client_method
  465. \sa wolfSSL_SetMinVersion
  466. */
  467. WOLFSSL_METHOD *wolfDTLS_server_method(void);
  468. /*!
  469. \ingroup Setup
  470. \brief The wolfDTLS_client_method() function is used to indicate that the
  471. application is a client and will support the highest version of DTLS
  472. available and all the version up to the minimum version allowed. The
  473. default minimum version allowed is based on the define
  474. WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
  475. wolfSSL_SetMinVersion(). This function allocates memory for and initializes
  476. a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  477. with wolfSSL_CTX_new(). This function is only available when wolfSSL has
  478. been compiled with DTLS support (--enable-dtls, or by defining
  479. wolfSSL_DTLS).
  480. \return * If successful, the call will return a pointer to the newly
  481. created WOLFSSL_METHOD structure.
  482. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  483. value of the underlying malloc() implementation will be returned
  484. (typically NULL with errno will be set to ENOMEM).
  485. \param none No parameters.
  486. _Example_
  487. \code
  488. WOLFSSL_METHOD* method;
  489. WOLFSSL_CTX* ctx;
  490. method = wolfDTLS_client_method();
  491. if (method == NULL) {
  492. // unable to get method
  493. }
  494. ctx = wolfSSL_CTX_new(method);
  495. ...
  496. \endcode
  497. \sa wolfDTLS_server_method
  498. \sa wolfSSL_SetMinVersion
  499. */
  500. WOLFSSL_METHOD *wolfDTLS_client_method(void);
  501. /*!
  502. \brief This function creates and initializes a WOLFSSL_METHOD for the
  503. server side.
  504. \return This function returns a WOLFSSL_METHOD pointer.
  505. \param none No parameters.
  506. _Example_
  507. \code
  508. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
  509. WOLFSSL* ssl = WOLFSSL_new(ctx);
  510. \endcode
  511. \sa wolfSSL_CTX_new
  512. */
  513. WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
  514. /*!
  515. \ingroup Setup
  516. \brief Since there is some differences between the first release and
  517. newer versions of chacha-poly AEAD construction we have added an option
  518. to communicate with servers/clients using the older version. By default
  519. wolfSSL uses the new version.
  520. \return 0 upon success
  521. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  522. \param value whether or not to use the older version of setting up the
  523. information for poly1305. Passing a flag value of 1 indicates yes use the
  524. old poly AEAD, to switch back to using the new version pass a flag value
  525. of 0.
  526. _Example_
  527. \code
  528. int ret = 0;
  529. WOLFSSL* ssl;
  530. ...
  531. ret = wolfSSL_use_old_poly(ssl, 1);
  532. if (ret != 0) {
  533. // failed to set poly1305 AEAD version
  534. }
  535. \endcode
  536. \sa none
  537. */
  538. int wolfSSL_use_old_poly(WOLFSSL* ssl, int value);
  539. /*!
  540. \brief The wolfSSL_dtls_import() function is used to parse in a serialized
  541. session state. This allows for picking up the connection after the
  542. handshake has been completed.
  543. \return Success If successful, the amount of the buffer read will be
  544. returned.
  545. \return Failure All unsuccessful return values will be less than 0.
  546. \return VERSION_ERROR If a version mismatch is found ie DTLS v1 and ctx
  547. was set up for DTLS v1.2 then VERSION_ERROR is returned.
  548. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  549. \param buf serialized session to import.
  550. \param sz size of serialized session buffer.
  551. _Example_
  552. \code
  553. WOLFSSL* ssl;
  554. int ret;
  555. unsigned char buf[MAX];
  556. bufSz = MAX;
  557. ...
  558. //get information sent from wc_dtls_export function and place it in buf
  559. fread(buf, 1, bufSz, input);
  560. ret = wolfSSL_dtls_import(ssl, buf, bufSz);
  561. if (ret < 0) {
  562. // handle error case
  563. }
  564. // no wolfSSL_accept needed since handshake was already done
  565. ...
  566. ret = wolfSSL_write(ssl) and wolfSSL_read(ssl);
  567. ...
  568. \endcode
  569. \sa wolfSSL_new
  570. \sa wolfSSL_CTX_new
  571. \sa wolfSSL_CTX_dtls_set_export
  572. */
  573. int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
  574. unsigned int sz);
  575. /*!
  576. \brief Used to import a serialized TLS session. This function is for
  577. importing the state of the connection.
  578. WARNING: buf contains sensitive information about the state and is best to
  579. be encrypted before storing if stored.
  580. Additional debug info can be displayed with the macro
  581. WOLFSSL_SESSION_EXPORT_DEBUG defined.
  582. \return the number of bytes read from buffer 'buf'
  583. \param ssl WOLFSSL structure to import the session into
  584. \param buf serialized session
  585. \param sz size of buffer 'buf'
  586. \sa wolfSSL_dtls_import
  587. \sa wolfSSL_tls_export
  588. */
  589. int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf,
  590. unsigned int sz);
  591. /*!
  592. \brief The wolfSSL_CTX_dtls_set_export() function is used to set
  593. the callback function for exporting a session. It is allowed to
  594. pass in NULL as the parameter func to clear the export function
  595. previously stored. Used on the server side and is called immediately
  596. after handshake is completed.
  597. \return SSL_SUCCESS upon success.
  598. \return BAD_FUNC_ARG If null or not expected arguments are passed in
  599. \param ctx a pointer to a WOLFSSL_CTX structure, created
  600. with wolfSSL_CTX_new().
  601. \param func wc_dtls_export function to use when exporting a session.
  602. _Example_
  603. \code
  604. int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
  605. // body of send session (wc_dtls_export) that passes
  606. // buf (serialized session) to destination
  607. WOLFSSL_CTX* ctx;
  608. int ret;
  609. ...
  610. ret = wolfSSL_CTX_dtls_set_export(ctx, send_session);
  611. if (ret != SSL_SUCCESS) {
  612. // handle error case
  613. }
  614. ...
  615. ret = wolfSSL_accept(ssl);
  616. ...
  617. \endcode
  618. \sa wolfSSL_new
  619. \sa wolfSSL_CTX_new
  620. \sa wolfSSL_dtls_set_export
  621. \sa Static buffer use
  622. */
  623. int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
  624. wc_dtls_export func);
  625. /*!
  626. \brief The wolfSSL_dtls_set_export() function is used to set the callback
  627. function for exporting a session. It is allowed to pass in NULL as the
  628. parameter func to clear the export function previously stored. Used on
  629. the server side and is called immediately after handshake is completed.
  630. \return SSL_SUCCESS upon success.
  631. \return BAD_FUNC_ARG If null or not expected arguments are passed in
  632. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  633. \param func wc_dtls_export function to use when exporting a session.
  634. _Example_
  635. \code
  636. int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
  637. // body of send session (wc_dtls_export) that passes
  638. // buf (serialized session) to destination
  639. WOLFSSL* ssl;
  640. int ret;
  641. ...
  642. ret = wolfSSL_dtls_set_export(ssl, send_session);
  643. if (ret != SSL_SUCCESS) {
  644. // handle error case
  645. }
  646. ...
  647. ret = wolfSSL_accept(ssl);
  648. ...
  649. \endcode
  650. \sa wolfSSL_new
  651. \sa wolfSSL_CTX_new
  652. \sa wolfSSL_CTX_dtls_set_export
  653. */
  654. int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
  655. /*!
  656. \brief The wolfSSL_dtls_export() function is used to serialize a
  657. WOLFSSL session into the provided buffer. Allows for less memory
  658. overhead than using a function callback for sending a session and
  659. choice over when the session is serialized. If buffer is NULL when
  660. passed to function then sz will be set to the size of buffer needed
  661. for serializing the WOLFSSL session.
  662. \return Success If successful, the amount of the buffer used will
  663. be returned.
  664. \return Failure All unsuccessful return values will be less than 0.
  665. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  666. \param buf buffer to hold serialized session.
  667. \param sz size of buffer.
  668. _Example_
  669. \code
  670. WOLFSSL* ssl;
  671. int ret;
  672. unsigned char buf[MAX];
  673. bufSz = MAX;
  674. ...
  675. ret = wolfSSL_dtls_export(ssl, buf, bufSz);
  676. if (ret < 0) {
  677. // handle error case
  678. }
  679. ...
  680. \endcode
  681. \sa wolfSSL_new
  682. \sa wolfSSL_CTX_new
  683. \sa wolfSSL_CTX_dtls_set_export
  684. \sa wolfSSL_dtls_import
  685. */
  686. int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
  687. unsigned int* sz);
  688. /*!
  689. \brief Used to export a serialized TLS session. This function is for
  690. exporting a serialized state of the connection.
  691. In most cases wolfSSL_get1_session should be used instead of
  692. wolfSSL_tls_export.
  693. Additional debug info can be displayed with the macro
  694. WOLFSSL_SESSION_EXPORT_DEBUG defined.
  695. WARNING: buf contains sensitive information about the state and is best to
  696. be encrypted before storing if stored.
  697. \return the number of bytes written into buffer 'buf'
  698. \param ssl WOLFSSL structure to export the session from
  699. \param buf output of serialized session
  700. \param sz size in bytes set in 'buf'
  701. \sa wolfSSL_dtls_import
  702. \sa wolfSSL_tls_import
  703. */
  704. int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf,
  705. unsigned int* sz);
  706. /*!
  707. \brief This function is used to set aside static memory for a CTX. Memory
  708. set aside is then used for the CTX’s lifetime and for any SSL objects
  709. created from the CTX. By passing in a NULL ctx pointer and a
  710. wolfSSL_method_func function the creation of the CTX itself will also
  711. use static memory. wolfSSL_method_func has the function signature of
  712. WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);. Passing in 0 for max
  713. makes it behave as if not set and no max concurrent use restrictions is
  714. in place. The flag value passed in determines how the memory is used and
  715. behavior while operating. Available flags are the following: 0 - default
  716. general memory, WOLFMEM_IO_POOL - used for input/output buffer when
  717. sending receiving messages and overrides general memory, so all memory
  718. in buffer passed in is used for IO, WOLFMEM_IO_FIXED - same as
  719. WOLFMEM_IO_POOL but each SSL now keeps two buffers to themselves for
  720. their lifetime, WOLFMEM_TRACK_STATS - each SSL keeps track of memory
  721. stats while running.
  722. \return SSL_SUCCESS upon success.
  723. \return SSL_FAILURE upon failure.
  724. \param ctx address of pointer to a WOLFSSL_CTX structure.
  725. \param method function to create protocol. (should be NULL if ctx is not
  726. also NULL)
  727. \param buf memory to use for all operations.
  728. \param sz size of memory buffer being passed in.
  729. \param flag type of memory.
  730. \param max max concurrent operations.
  731. _Example_
  732. \code
  733. WOLFSSL_CTX* ctx;
  734. WOLFSSL* ssl;
  735. int ret;
  736. unsigned char memory[MAX];
  737. int memorySz = MAX;
  738. unsigned char IO[MAX];
  739. int IOSz = MAX;
  740. int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS;
  741. ...
  742. // create ctx also using static memory, start with general memory to use
  743. ctx = NULL:
  744. ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex,
  745. memory, memorySz, 0, MAX_CONCURRENT_HANDSHAKES);
  746. if (ret != SSL_SUCCESS) {
  747. // handle error case
  748. }
  749. // load in memory for use with IO
  750. ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag,
  751. MAX_CONCURRENT_IO);
  752. if (ret != SSL_SUCCESS) {
  753. // handle error case
  754. }
  755. ...
  756. \endcode
  757. \sa wolfSSL_CTX_new
  758. \sa wolfSSL_CTX_is_static_memory
  759. \sa wolfSSL_is_static_memory
  760. */
  761. int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
  762. wolfSSL_method_func method,
  763. unsigned char* buf, unsigned int sz,
  764. int flag, int max);
  765. /*!
  766. \brief This function does not change any of the connections behavior
  767. and is used only for gathering information about the static memory usage.
  768. \return 1 is returned if using static memory for the CTX is true.
  769. \return 0 is returned if not using static memory.
  770. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  771. wolfSSL_CTX_new().
  772. \param mem_stats structure to hold information about static memory usage.
  773. _Example_
  774. \code
  775. WOLFSSL_CTX* ctx;
  776. int ret;
  777. WOLFSSL_MEM_STATS mem_stats;
  778. ...
  779. //get information about static memory with CTX
  780. ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats);
  781. if (ret == 1) {
  782. // handle case of is using static memory
  783. // print out or inspect elements of mem_stats
  784. }
  785. if (ret == 0) {
  786. //handle case of ctx not using static memory
  787. }
  788. \endcode
  789. \sa wolfSSL_CTX_new
  790. \sa wolfSSL_CTX_load_static_memory
  791. \sa wolfSSL_is_static_memory
  792. */
  793. int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
  794. WOLFSSL_MEM_STATS* mem_stats);
  795. /*!
  796. \brief wolfSSL_is_static_memory is used to gather information about
  797. a SSL’s static memory usage. The return value indicates if static
  798. memory is being used and WOLFSSL_MEM_CONN_STATS will be filled out
  799. if and only if the flag WOLFMEM_TRACK_STATS was passed to the parent
  800. CTX when loading in static memory.
  801. \return 1 is returned if using static memory for the CTX is true.
  802. \return 0 is returned if not using static memory.
  803. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  804. \param mem_stats structure to contain static memory usage.
  805. _Example_
  806. \code
  807. WOLFSSL* ssl;
  808. int ret;
  809. WOLFSSL_MEM_CONN_STATS mem_stats;
  810. ...
  811. ret = wolfSSL_is_static_memory(ssl, mem_stats);
  812. if (ret == 1) {
  813. // handle case when is static memory
  814. // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag
  815. }
  816. ...
  817. \endcode
  818. \sa wolfSSL_new
  819. \sa wolfSSL_CTX_is_static_memory
  820. */
  821. int wolfSSL_is_static_memory(WOLFSSL* ssl,
  822. WOLFSSL_MEM_CONN_STATS* mem_stats);
  823. /*!
  824. \ingroup CertsKeys
  825. \brief This function loads a certificate file into the SSL context
  826. (WOLFSSL_CTX). The file is provided by the file argument. The
  827. format argument specifies the format type of the file, either
  828. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples
  829. for proper usage.
  830. \return SSL_SUCCESS upon success.
  831. \return SSL_FAILURE If the function call fails, possible causes might
  832. include the file is in the wrong format, or the wrong format has been
  833. given using the “format” argument, file doesn’t exist, can’t be read,
  834. or is corrupted, an out of memory condition occurs, Base16 decoding
  835. fails on the file.
  836. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  837. wolfSSL_CTX_new()
  838. \param file a pointer to the name of the file containing the certificate
  839. to be loaded into the wolfSSL SSL context.
  840. \param format - format of the certificates pointed to by file. Possible
  841. options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  842. _Example_
  843. \code
  844. int ret = 0;
  845. WOLFSSL_CTX* ctx;
  846. ...
  847. ret = wolfSSL_CTX_use_certificate_file(ctx, “./client-cert.pem”,
  848. SSL_FILETYPE_PEM);
  849. if (ret != SSL_SUCCESS) {
  850. // error loading cert file
  851. }
  852. ...
  853. \endcode
  854. \sa wolfSSL_CTX_use_certificate_buffer
  855. \sa wolfSSL_use_certificate_file
  856. \sa wolfSSL_use_certificate_buffer
  857. */
  858. int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
  859. int format);
  860. /*!
  861. \ingroup CertsKeys
  862. \brief This function loads a private key file into the SSL context
  863. (WOLFSSL_CTX). The file is provided by the file argument. The format
  864. argument specifies the format type of the file - SSL_FILETYPE_ASN1or
  865. SSL_FILETYPE_PEM. Please see the examples for proper usage.
  866. If using an external key store and do not have the private key you can
  867. instead provide the public key and register the crypro callback to handle
  868. the signing. For this you can build with either build with crypto callbacks
  869. or PK callbacks. To enable crypto callbacks use --enable-cryptocb
  870. or WOLF_CRYPTO_CB and register a crypto callback using
  871. wc_CryptoCb_RegisterDevice and set the associated devId using
  872. wolfSSL_CTX_SetDevId.
  873. \return SSL_SUCCESS upon success.
  874. \return SSL_FAILURE The file is in the wrong format, or the wrong format
  875. has been given using the “format” argument. The file doesn’t exist, can’t
  876. be read, or is corrupted. An out of memory condition occurs. Base16
  877. decoding fails on the file. The key file is encrypted but no password
  878. is provided.
  879. \param none No parameters.
  880. _Example_
  881. \code
  882. int ret = 0;
  883. WOLFSSL_CTX* ctx;
  884. ...
  885. ret = wolfSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pem”,
  886. SSL_FILETYPE_PEM);
  887. if (ret != SSL_SUCCESS) {
  888. // error loading key file
  889. }
  890. ...
  891. \endcode
  892. \sa wolfSSL_CTX_use_PrivateKey_buffer
  893. \sa wolfSSL_use_PrivateKey_file
  894. \sa wolfSSL_use_PrivateKey_buffer
  895. \sa wc_CryptoCb_RegisterDevice
  896. \sa wolfSSL_CTX_SetDevId
  897. */
  898. int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
  899. /*!
  900. \ingroup CertsKeys
  901. \brief This function loads PEM-formatted CA certificate files into the SSL
  902. context (WOLFSSL_CTX). These certificates will be treated as trusted root
  903. certificates and used to verify certs received from peers during the SSL
  904. handshake. The root certificate file, provided by the file argument, may
  905. be a single certificate or a file containing multiple certificates.
  906. If multiple CA certs are included in the same file, wolfSSL will load them
  907. in the same order they are presented in the file. The path argument is
  908. a pointer to the name of a directory that contains certificates of
  909. trusted root CAs. If the value of file is not NULL, path may be specified
  910. as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
  911. defined when building the library, wolfSSL will load all CA certificates
  912. located in the given directory. This function will attempt to load all
  913. files in the directory. This function expects PEM formatted CERT_TYPE
  914. file with header “-----BEGIN CERTIFICATE-----”.
  915. \return SSL_SUCCESS up success.
  916. \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
  917. path are NULL.
  918. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  919. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  920. read, or is corrupted.
  921. \return MEMORY_E will be returned if an out of memory condition occurs.
  922. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  923. \return ASN_BEFORE_DATE_E will be returned if the current date is before the
  924. before date.
  925. \return ASN_AFTER_DATE_E will be returned if the current date is after the
  926. after date.
  927. \return BUFFER_E will be returned if a chain buffer is bigger than the
  928. receiving buffer.
  929. \return BAD_PATH_ERROR will be returned if opendir() fails when trying
  930. to open path.
  931. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  932. \param file pointer to name of the file containing PEM-formatted CA
  933. certificates.
  934. \param path pointer to the name of a directory to load PEM-formatted
  935. certificates from.
  936. _Example_
  937. \code
  938. int ret = 0;
  939. WOLFSSL_CTX* ctx;
  940. ...
  941. ret = wolfSSL_CTX_load_verify_locations(ctx, “./ca-cert.pem”, NULL);
  942. if (ret != WOLFSSL_SUCCESS) {
  943. // error loading CA certs
  944. }
  945. ...
  946. \endcode
  947. \sa wolfSSL_CTX_load_verify_locations_ex
  948. \sa wolfSSL_CTX_load_verify_buffer
  949. \sa wolfSSL_CTX_use_certificate_file
  950. \sa wolfSSL_CTX_use_PrivateKey_file
  951. \sa wolfSSL_CTX_use_certificate_chain_file
  952. \sa wolfSSL_use_certificate_file
  953. \sa wolfSSL_use_PrivateKey_file
  954. \sa wolfSSL_use_certificate_chain_file
  955. */
  956. int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
  957. const char* path);
  958. /*!
  959. \ingroup CertsKeys
  960. \brief This function loads PEM-formatted CA certificate files into the SSL
  961. context (WOLFSSL_CTX). These certificates will be treated as trusted root
  962. certificates and used to verify certs received from peers during the SSL
  963. handshake. The root certificate file, provided by the file argument, may
  964. be a single certificate or a file containing multiple certificates.
  965. If multiple CA certs are included in the same file, wolfSSL will load them
  966. in the same order they are presented in the file. The path argument is
  967. a pointer to the name of a directory that contains certificates of
  968. trusted root CAs. If the value of file is not NULL, path may be specified
  969. as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
  970. defined when building the library, wolfSSL will load all CA certificates
  971. located in the given directory. This function will attempt to load all
  972. files in the directory based on flags specified. This function expects PEM
  973. formatted CERT_TYPE files with header “-----BEGIN CERTIFICATE-----”.
  974. \return SSL_SUCCESS up success.
  975. \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
  976. path are NULL. This will also be returned if at least one cert is loaded
  977. successfully but there is one or more that failed. Check error stack for reason.
  978. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  979. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  980. read, or is corrupted.
  981. \return MEMORY_E will be returned if an out of memory condition occurs.
  982. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  983. \return BUFFER_E will be returned if a chain buffer is bigger than the
  984. receiving buffer.
  985. \return BAD_PATH_ERROR will be returned if opendir() fails when trying
  986. to open path.
  987. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  988. \param file pointer to name of the file containing PEM-formatted CA
  989. certificates.
  990. \param path pointer to the name of a directory to load PEM-formatted
  991. certificates from.
  992. \param flags possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR,
  993. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY
  994. _Example_
  995. \code
  996. int ret = 0;
  997. WOLFSSL_CTX* ctx;
  998. ...
  999. ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, “./certs/external",
  1000. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
  1001. if (ret != WOLFSSL_SUCCESS) {
  1002. // error loading CA certs
  1003. }
  1004. ...
  1005. \endcode
  1006. \sa wolfSSL_CTX_load_verify_locations
  1007. \sa wolfSSL_CTX_load_verify_buffer
  1008. \sa wolfSSL_CTX_use_certificate_file
  1009. \sa wolfSSL_CTX_use_PrivateKey_file
  1010. \sa wolfSSL_CTX_use_certificate_chain_file
  1011. \sa wolfSSL_use_certificate_file
  1012. \sa wolfSSL_use_PrivateKey_file
  1013. \sa wolfSSL_use_certificate_chain_file
  1014. */
  1015. int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
  1016. const char* path, unsigned int flags);
  1017. /*!
  1018. \ingroup CertsKeys
  1019. \brief This function returns a pointer to an array of strings representing
  1020. directories wolfSSL will search for system CA certs when
  1021. wolfSSL_CTX_load_system_CA_certs is called. On systems that don't store
  1022. certificates in an accessible system directory (such as Apple platforms),
  1023. this function will always return NULL.
  1024. \return Valid pointer on success.
  1025. \return NULL pointer on failure.
  1026. \param num pointer to a word32 that will be populated with the length of the
  1027. array of strings.
  1028. _Example_
  1029. \code
  1030. WOLFSSL_CTX* ctx;
  1031. const char** dirs;
  1032. word32 numDirs;
  1033. dirs = wolfSSL_get_system_CA_dirs(&numDirs);
  1034. for (int i = 0; i < numDirs; ++i) {
  1035. printf("Potential system CA dir: %s\n", dirs[i]);
  1036. }
  1037. ...
  1038. \endcode
  1039. \sa wolfSSL_CTX_load_system_CA_certs
  1040. \sa wolfSSL_CTX_load_verify_locations
  1041. \sa wolfSSL_CTX_load_verify_locations_ex
  1042. */
  1043. const char** wolfSSL_get_system_CA_dirs(word32* num);
  1044. /*!
  1045. \ingroup CertsKeys
  1046. \brief On most platforms (including Linux and Windows), this function
  1047. attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent
  1048. CA certificate store. Loaded certificates will be trusted.
  1049. On Apple platforms (excluding macOS), certificates can't be obtained from
  1050. the system, and therefore cannot be loaded into the wolfSSL certificate
  1051. manager. For these platforms, this function enables TLS connections bound to
  1052. the WOLFSSL_CTX to use the native system trust APIs to verify authenticity
  1053. of the peer certificate chain if the authenticity of the peer cannot first
  1054. be authenticated against certificates loaded by the user.
  1055. The platforms supported and tested are: Linux (Debian, Ubuntu,
  1056. Gentoo, Fedora, RHEL), Windows 10/11, Android, macOS, and iOS.
  1057. \return WOLFSSL_SUCCESS on success.
  1058. \return WOLFSSL_BAD_PATH if no system CA certs were loaded.
  1059. \return WOLFSSL_FAILURE for other failure types (e.g. Windows cert store
  1060. wasn't properly closed).
  1061. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  1062. _Example_
  1063. \code
  1064. int ret = 0;
  1065. WOLFSSL_CTX* ctx;
  1066. ...
  1067. ret = wolfSSL_CTX_load_system_CA_certs(ctx,);
  1068. if (ret != WOLFSSL_SUCCESS) {
  1069. // error loading system CA certs
  1070. }
  1071. ...
  1072. \endcode
  1073. \sa wolfSSL_get_system_CA_dirs
  1074. \sa wolfSSL_CTX_load_verify_locations
  1075. \sa wolfSSL_CTX_load_verify_locations_ex
  1076. */
  1077. int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx);
  1078. /*!
  1079. \ingroup Setup
  1080. \brief This function loads a certificate to use for verifying a peer
  1081. when performing a TLS/SSL handshake. The peer certificate sent during the
  1082. handshake is compared by using the SKID when available and the signature.
  1083. If these two things do not match then any loaded CAs are used. Feature is
  1084. enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the
  1085. examples for proper usage.
  1086. \return SSL_SUCCES upon success.
  1087. \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
  1088. type are invalid.
  1089. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  1090. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  1091. read, or is corrupted.
  1092. \return MEMORY_E will be returned if an out of memory condition occurs.
  1093. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  1094. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  1095. \param file pointer to name of the file containing certificates
  1096. \param type type of certificate being loaded ie SSL_FILETYPE_ASN1
  1097. or SSL_FILETYPE_PEM.
  1098. _Example_
  1099. \code
  1100. int ret = 0;
  1101. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  1102. ...
  1103. ret = wolfSSL_CTX_trust_peer_cert(ctx, “./peer-cert.pem”,
  1104. SSL_FILETYPE_PEM);
  1105. if (ret != SSL_SUCCESS) {
  1106. // error loading trusted peer cert
  1107. }
  1108. ...
  1109. \endcode
  1110. \sa wolfSSL_CTX_load_verify_buffer
  1111. \sa wolfSSL_CTX_use_certificate_file
  1112. \sa wolfSSL_CTX_use_PrivateKey_file
  1113. \sa wolfSSL_CTX_use_certificate_chain_file
  1114. \sa wolfSSL_CTX_trust_peer_buffer
  1115. \sa wolfSSL_CTX_Unload_trust_peers
  1116. \sa wolfSSL_use_certificate_file
  1117. \sa wolfSSL_use_PrivateKey_file
  1118. \sa wolfSSL_use_certificate_chain_file
  1119. */
  1120. int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type);
  1121. /*!
  1122. \ingroup CertsKeys
  1123. \brief This function loads a chain of certificates into the SSL
  1124. context (WOLFSSL_CTX). The file containing the certificate chain
  1125. is provided by the file argument, and must contain PEM-formatted
  1126. certificates. This function will process up to MAX_CHAIN_DEPTH
  1127. (default = 9, defined in internal.h) certificates, plus the subject cert.
  1128. \return SSL_SUCCESS upon success
  1129. \return SSL_FAILURE If the function call fails, possible causes might
  1130. include the file is in the wrong format, or the wrong format has been
  1131. given using the “format” argument, file doesn’t exist, can’t be read,
  1132. or is corrupted, an out of memory condition occurs.
  1133. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  1134. wolfSSL_CTX_new()
  1135. \param file a pointer to the name of the file containing the chain of
  1136. certificates to be loaded into the wolfSSL SSL context. Certificates
  1137. must be in PEM format.
  1138. _Example_
  1139. \code
  1140. int ret = 0;
  1141. WOLFSSL_CTX* ctx;
  1142. ...
  1143. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pem”);
  1144. if (ret != SSL_SUCCESS) {
  1145. // error loading cert file
  1146. }
  1147. ...
  1148. \endcode
  1149. \sa wolfSSL_CTX_use_certificate_file
  1150. \sa wolfSSL_CTX_use_certificate_buffer
  1151. \sa wolfSSL_use_certificate_file
  1152. \sa wolfSSL_use_certificate_buffer
  1153. */
  1154. int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *ctx,
  1155. const char *file);
  1156. /*!
  1157. \ingroup openSSL
  1158. \brief This function loads the private RSA key used in the SSL connection
  1159. into the SSL context (WOLFSSL_CTX). This function is only available when
  1160. wolfSSL has been compiled with the OpenSSL compatibility layer enabled
  1161. (--enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the
  1162. more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file
  1163. argument contains a pointer to the RSA private key file, in the format
  1164. specified by format.
  1165. \return SSL_SUCCESS upon success.
  1166. \return SSL_FAILURE If the function call fails, possible causes might
  1167. include: The input key file is in the wrong format, or the wrong format
  1168. has been given using the “format” argument, file doesn’t exist, can’t
  1169. be read, or is corrupted, an out of memory condition occurs.
  1170. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  1171. wolfSSL_CTX_new()
  1172. \param file a pointer to the name of the file containing the RSA private
  1173. key to be loaded into the wolfSSL SSL context, with format as specified
  1174. by format.
  1175. \param format the encoding type of the RSA private key specified by file.
  1176. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
  1177. _Example_
  1178. \code
  1179. int ret = 0;
  1180. WOLFSSL_CTX* ctx;
  1181. ...
  1182. ret = wolfSSL_CTX_use_RSAPrivateKey_file(ctx, “./server-key.pem”,
  1183. SSL_FILETYPE_PEM);
  1184. if (ret != SSL_SUCCESS) {
  1185. // error loading private key file
  1186. }
  1187. ...
  1188. \endcode
  1189. \sa wolfSSL_CTX_use_PrivateKey_buffer
  1190. \sa wolfSSL_CTX_use_PrivateKey_file
  1191. \sa wolfSSL_use_RSAPrivateKey_file
  1192. \sa wolfSSL_use_PrivateKey_buffer
  1193. \sa wolfSSL_use_PrivateKey_file
  1194. */
  1195. int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
  1196. /*!
  1197. \ingroup IO
  1198. \brief This function returns the maximum chain depth allowed, which is 9 by
  1199. default, for a valid session i.e. there is a non-null session object (ssl).
  1200. \return MAX_CHAIN_DEPTH returned if the WOLFSSL structure is not
  1201. NULL. By default the value is 9.
  1202. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
  1203. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  1204. _Example_
  1205. \code
  1206. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  1207. WOLFSSL* ssl = wolfSSL_new(ctx);
  1208. ...
  1209. long sslDep = wolfSSL_get_verify_depth(ssl);
  1210. if(sslDep > EXPECTED){
  1211. // The verified depth is greater than what was expected
  1212. } else {
  1213. // The verified depth is smaller or equal to the expected value
  1214. }
  1215. \endcode
  1216. \sa wolfSSL_CTX_get_verify_depth
  1217. */
  1218. long wolfSSL_get_verify_depth(WOLFSSL* ssl);
  1219. /*!
  1220. \ingroup Setup
  1221. \brief This function gets the certificate chaining depth using the
  1222. CTX structure.
  1223. \return MAX_CHAIN_DEPTH returned if the CTX struct is not NULL. The
  1224. constant representation of the max certificate chain peer depth.
  1225. \return BAD_FUNC_ARG returned if the CTX structure is NULL.
  1226. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  1227. wolfSSL_CTX_new().
  1228. _Example_
  1229. \code
  1230. WOLFSSL_METHOD method; // protocol method
  1231. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
  1232. long ret = wolfSSL_CTX_get_verify_depth(ctx);
  1233. if(ret == EXPECTED){
  1234. // You have the expected value
  1235. } else {
  1236. // Handle an unexpected depth
  1237. }
  1238. \endcode
  1239. \sa wolfSSL_CTX_use_certificate_chain_file
  1240. \sa wolfSSL_get_verify_depth
  1241. */
  1242. long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
  1243. /*!
  1244. \ingroup openSSL
  1245. \brief This function loads a certificate file into the SSL session
  1246. (WOLFSSL structure). The certificate file is provided by the file
  1247. argument. The format argument specifies the format type of the file -
  1248. either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  1249. \return SSL_SUCCESS upon success
  1250. \return SSL_FAILURE If the function call fails, possible causes might
  1251. include: The file is in the wrong format, or the wrong format has been
  1252. given using the “format” argument, file doesn’t exist, can’t be read,
  1253. or is corrupted, an out of memory condition occurs, Base16 decoding
  1254. fails on the file
  1255. \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
  1256. \param file a pointer to the name of the file containing the certificate to
  1257. be loaded into the wolfSSL SSL session, with format as specified by format.
  1258. \param format the encoding type of the certificate specified by file.
  1259. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
  1260. _Example_
  1261. \code
  1262. int ret = 0;
  1263. WOLFSSL* ssl;
  1264. ...
  1265. ret = wolfSSL_use_certificate_file(ssl, “./client-cert.pem”,
  1266. SSL_FILETYPE_PEM);
  1267. if (ret != SSL_SUCCESS) {
  1268. // error loading cert file
  1269. }
  1270. ...
  1271. \endcode
  1272. \sa wolfSSL_CTX_use_certificate_buffer
  1273. \sa wolfSSL_CTX_use_certificate_file
  1274. \sa wolfSSL_use_certificate_buffer
  1275. */
  1276. int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format);
  1277. /*!
  1278. \ingroup openSSL
  1279. \brief This function loads a private key file into the SSL session
  1280. (WOLFSSL structure). The key file is provided by the file argument.
  1281. The format argument specifies the format type of the file -
  1282. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  1283. If using an external key store and do not have the private key you can
  1284. instead provide the public key and register the crypro callback to handle
  1285. the signing. For this you can build with either build with crypto callbacks
  1286. or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
  1287. WOLF_CRYPTO_CB and register a crypto callback using
  1288. wc_CryptoCb_RegisterDevice and set the associated devId using
  1289. wolfSSL_SetDevId.
  1290. \return SSL_SUCCESS upon success.
  1291. \return SSL_FAILURE If the function call fails, possible causes might
  1292. include: The file is in the wrong format, or the wrong format has been
  1293. given using the “format” argument, The file doesn’t exist, can’t be read,
  1294. or is corrupted, An out of memory condition occurs, Base16 decoding
  1295. fails on the file, The key file is encrypted but no password is provided
  1296. \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
  1297. \param file a pointer to the name of the file containing the key file to
  1298. be loaded into the wolfSSL SSL session, with format as specified by format.
  1299. \param format the encoding type of the key specified by file. Possible
  1300. values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
  1301. _Example_
  1302. \code
  1303. int ret = 0;
  1304. WOLFSSL* ssl;
  1305. ...
  1306. ret = wolfSSL_use_PrivateKey_file(ssl, “./server-key.pem”,
  1307. SSL_FILETYPE_PEM);
  1308. if (ret != SSL_SUCCESS) {
  1309. // error loading key file
  1310. }
  1311. ...
  1312. \endcode
  1313. \sa wolfSSL_CTX_use_PrivateKey_buffer
  1314. \sa wolfSSL_CTX_use_PrivateKey_file
  1315. \sa wolfSSL_use_PrivateKey_buffer
  1316. \sa wc_CryptoCb_RegisterDevice
  1317. \sa wolfSSL_SetDevId
  1318. */
  1319. int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format);
  1320. /*!
  1321. \ingroup openSSL
  1322. \brief This function loads a chain of certificates into the SSL
  1323. session (WOLFSSL structure). The file containing the certificate
  1324. chain is provided by the file argument, and must contain PEM-formatted
  1325. certificates. This function will process up to MAX_CHAIN_DEPTH
  1326. (default = 9, defined in internal.h) certificates, plus the
  1327. subject certificate.
  1328. \return SSL_SUCCESS upon success.
  1329. \return SSL_FAILURE If the function call fails, possible causes
  1330. might include: The file is in the wrong format, or the wrong format
  1331. has been given using the “format” argument, file doesn’t exist,
  1332. can’t be read, or is corrupted, an out of memory condition occurs
  1333. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
  1334. \param file a pointer to the name of the file containing the chain
  1335. of certificates to be loaded into the wolfSSL SSL session.
  1336. Certificates must be in PEM format.
  1337. _Example_
  1338. \code
  1339. int ret = 0;
  1340. WOLFSSL* ctx;
  1341. ...
  1342. ret = wolfSSL_use_certificate_chain_file(ssl, “./cert-chain.pem”);
  1343. if (ret != SSL_SUCCESS) {
  1344. // error loading cert file
  1345. }
  1346. ...
  1347. \endcode
  1348. \sa wolfSSL_CTX_use_certificate_chain_file
  1349. \sa wolfSSL_CTX_use_certificate_chain_buffer
  1350. \sa wolfSSL_use_certificate_chain_buffer
  1351. */
  1352. int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char *file);
  1353. /*!
  1354. \ingroup openSSL
  1355. \brief This function loads the private RSA key used in the SSL
  1356. connection into the SSL session (WOLFSSL structure). This
  1357. function is only available when wolfSSL has been compiled with
  1358. the OpenSSL compatibility layer enabled (--enable-opensslExtra,
  1359. #define OPENSSL_EXTRA), and is identical to the more-typically
  1360. used wolfSSL_use_PrivateKey_file() function. The file argument
  1361. contains a pointer to the RSA private key file, in the format
  1362. specified by format.
  1363. \return SSL_SUCCESS upon success
  1364. \return SSL_FAILURE If the function call fails, possible causes might
  1365. include: The input key file is in the wrong format, or the wrong format
  1366. has been given using the “format” argument, file doesn’t exist, can’t
  1367. be read, or is corrupted, an out of memory condition occurs
  1368. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
  1369. \param file a pointer to the name of the file containing the RSA private
  1370. key to be loaded into the wolfSSL SSL session, with format as specified
  1371. by format.
  1372. \param format the encoding type of the RSA private key specified by file.
  1373. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
  1374. _Example_
  1375. \code
  1376. int ret = 0;
  1377. WOLFSSL* ssl;
  1378. ...
  1379. ret = wolfSSL_use_RSAPrivateKey_file(ssl, “./server-key.pem”,
  1380. SSL_FILETYPE_PEM);
  1381. if (ret != SSL_SUCCESS) {
  1382. // error loading private key file
  1383. }
  1384. ...
  1385. \endcode
  1386. \sa wolfSSL_CTX_use_RSAPrivateKey_file
  1387. \sa wolfSSL_CTX_use_PrivateKey_buffer
  1388. \sa wolfSSL_CTX_use_PrivateKey_file
  1389. \sa wolfSSL_use_PrivateKey_buffer
  1390. \sa wolfSSL_use_PrivateKey_file
  1391. */
  1392. int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format);
  1393. /*!
  1394. \ingroup CertsKeys
  1395. \brief This function is similar to wolfSSL_CTX_load_verify_locations,
  1396. but allows the loading of DER-formatted CA files into the SSL context
  1397. (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as
  1398. well. These certificates will be treated as trusted root certificates
  1399. and used to verify certs received from peers during the SSL handshake.
  1400. The root certificate file, provided by the file argument, may be a single
  1401. certificate or a file containing multiple certificates. If multiple CA
  1402. certs are included in the same file, wolfSSL will load them in the same
  1403. order they are presented in the file. The format argument specifies the
  1404. format which the certificates are in either, SSL_FILETYPE_PEM or
  1405. SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations,
  1406. this function does not allow the loading of CA certificates from a given
  1407. directory path. Note that this function is only available when the wolfSSL
  1408. library was compiled with WOLFSSL_DER_LOAD defined.
  1409. \return SSL_SUCCESS upon success.
  1410. \return SSL_FAILURE upon failure.
  1411. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  1412. wolfSSL_CTX_new()
  1413. \param file a pointer to the name of the file containing the CA
  1414. certificates to be loaded into the wolfSSL SSL context, with format
  1415. as specified by format.
  1416. \param format the encoding type of the certificates specified by file.
  1417. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
  1418. _Example_
  1419. \code
  1420. int ret = 0;
  1421. WOLFSSL_CTX* ctx;
  1422. ...
  1423. ret = wolfSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.der”,
  1424. SSL_FILETYPE_ASN1);
  1425. if (ret != SSL_SUCCESS) {
  1426. // error loading CA certs
  1427. }
  1428. ...
  1429. \endcode
  1430. \sa wolfSSL_CTX_load_verify_locations
  1431. \sa wolfSSL_CTX_load_verify_buffer
  1432. */
  1433. int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx,
  1434. const char* file, int format);
  1435. /*!
  1436. \ingroup Setup
  1437. \brief This function creates a new SSL context, taking a desired
  1438. SSL/TLS protocol method for input.
  1439. \return pointer If successful the call will return a pointer to the
  1440. newly-created WOLFSSL_CTX.
  1441. \return NULL upon failure.
  1442. \param method pointer to the desired WOLFSSL_METHOD to use for the SSL
  1443. context. This is created using one of the wolfSSLvXX_XXXX_method()
  1444. functions to specify SSL/TLS/DTLS protocol level.
  1445. _Example_
  1446. \code
  1447. WOLFSSL_CTX* ctx = 0;
  1448. WOLFSSL_METHOD* method = 0;
  1449. method = wolfSSLv3_client_method();
  1450. if (method == NULL) {
  1451. // unable to get method
  1452. }
  1453. ctx = wolfSSL_CTX_new(method);
  1454. if (ctx == NULL) {
  1455. // context creation failed
  1456. }
  1457. \endcode
  1458. \sa wolfSSL_new
  1459. */
  1460. WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
  1461. /*!
  1462. \ingroup Setup
  1463. \brief This function creates a new SSL session, taking an already
  1464. created SSL context as input.
  1465. \return * If successful the call will return a pointer to the
  1466. newly-created wolfSSL structure.
  1467. \return NULL Upon failure.
  1468. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  1469. _Example_
  1470. \code
  1471. #include <wolfssl/ssl.h>
  1472. WOLFSSL* ssl = NULL;
  1473. WOLFSSL_CTX* ctx = 0;
  1474. ctx = wolfSSL_CTX_new(method);
  1475. if (ctx == NULL) {
  1476. // context creation failed
  1477. }
  1478. ssl = wolfSSL_new(ctx);
  1479. if (ssl == NULL) {
  1480. // SSL object creation failed
  1481. }
  1482. \endcode
  1483. \sa wolfSSL_CTX_new
  1484. */
  1485. WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
  1486. /*!
  1487. \ingroup Setup
  1488. \brief This function assigns a file descriptor (fd) as the
  1489. input/output facility for the SSL connection. Typically this will be
  1490. a socket file descriptor.
  1491. \return SSL_SUCCESS upon success.
  1492. \return BAD_FUNC_ARG upon failure.
  1493. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1494. \param fd file descriptor to use with SSL/TLS connection.
  1495. _Example_
  1496. \code
  1497. int sockfd;
  1498. WOLFSSL* ssl = 0;
  1499. ...
  1500. ret = wolfSSL_set_fd(ssl, sockfd);
  1501. if (ret != SSL_SUCCESS) {
  1502. // failed to set SSL file descriptor
  1503. }
  1504. \endcode
  1505. \sa wolfSSL_CTX_SetIOSend
  1506. \sa wolfSSL_CTX_SetIORecv
  1507. \sa wolfSSL_SetIOReadCtx
  1508. \sa wolfSSL_SetIOWriteCtx
  1509. */
  1510. int wolfSSL_set_fd(WOLFSSL* ssl, int fd);
  1511. /*!
  1512. \ingroup Setup
  1513. \brief This function assigns a file descriptor (fd) as the
  1514. input/output facility for the SSL connection. Typically this will be
  1515. a socket file descriptor. This is a DTLS specific API because it marks that
  1516. the socket is connected. recvfrom and sendto calls on this fd will have the
  1517. addr and addr_len parameters set to NULL.
  1518. \return SSL_SUCCESS upon success.
  1519. \return BAD_FUNC_ARG upon failure.
  1520. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1521. \param fd file descriptor to use with SSL/TLS connection.
  1522. _Example_
  1523. \code
  1524. int sockfd;
  1525. WOLFSSL* ssl = 0;
  1526. ...
  1527. if (connect(sockfd, peer_addr, peer_addr_len) != 0) {
  1528. // handle connect error
  1529. }
  1530. ...
  1531. ret = wolfSSL_set_dtls_fd_connected(ssl, sockfd);
  1532. if (ret != SSL_SUCCESS) {
  1533. // failed to set SSL file descriptor
  1534. }
  1535. \endcode
  1536. \sa wolfSSL_CTX_SetIOSend
  1537. \sa wolfSSL_CTX_SetIORecv
  1538. \sa wolfSSL_SetIOReadCtx
  1539. \sa wolfSSL_SetIOWriteCtx
  1540. \sa wolfDTLS_SetChGoodCb
  1541. */
  1542. int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd);
  1543. /*!
  1544. \ingroup Setup
  1545. \brief Allows setting a callback for a correctly processed and verified DTLS
  1546. client hello. When using a cookie exchange mechanism (either the
  1547. HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie
  1548. extension in DTLS 1.3) this callback is called after the cookie
  1549. exchange has succeeded. This is useful to use one WOLFSSL object as
  1550. the listener for new connections and being able to isolate the
  1551. WOLFSSL object once the ClientHello is verified (either through a
  1552. cookie exchange or just checking if the ClientHello had the correct
  1553. format).
  1554. DTLS 1.2:
  1555. https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
  1556. DTLS 1.3:
  1557. https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2
  1558. \return SSL_SUCCESS upon success.
  1559. \return BAD_FUNC_ARG upon failure.
  1560. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1561. \param fd file descriptor to use with SSL/TLS connection.
  1562. _Example_
  1563. \code
  1564. // Called when we have verified a connection
  1565. static int chGoodCb(WOLFSSL* ssl, void* arg)
  1566. {
  1567. // setup peer and file descriptors
  1568. }
  1569. if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) {
  1570. // error setting callback
  1571. }
  1572. \endcode
  1573. \sa wolfSSL_set_dtls_fd_connected
  1574. */
  1575. int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
  1576. /*!
  1577. \ingroup IO
  1578. \brief Get the name of cipher at priority level passed in.
  1579. \return string Success
  1580. \return 0 Priority is either out of bounds or not valid.
  1581. \param priority Integer representing the priority level of a cipher.
  1582. _Example_
  1583. \code
  1584. printf("The cipher at 1 is %s", wolfSSL_get_cipher_list(1));
  1585. \endcode
  1586. \sa wolfSSL_CIPHER_get_name
  1587. \sa wolfSSL_get_current_cipher
  1588. */
  1589. char* wolfSSL_get_cipher_list(int priority);
  1590. /*!
  1591. \ingroup IO
  1592. \brief This function gets the ciphers enabled in wolfSSL.
  1593. \return SSL_SUCCESS returned if the function executed without error.
  1594. \return BAD_FUNC_ARG returned if the buf parameter was NULL or if the
  1595. len argument was less than or equal to zero.
  1596. \return BUFFER_E returned if the buffer is not large enough and
  1597. will overflow.
  1598. \param buf a char pointer representing the buffer.
  1599. \param len the length of the buffer.
  1600. _Example_
  1601. \code
  1602. static void ShowCiphers(void){
  1603. char* ciphers;
  1604. int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
  1605. if(ret == SSL_SUCCES){
  1606. printf(“%s\n”, ciphers);
  1607. }
  1608. }
  1609. \endcode
  1610. \sa GetCipherNames
  1611. \sa wolfSSL_get_cipher_list
  1612. \sa ShowCiphers
  1613. */
  1614. int wolfSSL_get_ciphers(char* buf, int len);
  1615. /*!
  1616. \ingroup IO
  1617. \brief This function gets the cipher name in the format DHE-RSA by
  1618. passing through argument to wolfSSL_get_cipher_name_internal.
  1619. \return string This function returns the string representation of the
  1620. cipher suite that was matched.
  1621. \return NULL error or cipher not found.
  1622. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  1623. _Example_
  1624. \code
  1625. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  1626. WOLFSSL* ssl = wolfSSL_new(ctx);
  1627. char* cipherS = wolfSSL_get_cipher_name(ssl);
  1628. if(cipher == NULL){
  1629. // There was not a cipher suite matched
  1630. } else {
  1631. // There was a cipher suite matched
  1632. printf(“%s\n”, cipherS);
  1633. }
  1634. \endcode
  1635. \sa wolfSSL_CIPHER_get_name
  1636. \sa wolfSSL_get_current_cipher
  1637. \sa wolfSSL_get_cipher_name_internal
  1638. */
  1639. const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
  1640. /*!
  1641. \ingroup IO
  1642. \brief This function returns the read file descriptor (fd) used as the
  1643. input facility for the SSL connection. Typically this
  1644. will be a socket file descriptor.
  1645. \return fd If successful the call will return the SSL session file
  1646. descriptor.
  1647. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1648. _Example_
  1649. \code
  1650. int sockfd;
  1651. WOLFSSL* ssl = 0;
  1652. ...
  1653. sockfd = wolfSSL_get_fd(ssl);
  1654. ...
  1655. \endcode
  1656. \sa wolfSSL_set_fd
  1657. \sa wolfSSL_set_read_fd
  1658. \sa wolfSSL_set_write_fd
  1659. */
  1660. int wolfSSL_get_fd(const WOLFSSL*);
  1661. /*!
  1662. \ingroup IO
  1663. \brief This function returns the write file descriptor (fd) used as the
  1664. output facility for the SSL connection. Typically this
  1665. will be a socket file descriptor.
  1666. \return fd If successful the call will return the SSL session file
  1667. descriptor.
  1668. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1669. _Example_
  1670. \code
  1671. int sockfd;
  1672. WOLFSSL* ssl = 0;
  1673. ...
  1674. sockfd = wolfSSL_get_wfd(ssl);
  1675. ...
  1676. \endcode
  1677. \sa wolfSSL_set_fd
  1678. \sa wolfSSL_set_read_fd
  1679. \sa wolfSSL_set_write_fd
  1680. */
  1681. int wolfSSL_get_wfd(const WOLFSSL*);
  1682. /*!
  1683. \ingroup Setup
  1684. \brief This function informs the WOLFSSL object that the underlying
  1685. I/O is non-blocking. After an application creates a WOLFSSL object,
  1686. if it will be used with a non-blocking socket, call
  1687. wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
  1688. that receiving EWOULDBLOCK means that the recvfrom call would
  1689. block rather than that it timed out.
  1690. \return none No return.
  1691. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1692. \param nonblock value used to set non-blocking flag on WOLFSSL object.
  1693. Use 1 to specify non-blocking, otherwise 0.
  1694. _Example_
  1695. \code
  1696. WOLFSSL* ssl = 0;
  1697. ...
  1698. wolfSSL_set_using_nonblock(ssl, 1);
  1699. \endcode
  1700. \sa wolfSSL_get_using_nonblock
  1701. \sa wolfSSL_dtls_got_timeout
  1702. \sa wolfSSL_dtls_get_current_timeout
  1703. */
  1704. void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock);
  1705. /*!
  1706. \ingroup IO
  1707. \brief This function allows the application to determine if wolfSSL is
  1708. using non-blocking I/O. If wolfSSL is using non-blocking I/O, this
  1709. function will return 1, otherwise 0. After an application creates a
  1710. WOLFSSL object, if it will be used with a non-blocking socket, call
  1711. wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
  1712. that receiving EWOULDBLOCK means that the recvfrom call would block
  1713. rather than that it timed out.
  1714. \return 0 underlying I/O is blocking.
  1715. \return 1 underlying I/O is non-blocking.
  1716. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1717. _Example_
  1718. \code
  1719. int ret = 0;
  1720. WOLFSSL* ssl = 0;
  1721. ...
  1722. ret = wolfSSL_get_using_nonblock(ssl);
  1723. if (ret == 1) {
  1724. // underlying I/O is non-blocking
  1725. }
  1726. ...
  1727. \endcode
  1728. \sa wolfSSL_set_session
  1729. */
  1730. int wolfSSL_get_using_nonblock(WOLFSSL*);
  1731. /*!
  1732. \ingroup IO
  1733. \brief This function writes sz bytes from the buffer, data, to the SSL
  1734. connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS
  1735. session if the handshake has not already been performed yet by
  1736. wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
  1737. feature is compiled in, this function progresses the handshake only up to
  1738. the point when it is possible to send data. Next invocations of
  1739. wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
  1740. handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
  1741. When the underlying I/O is non-blocking, wolfSSL_write() will return when
  1742. the underlying I/O could not satisfy the needs of wolfSSL_write() to
  1743. continue. In this case, a call to wolfSSL_get_error() will yield either
  1744. SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
  1745. repeat the call to wolfSSL_write() when the underlying I/O is ready. If the
  1746. underlying I/O is blocking, wolfSSL_write() will only return once the buffer
  1747. data of size sz has been completely written or an error occurred.
  1748. \return >0 the number of bytes written upon success.
  1749. \return 0 will be returned upon failure. Call wolfSSL_get_error() for
  1750. the specific error code.
  1751. \return SSL_FATAL_ERROR will be returned upon failure when either an error
  1752. occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
  1753. SSL_ERROR_WANT_WRITE error was received and and the application needs to
  1754. call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
  1755. error code.
  1756. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1757. \param data data buffer which will be sent to peer.
  1758. \param sz size, in bytes, of data to send to the peer (data).
  1759. _Example_
  1760. \code
  1761. WOLFSSL* ssl = 0;
  1762. char msg[64] = “hello wolfssl!”;
  1763. int msgSz = (int)strlen(msg);
  1764. int flags;
  1765. int ret;
  1766. ...
  1767. ret = wolfSSL_write(ssl, msg, msgSz);
  1768. if (ret <= 0) {
  1769. // wolfSSL_write() failed, call wolfSSL_get_error()
  1770. }
  1771. \endcode
  1772. \sa wolfSSL_send
  1773. \sa wolfSSL_read
  1774. \sa wolfSSL_recv
  1775. */
  1776. int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz);
  1777. /*!
  1778. \ingroup IO
  1779. \brief This function reads sz bytes from the SSL session (ssl)
  1780. internal read buffer into the buffer data. The bytes read are removed
  1781. from the internal receive buffer. If necessary wolfSSL_read() will
  1782. negotiate an SSL/TLS session if the handshake has not already been
  1783. performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS
  1784. protocol uses SSL records which have a maximum size of 16kB (the max
  1785. record size can be controlled by the MAX_RECORD_SIZE define in
  1786. <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
  1787. entire SSL record internally before it is able to process and decrypt the
  1788. record. Because of this, a call to wolfSSL_read() will only be able to
  1789. return the maximum buffer size which has been decrypted at the time of
  1790. calling. There may be additional not-yet-decrypted data waiting in the
  1791. internal wolfSSL receive buffer which will be retrieved and decrypted with
  1792. the next call to wolfSSL_read(). If sz is larger than the number of bytes
  1793. in the internal read buffer, SSL_read() will return the bytes available in
  1794. the internal read buffer. If no bytes are buffered in the internal read
  1795. buffer yet, a call to wolfSSL_read() will trigger processing of the next
  1796. record.
  1797. \return >0 the number of bytes read upon success.
  1798. \return 0 will be returned upon failure. This may be caused by a either a
  1799. clean (close notify alert) shutdown or just that the peer closed the
  1800. connection. Call wolfSSL_get_error() for the specific error code.
  1801. \return SSL_FATAL_ERROR will be returned upon failure when either an error
  1802. occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
  1803. SSL_ERROR_WANT_WRITE error was received and and the application needs to
  1804. call wolfSSL_read() again. Use wolfSSL_get_error() to get a specific
  1805. error code.
  1806. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1807. \param data buffer where wolfSSL_read() will place data read.
  1808. \param sz number of bytes to read into data.
  1809. _Example_
  1810. \code
  1811. WOLFSSL* ssl = 0;
  1812. char reply[1024];
  1813. ...
  1814. input = wolfSSL_read(ssl, reply, sizeof(reply));
  1815. if (input > 0) {
  1816. // “input” number of bytes returned into buffer “reply”
  1817. }
  1818. See wolfSSL examples (client, server, echoclient, echoserver) for more
  1819. complete examples of wolfSSL_read().
  1820. \endcode
  1821. \sa wolfSSL_recv
  1822. \sa wolfSSL_write
  1823. \sa wolfSSL_peek
  1824. \sa wolfSSL_pending
  1825. */
  1826. int wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
  1827. /*!
  1828. \ingroup IO
  1829. \brief This function copies sz bytes from the SSL session (ssl) internal
  1830. read buffer into the buffer data. This function is identical to
  1831. wolfSSL_read() except that the data in the internal SSL session
  1832. receive buffer is not removed or modified. If necessary, like
  1833. wolfSSL_read(), wolfSSL_peek() will negotiate an SSL/TLS session if
  1834. the handshake has not already been performed yet by wolfSSL_connect()
  1835. or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a
  1836. maximum size of 16kB (the max record size can be controlled by the
  1837. MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such,
  1838. wolfSSL needs to read an entire SSL record internally before it is able
  1839. to process and decrypt the record. Because of this, a call to
  1840. wolfSSL_peek() will only be able to return the maximum buffer size which
  1841. has been decrypted at the time of calling. There may be additional
  1842. not-yet-decrypted data waiting in the internal wolfSSL receive buffer
  1843. which will be retrieved and decrypted with the next call to
  1844. wolfSSL_peek() / wolfSSL_read(). If sz is larger than the number of bytes
  1845. in the internal read buffer, SSL_peek() will return the bytes available
  1846. in the internal read buffer. If no bytes are buffered in the internal
  1847. read buffer yet, a call to wolfSSL_peek() will trigger processing of the
  1848. next record.
  1849. \return >0 the number of bytes read upon success.
  1850. \return 0 will be returned upon failure. This may be caused by a either
  1851. a clean (close notify alert) shutdown or just that the peer closed the
  1852. connection. Call wolfSSL_get_error() for the specific error code.
  1853. \return SSL_FATAL_ERROR will be returned upon failure when either an
  1854. error occurred or, when using non-blocking sockets, the
  1855. SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error was received and and
  1856. the application needs to call wolfSSL_peek() again. Use
  1857. wolfSSL_get_error() to get a specific error code.
  1858. \param ssl pointer to the SSL session, created with wolfSSL_new().
  1859. \param data buffer where wolfSSL_peek() will place data read.
  1860. \param sz number of bytes to read into data.
  1861. _Example_
  1862. \code
  1863. WOLFSSL* ssl = 0;
  1864. char reply[1024];
  1865. ...
  1866. input = wolfSSL_peek(ssl, reply, sizeof(reply));
  1867. if (input > 0) {
  1868. // “input” number of bytes returned into buffer “reply”
  1869. }
  1870. \endcode
  1871. \sa wolfSSL_read
  1872. */
  1873. int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
  1874. /*!
  1875. \ingroup IO
  1876. \brief This function is called on the server side and waits for an SSL
  1877. client to initiate the SSL/TLS handshake. When this function is called,
  1878. the underlying communication channel has already been set up.
  1879. wolfSSL_accept() works with both blocking and non-blocking I/O.
  1880. When the underlying I/O is non-blocking, wolfSSL_accept() will return
  1881. when the underlying I/O could not satisfy the needs of wolfSSL_accept
  1882. to continue the handshake. In this case, a call to wolfSSL_get_error()
  1883. will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
  1884. The calling process must then repeat the call to wolfSSL_accept when
  1885. data is available to read and wolfSSL will pick up where it left off.
  1886. When using a non-blocking socket, nothing needs to be done, but select()
  1887. can be used to check for the required condition. If the underlying I/O
  1888. is blocking, wolfSSL_accept() will only return once the handshake has
  1889. been finished or an error occurred.
  1890. \return SSL_SUCCESS upon success.
  1891. \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
  1892. more detailed error code, call wolfSSL_get_error().
  1893. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  1894. _Example_
  1895. \code
  1896. int ret = 0;
  1897. int err = 0;
  1898. WOLFSSL* ssl;
  1899. char buffer[80];
  1900. ...
  1901. ret = wolfSSL_accept(ssl);
  1902. if (ret != SSL_SUCCESS) {
  1903. err = wolfSSL_get_error(ssl, ret);
  1904. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  1905. }
  1906. \endcode
  1907. \sa wolfSSL_get_error
  1908. \sa wolfSSL_connect
  1909. */
  1910. int wolfSSL_accept(WOLFSSL*);
  1911. /*!
  1912. \ingroup IO
  1913. \brief This function is called on the server side and statelessly listens
  1914. for an SSL client to initiate the DTLS handshake.
  1915. \return WOLFSSL_SUCCESS ClientHello containing a valid cookie was received.
  1916. The connection can be continued with wolfSSL_accept().
  1917. \return WOLFSSL_FAILURE The I/O layer returned WANT_READ. This is either
  1918. because there is no data to read and we are using non-blocking sockets or
  1919. we sent a cookie request and we are waiting for a reply. The user should
  1920. call wolfDTLS_accept_stateless again after data becomes available in
  1921. the I/O layer.
  1922. \return WOLFSSL_FATAL_ERROR A fatal error occurred. The ssl object should be
  1923. free'd and allocated again to continue.
  1924. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  1925. _Example_
  1926. \code
  1927. int ret = 0;
  1928. int err = 0;
  1929. WOLFSSL* ssl;
  1930. ...
  1931. do {
  1932. ret = wolfDTLS_accept_stateless(ssl);
  1933. if (ret == WOLFSSL_FATAL_ERROR)
  1934. // re-allocate the ssl object with wolfSSL_free() and wolfSSL_new()
  1935. } while (ret != WOLFSSL_SUCCESS);
  1936. ret = wolfSSL_accept(ssl);
  1937. if (ret != SSL_SUCCESS) {
  1938. err = wolfSSL_get_error(ssl, ret);
  1939. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  1940. }
  1941. \endcode
  1942. \sa wolfSSL_accept
  1943. \sa wolfSSL_get_error
  1944. \sa wolfSSL_connect
  1945. */
  1946. int wolfDTLS_accept_stateless(WOLFSSL* ssl);
  1947. /*!
  1948. \ingroup Setup
  1949. \brief This function frees an allocated WOLFSSL_CTX object. This
  1950. function decrements the CTX reference count and only frees the context
  1951. when the reference count has reached 0.
  1952. \return none No return.
  1953. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  1954. _Example_
  1955. \code
  1956. WOLFSSL_CTX* ctx = 0;
  1957. ...
  1958. wolfSSL_CTX_free(ctx);
  1959. \endcode
  1960. \sa wolfSSL_CTX_new
  1961. \sa wolfSSL_new
  1962. \sa wolfSSL_free
  1963. */
  1964. void wolfSSL_CTX_free(WOLFSSL_CTX*);
  1965. /*!
  1966. \ingroup Setup
  1967. \brief This function frees an allocated wolfSSL object.
  1968. \return none No return.
  1969. \param ssl pointer to the SSL object, created with wolfSSL_new().
  1970. _Example_
  1971. \code
  1972. #include <wolfssl/ssl.h>
  1973. WOLFSSL* ssl = 0;
  1974. ...
  1975. wolfSSL_free(ssl);
  1976. \endcode
  1977. \sa wolfSSL_CTX_new
  1978. \sa wolfSSL_new
  1979. \sa wolfSSL_CTX_free
  1980. */
  1981. void wolfSSL_free(WOLFSSL*);
  1982. /*!
  1983. \ingroup TLS
  1984. \brief This function shuts down an active SSL/TLS connection using
  1985. the SSL session, ssl. This function will try to send a “close notify”
  1986. alert to the peer. The calling application can choose to wait for the
  1987. peer to send its “close notify” alert in response or just go ahead
  1988. and shut down the underlying connection after directly calling
  1989. wolfSSL_shutdown (to save resources). Either option is allowed by
  1990. the TLS specification. If the underlying connection will be used
  1991. again in the future, the complete two-directional shutdown procedure
  1992. must be performed to keep synchronization intact between the peers.
  1993. wolfSSL_shutdown() works with both blocking and non-blocking I/O.
  1994. When the underlying I/O is non-blocking, wolfSSL_shutdown() will
  1995. return an error if the underlying I/O could not satisfy the needs of
  1996. wolfSSL_shutdown() to continue. In this case, a call to
  1997. wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or
  1998. SSL_ERROR_WANT_WRITE. The calling process must then repeat the call
  1999. to wolfSSL_shutdown() when the underlying I/O is ready.
  2000. \return SSL_SUCCESS will be returned upon success.
  2001. \return SSL_SHUTDOWN_NOT_DONE will be returned when shutdown has not
  2002. finished, and the function should be called again.
  2003. \return SSL_FATAL_ERROR will be returned upon failure. Call
  2004. wolfSSL_get_error() for a more specific error code.
  2005. \param ssl pointer to the SSL session created with wolfSSL_new().
  2006. _Example_
  2007. \code
  2008. #include <wolfssl/ssl.h>
  2009. int ret = 0;
  2010. WOLFSSL* ssl = 0;
  2011. ...
  2012. ret = wolfSSL_shutdown(ssl);
  2013. if (ret != 0) {
  2014. // failed to shut down SSL connection
  2015. }
  2016. \endcode
  2017. \sa wolfSSL_free
  2018. \sa wolfSSL_CTX_free
  2019. */
  2020. int wolfSSL_shutdown(WOLFSSL*);
  2021. /*!
  2022. \ingroup IO
  2023. \brief This function writes sz bytes from the buffer, data, to the SSL
  2024. connection, ssl, using the specified flags for the underlying write
  2025. operation. If necessary wolfSSL_send() will negotiate an SSL/TLS session
  2026. if the handshake has not already been performed yet by wolfSSL_connect()
  2027. or wolfSSL_accept(). wolfSSL_send() works with both blocking and
  2028. non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_send()
  2029. will return when the underlying I/O could not satisfy the needs of
  2030. wolfSSL_send to continue. In this case, a call to wolfSSL_get_error()
  2031. will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
  2032. The calling process must then repeat the call to wolfSSL_send() when
  2033. the underlying I/O is ready. If the underlying I/O is blocking,
  2034. wolfSSL_send() will only return once the buffer data of size sz has
  2035. been completely written or an error occurred.
  2036. \return >0 the number of bytes written upon success.
  2037. \return 0 will be returned upon failure. Call wolfSSL_get_error() for
  2038. the specific error code.
  2039. \return SSL_FATAL_ERROR will be returned upon failure when either an error
  2040. occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
  2041. SSL_ERROR_WANT_WRITE error was received and and the application needs to
  2042. call wolfSSL_send() again. Use wolfSSL_get_error() to get a specific
  2043. error code.
  2044. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2045. \param data data buffer to send to peer.
  2046. \param sz size, in bytes, of data to be sent to peer.
  2047. \param flags the send flags to use for the underlying send operation.
  2048. _Example_
  2049. \code
  2050. WOLFSSL* ssl = 0;
  2051. char msg[64] = “hello wolfssl!”;
  2052. int msgSz = (int)strlen(msg);
  2053. int flags = ... ;
  2054. ...
  2055. input = wolfSSL_send(ssl, msg, msgSz, flags);
  2056. if (input != msgSz) {
  2057. // wolfSSL_send() failed
  2058. }
  2059. \endcode
  2060. \sa wolfSSL_write
  2061. \sa wolfSSL_read
  2062. \sa wolfSSL_recv
  2063. */
  2064. int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags);
  2065. /*!
  2066. \ingroup IO
  2067. \brief This function reads sz bytes from the SSL session (ssl) internal
  2068. read buffer into the buffer data using the specified flags for the
  2069. underlying recv operation. The bytes read are removed from the internal
  2070. receive buffer. This function is identical to wolfSSL_read() except
  2071. that it allows the application to set the recv flags for the underlying
  2072. read operation. If necessary wolfSSL_recv() will negotiate an SSL/TLS
  2073. session if the handshake has not already been performed yet by
  2074. wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses
  2075. SSL records which have a maximum size of 16kB (the max record size
  2076. can be controlled by the MAX_RECORD_SIZE define in
  2077. <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
  2078. entire SSL record internally before it is able to process and decrypt
  2079. the record. Because of this, a call to wolfSSL_recv() will only be
  2080. able to return the maximum buffer size which has been decrypted at
  2081. the time of calling. There may be additional not-yet-decrypted data
  2082. waiting in the internal wolfSSL receive buffer which will be
  2083. retrieved and decrypted with the next call to wolfSSL_recv(). If sz
  2084. is larger than the number of bytes in the internal read buffer,
  2085. SSL_recv() will return the bytes available in the internal read buffer.
  2086. If no bytes are buffered in the internal read buffer yet, a call to
  2087. wolfSSL_recv() will trigger processing of the next record.
  2088. \return >0 the number of bytes read upon success.
  2089. \return 0 will be returned upon failure. This may be caused by a either
  2090. a clean (close notify alert) shutdown or just that the peer closed the
  2091. connection. Call wolfSSL_get_error() for the specific error code.
  2092. \return SSL_FATAL_ERROR will be returned upon failure when either an error
  2093. occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
  2094. SSL_ERROR_WANT_WRITE error was received and and the application needs to
  2095. call wolfSSL_recv() again. Use wolfSSL_get_error() to get a specific
  2096. error code.
  2097. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2098. \param data buffer where wolfSSL_recv() will place data read.
  2099. \param sz number of bytes to read into data.
  2100. \param flags the recv flags to use for the underlying recv operation.
  2101. _Example_
  2102. \code
  2103. WOLFSSL* ssl = 0;
  2104. char reply[1024];
  2105. int flags = ... ;
  2106. ...
  2107. input = wolfSSL_recv(ssl, reply, sizeof(reply), flags);
  2108. if (input > 0) {
  2109. // “input” number of bytes returned into buffer “reply”
  2110. }
  2111. \endcode
  2112. \sa wolfSSL_read
  2113. \sa wolfSSL_write
  2114. \sa wolfSSL_peek
  2115. \sa wolfSSL_pending
  2116. */
  2117. int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags);
  2118. /*!
  2119. \ingroup Debug
  2120. \brief This function returns a unique error code describing why the
  2121. previous API function call (wolfSSL_connect, wolfSSL_accept, wolfSSL_read,
  2122. wolfSSL_write, etc.) resulted in an error return code (SSL_FAILURE).
  2123. The return value of the previous function is passed to wolfSSL_get_error
  2124. through ret. After wolfSSL_get_error is called and returns the unique
  2125. error code, wolfSSL_ERR_error_string() may be called to get a
  2126. human-readable error string. See wolfSSL_ERR_error_string() for more
  2127. information.
  2128. \return On successful completion, this function will return the
  2129. unique error code describing why the previous API function failed.
  2130. \return SSL_ERROR_NONE will be returned if ret > 0. For ret <= 0, there are
  2131. some cases when this value can also be returned when a previous API appeared
  2132. to return an error code but no error actually occurred. An example is
  2133. calling wolfSSL_read() with a zero sz parameter. A 0 return from
  2134. wolfSSL_read() usually indicates an error but in this case no error
  2135. occurred. If wolfSSL_get_error() is called afterwards, SSL_ERROR_NONE will
  2136. be returned.
  2137. \param ssl pointer to the SSL object, created with wolfSSL_new().
  2138. \param ret return value of the previous function that resulted in an error
  2139. return code.
  2140. _Example_
  2141. \code
  2142. int err = 0;
  2143. WOLFSSL* ssl;
  2144. char buffer[80];
  2145. ...
  2146. err = wolfSSL_get_error(ssl, 0);
  2147. wolfSSL_ERR_error_string(err, buffer);
  2148. printf(“err = %d, %s\n”, err, buffer);
  2149. \endcode
  2150. \sa wolfSSL_ERR_error_string
  2151. \sa wolfSSL_ERR_error_string_n
  2152. \sa wolfSSL_ERR_print_errors_fp
  2153. \sa wolfSSL_load_error_strings
  2154. */
  2155. int wolfSSL_get_error(WOLFSSL* ssl, int ret);
  2156. /*!
  2157. \ingroup IO
  2158. \brief This function gets the alert history.
  2159. \return SSL_SUCCESS returned when the function completed successfully.
  2160. Either there was alert history or there wasn’t, either way, the
  2161. return value is SSL_SUCCESS.
  2162. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  2163. \param h a pointer to a WOLFSSL_ALERT_HISTORY structure that will hold the
  2164. WOLFSSL struct’s alert_history member’s value.
  2165. _Example_
  2166. \code
  2167. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  2168. WOLFSSL* ssl = wolfSSL_new(ctx);
  2169. WOLFSSL_ALERT_HISTORY* h;
  2170. ...
  2171. wolfSSL_get_alert_history(ssl, h);
  2172. // h now has a copy of the ssl->alert_history contents
  2173. \endcode
  2174. \sa wolfSSL_get_error
  2175. */
  2176. int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
  2177. /*!
  2178. \ingroup Setup
  2179. \brief This function sets the session to be used when the SSL object,
  2180. ssl, is used to establish a SSL/TLS connection. For session resumption,
  2181. before calling wolfSSL_shutdown() with your session object, an application
  2182. should save the session ID from the object with a call to
  2183. wolfSSL_get1_session(), which returns a pointer to the session.
  2184. Later, the application should create a new WOLFSSL object and assign
  2185. the saved session with wolfSSL_set_session(). At this point, the
  2186. application may call wolfSSL_connect() and wolfSSL will try to resume
  2187. the session. The wolfSSL server code allows session resumption by default.
  2188. The object returned by wolfSSL_get1_session() needs to be freed after the
  2189. application is done with it by calling wolfSSL_SESSION_free() on it.
  2190. \return SSL_SUCCESS will be returned upon successfully setting the session.
  2191. \return SSL_FAILURE will be returned on failure. This could be caused
  2192. by the session cache being disabled, or if the session has timed out.
  2193. \return When OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL are defined,
  2194. SSL_SUCCESS will be returned even if the session has timed out.
  2195. \param ssl pointer to the SSL object, created with wolfSSL_new().
  2196. \param session pointer to the WOLFSSL_SESSION used to set the session
  2197. for ssl.
  2198. _Example_
  2199. \code
  2200. int ret;
  2201. WOLFSSL* ssl;
  2202. WOLFSSL_SESSION* session;
  2203. ...
  2204. session = wolfSSL_get1_session(ssl);
  2205. if (session == NULL) {
  2206. // failed to get session object from ssl object
  2207. }
  2208. ...
  2209. ret = wolfSSL_set_session(ssl, session);
  2210. if (ret != SSL_SUCCESS) {
  2211. // failed to set the SSL session
  2212. }
  2213. wolfSSL_SESSION_free(session);
  2214. ...
  2215. \endcode
  2216. \sa wolfSSL_get1_session
  2217. */
  2218. int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
  2219. /*!
  2220. \ingroup IO
  2221. \brief When NO_SESSION_CACHE_REF is defined this function returns a pointer
  2222. to the current session (WOLFSSL_SESSION) used in ssl. This function returns
  2223. a non-persistent pointer to the WOLFSSL_SESSION object. The pointer returned
  2224. will be freed when wolfSSL_free is called. This call should only be used to
  2225. inspect or modify the current session. For session resumption it is
  2226. recommended to use wolfSSL_get1_session(). For backwards compatibility when
  2227. NO_SESSION_CACHE_REF is not defined this function returns a persistent
  2228. session object pointer that is stored in the local cache. The cache size is
  2229. finite and there is a risk that the session object will be overwritten by
  2230. another ssl connection by the time the application calls
  2231. wolfSSL_set_session() on it. It is recommended to define
  2232. NO_SESSION_CACHE_REF in your application and to use wolfSSL_get1_session()
  2233. for session resumption.
  2234. \return pointer If successful the call will return a pointer to the the
  2235. current SSL session object.
  2236. \return NULL will be returned if ssl is NULL, the SSL session cache is
  2237. disabled, wolfSSL doesn’t have the Session ID available, or mutex
  2238. functions fail.
  2239. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2240. _Example_
  2241. \code
  2242. WOLFSSL* ssl;
  2243. WOLFSSL_SESSION* session;
  2244. ...
  2245. session = wolfSSL_get_session(ssl);
  2246. if (session == NULL) {
  2247. // failed to get session pointer
  2248. }
  2249. ...
  2250. \endcode
  2251. \sa wolfSSL_get1_session
  2252. \sa wolfSSL_set_session
  2253. */
  2254. WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
  2255. /*!
  2256. \ingroup IO
  2257. \brief This function flushes session from the session cache which
  2258. have expired. The time, tm, is used for the time comparison. Note
  2259. that wolfSSL currently uses a static table for sessions, so no flushing
  2260. is needed. As such, this function is currently just a stub. This
  2261. function provides OpenSSL compatibility (SSL_flush_sessions) when
  2262. wolfSSL is compiled with the OpenSSL compatibility layer.
  2263. \return none No returns.
  2264. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  2265. wolfSSL_CTX_new().
  2266. \param tm time used in session expiration comparison.
  2267. _Example_
  2268. \code
  2269. WOLFSSL_CTX* ssl;
  2270. ...
  2271. wolfSSL_flush_sessions(ctx, time(0));
  2272. \endcode
  2273. \sa wolfSSL_get1_session
  2274. \sa wolfSSL_set_session
  2275. */
  2276. void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm);
  2277. /*!
  2278. \ingroup TLS
  2279. \brief This function associates the client session with the server id.
  2280. If the newSession flag is on, an existing session won’t be reused.
  2281. \return SSL_SUCCESS returned if the function executed without error.
  2282. \return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter
  2283. is NULL or if len is not greater than zero.
  2284. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  2285. \param id a constant byte pointer that will be copied to the
  2286. serverID member of the WOLFSSL_SESSION structure.
  2287. \param len an int type representing the length of the session id parameter.
  2288. \param newSession an int type representing the flag to denote whether
  2289. to reuse a session or not.
  2290. _Example_
  2291. \code
  2292. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol );
  2293. WOLFSSL* ssl = WOLFSSL_new(ctx);
  2294. const byte id[MAX_SIZE]; // or dynamically create space
  2295. int len = 0; // initialize length
  2296. int newSession = 0; // flag to allow
  2297. int ret = wolfSSL_SetServerID(ssl, id, len, newSession);
  2298. if (ret == WOLFSSL_SUCCESS) {
  2299. // The Id was successfully set
  2300. }
  2301. \endcode
  2302. \sa wolfSSL_set_session
  2303. */
  2304. int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id,
  2305. int len, int newSession);
  2306. /*!
  2307. \ingroup IO
  2308. \brief This function gets the session index of the WOLFSSL structure.
  2309. \return int The function returns an int type representing the
  2310. sessionIndex within the WOLFSSL struct.
  2311. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  2312. _Example_
  2313. \code
  2314. WOLFSSL_CTX_new( protocol method );
  2315. WOLFSSL* ssl = WOLFSSL_new(ctx);
  2316. ...
  2317. int sesIdx = wolfSSL_GetSessionIndex(ssl);
  2318. if(sesIdx < 0 || sesIdx > sizeof(ssl->sessionIndex)/sizeof(int)){
  2319. // You have an out of bounds index number and something is not right.
  2320. }
  2321. \endcode
  2322. \sa wolfSSL_GetSessionAtIndex
  2323. */
  2324. int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
  2325. /*!
  2326. \ingroup IO
  2327. \brief This function gets the session at specified index of the session
  2328. cache and copies it into memory. The WOLFSSL_SESSION structure holds
  2329. the session information.
  2330. \return SSL_SUCCESS returned if the function executed successfully and
  2331. no errors were thrown.
  2332. \return BAD_MUTEX_E returned if there was an unlock or lock mutex error.
  2333. \return SSL_FAILURE returned if the function did not execute successfully.
  2334. \param idx an int type representing the session index.
  2335. \param session a pointer to the WOLFSSL_SESSION structure.
  2336. _Example_
  2337. \code
  2338. int idx; // The index to locate the session.
  2339. WOLFSSL_SESSION* session; // Buffer to copy to.
  2340. ...
  2341. if(wolfSSL_GetSessionAtIndex(idx, session) != SSL_SUCCESS){
  2342. // Failure case.
  2343. }
  2344. \endcode
  2345. \sa UnLockMutex
  2346. \sa LockMutex
  2347. \sa wolfSSL_GetSessionIndex
  2348. */
  2349. int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
  2350. /*!
  2351. \ingroup IO
  2352. \brief Returns the peer certificate chain from the WOLFSSL_SESSION struct.
  2353. \return pointer A pointer to a WOLFSSL_X509_CHAIN structure that
  2354. contains the peer certification chain.
  2355. \param session a pointer to a WOLFSSL_SESSION structure.
  2356. _Example_
  2357. \code
  2358. WOLFSSL_SESSION* session;
  2359. WOLFSSL_X509_CHAIN* chain;
  2360. ...
  2361. chain = wolfSSL_SESSION_get_peer_chain(session);
  2362. if(!chain){
  2363. // There was no chain. Failure case.
  2364. }
  2365. \endcode
  2366. \sa wolfSSL_GetSessionAtIndex
  2367. \sa wolfSSL_GetSessionIndex
  2368. \sa AddSession
  2369. */
  2370. WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
  2371. /*!
  2372. \ingroup Setup
  2373. \brief This function sets the verification method for remote peers and
  2374. also allows a verify callback to be registered with the SSL context.
  2375. The verify callback will be called only when a verification failure has
  2376. occurred. If no verify callback is desired, the NULL pointer can be used
  2377. for verify_callback. The verification mode of peer certificates is a
  2378. logically OR’d list of flags. The possible flag values include:
  2379. SSL_VERIFY_NONE Client mode: the client will not verify the certificate
  2380. received from the server and the handshake will continue as normal.
  2381. Server mode: the server will not send a certificate request to the client.
  2382. As such, client verification will not be enabled. SSL_VERIFY_PEER Client
  2383. mode: the client will verify the certificate received from the server
  2384. during the handshake. This is turned on by default in wolfSSL, therefore,
  2385. using this option has no effect. Server mode: the server will send a
  2386. certificate request to the client and verify the client certificate
  2387. received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
  2388. used on the client side. Server mode: the verification will fail on the
  2389. server side if the client fails to send a certificate when requested to
  2390. do so (when using SSL_VERIFY_PEER on the SSL server).
  2391. SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
  2392. side. Server mode: the verification is the same as
  2393. SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
  2394. If a PSK connection is being made then the connection will go through
  2395. without a peer cert.
  2396. \return none No return.
  2397. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  2398. \param mode flags indicating verification mode for peer's cert.
  2399. \param verify_callback callback to be called when verification fails.
  2400. If no callback is desired, the NULL pointer can be used for
  2401. verify_callback.
  2402. _Example_
  2403. \code
  2404. WOLFSSL_CTX* ctx = 0;
  2405. ...
  2406. wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER |
  2407. WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
  2408. \endcode
  2409. \sa wolfSSL_set_verify
  2410. */
  2411. void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
  2412. VerifyCallback verify_callback);
  2413. /*!
  2414. \ingroup Setup
  2415. \brief This function sets the verification method for remote peers and
  2416. also allows a verify callback to be registered with the SSL session.
  2417. The verify callback will be called only when a verification failure has
  2418. occurred. If no verify callback is desired, the NULL pointer can be used
  2419. for verify_callback. The verification mode of peer certificates is a
  2420. logically OR’d list of flags. The possible flag values include:
  2421. SSL_VERIFY_NONE Client mode: the client will not verify the certificate
  2422. received from the server and the handshake will continue as normal. Server
  2423. mode: the server will not send a certificate request to the client.
  2424. As such, client verification will not be enabled. SSL_VERIFY_PEER Client
  2425. mode: the client will verify the certificate received from the server
  2426. during the handshake. This is turned on by default in wolfSSL, therefore,
  2427. using this option has no effect. Server mode: the server will send a
  2428. certificate request to the client and verify the client certificate
  2429. received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
  2430. used on the client side. Server mode: the verification will fail on the
  2431. server side if the client fails to send a certificate when requested to do
  2432. so (when using SSL_VERIFY_PEER on the SSL server).
  2433. SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
  2434. side. Server mode: the verification is the same as
  2435. SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
  2436. If a PSK connection is being made then the connection will go through
  2437. without a peer cert.
  2438. \return none No return.
  2439. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2440. \param mode flags indicating verification mode for peer's cert.
  2441. \param verify_callback callback to be called when verification fails.
  2442. If no callback is desired, the NULL pointer can
  2443. be used for verify_callback.
  2444. _Example_
  2445. \code
  2446. WOLFSSL* ssl = 0;
  2447. ...
  2448. wolfSSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  2449. \endcode
  2450. \sa wolfSSL_CTX_set_verify
  2451. */
  2452. void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback);
  2453. /*!
  2454. \ingroup CertsKeys
  2455. \brief This function stores user CTX object information for verify callback.
  2456. \return none No return.
  2457. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  2458. \param ctx a void pointer that is set to WOLFSSL structure’s verifyCbCtx
  2459. member’s value.
  2460. _Example_
  2461. \code
  2462. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  2463. WOLFSSL* ssl = wolfSSL_new(ctx);
  2464. (void*)ctx;
  2465. ...
  2466. if(ssl != NULL){
  2467. wolfSSL_SetCertCbCtx(ssl, ctx);
  2468. } else {
  2469. // Error case, the SSL is not initialized properly.
  2470. }
  2471. \endcode
  2472. \sa wolfSSL_CTX_save_cert_cache
  2473. \sa wolfSSL_CTX_restore_cert_cache
  2474. \sa wolfSSL_CTX_set_verify
  2475. */
  2476. void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx);
  2477. /*!
  2478. \ingroup CertsKeys
  2479. \brief This function stores user CTX object information for verify callback.
  2480. \return none No return.
  2481. \param ctx a pointer to a WOLFSSL_CTX structure.
  2482. \param userCtx a void pointer that is used to set WOLFSSL_CTX structure’s
  2483. verifyCbCtx member’s value.
  2484. _Example_
  2485. \code
  2486. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  2487. void* userCtx = NULL; // Assign some user defined context
  2488. ...
  2489. if(ctx != NULL){
  2490. wolfSSL_SetCertCbCtx(ctx, userCtx);
  2491. } else {
  2492. // Error case, the SSL is not initialized properly.
  2493. }
  2494. \endcode
  2495. \sa wolfSSL_CTX_save_cert_cache
  2496. \sa wolfSSL_CTX_restore_cert_cache
  2497. \sa wolfSSL_CTX_set_verify
  2498. */
  2499. void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx);
  2500. /*!
  2501. \ingroup IO
  2502. \brief This function returns the number of bytes which are buffered and
  2503. available in the SSL object to be read by wolfSSL_read().
  2504. \return int This function returns the number of bytes pending.
  2505. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2506. _Example_
  2507. \code
  2508. int pending = 0;
  2509. WOLFSSL* ssl = 0;
  2510. ...
  2511. pending = wolfSSL_pending(ssl);
  2512. printf(“There are %d bytes buffered and available for reading”, pending);
  2513. \endcode
  2514. \sa wolfSSL_recv
  2515. \sa wolfSSL_read
  2516. \sa wolfSSL_peek
  2517. */
  2518. int wolfSSL_pending(WOLFSSL*);
  2519. /*!
  2520. \ingroup Debug
  2521. \brief This function is for OpenSSL compatibility (SSL_load_error_string)
  2522. only and takes no action.
  2523. \return none No returns.
  2524. \param none No parameters.
  2525. _Example_
  2526. \code
  2527. wolfSSL_load_error_strings();
  2528. \endcode
  2529. \sa wolfSSL_get_error
  2530. \sa wolfSSL_ERR_error_string
  2531. \sa wolfSSL_ERR_error_string_n
  2532. \sa wolfSSL_ERR_print_errors_fp
  2533. \sa wolfSSL_load_error_strings
  2534. */
  2535. void wolfSSL_load_error_strings(void);
  2536. /*!
  2537. \ingroup TLS
  2538. \brief This function is called internally in wolfSSL_CTX_new(). This
  2539. function is a wrapper around wolfSSL_Init() and exists for OpenSSL
  2540. compatibility (SSL_library_init) when wolfSSL has been compiled with
  2541. OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used
  2542. wolfSSL initialization function.
  2543. \return SSL_SUCCESS If successful the call will return.
  2544. \return SSL_FATAL_ERROR is returned upon failure.
  2545. \param none No parameters.
  2546. _Example_
  2547. \code
  2548. int ret = 0;
  2549. ret = wolfSSL_library_init();
  2550. if (ret != SSL_SUCCESS) {
  2551. failed to initialize wolfSSL
  2552. }
  2553. ...
  2554. \endcode
  2555. \sa wolfSSL_Init
  2556. \sa wolfSSL_Cleanup
  2557. */
  2558. int wolfSSL_library_init(void);
  2559. /*!
  2560. \brief This function sets the Device Id at the WOLFSSL session level.
  2561. \return WOLFSSL_SUCCESS upon success.
  2562. \return BAD_FUNC_ARG if ssl is NULL.
  2563. \param ssl pointer to a SSL object, created with wolfSSL_new().
  2564. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  2565. _Example_
  2566. \code
  2567. WOLFSSL* ssl;
  2568. int DevId = -2;
  2569. wolfSSL_SetDevId(ssl, devId);
  2570. \endcode
  2571. \sa wolfSSL_CTX_SetDevId
  2572. \sa wolfSSL_CTX_GetDevId
  2573. */
  2574. int wolfSSL_SetDevId(WOLFSSL* ssl, int devId);
  2575. /*!
  2576. \brief This function sets the Device Id at the WOLFSSL_CTX context level.
  2577. \return WOLFSSL_SUCCESS upon success.
  2578. \return BAD_FUNC_ARG if ssl is NULL.
  2579. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  2580. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  2581. _Example_
  2582. \code
  2583. WOLFSSL_CTX* ctx;
  2584. int DevId = -2;
  2585. wolfSSL_CTX_SetDevId(ctx, devId);
  2586. \endcode
  2587. \sa wolfSSL_SetDevId
  2588. \sa wolfSSL_CTX_GetDevId
  2589. */
  2590. int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId);
  2591. /*!
  2592. \brief This function retrieves the Device Id.
  2593. \return devId upon success.
  2594. \return INVALID_DEVID if both ssl and ctx are NULL.
  2595. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  2596. \param ssl pointer to a SSL object, created with wolfSSL_new().
  2597. _Example_
  2598. \code
  2599. WOLFSSL_CTX* ctx;
  2600. wolfSSL_CTX_GetDevId(ctx, ssl);
  2601. \endcode
  2602. \sa wolfSSL_SetDevId
  2603. \sa wolfSSL_CTX_SetDevId
  2604. */
  2605. int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
  2606. /*!
  2607. \ingroup Setup
  2608. \brief This function enables or disables SSL session caching.
  2609. Behavior depends on the value used for mode. The following values
  2610. for mode are available: SSL_SESS_CACHE_OFF- disable session caching.
  2611. Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR -
  2612. Disable auto-flushing of the session cache. Auto-flushing is turned on
  2613. by default.
  2614. \return SSL_SUCCESS will be returned upon success.
  2615. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  2616. \param mode modifier used to change behavior of the session cache.
  2617. _Example_
  2618. \code
  2619. WOLFSSL_CTX* ctx = 0;
  2620. ...
  2621. ret = wolfSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
  2622. if (ret != SSL_SUCCESS) {
  2623. // failed to turn SSL session caching off
  2624. }
  2625. \endcode
  2626. \sa wolfSSL_flush_sessions
  2627. \sa wolfSSL_get1_session
  2628. \sa wolfSSL_set_session
  2629. \sa wolfSSL_get_sessionID
  2630. \sa wolfSSL_CTX_set_timeout
  2631. */
  2632. long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode);
  2633. /*!
  2634. \brief This function sets the session secret callback function. The
  2635. SessionSecretCb type has the signature: int (*SessionSecretCb)(WOLFSSL* ssl,
  2636. void* secret, int* secretSz, void* ctx). The sessionSecretCb member of
  2637. the WOLFSSL struct is set to the parameter cb.
  2638. \return SSL_SUCCESS returned if the execution of the function did not
  2639. return an error.
  2640. \return SSL_FATAL_ERROR returned if the WOLFSSL structure is NULL.
  2641. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  2642. \param cb a SessionSecretCb type that is a function pointer with the above
  2643. signature.
  2644. \param ctx a pointer to the user context to be stored
  2645. _Example_
  2646. \code
  2647. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  2648. WOLFSSL* ssl = wolfSSL_new(ctx);
  2649. // Signature of SessionSecretCb
  2650. int SessionSecretCB (WOLFSSL* ssl, void* secret, int* secretSz,
  2651. void* ctx) = SessionSecretCb;
  2652. int wolfSSL_set_session_secret_cb(ssl, SessionSecretCB, (void*)ssl->ctx){
  2653. // Function body.
  2654. }
  2655. \endcode
  2656. \sa SessionSecretCb
  2657. */
  2658. int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx);
  2659. /*!
  2660. \ingroup IO
  2661. \brief This function persists the session cache to file. It doesn’t use
  2662. memsave because of additional memory use.
  2663. \return SSL_SUCCESS returned if the function executed without error.
  2664. The session cache has been written to a file.
  2665. \return SSL_BAD_FILE returned if fname cannot be opened or is otherwise
  2666. corrupt.
  2667. \return FWRITE_ERROR returned if XFWRITE failed to write to the file.
  2668. \return BAD_MUTEX_E returned if there was a mutex lock failure.
  2669. \param fname is a constant char pointer that points to a file for writing.
  2670. _Example_
  2671. \code
  2672. const char* fname;
  2673. ...
  2674. if(wolfSSL_save_session_cache(fname) != SSL_SUCCESS){
  2675. // Fail to write to file.
  2676. }
  2677. \endcode
  2678. \sa XFWRITE
  2679. \sa wolfSSL_restore_session_cache
  2680. \sa wolfSSL_memrestore_session_cache
  2681. */
  2682. int wolfSSL_save_session_cache(const char* fname);
  2683. /*!
  2684. \ingroup IO
  2685. \brief This function restores the persistent session cache from file. It
  2686. does not use memstore because of additional memory use.
  2687. \return SSL_SUCCESS returned if the function executed without error.
  2688. \return SSL_BAD_FILE returned if the file passed into the function was
  2689. corrupted and could not be opened by XFOPEN.
  2690. \return FREAD_ERROR returned if the file had a read error from XFREAD.
  2691. \return CACHE_MATCH_ERROR returned if the session cache header match
  2692. failed.
  2693. \return BAD_MUTEX_E returned if there was a mutex lock failure.
  2694. \param fname a constant char pointer file input that will be read.
  2695. _Example_
  2696. \code
  2697. const char *fname;
  2698. ...
  2699. if(wolfSSL_restore_session_cache(fname) != SSL_SUCCESS){
  2700. // Failure case. The function did not return SSL_SUCCESS.
  2701. }
  2702. \endcode
  2703. \sa XFREAD
  2704. \sa XFOPEN
  2705. */
  2706. int wolfSSL_restore_session_cache(const char* fname);
  2707. /*!
  2708. \ingroup IO
  2709. \brief This function persists session cache to memory.
  2710. \return SSL_SUCCESS returned if the function executed without error.
  2711. The session cache has been successfully persisted to memory.
  2712. \return BAD_MUTEX_E returned if there was a mutex lock error.
  2713. \return BUFFER_E returned if the buffer size was too small.
  2714. \param mem a void pointer representing the destination for the memory
  2715. copy, XMEMCPY().
  2716. \param sz an int type representing the size of mem.
  2717. _Example_
  2718. \code
  2719. void* mem;
  2720. int sz; // Max size of the memory buffer.
  2721. if(wolfSSL_memsave_session_cache(mem, sz) != SSL_SUCCESS){
  2722. // Failure case, you did not persist the session cache to memory
  2723. }
  2724. \endcode
  2725. \sa XMEMCPY
  2726. \sa wolfSSL_get_session_cache_memsize
  2727. */
  2728. int wolfSSL_memsave_session_cache(void* mem, int sz);
  2729. /*!
  2730. \ingroup IO
  2731. \brief This function restores the persistent session cache from memory.
  2732. \return SSL_SUCCESS returned if the function executed without an error.
  2733. \return BUFFER_E returned if the memory buffer is too small.
  2734. \return BAD_MUTEX_E returned if the session cache mutex lock failed.
  2735. \return CACHE_MATCH_ERROR returned if the session cache header match
  2736. failed.
  2737. \param mem a constant void pointer containing the source of the
  2738. restoration.
  2739. \param sz an integer representing the size of the memory buffer.
  2740. _Example_
  2741. \code
  2742. const void* memoryFile;
  2743. int szMf;
  2744. ...
  2745. if(wolfSSL_memrestore_session_cache(memoryFile, szMf) != SSL_SUCCESS){
  2746. // Failure case. SSL_SUCCESS was not returned.
  2747. }
  2748. \endcode
  2749. \sa wolfSSL_save_session_cache
  2750. */
  2751. int wolfSSL_memrestore_session_cache(const void* mem, int sz);
  2752. /*!
  2753. \ingroup IO
  2754. \brief This function returns how large the session cache save buffer
  2755. should be.
  2756. \return int This function returns an integer that represents the size of
  2757. the session cache save buffer.
  2758. \param none No parameters.
  2759. _Example_
  2760. \code
  2761. int sz = // Minimum size for error checking;
  2762. ...
  2763. if(sz < wolfSSL_get_session_cache_memsize()){
  2764. // Memory buffer is too small
  2765. }
  2766. \endcode
  2767. \sa wolfSSL_memrestore_session_cache
  2768. */
  2769. int wolfSSL_get_session_cache_memsize(void);
  2770. /*!
  2771. \ingroup CertsKeys
  2772. \brief This function writes the cert cache from memory to file.
  2773. \return SSL_SUCCESS if CM_SaveCertCache exits normally.
  2774. \return BAD_FUNC_ARG is returned if either of the arguments are NULL.
  2775. \return SSL_BAD_FILE if the cert cache save file could not be opened.
  2776. \return BAD_MUTEX_E if the lock mutex failed.
  2777. \return MEMORY_E the allocation of memory failed.
  2778. \return FWRITE_ERROR Certificate cache file write failed.
  2779. \param ctx a pointer to a WOLFSSL_CTX structure, holding the
  2780. certificate information.
  2781. \param fname a constant char pointer that points to a file for writing.
  2782. _Example_
  2783. \code
  2784. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
  2785. const char* fname;
  2786. ...
  2787. if(wolfSSL_CTX_save_cert_cache(ctx, fname)){
  2788. // file was written.
  2789. }
  2790. \endcode
  2791. \sa CM_SaveCertCache
  2792. \sa DoMemSaveCertCache
  2793. */
  2794. int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
  2795. /*!
  2796. \ingroup CertsKeys
  2797. \brief This function persistes certificate cache from a file.
  2798. \return SSL_SUCCESS returned if the function, CM_RestoreCertCache,
  2799. executes normally.
  2800. \return SSL_BAD_FILE returned if XFOPEN returns XBADFILE. The file is
  2801. corrupted.
  2802. \return MEMORY_E returned if the allocated memory for the temp buffer
  2803. fails.
  2804. \return BAD_FUNC_ARG returned if fname or ctx have a NULL value.
  2805. \param ctx a pointer to a WOLFSSL_CTX structure, holding the certificate
  2806. information.
  2807. \param fname a constant char pointer that points to a file for reading.
  2808. _Example_
  2809. \code
  2810. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  2811. WOLFSSL* ssl = wolfSSL_new(ctx);
  2812. const char* fname = "path to file";
  2813. ...
  2814. if(wolfSSL_CTX_restore_cert_cache(ctx, fname)){
  2815. // check to see if the execution was successful
  2816. }
  2817. \endcode
  2818. \sa CM_RestoreCertCache
  2819. \sa XFOPEN
  2820. */
  2821. int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
  2822. /*!
  2823. \ingroup CertsKeys
  2824. \brief This function persists the certificate cache to memory.
  2825. \return SSL_SUCCESS returned on successful execution of the function.
  2826. No errors were thrown.
  2827. \return BAD_MUTEX_E mutex error where the WOLFSSL_CERT_MANAGER member
  2828. caLock was not 0 (zero).
  2829. \return BAD_FUNC_ARG returned if ctx, mem, or used is NULL or if sz
  2830. is less than or equal to 0 (zero).
  2831. \return BUFFER_E output buffer mem was too small.
  2832. \param ctx a pointer to a WOLFSSL_CTX structure, created
  2833. using wolfSSL_CTX_new().
  2834. \param mem a void pointer to the destination (output buffer).
  2835. \param sz the size of the output buffer.
  2836. \param used a pointer to size of the cert cache header.
  2837. _Example_
  2838. \code
  2839. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
  2840. void* mem;
  2841. int sz;
  2842. int* used;
  2843. ...
  2844. if(wolfSSL_CTX_memsave_cert_cache(ctx, mem, sz, used) != SSL_SUCCESS){
  2845. // The function returned with an error
  2846. }
  2847. \endcode
  2848. \sa DoMemSaveCertCache
  2849. \sa GetCertCacheMemSize
  2850. \sa CM_MemRestoreCertCache
  2851. \sa CM_GetCertCacheMemSize
  2852. */
  2853. int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used);
  2854. /*!
  2855. \ingroup Setup
  2856. \brief This function restores the certificate cache from memory.
  2857. \return SSL_SUCCESS returned if the function and subroutines
  2858. executed without an error.
  2859. \return BAD_FUNC_ARG returned if the ctx or mem parameters are
  2860. NULL or if the sz parameter is less than or equal to zero.
  2861. \return BUFFER_E returned if the cert cache memory buffer is too small.
  2862. \return CACHE_MATCH_ERROR returned if there was a cert cache
  2863. header mismatch.
  2864. \return BAD_MUTEX_E returned if the lock mutex on failed.
  2865. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  2866. wolfSSL_CTX_new().
  2867. \param mem a void pointer with a value that will be restored to
  2868. the certificate cache.
  2869. \param sz an int type that represents the size of the mem parameter.
  2870. _Example_
  2871. \code
  2872. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
  2873. WOLFSSL* ssl = WOLFSSL_new(ctx);
  2874. void* mem;
  2875. int sz = (*int) sizeof(mem);
  2876. if(wolfSSL_CTX_memrestore_cert_cache(ssl->ctx, mem, sz)){
  2877. // The success case
  2878. }
  2879. \endcode
  2880. \sa CM_MemRestoreCertCache
  2881. */
  2882. int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz);
  2883. /*!
  2884. \ingroup CertsKeys
  2885. \brief Returns the size the certificate cache save buffer needs to be.
  2886. \return int integer value returned representing the memory size
  2887. upon success.
  2888. \return BAD_FUNC_ARG is returned if the WOLFSSL_CTX struct is NULL.
  2889. \return BAD_MUTEX_E - returned if there was a mutex lock error.
  2890. \param ctx a pointer to a wolfSSL_CTX structure, created using
  2891. wolfSSL_CTX_new().
  2892. _Example_
  2893. \code
  2894. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol);
  2895. ...
  2896. int certCacheSize = wolfSSL_CTX_get_cert_cache_memsize(ctx);
  2897. if(certCacheSize != BAD_FUNC_ARG || certCacheSize != BAD_MUTEX_E){
  2898. // Successfully retrieved the memory size.
  2899. }
  2900. \endcode
  2901. \sa CM_GetCertCacheMemSize
  2902. */
  2903. int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx);
  2904. /*!
  2905. \ingroup Setup
  2906. \brief This function sets cipher suite list for a given WOLFSSL_CTX.
  2907. This cipher suite list becomes the default list for any new SSL sessions
  2908. (WOLFSSL) created using this context. The ciphers in the list should be
  2909. sorted in order of preference from highest to lowest. Each call to
  2910. wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the
  2911. specific SSL context to the provided list each time the function is
  2912. called. The cipher suite list, list, is a null-terminated text string,
  2913. and a colon-delimited list. For example, one value for list may be
  2914. "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher
  2915. values are the full name values from the cipher_names[] array in
  2916. src/internal.c (for a definite list of valid cipher values check
  2917. src/internal.c)
  2918. \return SSL_SUCCESS will be returned upon successful function completion.
  2919. \return SSL_FAILURE will be returned on failure.
  2920. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  2921. \param list null-terminated text string and a colon-delimited list of
  2922. cipher suites to use with the specified SSL context.
  2923. _Example_
  2924. \code
  2925. WOLFSSL_CTX* ctx = 0;
  2926. ...
  2927. ret = wolfSSL_CTX_set_cipher_list(ctx,
  2928. “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
  2929. if (ret != SSL_SUCCESS) {
  2930. // failed to set cipher suite list
  2931. }
  2932. \endcode
  2933. \sa wolfSSL_set_cipher_list
  2934. \sa wolfSSL_CTX_new
  2935. */
  2936. int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list);
  2937. /*!
  2938. \ingroup Setup
  2939. \brief This function sets cipher suite list for a given WOLFSSL object
  2940. (SSL session). The ciphers in the list should be sorted in order of
  2941. preference from highest to lowest. Each call to wolfSSL_set_cipher_list()
  2942. resets the cipher suite list for the specific SSL session to the provided
  2943. list each time the function is called. The cipher suite list, list, is a
  2944. null-terminated text string, and a colon-delimited list. For example, one
  2945. value for list may be
  2946. "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256".
  2947. Valid cipher values are the full name values from the cipher_names[]
  2948. array in src/internal.c (for a definite list of valid cipher values
  2949. check src/internal.c)
  2950. \return SSL_SUCCESS will be returned upon successful function completion.
  2951. \return SSL_FAILURE will be returned on failure.
  2952. \param ssl pointer to the SSL session, created with wolfSSL_new().
  2953. \param list null-terminated text string and a colon-delimited list of
  2954. cipher suites to use with the specified SSL session.
  2955. _Example_
  2956. \code
  2957. int ret = 0;
  2958. WOLFSSL* ssl = 0;
  2959. ...
  2960. ret = wolfSSL_set_cipher_list(ssl,
  2961. “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
  2962. if (ret != SSL_SUCCESS) {
  2963. // failed to set cipher suite list
  2964. }
  2965. \endcode
  2966. \sa wolfSSL_CTX_set_cipher_list
  2967. \sa wolfSSL_new
  2968. */
  2969. int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list);
  2970. /*!
  2971. \brief This function informs the WOLFSSL DTLS object that the underlying
  2972. UDP I/O is non-blocking. After an application creates a WOLFSSL object,
  2973. if it will be used with a non-blocking UDP socket, call
  2974. wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
  2975. that receiving EWOULDBLOCK means that the recvfrom call would
  2976. block rather than that it timed out.
  2977. \return none No return.
  2978. \param ssl pointer to the DTLS session, created with wolfSSL_new().
  2979. \param nonblock value used to set non-blocking flag on WOLFSSL object.
  2980. Use 1 to specify non-blocking, otherwise 0.
  2981. _Example_
  2982. \code
  2983. WOLFSSL* ssl = 0;
  2984. ...
  2985. wolfSSL_dtls_set_using_nonblock(ssl, 1);
  2986. \endcode
  2987. \sa wolfSSL_dtls_get_using_nonblock
  2988. \sa wolfSSL_dtls_got_timeout
  2989. \sa wolfSSL_dtls_get_current_timeout
  2990. */
  2991. void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock);
  2992. /*!
  2993. \brief This function allows the application to determine if wolfSSL is
  2994. using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this
  2995. function will return 1, otherwise 0. After an application creates a
  2996. WOLFSSL object, if it will be used with a non-blocking UDP socket, call
  2997. wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
  2998. that receiving EWOULDBLOCK means that the recvfrom call would block
  2999. rather than that it timed out. This function is only meaningful to DTLS
  3000. sessions.
  3001. \return 0 underlying I/O is blocking.
  3002. \return 1 underlying I/O is non-blocking.
  3003. \param ssl pointer to the DTLS session, created with wolfSSL_new().
  3004. _Example_
  3005. \code
  3006. int ret = 0;
  3007. WOLFSSL* ssl = 0;
  3008. ...
  3009. ret = wolfSSL_dtls_get_using_nonblock(ssl);
  3010. if (ret == 1) {
  3011. // underlying I/O is non-blocking
  3012. }
  3013. ...
  3014. \endcode
  3015. \sa wolfSSL_dtls_set_using_nonblock
  3016. \sa wolfSSL_dtls_got_timeout
  3017. \sa wolfSSL_dtls_set_using_nonblock
  3018. */
  3019. int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl);
  3020. /*!
  3021. \brief This function returns the current timeout value in seconds for
  3022. the WOLFSSL object. When using non-blocking sockets, something in the user
  3023. code needs to decide when to check for available recv data and how long
  3024. it has been waiting. The value returned by this function indicates how
  3025. long the application should wait.
  3026. \return seconds The current DTLS timeout value in seconds
  3027. \return NOT_COMPILED_IN if wolfSSL was not built with DTLS support.
  3028. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3029. _Example_
  3030. \code
  3031. int timeout = 0;
  3032. WOLFSSL* ssl;
  3033. ...
  3034. timeout = wolfSSL_get_dtls_current_timeout(ssl);
  3035. printf(“DTLS timeout (sec) = %d\n”, timeout);
  3036. \endcode
  3037. \sa wolfSSL_dtls
  3038. \sa wolfSSL_dtls_get_peer
  3039. \sa wolfSSL_dtls_got_timeout
  3040. \sa wolfSSL_dtls_set_peer
  3041. */
  3042. int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
  3043. /*!
  3044. \brief This function returns true if the application should setup a quicker
  3045. timeout. When using non-blocking sockets, something in the user code needs
  3046. to decide when to check for available data and how long it needs to wait. If
  3047. this function returns true, it means that the library already detected some
  3048. disruption in the communication, but it wants to wait for a little longer in
  3049. case some messages from the other peers are still in flight. Is up to the
  3050. application to fine tune the value of this timer, a good one may be
  3051. dtls_get_current_timeout() / 4.
  3052. \return true if the application code should setup a quicker timeout
  3053. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3054. \sa wolfSSL_dtls
  3055. \sa wolfSSL_dtls_get_peer
  3056. \sa wolfSSL_dtls_got_timeout
  3057. \sa wolfSSL_dtls_set_peer
  3058. \sa wolfSSL_dtls13_set_send_more_acks
  3059. */
  3060. int wolfSSL_dtls13_use_quick_timeout(WOLFSSL *ssl);
  3061. /*!
  3062. \ingroup Setup
  3063. \brief This function sets whether the library should send ACKs to the other
  3064. peer immediately when detecting disruption or not. Sending ACKs immediately
  3065. assures minimum latency but it may consume more bandwidth than necessary. If
  3066. the application manages the timer by itself and this option is set to 0 then
  3067. application code can use wolfSSL_dtls13_use_quick_timeout() to determine if
  3068. it should setup a quicker timeout to send those delayed ACKs.
  3069. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3070. \param value 1 to set the option, 0 to disable the option
  3071. \sa wolfSSL_dtls
  3072. \sa wolfSSL_dtls_get_peer
  3073. \sa wolfSSL_dtls_got_timeout
  3074. \sa wolfSSL_dtls_set_peer
  3075. \sa wolfSSL_dtls13_use_quick_timeout
  3076. */
  3077. void wolfSSL_dtls13_set_send_more_acks(WOLFSSL *ssl, int value);
  3078. /*!
  3079. \ingroup Setup
  3080. \brief This function sets the dtls timeout.
  3081. \return SSL_SUCCESS returned if the function executes without an error.
  3082. The dtls_timeout_init and the dtls_timeout members of SSL have been set.
  3083. \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
  3084. the timeout is not greater than 0. It will also return if the timeout
  3085. argument exceeds the maximum value allowed.
  3086. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3087. \param timeout an int type that will be set to the dtls_timeout_init
  3088. member of the WOLFSSL structure.
  3089. _Example_
  3090. \code
  3091. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  3092. WOLFSSL* ssl = wolfSSL_new(ctx);
  3093. int timeout = TIMEOUT;
  3094. ...
  3095. if(wolfSSL_dtls_set_timeout_init(ssl, timeout)){
  3096. // the dtls timeout was set
  3097. } else {
  3098. // Failed to set DTLS timeout.
  3099. }
  3100. \endcode
  3101. \sa wolfSSL_dtls_set_timeout_max
  3102. \sa wolfSSL_dtls_got_timeout
  3103. */
  3104. int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
  3105. /*!
  3106. \brief This function sets the maximum dtls timeout.
  3107. \return SSL_SUCCESS returned if the function executed without an error.
  3108. \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
  3109. the timeout argument is not greater than zero or is less than the
  3110. dtls_timeout_init member of the WOLFSSL structure.
  3111. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3112. \param timeout an int type representing the dtls maximum timeout.
  3113. _Example_
  3114. \code
  3115. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  3116. WOLFSSL* ssl = wolfSSL_new(ctx);
  3117. int timeout = TIMEOUTVAL;
  3118. ...
  3119. int ret = wolfSSL_dtls_set_timeout_max(ssl);
  3120. if(!ret){
  3121. // Failed to set the max timeout
  3122. }
  3123. \endcode
  3124. \sa wolfSSL_dtls_set_timeout_init
  3125. \sa wolfSSL_dtls_got_timeout
  3126. */
  3127. int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
  3128. /*!
  3129. \brief When using non-blocking sockets with DTLS, this function should
  3130. be called on the WOLFSSL object when the controlling code thinks the
  3131. transmission has timed out. It performs the actions needed to retry
  3132. the last transmit, including adjusting the timeout value. If it
  3133. has been too long, this will return a failure.
  3134. \return SSL_SUCCESS will be returned upon success
  3135. \return SSL_FATAL_ERROR will be returned if there have been too many
  3136. retransmissions/timeouts without getting a response from the peer.
  3137. \return NOT_COMPILED_IN will be returned if wolfSSL was not compiled with
  3138. DTLS support.
  3139. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3140. _Example_
  3141. \code
  3142. See the following files for usage examples:
  3143. <wolfssl_root>/examples/client/client.c
  3144. <wolfssl_root>/examples/server/server.c
  3145. \endcode
  3146. \sa wolfSSL_dtls_get_current_timeout
  3147. \sa wolfSSL_dtls_get_peer
  3148. \sa wolfSSL_dtls_set_peer
  3149. \sa wolfSSL_dtls
  3150. */
  3151. int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
  3152. /*!
  3153. \brief When using non-blocking sockets with DTLS, this function retransmits
  3154. the last handshake flight ignoring the expected timeout value and
  3155. retransmit count. It is useful for applications that are using DTLS and
  3156. need to manage even the timeout and retry count.
  3157. \return SSL_SUCCESS will be returned upon success
  3158. \return SSL_FATAL_ERROR will be returned if there have been too many
  3159. retransmissions/timeouts without getting a response from the peer.
  3160. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3161. _Example_
  3162. \code
  3163. int ret = 0;
  3164. WOLFSSL* ssl;
  3165. ...
  3166. ret = wolfSSL_dtls_retransmit(ssl);
  3167. \endcode
  3168. \sa wolfSSL_dtls_get_current_timeout
  3169. \sa wolfSSL_dtls_got_timeout
  3170. \sa wolfSSL_dtls
  3171. */
  3172. int wolfSSL_dtls_retransmit(WOLFSSL* ssl);
  3173. /*!
  3174. \brief This function is used to determine if the SSL session has been
  3175. configured to use DTLS.
  3176. \return 1 If the SSL session (ssl) has been configured to use DTLS, this
  3177. function will return 1.
  3178. \return 0 otherwise.
  3179. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3180. _Example_
  3181. \code
  3182. int ret = 0;
  3183. WOLFSSL* ssl;
  3184. ...
  3185. ret = wolfSSL_dtls(ssl);
  3186. if (ret) {
  3187. // SSL session has been configured to use DTLS
  3188. }
  3189. \endcode
  3190. \sa wolfSSL_dtls_get_current_timeout
  3191. \sa wolfSSL_dtls_get_peer
  3192. \sa wolfSSL_dtls_got_timeout
  3193. \sa wolfSSL_dtls_set_peer
  3194. */
  3195. int wolfSSL_dtls(WOLFSSL* ssl);
  3196. /*!
  3197. \brief This function sets the DTLS peer, peer (sockaddr_in) with size of
  3198. peerSz.
  3199. \return SSL_SUCCESS will be returned upon success.
  3200. \return SSL_FAILURE will be returned upon failure.
  3201. \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
  3202. with DTLS support.
  3203. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3204. \param peer pointer to peer’s sockaddr_in structure. If NULL then the peer
  3205. information in ssl is cleared.
  3206. \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
  3207. then the peer information in ssl is cleared.
  3208. _Example_
  3209. \code
  3210. int ret = 0;
  3211. WOLFSSL* ssl;
  3212. sockaddr_in addr;
  3213. ...
  3214. ret = wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
  3215. if (ret != SSL_SUCCESS) {
  3216. // failed to set DTLS peer
  3217. }
  3218. \endcode
  3219. \sa wolfSSL_dtls_get_current_timeout
  3220. \sa wolfSSL_dtls_set_pending_peer
  3221. \sa wolfSSL_dtls_get_peer
  3222. \sa wolfSSL_dtls_got_timeout
  3223. \sa wolfSSL_dtls
  3224. */
  3225. int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
  3226. /*!
  3227. \brief This function sets the pending DTLS peer, peer (sockaddr_in) with
  3228. size of peerSz. This sets the pending peer that will be upgraded to a
  3229. regular peer when we successfully de-protect the next record. This is useful
  3230. in scenarios where the peer's address can change to avoid off-path attackers
  3231. from changing the peer address. This should be used with Connection ID's to
  3232. allow seamless and safe transition to a new peer address.
  3233. \return SSL_SUCCESS will be returned upon success.
  3234. \return SSL_FAILURE will be returned upon failure.
  3235. \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
  3236. with DTLS support.
  3237. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3238. \param peer pointer to peer’s sockaddr_in structure. If NULL then the peer
  3239. information in ssl is cleared.
  3240. \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
  3241. then the peer information in ssl is cleared.
  3242. _Example_
  3243. \code
  3244. int ret = 0;
  3245. WOLFSSL* ssl;
  3246. sockaddr_in addr;
  3247. ...
  3248. ret = wolfSSL_dtls_set_pending_peer(ssl, &addr, sizeof(addr));
  3249. if (ret != SSL_SUCCESS) {
  3250. // failed to set DTLS peer
  3251. }
  3252. \endcode
  3253. \sa wolfSSL_dtls_get_current_timeout
  3254. \sa wolfSSL_dtls_set_peer
  3255. \sa wolfSSL_dtls_get_peer
  3256. \sa wolfSSL_dtls_got_timeout
  3257. \sa wolfSSL_dtls
  3258. */
  3259. int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
  3260. unsigned int peerSz);
  3261. /*!
  3262. \brief This function gets the sockaddr_in (of size peerSz) of the current
  3263. DTLS peer. The function will compare peerSz to the actual DTLS peer size
  3264. stored in the SSL session. If the peer will fit into peer, the peer’s
  3265. sockaddr_in will be copied into peer, with peerSz set to the size of peer.
  3266. \return SSL_SUCCESS will be returned upon success.
  3267. \return SSL_FAILURE will be returned upon failure.
  3268. \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
  3269. with DTLS support.
  3270. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3271. \param peer pointer to memory location to store peer’s sockaddr_in
  3272. structure.
  3273. \param peerSz input/output size. As input, the size of the allocated memory
  3274. pointed to by peer. As output, the size of the actual sockaddr_in structure
  3275. pointed to by peer.
  3276. _Example_
  3277. \code
  3278. int ret = 0;
  3279. WOLFSSL* ssl;
  3280. sockaddr_in addr;
  3281. ...
  3282. ret = wolfSSL_dtls_get_peer(ssl, &addr, sizeof(addr));
  3283. if (ret != SSL_SUCCESS) {
  3284. // failed to get DTLS peer
  3285. }
  3286. \endcode
  3287. \sa wolfSSL_dtls_get_current_timeout
  3288. \sa wolfSSL_dtls_got_timeout
  3289. \sa wolfSSL_dtls_set_peer
  3290. \sa wolfSSL_dtls
  3291. */
  3292. int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
  3293. /*!
  3294. \brief This function gets the sockaddr_in (of size peerSz) of the current
  3295. DTLS peer. This is a zero-copy alternative to wolfSSL_dtls_get_peer().
  3296. \return SSL_SUCCESS will be returned upon success.
  3297. \return SSL_FAILURE will be returned upon failure.
  3298. \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
  3299. with DTLS support.
  3300. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3301. \param peer pointer to return the internal buffer holding the peer address
  3302. \param peerSz output the size of the actual sockaddr_in structure
  3303. pointed to by peer.
  3304. _Example_
  3305. \code
  3306. int ret = 0;
  3307. WOLFSSL* ssl;
  3308. sockaddr_in* addr;
  3309. unsigned int addrSz;
  3310. ...
  3311. ret = wolfSSL_dtls_get_peer(ssl, &addr, &addrSz);
  3312. if (ret != SSL_SUCCESS) {
  3313. // failed to get DTLS peer
  3314. }
  3315. \endcode
  3316. \sa wolfSSL_dtls_get_current_timeout
  3317. \sa wolfSSL_dtls_got_timeout
  3318. \sa wolfSSL_dtls_set_peer
  3319. \sa wolfSSL_dtls
  3320. */
  3321. int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
  3322. unsigned int* peerSz);
  3323. /*!
  3324. \ingroup Debug
  3325. \brief This function converts an error code returned by
  3326. wolfSSL_get_error() into a more human-readable error string.
  3327. errNumber is the error code returned by wolfSSL_get_error() and data
  3328. is the storage buffer which the error string will be placed in.
  3329. The maximum length of data is 80 characters by default, as defined by
  3330. MAX_ERROR_SZ is wolfssl/wolfcrypt/error.h.
  3331. \return success On successful completion, this function returns the same
  3332. string as is returned in data.
  3333. \return failure Upon failure, this function returns a string with the
  3334. appropriate failure reason, msg.
  3335. \param errNumber error code returned by wolfSSL_get_error().
  3336. \param data output buffer containing human-readable error string matching
  3337. errNumber.
  3338. _Example_
  3339. \code
  3340. int err = 0;
  3341. WOLFSSL* ssl;
  3342. char buffer[80];
  3343. ...
  3344. err = wolfSSL_get_error(ssl, 0);
  3345. wolfSSL_ERR_error_string(err, buffer);
  3346. printf(“err = %d, %s\n”, err, buffer);
  3347. \endcode
  3348. \sa wolfSSL_get_error
  3349. \sa wolfSSL_ERR_error_string_n
  3350. \sa wolfSSL_ERR_print_errors_fp
  3351. \sa wolfSSL_load_error_strings
  3352. */
  3353. char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data);
  3354. /*!
  3355. \ingroup Debug
  3356. \brief This function is a version of wolfSSL_ERR_error_string() where
  3357. len specifies the maximum number of characters that may be written to buf.
  3358. Like wolfSSL_ERR_error_string(), this function converts an error code
  3359. returned from wolfSSL_get_error() into a more human-readable error string.
  3360. The human-readable string is placed in buf.
  3361. \return none No returns.
  3362. \param e error code returned by wolfSSL_get_error().
  3363. \param buff output buffer containing human-readable error string matching e.
  3364. \param len maximum length in characters which may be written to buf.
  3365. _Example_
  3366. \code
  3367. int err = 0;
  3368. WOLFSSL* ssl;
  3369. char buffer[80];
  3370. ...
  3371. err = wolfSSL_get_error(ssl, 0);
  3372. wolfSSL_ERR_error_string_n(err, buffer, 80);
  3373. printf(“err = %d, %s\n”, err, buffer);
  3374. \endcode
  3375. \sa wolfSSL_get_error
  3376. \sa wolfSSL_ERR_error_string
  3377. \sa wolfSSL_ERR_print_errors_fp
  3378. \sa wolfSSL_load_error_strings
  3379. */
  3380. void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
  3381. unsigned long sz);
  3382. /*!
  3383. \ingroup TLS
  3384. \brief This function checks the shutdown conditions in closeNotify or
  3385. connReset or sentNotify members of the Options structure. The Options
  3386. structure is within the WOLFSSL structure.
  3387. \return 1 SSL_SENT_SHUTDOWN is returned.
  3388. \return 2 SSL_RECEIVED_SHUTDOWN is returned.
  3389. \param ssl a constant pointer to a WOLFSSL structure, created using
  3390. wolfSSL_new().
  3391. _Example_
  3392. \code
  3393. #include <wolfssl/ssl.h>
  3394. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
  3395. WOLFSSL* ssl = WOLFSSL_new(ctx);
  3396. int ret;
  3397. ret = wolfSSL_get_shutdown(ssl);
  3398. if(ret == 1){
  3399. SSL_SENT_SHUTDOWN
  3400. } else if(ret == 2){
  3401. SSL_RECEIVED_SHUTDOWN
  3402. } else {
  3403. Fatal error.
  3404. }
  3405. \endcode
  3406. \sa wolfSSL_SESSION_free
  3407. */
  3408. int wolfSSL_get_shutdown(const WOLFSSL* ssl);
  3409. /*!
  3410. \ingroup IO
  3411. \brief This function returns the resuming member of the options struct. The
  3412. flag indicates whether or not to reuse a session. If not, a new session must
  3413. be established.
  3414. \return This function returns an int type held in the Options structure
  3415. representing the flag for session reuse.
  3416. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3417. _Example_
  3418. \code
  3419. WOLFSSL* ssl = wolfSSL_new(ctx);
  3420. if(!wolfSSL_session_reused(sslResume)){
  3421. // No session reuse allowed.
  3422. }
  3423. \endcode
  3424. \sa wolfSSL_SESSION_free
  3425. \sa wolfSSL_GetSessionIndex
  3426. \sa wolfSSL_memsave_session_cache
  3427. */
  3428. int wolfSSL_session_reused(WOLFSSL* ssl);
  3429. /*!
  3430. \ingroup TLS
  3431. \brief This function checks to see if the connection is established.
  3432. \return 0 returned if the connection is not established, i.e. the WOLFSSL
  3433. struct is NULL or the handshake is not done.
  3434. \return 1 returned if the connection is established i.e. the WOLFSSL
  3435. handshake is done.
  3436. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3437. _EXAMPLE_
  3438. \code
  3439. #include <wolfssl/ssl.h>
  3440. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  3441. WOLFSSL* ssl = wolfSSL_new(ctx);
  3442. ...
  3443. if(wolfSSL_is_init_finished(ssl)){
  3444. Handshake is done and connection is established
  3445. }
  3446. \endcode
  3447. \sa wolfSSL_set_accept_state
  3448. \sa wolfSSL_get_keys
  3449. \sa wolfSSL_set_shutdown
  3450. */
  3451. int wolfSSL_is_init_finished(WOLFSSL* ssl);
  3452. /*!
  3453. \ingroup IO
  3454. \brief Returns the SSL version being used as a string.
  3455. \return "SSLv3" Using SSLv3
  3456. \return "TLSv1" Using TLSv1
  3457. \return "TLSv1.1" Using TLSv1.1
  3458. \return "TLSv1.2" Using TLSv1.2
  3459. \return "TLSv1.3" Using TLSv1.3
  3460. \return "DTLS": Using DTLS
  3461. \return "DTLSv1.2" Using DTLSv1.2
  3462. \return "unknown" There was a problem determining which version of TLS
  3463. being used.
  3464. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3465. _Example_
  3466. \code
  3467. wolfSSL_Init();
  3468. WOLFSSL_CTX* ctx;
  3469. WOLFSSL* ssl;
  3470. WOLFSSL_METHOD method = // Some wolfSSL method
  3471. ctx = wolfSSL_CTX_new(method);
  3472. ssl = wolfSSL_new(ctx);
  3473. printf(wolfSSL_get_version("Using version: %s", ssl));
  3474. \endcode
  3475. \sa wolfSSL_lib_version
  3476. */
  3477. const char* wolfSSL_get_version(WOLFSSL* ssl);
  3478. /*!
  3479. \ingroup IO
  3480. \brief Returns the current cipher suit an ssl session is using.
  3481. \return ssl->options.cipherSuite An integer representing the current
  3482. cipher suite.
  3483. \return 0 The ssl session provided is null.
  3484. \param ssl The SSL session to check.
  3485. _Example_
  3486. \code
  3487. wolfSSL_Init();
  3488. WOLFSSL_CTX* ctx;
  3489. WOLFSSL* ssl;
  3490. WOLFSSL_METHOD method = // Some wolfSSL method
  3491. ctx = wolfSSL_CTX_new(method);
  3492. ssl = wolfSSL_new(ctx);
  3493. if(wolfSSL_get_current_cipher_suite(ssl) == 0)
  3494. {
  3495. // Error getting cipher suite
  3496. }
  3497. \endcode
  3498. \sa wolfSSL_CIPHER_get_name
  3499. \sa wolfSSL_get_current_cipher
  3500. \sa wolfSSL_get_cipher_list
  3501. */
  3502. int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
  3503. /*!
  3504. \ingroup IO
  3505. \brief This function returns a pointer to the current cipher in the
  3506. ssl session.
  3507. \return The function returns the address of the cipher member of the
  3508. WOLFSSL struct. This is a pointer to the WOLFSSL_CIPHER structure.
  3509. \return NULL returned if the WOLFSSL structure is NULL.
  3510. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3511. _Example_
  3512. \code
  3513. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  3514. WOLFSSL* ssl = wolfSSL_new(ctx);
  3515. WOLFSSL_CIPHER* cipherCurr = wolfSSL_get_current_cipher;
  3516. if(!cipherCurr){
  3517. // Failure case.
  3518. } else {
  3519. // The cipher was returned to cipherCurr
  3520. }
  3521. \endcode
  3522. \sa wolfSSL_get_cipher
  3523. \sa wolfSSL_get_cipher_name_internal
  3524. \sa wolfSSL_get_cipher_name
  3525. */
  3526. WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl);
  3527. /*!
  3528. \ingroup IO
  3529. \brief This function matches the cipher suite in the SSL object with
  3530. the available suites and returns the string representation.
  3531. \return string This function returns the string representation of the
  3532. matched cipher suite.
  3533. \return none It will return “None” if there are no suites matched.
  3534. \param cipher a constant pointer to a WOLFSSL_CIPHER structure.
  3535. _Example_
  3536. \code
  3537. // gets cipher name in the format DHE_RSA ...
  3538. const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl){
  3539. WOLFSSL_CIPHER* cipher;
  3540. const char* fullName;
  3541. cipher = wolfSSL_get_curent_cipher(ssl);
  3542. fullName = wolfSSL_CIPHER_get_name(cipher);
  3543. if(fullName){
  3544. // sanity check on returned cipher
  3545. }
  3546. \endcode
  3547. \sa wolfSSL_get_cipher
  3548. \sa wolfSSL_get_current_cipher
  3549. \sa wolfSSL_get_cipher_name_internal
  3550. \sa wolfSSL_get_cipher_name
  3551. */
  3552. const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
  3553. /*!
  3554. \ingroup IO
  3555. \brief This function matches the cipher suite in the SSL object with
  3556. the available suites.
  3557. \return This function returns the string value of the suite matched. It
  3558. will return “None” if there are no suites matched.
  3559. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  3560. _Example_
  3561. \code
  3562. #ifdef WOLFSSL_DTLS
  3563. // make sure a valid suite is used
  3564. if(wolfSSL_get_cipher(ssl) == NULL){
  3565. WOLFSSL_MSG(“Can not match cipher suite imported”);
  3566. return MATCH_SUITE_ERROR;
  3567. }
  3568. #endif // WOLFSSL_DTLS
  3569. \endcode
  3570. \sa wolfSSL_CIPHER_get_name
  3571. \sa wolfSSL_get_current_cipher
  3572. */
  3573. const char* wolfSSL_get_cipher(WOLFSSL*);
  3574. /*!
  3575. \ingroup Setup
  3576. \brief This function returns the WOLFSSL_SESSION from the WOLFSSL structure
  3577. as a reference type. This requires calling wolfSSL_SESSION_free to release
  3578. the session reference. The WOLFSSL_SESSION pointed to contains all the
  3579. necessary information required to perform a session resumption and
  3580. reestablish the connection without a new handshake. For
  3581. session resumption, before calling wolfSSL_shutdown() with your session
  3582. object, an application should save the session ID from the object with a
  3583. call to wolfSSL_get1_session(), which returns a pointer to the session.
  3584. Later, the application should create a new WOLFSSL object and assign the
  3585. saved session with wolfSSL_set_session(). At this point, the application
  3586. may call wolfSSL_connect() and wolfSSL will try to resume the session.
  3587. The wolfSSL server code allows session resumption by default. The object
  3588. returned by wolfSSL_get1_session() needs to be freed after the application
  3589. is done with it by calling wolfSSL_SESSION_free() on it.
  3590. \return WOLFSSL_SESSION On success return session pointer.
  3591. \return NULL will be returned if ssl is NULL, the SSL session cache is
  3592. disabled, wolfSSL doesn’t have the Session ID available, or mutex
  3593. functions fail.
  3594. \param ssl WOLFSSL structure to get session from.
  3595. _Example_
  3596. \code
  3597. WOLFSSL* ssl;
  3598. WOLFSSL_SESSION* ses;
  3599. // attempt/complete handshake
  3600. wolfSSL_connect(ssl);
  3601. ses = wolfSSL_get1_session(ssl);
  3602. // check ses information
  3603. // disconnect / setup new SSL instance
  3604. wolfSSL_set_session(ssl, ses);
  3605. // attempt/resume handshake
  3606. wolfSSL_SESSION_free(ses);
  3607. \endcode
  3608. \sa wolfSSL_new
  3609. \sa wolfSSL_free
  3610. \sa wolfSSL_SESSION_free
  3611. */
  3612. WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
  3613. /*!
  3614. \ingroup Setup
  3615. \brief The wolfSSLv23_client_method() function is used to indicate that
  3616. the application is a client and will support the highest protocol
  3617. version supported by the server between SSL 3.0 - TLS 1.3. This function
  3618. allocates memory for and initializes a new WOLFSSL_METHOD structure
  3619. to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
  3620. Both wolfSSL clients and servers have robust version downgrade capability.
  3621. If a specific protocol version method is used on either side, then only
  3622. that version will be negotiated or an error will be returned. For
  3623. example, a client that uses TLSv1 and tries to connect to a SSLv3 only
  3624. server will fail, likewise connecting to a TLSv1.1 will fail as well.
  3625. To resolve this issue, a client that uses the wolfSSLv23_client_method()
  3626. function will use the highest protocol version supported by the server and
  3627. downgrade to SSLv3 if needed. In this case, the client will be able to
  3628. connect to a server running SSLv3 - TLSv1.3.
  3629. \return pointer upon success a pointer to a WOLFSSL_METHOD.
  3630. \return Failure If memory allocation fails when calling XMALLOC,
  3631. the failure value of the underlying malloc() implementation will be
  3632. returned (typically NULL with errno will be set to ENOMEM).
  3633. \param none No parameters
  3634. _Example_
  3635. \code
  3636. WOLFSSL_METHOD* method;
  3637. WOLFSSL_CTX* ctx;
  3638. method = wolfSSLv23_client_method();
  3639. if (method == NULL) {
  3640. // unable to get method
  3641. }
  3642. ctx = wolfSSL_CTX_new(method);
  3643. ...
  3644. \endcode
  3645. \sa wolfSSLv3_client_method
  3646. \sa wolfTLSv1_client_method
  3647. \sa wolfTLSv1_1_client_method
  3648. \sa wolfTLSv1_2_client_method
  3649. \sa wolfTLSv1_3_client_method
  3650. \sa wolfDTLSv1_client_method
  3651. \sa wolfSSL_CTX_new
  3652. */
  3653. WOLFSSL_METHOD* wolfSSLv23_client_method(void);
  3654. /*!
  3655. \ingroup IO
  3656. \brief This is used to set a byte pointer to the start of the
  3657. internal memory buffer.
  3658. \return size On success the size of the buffer is returned
  3659. \return SSL_FATAL_ERROR If an error case was encountered.
  3660. \param bio WOLFSSL_BIO structure to get memory buffer of.
  3661. \param p byte pointer to set to memory buffer.
  3662. _Example_
  3663. \code
  3664. WOLFSSL_BIO* bio;
  3665. const byte* p;
  3666. int ret;
  3667. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
  3668. ret = wolfSSL_BIO_get_mem_data(bio, &p);
  3669. // check ret value
  3670. \endcode
  3671. \sa wolfSSL_BIO_new
  3672. \sa wolfSSL_BIO_s_mem
  3673. \sa wolfSSL_BIO_set_fp
  3674. \sa wolfSSL_BIO_free
  3675. */
  3676. int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
  3677. /*!
  3678. \ingroup IO
  3679. \brief Sets the file descriptor for bio to use.
  3680. \return SSL_SUCCESS(1) upon success.
  3681. \param bio WOLFSSL_BIO structure to set fd.
  3682. \param fd file descriptor to use.
  3683. \param closeF flag for behavior when closing fd.
  3684. _Example_
  3685. \code
  3686. WOLFSSL_BIO* bio;
  3687. int fd;
  3688. // setup bio
  3689. wolfSSL_BIO_set_fd(bio, fd, BIO_NOCLOSE);
  3690. \endcode
  3691. \sa wolfSSL_BIO_new
  3692. \sa wolfSSL_BIO_free
  3693. */
  3694. long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
  3695. /*!
  3696. \ingroup IO
  3697. \brief Sets the close flag, used to indicate that the i/o stream should be
  3698. closed when the BIO is freed
  3699. \return SSL_SUCCESS(1) upon success.
  3700. \param bio WOLFSSL_BIO structure.
  3701. \param flag flag for behavior when closing i/o stream.
  3702. _Example_
  3703. \code
  3704. WOLFSSL_BIO* bio;
  3705. // setup bio
  3706. wolfSSL_BIO_set_close(bio, BIO_NOCLOSE);
  3707. \endcode
  3708. \sa wolfSSL_BIO_new
  3709. \sa wolfSSL_BIO_free
  3710. */
  3711. int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
  3712. /*!
  3713. \ingroup IO
  3714. \brief This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
  3715. \return WOLFSSL_BIO_METHOD pointer to a WOLFSSL_BIO_METHOD structure
  3716. that is a socket type
  3717. \param none No parameters.
  3718. _Example_
  3719. \code
  3720. WOLFSSL_BIO* bio;
  3721. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket);
  3722. \endcode
  3723. \sa wolfSSL_BIO_new
  3724. \sa wolfSSL_BIO_s_mem
  3725. */
  3726. WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
  3727. /*!
  3728. \ingroup IO
  3729. \brief This is used to set the size of write buffer for a
  3730. WOLFSSL_BIO. If write buffer has been previously set this
  3731. function will free it when resetting the size. It is similar to
  3732. wolfSSL_BIO_reset in that it resets read and write indexes to 0.
  3733. \return SSL_SUCCESS On successfully setting the write buffer.
  3734. \return SSL_FAILURE If an error case was encountered.
  3735. \param bio WOLFSSL_BIO structure to set fd.
  3736. \param size size of buffer to allocate.
  3737. _Example_
  3738. \code
  3739. WOLFSSL_BIO* bio;
  3740. int ret;
  3741. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
  3742. ret = wolfSSL_BIO_set_write_buf_size(bio, 15000);
  3743. // check return value
  3744. \endcode
  3745. \sa wolfSSL_BIO_new
  3746. \sa wolfSSL_BIO_s_mem
  3747. \sa wolfSSL_BIO_free
  3748. */
  3749. int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
  3750. /*!
  3751. \ingroup IO
  3752. \brief This is used to pair two bios together. A pair of bios acts
  3753. similar to a two way pipe writing to one can be read by the other
  3754. and vice versa. It is expected that both bios be in the same thread,
  3755. this function is not thread safe. Freeing one of the two bios removes
  3756. both from being paired. If a write buffer size was not previously
  3757. set for either of the bios it is set to a default size of 17000
  3758. (WOLFSSL_BIO_SIZE) before being paired.
  3759. \return SSL_SUCCESS On successfully pairing the two bios.
  3760. \return SSL_FAILURE If an error case was encountered.
  3761. \param b1 WOLFSSL_BIO structure to set pair.
  3762. \param b2 second WOLFSSL_BIO structure to complete pair.
  3763. _Example_
  3764. \code
  3765. WOLFSSL_BIO* bio;
  3766. WOLFSSL_BIO* bio2;
  3767. int ret;
  3768. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
  3769. bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
  3770. ret = wolfSSL_BIO_make_bio_pair(bio, bio2);
  3771. // check ret value
  3772. \endcode
  3773. \sa wolfSSL_BIO_new
  3774. \sa wolfSSL_BIO_s_mem
  3775. \sa wolfSSL_BIO_free
  3776. */
  3777. int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
  3778. /*!
  3779. \ingroup IO
  3780. \brief This is used to set the read request flag back to 0.
  3781. \return SSL_SUCCESS On successfully setting value.
  3782. \return SSL_FAILURE If an error case was encountered.
  3783. \param bio WOLFSSL_BIO structure to set read request flag.
  3784. _Example_
  3785. \code
  3786. WOLFSSL_BIO* bio;
  3787. int ret;
  3788. ...
  3789. ret = wolfSSL_BIO_ctrl_reset_read_request(bio);
  3790. // check ret value
  3791. \endcode
  3792. \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem
  3793. \sa wolfSSL_BIO_new, wolfSSL_BIO_free
  3794. */
  3795. int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *bio);
  3796. /*!
  3797. \ingroup IO
  3798. \brief This is used to get a buffer pointer for reading from. Unlike
  3799. wolfSSL_BIO_nread the internal read index is not advanced by the number
  3800. returned from the function call. Reading past the value returned can
  3801. result in reading out of array bounds.
  3802. \return >=0 on success return the number of bytes to read
  3803. \param bio WOLFSSL_BIO structure to read from.
  3804. \param buf pointer to set at beginning of read array.
  3805. _Example_
  3806. \code
  3807. WOLFSSL_BIO* bio;
  3808. char* bufPt;
  3809. int ret;
  3810. // set up bio
  3811. ret = wolfSSL_BIO_nread0(bio, &bufPt); // read as many bytes as possible
  3812. // handle negative ret check
  3813. // read ret bytes from bufPt
  3814. \endcode
  3815. \sa wolfSSL_BIO_new
  3816. \sa wolfSSL_BIO_nwrite0
  3817. */
  3818. int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
  3819. /*!
  3820. \ingroup IO
  3821. \brief This is used to get a buffer pointer for reading from. The internal
  3822. read index is advanced by the number returned from the function call with
  3823. buf being pointed to the beginning of the buffer to read from. In the
  3824. case that less bytes are in the read buffer than the value requested with
  3825. num the lesser value is returned. Reading past the value returned can
  3826. result in reading out of array bounds.
  3827. \return >=0 on success return the number of bytes to read
  3828. \return WOLFSSL_BIO_ERROR(-1) on error case with nothing to read return -1
  3829. \param bio WOLFSSL_BIO structure to read from.
  3830. \param buf pointer to set at beginning of read array.
  3831. \param num number of bytes to try and read.
  3832. _Example_
  3833. \code
  3834. WOLFSSL_BIO* bio;
  3835. char* bufPt;
  3836. int ret;
  3837. // set up bio
  3838. ret = wolfSSL_BIO_nread(bio, &bufPt, 10); // try to read 10 bytes
  3839. // handle negative ret check
  3840. // read ret bytes from bufPt
  3841. \endcode
  3842. \sa wolfSSL_BIO_new
  3843. \sa wolfSSL_BIO_nwrite
  3844. */
  3845. int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
  3846. /*!
  3847. \ingroup IO
  3848. \brief Gets a pointer to the buffer for writing as many bytes as returned by
  3849. the function. Writing more bytes to the pointer returned then the value
  3850. returned can result in writing out of bounds.
  3851. \return int Returns the number of bytes that can be written to the buffer
  3852. pointer returned.
  3853. \return WOLFSSL_BIO_UNSET(-2) in the case that is not part of a bio pair
  3854. \return WOLFSSL_BIO_ERROR(-1) in the case that there is no more room to
  3855. write to
  3856. \param bio WOLFSSL_BIO structure to write to.
  3857. \param buf pointer to buffer to write to.
  3858. \param num number of bytes desired to be written.
  3859. _Example_
  3860. \code
  3861. WOLFSSL_BIO* bio;
  3862. char* bufPt;
  3863. int ret;
  3864. // set up bio
  3865. ret = wolfSSL_BIO_nwrite(bio, &bufPt, 10); // try to write 10 bytes
  3866. // handle negative ret check
  3867. // write ret bytes to bufPt
  3868. \endcode
  3869. \sa wolfSSL_BIO_new
  3870. \sa wolfSSL_BIO_free
  3871. \sa wolfSSL_BIO_nread
  3872. */
  3873. int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
  3874. /*!
  3875. \ingroup IO
  3876. \brief Resets bio to an initial state. As an example for type BIO_BIO
  3877. this resets the read and write index.
  3878. \return 0 On successfully resetting the bio.
  3879. \return WOLFSSL_BIO_ERROR(-1) Returned on bad input or unsuccessful reset.
  3880. \param bio WOLFSSL_BIO structure to reset.
  3881. _Example_
  3882. \code
  3883. WOLFSSL_BIO* bio;
  3884. // setup bio
  3885. wolfSSL_BIO_reset(bio);
  3886. //use pt
  3887. \endcode
  3888. \sa wolfSSL_BIO_new
  3889. \sa wolfSSL_BIO_free
  3890. */
  3891. int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
  3892. /*!
  3893. \ingroup IO
  3894. \brief This function adjusts the file pointer to the offset given. This
  3895. is the offset from the head of the file.
  3896. \return 0 On successfully seeking.
  3897. \return -1 If an error case was encountered.
  3898. \param bio WOLFSSL_BIO structure to set.
  3899. \param ofs offset into file.
  3900. _Example_
  3901. \code
  3902. WOLFSSL_BIO* bio;
  3903. XFILE fp;
  3904. int ret;
  3905. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  3906. ret = wolfSSL_BIO_set_fp(bio, &fp);
  3907. // check ret value
  3908. ret = wolfSSL_BIO_seek(bio, 3);
  3909. // check ret value
  3910. \endcode
  3911. \sa wolfSSL_BIO_new
  3912. \sa wolfSSL_BIO_s_mem
  3913. \sa wolfSSL_BIO_set_fp
  3914. \sa wolfSSL_BIO_free
  3915. */
  3916. int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
  3917. /*!
  3918. \ingroup IO
  3919. \brief This is used to set and write to a file. WIll overwrite any data
  3920. currently in the file and is set to close the file when the bio is freed.
  3921. \return SSL_SUCCESS On successfully opening and setting file.
  3922. \return SSL_FAILURE If an error case was encountered.
  3923. \param bio WOLFSSL_BIO structure to set file.
  3924. \param name name of file to write to.
  3925. _Example_
  3926. \code
  3927. WOLFSSL_BIO* bio;
  3928. int ret;
  3929. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  3930. ret = wolfSSL_BIO_write_filename(bio, “test.txt”);
  3931. // check ret value
  3932. \endcode
  3933. \sa wolfSSL_BIO_new
  3934. \sa wolfSSL_BIO_s_file
  3935. \sa wolfSSL_BIO_set_fp
  3936. \sa wolfSSL_BIO_free
  3937. */
  3938. int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
  3939. /*!
  3940. \ingroup IO
  3941. \brief This is used to set the end of file value. Common value is -1 so
  3942. as not to get confused with expected positive values.
  3943. \return 0 returned on completion
  3944. \param bio WOLFSSL_BIO structure to set end of file value.
  3945. \param v value to set in bio.
  3946. _Example_
  3947. \code
  3948. WOLFSSL_BIO* bio;
  3949. int ret;
  3950. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
  3951. ret = wolfSSL_BIO_set_mem_eof_return(bio, -1);
  3952. // check ret value
  3953. \endcode
  3954. \sa wolfSSL_BIO_new
  3955. \sa wolfSSL_BIO_s_mem
  3956. \sa wolfSSL_BIO_set_fp
  3957. \sa wolfSSL_BIO_free
  3958. */
  3959. long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
  3960. /*!
  3961. \ingroup IO
  3962. \brief This is a getter function for WOLFSSL_BIO memory pointer.
  3963. \return SSL_SUCCESS On successfully getting the pointer SSL_SUCCESS is
  3964. returned (currently value of 1).
  3965. \return SSL_FAILURE Returned if NULL arguments are passed in (currently
  3966. value of 0).
  3967. \param bio pointer to the WOLFSSL_BIO structure for getting memory pointer.
  3968. \param ptr structure that is currently a char*. Is set to point to
  3969. bio’s memory.
  3970. _Example_
  3971. \code
  3972. WOLFSSL_BIO* bio;
  3973. WOLFSSL_BUF_MEM* pt;
  3974. // setup bio
  3975. wolfSSL_BIO_get_mem_ptr(bio, &pt);
  3976. //use pt
  3977. \endcode
  3978. \sa wolfSSL_BIO_new
  3979. \sa wolfSSL_BIO_s_mem
  3980. */
  3981. long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
  3982. /*!
  3983. \ingroup CertsKeys
  3984. \brief This function copies the name of the x509 into a buffer.
  3985. \return A char pointer to the buffer with the WOLFSSL_X509_NAME structures
  3986. name member’s data is returned if the function executed normally.
  3987. \param name a pointer to a WOLFSSL_X509 structure.
  3988. \param in a buffer to hold the name copied from the
  3989. WOLFSSL_X509_NAME structure.
  3990. \param sz the maximum size of the buffer.
  3991. _Example_
  3992. \code
  3993. WOLFSSL_X509 x509;
  3994. char* name;
  3995. ...
  3996. name = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
  3997. if(name <= 0){
  3998. // There’s nothing in the buffer.
  3999. }
  4000. \endcode
  4001. \sa wolfSSL_X509_get_subject_name
  4002. \sa wolfSSL_X509_get_issuer_name
  4003. \sa wolfSSL_X509_get_isCA
  4004. \sa wolfSSL_get_peer_certificate
  4005. \sa wolfSSL_X509_version
  4006. */
  4007. char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
  4008. /*!
  4009. \ingroup CertsKeys
  4010. \brief This function returns the name of the certificate issuer.
  4011. \return point a pointer to the WOLFSSL_X509 struct’s issuer member is
  4012. returned.
  4013. \return NULL if the cert passed in is NULL.
  4014. \param cert a pointer to a WOLFSSL_X509 structure.
  4015. _Example_
  4016. \code
  4017. WOLFSSL_X509* x509;
  4018. WOLFSSL_X509_NAME issuer;
  4019. ...
  4020. issuer = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
  4021. if(!issuer){
  4022. // NULL was returned
  4023. } else {
  4024. // issuer hods the name of the certificate issuer.
  4025. }
  4026. \endcode
  4027. \sa wolfSSL_X509_get_subject_name
  4028. \sa wolfSSL_X509_get_isCA
  4029. \sa wolfSSL_get_peer_certificate
  4030. \sa wolfSSL_X509_NAME_oneline
  4031. */
  4032. WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert);
  4033. /*!
  4034. \ingroup CertsKeys
  4035. \brief This function returns the subject member of the WOLFSSL_X509
  4036. structure.
  4037. \return pointer a pointer to the WOLFSSL_X509_NAME structure. The pointer
  4038. may be NULL if the WOLFSSL_X509 struct is NULL or if the subject member of
  4039. the structure is NULL.
  4040. \param cert a pointer to a WOLFSSL_X509 structure.
  4041. _Example_
  4042. \code
  4043. WOLFSSL_X509* cert;
  4044. WOLFSSL_X509_NAME name;
  4045. name = wolfSSL_X509_get_subject_name(cert);
  4046. if(name == NULL){
  4047. // Deal with the NULL cacse
  4048. }
  4049. \endcode
  4050. \sa wolfSSL_X509_get_issuer_name
  4051. \sa wolfSSL_X509_get_isCA
  4052. \sa wolfSSL_get_peer_certificate
  4053. */
  4054. WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert);
  4055. /*!
  4056. \ingroup CertsKeys
  4057. \brief Checks the isCa member of the WOLFSSL_X509 structure and returns
  4058. the value.
  4059. \return isCA returns the value in the isCA member of the WOLFSSL_X509
  4060. structure is returned.
  4061. \return 0 returned if there is not a valid x509 structure passed in.
  4062. \param cert a pointer to a WOLFSSL_X509 structure.
  4063. _Example_
  4064. \code
  4065. WOLFSSL* ssl;
  4066. ...
  4067. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  4068. WOLFSSL* ssl = wolfSSL_new(ctx);
  4069. ...
  4070. if(wolfSSL_X509_get_isCA(ssl)){
  4071. // This is the CA
  4072. }else {
  4073. // Failure case
  4074. }
  4075. \endcode
  4076. \sa wolfSSL_X509_get_issuer_name
  4077. \sa wolfSSL_X509_get_isCA
  4078. */
  4079. int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert);
  4080. /*!
  4081. \ingroup CertsKeys
  4082. \brief This function gets the text related to the passed in NID value.
  4083. \return int returns the size of the text buffer.
  4084. \param name WOLFSSL_X509_NAME to search for text.
  4085. \param nid NID to search for.
  4086. \param buf buffer to hold text when found.
  4087. \param len length of buffer.
  4088. _Example_
  4089. \code
  4090. WOLFSSL_X509_NAME* name;
  4091. char buffer[100];
  4092. int bufferSz;
  4093. int ret;
  4094. // get WOLFSSL_X509_NAME
  4095. ret = wolfSSL_X509_NAME_get_text_by_NID(name, NID_commonName,
  4096. buffer, bufferSz);
  4097. //check ret value
  4098. \endcode
  4099. \sa none
  4100. */
  4101. int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid,
  4102. char* buf, int len);
  4103. /*!
  4104. \ingroup CertsKeys
  4105. \brief This function returns the value stored in the sigOID
  4106. member of the WOLFSSL_X509 structure.
  4107. \return 0 returned if the WOLFSSL_X509 structure is NULL.
  4108. \return int an integer value is returned which was retrieved from
  4109. the x509 object.
  4110. \param cert a pointer to a WOLFSSL_X509 structure.
  4111. _Example_
  4112. \code
  4113. WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  4114. DYNAMIC_TYPE_X509);
  4115. ...
  4116. int x509SigType = wolfSSL_X509_get_signature_type(x509);
  4117. if(x509SigType != EXPECTED){
  4118. // Deal with an unexpected value
  4119. }
  4120. \endcode
  4121. \sa wolfSSL_X509_get_signature
  4122. \sa wolfSSL_X509_version
  4123. \sa wolfSSL_X509_get_der
  4124. \sa wolfSSL_X509_get_serial_number
  4125. \sa wolfSSL_X509_notBefore
  4126. \sa wolfSSL_X509_notAfter
  4127. \sa wolfSSL_X509_free
  4128. */
  4129. int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert);
  4130. /*!
  4131. \brief This function frees a WOLFSSL_X509 structure.
  4132. \param x509 a pointer to the WOLFSSL_X509 struct.
  4133. _Example_
  4134. \code
  4135. WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALOC(sizeof(WOLFSSL_X509), NULL,
  4136. DYNAMIC_TYPE_X509) ;
  4137. wolfSSL_X509_free(x509);
  4138. \endcode
  4139. \sa wolfSSL_X509_get_signature
  4140. \sa wolfSSL_X509_version
  4141. \sa wolfSSL_X509_get_der
  4142. \sa wolfSSL_X509_get_serial_number
  4143. \sa wolfSSL_X509_notBefore
  4144. \sa wolfSSL_X509_notAfter
  4145. */
  4146. void wolfSSL_X509_free(WOLFSSL_X509* x509);
  4147. /*!
  4148. \ingroup CertsKeys
  4149. \brief Gets the X509 signature and stores it in the buffer.
  4150. \return SSL_SUCCESS returned if the function successfully executes.
  4151. The signature is loaded into the buffer.
  4152. \return SSL_FATAL_ERRROR returns if the x509 struct or the bufSz member
  4153. is NULL. There is also a check for the length member of the sig structure
  4154. (sig is a member of x509).
  4155. \param x509 pointer to a WOLFSSL_X509 structure.
  4156. \param buf a char pointer to the buffer.
  4157. \param bufSz an integer pointer to the size of the buffer.
  4158. _Example_
  4159. \code
  4160. WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
  4161. DYNAMIC_TYPE_X509);
  4162. unsigned char* buf; // Initialize
  4163. int* bufSz = sizeof(buf)/sizeof(unsigned char);
  4164. ...
  4165. if(wolfSSL_X509_get_signature(x509, buf, bufSz) != SSL_SUCCESS){
  4166. // The function did not execute successfully.
  4167. } else{
  4168. // The buffer was written to correctly.
  4169. }
  4170. \endcode
  4171. \sa wolfSSL_X509_get_serial_number
  4172. \sa wolfSSL_X509_get_signature_type
  4173. \sa wolfSSL_X509_get_device_type
  4174. */
  4175. int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz);
  4176. /*!
  4177. \ingroup CertsKeys
  4178. \brief This function adds a certificate to the WOLFSSL_X509_STRE structure.
  4179. \return SSL_SUCCESS If certificate is added successfully.
  4180. \return SSL_FATAL_ERROR: If certificate is not added successfully.
  4181. \param str certificate store to add the certificate to.
  4182. \param x509 certificate to add.
  4183. _Example_
  4184. \code
  4185. WOLFSSL_X509_STORE* str;
  4186. WOLFSSL_X509* x509;
  4187. int ret;
  4188. ret = wolfSSL_X509_STORE_add_cert(str, x509);
  4189. //check ret value
  4190. \endcode
  4191. \sa wolfSSL_X509_free
  4192. */
  4193. int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
  4194. /*!
  4195. \ingroup CertsKeys
  4196. \brief This function is a getter function for chain variable
  4197. in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
  4198. \return pointer if successful returns WOLFSSL_STACK
  4199. (same as STACK_OF(WOLFSSL_X509)) pointer
  4200. \return Null upon failure
  4201. \param ctx certificate store ctx to get parse chain from.
  4202. _Example_
  4203. \code
  4204. WOLFSSL_STACK* sk;
  4205. WOLFSSL_X509_STORE_CTX* ctx;
  4206. sk = wolfSSL_X509_STORE_CTX_get_chain(ctx);
  4207. //check sk for NULL and then use it. sk needs freed after done.
  4208. \endcode
  4209. \sa wolfSSL_sk_X509_free
  4210. */
  4211. WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
  4212. WOLFSSL_X509_STORE_CTX* ctx);
  4213. /*!
  4214. \ingroup CertsKeys
  4215. \brief This function takes in a flag to change the behavior of the
  4216. WOLFSSL_X509_STORE structure passed in. An example of a flag used
  4217. is WOLFSSL_CRL_CHECK.
  4218. \return SSL_SUCCESS If no errors were encountered when setting the flag.
  4219. \return <0 a negative value will be returned upon failure.
  4220. \param str certificate store to set flag in.
  4221. \param flag flag for behavior.
  4222. _Example_
  4223. \code
  4224. WOLFSSL_X509_STORE* str;
  4225. int ret;
  4226. // create and set up str
  4227. ret = wolfSSL_X509_STORE_set_flags(str, WOLFSSL_CRL_CHECKALL);
  4228. If (ret != SSL_SUCCESS) {
  4229. //check ret value and handle error case
  4230. }
  4231. \endcode
  4232. \sa wolfSSL_X509_STORE_new
  4233. \sa wolfSSL_X509_STORE_free
  4234. */
  4235. int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
  4236. unsigned long flag);
  4237. /*!
  4238. \ingroup CertsKeys
  4239. \brief This function the certificate "not before" validity encoded as
  4240. a byte array.
  4241. \return NULL returned if the WOLFSSL_X509 structure is NULL.
  4242. \return byte is returned that contains the notBeforeData.
  4243. \param x509 pointer to a WOLFSSL_X509 structure.
  4244. _Example_
  4245. \code
  4246. WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  4247. DYNAMIC_TYPE_X509);
  4248. ...
  4249. byte* notBeforeData = wolfSSL_X509_notBefore(x509);
  4250. \endcode
  4251. \sa wolfSSL_X509_get_signature
  4252. \sa wolfSSL_X509_version
  4253. \sa wolfSSL_X509_get_der
  4254. \sa wolfSSL_X509_get_serial_number
  4255. \sa wolfSSL_X509_notAfter
  4256. \sa wolfSSL_X509_free
  4257. */
  4258. const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509);
  4259. /*!
  4260. \ingroup CertsKeys
  4261. \brief This function the certificate "not after" validity encoded as
  4262. a byte array.
  4263. \return NULL returned if the WOLFSSL_X509 structure is NULL.
  4264. \return byte is returned that contains the notAfterData.
  4265. \param x509 pointer to a WOLFSSL_X509 structure.
  4266. _Example_
  4267. \code
  4268. WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  4269. DYNAMIC_TYPE_X509);
  4270. ...
  4271. byte* notAfterData = wolfSSL_X509_notAfter(x509);
  4272. \endcode
  4273. \sa wolfSSL_X509_get_signature
  4274. \sa wolfSSL_X509_version
  4275. \sa wolfSSL_X509_get_der
  4276. \sa wolfSSL_X509_get_serial_number
  4277. \sa wolfSSL_X509_notBefore
  4278. \sa wolfSSL_X509_free
  4279. */
  4280. const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509);
  4281. /*!
  4282. \ingroup Setup
  4283. \brief This function is used to copy a WOLFSSL_ASN1_INTEGER
  4284. value to a WOLFSSL_BIGNUM structure.
  4285. \return pointer On successfully copying the WOLFSSL_ASN1_INTEGER
  4286. value a WOLFSSL_BIGNUM pointer is returned.
  4287. \return Null upon failure.
  4288. \param ai WOLFSSL_ASN1_INTEGER structure to copy from.
  4289. \param bn if wanting to copy into an already existing
  4290. WOLFSSL_BIGNUM struct then pass in a pointer to it.
  4291. Optionally this can be NULL and a new WOLFSSL_BIGNUM
  4292. structure will be created.
  4293. _Example_
  4294. \code
  4295. WOLFSSL_ASN1_INTEGER* ai;
  4296. WOLFSSL_BIGNUM* bn;
  4297. // create ai
  4298. bn = wolfSSL_ASN1_INTEGER_to_BN(ai, NULL);
  4299. // or if having already created bn and wanting to reuse structure
  4300. // wolfSSL_ASN1_INTEGER_to_BN(ai, bn);
  4301. // check bn is or return value is not NULL
  4302. \endcode
  4303. \sa none
  4304. */
  4305. WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
  4306. WOLFSSL_BIGNUM *bn);
  4307. /*!
  4308. \ingroup Setup
  4309. \brief This function adds the certificate to the internal chain
  4310. being built in the WOLFSSL_CTX structure.
  4311. \return SSL_SUCCESS after successfully adding the certificate.
  4312. \return SSL_FAILURE if failing to add the certificate to the chain.
  4313. \param ctx WOLFSSL_CTX structure to add certificate to.
  4314. \param x509 certificate to add to the chain.
  4315. _Example_
  4316. \code
  4317. WOLFSSL_CTX* ctx;
  4318. WOLFSSL_X509* x509;
  4319. int ret;
  4320. // create ctx
  4321. ret = wolfSSL_CTX_add_extra_chain_cert(ctx, x509);
  4322. // check ret value
  4323. \endcode
  4324. \sa wolfSSL_CTX_new
  4325. \sa wolfSSL_CTX_free
  4326. */
  4327. long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
  4328. /*!
  4329. \ingroup Setup
  4330. \brief This function returns the get read ahead flag from a
  4331. WOLFSSL_CTX structure.
  4332. \return flag On success returns the read ahead flag.
  4333. \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
  4334. \param ctx WOLFSSL_CTX structure to get read ahead flag from.
  4335. _Example_
  4336. \code
  4337. WOLFSSL_CTX* ctx;
  4338. int flag;
  4339. // setup ctx
  4340. flag = wolfSSL_CTX_get_read_ahead(ctx);
  4341. //check flag
  4342. \endcode
  4343. \sa wolfSSL_CTX_new
  4344. \sa wolfSSL_CTX_free
  4345. \sa wolfSSL_CTX_set_read_ahead
  4346. */
  4347. int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx);
  4348. /*!
  4349. \ingroup Setup
  4350. \brief This function sets the read ahead flag in the WOLFSSL_CTX structure.
  4351. \return SSL_SUCCESS If ctx read ahead flag set.
  4352. \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
  4353. \param ctx WOLFSSL_CTX structure to set read ahead flag.
  4354. \param v read ahead flag
  4355. _Example_
  4356. \code
  4357. WOLFSSL_CTX* ctx;
  4358. int flag;
  4359. int ret;
  4360. // setup ctx
  4361. ret = wolfSSL_CTX_set_read_ahead(ctx, flag);
  4362. // check return value
  4363. \endcode
  4364. \sa wolfSSL_CTX_new
  4365. \sa wolfSSL_CTX_free
  4366. \sa wolfSSL_CTX_get_read_ahead
  4367. */
  4368. int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v);
  4369. /*!
  4370. \ingroup Setup
  4371. \brief This function sets the options argument to use with OCSP.
  4372. \return SSL_FAILURE If ctx or it’s cert manager is NULL.
  4373. \return SSL_SUCCESS If successfully set.
  4374. \param ctx WOLFSSL_CTX structure to set user argument.
  4375. \param arg user argument.
  4376. _Example_
  4377. \code
  4378. WOLFSSL_CTX* ctx;
  4379. void* data;
  4380. int ret;
  4381. // setup ctx
  4382. ret = wolfSSL_CTX_set_tlsext_status_arg(ctx, data);
  4383. //check ret value
  4384. \endcode
  4385. \sa wolfSSL_CTX_new
  4386. \sa wolfSSL_CTX_free
  4387. */
  4388. long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg);
  4389. /*!
  4390. \ingroup Setup
  4391. \brief This function sets the optional argument to be passed to
  4392. the PRF callback.
  4393. \return SSL_FAILURE If ctx is NULL.
  4394. \return SSL_SUCCESS If successfully set.
  4395. \param ctx WOLFSSL_CTX structure to set user argument.
  4396. \param arg user argument.
  4397. _Example_
  4398. \code
  4399. WOLFSSL_CTX* ctx;
  4400. void* data;
  4401. int ret;
  4402. // setup ctx
  4403. ret = wolfSSL_CTX_set_tlsext_opaques_prf_input_callback_arg(ctx, data);
  4404. //check ret value
  4405. \endcode
  4406. \sa wolfSSL_CTX_new
  4407. \sa wolfSSL_CTX_free
  4408. */
  4409. long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
  4410. WOLFSSL_CTX* ctx, void* arg);
  4411. /*!
  4412. \ingroup Setup
  4413. \brief This function sets the options mask in the ssl.
  4414. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE,
  4415. SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1,
  4416. SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
  4417. \return val Returns the updated options mask value stored in ssl.
  4418. \param s WOLFSSL structure to set options mask.
  4419. \param op This function sets the options mask in the ssl.
  4420. Some valid options are:
  4421. SSL_OP_ALL
  4422. SSL_OP_COOKIE_EXCHANGE
  4423. SSL_OP_NO_SSLv2
  4424. SSL_OP_NO_SSLv3
  4425. SSL_OP_NO_TLSv1
  4426. SSL_OP_NO_TLSv1_1
  4427. SSL_OP_NO_TLSv1_2
  4428. SSL_OP_NO_COMPRESSION
  4429. _Example_
  4430. \code
  4431. WOLFSSL* ssl;
  4432. unsigned long mask;
  4433. mask = SSL_OP_NO_TLSv1
  4434. mask = wolfSSL_set_options(ssl, mask);
  4435. // check mask
  4436. \endcode
  4437. \sa wolfSSL_new
  4438. \sa wolfSSL_free
  4439. \sa wolfSSL_get_options
  4440. */
  4441. long wolfSSL_set_options(WOLFSSL *s, long op);
  4442. /*!
  4443. \ingroup Setup
  4444. \brief This function returns the current options mask.
  4445. \return val Returns the mask value stored in ssl.
  4446. \param ssl WOLFSSL structure to get options mask from.
  4447. _Example_
  4448. \code
  4449. WOLFSSL* ssl;
  4450. unsigned long mask;
  4451. mask = wolfSSL_get_options(ssl);
  4452. // check mask
  4453. \endcode
  4454. \sa wolfSSL_new
  4455. \sa wolfSSL_free
  4456. \sa wolfSSL_set_options
  4457. */
  4458. long wolfSSL_get_options(const WOLFSSL *ssl);
  4459. /*!
  4460. \ingroup Setup
  4461. \brief This is used to set the debug argument passed around.
  4462. \return SSL_SUCCESS On successful setting argument.
  4463. \return SSL_FAILURE If an NULL ssl passed in.
  4464. \param ssl WOLFSSL structure to set argument in.
  4465. \param arg argument to use.
  4466. _Example_
  4467. \code
  4468. WOLFSSL* ssl;
  4469. void* args;
  4470. int ret;
  4471. // create ssl object
  4472. ret = wolfSSL_set_tlsext_debug_arg(ssl, args);
  4473. // check ret value
  4474. \endcode
  4475. \sa wolfSSL_new
  4476. \sa wolfSSL_free
  4477. */
  4478. long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg);
  4479. /*!
  4480. \ingroup openSSL
  4481. \brief This function is called when the client application request
  4482. that a server send back an OCSP status response (also known as
  4483. OCSP stapling).Currently, the only supported type is
  4484. TLSEXT_STATUSTYPE_ocsp.
  4485. \return 1 upon success.
  4486. \return 0 upon error.
  4487. \param s pointer to WOLFSSL struct which is created by SSL_new() function
  4488. \param type ssl extension type which TLSEXT_STATUSTYPE_ocsp is
  4489. only supported.
  4490. _Example_
  4491. \code
  4492. WOLFSSL *ssl;
  4493. WOLFSSL_CTX *ctx;
  4494. int ret;
  4495. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  4496. ssl = wolfSSL_new(ctx);
  4497. ret = WolfSSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp);
  4498. wolfSSL_free(ssl);
  4499. wolfSSL_CTX_free(ctx);
  4500. \endcode
  4501. \sa wolfSSL_new
  4502. \sa wolfSSL_CTX_new
  4503. \sa wolfSSL_free
  4504. \sa wolfSSL_CTX_free
  4505. */
  4506. long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
  4507. /*!
  4508. \ingroup Setup
  4509. \brief This is used to get the results after trying to verify the peer's
  4510. certificate.
  4511. \return X509_V_OK On successful verification.
  4512. \return SSL_FAILURE If an NULL ssl passed in.
  4513. \param ssl WOLFSSL structure to get verification results from.
  4514. _Example_
  4515. \code
  4516. WOLFSSL* ssl;
  4517. long ret;
  4518. // attempt/complete handshake
  4519. ret = wolfSSL_get_verify_result(ssl);
  4520. // check ret value
  4521. \endcode
  4522. \sa wolfSSL_new
  4523. \sa wolfSSL_free
  4524. */
  4525. long wolfSSL_get_verify_result(const WOLFSSL *ssl);
  4526. /*!
  4527. \ingroup Debug
  4528. \brief This function converts an error code returned by
  4529. wolfSSL_get_error() into a more human-readable error string
  4530. and prints that string to the output file - fp. err is the
  4531. error code returned by wolfSSL_get_error() and fp is the
  4532. file which the error string will be placed in.
  4533. \return none No returns.
  4534. \param fp output file for human-readable error string to be written to.
  4535. \param err error code returned by wolfSSL_get_error().
  4536. _Example_
  4537. \code
  4538. int err = 0;
  4539. WOLFSSL* ssl;
  4540. FILE* fp = ...
  4541. ...
  4542. err = wolfSSL_get_error(ssl, 0);
  4543. wolfSSL_ERR_print_errors_fp(fp, err);
  4544. \endcode
  4545. \sa wolfSSL_get_error
  4546. \sa wolfSSL_ERR_error_string
  4547. \sa wolfSSL_ERR_error_string_n
  4548. \sa wolfSSL_load_error_strings
  4549. */
  4550. void wolfSSL_ERR_print_errors_fp(XFILE fp, int err);
  4551. /*!
  4552. \ingroup Debug
  4553. \brief This function uses the provided callback to handle error reporting.
  4554. The callback function is executed for each error line. The string, length,
  4555. and userdata are passed into the callback parameters.
  4556. \return none No returns.
  4557. \param cb the callback function.
  4558. \param u userdata to pass into the callback function.
  4559. _Example_
  4560. \code
  4561. int error_cb(const char *str, size_t len, void *u)
  4562. { fprintf((FILE*)u, "%-*.*s\n", (int)len, (int)len, str); return 0; }
  4563. ...
  4564. FILE* fp = ...
  4565. wolfSSL_ERR_print_errors_cb(error_cb, fp);
  4566. \endcode
  4567. \sa wolfSSL_get_error
  4568. \sa wolfSSL_ERR_error_string
  4569. \sa wolfSSL_ERR_error_string_n
  4570. \sa wolfSSL_load_error_strings
  4571. */
  4572. void wolfSSL_ERR_print_errors_cb (
  4573. int (*cb)(const char *str, size_t len, void *u), void *u);
  4574. /*!
  4575. \brief The function sets the client_psk_cb member of the
  4576. WOLFSSL_CTX structure.
  4577. \return none No returns.
  4578. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  4579. wolfSSL_CTX_new().
  4580. \param cb wc_psk_client_callback is a function pointer that will be
  4581. stored in the WOLFSSL_CTX structure. Return value is the key length on
  4582. success or zero on error.
  4583. unsigned int (*wc_psk_client_callback)
  4584. PSK client callback parameters:
  4585. WOLFSSL* ssl - Pointer to the wolfSSL structure
  4586. const char* hint - A stored string that could be displayed to provide a
  4587. hint to the user.
  4588. char* identity - The ID will be stored here.
  4589. unsigned int id_max_len - Size of the ID buffer.
  4590. unsigned char* key - The key will be stored here.
  4591. unsigned int key_max_len - The max size of the key.
  4592. _Example_
  4593. \code
  4594. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
  4595. static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
  4596. char* identity, unsigned int id_max_len, unsigned char* key,
  4597. Unsigned int key_max_len){
  4598. wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
  4599. \endcode
  4600. \sa wolfSSL_set_psk_client_callback
  4601. \sa wolfSSL_set_psk_server_callback
  4602. \sa wolfSSL_CTX_set_psk_server_callback
  4603. \sa wolfSSL_CTX_set_psk_client_callback
  4604. */
  4605. void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
  4606. wc_psk_client_callback cb);
  4607. /*!
  4608. \brief Sets the PSK client side callback.
  4609. \return none No returns.
  4610. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4611. \param cb a function pointer to type wc_psk_client_callback. Return value
  4612. is the key length on success or zero on error.
  4613. unsigned int (*wc_psk_client_callback)
  4614. PSK client callback parameters:
  4615. WOLFSSL* ssl - Pointer to the wolfSSL structure
  4616. const char* hint - A stored string that could be displayed to provide a
  4617. hint to the user.
  4618. char* identity - The ID will be stored here.
  4619. unsigned int id_max_len - Size of the ID buffer.
  4620. unsigned char* key - The key will be stored here.
  4621. unsigned int key_max_len - The max size of the key.
  4622. _Example_
  4623. \code
  4624. WOLFSSL* ssl;
  4625. static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
  4626. char* identity, unsigned int id_max_len, unsigned char* key,
  4627. Unsigned int key_max_len){
  4628. if(ssl){
  4629. wolfSSL_set_psk_client_callback(ssl, my_psk_client_cb);
  4630. } else {
  4631. // could not set callback
  4632. }
  4633. \endcode
  4634. \sa wolfSSL_CTX_set_psk_client_callback
  4635. \sa wolfSSL_CTX_set_psk_server_callback
  4636. \sa wolfSSL_set_psk_server_callback
  4637. */
  4638. void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,
  4639. wc_psk_client_callback);
  4640. /*!
  4641. \ingroup CertsKeys
  4642. \brief This function returns the psk identity hint.
  4643. \return pointer a const char pointer to the value that was stored in
  4644. the arrays member of the WOLFSSL structure is returned.
  4645. \return NULL returned if the WOLFSSL or Arrays structures are NULL.
  4646. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4647. _Example_
  4648. \code
  4649. WOLFSSL* ssl = wolfSSL_new(ctx);
  4650. char* idHint;
  4651. ...
  4652. idHint = wolfSSL_get_psk_identity_hint(ssl);
  4653. if(idHint){
  4654. // The hint was retrieved
  4655. return idHint;
  4656. } else {
  4657. // Hint wasn’t successfully retrieved
  4658. }
  4659. \endcode
  4660. \sa wolfSSL_get_psk_identity
  4661. */
  4662. const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
  4663. /*!
  4664. \ingroup CertsKeys
  4665. \brief The function returns a constant pointer to the client_identity
  4666. member of the Arrays structure.
  4667. \return string the string value of the client_identity member of the
  4668. Arrays structure.
  4669. \return NULL if the WOLFSSL structure is NULL or if the Arrays member of
  4670. the WOLFSSL structure is NULL.
  4671. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4672. _Example_
  4673. \code
  4674. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  4675. WOLFSSL* ssl = wolfSSL_new(ctx);
  4676. const char* pskID;
  4677. ...
  4678. pskID = wolfSSL_get_psk_identity(ssl);
  4679. if(pskID == NULL){
  4680. // There is not a value in pskID
  4681. }
  4682. \endcode
  4683. \sa wolfSSL_get_psk_identity_hint
  4684. \sa wolfSSL_use_psk_identity_hint
  4685. */
  4686. const char* wolfSSL_get_psk_identity(const WOLFSSL*);
  4687. /*!
  4688. \ingroup CertsKeys
  4689. \brief This function stores the hint argument in the server_hint
  4690. member of the WOLFSSL_CTX structure.
  4691. \return SSL_SUCCESS returned for successful execution of the function.
  4692. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  4693. wolfSSL_CTX_new().
  4694. \param hint a constant char pointer that will be copied to the
  4695. WOLFSSL_CTX structure.
  4696. _Example_
  4697. \code
  4698. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  4699. const char* hint;
  4700. int ret;
  4701. ret = wolfSSL_CTX_use_psk_identity_hint(ctx, hint);
  4702. if(ret == SSL_SUCCESS){
  4703. // Function was successful.
  4704. return ret;
  4705. } else {
  4706. // Failure case.
  4707. }
  4708. \endcode
  4709. \sa wolfSSL_use_psk_identity_hint
  4710. */
  4711. int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint);
  4712. /*!
  4713. \ingroup CertsKeys
  4714. \brief This function stores the hint argument in the server_hint member
  4715. of the Arrays structure within the WOLFSSL structure.
  4716. \return SSL_SUCCESS returned if the hint was successfully stored in the
  4717. WOLFSSL structure.
  4718. \return SSL_FAILURE returned if the WOLFSSL or Arrays structures are NULL.
  4719. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4720. \param hint a constant character pointer that holds the hint to be saved
  4721. in memory.
  4722. _Example_
  4723. \code
  4724. WOLFSSL* ssl = wolfSSL_new(ctx);
  4725. const char* hint;
  4726. ...
  4727. if(wolfSSL_use_psk_identity_hint(ssl, hint) != SSL_SUCCESS){
  4728. // Handle failure case.
  4729. }
  4730. \endcode
  4731. \sa wolfSSL_CTX_use_psk_identity_hint
  4732. */
  4733. int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint);
  4734. /*!
  4735. \brief This function sets the psk callback for the server side in
  4736. the WOLFSSL_CTX structure.
  4737. \return none No returns.
  4738. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4739. \param cb a function pointer for the callback and will be stored in
  4740. the WOLFSSL_CTX structure. Return value is the key length on success or
  4741. zero on error.
  4742. unsigned int (*wc_psk_server_callback)
  4743. PSK server callback parameters
  4744. WOLFSSL* ssl - Pointer to the wolfSSL structure
  4745. char* identity - The ID will be stored here.
  4746. unsigned char* key - The key will be stored here.
  4747. unsigned int key_max_len - The max size of the key.
  4748. _Example_
  4749. \code
  4750. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  4751. WOLFSSL* ssl = wolfSSL_new(ctx);
  4752. static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
  4753. unsigned char* key, unsigned int key_max_len)
  4754. {
  4755. // Function body.
  4756. }
  4757. if(ctx != NULL){
  4758. wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
  4759. } else {
  4760. // The CTX object was not properly initialized.
  4761. }
  4762. \endcode
  4763. \sa wc_psk_server_callback
  4764. \sa wolfSSL_set_psk_client_callback
  4765. \sa wolfSSL_set_psk_server_callback
  4766. \sa wolfSSL_CTX_set_psk_client_callback
  4767. */
  4768. void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
  4769. wc_psk_server_callback cb);
  4770. /*!
  4771. \brief Sets the psk callback for the server side by setting the
  4772. WOLFSSL structure options members.
  4773. \return none No returns.
  4774. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4775. \param cb a function pointer for the callback and will be stored in
  4776. the WOLFSSL structure. Return value is the key length on success or zero
  4777. on error.
  4778. unsigned int (*wc_psk_server_callback)
  4779. PSK server callback parameters
  4780. WOLFSSL* ssl - Pointer to the wolfSSL structure
  4781. char* identity - The ID will be stored here.
  4782. unsigned char* key - The key will be stored here.
  4783. unsigned int key_max_len - The max size of the key.
  4784. _Example_
  4785. \code
  4786. WOLFSSL_CTX* ctx;
  4787. WOLFSSL* ssl;
  4788. static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
  4789. unsigned char* key, unsigned int key_max_len)
  4790. {
  4791. // Function body.
  4792. }
  4793. if(ssl != NULL && cb != NULL){
  4794. wolfSSL_set_psk_server_callback(ssl, my_psk_server_cb);
  4795. }
  4796. \endcode
  4797. \sa wolfSSL_set_psk_client_callback
  4798. \sa wolfSSL_CTX_set_psk_server_callback
  4799. \sa wolfSSL_CTX_set_psk_client_callback
  4800. \sa wolfSSL_get_psk_identity_hint
  4801. \sa wc_psk_server_callback
  4802. \sa InitSuites
  4803. */
  4804. void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,
  4805. wc_psk_server_callback cb);
  4806. /*!
  4807. \brief Sets a PSK user context in the WOLFSSL structure options member.
  4808. \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
  4809. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4810. \param psk_ctx void pointer to user PSK context
  4811. \sa wolfSSL_get_psk_callback_ctx
  4812. \sa wolfSSL_CTX_set_psk_callback_ctx
  4813. \sa wolfSSL_CTX_get_psk_callback_ctx
  4814. */
  4815. int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx);
  4816. /*!
  4817. \brief Sets a PSK user context in the WOLFSSL_CTX structure.
  4818. \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
  4819. \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
  4820. \param psk_ctx void pointer to user PSK context
  4821. \sa wolfSSL_set_psk_callback_ctx
  4822. \sa wolfSSL_get_psk_callback_ctx
  4823. \sa wolfSSL_CTX_get_psk_callback_ctx
  4824. */
  4825. int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx);
  4826. /*!
  4827. \brief Get a PSK user context in the WOLFSSL structure options member.
  4828. \return void pointer to user PSK context
  4829. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4830. \sa wolfSSL_set_psk_callback_ctx
  4831. \sa wolfSSL_CTX_set_psk_callback_ctx
  4832. \sa wolfSSL_CTX_get_psk_callback_ctx
  4833. */
  4834. void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl);
  4835. /*!
  4836. \brief Get a PSK user context in the WOLFSSL_CTX structure.
  4837. \return void pointer to user PSK context
  4838. \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
  4839. \sa wolfSSL_CTX_set_psk_callback_ctx
  4840. \sa wolfSSL_set_psk_callback_ctx
  4841. \sa wolfSSL_get_psk_callback_ctx
  4842. */
  4843. void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx);
  4844. /*!
  4845. \ingroup Setup
  4846. \brief This function enables the havAnon member of the CTX structure if
  4847. HAVE_ANON is defined during compilation.
  4848. \return SSL_SUCCESS returned if the function executed successfully and the
  4849. haveAnnon member of the CTX is set to 1.
  4850. \return SSL_FAILURE returned if the CTX structure was NULL.
  4851. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  4852. wolfSSL_CTX_new().
  4853. _Example_
  4854. \code
  4855. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  4856. WOLFSSL* ssl = wolfSSL_new(ctx);
  4857. ...
  4858. #ifdef HAVE_ANON
  4859. if(cipherList == NULL){
  4860. wolfSSL_CTX_allow_anon_cipher(ctx);
  4861. if(wolfSSL_CTX_set_cipher_list(ctx, “ADH_AES128_SHA”) != SSL_SUCCESS){
  4862. // failure case
  4863. }
  4864. }
  4865. #endif
  4866. \endcode
  4867. \sa none
  4868. */
  4869. int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
  4870. /*!
  4871. \ingroup Setup
  4872. \brief The wolfSSLv23_server_method() function is used to indicate
  4873. that the application is a server and will support clients connecting
  4874. with protocol version from SSL 3.0 - TLS 1.3. This function allocates
  4875. memory for and initializes a new WOLFSSL_METHOD structure to be used when
  4876. creating the SSL/TLS context with wolfSSL_CTX_new().
  4877. \return pointer If successful, the call will return a pointer to the newly
  4878. created WOLFSSL_METHOD structure.
  4879. \return Failure If memory allocation fails when calling XMALLOC, the
  4880. failure value of the underlying malloc() implementation will be returned
  4881. (typically NULL with errno will be set to ENOMEM).
  4882. \param none No parameters
  4883. _Example_
  4884. \code
  4885. WOLFSSL_METHOD* method;
  4886. WOLFSSL_CTX* ctx;
  4887. method = wolfSSLv23_server_method();
  4888. if (method == NULL) {
  4889. // unable to get method
  4890. }
  4891. ctx = wolfSSL_CTX_new(method);
  4892. ...
  4893. \endcode
  4894. \sa wolfSSLv3_server_method
  4895. \sa wolfTLSv1_server_method
  4896. \sa wolfTLSv1_1_server_method
  4897. \sa wolfTLSv1_2_server_method
  4898. \sa wolfTLSv1_3_server_method
  4899. \sa wolfDTLSv1_server_method
  4900. \sa wolfSSL_CTX_new
  4901. */
  4902. WOLFSSL_METHOD *wolfSSLv23_server_method(void);
  4903. /*!
  4904. \ingroup Setup
  4905. \brief This is used to get the internal error state of the WOLFSSL structure.
  4906. \return wolfssl_error returns ssl error state, usually a negative
  4907. \return BAD_FUNC_ARG if ssl is NULL.
  4908. \return ssl WOLFSSL structure to get state from.
  4909. _Example_
  4910. \code
  4911. WOLFSSL* ssl;
  4912. int ret;
  4913. // create ssl object
  4914. ret = wolfSSL_state(ssl);
  4915. // check ret value
  4916. \endcode
  4917. \sa wolfSSL_new
  4918. \sa wolfSSL_free
  4919. */
  4920. int wolfSSL_state(WOLFSSL* ssl);
  4921. /*!
  4922. \ingroup CertsKeys
  4923. \brief This function gets the peer’s certificate.
  4924. \return pointer a pointer to the peerCert member of the WOLFSSL_X509
  4925. structure if it exists.
  4926. \return 0 returned if the peer certificate issuer size is not defined.
  4927. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  4928. _Example_
  4929. \code
  4930. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  4931. WOLFSSL* ssl = wolfSSL_new(ctx);
  4932. ...
  4933. WOLFSSL_X509* peerCert = wolfSSL_get_peer_certificate(ssl);
  4934. if(peerCert){
  4935. // You have a pointer peerCert to the peer certification
  4936. }
  4937. \endcode
  4938. \sa wolfSSL_X509_get_issuer_name
  4939. \sa wolfSSL_X509_get_subject_name
  4940. \sa wolfSSL_X509_get_isCA
  4941. */
  4942. WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
  4943. /*!
  4944. \ingroup Debug
  4945. \brief This function is similar to calling wolfSSL_get_error() and
  4946. getting SSL_ERROR_WANT_READ in return. If the underlying error state
  4947. is SSL_ERROR_WANT_READ, this function will return 1, otherwise, 0.
  4948. \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_READ, the
  4949. underlying I/O has data available for reading.
  4950. \return 0 There is no SSL_ERROR_WANT_READ error state.
  4951. \param ssl pointer to the SSL session, created with wolfSSL_new().
  4952. _Example_
  4953. \code
  4954. int ret;
  4955. WOLFSSL* ssl = 0;
  4956. ...
  4957. ret = wolfSSL_want_read(ssl);
  4958. if (ret == 1) {
  4959. // underlying I/O has data available for reading (SSL_ERROR_WANT_READ)
  4960. }
  4961. \endcode
  4962. \sa wolfSSL_want_write
  4963. \sa wolfSSL_get_error
  4964. */
  4965. int wolfSSL_want_read(WOLFSSL*);
  4966. /*!
  4967. \ingroup Debug
  4968. \brief This function is similar to calling wolfSSL_get_error() and getting
  4969. SSL_ERROR_WANT_WRITE in return. If the underlying error state is
  4970. SSL_ERROR_WANT_WRITE, this function will return 1, otherwise, 0.
  4971. \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_WRITE, the
  4972. underlying I/O needs data to be written in order for progress to be
  4973. made in the underlying SSL connection.
  4974. \return 0 There is no SSL_ERROR_WANT_WRITE error state.
  4975. \param ssl pointer to the SSL session, created with wolfSSL_new().
  4976. _Example_
  4977. \code
  4978. int ret;
  4979. WOLFSSL* ssl = 0;
  4980. ...
  4981. ret = wolfSSL_want_write(ssl);
  4982. if (ret == 1) {
  4983. // underlying I/O needs data to be written (SSL_ERROR_WANT_WRITE)
  4984. }
  4985. \endcode
  4986. \sa wolfSSL_want_read
  4987. \sa wolfSSL_get_error
  4988. */
  4989. int wolfSSL_want_write(WOLFSSL*);
  4990. /*!
  4991. \ingroup Setup
  4992. \brief wolfSSL by default checks the peer certificate for a valid date
  4993. range and a verified signature. Calling this function before
  4994. wolfSSL_connect() or wolfSSL_accept() will add a domain name check to
  4995. the list of checks to perform. dn holds the domain name to check
  4996. against the peer certificate when it’s received.
  4997. \return SSL_SUCCESS upon success.
  4998. \return SSL_FAILURE will be returned if a memory error was encountered.
  4999. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5000. \param dn domain name to check against the peer certificate when received.
  5001. _Example_
  5002. \code
  5003. int ret = 0;
  5004. WOLFSSL* ssl;
  5005. char* domain = (char*) “www.yassl.com”;
  5006. ...
  5007. ret = wolfSSL_check_domain_name(ssl, domain);
  5008. if (ret != SSL_SUCCESS) {
  5009. // failed to enable domain name check
  5010. }
  5011. \endcode
  5012. \sa none
  5013. */
  5014. int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
  5015. /*!
  5016. \ingroup TLS
  5017. \brief Initializes the wolfSSL library for use. Must be called once per
  5018. application and before any other call to the library.
  5019. \return SSL_SUCCESS If successful the call will return.
  5020. \return BAD_MUTEX_E is an error that may be returned.
  5021. \return WC_INIT_E wolfCrypt initialization error returned.
  5022. _Example_
  5023. \code
  5024. int ret = 0;
  5025. ret = wolfSSL_Init();
  5026. if (ret != SSL_SUCCESS) {
  5027. failed to initialize wolfSSL library
  5028. }
  5029. \endcode
  5030. \sa wolfSSL_Cleanup
  5031. */
  5032. int wolfSSL_Init(void);
  5033. /*!
  5034. \ingroup TLS
  5035. \brief Un-initializes the wolfSSL library from further use. Doesn’t have
  5036. to be called, though it will free any resources used by the library.
  5037. \return SSL_SUCCESS return no errors.
  5038. \return BAD_MUTEX_E a mutex error return.]
  5039. _Example_
  5040. \code
  5041. wolfSSL_Cleanup();
  5042. \endcode
  5043. \sa wolfSSL_Init
  5044. */
  5045. int wolfSSL_Cleanup(void);
  5046. /*!
  5047. \ingroup IO
  5048. \brief This function returns the current library version.
  5049. \return LIBWOLFSSL_VERSION_STRING a const char pointer defining the
  5050. version.
  5051. \param none No parameters.
  5052. _Example_
  5053. \code
  5054. char version[MAXSIZE];
  5055. version = wolfSSL_KeepArrays();
  5056. if(version != ExpectedVersion){
  5057. // Handle the mismatch case
  5058. }
  5059. \endcode
  5060. \sa word32_wolfSSL_lib_version_hex
  5061. */
  5062. const char* wolfSSL_lib_version(void);
  5063. /*!
  5064. \ingroup IO
  5065. \brief This function returns the current library version in hexadecimal
  5066. notation.
  5067. \return LILBWOLFSSL_VERSION_HEX returns the hexadecimal version defined in
  5068. wolfssl/version.h.
  5069. \param none No parameters.
  5070. _Example_
  5071. \code
  5072. word32 libV;
  5073. libV = wolfSSL_lib_version_hex();
  5074. if(libV != EXPECTED_HEX){
  5075. // How to handle an unexpected value
  5076. } else {
  5077. // The expected result for libV
  5078. }
  5079. \endcode
  5080. \sa wolfSSL_lib_version
  5081. */
  5082. word32 wolfSSL_lib_version_hex(void);
  5083. /*!
  5084. \ingroup IO
  5085. \brief Performs the actual connect or accept based on the side of the SSL
  5086. method. If called from the client side then an wolfSSL_connect() is done
  5087. while a wolfSSL_accept() is performed if called from the server side.
  5088. \return SSL_SUCCESS will be returned if successful. (Note, older versions
  5089. will return 0.)
  5090. \return SSL_FATAL_ERROR will be returned if the underlying call resulted
  5091. in an error. Use wolfSSL_get_error() to get a specific error code.
  5092. \param ssl pointer to the SSL session, created with wolfSSL_new().
  5093. _Example_
  5094. \code
  5095. int ret = SSL_FATAL_ERROR;
  5096. WOLFSSL* ssl = 0;
  5097. ...
  5098. ret = wolfSSL_negotiate(ssl);
  5099. if (ret == SSL_FATAL_ERROR) {
  5100. // SSL establishment failed
  5101. int error_code = wolfSSL_get_error(ssl);
  5102. ...
  5103. }
  5104. ...
  5105. \endcode
  5106. \sa SSL_connect
  5107. \sa SSL_accept
  5108. */
  5109. int wolfSSL_negotiate(WOLFSSL* ssl);
  5110. /*!
  5111. \ingroup Setup
  5112. \brief Turns on the ability to use compression for the SSL connection.
  5113. Both sides must have compression turned on otherwise compression will not be
  5114. used. The zlib library performs the actual data compression. To compile
  5115. into the library use --with-libz for the configure system and define
  5116. HAVE_LIBZ otherwise. Keep in mind that while compressing data before
  5117. sending decreases the actual size of the messages being sent and received,
  5118. the amount of data saved by compression usually takes longer in time to
  5119. analyze than it does to send it raw on all but the slowest of networks.
  5120. \return SSL_SUCCESS upon success.
  5121. \return NOT_COMPILED_IN will be returned if compression support wasn’t
  5122. built into the library.
  5123. \param ssl pointer to the SSL session, created with wolfSSL_new().
  5124. _Example_
  5125. \code
  5126. int ret = 0;
  5127. WOLFSSL* ssl = 0;
  5128. ...
  5129. ret = wolfSSL_set_compression(ssl);
  5130. if (ret == SSL_SUCCESS) {
  5131. // successfully enabled compression for SSL session
  5132. }
  5133. \endcode
  5134. \sa none
  5135. */
  5136. int wolfSSL_set_compression(WOLFSSL* ssl);
  5137. /*!
  5138. \ingroup Setup
  5139. \brief This function sets the SSL session timeout value in seconds.
  5140. \return SSL_SUCCESS will be returned upon successfully setting the session.
  5141. \return BAD_FUNC_ARG will be returned if ssl is NULL.
  5142. \param ssl pointer to the SSL object, created with wolfSSL_new().
  5143. \param to value, in seconds, used to set the SSL session timeout.
  5144. _Example_
  5145. \code
  5146. int ret = 0;
  5147. WOLFSSL* ssl = 0;
  5148. ...
  5149. ret = wolfSSL_set_timeout(ssl, 500);
  5150. if (ret != SSL_SUCCESS) {
  5151. // failed to set session timeout value
  5152. }
  5153. ...
  5154. \endcode
  5155. \sa wolfSSL_get1_session
  5156. \sa wolfSSL_set_session
  5157. */
  5158. int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to);
  5159. /*!
  5160. \ingroup Setup
  5161. \brief This function sets the timeout value for SSL sessions, in seconds,
  5162. for the specified SSL context.
  5163. \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
  5164. \return defined on success. If not defined, SSL_SUCCESS will be returned.
  5165. \return BAD_FUNC_ARG will be returned when the input context (ctx) is null.
  5166. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  5167. \param to session timeout value in seconds.
  5168. _Example_
  5169. \code
  5170. WOLFSSL_CTX* ctx = 0;
  5171. ...
  5172. ret = wolfSSL_CTX_set_timeout(ctx, 500);
  5173. if (ret != SSL_SUCCESS) {
  5174. // failed to set session timeout value
  5175. }
  5176. \endcode
  5177. \sa wolfSSL_flush_sessions
  5178. \sa wolfSSL_get1_session
  5179. \sa wolfSSL_set_session
  5180. \sa wolfSSL_get_sessionID
  5181. \sa wolfSSL_CTX_set_session_cache_mode
  5182. */
  5183. int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to);
  5184. /*!
  5185. \ingroup openSSL
  5186. \brief Retrieves the peer’s certificate chain.
  5187. \return chain If successful the call will return the peer’s
  5188. certificate chain.
  5189. \return 0 will be returned if an invalid WOLFSSL pointer is passed to the
  5190. function.
  5191. \param ssl pointer to a valid WOLFSSL structure.
  5192. _Example_
  5193. \code
  5194. none
  5195. \endcode
  5196. \sa wolfSSL_get_chain_count
  5197. \sa wolfSSL_get_chain_length
  5198. \sa wolfSSL_get_chain_cert
  5199. \sa wolfSSL_get_chain_cert_pem
  5200. */
  5201. WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
  5202. /*!
  5203. \ingroup openSSL
  5204. \brief Retrieve's the peers certificate chain count.
  5205. \return Success If successful the call will return the peer’s certificate
  5206. chain count.
  5207. \return 0 will be returned if an invalid chain pointer is passed to
  5208. the function.
  5209. \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
  5210. _Example_
  5211. \code
  5212. none
  5213. \endcode
  5214. \sa wolfSSL_get_peer_chain
  5215. \sa wolfSSL_get_chain_length
  5216. \sa wolfSSL_get_chain_cert
  5217. \sa wolfSSL_get_chain_cert_pem
  5218. */
  5219. int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
  5220. /*!
  5221. \ingroup openSSL
  5222. \brief Retrieves the peer’s ASN1.DER certificate length in bytes
  5223. at index (idx).
  5224. \return Success If successful the call will return the peer’s
  5225. certificate length in bytes by index.
  5226. \return 0 will be returned if an invalid chain pointer is passed
  5227. to the function.
  5228. \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
  5229. \param idx index to start of chain.
  5230. _Example_
  5231. \code
  5232. none
  5233. \endcode
  5234. \sa wolfSSL_get_peer_chain
  5235. \sa wolfSSL_get_chain_count
  5236. \sa wolfSSL_get_chain_cert
  5237. \sa wolfSSL_get_chain_cert_pem
  5238. */
  5239. int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx);
  5240. /*!
  5241. \ingroup openSSL
  5242. \brief Retrieves the peer’s ASN1.DER certificate at index (idx).
  5243. \return Success If successful the call will return the peer’s
  5244. certificate by index.
  5245. \return 0 will be returned if an invalid chain pointer is passed
  5246. to the function.
  5247. \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
  5248. \param idx index to start of chain.
  5249. _Example_
  5250. \code
  5251. none
  5252. \endcode
  5253. \sa wolfSSL_get_peer_chain
  5254. \sa wolfSSL_get_chain_count
  5255. \sa wolfSSL_get_chain_length
  5256. \sa wolfSSL_get_chain_cert_pem
  5257. */
  5258. unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx);
  5259. /*!
  5260. \ingroup CertsKeys
  5261. \brief This function gets the peer’s wolfSSL_X509_certificate at
  5262. index (idx) from the chain of certificates.
  5263. \return pointer returns a pointer to a WOLFSSL_X509 structure.
  5264. \param chain a pointer to the WOLFSSL_X509_CHAIN used for no dynamic
  5265. memory SESSION_CACHE.
  5266. \param idx the index of the WOLFSSL_X509 certificate.
  5267. Note that it is the user's responsibility to free the returned memory
  5268. by calling wolfSSL_FreeX509().
  5269. _Example_
  5270. \code
  5271. WOLFSSL_X509_CHAIN* chain = &session->chain;
  5272. int idx = 999; // set idx
  5273. ...
  5274. WOLFSSL_X509_CHAIN ptr;
  5275. prt = wolfSSL_get_chain_X509(chain, idx);
  5276. if(ptr != NULL){
  5277. // ptr contains the cert at the index specified
  5278. wolfSSL_FreeX509(ptr);
  5279. } else {
  5280. // ptr is NULL
  5281. }
  5282. \endcode
  5283. \sa InitDecodedCert
  5284. \sa ParseCertRelative
  5285. \sa CopyDecodedToX509
  5286. */
  5287. WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx);
  5288. /*!
  5289. \ingroup openSSL
  5290. \brief Retrieves the peer’s PEM certificate at index (idx).
  5291. \return Success If successful the call will return the peer’s
  5292. certificate by index.
  5293. \return 0 will be returned if an invalid chain pointer is passed to
  5294. the function.
  5295. \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
  5296. \param idx indexto start of chain.
  5297. _Example_
  5298. \code
  5299. none
  5300. \endcode
  5301. \sa wolfSSL_get_peer_chain
  5302. \sa wolfSSL_get_chain_count
  5303. \sa wolfSSL_get_chain_length
  5304. \sa wolfSSL_get_chain_cert
  5305. */
  5306. int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
  5307. unsigned char* buf, int inLen, int* outLen);
  5308. /*!
  5309. \ingroup openSSL
  5310. \brief Retrieves the session’s ID. The session ID is always 32 bytes long.
  5311. \return id The session ID.
  5312. \param session pointer to a valid wolfssl session.
  5313. _Example_
  5314. \code
  5315. none
  5316. \endcode
  5317. \sa SSL_get_session
  5318. */
  5319. const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
  5320. /*!
  5321. \ingroup openSSL
  5322. \brief Retrieves the peer’s certificate serial number. The serial
  5323. number buffer (in) should be at least 32 bytes long and be provided
  5324. as the *inOutSz argument as input. After calling the function *inOutSz
  5325. will hold the actual length in bytes written to the in buffer.
  5326. \return SSL_SUCCESS upon success.
  5327. \return BAD_FUNC_ARG will be returned if a bad function argument
  5328. was encountered.
  5329. \param in The serial number buffer and should be at least 32 bytes long
  5330. \param inOutSz will hold the actual length in bytes written to the
  5331. in buffer.
  5332. _Example_
  5333. \code
  5334. none
  5335. \endcode
  5336. \sa SSL_get_peer_certificate
  5337. */
  5338. int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, unsigned char* in,
  5339. int* inOutSz);
  5340. /*!
  5341. \ingroup CertsKeys
  5342. \brief Returns the common name of the subject from the certificate.
  5343. \return NULL returned if the x509 structure is null
  5344. \return string a string representation of the subject's common
  5345. name is returned upon success
  5346. \param x509 a pointer to a WOLFSSL_X509 structure containing
  5347. certificate information.
  5348. _Example_
  5349. \code
  5350. WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  5351. DYNAMIC_TYPE_X509);
  5352. ...
  5353. int x509Cn = wolfSSL_X509_get_subjectCN(x509);
  5354. if(x509Cn == NULL){
  5355. // Deal with NULL case
  5356. } else {
  5357. // x509Cn contains the common name
  5358. }
  5359. \endcode
  5360. \sa wolfSSL_X509_Name_get_entry
  5361. \sa wolfSSL_X509_get_next_altname
  5362. \sa wolfSSL_X509_get_issuer_name
  5363. \sa wolfSSL_X509_get_subject_name
  5364. */
  5365. char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
  5366. /*!
  5367. \ingroup CertsKeys
  5368. \brief This function gets the DER encoded certificate in the
  5369. WOLFSSL_X509 struct.
  5370. \return buffer This function returns the DerBuffer structure’s
  5371. buffer member, which is of type byte.
  5372. \return NULL returned if the x509 or outSz parameter is NULL.
  5373. \param x509 a pointer to a WOLFSSL_X509 structure containing
  5374. certificate information.
  5375. \param outSz length of the derBuffer member of the WOLFSSL_X509 struct.
  5376. _Example_
  5377. \code
  5378. WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  5379. DYNAMIC_TYPE_X509);
  5380. int* outSz; // initialize
  5381. ...
  5382. byte* x509Der = wolfSSL_X509_get_der(x509, outSz);
  5383. if(x509Der == NULL){
  5384. // Failure case one of the parameters was NULL
  5385. }
  5386. \endcode
  5387. \sa wolfSSL_X509_version
  5388. \sa wolfSSL_X509_Name_get_entry
  5389. \sa wolfSSL_X509_get_next_altname
  5390. \sa wolfSSL_X509_get_issuer_name
  5391. \sa wolfSSL_X509_get_subject_name
  5392. */
  5393. const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz);
  5394. /*!
  5395. \ingroup CertsKeys
  5396. \brief This function checks to see if x509 is NULL and if it’s not,
  5397. it returns the notAfter member of the x509 struct.
  5398. \return pointer to struct with ASN1_TIME to the notAfter
  5399. member of the x509 struct.
  5400. \return NULL returned if the x509 object is NULL.
  5401. \param x509 a pointer to the WOLFSSL_X509 struct.
  5402. _Example_
  5403. \code
  5404. WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
  5405. DYNAMIC_TYPE_X509) ;
  5406. ...
  5407. const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509);
  5408. if(notAfter == NULL){
  5409. // Failure case, the x509 object is null.
  5410. }
  5411. \endcode
  5412. \sa wolfSSL_X509_get_notBefore
  5413. */
  5414. WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*);
  5415. /*!
  5416. \ingroup CertsKeys
  5417. \brief This function retrieves the version of the X509 certificate.
  5418. \return 0 returned if the x509 structure is NULL.
  5419. \return version the version stored in the x509 structure will be returned.
  5420. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5421. _Example_
  5422. \code
  5423. WOLFSSL_X509* x509;
  5424. int version;
  5425. ...
  5426. version = wolfSSL_X509_version(x509);
  5427. if(!version){
  5428. // The function returned 0, failure case.
  5429. }
  5430. \endcode
  5431. \sa wolfSSL_X509_get_subject_name
  5432. \sa wolfSSL_X509_get_issuer_name
  5433. \sa wolfSSL_X509_get_isCA
  5434. \sa wolfSSL_get_peer_certificate
  5435. */
  5436. int wolfSSL_X509_version(WOLFSSL_X509*);
  5437. /*!
  5438. \ingroup CertsKeys
  5439. \brief If NO_STDIO_FILESYSTEM is defined this function will allocate
  5440. heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it.
  5441. \return *WOLFSSL_X509 WOLFSSL_X509 structure pointer is returned if
  5442. the function executes successfully.
  5443. \return NULL if the call to XFTELL macro returns a negative value.
  5444. \param x509 a pointer to a WOLFSSL_X509 pointer.
  5445. \param file a defined type that is a pointer to a FILE.
  5446. _Example_
  5447. \code
  5448. WOLFSSL_X509* x509a = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  5449. DYNAMIC_TYPE_X509);
  5450. WOLFSSL_X509** x509 = x509a;
  5451. XFILE file; (mapped to struct fs_file*)
  5452. ...
  5453. WOLFSSL_X509* newX509 = wolfSSL_X509_d2i_fp(x509, file);
  5454. if(newX509 == NULL){
  5455. // The function returned NULL
  5456. }
  5457. \endcode
  5458. \sa wolfSSL_X509_d2i
  5459. \sa XFTELL
  5460. \sa XREWIND
  5461. \sa XFSEEK
  5462. */
  5463. WOLFSSL_X509*
  5464. wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
  5465. /*!
  5466. \ingroup CertsKeys
  5467. \brief The function loads the x509 certificate into memory.
  5468. \return pointer a successful execution returns pointer to a
  5469. WOLFSSL_X509 structure.
  5470. \return NULL returned if the certificate was not able to be written.
  5471. \param fname the certificate file to be loaded.
  5472. \param format the format of the certificate.
  5473. _Example_
  5474. \code
  5475. #define cliCert “certs/client-cert.pem”
  5476. X509* x509;
  5477. x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
  5478. AssertNotNull(x509);
  5479. \endcode
  5480. \sa InitDecodedCert
  5481. \sa PemToDer
  5482. \sa wolfSSL_get_certificate
  5483. \sa AssertNotNull
  5484. */
  5485. WOLFSSL_X509*
  5486. wolfSSL_X509_load_certificate_file(const char* fname, int format);
  5487. /*!
  5488. \ingroup CertsKeys
  5489. \brief This function copies the device type from the x509 structure
  5490. to the buffer.
  5491. \return pointer returns a byte pointer holding the device type from
  5492. the x509 structure.
  5493. \return NULL returned if the buffer size is NULL.
  5494. \param x509 pointer to a WOLFSSL_X509 structure, created with
  5495. WOLFSSL_X509_new().
  5496. \param in a pointer to a byte type that will hold the device type
  5497. (the buffer).
  5498. \param inOutSz the minimum of either the parameter inOutSz or the
  5499. deviceTypeSz member of the x509 structure.
  5500. _Example_
  5501. \code
  5502. WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
  5503. DYNAMIC_TYPE_X509);
  5504. byte* in;
  5505. int* inOutSz;
  5506. ...
  5507. byte* deviceType = wolfSSL_X509_get_device_type(x509, in, inOutSz);
  5508. if(!deviceType){
  5509. // Failure case, NULL was returned.
  5510. }
  5511. \endcode
  5512. \sa wolfSSL_X509_get_hw_type
  5513. \sa wolfSSL_X509_get_hw_serial_number
  5514. \sa wolfSSL_X509_d2i
  5515. */
  5516. unsigned char*
  5517. wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, unsigned char* in,
  5518. int* inOutSz);
  5519. /*!
  5520. \ingroup CertsKeys
  5521. \brief The function copies the hwType member of the WOLFSSL_X509
  5522. structure to the buffer.
  5523. \return byte The function returns a byte type of the data previously held
  5524. in the hwType member of the WOLFSSL_X509 structure.
  5525. \return NULL returned if inOutSz is NULL.
  5526. \param x509 a pointer to a WOLFSSL_X509 structure containing certificate
  5527. information.
  5528. \param in pointer to type byte that represents the buffer.
  5529. \param inOutSz pointer to type int that represents the size of the buffer.
  5530. _Example_
  5531. \code
  5532. WOLFSSL_X509* x509; // X509 certificate
  5533. byte* in; // initialize the buffer
  5534. int* inOutSz; // holds the size of the buffer
  5535. ...
  5536. byte* hwType = wolfSSL_X509_get_hw_type(x509, in, inOutSz);
  5537. if(hwType == NULL){
  5538. // Failure case function returned NULL.
  5539. }
  5540. \endcode
  5541. \sa wolfSSL_X509_get_hw_serial_number
  5542. \sa wolfSSL_X509_get_device_type
  5543. */
  5544. unsigned char*
  5545. wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, unsigned char* in,
  5546. int* inOutSz);
  5547. /*!
  5548. \ingroup CertsKeys
  5549. \brief This function returns the hwSerialNum member of the x509 object.
  5550. \return pointer the function returns a byte pointer to the in buffer that
  5551. will contain the serial number loaded from the x509 object.
  5552. \param x509 pointer to a WOLFSSL_X509 structure containing certificate
  5553. information.
  5554. \param in a pointer to the buffer that will be copied to.
  5555. \param inOutSz a pointer to the size of the buffer.
  5556. _Example_
  5557. \code
  5558. char* serial;
  5559. byte* in;
  5560. int* inOutSz;
  5561. WOLFSSL_X509 x509;
  5562. ...
  5563. serial = wolfSSL_X509_get_hw_serial_number(x509, in, inOutSz);
  5564. if(serial == NULL || serial <= 0){
  5565. // Failure case
  5566. }
  5567. \endcode
  5568. \sa wolfSSL_X509_get_subject_name
  5569. \sa wolfSSL_X509_get_issuer_name
  5570. \sa wolfSSL_X509_get_isCA
  5571. \sa wolfSSL_get_peer_certificate
  5572. \sa wolfSSL_X509_version
  5573. */
  5574. unsigned char*
  5575. wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,
  5576. unsigned char* in, int* inOutSz);
  5577. /*!
  5578. \ingroup IO
  5579. \brief This function is called on the client side and initiates an
  5580. SSL/TLS handshake with a server only long enough to get the peer’s
  5581. certificate chain. When this function is called, the underlying
  5582. communication channel has already been set up. wolfSSL_connect_cert()
  5583. works with both blocking and non-blocking I/O. When the underlying I/O
  5584. is non-blocking, wolfSSL_connect_cert() will return when the underlying
  5585. I/O could not satisfy the needs of wolfSSL_connect_cert() to continue the
  5586. handshake. In this case, a call to wolfSSL_get_error() will yield either
  5587. SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
  5588. repeat the call to wolfSSL_connect_cert() when the underlying I/O is ready
  5589. and wolfSSL will pick up where it left off. When using a non-blocking
  5590. socket, nothing needs to be done, but select() can be used to check for
  5591. the required condition. If the underlying I/O is blocking,
  5592. wolfSSL_connect_cert() will only return once the peer’s certificate chain
  5593. has been received.
  5594. \return SSL_SUCCESS upon success.
  5595. \return SSL_FAILURE will be returned if the SSL session parameter is NULL.
  5596. \return SSL_FATAL_ERROR will be returned if an error occurred. To get a more
  5597. detailed error code, call wolfSSL_get_error().
  5598. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5599. _Example_
  5600. \code
  5601. int ret = 0;
  5602. int err = 0;
  5603. WOLFSSL* ssl;
  5604. char buffer[80];
  5605. ...
  5606. ret = wolfSSL_connect_cert(ssl);
  5607. if (ret != SSL_SUCCESS) {
  5608. err = wolfSSL_get_error(ssl, ret);
  5609. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  5610. }
  5611. \endcode
  5612. \sa wolfSSL_get_error
  5613. \sa wolfSSL_connect
  5614. \sa wolfSSL_accept
  5615. */
  5616. int wolfSSL_connect_cert(WOLFSSL* ssl);
  5617. /*!
  5618. \ingroup openSSL
  5619. \brief wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12
  5620. information from WOLFSSL_BIO to the structure WC_PKCS12. The information
  5621. is divided up in the structure as a list of Content Infos along with a
  5622. structure to hold optional MAC information. After the information has been
  5623. divided into chunks (but not decrypted) in the structure WC_PKCS12, it can
  5624. then be parsed and decrypted by calling.
  5625. \return WC_PKCS12 pointer to a WC_PKCS12 structure.
  5626. \return Failure If function failed it will return NULL.
  5627. \param bio WOLFSSL_BIO structure to read PKCS12 buffer from.
  5628. \param pkcs12 WC_PKCS12 structure pointer for new PKCS12 structure created.
  5629. Can be NULL
  5630. _Example_
  5631. \code
  5632. WC_PKCS12* pkcs;
  5633. WOLFSSL_BIO* bio;
  5634. WOLFSSL_X509* cert;
  5635. WOLFSSL_EVP_PKEY* pkey;
  5636. STACK_OF(X509) certs;
  5637. //bio loads in PKCS12 file
  5638. wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
  5639. wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
  5640. wc_PKCS12_free(pkcs)
  5641. //use cert, pkey, and optionally certs stack
  5642. \endcode
  5643. \sa wolfSSL_PKCS12_parse
  5644. \sa wc_PKCS12_free
  5645. */
  5646. WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
  5647. WC_PKCS12** pkcs12);
  5648. /*!
  5649. \ingroup openSSL
  5650. \brief wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert
  5651. information from the structure WC_PKCS12 to WOLFSSL_BIO.
  5652. \return 1 for success.
  5653. \return Failure 0.
  5654. \param bio WOLFSSL_BIO structure to write PKCS12 buffer to.
  5655. \param pkcs12 WC_PKCS12 structure for PKCS12 structure as input.
  5656. _Example_
  5657. \code
  5658. WC_PKCS12 pkcs12;
  5659. FILE *f;
  5660. byte buffer[5300];
  5661. char file[] = "./test.p12";
  5662. int bytes;
  5663. WOLFSSL_BIO* bio;
  5664. pkcs12 = wc_PKCS12_new();
  5665. f = fopen(file, "rb");
  5666. bytes = (int)fread(buffer, 1, sizeof(buffer), f);
  5667. fclose(f);
  5668. //convert the DER file into an internal structure
  5669. wc_d2i_PKCS12(buffer, bytes, pkcs12);
  5670. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
  5671. //convert PKCS12 structure into bio
  5672. wolfSSL_i2d_PKCS12_bio(bio, pkcs12);
  5673. wc_PKCS12_free(pkcs)
  5674. //use bio
  5675. \endcode
  5676. \sa wolfSSL_PKCS12_parse
  5677. \sa wc_PKCS12_free
  5678. */
  5679. WC_PKCS12* wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO* bio,
  5680. WC_PKCS12* pkcs12);
  5681. /*!
  5682. \ingroup openSSL
  5683. \brief PKCS12 can be enabled with adding –enable-opensslextra to the
  5684. configure command. It can use triple DES and RC4 for decryption so would
  5685. recommend also enabling these features when enabling opensslextra
  5686. (--enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so
  5687. decryption with RC2 is currently not available. This may be noticeable
  5688. with default encryption schemes used by OpenSSL command line to create
  5689. .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this
  5690. function does is check the MAC is correct if present. If the MAC fails
  5691. then the function returns and does not try to decrypt any of the stored
  5692. Content Infos. This function then parses through each Content Info
  5693. looking for a bag type, if the bag type is known it is decrypted as
  5694. needed and either stored in the list of certificates being built or as
  5695. a key found. After parsing through all bags the key found is then
  5696. compared with the certificate list until a matching pair is found.
  5697. This matching pair is then returned as the key and certificate,
  5698. optionally the certificate list found is returned as a STACK_OF
  5699. certificates. At the moment a CRL, Secret or SafeContents bag will be
  5700. skipped over and not parsed. It can be seen if these or other “Unknown”
  5701. bags are skipped over by viewing the debug print out. Additional attributes
  5702. such as friendly name are skipped over when parsing a PKCS12 file.
  5703. \return SSL_SUCCESS On successfully parsing PKCS12.
  5704. \return SSL_FAILURE If an error case was encountered.
  5705. \param pkcs12 WC_PKCS12 structure to parse.
  5706. \param paswd password for decrypting PKCS12.
  5707. \param pkey structure to hold private key decoded from PKCS12.
  5708. \param cert structure to hold certificate decoded from PKCS12.
  5709. \param stack optional stack of extra certificates.
  5710. _Example_
  5711. \code
  5712. WC_PKCS12* pkcs;
  5713. WOLFSSL_BIO* bio;
  5714. WOLFSSL_X509* cert;
  5715. WOLFSSL_EVP_PKEY* pkey;
  5716. STACK_OF(X509) certs;
  5717. //bio loads in PKCS12 file
  5718. wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
  5719. wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
  5720. wc_PKCS12_free(pkcs)
  5721. //use cert, pkey, and optionally certs stack
  5722. \endcode
  5723. \sa wolfSSL_d2i_PKCS12_bio
  5724. \sa wc_PKCS12_free
  5725. */
  5726. int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
  5727. WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca);
  5728. /*!
  5729. \ingroup CertsKeys
  5730. \brief Server Diffie-Hellman Ephemeral parameters setting. This function
  5731. sets up the group parameters to be used if the server negotiates a cipher
  5732. suite that uses DHE.
  5733. \return SSL_SUCCESS upon success.
  5734. \return MEMORY_ERROR will be returned if a memory error was encountered.
  5735. \return SIDE_ERROR will be returned if this function is called on an SSL
  5736. client instead of an SSL server.
  5737. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5738. \param p Diffie-Hellman prime number parameter.
  5739. \param pSz size of p.
  5740. \param g Diffie-Hellman “generator” parameter.
  5741. \param gSz size of g.
  5742. _Example_
  5743. \code
  5744. WOLFSSL* ssl;
  5745. static unsigned char p[] = {...};
  5746. static unsigned char g[] = {...};
  5747. ...
  5748. wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
  5749. \endcode
  5750. \sa SSL_accept
  5751. */
  5752. int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
  5753. const unsigned char* g, int gSz);
  5754. /*!
  5755. \ingroup CertsKeys
  5756. \brief The function calls the wolfSSL_SetTMpDH_buffer_wrapper,
  5757. which is a wrapper for Diffie-Hellman parameters.
  5758. \return SSL_SUCCESS on successful execution.
  5759. \return SSL_BAD_FILETYPE if the file type is not PEM and is not
  5760. ASN.1. It will also be returned if the wc_DhParamsLoad does not
  5761. return normally.
  5762. \return SSL_NO_PEM_HEADER returns from PemToDer if there is not
  5763. a PEM header.
  5764. \return SSL_BAD_FILE returned if there is a file error in PemToDer.
  5765. \return SSL_FATAL_ERROR returned from PemToDer if there was a copy error.
  5766. \return MEMORY_E - if there was a memory allocation error.
  5767. \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
  5768. there was otherwise a NULL argument passed to a subroutine.
  5769. \return DH_KEY_SIZE_E is returned if their is a key size error in
  5770. wolfSSL_SetTmpDH() or in wolfSSL_CTX_SetTmpDH().
  5771. \return SIDE_ERROR returned if it is not the server side
  5772. in wolfSSL_SetTmpDH.
  5773. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5774. \param buf allocated buffer passed in from wolfSSL_SetTMpDH_file_wrapper.
  5775. \param sz a long int that holds the size of the file
  5776. (fname within wolfSSL_SetTmpDH_file_wrapper).
  5777. \param format an integer type passed through from
  5778. wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate
  5779. format.
  5780. _Example_
  5781. \code
  5782. Static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
  5783. Const char* fname, int format);
  5784. long sz = 0;
  5785. byte* myBuffer = staticBuffer[FILE_BUFFER_SIZE];
  5786. if(ssl)
  5787. ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
  5788. \endcode
  5789. \sa wolfSSL_SetTmpDH_buffer_wrapper
  5790. \sa wc_DhParamsLoad
  5791. \sa wolfSSL_SetTmpDH
  5792. \sa PemToDer
  5793. \sa wolfSSL_CTX_SetTmpDH
  5794. \sa wolfSSL_CTX_SetTmpDH_file
  5795. */
  5796. int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* b, long sz,
  5797. int format);
  5798. /*!
  5799. \ingroup CertsKeys
  5800. \brief This function calls wolfSSL_SetTmpDH_file_wrapper to set server
  5801. Diffie-Hellman parameters.
  5802. \return SSL_SUCCESS returned on successful completion of this function
  5803. and its subroutines.
  5804. \return MEMORY_E returned if a memory allocation failed in this function
  5805. or a subroutine.
  5806. \return SIDE_ERROR if the side member of the Options structure found
  5807. in the WOLFSSL struct is not the server side.
  5808. \return SSL_BAD_FILETYPE returns if the certificate fails a set of checks.
  5809. \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
  5810. the value of the minDhKeySz member in the WOLFSSL struct.
  5811. \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
  5812. than the value of the maxDhKeySz member in the WOLFSSL struct.
  5813. \return BAD_FUNC_ARG returns if an argument value is NULL that is not
  5814. permitted such as, the WOLFSSL structure.
  5815. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5816. \param fname a constant char pointer holding the certificate.
  5817. \param format an integer type that holds the format of the certification.
  5818. _Example_
  5819. \code
  5820. WOLFSSL* ssl = wolfSSL_new(ctx);
  5821. const char* dhParam;
  5822. AssertIntNE(SSL_SUCCESS,
  5823. wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM));
  5824. \endcode
  5825. \sa wolfSSL_CTX_SetTmpDH_file
  5826. \sa wolfSSL_SetTmpDH_file_wrapper
  5827. \sa wolfSSL_SetTmpDH_buffer
  5828. \sa wolfSSL_CTX_SetTmpDH_buffer
  5829. \sa wolfSSL_SetTmpDH_buffer_wrapper
  5830. \sa wolfSSL_SetTmpDH
  5831. \sa wolfSSL_CTX_SetTmpDH
  5832. */
  5833. int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* f, int format);
  5834. /*!
  5835. \ingroup CertsKeys
  5836. \brief Sets the parameters for the server CTX Diffie-Hellman.
  5837. \return SSL_SUCCESS returned if the function and all subroutines
  5838. return without error.
  5839. \return BAD_FUNC_ARG returned if the CTX, p or g parameters are NULL.
  5840. \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
  5841. the value of the minDhKeySz member of the WOLFSSL_CTX struct.
  5842. \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
  5843. than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
  5844. \return MEMORY_E returned if the allocation of memory failed in this
  5845. function or a subroutine.
  5846. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  5847. wolfSSL_CTX_new().
  5848. \param p a constant unsigned char pointer loaded into the buffer
  5849. member of the serverDH_P struct.
  5850. \param pSz an int type representing the size of p, initialized
  5851. to MAX_DH_SIZE.
  5852. \param g a constant unsigned char pointer loaded into the buffer
  5853. member of the serverDH_G struct.
  5854. \param gSz an int type representing the size of g, initialized to
  5855. MAX_DH_SIZE.
  5856. _Exmaple_
  5857. \code
  5858. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
  5859. byte* p;
  5860. byte* g;
  5861. word32 pSz = (word32)sizeof(p)/sizeof(byte);
  5862. word32 gSz = (word32)sizeof(g)/sizeof(byte);
  5863. int ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
  5864. if(ret != SSL_SUCCESS){
  5865. // Failure case
  5866. }
  5867. \endcode
  5868. \sa wolfSSL_SetTmpDH
  5869. \sa wc_DhParamsLoad
  5870. */
  5871. int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p,
  5872. int pSz, const unsigned char* g, int gSz);
  5873. /*!
  5874. \ingroup CertsKeys
  5875. \brief A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper
  5876. \return 0 returned for a successful execution.
  5877. \return BAD_FUNC_ARG returned if the ctx or buf parameters are NULL.
  5878. \return MEMORY_E if there is a memory allocation error.
  5879. \return SSL_BAD_FILETYPE returned if format is not correct.
  5880. \param ctx a pointer to a WOLFSSL structure, created using
  5881. wolfSSL_CTX_new().
  5882. \param buf a pointer to a constant unsigned char type that is
  5883. allocated as the buffer and passed through to
  5884. wolfSSL_SetTmpDH_buffer_wrapper.
  5885. \param sz a long integer type that is derived from the fname parameter
  5886. in wolfSSL_SetTmpDH_file_wrapper().
  5887. \param format an integer type passed through from
  5888. wolfSSL_SetTmpDH_file_wrapper().
  5889. _Example_
  5890. \code
  5891. static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
  5892. Const char* fname, int format);
  5893. #ifdef WOLFSSL_SMALL_STACK
  5894. byte staticBuffer[1]; // force heap usage
  5895. #else
  5896. byte* staticBuffer;
  5897. long sz = 0;
  5898. if(ssl){
  5899. ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
  5900. } else {
  5901. ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
  5902. }
  5903. \endcode
  5904. \sa wolfSSL_SetTmpDH_buffer_wrapper
  5905. \sa wolfSSL_SetTMpDH_buffer
  5906. \sa wolfSSL_SetTmpDH_file_wrapper
  5907. \sa wolfSSL_CTX_SetTmpDH_file
  5908. */
  5909. int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* b,
  5910. long sz, int format);
  5911. /*!
  5912. \ingroup CertsKeys
  5913. \brief The function calls wolfSSL_SetTmpDH_file_wrapper to set the server
  5914. Diffie-Hellman parameters.
  5915. \return SSL_SUCCESS returned if the wolfSSL_SetTmpDH_file_wrapper or any
  5916. of its subroutines return successfully.
  5917. \return MEMORY_E returned if an allocation of dynamic memory fails in a
  5918. subroutine.
  5919. \return BAD_FUNC_ARG returned if the ctx or fname parameters are NULL or
  5920. if
  5921. a subroutine is passed a NULL argument.
  5922. \return SSL_BAD_FILE returned if the certificate file is unable to open or
  5923. if the a set of checks on the file fail from wolfSSL_SetTmpDH_file_wrapper.
  5924. \return SSL_BAD_FILETYPE returned if the format is not PEM or ASN.1 from
  5925. wolfSSL_SetTmpDH_buffer_wrapper().
  5926. \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
  5927. the value of the minDhKeySz member of the WOLFSSL_CTX struct.
  5928. \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
  5929. than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
  5930. \return SIDE_ERROR returned in wolfSSL_SetTmpDH() if the side is not the
  5931. server end.
  5932. \return SSL_NO_PEM_HEADER returned from PemToDer if there is no PEM header.
  5933. \return SSL_FATAL_ERROR returned from PemToDer if there is a memory copy
  5934. failure.
  5935. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  5936. wolfSSL_CTX_new().
  5937. \param fname a constant character pointer to a certificate file.
  5938. \param format an integer type passed through from
  5939. wolfSSL_SetTmpDH_file_wrapper() that is a representation of
  5940. the certificate format.
  5941. _Example_
  5942. \code
  5943. #define dhParam “certs/dh2048.pem”
  5944. #DEFINE aSSERTiNTne(x, y) AssertInt(x, y, !=, ==)
  5945. WOLFSSL_CTX* ctx;
  5946. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))
  5947. AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParam,
  5948. SSL_FILETYPE_PEM));
  5949. \endcode
  5950. \sa wolfSSL_SetTmpDH_buffer_wrapper
  5951. \sa wolfSSL_SetTmpDH
  5952. \sa wolfSSL_CTX_SetTmpDH
  5953. \sa wolfSSL_SetTmpDH_buffer
  5954. \sa wolfSSL_CTX_SetTmpDH_buffer
  5955. \sa wolfSSL_SetTmpDH_file_wrapper
  5956. \sa AllocDer
  5957. \sa PemToDer
  5958. */
  5959. int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* f,
  5960. int format);
  5961. /*!
  5962. \ingroup CertsKeys
  5963. \brief This function sets the minimum size (in bits) of the Diffie Hellman
  5964. key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure.
  5965. \return SSL_SUCCESS returned if the function completes successfully.
  5966. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
  5967. the keySz_bits is greater than 16,000 or not divisible by 8.
  5968. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5969. \param keySz_bits a word16 type used to set the minimum DH key size in bits.
  5970. The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
  5971. _Example_
  5972. \code
  5973. public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey){
  5974. return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits);
  5975. \endcode
  5976. \sa wolfSSL_SetMinDhKey_Sz
  5977. \sa wolfSSL_CTX_SetMaxDhKey_Sz
  5978. \sa wolfSSL_SetMaxDhKey_Sz
  5979. \sa wolfSSL_GetDhKey_Sz
  5980. \sa wolfSSL_CTX_SetTMpDH_file
  5981. */
  5982. int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16);
  5983. /*!
  5984. \ingroup CertsKeys
  5985. \brief Sets the minimum size (in bits) for a Diffie-Hellman key in the
  5986. WOLFSSL structure.
  5987. \return SSL_SUCCESS the minimum size was successfully set.
  5988. \return BAD_FUNC_ARG the WOLFSSL structure was NULL or if the keySz_bits is
  5989. greater than 16,000 or not divisible by 8.
  5990. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  5991. \param keySz_bits a word16 type used to set the minimum DH key size in bits.
  5992. The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
  5993. _Example_
  5994. \code
  5995. WOLFSSL* ssl = wolfSSL_new(ctx);
  5996. word16 keySz_bits;
  5997. ...
  5998. if(wolfSSL_SetMinDhKey_Sz(ssl, keySz_bits) != SSL_SUCCESS){
  5999. // Failed to set.
  6000. }
  6001. \endcode
  6002. \sa wolfSSL_CTX_SetMinDhKey_Sz
  6003. \sa wolfSSL_GetDhKey_Sz
  6004. */
  6005. int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
  6006. /*!
  6007. \ingroup CertsKeys
  6008. \brief This function sets the maximum size (in bits) of the Diffie Hellman
  6009. key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure.
  6010. \return SSL_SUCCESS returned if the function completes successfully.
  6011. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
  6012. the keySz_bits is greater than 16,000 or not divisible by 8.
  6013. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6014. \param keySz_bits a word16 type used to set the maximum DH key size in bits.
  6015. The WOLFSSL_CTX struct holds this information in the maxDhKeySz member.
  6016. _Example_
  6017. \code
  6018. public static int CTX_SetMaxDhKey_Sz(IntPtr ctx, short maxDhKey){
  6019. return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits);
  6020. \endcode
  6021. \sa wolfSSL_SetMinDhKey_Sz
  6022. \sa wolfSSL_CTX_SetMinDhKey_Sz
  6023. \sa wolfSSL_SetMaxDhKey_Sz
  6024. \sa wolfSSL_GetDhKey_Sz
  6025. \sa wolfSSL_CTX_SetTMpDH_file
  6026. */
  6027. int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits);
  6028. /*!
  6029. \ingroup CertsKeys
  6030. \brief Sets the maximum size (in bits) for a Diffie-Hellman key in the
  6031. WOLFSSL structure.
  6032. \return SSL_SUCCESS the maximum size was successfully set.
  6033. \return BAD_FUNC_ARG the WOLFSSL structure was NULL or the keySz parameter
  6034. was greater than the allowable size or not divisible by 8.
  6035. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6036. \param keySz a word16 type representing the bit size of the maximum DH key.
  6037. _Example_
  6038. \code
  6039. WOLFSSL* ssl = wolfSSL_new(ctx);
  6040. word16 keySz;
  6041. ...
  6042. if(wolfSSL_SetMaxDhKey(ssl, keySz) != SSL_SUCCESS){
  6043. // Failed to set.
  6044. }
  6045. \endcode
  6046. \sa wolfSSL_CTX_SetMaxDhKey_Sz
  6047. \sa wolfSSL_GetDhKey_Sz
  6048. */
  6049. int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
  6050. /*!
  6051. \ingroup CertsKeys
  6052. \brief Returns the value of dhKeySz (in bits) that is a member of the
  6053. options structure. This value represents the Diffie-Hellman key size in
  6054. bytes.
  6055. \return dhKeySz returns the value held in ssl->options.dhKeySz which is an
  6056. integer value representing a size in bits.
  6057. \return BAD_FUNC_ARG returns if the WOLFSSL struct is NULL.
  6058. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6059. _Example_
  6060. \code
  6061. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  6062. WOLFSSL* ssl = wolfSSL_new(ctx);
  6063. int dhKeySz;
  6064. ...
  6065. dhKeySz = wolfSSL_GetDhKey_Sz(ssl);
  6066. if(dhKeySz == BAD_FUNC_ARG || dhKeySz <= 0){
  6067. // Failure case
  6068. } else {
  6069. // dhKeySz holds the size of the key.
  6070. }
  6071. \endcode
  6072. \sa wolfSSL_SetMinDhKey_sz
  6073. \sa wolfSSL_CTX_SetMinDhKey_Sz
  6074. \sa wolfSSL_CTX_SetTmpDH
  6075. \sa wolfSSL_SetTmpDH
  6076. \sa wolfSSL_CTX_SetTmpDH_file
  6077. */
  6078. int wolfSSL_GetDhKey_Sz(WOLFSSL*);
  6079. /*!
  6080. \ingroup CertsKeys
  6081. \brief Sets the minimum RSA key size in both the WOLFSSL_CTX structure
  6082. and the WOLFSSL_CERT_MANAGER structure.
  6083. \return SSL_SUCCESS returned on successful execution of the function.
  6084. \return BAD_FUNC_ARG returned if the ctx structure is NULL or the keySz
  6085. is less than zero or not divisible by 8.
  6086. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  6087. wolfSSL_CTX_new().
  6088. \param keySz a short integer type stored in minRsaKeySz in the ctx
  6089. structure and the cm structure converted to bytes.
  6090. _Example_
  6091. \code
  6092. WOLFSSL_CTX* ctx = SSL_CTX_new(method);
  6093. (void)minDhKeyBits;
  6094. ourCert = myoptarg;
  6095. minDhKeyBits = atoi(myoptarg);
  6096. if(wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
  6097. \endcode
  6098. \sa wolfSSL_SetMinRsaKey_Sz
  6099. */
  6100. int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz);
  6101. /*!
  6102. \ingroup CertsKeys
  6103. \brief Sets the minimum allowable key size in bits for RSA located in the
  6104. WOLFSSL structure.
  6105. \return SSL_SUCCESS the minimum was set successfully.
  6106. \return BAD_FUNC_ARG returned if the ssl structure is NULL or if the ksySz
  6107. is less than zero or not divisible by 8.
  6108. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6109. \param keySz a short integer value representing the the minimum key in bits.
  6110. _Example_
  6111. \code
  6112. WOLFSSL* ssl = wolfSSL_new(ctx);
  6113. short keySz;
  6114. int isSet = wolfSSL_SetMinRsaKey_Sz(ssl, keySz);
  6115. if(isSet != SSL_SUCCESS){
  6116. Failed to set.
  6117. }
  6118. \endcode
  6119. \sa wolfSSL_CTX_SetMinRsaKey_Sz
  6120. */
  6121. int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz);
  6122. /*!
  6123. \ingroup CertsKeys
  6124. \brief Sets the minimum size in bits for the ECC key in the WOLF_CTX
  6125. structure and the WOLFSSL_CERT_MANAGER structure.
  6126. \return SSL_SUCCESS returned for a successful execution and the minEccKeySz
  6127. member is set.
  6128. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
  6129. the keySz is negative or not divisible by 8.
  6130. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  6131. wolfSSL_CTX_new().
  6132. \param keySz a short integer type that represents the minimum ECC key
  6133. size in bits.
  6134. _Example_
  6135. \code
  6136. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  6137. short keySz; // minimum key size
  6138. if(wolfSSL_CTX_SetMinEccKey(ctx, keySz) != SSL_SUCCESS){
  6139. // Failed to set min key size
  6140. }
  6141. \endcode
  6142. \sa wolfSSL_SetMinEccKey_Sz
  6143. */
  6144. int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz);
  6145. /*!
  6146. \ingroup CertsKeys
  6147. \brief Sets the value of the minEccKeySz member of the options structure.
  6148. The options struct is a member of the WOLFSSL structure and is
  6149. accessed through the ssl parameter.
  6150. \return SSL_SUCCESS if the function successfully set the minEccKeySz
  6151. member of the options structure.
  6152. \return BAD_FUNC_ARG if the WOLFSSL_CTX structure is NULL or if the
  6153. key size (keySz) is less than 0 (zero) or not divisible by 8.
  6154. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6155. \param keySz value used to set the minimum ECC key size. Sets
  6156. value in the options structure.
  6157. _Example_
  6158. \code
  6159. WOLFSSL* ssl = wolfSSL_new(ctx); // New session
  6160. short keySz = 999; // should be set to min key size allowable
  6161. ...
  6162. if(wolfSSL_SetMinEccKey_Sz(ssl, keySz) != SSL_SUCCESS){
  6163. // Failure case.
  6164. }
  6165. \endcode
  6166. \sa wolfSSL_CTX_SetMinEccKey_Sz
  6167. \sa wolfSSL_CTX_SetMinRsaKey_Sz
  6168. \sa wolfSSL_SetMinRsaKey_Sz
  6169. */
  6170. int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz);
  6171. /*!
  6172. \ingroup CertsKeys
  6173. \brief This function is used by EAP_TLS and EAP-TTLS to derive
  6174. keying material from the master secret.
  6175. \return BUFFER_E returned if the actual size of the buffer exceeds
  6176. the maximum size allowable.
  6177. \return MEMORY_E returned if there is an error with memory allocation.
  6178. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6179. \param msk a void pointer variable that will hold the result
  6180. of the p_hash function.
  6181. \param len an unsigned integer that represents the length of
  6182. the msk variable.
  6183. \param label a constant char pointer that is copied from in wc_PRF().
  6184. _Example_
  6185. \code
  6186. WOLFSSL* ssl = wolfSSL_new(ctx);;
  6187. void* msk;
  6188. unsigned int len;
  6189. const char* label;
  6190. return wolfSSL_make_eap_keys(ssl, msk, len, label);
  6191. \endcode
  6192. \sa wc_PRF
  6193. \sa wc_HmacFinal
  6194. \sa wc_HmacUpdate
  6195. */
  6196. int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
  6197. const char* label);
  6198. /*!
  6199. \ingroup IO
  6200. \brief Simulates writev semantics but doesn’t actually do block at a time
  6201. because of SSL_write() behavior and because front adds may be small.
  6202. Makes porting into software that uses writev easier.
  6203. \return >0 the number of bytes written upon success.
  6204. \return 0 will be returned upon failure. Call wolfSSL_get_error() for
  6205. the specific error code.
  6206. \return MEMORY_ERROR will be returned if a memory error was encountered.
  6207. \return SSL_FATAL_ERROR will be returned upon failure when either an error
  6208. occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
  6209. SSL_ERROR_WANT_WRITE error was received and and the application needs to
  6210. call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
  6211. error code.
  6212. \param ssl pointer to the SSL session, created with wolfSSL_new().
  6213. \param iov array of I/O vectors to write
  6214. \param iovcnt number of vectors in iov array.
  6215. _Example_
  6216. \code
  6217. WOLFSSL* ssl = 0;
  6218. char *bufA = “hello\n”;
  6219. char *bufB = “hello world\n”;
  6220. int iovcnt;
  6221. struct iovec iov[2];
  6222. iov[0].iov_base = buffA;
  6223. iov[0].iov_len = strlen(buffA);
  6224. iov[1].iov_base = buffB;
  6225. iov[1].iov_len = strlen(buffB);
  6226. iovcnt = 2;
  6227. ...
  6228. ret = wolfSSL_writev(ssl, iov, iovcnt);
  6229. // wrote “ret” bytes, or error if <= 0.
  6230. \endcode
  6231. \sa wolfSSL_write
  6232. */
  6233. int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
  6234. int iovcnt);
  6235. /*!
  6236. \ingroup Setup
  6237. \brief This function unloads the CA signer list and frees
  6238. the whole signer table.
  6239. \return SSL_SUCCESS returned on successful execution of the function.
  6240. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
  6241. are otherwise unpermitted argument values passed in a subroutine.
  6242. \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
  6243. did not return 0.
  6244. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  6245. wolfSSL_CTX_new().
  6246. _Example_
  6247. \code
  6248. WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
  6249. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
  6250. if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
  6251. // The function did not unload CAs
  6252. }
  6253. \endcode
  6254. \sa wolfSSL_CertManagerUnloadCAs
  6255. \sa LockMutex
  6256. \sa UnlockMutex
  6257. */
  6258. int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
  6259. /*!
  6260. \ingroup Setup
  6261. \brief This function unloads intermediate certificates added to the CA
  6262. signer list and frees them.
  6263. \return SSL_SUCCESS returned on successful execution of the function.
  6264. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
  6265. are otherwise unpermitted argument values passed in a subroutine.
  6266. \return BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
  6267. \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
  6268. did not return 0.
  6269. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  6270. wolfSSL_CTX_new().
  6271. _Example_
  6272. \code
  6273. WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
  6274. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
  6275. if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
  6276. // The function did not unload CAs
  6277. }
  6278. \endcode
  6279. \sa wolfSSL_CTX_UnloadCAs
  6280. \sa wolfSSL_CertManagerUnloadIntermediateCerts
  6281. */
  6282. int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
  6283. /*!
  6284. \ingroup Setup
  6285. \brief This function is used to unload all previously loaded trusted peer
  6286. certificates. Feature is enabled by defining the macro
  6287. WOLFSSL_TRUST_PEER_CERT.
  6288. \return SSL_SUCCESS upon success.
  6289. \return BAD_FUNC_ARG will be returned if ctx is NULL.
  6290. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6291. can’t be read, or is corrupted.
  6292. \return MEMORY_E will be returned if an out of memory condition occurs.
  6293. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6294. _Example_
  6295. \code
  6296. int ret = 0;
  6297. WOLFSSL_CTX* ctx;
  6298. ...
  6299. ret = wolfSSL_CTX_Unload_trust_peers(ctx);
  6300. if (ret != SSL_SUCCESS) {
  6301. // error unloading trusted peer certs
  6302. }
  6303. ...
  6304. \endcode
  6305. \sa wolfSSL_CTX_trust_peer_buffer
  6306. \sa wolfSSL_CTX_trust_peer_cert
  6307. */
  6308. int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
  6309. /*!
  6310. \ingroup Setup
  6311. \brief This function loads a certificate to use for verifying a peer
  6312. when performing a TLS/SSL handshake. The peer certificate sent during
  6313. the handshake is compared by using the SKID when available and the
  6314. signature. If these two things do not match then any loaded CAs are used.
  6315. Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from
  6316. a buffer instead of a file. Feature is enabled by defining the macro
  6317. WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage.
  6318. \return SSL_SUCCESS upon success
  6319. \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
  6320. type are invalid.
  6321. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6322. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  6323. read, or is corrupted.
  6324. \return MEMORY_E will be returned if an out of memory condition occurs.
  6325. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6326. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6327. \param buffer pointer to the buffer containing certificates.
  6328. \param sz length of the buffer input.
  6329. \param type type of certificate being loaded i.e. SSL_FILETYPE_ASN1 or
  6330. SSL_FILETYPE_PEM.
  6331. _Example_
  6332. \code
  6333. int ret = 0;
  6334. WOLFSSL_CTX* ctx;
  6335. ...
  6336. ret = wolfSSL_CTX_trust_peer_buffer(ctx, bufferPtr, bufferSz,
  6337. SSL_FILETYPE_PEM);
  6338. if (ret != SSL_SUCCESS) {
  6339. // error loading trusted peer cert
  6340. }
  6341. ...
  6342. \endcode
  6343. \sa wolfSSL_CTX_load_verify_buffer
  6344. \sa wolfSSL_CTX_use_certificate_file
  6345. \sa wolfSSL_CTX_use_PrivateKey_file
  6346. \sa wolfSSL_CTX_use_certificate_chain_file
  6347. \sa wolfSSL_CTX_trust_peer_cert
  6348. \sa wolfSSL_CTX_Unload_trust_peers
  6349. \sa wolfSSL_use_certificate_file
  6350. \sa wolfSSL_use_PrivateKey_file
  6351. \sa wolfSSL_use_certificate_chain_file
  6352. */
  6353. int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
  6354. long sz, int format);
  6355. /*!
  6356. \ingroup CertsKeys
  6357. \brief This function loads a CA certificate buffer into the WOLFSSL
  6358. Context. It behaves like the non-buffered version, only differing in
  6359. its ability to be called with a buffer as input instead of a file.
  6360. The buffer is provided by the in argument of size sz. format specifies
  6361. the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6362. More than one CA certificate may be loaded per buffer as long as the
  6363. format is in PEM. Please see the examples for proper usage.
  6364. \return SSL_SUCCESS upon success
  6365. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6366. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6367. can’t be read, or is corrupted.
  6368. \return MEMORY_E will be returned if an out of memory condition occurs.
  6369. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6370. \return BUFFER_E will be returned if a chain buffer is bigger than
  6371. the receiving buffer.
  6372. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6373. \param in pointer to the CA certificate buffer.
  6374. \param sz size of the input CA certificate buffer, in.
  6375. \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
  6376. or SSL_FILETYPE_PEM.
  6377. _Example_
  6378. \code
  6379. int ret = 0;
  6380. WOLFSSL_CTX* ctx;
  6381. byte certBuff[...];
  6382. long sz = sizeof(certBuff);
  6383. ...
  6384. ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
  6385. if (ret != SSL_SUCCESS) {
  6386. // error loading CA certs from buffer
  6387. }
  6388. ...
  6389. \endcode
  6390. \sa wolfSSL_CTX_load_verify_locations
  6391. \sa wolfSSL_CTX_use_certificate_buffer
  6392. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6393. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6394. \sa wolfSSL_use_certificate_buffer
  6395. \sa wolfSSL_use_PrivateKey_buffer
  6396. \sa wolfSSL_use_certificate_chain_buffer
  6397. */
  6398. int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
  6399. long sz, int format);
  6400. /*!
  6401. \ingroup CertsKeys
  6402. \brief This function loads a CA certificate buffer into the WOLFSSL
  6403. Context. It behaves like the non-buffered version, only differing in
  6404. its ability to be called with a buffer as input instead of a file.
  6405. The buffer is provided by the in argument of size sz. format specifies
  6406. the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6407. More than one CA certificate may be loaded per buffer as long as the
  6408. format is in PEM. The _ex version was added in PR 2413 and supports
  6409. additional arguments for userChain and flags.
  6410. \return SSL_SUCCESS upon success
  6411. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6412. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6413. can’t be read, or is corrupted.
  6414. \return MEMORY_E will be returned if an out of memory condition occurs.
  6415. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6416. \return BUFFER_E will be returned if a chain buffer is bigger than
  6417. the receiving buffer.
  6418. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6419. \param in pointer to the CA certificate buffer.
  6420. \param sz size of the input CA certificate buffer, in.
  6421. \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
  6422. or SSL_FILETYPE_PEM.
  6423. \param userChain If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero
  6424. indicates a chain of DER's is being presented.
  6425. \param flags: See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.
  6426. _Example_
  6427. \code
  6428. int ret = 0;
  6429. WOLFSSL_CTX* ctx;
  6430. byte certBuff[...];
  6431. long sz = sizeof(certBuff);
  6432. ...
  6433. // Example for force loading an expired certificate
  6434. ret = wolfSSL_CTX_load_verify_buffer_ex(ctx, certBuff, sz, SSL_FILETYPE_PEM,
  6435. 0, (WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
  6436. if (ret != SSL_SUCCESS) {
  6437. // error loading CA certs from buffer
  6438. }
  6439. ...
  6440. \endcode
  6441. \sa wolfSSL_CTX_load_verify_buffer
  6442. \sa wolfSSL_CTX_load_verify_locations
  6443. \sa wolfSSL_CTX_use_certificate_buffer
  6444. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6445. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6446. \sa wolfSSL_use_certificate_buffer
  6447. \sa wolfSSL_use_PrivateKey_buffer
  6448. \sa wolfSSL_use_certificate_chain_buffer
  6449. */
  6450. int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
  6451. const unsigned char* in, long sz,
  6452. int format, int userChain, word32 flags);
  6453. /*!
  6454. \ingroup CertsKeys
  6455. \brief This function loads a CA certificate chain buffer into the WOLFSSL
  6456. Context. It behaves like the non-buffered version, only differing in
  6457. its ability to be called with a buffer as input instead of a file.
  6458. The buffer is provided by the in argument of size sz. format specifies
  6459. the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6460. More than one CA certificate may be loaded per buffer as long as the
  6461. format is in PEM. Please see the examples for proper usage.
  6462. \return SSL_SUCCESS upon success
  6463. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6464. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6465. can’t be read, or is corrupted.
  6466. \return MEMORY_E will be returned if an out of memory condition occurs.
  6467. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6468. \return BUFFER_E will be returned if a chain buffer is bigger than
  6469. the receiving buffer.
  6470. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6471. \param in pointer to the CA certificate buffer.
  6472. \param sz size of the input CA certificate buffer, in.
  6473. \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
  6474. or SSL_FILETYPE_PEM.
  6475. _Example_
  6476. \code
  6477. int ret = 0;
  6478. WOLFSSL_CTX* ctx;
  6479. byte certBuff[...];
  6480. long sz = sizeof(certBuff);
  6481. ...
  6482. ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
  6483. certBuff, sz, WOLFSSL_FILETYPE_ASN1);
  6484. if (ret != SSL_SUCCESS) {
  6485. // error loading CA certs from buffer
  6486. }
  6487. ...
  6488. \endcode
  6489. \sa wolfSSL_CTX_load_verify_locations
  6490. \sa wolfSSL_CTX_use_certificate_buffer
  6491. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6492. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6493. \sa wolfSSL_use_certificate_buffer
  6494. \sa wolfSSL_use_PrivateKey_buffer
  6495. \sa wolfSSL_use_certificate_chain_buffer
  6496. */
  6497. int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
  6498. const unsigned char* in,
  6499. long sz, int format);
  6500. /*!
  6501. \ingroup CertsKeys
  6502. \brief This function loads a certificate buffer into the WOLFSSL Context.
  6503. It behaves like the non-buffered version, only differing in its ability
  6504. to be called with a buffer as input instead of a file. The buffer is
  6505. provided by the in argument of size sz. format specifies the format
  6506. type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
  6507. see the examples for proper usage.
  6508. \return SSL_SUCCESS upon success
  6509. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6510. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6511. can’t be read, or is corrupted.
  6512. \return MEMORY_E will be returned if an out of memory condition occurs.
  6513. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6514. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6515. \param in the input buffer containing the certificate to be loaded.
  6516. \param sz the size of the input buffer.
  6517. \param format the format of the certificate located in the input
  6518. buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6519. _Example_
  6520. \code
  6521. int ret = 0;
  6522. WOLFSSL_CTX* ctx;
  6523. byte certBuff[...];
  6524. long sz = sizeof(certBuff);
  6525. ...
  6526. ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
  6527. if (ret != SSL_SUCCESS) {
  6528. // error loading certificate from buffer
  6529. }
  6530. ...
  6531. \endcode
  6532. \sa wolfSSL_CTX_load_verify_buffer
  6533. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6534. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6535. \sa wolfSSL_use_certificate_buffer
  6536. \sa wolfSSL_use_PrivateKey_buffer
  6537. \sa wolfSSL_use_certificate_chain_buffer
  6538. */
  6539. int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
  6540. const unsigned char* in, long sz,
  6541. int format);
  6542. /*!
  6543. \ingroup CertsKeys
  6544. \brief This function loads a private key buffer into the SSL Context.
  6545. It behaves like the non-buffered version, only differing in its ability
  6546. to be called with a buffer as input instead of a file. The buffer is
  6547. provided by the in argument of size sz. format specifies the format type
  6548. of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the
  6549. examples for proper usage.
  6550. \return SSL_SUCCESS upon success
  6551. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6552. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  6553. read, or is corrupted.
  6554. \return MEMORY_E will be returned if an out of memory condition occurs.
  6555. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6556. \return NO_PASSWORD will be returned if the key file is encrypted but no
  6557. password is provided.
  6558. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6559. \param in the input buffer containing the private key to be loaded.
  6560. \param sz the size of the input buffer.
  6561. \param format the format of the private key located in the input
  6562. buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6563. _Example_
  6564. \code
  6565. int ret = 0;
  6566. WOLFSSL_CTX* ctx;
  6567. byte keyBuff[...];
  6568. long sz = sizeof(certBuff);
  6569. ...
  6570. ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
  6571. if (ret != SSL_SUCCESS) {
  6572. // error loading private key from buffer
  6573. }
  6574. ...
  6575. \endcode
  6576. \sa wolfSSL_CTX_load_verify_buffer
  6577. \sa wolfSSL_CTX_use_certificate_buffer
  6578. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6579. \sa wolfSSL_use_certificate_buffer
  6580. \sa wolfSSL_use_PrivateKey_buffer
  6581. \sa wolfSSL_use_certificate_chain_buffer
  6582. */
  6583. int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
  6584. const unsigned char* in, long sz,
  6585. int format);
  6586. /*!
  6587. \ingroup CertsKeys
  6588. \brief This function loads a certificate chain buffer into the WOLFSSL
  6589. Context. It behaves like the non-buffered version, only differing in
  6590. its ability to be called with a buffer as input instead of a file.
  6591. The buffer is provided by the in argument of size sz. The buffer must
  6592. be in PEM format and start with the subject’s certificate, ending with
  6593. the root certificate. Please see the examples for proper usage.
  6594. \return SSL_SUCCESS upon success
  6595. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6596. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6597. can’t be read, or is corrupted.
  6598. \return MEMORY_E will be returned if an out of memory condition occurs.
  6599. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6600. \return BUFFER_E will be returned if a chain buffer is bigger than
  6601. the receiving buffer.
  6602. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6603. \param in the input buffer containing the PEM-formatted certificate
  6604. chain to be loaded.
  6605. \param sz the size of the input buffer.
  6606. _Example_
  6607. \code
  6608. int ret = 0;
  6609. WOLFSSL_CTX* ctx;
  6610. byte certChainBuff[...];
  6611. long sz = sizeof(certBuff);
  6612. ...
  6613. ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
  6614. if (ret != SSL_SUCCESS) {
  6615. // error loading certificate chain from buffer
  6616. }
  6617. ...
  6618. \endcode
  6619. \sa wolfSSL_CTX_load_verify_buffer
  6620. \sa wolfSSL_CTX_use_certificate_buffer
  6621. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6622. \sa wolfSSL_use_certificate_buffer
  6623. \sa wolfSSL_use_PrivateKey_buffer
  6624. \sa wolfSSL_use_certificate_chain_buffer
  6625. */
  6626. int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
  6627. const unsigned char* in, long sz);
  6628. /*!
  6629. \ingroup CertsKeys
  6630. \brief This function loads a certificate buffer into the WOLFSSL object.
  6631. It behaves like the non-buffered version, only differing in its ability
  6632. to be called with a buffer as input instead of a file. The buffer
  6633. is provided by the in argument of size sz. format specifies the format
  6634. type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6635. Please see the examples for proper usage.
  6636. \return SSL_SUCCESS upon success.
  6637. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6638. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
  6639. be read, or is corrupted.
  6640. \return MEMORY_E will be returned if an out of memory condition occurs.
  6641. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6642. \param ssl pointer to the SSL session, created with wolfSSL_new().
  6643. \param in buffer containing certificate to load.
  6644. \param sz size of the certificate located in buffer.
  6645. \param format format of the certificate to be loaded.
  6646. Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6647. _Example_
  6648. \code
  6649. int ret;
  6650. byte certBuff[...];
  6651. WOLFSSL* ssl = 0;
  6652. long buffSz = sizeof(certBuff);
  6653. ...
  6654. ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
  6655. if (ret != SSL_SUCCESS) {
  6656. // failed to load certificate from buffer
  6657. }
  6658. \endcode
  6659. \sa wolfSSL_CTX_load_verify_buffer
  6660. \sa wolfSSL_CTX_use_certificate_buffer
  6661. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6662. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6663. \sa wolfSSL_use_PrivateKey_buffer
  6664. \sa wolfSSL_use_certificate_chain_buffer
  6665. */
  6666. int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
  6667. long sz, int format);
  6668. /*!
  6669. \ingroup CertsKeys
  6670. \brief This function loads a private key buffer into the WOLFSSL object.
  6671. It behaves like the non-buffered version, only differing in its ability
  6672. to be called with a buffer as input instead of a file. The buffer is
  6673. provided by the in argument of size sz. format specifies the format
  6674. type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
  6675. see the examples for proper usage.
  6676. \return SSL_SUCCESS upon success.
  6677. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6678. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  6679. read, or is corrupted.
  6680. \return MEMORY_E will be returned if an out of memory condition occurs.
  6681. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6682. \return NO_PASSWORD will be returned if the key file is encrypted but no
  6683. password is provided.
  6684. \param ssl pointer to the SSL session, created with wolfSSL_new().
  6685. \param in buffer containing private key to load.
  6686. \param sz size of the private key located in buffer.
  6687. \param format format of the private key to be loaded. Possible values are
  6688. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  6689. _Example_
  6690. \code
  6691. int ret;
  6692. byte keyBuff[...];
  6693. WOLFSSL* ssl = 0;
  6694. long buffSz = sizeof(certBuff);
  6695. ...
  6696. ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
  6697. if (ret != SSL_SUCCESS) {
  6698. // failed to load private key from buffer
  6699. }
  6700. \endcode
  6701. \sa wolfSSL_use_PrivateKey
  6702. \sa wolfSSL_CTX_load_verify_buffer
  6703. \sa wolfSSL_CTX_use_certificate_buffer
  6704. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6705. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6706. \sa wolfSSL_use_certificate_buffer
  6707. \sa wolfSSL_use_certificate_chain_buffer
  6708. */
  6709. int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
  6710. long sz, int format);
  6711. /*!
  6712. \ingroup CertsKeys
  6713. \brief This function loads a certificate chain buffer into the WOLFSSL
  6714. object. It behaves like the non-buffered version, only differing in its
  6715. ability to be called with a buffer as input instead of a file. The buffer
  6716. is provided by the in argument of size sz. The buffer must be in PEM format
  6717. and start with the subject’s certificate, ending with the root certificate.
  6718. Please see the examples for proper usage.
  6719. \return SSL_SUCCES upon success.
  6720. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  6721. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  6722. can’t be read, or is corrupted.
  6723. \return MEMORY_E will be returned if an out of memory condition occurs.
  6724. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  6725. \return BUFFER_E will be returned if a chain buffer is bigger than
  6726. the receiving buffer.
  6727. \param ssl pointer to the SSL session, created with wolfSSL_new().
  6728. \param in buffer containing certificate to load.
  6729. \param sz size of the certificate located in buffer.
  6730. _Example_
  6731. \code
  6732. int ret;
  6733. byte certChainBuff[...];
  6734. WOLFSSL* ssl = 0;
  6735. long buffSz = sizeof(certBuff);
  6736. ...
  6737. ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
  6738. if (ret != SSL_SUCCESS) {
  6739. // failed to load certificate chain from buffer
  6740. }
  6741. \endcode
  6742. \sa wolfSSL_CTX_load_verify_buffer
  6743. \sa wolfSSL_CTX_use_certificate_buffer
  6744. \sa wolfSSL_CTX_use_PrivateKey_buffer
  6745. \sa wolfSSL_CTX_use_certificate_chain_buffer
  6746. \sa wolfSSL_use_certificate_buffer
  6747. \sa wolfSSL_use_PrivateKey_buffer
  6748. */
  6749. int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
  6750. const unsigned char* in, long sz);
  6751. /*!
  6752. \ingroup CertsKeys
  6753. \brief This function unloads any certificates or keys that SSL owns.
  6754. \return SSL_SUCCESS - returned if the function executed successfully.
  6755. \return BAD_FUNC_ARG - returned if the WOLFSSL object is NULL.
  6756. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6757. _Example_
  6758. \code
  6759. WOLFSSL* ssl = wolfSSL_new(ctx);
  6760. ...
  6761. int unloadKeys = wolfSSL_UnloadCertsKeys(ssl);
  6762. if(unloadKeys != SSL_SUCCESS){
  6763. // Failure case.
  6764. }
  6765. \endcode
  6766. \sa wolfSSL_CTX_UnloadCAs
  6767. */
  6768. int wolfSSL_UnloadCertsKeys(WOLFSSL*);
  6769. /*!
  6770. \ingroup Setup
  6771. \brief This function turns on grouping of handshake messages where possible.
  6772. \return SSL_SUCCESS will be returned upon success.
  6773. \return BAD_FUNC_ARG will be returned if the input context is null.
  6774. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  6775. _Example_
  6776. \code
  6777. WOLFSSL_CTX* ctx = 0;
  6778. ...
  6779. ret = wolfSSL_CTX_set_group_messages(ctx);
  6780. if (ret != SSL_SUCCESS) {
  6781. // failed to set handshake message grouping
  6782. }
  6783. \endcode
  6784. \sa wolfSSL_set_group_messages
  6785. \sa wolfSSL_CTX_new
  6786. */
  6787. int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
  6788. /*!
  6789. \ingroup Setup
  6790. \brief This function turns on grouping of handshake messages where possible.
  6791. \return SSL_SUCCESS will be returned upon success.
  6792. \return BAD_FUNC_ARG will be returned if the input context is null.
  6793. \param ssl pointer to the SSL session, created with wolfSSL_new().
  6794. _Example_
  6795. \code
  6796. WOLFSSL* ssl = 0;
  6797. ...
  6798. ret = wolfSSL_set_group_messages(ssl);
  6799. if (ret != SSL_SUCCESS) {
  6800. // failed to set handshake message grouping
  6801. }
  6802. \endcode
  6803. \sa wolfSSL_CTX_set_group_messages
  6804. \sa wolfSSL_new
  6805. */
  6806. int wolfSSL_set_group_messages(WOLFSSL*);
  6807. /*!
  6808. \brief This function sets the fuzzer callback.
  6809. \return none No returns.
  6810. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6811. \param cbf a CallbackFuzzer type that is a function pointer of the form:
  6812. int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, int
  6813. type, void* fuzzCtx);
  6814. \param fCtx a void pointer type that will be set to the fuzzerCtx member of
  6815. the WOLFSSL structure.
  6816. _Example_
  6817. \code
  6818. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  6819. WOLFSSL* ssl = wolfSSL_new(ctx);
  6820. void* fCtx;
  6821. int callbackFuzzerCB(WOLFSSL* ssl, const unsigned char* buf, int sz,
  6822. int type, void* fuzzCtx){
  6823. // function definition
  6824. }
  6825. wolfSSL_SetFuzzerCb(ssl, callbackFuzzerCB, fCtx);
  6826. \endcode
  6827. \sa CallbackFuzzer
  6828. */
  6829. void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
  6830. /*!
  6831. \brief This function sets a new dtls cookie secret.
  6832. \return 0 returned if the function executed without an error.
  6833. \return BAD_FUNC_ARG returned if there was an argument passed
  6834. to the function with an unacceptable value.
  6835. \return COOKIE_SECRET_SZ returned if the secret size is 0.
  6836. \return MEMORY_ERROR returned if there was a problem allocating
  6837. memory for a new cookie secret.
  6838. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6839. \param secret a constant byte pointer representing the secret buffer.
  6840. \param secretSz the size of the buffer.
  6841. _Example_
  6842. \code
  6843. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  6844. WOLFSSL* ssl = wolfSSL_new(ctx);
  6845. const* byte secret;
  6846. word32 secretSz; // size of secret
  6847. if(!wolfSSL_DTLS_SetCookieSecret(ssl, secret, secretSz)){
  6848. // Code block for failure to set DTLS cookie secret
  6849. } else {
  6850. // Success! Cookie secret is set.
  6851. }
  6852. \endcode
  6853. \sa ForceZero
  6854. \sa wc_RNG_GenerateBlock
  6855. */
  6856. int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
  6857. const unsigned char* secret,
  6858. unsigned int secretSz);
  6859. /*!
  6860. \brief This function retrieves the random number.
  6861. \return rng upon success.
  6862. \return NULL if ssl is NULL.
  6863. \param ssl pointer to a SSL object, created with wolfSSL_new().
  6864. _Example_
  6865. \code
  6866. WOLFSSL* ssl;
  6867. wolfSSL_GetRNG(ssl);
  6868. \endcode
  6869. \sa wolfSSL_CTX_new_rng
  6870. */
  6871. WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
  6872. /*!
  6873. \ingroup Setup
  6874. \brief This function sets the minimum downgrade version allowed.
  6875. Applicable only when the connection allows downgrade using
  6876. (wolfSSLv23_client_method or wolfSSLv23_server_method).
  6877. \return SSL_SUCCESS returned if the function returned without
  6878. error and the minimum version is set.
  6879. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure was
  6880. NULL or if the minimum version is not supported.
  6881. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  6882. wolfSSL_CTX_new().
  6883. \param version an integer representation of the version to be set as the
  6884. minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
  6885. WOLFSSL_TLSV1_2 = 3.
  6886. _Example_
  6887. \code
  6888. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
  6889. WOLFSSL* ssl = WOLFSSL_new(ctx);
  6890. int version; // macrop representation
  6891. if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
  6892. // Failed to set min version
  6893. }
  6894. \endcode
  6895. \sa SetMinVersionHelper
  6896. */
  6897. int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
  6898. /*!
  6899. \ingroup TLS
  6900. \brief This function sets the minimum downgrade version allowed.
  6901. Applicable only when the connection allows downgrade using
  6902. (wolfSSLv23_client_method or wolfSSLv23_server_method).
  6903. \return SSL_SUCCESS returned if this function and its subroutine executes
  6904. without error.
  6905. \return BAD_FUNC_ARG returned if the SSL object is NULL. In
  6906. the subroutine this error is thrown if there is not a good version match.
  6907. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6908. \param version an integer representation of the version to be set as the
  6909. minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
  6910. WOLFSSL_TLSV1_2 = 3.
  6911. _Example_
  6912. \code
  6913. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol method);
  6914. WOLFSSL* ssl = WOLFSSL_new(ctx);
  6915. int version; macro representation
  6916. if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
  6917. Failed to set min version
  6918. }
  6919. \endcode
  6920. \sa SetMinVersionHelper
  6921. */
  6922. int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
  6923. /*!
  6924. \brief This function returns the size of the WOLFSSL object and will be
  6925. dependent on build options and settings. If SHOW_SIZES has been defined
  6926. when building wolfSSL, this function will also print the sizes of individual
  6927. objects within the WOLFSSL object (Suites, Ciphers, etc.) to stdout.
  6928. \return size This function returns the size of the WOLFSSL object.
  6929. \param none No parameters.
  6930. _Example_
  6931. \code
  6932. int size = 0;
  6933. size = wolfSSL_GetObjectSize();
  6934. printf(“sizeof(WOLFSSL) = %d\n”, size);
  6935. \endcode
  6936. \sa wolfSSL_new
  6937. */
  6938. int wolfSSL_GetObjectSize(void); /* object size based on build */
  6939. /*!
  6940. \brief Returns the record layer size of the plaintext input. This is helpful
  6941. when an application wants to know how many bytes will be sent across the
  6942. Transport layer, given a specified plaintext input size. This function
  6943. must be called after the SSL/TLS handshake has been completed.
  6944. \return size Upon success, the requested size will be returned
  6945. \return INPUT_SIZE_E will be returned if the input size is greater than the
  6946. maximum TLS fragment size (see wolfSSL_GetMaxOutputSize())
  6947. \return BAD_FUNC_ARG will be returned upon invalid function argument, or if
  6948. the SSL/TLS handshake has not been completed yet
  6949. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  6950. \param inSz size of plaintext data.
  6951. _Example_
  6952. \code
  6953. none
  6954. \endcode
  6955. \sa wolfSSL_GetMaxOutputSize
  6956. */
  6957. int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz);
  6958. /*!
  6959. \brief Returns the maximum record layer size for plaintext data. This
  6960. will correspond to either the maximum SSL/TLS record size as specified
  6961. by the protocol standard, the maximum TLS fragment size as set by the
  6962. TLS Max Fragment Length extension. This function is helpful when the
  6963. application has called wolfSSL_GetOutputSize() and received a INPUT_SIZE_E
  6964. error. This function must be called after the SSL/TLS handshake has been
  6965. completed.
  6966. \return size Upon success, the maximum output size will be returned
  6967. \return BAD_FUNC_ARG will be returned upon invalid function argument,
  6968. or if the SSL/TLS handshake has not been completed yet.
  6969. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  6970. _Example_
  6971. \code
  6972. none
  6973. \endcode
  6974. \sa wolfSSL_GetOutputSize
  6975. */
  6976. int wolfSSL_GetMaxOutputSize(WOLFSSL*);
  6977. /*!
  6978. \ingroup Setup
  6979. \brief This function sets the SSL/TLS protocol version for the specified
  6980. SSL session (WOLFSSL object) using the version as specified by version.
  6981. This will override the protocol setting for the SSL session (ssl) -
  6982. originally defined and set by the SSL context (wolfSSL_CTX_new())
  6983. method type.
  6984. \return SSL_SUCCESS upon success.
  6985. \return BAD_FUNC_ARG will be returned if the input SSL object is
  6986. NULL or an incorrect protocol version is given for version.
  6987. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  6988. \param version SSL/TLS protocol version. Possible values include
  6989. WOLFSSL_SSLV3, WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2.
  6990. _Example_
  6991. \code
  6992. int ret = 0;
  6993. WOLFSSL* ssl;
  6994. ...
  6995. ret = wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1);
  6996. if (ret != SSL_SUCCESS) {
  6997. // failed to set SSL session protocol version
  6998. }
  6999. \endcode
  7000. \sa wolfSSL_CTX_new
  7001. */
  7002. int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
  7003. /*!
  7004. \brief Allows caller to set the Atomic User Record Processing
  7005. Mac/Encrypt Callback. The callback should return 0 for success
  7006. or < 0 for an error. The ssl and ctx pointers are available
  7007. for the user’s convenience. macOut is the output buffer where
  7008. the result of the mac should be stored. macIn is the mac input
  7009. buffer and macInSz notes the size of the buffer. macContent
  7010. and macVerify are needed for wolfSSL_SetTlsHmacInner() and be
  7011. passed along as is. encOut is the output buffer where the result
  7012. on the encryption should be stored. encIn is the input buffer to
  7013. encrypt while encSz is the size of the input. An example callback
  7014. can be found wolfssl/test.h myMacEncryptCb().
  7015. \return none No return.
  7016. \param No parameters.
  7017. _Example_
  7018. \code
  7019. none
  7020. \endcode
  7021. \sa wolfSSL_SetMacEncryptCtx
  7022. \sa wolfSSL_GetMacEncryptCtx
  7023. */
  7024. void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb);
  7025. /*!
  7026. \brief Allows caller to set the Atomic User Record Processing Mac/Encrypt
  7027. Callback Context to ctx.
  7028. \return none No return.
  7029. \param none No parameters.
  7030. _Example_
  7031. \code
  7032. none
  7033. \endcode
  7034. \sa wolfSSL_CTX_SetMacEncryptCb
  7035. \sa wolfSSL_GetMacEncryptCtx
  7036. */
  7037. void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
  7038. /*!
  7039. \brief Allows caller to retrieve the Atomic User Record Processing
  7040. Mac/Encrypt Callback Context previously stored with
  7041. wolfSSL_SetMacEncryptCtx().
  7042. \return pointer If successful the call will return a valid pointer
  7043. to the context.
  7044. \return NULL will be returned for a blank context.
  7045. \param none No parameters.
  7046. _Example_
  7047. \code
  7048. none
  7049. \endcode
  7050. \sa wolfSSL_CTX_SetMacEncryptCb
  7051. \sa wolfSSL_SetMacEncryptCtx
  7052. */
  7053. void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
  7054. /*!
  7055. \brief Allows caller to set the Atomic User Record Processing
  7056. Decrypt/Verify Callback. The callback should return 0 for success
  7057. or < 0 for an error. The ssl and ctx pointers are available for
  7058. the user’s convenience. decOut is the output buffer where the result
  7059. of the decryption should be stored. decIn is the encrypted input
  7060. buffer and decInSz notes the size of the buffer. content and verify
  7061. are needed for wolfSSL_SetTlsHmacInner() and be passed along as is.
  7062. padSz is an output variable that should be set with the total value
  7063. of the padding. That is, the mac size plus any padding and pad bytes.
  7064. An example callback can be found wolfssl/test.h myDecryptVerifyCb().
  7065. \return none No returns.
  7066. \param none No parameters.
  7067. _Example_
  7068. \code
  7069. none
  7070. \endcode
  7071. \sa wolfSSL_SetMacEncryptCtx
  7072. \sa wolfSSL_GetMacEncryptCtx
  7073. */
  7074. void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx,
  7075. CallbackDecryptVerify cb);
  7076. /*!
  7077. \brief Allows caller to set the Atomic User Record Processing
  7078. Decrypt/Verify Callback Context to ctx.
  7079. \return none No returns.
  7080. \param none No parameters.
  7081. _Example_
  7082. \code
  7083. none
  7084. \endcode
  7085. \sa wolfSSL_CTX_SetDecryptVerifyCb
  7086. \sa wolfSSL_GetDecryptVerifyCtx
  7087. */
  7088. void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
  7089. /*!
  7090. \brief Allows caller to retrieve the Atomic User Record Processing
  7091. Decrypt/Verify Callback Context previously stored with
  7092. wolfSSL_SetDecryptVerifyCtx().
  7093. \return pointer If successful the call will return a valid pointer to the
  7094. context.
  7095. \return NULL will be returned for a blank context.
  7096. \param none No parameters.
  7097. _Example_
  7098. \code
  7099. none
  7100. \endcode
  7101. \sa wolfSSL_CTX_SetDecryptVerifyCb
  7102. \sa wolfSSL_SetDecryptVerifyCtx
  7103. */
  7104. void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
  7105. /*!
  7106. \brief Allows retrieval of the Hmac/Mac secret from the handshake process.
  7107. The verify parameter specifies whether this is for verification of a
  7108. peer message.
  7109. \return pointer If successful the call will return a valid pointer to the
  7110. secret. The size of the secret can be obtained from wolfSSL_GetHmacSize().
  7111. \return NULL will be returned for an error state.
  7112. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7113. \param verify specifies whether this is for verification of a peer message.
  7114. _Example_
  7115. \code
  7116. none
  7117. \endcode
  7118. \sa wolfSSL_GetHmacSize
  7119. */
  7120. const unsigned char* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify);
  7121. /*!
  7122. \brief Allows retrieval of the client write key from the handshake process.
  7123. \return pointer If successful the call will return a valid pointer to the
  7124. key. The size of the key can be obtained from wolfSSL_GetKeySize().
  7125. \return NULL will be returned for an error state.
  7126. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7127. _Example_
  7128. \code
  7129. none
  7130. \endcode
  7131. \sa wolfSSL_GetKeySize
  7132. \sa wolfSSL_GetClientWriteIV
  7133. */
  7134. const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
  7135. /*!
  7136. \brief Allows retrieval of the client write IV (initialization vector)
  7137. from the handshake process.
  7138. \return pointer If successful the call will return a valid pointer to the
  7139. IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
  7140. \return NULL will be returned for an error state.
  7141. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7142. _Example_
  7143. \code
  7144. none
  7145. \endcode
  7146. \sa wolfSSL_GetCipherBlockSize()
  7147. \sa wolfSSL_GetClientWriteKey()
  7148. */
  7149. const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
  7150. /*!
  7151. \brief Allows retrieval of the server write key from the handshake process.
  7152. \return pointer If successful the call will return a valid pointer to the
  7153. key. The size of the key can be obtained from wolfSSL_GetKeySize().
  7154. \return NULL will be returned for an error state.
  7155. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7156. _Example_
  7157. \code
  7158. none
  7159. \endcode
  7160. \sa wolfSSL_GetKeySize
  7161. \sa wolfSSL_GetServerWriteIV
  7162. */
  7163. const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
  7164. /*!
  7165. \brief Allows retrieval of the server write IV (initialization vector)
  7166. from the handshake process.
  7167. \return pointer If successful the call will return a valid pointer to the
  7168. IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
  7169. \return NULL will be returned for an error state.
  7170. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7171. \sa wolfSSL_GetCipherBlockSize
  7172. \sa wolfSSL_GetClientWriteKey
  7173. */
  7174. const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
  7175. /*!
  7176. \brief Allows retrieval of the key size from the handshake process.
  7177. \return size If successful the call will return the key size in bytes.
  7178. \return BAD_FUNC_ARG will be returned for an error state.
  7179. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7180. _Example_
  7181. \code
  7182. none
  7183. \endcode
  7184. \sa wolfSSL_GetClientWriteKey
  7185. \sa wolfSSL_GetServerWriteKey
  7186. */
  7187. int wolfSSL_GetKeySize(WOLFSSL*);
  7188. /*!
  7189. \ingroup CertsKeys
  7190. \brief Returns the iv_size member of the specs structure
  7191. held in the WOLFSSL struct.
  7192. \return iv_size returns the value held in ssl->specs.iv_size.
  7193. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
  7194. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  7195. _Example_
  7196. \code
  7197. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  7198. WOLFSSL* ssl = wolfSSL_new(ctx);
  7199. int ivSize;
  7200. ...
  7201. ivSize = wolfSSL_GetIVSize(ssl);
  7202. if(ivSize > 0){
  7203. // ivSize holds the specs.iv_size value.
  7204. }
  7205. \endcode
  7206. \sa wolfSSL_GetKeySize
  7207. \sa wolfSSL_GetClientWriteIV
  7208. \sa wolfSSL_GetServerWriteIV
  7209. */
  7210. int wolfSSL_GetIVSize(WOLFSSL*);
  7211. /*!
  7212. \brief Allows retrieval of the side of this WOLFSSL connection.
  7213. \return success If successful the call will return either
  7214. WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END depending on the
  7215. side of WOLFSSL object.
  7216. \return BAD_FUNC_ARG will be returned for an error state.
  7217. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7218. _Example_
  7219. \code
  7220. none
  7221. \endcode
  7222. \sa wolfSSL_GetClientWriteKey
  7223. \sa wolfSSL_GetServerWriteKey
  7224. */
  7225. int wolfSSL_GetSide(WOLFSSL*);
  7226. /*!
  7227. \brief Allows caller to determine if the negotiated protocol version
  7228. is at least TLS version 1.1 or greater.
  7229. \return true/false If successful the call will return 1 for true or
  7230. 0 for false.
  7231. \return BAD_FUNC_ARG will be returned for an error state.
  7232. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7233. _Example_
  7234. \code
  7235. none
  7236. \endcode
  7237. \sa wolfSSL_GetSide
  7238. */
  7239. int wolfSSL_IsTLSv1_1(WOLFSSL*);
  7240. /*!
  7241. \brief Allows caller to determine the negotiated bulk cipher algorithm
  7242. from the handshake.
  7243. \return If successful the call will return one of the following:
  7244. wolfssl_cipher_null, wolfssl_des, wolfssl_triple_des, wolfssl_aes,
  7245. wolfssl_aes_gcm, wolfssl_aes_ccm, wolfssl_camellia.
  7246. \return BAD_FUNC_ARG will be returned for an error state.
  7247. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7248. _Example_
  7249. \code
  7250. none
  7251. \endcode
  7252. \sa wolfSSL_GetCipherBlockSize
  7253. \sa wolfSSL_GetKeySize
  7254. */
  7255. int wolfSSL_GetBulkCipher(WOLFSSL*);
  7256. /*!
  7257. \brief Allows caller to determine the negotiated cipher block size from
  7258. the handshake.
  7259. \return size If successful the call will return the size in bytes of the
  7260. cipher block size.
  7261. \return BAD_FUNC_ARG will be returned for an error state.
  7262. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7263. _Example_
  7264. \code
  7265. none
  7266. \endcode
  7267. \sa wolfSSL_GetBulkCipher
  7268. \sa wolfSSL_GetKeySize
  7269. */
  7270. int wolfSSL_GetCipherBlockSize(WOLFSSL*);
  7271. /*!
  7272. \brief Allows caller to determine the negotiated aead mac size from the
  7273. handshake. For cipher type WOLFSSL_AEAD_TYPE.
  7274. \return size If successful the call will return the size in bytes of the
  7275. aead mac size.
  7276. \return BAD_FUNC_ARG will be returned for an error state.
  7277. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7278. _Example_
  7279. \code
  7280. none
  7281. \endcode
  7282. \sa wolfSSL_GetBulkCipher
  7283. \sa wolfSSL_GetKeySize
  7284. */
  7285. int wolfSSL_GetAeadMacSize(WOLFSSL*);
  7286. /*!
  7287. \brief Allows caller to determine the negotiated (h)mac size from the
  7288. handshake. For cipher types except WOLFSSL_AEAD_TYPE.
  7289. \return size If successful the call will return the size in bytes of
  7290. the (h)mac size.
  7291. \return BAD_FUNC_ARG will be returned for an error state.
  7292. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7293. _Example_
  7294. \code
  7295. none
  7296. \endcode
  7297. \sa wolfSSL_GetBulkCipher
  7298. \sa wolfSSL_GetHmacType
  7299. */
  7300. int wolfSSL_GetHmacSize(WOLFSSL*);
  7301. /*!
  7302. \brief Allows caller to determine the negotiated (h)mac type from the
  7303. handshake. For cipher types except WOLFSSL_AEAD_TYPE.
  7304. \return If successful the call will return one of the following:
  7305. MD5, SHA, SHA256, SHA384.
  7306. \return BAD_FUNC_ARG may be returned for an error state.
  7307. \return SSL_FATAL_ERROR may also be returned for an error state.
  7308. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7309. _Example_
  7310. \code
  7311. none
  7312. \endcode
  7313. \sa wolfSSL_GetBulkCipher
  7314. \sa wolfSSL_GetHmacSize
  7315. */
  7316. int wolfSSL_GetHmacType(WOLFSSL*);
  7317. /*!
  7318. \brief Allows caller to determine the negotiated cipher type
  7319. from the handshake.
  7320. \return If successful the call will return one of the following:
  7321. WOLFSSL_BLOCK_TYPE, WOLFSSL_STREAM_TYPE, WOLFSSL_AEAD_TYPE.
  7322. \return BAD_FUNC_ARG will be returned for an error state.
  7323. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7324. _Example_
  7325. \code
  7326. none
  7327. \endcode
  7328. \sa wolfSSL_GetBulkCipher
  7329. \sa wolfSSL_GetHmacType
  7330. */
  7331. int wolfSSL_GetCipherType(WOLFSSL*);
  7332. /*!
  7333. \brief Allows caller to set the Hmac Inner vector for message
  7334. sending/receiving. The result is written to inner which should
  7335. be at least wolfSSL_GetHmacSize() bytes. The size of the message
  7336. is specified by sz, content is the type of message, and verify
  7337. specifies whether this is a verification of a peer message. Valid
  7338. for cipher types excluding WOLFSSL_AEAD_TYPE.
  7339. \return 1 upon success.
  7340. \return BAD_FUNC_ARG will be returned for an error state.
  7341. \param none No parameters.
  7342. _Example_
  7343. \code
  7344. none
  7345. \endcode
  7346. \sa wolfSSL_GetBulkCipher
  7347. \sa wolfSSL_GetHmacType
  7348. */
  7349. int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner,
  7350. word32 sz, int content, int verify);
  7351. /*!
  7352. \brief Allows caller to set the Public Key Callback for ECC Signing.
  7353. The callback should return 0 for success or < 0 for an error.
  7354. The ssl and ctx pointers are available for the user’s convenience.
  7355. in is the input buffer to sign while inSz denotes the length of the input.
  7356. out is the output buffer where the result of the signature should be stored.
  7357. outSz is an input/output variable that specifies the size of the output
  7358. buffer upon invocation and the actual size of the signature should be stored
  7359. there before returning. keyDer is the ECC Private key in ASN1 format and
  7360. keySz is the length of the key in bytes. An example callback can be found
  7361. wolfssl/test.h myEccSign().
  7362. \return none No returns.
  7363. \param none No parameters.
  7364. _Example_
  7365. \code
  7366. none
  7367. \endcode
  7368. \sa wolfSSL_SetEccSignCtx
  7369. \sa wolfSSL_GetEccSignCtx
  7370. */
  7371. void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb);
  7372. /*!
  7373. \brief Allows caller to set the Public Key Ecc Signing Callback
  7374. Context to ctx.
  7375. \return none No returns.
  7376. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7377. \param ctx a pointer to the user context to be stored
  7378. _Example_
  7379. \code
  7380. none
  7381. \endcode
  7382. \sa wolfSSL_CTX_SetEccSignCb
  7383. \sa wolfSSL_GetEccSignCtx
  7384. */
  7385. void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
  7386. /*!
  7387. \brief Allows caller to retrieve the Public Key Ecc Signing Callback
  7388. Context previously stored with wolfSSL_SetEccSignCtx().
  7389. \return pointer If successful the call will return a valid pointer
  7390. to the context.
  7391. \return NULL will be returned for a blank context.
  7392. \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
  7393. _Example_
  7394. \code
  7395. none
  7396. \endcode
  7397. \sa wolfSSL_CTX_SetEccSignCb
  7398. \sa wolfSSL_SetEccSignCtx
  7399. */
  7400. void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
  7401. /*!
  7402. \brief Allows caller to set the Public Key Ecc Signing Callback
  7403. Context to ctx.
  7404. \return none No returns.
  7405. \param ctx a pointer to a WOLFSSL_CTX structure, created
  7406. with wolfSSL_CTX_new().
  7407. \param ctx a pointer to the user context to be stored
  7408. _Example_
  7409. \code
  7410. none
  7411. \endcode
  7412. \sa wolfSSL_CTX_SetEccSignCb
  7413. \sa wolfSSL_CTX_GetEccSignCtx
  7414. */
  7415. void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx);
  7416. /*!
  7417. \brief Allows caller to retrieve the Public Key Ecc Signing Callback
  7418. Context previously stored with wolfSSL_SetEccSignCtx().
  7419. \return pointer If successful the call will return a valid pointer
  7420. to the context.
  7421. \return NULL will be returned for a blank context.
  7422. \param ctx a pointer to a WOLFSSL_CTX structure, created
  7423. with wolfSSL_CTX_new().
  7424. _Example_
  7425. \code
  7426. none
  7427. \endcode
  7428. \sa wolfSSL_CTX_SetEccSignCb
  7429. \sa wolfSSL_CTX_SetEccSignCtx
  7430. */
  7431. void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx);
  7432. /*!
  7433. \brief Allows caller to set the Public Key Callback for ECC Verification.
  7434. The callback should return 0 for success or < 0 for an error.
  7435. The ssl and ctx pointers are available for the user’s convenience.
  7436. sig is the signature to verify and sigSz denotes the length of the
  7437. signature. hash is an input buffer containing the digest of the message
  7438. and hashSz denotes the length in bytes of the hash. result is an output
  7439. variable where the result of the verification should be stored, 1 for
  7440. success and 0 for failure. keyDer is the ECC Private key in ASN1
  7441. format and keySz is the length of the key in bytes. An example
  7442. callback can be found wolfssl/test.h myEccVerify().
  7443. \return none No returns.
  7444. \param none No parameters.
  7445. _Example_
  7446. \code
  7447. none
  7448. \endcode
  7449. \sa wolfSSL_SetEccVerifyCtx
  7450. \sa wolfSSL_GetEccVerifyCtx
  7451. */
  7452. void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb);
  7453. /*!
  7454. \brief Allows caller to set the Public Key Ecc Verification Callback
  7455. Context to ctx.
  7456. \return none No returns.
  7457. \param none No parameters.
  7458. _Example_
  7459. \code
  7460. none
  7461. \endcode
  7462. \sa wolfSSL_CTX_SetEccVerifyCb
  7463. \sa wolfSSL_GetEccVerifyCtx
  7464. */
  7465. void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
  7466. /*!
  7467. \brief Allows caller to retrieve the Public Key Ecc Verification Callback
  7468. Context previously stored with wolfSSL_SetEccVerifyCtx().
  7469. \return pointer If successful the call will return a valid pointer to the
  7470. context.
  7471. \return NULL will be returned for a blank context.
  7472. \param none No parameters.
  7473. _Example_
  7474. \code
  7475. none
  7476. \endcode
  7477. \sa wolfSSL_CTX_SetEccVerifyCb
  7478. \sa wolfSSL_SetEccVerifyCtx
  7479. */
  7480. void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
  7481. /*!
  7482. \brief Allows caller to set the Public Key Callback for RSA Signing.
  7483. The callback should return 0 for success or < 0 for an error.
  7484. The ssl and ctx pointers are available for the user’s convenience.
  7485. in is the input buffer to sign while inSz denotes the length of the input.
  7486. out is the output buffer where the result of the signature should be stored.
  7487. outSz is an input/output variable that specifies the size of the output
  7488. buffer upon invocation and the actual size of the signature should be
  7489. stored there before returning. keyDer is the RSA Private key in ASN1 format
  7490. and keySz is the length of the key in bytes. An example callback can be
  7491. found wolfssl/test.h myRsaSign().
  7492. \return none No returns.
  7493. \param none No parameters.
  7494. _Example_
  7495. \code
  7496. none
  7497. \endcode
  7498. \sa wolfSSL_SetRsaSignCtx
  7499. \sa wolfSSL_GetRsaSignCtx
  7500. */
  7501. void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb);
  7502. /*!
  7503. \brief Allows caller to set the Public Key RSA Signing Callback Context
  7504. to ctx.
  7505. \return none No Returns.
  7506. \param none No parameters.
  7507. _Example_
  7508. \code
  7509. none
  7510. \endcode
  7511. \sa wolfSSL_CTX_SetRsaSignCb
  7512. \sa wolfSSL_GetRsaSignCtx
  7513. */
  7514. void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
  7515. /*!
  7516. \brief Allows caller to retrieve the Public Key RSA Signing Callback
  7517. Context previously stored with wolfSSL_SetRsaSignCtx().
  7518. \return pointer If successful the call will return a valid pointer to the
  7519. context.
  7520. \return NULL will be returned for a blank context.
  7521. \param none No parameters.
  7522. \param none No parameters.
  7523. _Example_
  7524. \code
  7525. none
  7526. \endcode
  7527. \sa wolfSSL_CTX_SetRsaSignCb
  7528. \sa wolfSSL_SetRsaSignCtx
  7529. */
  7530. void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
  7531. /*!
  7532. \brief Allows caller to set the Public Key Callback for RSA Verification.
  7533. The callback should return the number of plaintext bytes for success or
  7534. < 0 for an error. The ssl and ctx pointers are available for the user’s
  7535. convenience. sig is the signature to verify and sigSz denotes the length
  7536. of the signature. out should be set to the beginning of the verification
  7537. buffer after the decryption process and any padding. keyDer is the RSA
  7538. Public key in ASN1 format and keySz is the length of the key in bytes.
  7539. An example callback can be found wolfssl/test.h myRsaVerify().
  7540. \return none No returns.
  7541. \param none No parameters.
  7542. \sa wolfSSL_SetRsaVerifyCtx
  7543. \sa wolfSSL_GetRsaVerifyCtx
  7544. */
  7545. void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb);
  7546. /*!
  7547. \brief Allows caller to set the Public Key RSA Verification Callback
  7548. Context to ctx.
  7549. \return none No returns.
  7550. \param none No parameters.
  7551. _Example_
  7552. \code
  7553. none
  7554. \endcode
  7555. \sa wolfSSL_CTX_SetRsaVerifyCb
  7556. \sa wolfSSL_GetRsaVerifyCtx
  7557. */
  7558. void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
  7559. /*!
  7560. \brief Allows caller to retrieve the Public Key RSA Verification Callback
  7561. Context previously stored with wolfSSL_SetRsaVerifyCtx().
  7562. \return pointer If successful the call will return a valid pointer to
  7563. the context.
  7564. \return NULL will be returned for a blank context.
  7565. \param none No parameters.
  7566. _Example_
  7567. \code
  7568. none
  7569. \endcode
  7570. \sa wolfSSL_CTX_SetRsaVerifyCb
  7571. \sa wolfSSL_SetRsaVerifyCtx
  7572. */
  7573. void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
  7574. /*!
  7575. \brief Allows caller to set the Public Key Callback for RSA Public
  7576. Encrypt. The callback should return 0 for success or < 0 for an error.
  7577. The ssl and ctx pointers are available for the user’s convenience.
  7578. in is the input buffer to encrypt while inSz denotes the length of
  7579. the input. out is the output buffer where the result of the encryption
  7580. should be stored. outSz is an input/output variable that specifies
  7581. the size of the output buffer upon invocation and the actual size of
  7582. the encryption should be stored there before returning. keyDer is the
  7583. RSA Public key in ASN1 format and keySz is the length of the key in
  7584. bytes. An example callback can be found wolfssl/test.h myRsaEnc().
  7585. \return none No returns.
  7586. \param none No parameters.
  7587. _Examples_
  7588. \code
  7589. none
  7590. \endcode
  7591. \sa wolfSSL_SetRsaEncCtx
  7592. \sa wolfSSL_GetRsaEncCtx
  7593. */
  7594. void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb);
  7595. /*!
  7596. \brief Allows caller to set the Public Key RSA Public Encrypt
  7597. Callback Context to ctx.
  7598. \return none No returns.
  7599. \param none No parameters.
  7600. _Example_
  7601. \code
  7602. none
  7603. \endcode
  7604. \sa wolfSSL_CTX_SetRsaEncCb
  7605. \sa wolfSSL_GetRsaEncCtx
  7606. */
  7607. void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
  7608. /*!
  7609. \brief Allows caller to retrieve the Public Key RSA Public Encrypt
  7610. Callback Context previously stored with wolfSSL_SetRsaEncCtx().
  7611. \return pointer If successful the call will return a valid pointer
  7612. to the context.
  7613. \return NULL will be returned for a blank context.
  7614. \param none No parameters.
  7615. _Example_
  7616. \code
  7617. none
  7618. \endcode
  7619. \sa wolfSSL_CTX_SetRsaEncCb
  7620. \sa wolfSSL_SetRsaEncCtx
  7621. */
  7622. void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
  7623. /*!
  7624. \brief Allows caller to set the Public Key Callback for RSA Private
  7625. Decrypt. The callback should return the number of plaintext bytes
  7626. for success or < 0 for an error. The ssl and ctx pointers are available
  7627. for the user’s convenience. in is the input buffer to decrypt and inSz
  7628. denotes the length of the input. out should be set to the beginning
  7629. of the decryption buffer after the decryption process and any padding.
  7630. keyDer is the RSA Private key in ASN1 format and keySz is the length
  7631. of the key in bytes. An example callback can be found
  7632. wolfssl/test.h myRsaDec().
  7633. \return none No returns.
  7634. \param none No parameters.
  7635. _Example_
  7636. \code
  7637. none
  7638. \endcode
  7639. \sa wolfSSL_SetRsaDecCtx
  7640. \sa wolfSSL_GetRsaDecCtx
  7641. */
  7642. void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb);
  7643. /*!
  7644. \brief Allows caller to set the Public Key RSA Private Decrypt
  7645. Callback Context to ctx.
  7646. \return none No returns.
  7647. \param none No parameters.
  7648. _Example_
  7649. \code
  7650. none
  7651. \endcode
  7652. \sa wolfSSL_CTX_SetRsaDecCb
  7653. \sa wolfSSL_GetRsaDecCtx
  7654. */
  7655. void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
  7656. /*!
  7657. \brief Allows caller to retrieve the Public Key RSA Private Decrypt
  7658. Callback Context previously stored with wolfSSL_SetRsaDecCtx().
  7659. \return pointer If successful the call will return a valid pointer
  7660. to the context.
  7661. \return NULL will be returned for a blank context.
  7662. \param none No parameters.
  7663. _Example_
  7664. \code
  7665. none
  7666. \endcode
  7667. \sa wolfSSL_CTX_SetRsaDecCb
  7668. \sa wolfSSL_SetRsaDecCtx
  7669. */
  7670. void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
  7671. /*!
  7672. \brief This function registers a callback with the SSL context
  7673. (WOLFSSL_CTX) to be called when a new CA certificate is loaded
  7674. into wolfSSL. The callback is given a buffer with the DER-encoded
  7675. certificate.
  7676. \return none No return.
  7677. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  7678. \param callback function to be registered as the CA callback for the
  7679. wolfSSL context, ctx. The signature of this function must follow that
  7680. as shown above in the Synopsis section.
  7681. _Example_
  7682. \code
  7683. WOLFSSL_CTX* ctx = 0;
  7684. // CA callback prototype
  7685. int MyCACallback(unsigned char *der, int sz, int type);
  7686. // Register the custom CA callback with the SSL context
  7687. wolfSSL_CTX_SetCACb(ctx, MyCACallback);
  7688. int MyCACallback(unsigned char* der, int sz, int type)
  7689. {
  7690. // custom CA callback function, DER-encoded cert
  7691. // located in “der” of size “sz” with type “type”
  7692. }
  7693. \endcode
  7694. \sa wolfSSL_CTX_load_verify_locations
  7695. */
  7696. void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb);
  7697. /*!
  7698. \ingroup CertManager
  7699. \brief Allocates and initializes a new Certificate Manager context.
  7700. This context may be used independent of SSL needs. It may be used to
  7701. load certificates, verify certificates, and check the revocation status.
  7702. \return WOLFSSL_CERT_MANAGER If successful the call will return a valid
  7703. WOLFSSL_CERT_MANAGER pointer.
  7704. \return NULL will be returned for an error state.
  7705. \param none No parameters.
  7706. \sa wolfSSL_CertManagerFree
  7707. */
  7708. WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
  7709. /*!
  7710. \ingroup CertManager
  7711. \brief Allocates and initializes a new Certificate Manager context.
  7712. This context may be used independent of SSL needs. It may be used to
  7713. load certificates, verify certificates, and check the revocation status.
  7714. \return WOLFSSL_CERT_MANAGER If successful the call will return a
  7715. valid WOLFSSL_CERT_MANAGER pointer.
  7716. \return NULL will be returned for an error state.
  7717. \param none No parameters.
  7718. _Example_
  7719. \code
  7720. #import <wolfssl/ssl.h>
  7721. WOLFSSL_CERT_MANAGER* cm;
  7722. cm = wolfSSL_CertManagerNew();
  7723. if (cm == NULL) {
  7724. // error creating new cert manager
  7725. }
  7726. \endcode
  7727. \sa wolfSSL_CertManagerFree
  7728. */
  7729. WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
  7730. /*!
  7731. \ingroup CertManager
  7732. \brief Frees all resources associated with the Certificate Manager
  7733. context. Call this when you no longer need to use the Certificate Manager.
  7734. \return none
  7735. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7736. wolfSSL_CertManagerNew().
  7737. _Example_
  7738. \code
  7739. #include <wolfssl/ssl.h>
  7740. WOLFSSL_CERT_MANAGER* cm;
  7741. ...
  7742. wolfSSL_CertManagerFree(cm);
  7743. \endcode
  7744. \sa wolfSSL_CertManagerNew
  7745. */
  7746. void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
  7747. /*!
  7748. \ingroup CertManager
  7749. \brief Specifies the locations for CA certificate loading into the
  7750. manager context. The PEM certificate CAfile may contain several
  7751. trusted CA certificates. If CApath is not NULL it specifies a
  7752. directory containing CA certificates in PEM format.
  7753. \return SSL_SUCCESS If successful the call will return.
  7754. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  7755. \return SSL_BAD_FILE will be returned if the file doesn’t exist,
  7756. can’t be read, or is corrupted.
  7757. \return MEMORY_E will be returned if an out of memory condition occurs.
  7758. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  7759. \return BAD_FUNC_ARG is the error that will be returned if a
  7760. pointer is not provided.
  7761. \return SSL_FATAL_ERROR - will be returned upon failure.
  7762. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created
  7763. using wolfSSL_CertManagerNew().
  7764. \param file pointer to the name of the file containing CA
  7765. certificates to load.
  7766. \param path pointer to the name of a directory path containing CA c
  7767. ertificates to load. The NULL pointer may be used if no
  7768. certificate directory is desired.
  7769. _Example_
  7770. \code
  7771. #include <wolfssl/ssl.h>
  7772. int ret = 0;
  7773. WOLFSSL_CERT_MANAGER* cm;
  7774. ...
  7775. ret = wolfSSL_CertManagerLoadCA(cm, “path/to/cert-file.pem”, 0);
  7776. if (ret != SSL_SUCCESS) {
  7777. // error loading CA certs into cert manager
  7778. }
  7779. \endcode
  7780. \sa wolfSSL_CertManagerVerify
  7781. */
  7782. int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f,
  7783. const char* d);
  7784. /*!
  7785. \ingroup CertManager
  7786. \brief Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and
  7787. returning that result using a temporary cm so as not to lose the information
  7788. in the cm passed into the function.
  7789. \return SSL_FATAL_ERROR is returned if the WOLFSSL_CERT_MANAGER struct is
  7790. NULL or if wolfSSL_CTX_new() returns NULL.
  7791. \return SSL_SUCCESS is returned for a successful execution.
  7792. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7793. wolfSSL_CertManagerNew().
  7794. \param in buffer for cert information.
  7795. \param sz length of the buffer.
  7796. \param format certificate format, either PEM or DER.
  7797. _Example_
  7798. \code
  7799. WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
  7800. const unsigned char* in;
  7801. long sz;
  7802. int format;
  7803. if(wolfSSL_CertManagerLoadCABuffer(vp, sz, format) != SSL_SUCCESS){
  7804. Error returned. Failure case code block.
  7805. }
  7806. \endcode
  7807. \sa wolfSSL_CTX_load_verify_buffer
  7808. \sa ProcessChainBuffer
  7809. \sa ProcessBuffer
  7810. \sa cm_pick_method
  7811. */
  7812. int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
  7813. const unsigned char* in, long sz, int format);
  7814. /*!
  7815. \ingroup CertManager
  7816. \brief This function unloads the CA signer list.
  7817. \return SSL_SUCCESS returned on successful execution of the function.
  7818. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
  7819. \return BAD_MUTEX_E returned if there was a mutex error.
  7820. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
  7821. created using wolfSSL_CertManagerNew().
  7822. _Example_
  7823. \code
  7824. #include <wolfssl/ssl.h>
  7825. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  7826. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
  7827. ...
  7828. if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){
  7829. Failure case.
  7830. }
  7831. \endcode
  7832. \sa UnlockMutex
  7833. */
  7834. int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
  7835. /*!
  7836. \ingroup CertManager
  7837. \brief This function unloads intermediate certificates add to the CA
  7838. signer list.
  7839. \return SSL_SUCCESS returned on successful execution of the function.
  7840. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
  7841. \return BAD_MUTEX_E returned if there was a mutex error.
  7842. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
  7843. created using wolfSSL_CertManagerNew().
  7844. _Example_
  7845. \code
  7846. #include <wolfssl/ssl.h>
  7847. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  7848. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
  7849. ...
  7850. if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){
  7851. Failure case.
  7852. }
  7853. \endcode
  7854. \sa UnlockMutex
  7855. */
  7856. int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);
  7857. /*!
  7858. \ingroup CertManager
  7859. \brief The function will free the Trusted Peer linked list and unlocks
  7860. the trusted peer list.
  7861. \return SSL_SUCCESS if the function completed normally.
  7862. \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
  7863. \return BAD_MUTEX_E mutex error if tpLock, a member of the
  7864. WOLFSSL_CERT_MANAGER struct, is 0 (nill).
  7865. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7866. wolfSSL_CertManagerNew().
  7867. _Example_
  7868. \code
  7869. #include <wolfssl/ssl.h>
  7870. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
  7871. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
  7872. ...
  7873. if(wolfSSL_CertManagerUnload_trust_peers(cm) != SSL_SUCCESS){
  7874. The function did not execute successfully.
  7875. }
  7876. \endcode
  7877. \sa UnLockMutex
  7878. */
  7879. int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
  7880. /*!
  7881. \ingroup CertManager
  7882. \brief Specifies the certificate to verify with the Certificate Manager
  7883. context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
  7884. \return SSL_SUCCESS If successful.
  7885. \return ASN_SIG_CONFIRM_E will be returned if the signature could not be
  7886. verified.
  7887. \return ASN_SIG_OID_E will be returned if the signature type is not
  7888. supported.
  7889. \return CRL_CERT_REVOKED is an error that is returned if this certificate
  7890. has been revoked.
  7891. \return CRL_MISSING is an error that is returned if a current issuer CRL is
  7892. not available.
  7893. \return ASN_BEFORE_DATE_E will be returned if the current date is before the
  7894. before date.
  7895. \return ASN_AFTER_DATE_E will be returned if the current date is after the
  7896. after date.
  7897. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  7898. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
  7899. read, or is corrupted.
  7900. \return MEMORY_E will be returned if an out of memory condition occurs.
  7901. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  7902. \return BAD_FUNC_ARG is the error that will be returned if a pointer is
  7903. not provided.
  7904. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7905. wolfSSL_CertManagerNew().
  7906. \param fname pointer to the name of the file containing the certificates
  7907. to verify.
  7908. \param format format of the certificate to verify - either
  7909. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  7910. _Example_
  7911. \code
  7912. int ret = 0;
  7913. WOLFSSL_CERT_MANAGER* cm;
  7914. ...
  7915. ret = wolfSSL_CertManagerVerify(cm, “path/to/cert-file.pem”,
  7916. SSL_FILETYPE_PEM);
  7917. if (ret != SSL_SUCCESS) {
  7918. error verifying certificate
  7919. }
  7920. \endcode
  7921. \sa wolfSSL_CertManagerLoadCA
  7922. \sa wolfSSL_CertManagerVerifyBuffer
  7923. */
  7924. int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* f,
  7925. int format);
  7926. /*!
  7927. \ingroup CertManager
  7928. \brief Specifies the certificate buffer to verify with the Certificate
  7929. Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
  7930. \return SSL_SUCCESS If successful.
  7931. \return ASN_SIG_CONFIRM_E will be returned if the signature could not
  7932. be verified.
  7933. \return ASN_SIG_OID_E will be returned if the signature type is not
  7934. supported.
  7935. \return CRL_CERT_REVOKED is an error that is returned if this certificate
  7936. has been revoked.
  7937. \return CRL_MISSING is an error that is returned if a current issuer CRL
  7938. is not available.
  7939. \return ASN_BEFORE_DATE_E will be returned if the current date is before
  7940. the before date.
  7941. \return ASN_AFTER_DATE_E will be returned if the current date is after
  7942. the after date.
  7943. \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
  7944. \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
  7945. be read, or is corrupted.
  7946. \return MEMORY_E will be returned if an out of memory condition occurs.
  7947. \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
  7948. \return BAD_FUNC_ARG is the error that will be returned if a pointer
  7949. is not provided.
  7950. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7951. wolfSSL_CertManagerNew().
  7952. \param buff buffer containing the certificates to verify.
  7953. \param sz size of the buffer, buf.
  7954. \param format format of the certificate to verify, located in buf - either
  7955. SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
  7956. _Example_
  7957. \code
  7958. #include <wolfssl/ssl.h>
  7959. int ret = 0;
  7960. int sz = 0;
  7961. WOLFSSL_CERT_MANAGER* cm;
  7962. byte certBuff[...];
  7963. ...
  7964. ret = wolfSSL_CertManagerVerifyBuffer(cm, certBuff, sz, SSL_FILETYPE_PEM);
  7965. if (ret != SSL_SUCCESS) {
  7966. error verifying certificate
  7967. }
  7968. \endcode
  7969. \sa wolfSSL_CertManagerLoadCA
  7970. \sa wolfSSL_CertManagerVerify
  7971. */
  7972. int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
  7973. const unsigned char* buff, long sz, int format);
  7974. /*!
  7975. \ingroup CertManager
  7976. \brief The function sets the verifyCallback function in the Certificate
  7977. Manager. If present, it will be called for each cert loaded. If there is
  7978. a verification error, the verify callback can be used to over-ride the
  7979. error.
  7980. \return none No return.
  7981. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  7982. wolfSSL_CertManagerNew().
  7983. \param vc a VerifyCallback function pointer to the callback routine
  7984. _Example_
  7985. \code
  7986. #include <wolfssl/ssl.h>
  7987. int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
  7988. { // do custom verification of certificate }
  7989. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
  7990. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
  7991. ...
  7992. wolfSSL_CertManagerSetVerify(cm, myVerify);
  7993. \endcode
  7994. \sa wolfSSL_CertManagerVerify
  7995. */
  7996. void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
  7997. VerifyCallback vc);
  7998. /*!
  7999. \brief Check CRL if the option is enabled and compares the cert to the
  8000. CRL list.
  8001. \return SSL_SUCCESS returns if the function returned as expected. If
  8002. the crlEnabled member of the WOLFSSL_CERT_MANAGER struct is turned on.
  8003. \return MEMORY_E returns if the allocated memory failed.
  8004. \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
  8005. \param cm a pointer to a WOLFSSL_CERT_MANAGER struct.
  8006. \param der pointer to a DER formatted certificate.
  8007. \param sz size of the certificate.
  8008. _Example_
  8009. \code
  8010. WOLFSSL_CERT_MANAGER* cm;
  8011. byte* der;
  8012. int sz; // size of der
  8013. ...
  8014. if(wolfSSL_CertManagerCheckCRL(cm, der, sz) != SSL_SUCCESS){
  8015. // Error returned. Deal with failure case.
  8016. }
  8017. \endcode
  8018. \sa CheckCertCRL
  8019. \sa ParseCertRelative
  8020. \sa wolfSSL_CertManagerSetCRL_CB
  8021. \sa InitDecodedCert
  8022. */
  8023. int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
  8024. unsigned char* der, int sz);
  8025. /*!
  8026. \ingroup CertManager
  8027. \brief Turns on Certificate Revocation List checking when verifying
  8028. certificates with the Certificate Manager. By default, CRL checking
  8029. is off. options include WOLFSSL_CRL_CHECKALL which performs CRL
  8030. checking on each certificate in the chain versus the Leaf certificate
  8031. only which is the default.
  8032. \return SSL_SUCCESS If successful the call will return.
  8033. \return NOT_COMPILED_IN will be returned if wolfSSL was not built with
  8034. CRL enabled.
  8035. \return MEMORY_E will be returned if an out of memory condition occurs.
  8036. \return BAD_FUNC_ARG is the error that will be returned if a pointer
  8037. is not provided.
  8038. \return SSL_FAILURE will be returned if the CRL context cannot be
  8039. initialized properly.
  8040. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8041. wolfSSL_CertManagerNew().
  8042. \param options options to use when enabling the Certification Manager, cm.
  8043. _Example_
  8044. \code
  8045. #include <wolfssl/ssl.h>
  8046. int ret = 0;
  8047. WOLFSSL_CERT_MANAGER* cm;
  8048. ...
  8049. ret = wolfSSL_CertManagerEnableCRL(cm, 0);
  8050. if (ret != SSL_SUCCESS) {
  8051. error enabling cert manager
  8052. }
  8053. ...
  8054. \endcode
  8055. \sa wolfSSL_CertManagerDisableCRL
  8056. */
  8057. int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
  8058. int options);
  8059. /*!
  8060. \ingroup CertManager
  8061. \brief Turns off Certificate Revocation List checking when verifying
  8062. certificates with the Certificate Manager. By default, CRL checking is
  8063. off. You can use this function to temporarily or permanently disable CRL
  8064. checking with this Certificate Manager context that previously had CRL
  8065. checking enabled.
  8066. \return SSL_SUCCESS If successful the call will return.
  8067. \return BAD_FUNC_ARG is the error that will be returned if a function
  8068. pointer is not provided.
  8069. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8070. wolfSSL_CertManagerNew().
  8071. _Example_
  8072. \code
  8073. #include <wolfssl/ssl.h>
  8074. int ret = 0;
  8075. WOLFSSL_CERT_MANAGER* cm;
  8076. ...
  8077. ret = wolfSSL_CertManagerDisableCRL(cm);
  8078. if (ret != SSL_SUCCESS) {
  8079. error disabling cert manager
  8080. }
  8081. ...
  8082. \endcode
  8083. \sa wolfSSL_CertManagerEnableCRL
  8084. */
  8085. int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
  8086. /*!
  8087. \ingroup CertManager
  8088. \brief Error checks and passes through to LoadCRL() in order to load the
  8089. cert into the CRL for revocation checking. An updated CRL can be loaded by
  8090. first calling wolfSSL_CertManagerFreeCRL, then loading the new CRL.
  8091. \return SSL_SUCCESS if there is no error in wolfSSL_CertManagerLoadCRL and
  8092. if LoadCRL returns successfully.
  8093. \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER struct is NULL.
  8094. \return SSL_FATAL_ERROR if wolfSSL_CertManagerEnableCRL returns anything
  8095. other than SSL_SUCCESS.
  8096. \return BAD_PATH_ERROR if the path is NULL.
  8097. \return MEMORY_E if LoadCRL fails to allocate heap memory.
  8098. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8099. wolfSSL_CertManagerNew().
  8100. \param path a constant char pointer holding the CRL path.
  8101. \param type type of certificate to be loaded.
  8102. \param monitor requests monitoring in LoadCRL().
  8103. _Example_
  8104. \code
  8105. #include <wolfssl/ssl.h>
  8106. int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type,
  8107. int monitor);
  8108. wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
  8109. \endcode
  8110. \sa wolfSSL_CertManagerEnableCRL
  8111. \sa wolfSSL_LoadCRL
  8112. \sa wolfSSL_CertManagerFreeCRL
  8113. */
  8114. int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
  8115. const char* path, int type, int monitor);
  8116. /*!
  8117. \ingroup CertManager
  8118. \brief The function loads the CRL file by calling BufferLoadCRL.
  8119. \return SSL_SUCCESS returned if the function completed without errors.
  8120. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
  8121. \return SSL_FATAL_ERROR returned if there is an error associated
  8122. with the WOLFSSL_CERT_MANAGER.
  8123. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
  8124. \param buff a constant byte type and is the buffer.
  8125. \param sz a long int representing the size of the buffer.
  8126. \param type a long integer that holds the certificate type.
  8127. _Example_
  8128. \code
  8129. #include <wolfssl/ssl.h>
  8130. WOLFSSL_CERT_MANAGER* cm;
  8131. const unsigned char* buff;
  8132. long sz; size of buffer
  8133. int type; cert type
  8134. ...
  8135. int ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buff, sz, type);
  8136. if(ret == SSL_SUCCESS){
  8137. return ret;
  8138. } else {
  8139. Failure case.
  8140. }
  8141. \endcode
  8142. \sa BufferLoadCRL
  8143. \sa wolfSSL_CertManagerEnableCRL
  8144. */
  8145. int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
  8146. const unsigned char* buff, long sz,
  8147. int type);
  8148. /*!
  8149. \ingroup CertManager
  8150. \brief This function sets the CRL Certificate Manager callback. If
  8151. HAVE_CRL is defined and a matching CRL record is not found then the
  8152. cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This
  8153. allows you to externally retrieve the CRL and load it.
  8154. \return SSL_SUCCESS returned upon successful execution of the function and
  8155. subroutines.
  8156. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
  8157. \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
  8158. the certificate.
  8159. \param cb a function pointer to (*CbMissingCRL) that is set to the
  8160. cbMissingCRL member of the WOLFSSL_CERT_MANAGER.
  8161. _Example_
  8162. \code
  8163. #include <wolfssl/ssl.h>
  8164. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  8165. WOLFSSL* ssl = wolfSSL_new(ctx);
  8166. void cb(const char* url){
  8167. Function body.
  8168. }
  8169. CbMissingCRL cb = CbMissingCRL;
  8170. if(ctx){
  8171. return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
  8172. }
  8173. \endcode
  8174. \sa CbMissingCRL
  8175. \sa wolfSSL_SetCRL_Cb
  8176. */
  8177. int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
  8178. CbMissingCRL cb);
  8179. /*!
  8180. \ingroup CertManager
  8181. \brief This function sets the CRL Update callback. If
  8182. HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same
  8183. issuer and a lower CRL number exists when a CRL is added, then the
  8184. CbUpdateCRL is called with the details of the existing entry and the
  8185. new one replacing it.
  8186. \return SSL_SUCCESS returned upon successful execution of the function and
  8187. subroutines.
  8188. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
  8189. \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
  8190. the certificate.
  8191. \param cb a function pointer to (*CbUpdateCRL) that is set to the
  8192. cbUpdateCRL member of the WOLFSSL_CERT_MANAGER.
  8193. Signature requirement:
  8194. void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new);
  8195. _Example_
  8196. \code
  8197. #include <wolfssl/ssl.h>
  8198. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  8199. WOLFSSL* ssl = wolfSSL_new(ctx);
  8200. void cb(CrlInfo *old, CrlInfo *new){
  8201. Function body.
  8202. }
  8203. CbUpdateCRL cb = CbUpdateCRL;
  8204. if(ctx){
  8205. return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb);
  8206. }
  8207. \endcode
  8208. \sa CbUpdateCRL
  8209. */
  8210. int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
  8211. CbUpdateCRL cb);
  8212. /*!
  8213. \ingroup CertManager
  8214. \brief This function yields a structure with parsed CRL information from
  8215. an encoded CRL buffer.
  8216. \return SSL_SUCCESS returned upon successful execution of the function and
  8217. subroutines.
  8218. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
  8219. \param cm the WOLFSSL_CERT_MANAGER structure..
  8220. \param info pointer to caller managed CrlInfo structure that will receive
  8221. the CRL information.
  8222. \param buff input buffer containing encoded CRL.
  8223. \param sz the length in bytes of the input CRL data in buff.
  8224. \param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER
  8225. _Example_
  8226. \code
  8227. #include <wolfssl/ssl.h>
  8228. CrlInfo info;
  8229. WOLFSSL_CERT_MANAGER* cm = NULL;
  8230. cm = wolfSSL_CertManagerNew();
  8231. // Read crl data from file into buffer
  8232. wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen,
  8233. WOLFSSL_FILETYPE_PEM);
  8234. \endcode
  8235. \sa CbUpdateCRL
  8236. \sa wolfSSL_SetCRL_Cb
  8237. */
  8238. int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
  8239. const byte* buff, long sz, int type)
  8240. /*!
  8241. \ingroup CertManager
  8242. \brief This function frees the CRL stored in the Cert Manager. An
  8243. application can update the CRL by calling wolfSSL_CertManagerFreeCRL
  8244. and then loading the new CRL.
  8245. \return SSL_SUCCESS returned upon successful execution of the function and
  8246. subroutines.
  8247. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
  8248. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8249. wolfSSL_CertManagerNew().
  8250. _Example_
  8251. \code
  8252. #include <wolfssl/ssl.h>
  8253. const char* crl1 = "./certs/crl/crl.pem";
  8254. WOLFSSL_CERT_MANAGER* cm = NULL;
  8255. cm = wolfSSL_CertManagerNew();
  8256. wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0);
  8257. wolfSSL_CertManagerFreeCRL(cm);
  8258. \endcode
  8259. \sa wolfSSL_CertManagerLoadCRL
  8260. */
  8261. int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
  8262. /*!
  8263. \ingroup CertManager
  8264. \brief The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled
  8265. to signify that the OCSP check option is enabled.
  8266. \return SSL_SUCCESS returned on successful execution of the function. The
  8267. ocspEnabled member of the WOLFSSL_CERT_MANAGER is enabled.
  8268. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
  8269. NULL or if an argument value that is not allowed is passed to a subroutine.
  8270. \return MEMORY_E returned if there is an error allocating memory within
  8271. this function or a subroutine.
  8272. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8273. wolfSSL_CertManagerNew().
  8274. \param der a byte pointer to the certificate.
  8275. \param sz an int type representing the size of the DER cert.
  8276. _Example_
  8277. \code
  8278. #import <wolfssl/ssl.h>
  8279. WOLFSSL* ssl = wolfSSL_new(ctx);
  8280. byte* der;
  8281. int sz; size of der
  8282. ...
  8283. if(wolfSSL_CertManagerCheckOCSP(cm, der, sz) != SSL_SUCCESS){
  8284. Failure case.
  8285. }
  8286. \endcode
  8287. \sa ParseCertRelative
  8288. \sa CheckCertOCSP
  8289. */
  8290. int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
  8291. unsigned char* der, int sz);
  8292. /*!
  8293. \ingroup CertManager
  8294. \brief Turns on OCSP if it’s turned off and if compiled with the
  8295. set option available.
  8296. \return SSL_SUCCESS returned if the function call is successful.
  8297. \return BAD_FUNC_ARG if cm struct is NULL.
  8298. \return MEMORY_E if WOLFSSL_OCSP struct value is NULL.
  8299. \return SSL_FAILURE initialization of WOLFSSL_OCSP struct fails
  8300. to initialize.
  8301. \return NOT_COMPILED_IN build not compiled with correct feature enabled.
  8302. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
  8303. wolfSSL_CertManagerNew().
  8304. \param options used to set values in WOLFSSL_CERT_MANAGER struct.
  8305. _Example_
  8306. \code
  8307. #include <wolfssl/ssl.h>
  8308. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
  8309. WOLFSSL* ssl = wolfSSL_new(ctx);
  8310. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
  8311. int options;
  8312. if(wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options) != SSL_SUCCESS){
  8313. Failure case.
  8314. }
  8315. \endcode
  8316. \sa wolfSSL_CertManagerNew
  8317. */
  8318. int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm,
  8319. int options);
  8320. /*!
  8321. \ingroup CertManager
  8322. \brief Disables OCSP certificate revocation.
  8323. \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled the
  8324. crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
  8325. \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
  8326. \param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8327. _Example_
  8328. \code
  8329. #include <wolfssl/ssl.h>
  8330. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
  8331. WOLFSSL* ssl = wolfSSL_new(ctx);
  8332. ...
  8333. if(wolfSSL_CertManagerDisableOCSP(ssl) != SSL_SUCCESS){
  8334. Fail case.
  8335. }
  8336. \endcode
  8337. \sa wolfSSL_DisableCRL
  8338. */
  8339. int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
  8340. /*!
  8341. \ingroup CertManager
  8342. \brief The function copies the url to the ocspOverrideURL member of the
  8343. WOLFSSL_CERT_MANAGER structure.
  8344. \return SSL_SUCCESS the function was able to execute as expected.
  8345. \return BAD_FUNC_ARG the WOLFSSL_CERT_MANAGER struct is NULL.
  8346. \return MEMEORY_E Memory was not able to be allocated for the
  8347. ocspOverrideURL member of the certificate manager.
  8348. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8349. _Example_
  8350. \code
  8351. #include <wolfssl/ssl.h>
  8352. WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
  8353. const char* url;
  8354. int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
  8355. if(wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url) != SSL_SUCCESS){
  8356. Failure case.
  8357. }
  8358. \endcode
  8359. \sa ocspOverrideURL
  8360. \sa wolfSSL_SetOCSP_OverrideURL
  8361. */
  8362. int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
  8363. const char* url);
  8364. /*!
  8365. \ingroup CertManager
  8366. \brief The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
  8367. \return SSL_SUCCESS returned on successful execution. The arguments are
  8368. saved in the WOLFSSL_CERT_MANAGER structure.
  8369. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
  8370. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
  8371. \param ioCb a function pointer of type CbOCSPIO.
  8372. \param respFreeCb - a function pointer of type CbOCSPRespFree.
  8373. \param ioCbCtx - a void pointer variable to the I/O callback user
  8374. registered context.
  8375. _Example_
  8376. \code
  8377. #include <wolfssl/ssl.h>
  8378. wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb,
  8379. CbOCSPRespFree respFreeCb, void* ioCbCtx){
  8380. return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, ioCbCtx);
  8381. \endcode
  8382. \sa wolfSSL_CertManagerSetOCSPOverrideURL
  8383. \sa wolfSSL_CertManagerCheckOCSP
  8384. \sa wolfSSL_CertManagerEnableOCSPStapling
  8385. \sa wolfSSL_EnableOCSP
  8386. \sa wolfSSL_DisableOCSP
  8387. \sa wolfSSL_SetOCSP_Cb
  8388. */
  8389. int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
  8390. CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
  8391. void* ioCbCtx);
  8392. /*!
  8393. \ingroup CertManager
  8394. \brief This function turns on OCSP stapling if it is not turned on as well
  8395. as set the options.
  8396. \return SSL_SUCCESS returned if there were no errors and the function
  8397. executed successfully.
  8398. \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
  8399. NULL or otherwise if there was a unpermitted argument value passed to
  8400. a subroutine.
  8401. \return MEMORY_E returned if there was an issue allocating memory.
  8402. \return SSL_FAILURE returned if the initialization of the OCSP
  8403. structure failed.
  8404. \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
  8405. HAVE_CERTIFICATE_STATUS_REQUEST option.
  8406. \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, a member of the
  8407. WOLFSSL_CTX structure.
  8408. _Example_
  8409. \code
  8410. int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx){
  8411. return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
  8412. \endcode
  8413. \sa wolfSSL_CTX_EnableOCSPStapling
  8414. */
  8415. int wolfSSL_CertManagerEnableOCSPStapling(
  8416. WOLFSSL_CERT_MANAGER* cm);
  8417. /*!
  8418. \brief Enables CRL certificate revocation.
  8419. \return SSL_SUCCESS the function and subroutines returned with no errors.
  8420. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
  8421. \return MEMORY_E returned if the allocation of memory failed.
  8422. \return SSL_FAILURE returned if the InitCRL function does not return
  8423. successfully.
  8424. \return NOT_COMPILED_IN HAVE_CRL was not enabled during the compiling.
  8425. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8426. \param options an integer that is used to determine the setting of
  8427. crlCheckAll member of the WOLFSSL_CERT_MANAGER structure.
  8428. _Example_
  8429. \code
  8430. WOLFSSL* ssl = wolfSSL_new(ctx);
  8431. if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS){
  8432. // Failure case. SSL_SUCCESS was not returned by this function or
  8433. a subroutine
  8434. }
  8435. \endcode
  8436. \sa wolfSSL_CertManagerEnableCRL
  8437. \sa InitCRL
  8438. */
  8439. int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
  8440. /*!
  8441. \brief Disables CRL certificate revocation.
  8442. \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled
  8443. the crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
  8444. \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
  8445. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8446. _Example_
  8447. \code
  8448. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8449. WOLFSSL* ssl = wolfSSL_new(ctx);
  8450. ...
  8451. if(wolfSSL_DisableCRL(ssl) != SSL_SUCCESS){
  8452. // Failure case
  8453. }
  8454. \endcode
  8455. \sa wolfSSL_CertManagerDisableCRL
  8456. \sa wolfSSL_CertManagerDisableOCSP
  8457. */
  8458. int wolfSSL_DisableCRL(WOLFSSL* ssl);
  8459. /*!
  8460. \brief A wrapper function that ends up calling LoadCRL to load the
  8461. certificate for revocation checking.
  8462. \return WOLFSSL_SUCCESS returned if the function and all of the
  8463. subroutines executed without error.
  8464. \return SSL_FATAL_ERROR returned if one of the subroutines does not
  8465. return successfully.
  8466. \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER or the WOLFSSL
  8467. structure are NULL.
  8468. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8469. \param path a constant character pointer that holds the path to the
  8470. crl file.
  8471. \param type an integer representing the type of certificate.
  8472. \param monitor an integer variable used to verify the monitor path if
  8473. requested.
  8474. _Example_
  8475. \code
  8476. WOLFSSL* ssl = wolfSSL_new(ctx);
  8477. const char* crlPemDir;
  8478. if(wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS){
  8479. // Failure case. Did not return SSL_SUCCESS.
  8480. }
  8481. \endcode
  8482. \sa wolfSSL_CertManagerLoadCRL
  8483. \sa wolfSSL_CertManagerEnableCRL
  8484. \sa LoadCRL
  8485. */
  8486. int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor);
  8487. /*!
  8488. \brief Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
  8489. \return SSL_SUCCESS returned if the function or subroutine executes
  8490. without error. The cbMissingCRL member of the WOLFSSL_CERT_MANAGER is set.
  8491. \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
  8492. structure is NULL.
  8493. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8494. \param cb a function pointer to CbMissingCRL.
  8495. _Example_
  8496. \code
  8497. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  8498. WOLFSSL* ssl = wolfSSL_new(ctx);
  8499. void cb(const char* url) // required signature
  8500. {
  8501. // Function body
  8502. }
  8503. int crlCb = wolfSSL_SetCRL_Cb(ssl, cb);
  8504. if(crlCb != SSL_SUCCESS){
  8505. // The callback was not set properly
  8506. }
  8507. \endcode
  8508. \sa CbMissingCRL
  8509. \sa wolfSSL_CertManagerSetCRL_Cb
  8510. */
  8511. int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
  8512. /*!
  8513. \brief This function enables OCSP certificate verification. The value of
  8514. options if formed by or’ing one or more of the following options:
  8515. WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
  8516. certificates. The override URL is specified using the
  8517. wolfSSL_CTX_SetOCSP_OverrideURL() function.
  8518. WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
  8519. WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
  8520. \return SSL_SUCCESS returned if the function and subroutines executes
  8521. without errors.
  8522. \return BAD_FUNC_ARG returned if an argument in this function or any
  8523. subroutine receives an invalid argument value.
  8524. \return MEMORY_E returned if there was an error allocating memory for
  8525. a structure or other variable.
  8526. \return NOT_COMPILED_IN returned if wolfSSL was not compiled with the
  8527. HAVE_OCSP option.
  8528. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8529. \param options an integer type passed to wolfSSL_CertMangerENableOCSP()
  8530. used for settings check.
  8531. _Example_
  8532. \code
  8533. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8534. WOLFSSL* ssl = wolfSSL_new(ctx);
  8535. int options; // initialize to option constant
  8536. int ret = wolfSSL_EnableOCSP(ssl, options);
  8537. if(ret != SSL_SUCCESS){
  8538. // OCSP is not enabled
  8539. }
  8540. \endcode
  8541. \sa wolfSSL_CertManagerEnableOCSP
  8542. */
  8543. int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options);
  8544. /*!
  8545. \brief Disables the OCSP certificate revocation option.
  8546. \return SSL_SUCCESS returned if the function and its subroutine return with
  8547. no errors. The ocspEnabled member of the WOLFSSL_CERT_MANAGER structure was
  8548. successfully set.
  8549. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
  8550. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8551. _Example_
  8552. \code
  8553. WOLFSSL* ssl = wolfSSL_new(ctx);
  8554. if(wolfSSL_DisableOCSP(ssl) != SSL_SUCCESS){
  8555. // Returned with an error. Failure case in this block.
  8556. }
  8557. \endcode
  8558. \sa wolfSSL_CertManagerDisableOCSP
  8559. */
  8560. int wolfSSL_DisableOCSP(WOLFSSL*);
  8561. /*!
  8562. \brief This function sets the ocspOverrideURL member in the
  8563. WOLFSSL_CERT_MANAGER structure.
  8564. \return SSL_SUCCESS returned on successful execution of the function.
  8565. \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if a
  8566. unpermitted argument was passed to a subroutine.
  8567. \return MEMORY_E returned if there was an error allocating memory in the
  8568. subroutine.
  8569. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8570. \param url a constant char pointer to the url that will be stored in the
  8571. ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure.
  8572. _Example_
  8573. \code
  8574. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8575. WOLFSSL* ssl = wolfSSL_new(ctx);
  8576. char url[URLSZ];
  8577. ...
  8578. if(wolfSSL_SetOCSP_OverrideURL(ssl, url)){
  8579. // The override url is set to the new value
  8580. }
  8581. \endcode
  8582. \sa wolfSSL_CertManagerSetOCSPOverrideURL
  8583. */
  8584. int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url);
  8585. /*!
  8586. \brief This function sets the OCSP callback in the
  8587. WOLFSSL_CERT_MANAGER structure.
  8588. \return SSL_SUCCESS returned if the function executes without error.
  8589. The ocspIOCb, ocspRespFreeCb, and ocspIOCtx members of the CM are set.
  8590. \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
  8591. structures are NULL.
  8592. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8593. \param ioCb a function pointer to type CbOCSPIO.
  8594. \param respFreeCb a function pointer to type CbOCSPRespFree which is the
  8595. call to free the response memory.
  8596. \param ioCbCtx a void pointer that will be held in the ocspIOCtx member
  8597. of the CM.
  8598. _Example_
  8599. \code
  8600. WOLFSSL* ssl = wolfSSL_new(ctx);
  8601. int OCSPIO_CB(void* , const char*, int , unsigned char* , int,
  8602. unsigned char**){ // must have this signature
  8603. // Function Body
  8604. }
  8605. void OCSPRespFree_CB(void* , unsigned char* ){ // must have this signature
  8606. // function body
  8607. }
  8608. void* ioCbCtx;
  8609. CbOCSPRespFree CB_OCSPRespFree;
  8610. if(wolfSSL_SetOCSP_Cb(ssl, OCSPIO_CB( pass args ), CB_OCSPRespFree,
  8611. ioCbCtx) != SSL_SUCCESS){
  8612. // Callback not set
  8613. }
  8614. \endcode
  8615. \sa wolfSSL_CertManagerSetOCSP_Cb
  8616. \sa CbOCSPIO
  8617. \sa CbOCSPRespFree
  8618. */
  8619. int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
  8620. void* ioCbCtx);
  8621. /*!
  8622. \brief Enables CRL certificate verification through the CTX.
  8623. \return SSL_SUCCESS returned if this function and it’s subroutines
  8624. execute without errors.
  8625. \return BAD_FUNC_ARG returned if the CTX struct is NULL or there
  8626. was otherwise an invalid argument passed in a subroutine.
  8627. \return MEMORY_E returned if there was an error allocating
  8628. memory during execution of the function.
  8629. \return SSL_FAILURE returned if the crl member of the
  8630. WOLFSSL_CERT_MANAGER fails to initialize correctly.
  8631. \return NOT_COMPILED_IN wolfSSL was not compiled with the HAVE_CRL option.
  8632. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8633. _Example_
  8634. \code
  8635. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8636. WOLFSSL* ssl = wolfSSL_new(ctx);
  8637. ...
  8638. if(wolfSSL_CTX_EnableCRL(ssl->ctx, options) != SSL_SUCCESS){
  8639. // The function failed
  8640. }
  8641. \endcode
  8642. \sa wolfSSL_CertManagerEnableCRL
  8643. \sa InitCRL
  8644. \sa wolfSSL_CTX_DisableCRL
  8645. */
  8646. int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
  8647. /*!
  8648. \brief This function disables CRL verification in the CTX structure.
  8649. \return SSL_SUCCESS returned if the function executes without error.
  8650. The crlEnabled member of the WOLFSSL_CERT_MANAGER struct is set to 0.
  8651. \return BAD_FUNC_ARG returned if either the CTX struct or the CM
  8652. struct has a NULL value.
  8653. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  8654. wolfSSL_CTX_new().
  8655. _Example_
  8656. \code
  8657. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8658. WOLFSSL* ssl = wolfSSL_new(ctx);
  8659. ...
  8660. if(wolfSSL_CTX_DisableCRL(ssl->ctx) != SSL_SUCCESS){
  8661. // Failure case.
  8662. }
  8663. \endcode
  8664. \sa wolfSSL_CertManagerDisableCRL
  8665. */
  8666. int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
  8667. /*!
  8668. \brief This function loads CRL into the WOLFSSL_CTX structure through
  8669. wolfSSL_CertManagerLoadCRL().
  8670. \return SSL_SUCCESS - returned if the function and its subroutines
  8671. execute without error.
  8672. \return BAD_FUNC_ARG - returned if this function or any subroutines
  8673. are passed NULL structures.
  8674. \return BAD_PATH_ERROR - returned if the path variable opens as NULL.
  8675. \return MEMORY_E - returned if an allocation of memory failed.
  8676. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  8677. wolfSSL_CTX_new().
  8678. \param path the path to the certificate.
  8679. \param type an integer variable holding the type of certificate.
  8680. \param monitor an integer variable used to determine if the monitor
  8681. path is requested.
  8682. _Example_
  8683. \code
  8684. WOLFSSL_CTX* ctx;
  8685. const char* path;
  8686. return wolfSSL_CTX_LoadCRL(ctx, path, SSL_FILETYPE_PEM, 0);
  8687. \endcode
  8688. \sa wolfSSL_CertManagerLoadCRL
  8689. \sa LoadCRL
  8690. */
  8691. int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor);
  8692. /*!
  8693. \brief This function will set the callback argument to the cbMissingCRL
  8694. member of the WOLFSSL_CERT_MANAGER structure by calling
  8695. wolfSSL_CertManagerSetCRL_Cb.
  8696. \return SSL_SUCCESS returned for a successful execution. The
  8697. WOLFSSL_CERT_MANAGER structure’s member cbMssingCRL was successfully
  8698. set to cb.
  8699. \return BAD_FUNC_ARG returned if WOLFSSL_CTX or WOLFSSL_CERT_MANAGER
  8700. are NULL.
  8701. \param ctx a pointer to a WOLFSSL_CTX structure, created with
  8702. wolfSSL_CTX_new().
  8703. \param cb a pointer to a callback function of type CbMissingCRL.
  8704. Signature requirement:
  8705. void (*CbMissingCRL)(const char* url);
  8706. _Example_
  8707. \code
  8708. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  8709. void cb(const char* url) // Required signature
  8710. {
  8711. // Function body
  8712. }
  8713. if (wolfSSL_CTX_SetCRL_Cb(ctx, cb) != SSL_SUCCESS){
  8714. // Failure case, cb was not set correctly.
  8715. }
  8716. \endcode
  8717. \sa wolfSSL_CertManagerSetCRL_Cb
  8718. \sa CbMissingCRL
  8719. */
  8720. int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
  8721. /*!
  8722. \brief This function sets options to configure behavior of OCSP
  8723. functionality in wolfSSL. The value of options if formed by or’ing
  8724. one or more of the following options:
  8725. WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
  8726. certificates. The override URL is specified using the
  8727. wolfSSL_CTX_SetOCSP_OverrideURL() function.
  8728. WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
  8729. WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
  8730. This function only sets the OCSP options when wolfSSL has been compiled with
  8731. OCSP support (--enable-ocsp, #define HAVE_OCSP).
  8732. \return SSL_SUCCESS is returned upon success.
  8733. \return SSL_FAILURE is returned upon failure.
  8734. \return NOT_COMPILED_IN is returned when this function has been called,
  8735. but OCSP support was not enabled when wolfSSL was compiled.
  8736. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  8737. \param options value used to set the OCSP options.
  8738. _Example_
  8739. \code
  8740. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8741. int options; // initialize to option constant
  8742. int ret = wolfSSL_CTX_EnableOCSP(ctx, options);
  8743. if(ret != SSL_SUCCESS){
  8744. // OCSP is not enabled
  8745. }
  8746. \endcode
  8747. \sa wolfSSL_CertManagerEnableOCSP
  8748. \sa wolfSSL_EnableOCSP
  8749. */
  8750. int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options);
  8751. /*!
  8752. \brief This function disables OCSP certificate revocation checking by
  8753. affecting the ocspEnabled member of the WOLFSSL_CERT_MANAGER structure.
  8754. \return SSL_SUCCESS returned if the function executes without error.
  8755. The ocspEnabled member of the CM has been disabled.
  8756. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL.
  8757. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  8758. wolfSSL_CTX_new().
  8759. _Example_
  8760. \code
  8761. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  8762. WOLFSSL* ssl = wolfSSL_new(ctx);
  8763. ...
  8764. if(!wolfSSL_CTX_DisableOCSP(ssl->ctx)){
  8765. // OCSP is not disabled
  8766. }
  8767. \endcode
  8768. \sa wolfSSL_DisableOCSP
  8769. \sa wolfSSL_CertManagerDisableOCSP
  8770. */
  8771. int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
  8772. /*!
  8773. \brief This function manually sets the URL for OCSP to use. By default,
  8774. OCSP will use the URL found in the individual certificate unless the
  8775. WOLFSSL_OCSP_URL_OVERRIDE option is set using the wolfSSL_CTX_EnableOCSP.
  8776. \return SSL_SUCCESS is returned upon success.
  8777. \return SSL_FAILURE is returned upon failure.
  8778. \return NOT_COMPILED_IN is returned when this function has been called,
  8779. but OCSP support was not enabled when wolfSSL was compiled.
  8780. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
  8781. \param url pointer to the OCSP URL for wolfSSL to use.
  8782. _Example_
  8783. \code
  8784. WOLFSSL_CTX* ctx = 0;
  8785. ...
  8786. wolfSSL_CTX_OCSP_set_override_url(ctx, “custom-url-here”);
  8787. \endcode
  8788. \sa wolfSSL_CTX_OCSP_set_options
  8789. */
  8790. int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url);
  8791. /*!
  8792. \brief Sets the callback for the OCSP in the WOLFSSL_CTX structure.
  8793. \return SSL_SUCCESS returned if the function executed successfully. The
  8794. ocspIOCb, ocspRespFreeCb, and ocspIOCtx members in the CM were
  8795. successfully set.
  8796. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX or
  8797. WOLFSSL_CERT_MANAGER structure is NULL.
  8798. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8799. \param ioCb a CbOCSPIO type that is a function pointer.
  8800. \param respFreeCb a CbOCSPRespFree type that is a function pointer.
  8801. \param ioCbCtx a void pointer that will be held in the WOLFSSL_CERT_MANAGER.
  8802. _Example_
  8803. \code
  8804. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  8805. CbOCSPIO ocspIOCb;
  8806. CbOCSPRespFree ocspRespFreeCb;
  8807. void* ioCbCtx;
  8808. int isSetOCSP = wolfSSL_CTX_SetOCSP_Cb(ctx, ocspIOCb,
  8809. ocspRespFreeCb, ioCbCtx);
  8810. if(isSetOCSP != SSL_SUCCESS){
  8811. // The function did not return successfully.
  8812. }
  8813. \endcode
  8814. \sa wolfSSL_CertManagerSetOCSP_Cb
  8815. \sa CbOCSPIO
  8816. \sa CbOCSPRespFree
  8817. */
  8818. int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
  8819. CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
  8820. void* ioCbCtx);
  8821. /*!
  8822. \brief This function enables OCSP stapling by calling
  8823. wolfSSL_CertManagerEnableOCSPStapling().
  8824. \return SSL_SUCCESS returned if there were no errors and the function
  8825. executed successfully.
  8826. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
  8827. otherwise if there was a unpermitted argument value passed to a subroutine.
  8828. \return MEMORY_E returned if there was an issue allocating memory.
  8829. \return SSL_FAILURE returned if the initialization of the OCSP
  8830. structure failed.
  8831. \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
  8832. HAVE_CERTIFICATE_STATUS_REQUEST option.
  8833. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  8834. wolfSSL_CTX_new().
  8835. _Example_
  8836. \code
  8837. WOLFSSL* ssl = WOLFSSL_new();
  8838. ssl->method.version; // set to desired protocol
  8839. ...
  8840. if(!wolfSSL_CTX_EnableOCSPStapling(ssl->ctx)){
  8841. // OCSP stapling is not enabled
  8842. }
  8843. \endcode
  8844. \sa wolfSSL_CertManagerEnableOCSPStapling
  8845. \sa InitOCSP
  8846. */
  8847. int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
  8848. /*!
  8849. \ingroup CertsKeys
  8850. \brief Normally, at the end of the SSL handshake, wolfSSL frees
  8851. temporary arrays. Calling this function before the handshake begins
  8852. will prevent wolfSSL from freeing temporary arrays. Temporary arrays
  8853. may be needed for things such as wolfSSL_get_keys() or PSK hints.
  8854. When the user is done with temporary arrays, either wolfSSL_FreeArrays()
  8855. may be called to free the resources immediately, or alternatively the
  8856. resources will be freed when the associated SSL object is freed.
  8857. \return none No return.
  8858. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8859. _Example_
  8860. \code
  8861. WOLFSSL* ssl;
  8862. ...
  8863. wolfSSL_KeepArrays(ssl);
  8864. \endcode
  8865. \sa wolfSSL_FreeArrays
  8866. */
  8867. void wolfSSL_KeepArrays(WOLFSSL*);
  8868. /*!
  8869. \ingroup CertsKeys
  8870. \brief Normally, at the end of the SSL handshake, wolfSSL frees temporary
  8871. arrays. If wolfSSL_KeepArrays() has been called before the handshake,
  8872. wolfSSL will not free temporary arrays. This function explicitly frees
  8873. temporary arrays and should be called when the user is done with temporary
  8874. arrays and does not want to wait for the SSL object to be freed to free
  8875. these resources.
  8876. \return none No return.
  8877. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  8878. _Example_
  8879. \code
  8880. WOLFSSL* ssl;
  8881. ...
  8882. wolfSSL_FreeArrays(ssl);
  8883. \endcode
  8884. \sa wolfSSL_KeepArrays
  8885. */
  8886. void wolfSSL_FreeArrays(WOLFSSL*);
  8887. /*!
  8888. \brief This function enables the use of Server Name Indication in the SSL
  8889. object passed in the 'ssl' parameter. It means that the SNI extension will
  8890. be sent on ClientHello by wolfSSL client and wolfSSL server will respond
  8891. ClientHello + SNI with either ServerHello + blank SNI or alert fatal in
  8892. case of SNI mismatch.
  8893. \return WOLFSSL_SUCCESS upon success.
  8894. \return BAD_FUNC_ARG is the error that will be returned in one of these
  8895. cases: ssl is NULL, data is NULL, type is a unknown value. (see below)
  8896. \return MEMORY_E is the error returned when there is not enough memory.
  8897. \param ssl pointer to a SSL object, created with wolfSSL_new().
  8898. \param type indicates which type of server name is been passed in data.
  8899. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  8900. \param data pointer to the server name data.
  8901. \param size size of the server name data.
  8902. _Example_
  8903. \code
  8904. int ret = 0;
  8905. WOLFSSL_CTX* ctx = 0;
  8906. WOLFSSL* ssl = 0;
  8907. ctx = wolfSSL_CTX_new(method);
  8908. if (ctx == NULL) {
  8909. // context creation failed
  8910. }
  8911. ssl = wolfSSL_new(ctx);
  8912. if (ssl == NULL) {
  8913. // ssl creation failed
  8914. }
  8915. ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
  8916. strlen("www.yassl.com"));
  8917. if (ret != WOLFSSL_SUCCESS) {
  8918. // sni usage failed
  8919. }
  8920. \endcode
  8921. \sa wolfSSL_new
  8922. \sa wolfSSL_CTX_UseSNI
  8923. */
  8924. int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
  8925. const void* data, unsigned short size);
  8926. /*!
  8927. \brief This function enables the use of Server Name Indication for SSL
  8928. objects created from the SSL context passed in the 'ctx' parameter. It
  8929. means that the SNI extension will be sent on ClientHello by wolfSSL
  8930. clients and wolfSSL servers will respond ClientHello + SNI with either
  8931. ServerHello + blank SNI or alert fatal in case of SNI mismatch.
  8932. \return WOLFSSL_SUCCESS upon success.
  8933. \return BAD_FUNC_ARG is the error that will be returned in one of these
  8934. cases: ctx is NULL, data is NULL, type is a unknown value. (see below)
  8935. \return MEMORY_E is the error returned when there is not enough memory.
  8936. \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
  8937. \param type indicates which type of server name is been passed in data.
  8938. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  8939. \param data pointer to the server name data.
  8940. \param size size of the server name data.
  8941. _Example_
  8942. \code
  8943. int ret = 0;
  8944. WOLFSSL_CTX* ctx = 0;
  8945. ctx = wolfSSL_CTX_new(method);
  8946. if (ctx == NULL) {
  8947. // context creation failed
  8948. }
  8949. ret = wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
  8950. strlen("www.yassl.com"));
  8951. if (ret != WOLFSSL_SUCCESS) {
  8952. // sni usage failed
  8953. }
  8954. \endcode
  8955. \sa wolfSSL_CTX_new
  8956. \sa wolfSSL_UseSNI
  8957. */
  8958. int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
  8959. const void* data, unsigned short size);
  8960. /*!
  8961. \brief This function is called on the server side to configure the
  8962. behavior of the SSL session using Server Name Indication in the SSL
  8963. object passed in the 'ssl' parameter. The options are explained below.
  8964. \return none No returns.
  8965. \param ssl pointer to a SSL object, created with wolfSSL_new().
  8966. \param type indicates which type of server name is been passed in data.
  8967. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  8968. \param options a bitwise semaphore with the chosen options. The available
  8969. options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
  8970. WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort the
  8971. handshake by sending a fatal-level unrecognized_name(112) alert if the
  8972. hostname provided by the client mismatch with the servers.
  8973. \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the server
  8974. will not send a SNI response instead of aborting the session.
  8975. \param WOLFSSL_SNI_ANSWER_ON_MISMATCH - With this option set, the server
  8976. will send a SNI response as if the host names match instead of aborting
  8977. the session.
  8978. _Example_
  8979. \code
  8980. int ret = 0;
  8981. WOLFSSL_CTX* ctx = 0;
  8982. WOLFSSL* ssl = 0;
  8983. ctx = wolfSSL_CTX_new(method);
  8984. if (ctx == NULL) {
  8985. // context creation failed
  8986. }
  8987. ssl = wolfSSL_new(ctx);
  8988. if (ssl == NULL) {
  8989. // ssl creation failed
  8990. }
  8991. ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
  8992. if (ret != WOLFSSL_SUCCESS) {
  8993. // sni usage failed
  8994. }
  8995. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  8996. WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
  8997. \endcode
  8998. \sa wolfSSL_new
  8999. \sa wolfSSL_UseSNI
  9000. \sa wolfSSL_CTX_SNI_SetOptions
  9001. */
  9002. void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
  9003. unsigned char options);
  9004. /*!
  9005. \brief This function is called on the server side to configure the behavior
  9006. of the SSL sessions using Server Name Indication for SSL objects created
  9007. from the SSL context passed in the 'ctx' parameter. The options are
  9008. explained below.
  9009. \return none No returns.
  9010. \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
  9011. \param type indicates which type of server name is been passed in data.
  9012. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  9013. \param options a bitwise semaphore with the chosen options. The available
  9014. options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
  9015. WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort
  9016. the handshake by sending a fatal-level unrecognized_name(112) alert if the
  9017. hostname provided by the client mismatch with the servers.
  9018. \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the
  9019. server will not send a SNI response instead of aborting the session.
  9020. \param WOLFSSL_SNI_ANSWER_ON_MISMATCH With this option set, the server
  9021. will send a SNI response as if the host names match instead of aborting
  9022. the session.
  9023. _Example_
  9024. \code
  9025. int ret = 0;
  9026. WOLFSSL_CTX* ctx = 0;
  9027. ctx = wolfSSL_CTX_new(method);
  9028. if (ctx == NULL) {
  9029. // context creation failed
  9030. }
  9031. ret = wolfSSL_CTX_UseSNI(ctx, 0, "www.yassl.com", strlen("www.yassl.com"));
  9032. if (ret != WOLFSSL_SUCCESS) {
  9033. // sni usage failed
  9034. }
  9035. wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
  9036. WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
  9037. \endcode
  9038. \sa wolfSSL_CTX_new
  9039. \sa wolfSSL_CTX_UseSNI
  9040. \sa wolfSSL_SNI_SetOptions
  9041. */
  9042. void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
  9043. unsigned char type, unsigned char options);
  9044. /*!
  9045. \brief This function is called on the server side to retrieve the Server
  9046. Name Indication provided by the client from the Client Hello message sent
  9047. by the client to start a session. It does not requires context or session
  9048. setup to retrieve the SNI.
  9049. \return WOLFSSL_SUCCESS upon success.
  9050. \return BAD_FUNC_ARG is the error that will be returned in one of this
  9051. cases: buffer is NULL, bufferSz <= 0, sni is NULL, inOutSz is NULL or <= 0
  9052. \return BUFFER_ERROR is the error returned when there is a malformed
  9053. Client Hello message.
  9054. \return INCOMPLETE_DATA is the error returned when there is not enough
  9055. data to complete the extraction.
  9056. \param buffer pointer to the data provided by the client (Client Hello).
  9057. \param bufferSz size of the Client Hello message.
  9058. \param type indicates which type of server name is been retrieved
  9059. from the buffer. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  9060. \param sni pointer to where the output is going to be stored.
  9061. \param inOutSz pointer to the output size, this value will be updated
  9062. to MIN("SNI's length", inOutSz).
  9063. _Example_
  9064. \code
  9065. unsigned char buffer[1024] = {0};
  9066. unsigned char result[32] = {0};
  9067. int length = 32;
  9068. // read Client Hello to buffer...
  9069. ret = wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, result, &length));
  9070. if (ret != WOLFSSL_SUCCESS) {
  9071. // sni retrieve failed
  9072. }
  9073. \endcode
  9074. \sa wolfSSL_UseSNI
  9075. \sa wolfSSL_CTX_UseSNI
  9076. \sa wolfSSL_SNI_GetRequest
  9077. */
  9078. int wolfSSL_SNI_GetFromBuffer(
  9079. const unsigned char* clientHello, unsigned int helloSz,
  9080. unsigned char type, unsigned char* sni, unsigned int* inOutSz);
  9081. /*!
  9082. \ingroup IO
  9083. \brief This function gets the status of an SNI object.
  9084. \return value This function returns the byte value of the SNI struct’s
  9085. status member if the SNI is not NULL.
  9086. \return 0 if the SNI object is NULL.
  9087. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9088. \param type the SNI type.
  9089. _Example_
  9090. \code
  9091. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  9092. WOLFSSL* ssl = wolfSSL_new(ctx);
  9093. #define AssertIntEQ(x, y) AssertInt(x, y, ==, !=)
  9094. Byte type = WOLFSSL_SNI_HOST_NAME;
  9095. char* request = (char*)&type;
  9096. AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
  9097. \endcode
  9098. \sa TLSX_SNI_Status
  9099. \sa TLSX_SNI_find
  9100. \sa TLSX_Find
  9101. */
  9102. unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
  9103. /*!
  9104. \brief This function is called on the server side to retrieve the
  9105. Server Name Indication provided by the client in a SSL session.
  9106. \return size the size of the provided SNI data.
  9107. \param ssl pointer to a SSL object, created with wolfSSL_new().
  9108. \param type indicates which type of server name is been retrieved in
  9109. data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
  9110. \param data pointer to the data provided by the client.
  9111. _Example_
  9112. \code
  9113. int ret = 0;
  9114. WOLFSSL_CTX* ctx = 0;
  9115. WOLFSSL* ssl = 0;
  9116. ctx = wolfSSL_CTX_new(method);
  9117. if (ctx == NULL) {
  9118. // context creation failed
  9119. }
  9120. ssl = wolfSSL_new(ctx);
  9121. if (ssl == NULL) {
  9122. // ssl creation failed
  9123. }
  9124. ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
  9125. if (ret != WOLFSSL_SUCCESS) {
  9126. // sni usage failed
  9127. }
  9128. if (wolfSSL_accept(ssl) == SSL_SUCCESS) {
  9129. void *data = NULL;
  9130. unsigned short size = wolfSSL_SNI_GetRequest(ssl, 0, &data);
  9131. }
  9132. \endcode
  9133. \sa wolfSSL_UseSNI
  9134. \sa wolfSSL_CTX_UseSNI
  9135. */
  9136. unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
  9137. unsigned char type, void** data);
  9138. /*!
  9139. \ingroup Setup
  9140. \brief Setup ALPN use for a wolfSSL session.
  9141. \return WOLFSSL_SUCCESS: upon success.
  9142. \return BAD_FUNC_ARG Returned if ssl or protocol_name_list
  9143. is null or protocol_name_listSz is too large or options
  9144. contain something not supported.
  9145. \return MEMORY_ERROR Error allocating memory for protocol list.
  9146. \return SSL_FAILURE upon failure.
  9147. \param ssl The wolfSSL session to use.
  9148. \param protocol_name_list List of protocol names to use.
  9149. Comma delimited string is required.
  9150. \param protocol_name_listSz Size of the list of protocol names.
  9151. \param options WOLFSSL_ALPN_CONTINUE_ON_MISMATCH or
  9152. WOLFSSL_ALPN_FAILED_ON_MISMATCH.
  9153. _Example_
  9154. \code
  9155. wolfSSL_Init();
  9156. WOLFSSL_CTX* ctx;
  9157. WOLFSSL* ssl;
  9158. WOLFSSL_METHOD method = // Some wolfSSL method
  9159. ctx = wolfSSL_CTX_new(method);
  9160. ssl = wolfSSL_new(ctx);
  9161. char alpn_list[] = {};
  9162. if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
  9163. WOLFSSL_APN_FAILED_ON_MISMATCH) != WOLFSSL_SUCCESS)
  9164. {
  9165. // Error setting session ticket
  9166. }
  9167. \endcode
  9168. \sa TLSX_UseALPN
  9169. */
  9170. int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
  9171. unsigned int protocol_name_listSz,
  9172. unsigned char options);
  9173. /*!
  9174. \ingroup TLS
  9175. \brief This function gets the protocol name set by the server.
  9176. \return SSL_SUCCESS returned on successful execution where no
  9177. errors were thrown.
  9178. \return SSL_FATAL_ERROR returned if the extension was not found or
  9179. if there was no protocol match with peer. There will also be an
  9180. error thrown if there is more than one protocol name accepted.
  9181. \return SSL_ALPN_NOT_FOUND returned signifying that no protocol
  9182. match with peer was found.
  9183. \return BAD_FUNC_ARG returned if there was a NULL argument passed
  9184. into the function.
  9185. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9186. \param protocol_name a pointer to a char that represents the protocol
  9187. name and will be held in the ALPN structure.
  9188. \param size a word16 type that represents the size of the protocol_name.
  9189. _Example_
  9190. \code
  9191. WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
  9192. WOLFSSL* ssl = WOLFSSL_new(ctx);
  9193. ...
  9194. int err;
  9195. char* protocol_name = NULL;
  9196. Word16 protocol_nameSz = 0;
  9197. err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
  9198. if(err == SSL_SUCCESS){
  9199. // Sent ALPN protocol
  9200. }
  9201. \endcode
  9202. \sa TLSX_ALPN_GetRequest
  9203. \sa TLSX_Find
  9204. */
  9205. int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
  9206. unsigned short *size);
  9207. /*!
  9208. \ingroup TLS
  9209. \brief This function copies the alpn_client_list data from the SSL
  9210. object to the buffer.
  9211. \return SSL_SUCCESS returned if the function executed without error. The
  9212. alpn_client_list member of the SSL object has been copied to the
  9213. list parameter.
  9214. \return BAD_FUNC_ARG returned if the list or listSz parameter is NULL.
  9215. \return BUFFER_ERROR returned if there will be a problem with the
  9216. list buffer (either it’s NULL or the size is 0).
  9217. \return MEMORY_ERROR returned if there was a problem dynamically
  9218. allocating memory.
  9219. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9220. \param list a pointer to the buffer. The data from the SSL object will
  9221. be copied into it.
  9222. \param listSz the buffer size.
  9223. _Example_
  9224. \code
  9225. #import <wolfssl/ssl.h>
  9226. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method);
  9227. WOLFSSL* ssl = wolfSSL_new(ctx);
  9228. #ifdef HAVE_ALPN
  9229. char* list = NULL;
  9230. word16 listSz = 0;
  9231. err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
  9232. if(err == SSL_SUCCESS){
  9233. List of protocols names sent by client
  9234. }
  9235. \endcode
  9236. \sa wolfSSL_UseALPN
  9237. */
  9238. int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
  9239. unsigned short *listSz);
  9240. /*!
  9241. \brief This function is called on the client side to enable the use of
  9242. Maximum Fragment Length in the SSL object passed in the 'ssl' parameter.
  9243. It means that the Maximum Fragment Length extension will be sent on
  9244. ClientHello by wolfSSL clients.
  9245. \return SSL_SUCCESS upon success.
  9246. \return BAD_FUNC_ARG is the error that will be returned in one of
  9247. these cases: ssl is NULL, mfl is out of range.
  9248. \return MEMORY_E is the error returned when there is not enough memory.
  9249. \param ssl pointer to a SSL object, created with wolfSSL_new().
  9250. \param mfl indicates which is the Maximum Fragment Length requested for the
  9251. session. The available options are: enum { WOLFSSL_MFL_2_9 = 1, 512 bytes
  9252. WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
  9253. WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
  9254. bytes wolfSSL ONLY!!! };
  9255. _Example_
  9256. \code
  9257. int ret = 0;
  9258. WOLFSSL_CTX* ctx = 0;
  9259. WOLFSSL* ssl = 0;
  9260. ctx = wolfSSL_CTX_new(method);
  9261. if (ctx == NULL) {
  9262. // context creation failed
  9263. }
  9264. ssl = wolfSSL_new(ctx);
  9265. if (ssl == NULL) {
  9266. // ssl creation failed
  9267. }
  9268. ret = wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_2_11);
  9269. if (ret != 0) {
  9270. // max fragment usage failed
  9271. }
  9272. \endcode
  9273. \sa wolfSSL_new
  9274. \sa wolfSSL_CTX_UseMaxFragment
  9275. */
  9276. int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
  9277. /*!
  9278. \brief This function is called on the client side to enable the use
  9279. of Maximum Fragment Length for SSL objects created from the SSL context
  9280. passed in the 'ctx' parameter. It means that the Maximum Fragment Length
  9281. extension will be sent on ClientHello by wolfSSL clients.
  9282. \return SSL_SUCCESS upon success.
  9283. \return BAD_FUNC_ARG is the error that will be returned in one of
  9284. these cases: ctx is NULL, mfl is out of range.
  9285. \return MEMORY_E is the error returned when there is not enough memory.
  9286. \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
  9287. \param mfl indicates which is the Maximum Fragment Length requested
  9288. for the session. The available options are:
  9289. enum { WOLFSSL_MFL_2_9 = 1 512 bytes, WOLFSSL_MFL_2_10 = 2 1024 bytes,
  9290. WOLFSSL_MFL_2_11 = 3 2048 bytes WOLFSSL_MFL_2_12 = 4 4096 bytes,
  9291. WOLFSSL_MFL_2_13 = 5 8192 bytes wolfSSL ONLY!!!,
  9292. WOLFSSL_MFL_2_13 = 6 256 bytes wolfSSL ONLY!!!
  9293. };
  9294. _Example_
  9295. \code
  9296. int ret = 0;
  9297. WOLFSSL_CTX* ctx = 0;
  9298. ctx = wolfSSL_CTX_new(method);
  9299. if (ctx == NULL) {
  9300. // context creation failed
  9301. }
  9302. ret = wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11);
  9303. if (ret != 0) {
  9304. // max fragment usage failed
  9305. }
  9306. \endcode
  9307. \sa wolfSSL_CTX_new
  9308. \sa wolfSSL_UseMaxFragment
  9309. */
  9310. int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
  9311. /*!
  9312. \brief This function is called on the client side to enable the use of
  9313. Truncated HMAC in the SSL object passed in the 'ssl' parameter. It
  9314. means that the Truncated HMAC extension will be sent on ClientHello
  9315. by wolfSSL clients.
  9316. \return SSL_SUCCESS upon success.
  9317. \return BAD_FUNC_ARG is the error that will be returned in one of
  9318. these cases: ssl is NULL
  9319. \return MEMORY_E is the error returned when there is not enough memory.
  9320. \param ssl pointer to a SSL object, created with wolfSSL_new()
  9321. _Example_
  9322. \code
  9323. int ret = 0;
  9324. WOLFSSL_CTX* ctx = 0;
  9325. WOLFSSL* ssl = 0;
  9326. ctx = wolfSSL_CTX_new(method);
  9327. if (ctx == NULL) {
  9328. // context creation failed
  9329. }
  9330. ssl = wolfSSL_new(ctx);
  9331. if (ssl == NULL) {
  9332. // ssl creation failed
  9333. }
  9334. ret = wolfSSL_UseTruncatedHMAC(ssl);
  9335. if (ret != 0) {
  9336. // truncated HMAC usage failed
  9337. }
  9338. \endcode
  9339. \sa wolfSSL_new
  9340. \sa wolfSSL_CTX_UseMaxFragment
  9341. */
  9342. int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
  9343. /*!
  9344. \brief This function is called on the client side to enable the use of
  9345. Truncated HMAC for SSL objects created from the SSL context passed in
  9346. the 'ctx' parameter. It means that the Truncated HMAC extension will
  9347. be sent on ClientHello by wolfSSL clients.
  9348. \return SSL_SUCCESS upon success.
  9349. \return BAD_FUNC_ARG is the error that will be returned in one of
  9350. these cases: ctx is NULL
  9351. \return MEMORY_E is the error returned when there is not enough memory.
  9352. \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
  9353. _Example_
  9354. \code
  9355. int ret = 0;
  9356. WOLFSSL_CTX* ctx = 0;
  9357. ctx = wolfSSL_CTX_new(method);
  9358. if (ctx == NULL) {
  9359. // context creation failed
  9360. }
  9361. ret = wolfSSL_CTX_UseTruncatedHMAC(ctx);
  9362. if (ret != 0) {
  9363. // truncated HMAC usage failed
  9364. }
  9365. \endcode
  9366. \sa wolfSSL_CTX_new
  9367. \sa wolfSSL_UseMaxFragment
  9368. */
  9369. int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
  9370. /*!
  9371. \brief Stapling eliminates the need to contact the CA. Stapling
  9372. lowers the cost of certificate revocation check presented in OCSP.
  9373. \return SSL_SUCCESS returned if TLSX_UseCertificateStatusRequest
  9374. executes without error.
  9375. \return MEMORY_E returned if there is an error with the allocation
  9376. of memory.
  9377. \return BAD_FUNC_ARG returned if there is an argument that has a
  9378. NULL or otherwise unacceptable value passed into the function.
  9379. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9380. \param status_type a byte type that is passed through to
  9381. TLSX_UseCertificateStatusRequest() and stored in the
  9382. CertificateStatusRequest structure.
  9383. \param options a byte type that is passed through to
  9384. TLSX_UseCertificateStatusRequest() and stored in the
  9385. CertificateStatusRequest structure.
  9386. _Example_
  9387. \code
  9388. WOLFSSL* ssl = wolfSSL_new(ctx);
  9389. if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
  9390. WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS){
  9391. // Failed case.
  9392. }
  9393. \endcode
  9394. \sa TLSX_UseCertificateStatusRequest
  9395. \sa wolfSSL_CTX_UseOCSPStapling
  9396. */
  9397. int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
  9398. unsigned char status_type, unsigned char options);
  9399. /*!
  9400. \brief This function requests the certificate status during the handshake.
  9401. \return SSL_SUCCESS returned if the function and subroutines execute
  9402. without error.
  9403. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
  9404. otherwise if a unpermitted value is passed to a subroutine.
  9405. \return MEMORY_E returned if the function or subroutine failed to properly
  9406. allocate memory.
  9407. \param ctx a pointer to a WOLFSSL_CTX structure,
  9408. created using wolfSSL_CTX_new().
  9409. \param status_type a byte type that is passed through to
  9410. TLSX_UseCertificateStatusRequest() and stored in the
  9411. CertificateStatusRequest structure.
  9412. \param options a byte type that is passed through to
  9413. TLSX_UseCertificateStatusRequest() and stored in the
  9414. CertificateStatusRequest structure.
  9415. _Example_
  9416. \code
  9417. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  9418. WOLFSSL* ssl = wolfSSL_new(ctx);
  9419. byte statusRequest = 0; // Initialize status request
  9420. switch(statusRequest){
  9421. case WOLFSSL_CSR_OCSP:
  9422. if(wolfSSL_CTX_UseOCSPStapling(ssl->ctx, WOLFSSL_CSR_OCSP,
  9423. WOLF_CSR_OCSP_USE_NONCE) != SSL_SUCCESS){
  9424. // UseCertificateStatusRequest failed
  9425. }
  9426. // Continue switch cases
  9427. \endcode
  9428. \sa wolfSSL_UseOCSPStaplingV2
  9429. \sa wolfSSL_UseOCSPStapling
  9430. \sa TLSX_UseCertificateStatusRequest
  9431. */
  9432. int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
  9433. unsigned char status_type, unsigned char options);
  9434. /*!
  9435. \brief The function sets the status type and options for OCSP.
  9436. \return SSL_SUCCESS - returned if the function and subroutines
  9437. executed without error.
  9438. \return MEMORY_E - returned if there was an allocation of memory error.
  9439. \return BAD_FUNC_ARG - returned if a NULL or otherwise unaccepted
  9440. argument was passed to the function or a subroutine.
  9441. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9442. \param status_type a byte type that loads the OCSP status type.
  9443. \param options a byte type that holds the OCSP options, set in
  9444. wolfSSL_SNI_SetOptions() and wolfSSL_CTX_SNI_SetOptions().
  9445. _Example_
  9446. \code
  9447. WOLFSSL* ssl = wolfSSL_new(ctx);
  9448. ...
  9449. if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS){
  9450. // Did not execute properly. Failure case code block.
  9451. }
  9452. \endcode
  9453. \sa TLSX_UseCertificatStatusRequestV2
  9454. \sa wolfSSL_SNI_SetOptions
  9455. \sa wolfSSL_CTX_SNI_SetOptions
  9456. */
  9457. int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
  9458. unsigned char status_type, unsigned char options);
  9459. /*!
  9460. \brief Creates and initializes the certificate status request
  9461. for OCSP Stapling.
  9462. \return SSL_SUCCESS if the function and subroutines executed without error.
  9463. \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or if
  9464. the side variable is not client side.
  9465. \return MEMORY_E returned if the allocation of memory failed.
  9466. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  9467. wolfSSL_CTX_new().
  9468. \param status_type a byte type that is located in the
  9469. CertificatStatusRequest structure and must be either WOLFSSL_CSR2_OCSP
  9470. or WOLFSSL_CSR2_OCSP_MULTI.
  9471. \param options a byte type that will be held in
  9472. CertificateStatusRequestItemV2 struct.
  9473. _Example_
  9474. \code
  9475. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  9476. byte status_type;
  9477. byte options;
  9478. ...
  9479. if(wolfSSL_CTX_UseOCSPStaplingV2(ctx, status_type, options); != SSL_SUCCESS){
  9480. // Failure case.
  9481. }
  9482. \endcode
  9483. \sa TLSX_UseCertificateStatusRequestV2
  9484. \sa wc_RNG_GenerateBlock
  9485. \sa TLSX_Push
  9486. */
  9487. int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
  9488. unsigned char status_type, unsigned char options);
  9489. /*!
  9490. \brief This function is called on the client side to enable the use of
  9491. Supported Elliptic Curves Extension in the SSL object passed in the 'ssl'
  9492. parameter. It means that the supported curves enabled will be sent on
  9493. ClientHello by wolfSSL clients. This function can be called more than
  9494. one time to enable multiple curves.
  9495. \return SSL_SUCCESS upon success.
  9496. \return BAD_FUNC_ARG is the error that will be returned in one of these
  9497. cases: ssl is NULL, name is a unknown value. (see below)
  9498. \return MEMORY_E is the error returned when there is not enough memory.
  9499. \param ssl pointer to a SSL object, created with wolfSSL_new().
  9500. \param name indicates which curve will be supported for the session. The
  9501. available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
  9502. WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
  9503. WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
  9504. WOLFSSL_ECC_SECP521R1 = 0x19 };
  9505. _Example_
  9506. \code
  9507. int ret = 0;
  9508. WOLFSSL_CTX* ctx = 0;
  9509. WOLFSSL* ssl = 0;
  9510. ctx = wolfSSL_CTX_new(method);
  9511. if (ctx == NULL) {
  9512. // context creation failed
  9513. }
  9514. ssl = wolfSSL_new(ctx);
  9515. if (ssl == NULL) {
  9516. // ssl creation failed
  9517. }
  9518. ret = wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1);
  9519. if (ret != 0) {
  9520. // Elliptic Curve Extension usage failed
  9521. }
  9522. \endcode
  9523. \sa wolfSSL_CTX_new
  9524. \sa wolfSSL_CTX_UseSupportedCurve
  9525. */
  9526. int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
  9527. /*!
  9528. \brief This function is called on the client side to enable the use of
  9529. Supported Elliptic Curves Extension for SSL objects created from the SSL
  9530. context passed in the 'ctx' parameter. It means that the supported curves
  9531. enabled will be sent on ClientHello by wolfSSL clients. This function can
  9532. be called more than one time to enable multiple curves.
  9533. \return SSL_SUCCESS upon success.
  9534. \return BAD_FUNC_ARG is the error that will be returned in one of these
  9535. cases: ctx is NULL, name is a unknown value. (see below)
  9536. \return MEMORY_E is the error returned when there is not enough memory.
  9537. \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
  9538. \param name indicates which curve will be supported for the session.
  9539. The available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
  9540. WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
  9541. WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
  9542. WOLFSSL_ECC_SECP521R1 = 0x19 };
  9543. _Example_
  9544. \code
  9545. int ret = 0;
  9546. WOLFSSL_CTX* ctx = 0;
  9547. ctx = wolfSSL_CTX_new(method);
  9548. if (ctx == NULL) {
  9549. // context creation failed
  9550. }
  9551. ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1);
  9552. if (ret != 0) {
  9553. // Elliptic Curve Extension usage failed
  9554. }
  9555. \endcode
  9556. \sa wolfSSL_CTX_new
  9557. \sa wolfSSL_UseSupportedCurve
  9558. */
  9559. int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
  9560. word16 name);
  9561. /*!
  9562. \ingroup IO
  9563. \brief This function forces secure renegotiation for the supplied
  9564. WOLFSSL structure. This is not recommended.
  9565. \return SSL_SUCCESS Successfully set secure renegotiation.
  9566. \return BAD_FUNC_ARG Returns error if ssl is null.
  9567. \return MEMORY_E Returns error if unable to allocate memory for secure
  9568. renegotiation.
  9569. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9570. _Example_
  9571. \code
  9572. wolfSSL_Init();
  9573. WOLFSSL_CTX* ctx;
  9574. WOLFSSL* ssl;
  9575. WOLFSSL_METHOD method = // Some wolfSSL method
  9576. ctx = wolfSSL_CTX_new(method);
  9577. ssl = wolfSSL_new(ctx);
  9578. if(wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
  9579. {
  9580. // Error setting secure renegotiation
  9581. }
  9582. \endcode
  9583. \sa TLSX_Find
  9584. \sa TLSX_UseSecureRenegotiation
  9585. */
  9586. int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
  9587. /*!
  9588. \ingroup IO
  9589. \brief This function executes a secure renegotiation handshake; this is user
  9590. forced as wolfSSL discourages this functionality.
  9591. \return SSL_SUCCESS returned if the function executed without error.
  9592. \return BAD_FUNC_ARG returned if the WOLFSSL structure was NULL or otherwise
  9593. if an unacceptable argument was passed in a subroutine.
  9594. \return SECURE_RENEGOTIATION_E returned if there was an error with
  9595. renegotiating the handshake.
  9596. \return SSL_FATAL_ERROR returned if there was an error with the
  9597. server or client configuration and the renegotiation could
  9598. not be completed. See wolfSSL_negotiate().
  9599. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9600. _Example_
  9601. \code
  9602. WOLFSSL* ssl = wolfSSL_new(ctx);
  9603. ...
  9604. if(wolfSSL_Rehandshake(ssl) != SSL_SUCCESS){
  9605. // There was an error and the rehandshake is not successful.
  9606. }
  9607. \endcode
  9608. \sa wolfSSL_negotiate
  9609. \sa wc_InitSha512
  9610. \sa wc_InitSha384
  9611. \sa wc_InitSha256
  9612. \sa wc_InitSha
  9613. \sa wc_InitMd5
  9614. */
  9615. int wolfSSL_Rehandshake(WOLFSSL* ssl);
  9616. /*!
  9617. \ingroup IO
  9618. \brief Force provided WOLFSSL structure to use session ticket. The
  9619. constant HAVE_SESSION_TICKET should be defined and the constant
  9620. NO_WOLFSSL_CLIENT should not be defined to use this function.
  9621. \return SSL_SUCCESS Successfully set use session ticket.
  9622. \return BAD_FUNC_ARG Returned if ssl is null.
  9623. \return MEMORY_E Error allocating memory for setting session ticket.
  9624. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9625. _Example_
  9626. \code
  9627. wolfSSL_Init();
  9628. WOLFSSL_CTX* ctx;
  9629. WOLFSSL* ssl;
  9630. WOLFSSL_METHOD method = // Some wolfSSL method
  9631. ctx = wolfSSL_CTX_new(method);
  9632. ssl = wolfSSL_new(ctx);
  9633. if(wolfSSL_UseSessionTicket(ssl) != SSL_SUCCESS)
  9634. {
  9635. // Error setting session ticket
  9636. }
  9637. \endcode
  9638. \sa TLSX_UseSessionTicket
  9639. */
  9640. int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
  9641. /*!
  9642. \ingroup Setup
  9643. \brief This function sets wolfSSL context to use a session ticket.
  9644. \return SSL_SUCCESS Function executed successfully.
  9645. \return BAD_FUNC_ARG Returned if ctx is null.
  9646. \return MEMORY_E Error allocating memory in internal function.
  9647. \param ctx The WOLFSSL_CTX structure to use.
  9648. _Example_
  9649. \code
  9650. wolfSSL_Init();
  9651. WOLFSSL_CTX* ctx;
  9652. WOLFSSL_METHOD method = // Some wolfSSL method ;
  9653. ctx = wolfSSL_CTX_new(method);
  9654. if(wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
  9655. {
  9656. // Error setting session ticket
  9657. }
  9658. \endcode
  9659. \sa TLSX_UseSessionTicket
  9660. */
  9661. int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
  9662. /*!
  9663. \ingroup IO
  9664. \brief This function copies the ticket member of the Session structure to
  9665. the buffer.
  9666. \return SSL_SUCCESS returned if the function executed without error.
  9667. \return BAD_FUNC_ARG returned if one of the arguments was NULL or if the
  9668. bufSz argument was 0.
  9669. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9670. \param buf a byte pointer representing the memory buffer.
  9671. \param bufSz a word32 pointer representing the buffer size.
  9672. _Example_
  9673. \code
  9674. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  9675. WOLFSSL* ssl = wolfSSL_new(ctx);
  9676. byte* buf;
  9677. word32 bufSz; // Initialize with buf size
  9678. if(wolfSSL_get_SessionTicket(ssl, buf, bufSz) <= 0){
  9679. // Nothing was written to the buffer
  9680. } else {
  9681. // the buffer holds the content from ssl->session->ticket
  9682. }
  9683. \endcode
  9684. \sa wolfSSL_UseSessionTicket
  9685. \sa wolfSSL_set_SessionTicket
  9686. */
  9687. int wolfSSL_get_SessionTicket(WOLFSSL* ssl, unsigned char* buf, word32* bufSz);
  9688. /*!
  9689. \ingroup IO
  9690. \brief This function sets the ticket member of the WOLFSSL_SESSION
  9691. structure within the WOLFSSL struct. The buffer passed into the function
  9692. is copied to memory.
  9693. \return SSL_SUCCESS returned on successful execution of the function.
  9694. The function returned without errors.
  9695. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL. This will
  9696. also be thrown if the buf argument is NULL but the bufSz argument
  9697. is not zero.
  9698. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9699. \param buf a byte pointer that gets loaded into the ticket member
  9700. of the session structure.
  9701. \param bufSz a word32 type that represents the size of the buffer.
  9702. _Example_
  9703. \code
  9704. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  9705. WOLFSSL* ssl = wolfSSL_new(ctx);
  9706. byte* buffer; // File to load
  9707. word32 bufSz;
  9708. ...
  9709. if(wolfSSL_KeepArrays(ssl, buffer, bufSz) != SSL_SUCCESS){
  9710. // There was an error loading the buffer to memory.
  9711. }
  9712. \endcode
  9713. \sa wolfSSL_set_SessionTicket_cb
  9714. */
  9715. int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const unsigned char* buf,
  9716. word32 bufSz);
  9717. /*!
  9718. \brief This function sets the session ticket callback. The type
  9719. CallbackSessionTicket is a function pointer with the signature of:
  9720. int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*)
  9721. \return SSL_SUCCESS returned if the function executed without error.
  9722. \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
  9723. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9724. \param cb a function pointer to the type CallbackSessionTicket.
  9725. \param ctx a void pointer to the session_ticket_ctx member of the
  9726. WOLFSSL structure.
  9727. _Example_
  9728. \code
  9729. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  9730. WOLFSSL* ssl = wolfSSL_new(ctx);
  9731. int sessionTicketCB(WOLFSSL* ssl, const unsigned char* ticket, int ticketSz,
  9732. void* ctx){ … }
  9733. wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)”initial session”);
  9734. \endcode
  9735. \sa wolfSSL_get_SessionTicket
  9736. \sa CallbackSessionTicket
  9737. \sa sessionTicketCB
  9738. */
  9739. int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
  9740. CallbackSessionTicket cb, void* ctx);
  9741. /*!
  9742. \brief This function sends a session ticket to the client after a TLS v1.3
  9743. handhsake has been established.
  9744. \return WOLFSSL_SUCCESS returned if a new session ticket was sent.
  9745. \return BAD_FUNC_ARG returned if WOLFSSL structure is NULL, or not using
  9746. TLS v1.3.
  9747. \return SIDE_ERROR returned if not a server.
  9748. \return NOT_READY_ERROR returned if the handshake has not completed.
  9749. \return WOLFSSL_FATAL_ERROR returned if creating or sending message fails.
  9750. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9751. _Example_
  9752. \code
  9753. int ret;
  9754. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  9755. WOLFSSL* ssl = wolfSSL_new(ctx);
  9756. ret = wolfSSL_send_SessionTicket(ssl);
  9757. if (ret != WOLFSSL_SUCCESS) {
  9758. // New session ticket not sent.
  9759. }
  9760. \endcode
  9761. \sa wolfSSL_get_SessionTicket
  9762. \sa CallbackSessionTicket
  9763. \sa sessionTicketCB
  9764. */
  9765. int wolfSSL_send_SessionTicket(WOLFSSL* ssl);
  9766. /*!
  9767. \brief This function sets the session ticket key encrypt callback function
  9768. for a server to support session tickets as specified in RFC 5077.
  9769. \return SSL_SUCCESS will be returned upon successfully setting the session.
  9770. \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
  9771. invalid arguments to the function.
  9772. \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
  9773. \param cb user callback function to encrypt/decrypt session tickets
  9774. \param ssl(Callback) pointer to the WOLFSSL object, created with
  9775. wolfSSL_new()
  9776. \param key_name(Callback) unique key name for this ticket context, should
  9777. be randomly generated
  9778. \param iv(Callback) unique IV for this ticket, up to 128 bits, should
  9779. be randomly generated
  9780. \param mac(Callback) up to 256 bit mac for this ticket
  9781. \param enc(Callback) if this encrypt parameter is true the user should fill
  9782. in key_name, iv, mac, and encrypt the ticket in-place of length inLen and
  9783. set the resulting output length in *outLen. Returning WOLFSSL_TICKET_RET_OK
  9784. tells wolfSSL that the encryption was successful. If this encrypt parameter
  9785. is false, the user should perform a decrypt of the ticket in-place of length
  9786. inLen using key_name, iv, and mac. The resulting decrypt length should be
  9787. set in *outLen. Returning WOLFSSL_TICKET_RET_OK tells wolfSSL to proceed
  9788. using the decrypted ticket. Returning WOLFSSL_TICKET_RET_CREATE tells
  9789. wolfSSL to use the decrypted ticket but also to generate a new one to
  9790. send to the client, helpful if recently rolled keys and don’t want to
  9791. force a full handshake. Returning WOLFSSL_TICKET_RET_REJECT tells
  9792. wolfSSL to reject this ticket, perform a full handshake, and create
  9793. a new standard session ID for normal session resumption. Returning
  9794. WOLFSSL_TICKET_RET_FATAL tells wolfSSL to end the connection
  9795. attempt with a fatal error.
  9796. \param ticket(Callback) the input/output buffer for the encrypted ticket.
  9797. See the enc parameter
  9798. \param inLen(Callback) the input length of the ticket parameter
  9799. \param outLen(Callback) the resulting output length of the ticket parameter.
  9800. When entering the callback outLen will indicate the maximum size available
  9801. in the ticket buffer.
  9802. \param userCtx(Callback) the user context set with
  9803. wolfSSL_CTX_set_TicketEncCtx()
  9804. _Example_
  9805. \code
  9806. See wolfssl/test.h myTicketEncCb() used by the example
  9807. server and example echoserver.
  9808. \endcode
  9809. \sa wolfSSL_CTX_set_TicketHint
  9810. \sa wolfSSL_CTX_set_TicketEncCtx
  9811. */
  9812. int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
  9813. SessionTicketEncCb);
  9814. /*!
  9815. \brief This function sets the session ticket hint relayed to the client.
  9816. For server side use.
  9817. \return SSL_SUCCESS will be returned upon successfully setting the session.
  9818. \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
  9819. invalid arguments to the function.
  9820. \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
  9821. \param hint number of seconds the ticket might be valid for. Hint to client.
  9822. _Example_
  9823. \code
  9824. none
  9825. \endcode
  9826. \sa wolfSSL_CTX_set_TicketEncCb
  9827. */
  9828. int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
  9829. /*!
  9830. \brief This function sets the session ticket encrypt user context for the
  9831. callback. For server side use.
  9832. \return SSL_SUCCESS will be returned upon successfully setting the session.
  9833. \return BAD_FUNC_ARG will be returned on failure. This is caused by
  9834. passing invalid arguments to the function.
  9835. \param ctx pointer to the WOLFSSL_CTX object, created
  9836. with wolfSSL_CTX_new().
  9837. \param userCtx the user context for the callback
  9838. _Example_
  9839. \code
  9840. none
  9841. \endcode
  9842. \sa wolfSSL_CTX_set_TicketEncCb
  9843. */
  9844. int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
  9845. /*!
  9846. \brief This function gets the session ticket encrypt user context for the
  9847. callback. For server side use.
  9848. \return userCtx will be returned upon successfully getting the session.
  9849. \return NULL will be returned on failure. This is caused by
  9850. passing invalid arguments to the function, or when the user context has
  9851. not been set.
  9852. \param ctx pointer to the WOLFSSL_CTX object, created
  9853. with wolfSSL_CTX_new().
  9854. _Example_
  9855. \code
  9856. none
  9857. \endcode
  9858. \sa wolfSSL_CTX_set_TicketEncCtx
  9859. */
  9860. void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
  9861. /*!
  9862. \brief This function sets the handshake done callback. The hsDoneCb and
  9863. hsDoneCtx members of the WOLFSSL structure are set in this function.
  9864. \return SSL_SUCCESS returned if the function executed without an error.
  9865. The hsDoneCb and hsDoneCtx members of the WOLFSSL struct are set.
  9866. \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL.
  9867. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  9868. \param cb a function pointer of type HandShakeDoneCb with the signature of
  9869. the form: int (*HandShakeDoneCb)(WOLFSSL*, void*);
  9870. \param user_ctx a void pointer to the user registered context.
  9871. _Example_
  9872. \code
  9873. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  9874. WOLFSSL* ssl = wolfSSL_new(ctx);
  9875. int myHsDoneCb(WOLFSSL* ssl, void* user_ctx){
  9876. // callback function
  9877. }
  9878. wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
  9879. \endcode
  9880. \sa HandShakeDoneCb
  9881. */
  9882. int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx);
  9883. /*!
  9884. \ingroup IO
  9885. \brief This function prints the statistics from the session.
  9886. \return SSL_SUCCESS returned if the function and subroutines return without
  9887. error. The session stats have been successfully retrieved and printed.
  9888. \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
  9889. was passed an unacceptable argument.
  9890. \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
  9891. \param none No parameters.
  9892. _Example_
  9893. \code
  9894. // You will need to have a session object to retrieve stats from.
  9895. if(wolfSSL_PrintSessionStats(void) != SSL_SUCCESS ){
  9896. // Did not print session stats
  9897. }
  9898. \endcode
  9899. \sa wolfSSL_get_session_stats
  9900. */
  9901. int wolfSSL_PrintSessionStats(void);
  9902. /*!
  9903. \ingroup IO
  9904. \brief This function gets the statistics for the session.
  9905. \return SSL_SUCCESS returned if the function and subroutines return without
  9906. error. The session stats have been successfully retrieved and printed.
  9907. \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
  9908. was passed an unacceptable argument.
  9909. \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
  9910. \param active a word32 pointer representing the total current sessions.
  9911. \param total a word32 pointer representing the total sessions.
  9912. \param peak a word32 pointer representing the peak sessions.
  9913. \param maxSessions a word32 pointer representing the maximum sessions.
  9914. _Example_
  9915. \code
  9916. int wolfSSL_PrintSessionStats(void){
  9917. ret = wolfSSL_get_session_stats(&totalSessionsNow,
  9918. &totalSessionsSeen, &peak, &maxSessions);
  9919. return ret;
  9920. \endcode
  9921. \sa wolfSSL_PrintSessionStats
  9922. */
  9923. int wolfSSL_get_session_stats(unsigned int* active,
  9924. unsigned int* total,
  9925. unsigned int* peak,
  9926. unsigned int* maxSessions);
  9927. /*!
  9928. \ingroup TLS
  9929. \brief This function copies the values of cr and sr then passes through to
  9930. wc_PRF (pseudo random function) and returns that value.
  9931. \return 0 on success
  9932. \return BUFFER_E returned if there will be an error
  9933. with the size of the buffer.
  9934. \return MEMORY_E returned if a subroutine failed
  9935. to allocate dynamic memory.
  9936. \param ms the master secret held in the Arrays structure.
  9937. \param msLen the length of the master secret.
  9938. \param pms the pre-master secret held in the Arrays structure.
  9939. \param pmsLen the length of the pre-master secret.
  9940. \param cr the client random.
  9941. \param sr the server random.
  9942. \param tls1_2 signifies that the version is at least tls version 1.2.
  9943. \param hash_type signifies the hash type.
  9944. _Example_
  9945. \code
  9946. WOLFSSL* ssl;
  9947. called in MakeTlsMasterSecret and retrieves the necessary
  9948. information as follows:
  9949. int MakeTlsMasterSecret(WOLFSSL* ssl){
  9950. int ret;
  9951. ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
  9952. ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
  9953. ssl->arrays->clientRandom, ssl->arrays->serverRandom,
  9954. IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
  9955. return ret;
  9956. }
  9957. \endcode
  9958. \sa wc_PRF
  9959. \sa MakeTlsMasterSecret
  9960. */
  9961. int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
  9962. const unsigned char* pms, word32 pmsLen,
  9963. const unsigned char* cr, const unsigned char* sr,
  9964. int tls1_2, int hash_type);
  9965. /*!
  9966. \ingroup CertsKeys
  9967. \brief An external facing wrapper to derive TLS Keys.
  9968. \return 0 returned on success.
  9969. \return BUFFER_E returned if the sum of labLen and
  9970. seedLen (computes total size) exceeds the maximum size.
  9971. \return MEMORY_E returned if the allocation of memory failed.
  9972. \param key_data a byte pointer that is allocateded in DeriveTlsKeys
  9973. and passed through to wc_PRF to hold the final hash.
  9974. \param keyLen a word32 type that is derived in DeriveTlsKeys
  9975. from the WOLFSSL structure’s specs member.
  9976. \param ms a constant pointer type holding the master secret
  9977. held in the arrays structure within the WOLFSSL structure.
  9978. \param msLen a word32 type that holds the length of the
  9979. master secret in an enumerated define, SECRET_LEN.
  9980. \param sr a constant byte pointer to the serverRandom
  9981. member of the arrays structure within the WOLFSSL structure.
  9982. \param cr a constant byte pointer to the clientRandom
  9983. member of the arrays structure within the WOLFSSL structure.
  9984. \param tls1_2 an integer type returned from IsAtLeastTLSv1_2().
  9985. \param hash_type an integer type held in the WOLFSSL structure.
  9986. _Example_
  9987. \code
  9988. int DeriveTlsKeys(WOLFSSL* ssl){
  9989. int ret;
  9990. ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret,
  9991. SECRET_LEN, ssl->arrays->clientRandom,
  9992. IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
  9993. }
  9994. \endcode
  9995. \sa wc_PRF
  9996. \sa DeriveTlsKeys
  9997. \sa IsAtLeastTLSv1_2
  9998. */
  9999. int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
  10000. const unsigned char* ms, word32 msLen,
  10001. const unsigned char* sr, const unsigned char* cr,
  10002. int tls1_2, int hash_type);
  10003. /*!
  10004. \brief wolfSSL_connect_ex() is an extension that allows
  10005. a HandShake Callback to be set. This can be useful in
  10006. embedded systems for debugging support when a debugger isn’t
  10007. available and sniffing is impractical. The HandShake Callback
  10008. will be called whether or not a handshake error occurred.
  10009. No dynamic memory is used since the maximum number of SSL
  10010. packets is known. Packet names can be accessed through packetNames[].
  10011. The connect extension also allows a Timeout Callback to be set along
  10012. with a timeout value. This is useful if the user doesn’t want
  10013. to wait for the TCP stack to timeout. This extension can be called
  10014. with either, both, or neither callbacks.
  10015. \return SSL_SUCCESS upon success.
  10016. \return GETTIME_ERROR will be returned if gettimeofday()
  10017. encountered an error.
  10018. \return SETITIMER_ERROR will be returned if setitimer()
  10019. encountered an error.
  10020. \return SIGACT_ERROR will be returned if sigaction() encountered an error.
  10021. \return SSL_FATAL_ERROR will be returned if the underlying SSL_connect()
  10022. call encountered an error.
  10023. \param none No parameters.
  10024. _Example_
  10025. \code
  10026. none
  10027. \endcode
  10028. \sa wolfSSL_accept_ex
  10029. */
  10030. int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
  10031. TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
  10032. /*!
  10033. \brief wolfSSL_accept_ex() is an extension that allows a HandShake Callback
  10034. to be set. This can be useful in embedded systems for debugging support
  10035. when a debugger isn’t available and sniffing is impractical. The HandShake
  10036. Callback will be called whether or not a handshake error occurred.
  10037. No dynamic memory is used since the maximum number of SSL packets is known.
  10038. Packet names can be accessed through packetNames[]. The connect extension
  10039. also allows a Timeout Callback to be set along with a timeout value.
  10040. This is useful if the user doesn’t want to wait for the TCP stack to timeout.
  10041. This extension can be called with either, both, or neither callbacks.
  10042. \return SSL_SUCCESS upon success.
  10043. \return GETTIME_ERROR will be returned if gettimeofday()
  10044. encountered an error.
  10045. \return SETITIMER_ERROR will be returned if setitimer()
  10046. encountered an error.
  10047. \return SIGACT_ERROR will be returned if sigaction() encountered an error.
  10048. \return SSL_FATAL_ERROR will be returned if the underlying
  10049. SSL_accept() call encountered an error.
  10050. \param none No parameters.
  10051. _Example_
  10052. \code
  10053. none
  10054. \endcode
  10055. \sa wolfSSL_connect_ex
  10056. */
  10057. int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb,
  10058. TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
  10059. /*!
  10060. \ingroup IO
  10061. \brief This is used to set the internal file pointer for a BIO.
  10062. \return SSL_SUCCESS On successfully setting file pointer.
  10063. \return SSL_FAILURE If an error case was encountered.
  10064. \param bio WOLFSSL_BIO structure to set pair.
  10065. \param fp file pointer to set in bio.
  10066. \param c close file behavior flag.
  10067. _Example_
  10068. \code
  10069. WOLFSSL_BIO* bio;
  10070. XFILE fp;
  10071. int ret;
  10072. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  10073. ret = wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE);
  10074. // check ret value
  10075. \endcode
  10076. \sa wolfSSL_BIO_new
  10077. \sa wolfSSL_BIO_s_mem
  10078. \sa wolfSSL_BIO_get_fp
  10079. \sa wolfSSL_BIO_free
  10080. */
  10081. long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
  10082. /*!
  10083. \ingroup IO
  10084. \brief This is used to get the internal file pointer for a BIO.
  10085. \return SSL_SUCCESS On successfully getting file pointer.
  10086. \return SSL_FAILURE If an error case was encountered.
  10087. \param bio WOLFSSL_BIO structure to set pair.
  10088. \param fp file pointer to set in bio.
  10089. _Example_
  10090. \code
  10091. WOLFSSL_BIO* bio;
  10092. XFILE fp;
  10093. int ret;
  10094. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  10095. ret = wolfSSL_BIO_get_fp(bio, &fp);
  10096. // check ret value
  10097. \endcode
  10098. \sa wolfSSL_BIO_new
  10099. \sa wolfSSL_BIO_s_mem
  10100. \sa wolfSSL_BIO_set_fp
  10101. \sa wolfSSL_BIO_free
  10102. */
  10103. long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
  10104. /*!
  10105. \ingroup Setup
  10106. \brief This function checks that the private key is a match
  10107. with the certificate being used.
  10108. \return SSL_SUCCESS On successfully match.
  10109. \return SSL_FAILURE If an error case was encountered.
  10110. \return <0 All error cases other than SSL_FAILURE are negative values.
  10111. \param ssl WOLFSSL structure to check.
  10112. _Example_
  10113. \code
  10114. WOLFSSL* ssl;
  10115. int ret;
  10116. // create and set up ssl
  10117. ret = wolfSSL_check_private_key(ssl);
  10118. // check ret value
  10119. \endcode
  10120. \sa wolfSSL_new
  10121. \sa wolfSSL_free
  10122. */
  10123. int wolfSSL_check_private_key(const WOLFSSL* ssl);
  10124. /*!
  10125. \ingroup CertsKeys
  10126. \brief This function looks for and returns the extension index
  10127. matching the passed in NID value.
  10128. \return >= 0 If successful the extension index is returned.
  10129. \return -1 If extension is not found or error is encountered.
  10130. \param x509 certificate to get parse through for extension.
  10131. \param nid extension OID to be found.
  10132. \param lastPos start search from extension after lastPos.
  10133. Set to -1 initially.
  10134. _Example_
  10135. \code
  10136. const WOLFSSL_X509* x509;
  10137. int lastPos = -1;
  10138. int idx;
  10139. idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos);
  10140. \endcode
  10141. */
  10142. int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509,
  10143. int nid, int lastPos);
  10144. /*!
  10145. \ingroup CertsKeys
  10146. \brief This function looks for and returns the extension
  10147. matching the passed in NID value.
  10148. \return pointer If successful a STACK_OF(WOLFSSL_ASN1_OBJECT)
  10149. pointer is returned.
  10150. \return NULL If extension is not found or error is encountered.
  10151. \param x509 certificate to get parse through for extension.
  10152. \param nid extension OID to be found.
  10153. \param c if not NULL is set to -2 for multiple extensions found -1
  10154. if not found, 0 if found and not critical and 1 if found and critical.
  10155. \param idx if NULL return first extension matched otherwise if not
  10156. stored in x509 start at idx.
  10157. _Example_
  10158. \code
  10159. const WOLFSSL_X509* x509;
  10160. int c;
  10161. int idx = 0;
  10162. STACK_OF(WOLFSSL_ASN1_OBJECT)* sk;
  10163. sk = wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, &c, &idx);
  10164. //check sk for NULL and then use it. sk needs freed after done.
  10165. \endcode
  10166. \sa wolfSSL_sk_ASN1_OBJECT_free
  10167. */
  10168. void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
  10169. int nid, int* c, int* idx);
  10170. /*!
  10171. \ingroup CertsKeys
  10172. \brief This function returns the hash of the DER certificate.
  10173. \return SSL_SUCCESS On successfully creating a hash.
  10174. \return SSL_FAILURE Returned on bad input or unsuccessful hash.
  10175. \param x509 certificate to get the hash of.
  10176. \param digest the hash algorithm to use.
  10177. \param buf buffer to hold hash.
  10178. \param len length of buffer.
  10179. _Example_
  10180. \code
  10181. WOLFSSL_X509* x509;
  10182. unsigned char buffer[64];
  10183. unsigned int bufferSz;
  10184. int ret;
  10185. ret = wolfSSL_X509_digest(x509, wolfSSL_EVP_sha256(), buffer, &bufferSz);
  10186. //check ret value
  10187. \endcode
  10188. \sa none
  10189. */
  10190. int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
  10191. const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
  10192. /*!
  10193. \ingroup Setup
  10194. \brief his is used to set the certificate for WOLFSSL structure to use
  10195. during a handshake.
  10196. \return SSL_SUCCESS On successful setting argument.
  10197. \return SSL_FAILURE If a NULL argument passed in.
  10198. \param ssl WOLFSSL structure to set certificate in.
  10199. \param x509 certificate to use.
  10200. _Example_
  10201. \code WOLFSSL* ssl;
  10202. WOLFSSL_X509* x509
  10203. int ret;
  10204. // create ssl object and x509
  10205. ret = wolfSSL_use_certificate(ssl, x509);
  10206. // check ret value
  10207. \endcode
  10208. \sa wolfSSL_new
  10209. \sa wolfSSL_free
  10210. */
  10211. int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
  10212. /*!
  10213. \ingroup Setup
  10214. \brief This is used to set the certificate for WOLFSSL structure
  10215. to use during a handshake. A DER formatted buffer is expected.
  10216. \return SSL_SUCCESS On successful setting argument.
  10217. \return SSL_FAILURE If a NULL argument passed in.
  10218. \param ssl WOLFSSL structure to set certificate in.
  10219. \param der DER certificate to use.
  10220. \param derSz size of the DER buffer passed in.
  10221. _Example_
  10222. \code
  10223. WOLFSSL* ssl;
  10224. unsigned char* der;
  10225. int derSz;
  10226. int ret;
  10227. // create ssl object and set DER variables
  10228. ret = wolfSSL_use_certificate_ASN1(ssl, der, derSz);
  10229. // check ret value
  10230. \endcode
  10231. \sa wolfSSL_new
  10232. \sa wolfSSL_free
  10233. */
  10234. int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
  10235. int derSz);
  10236. /*!
  10237. \ingroup CertsKeys
  10238. \brief This is used to set the private key for the WOLFSSL structure.
  10239. \return SSL_SUCCESS On successful setting argument.
  10240. \return SSL_FAILURE If a NULL ssl passed in. All error
  10241. cases will be negative values.
  10242. \param ssl WOLFSSL structure to set argument in.
  10243. \param pkey private key to use.
  10244. _Example_
  10245. \code
  10246. WOLFSSL* ssl;
  10247. WOLFSSL_EVP_PKEY* pkey;
  10248. int ret;
  10249. // create ssl object and set up private key
  10250. ret = wolfSSL_use_PrivateKey(ssl, pkey);
  10251. // check ret value
  10252. \endcode
  10253. \sa wolfSSL_new
  10254. \sa wolfSSL_free
  10255. */
  10256. int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
  10257. /*!
  10258. \ingroup CertsKeys
  10259. \brief This is used to set the private key for the WOLFSSL
  10260. structure. A DER formatted key buffer is expected.
  10261. \return SSL_SUCCESS On successful setting parsing and
  10262. setting the private key.
  10263. \return SSL_FAILURE If an NULL ssl passed in. All error cases
  10264. will be negative values.
  10265. \param pri type of private key.
  10266. \param ssl WOLFSSL structure to set argument in.
  10267. \param der buffer holding DER key.
  10268. \param derSz size of der buffer.
  10269. _Example_
  10270. \code
  10271. WOLFSSL* ssl;
  10272. unsigned char* pkey;
  10273. long pkeySz;
  10274. int ret;
  10275. // create ssl object and set up private key
  10276. ret = wolfSSL_use_PrivateKey_ASN1(1, ssl, pkey, pkeySz);
  10277. // check ret value
  10278. \endcode
  10279. \sa wolfSSL_new
  10280. \sa wolfSSL_free
  10281. \sa wolfSSL_use_PrivateKey
  10282. */
  10283. int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
  10284. unsigned char* der, long derSz);
  10285. /*!
  10286. \ingroup CertsKeys
  10287. \brief This is used to set the private key for the WOLFSSL
  10288. structure. A DER formatted RSA key buffer is expected.
  10289. \return SSL_SUCCESS On successful setting parsing and setting
  10290. the private key.
  10291. \return SSL_FAILURE If an NULL ssl passed in. All error cases
  10292. will be negative values.
  10293. \param ssl WOLFSSL structure to set argument in.
  10294. \param der buffer holding DER key.
  10295. \param derSz size of der buffer.
  10296. _Example_
  10297. \code
  10298. WOLFSSL* ssl;
  10299. unsigned char* pkey;
  10300. long pkeySz;
  10301. int ret;
  10302. // create ssl object and set up RSA private key
  10303. ret = wolfSSL_use_RSAPrivateKey_ASN1(ssl, pkey, pkeySz);
  10304. // check ret value
  10305. \endcode
  10306. \sa wolfSSL_new
  10307. \sa wolfSSL_free
  10308. \sa wolfSSL_use_PrivateKey
  10309. */
  10310. int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
  10311. long derSz);
  10312. /*!
  10313. \ingroup CertsKeys
  10314. \brief This function duplicates the parameters in dsa to a
  10315. newly created WOLFSSL_DH structure.
  10316. \return WOLFSSL_DH If duplicated returns WOLFSSL_DH structure
  10317. \return NULL upon failure
  10318. \param dsa WOLFSSL_DSA structure to duplicate.
  10319. _Example_
  10320. \code
  10321. WOLFSSL_DH* dh;
  10322. WOLFSSL_DSA* dsa;
  10323. // set up dsa
  10324. dh = wolfSSL_DSA_dup_DH(dsa);
  10325. // check dh is not null
  10326. \endcode
  10327. \sa none
  10328. */
  10329. WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
  10330. /*!
  10331. \ingroup Setup
  10332. \brief This is used to get the master key after completing a handshake.
  10333. \return >0 On successfully getting data returns a value greater than 0
  10334. \return 0 If no random data buffer or an error state returns 0
  10335. \return max If outSz passed in is 0 then the maximum buffer
  10336. size needed is returned
  10337. \param ses WOLFSSL_SESSION structure to get master secret buffer from.
  10338. \param out buffer to hold data.
  10339. \param outSz size of out buffer passed in. (if 0 function will
  10340. return max buffer size needed)
  10341. _Example_
  10342. \code
  10343. WOLFSSL_SESSION ssl;
  10344. unsigned char* buffer;
  10345. size_t bufferSz;
  10346. size_t ret;
  10347. // complete handshake and get session structure
  10348. bufferSz = wolfSSL_SESSION_get_master_secret(ses, NULL, 0);
  10349. buffer = malloc(bufferSz);
  10350. ret = wolfSSL_SESSION_get_master_secret(ses, buffer, bufferSz);
  10351. // check ret value
  10352. \endcode
  10353. \sa wolfSSL_new
  10354. \sa wolfSSL_free
  10355. */
  10356. int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
  10357. unsigned char* out, int outSz);
  10358. /*!
  10359. \ingroup Setup
  10360. \brief This is used to get the master secret key length.
  10361. \return size Returns master secret key size.
  10362. \param ses WOLFSSL_SESSION structure to get master secret buffer from.
  10363. _Example_
  10364. \code
  10365. WOLFSSL_SESSION ssl;
  10366. unsigned char* buffer;
  10367. size_t bufferSz;
  10368. size_t ret;
  10369. // complete handshake and get session structure
  10370. bufferSz = wolfSSL_SESSION_get_master_secret_length(ses);
  10371. buffer = malloc(bufferSz);
  10372. // check ret value
  10373. \endcode
  10374. \sa wolfSSL_new
  10375. \sa wolfSSL_free
  10376. */
  10377. int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
  10378. /*!
  10379. \ingroup Setup
  10380. \brief This is a setter function for the WOLFSSL_X509_STORE
  10381. structure in ctx.
  10382. \return none No return.
  10383. \param ctx pointer to the WOLFSSL_CTX structure for setting
  10384. cert store pointer.
  10385. \param str pointer to the WOLFSSL_X509_STORE to set in ctx.
  10386. _Example_
  10387. \code
  10388. WOLFSSL_CTX ctx;
  10389. WOLFSSL_X509_STORE* st;
  10390. // setup ctx and st
  10391. st = wolfSSL_CTX_set_cert_store(ctx, st);
  10392. //use st
  10393. \endcode
  10394. \sa wolfSSL_CTX_new
  10395. \sa wolfSSL_CTX_free
  10396. */
  10397. void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
  10398. WOLFSSL_X509_STORE* str);
  10399. /*!
  10400. \ingroup CertsKeys
  10401. \brief This function get the DER buffer from bio and converts it
  10402. to a WOLFSSL_X509 structure.
  10403. \return pointer returns a WOLFSSL_X509 structure pointer on success.
  10404. \return Null returns NULL on failure
  10405. \param bio pointer to the WOLFSSL_BIO structure that has the DER
  10406. certificate buffer.
  10407. \param x509 pointer that get set to new WOLFSSL_X509 structure created.
  10408. _Example_
  10409. \code
  10410. WOLFSSL_BIO* bio;
  10411. WOLFSSL_X509* x509;
  10412. // load DER into bio
  10413. x509 = wolfSSL_d2i_X509_bio(bio, NULL);
  10414. Or
  10415. wolfSSL_d2i_X509_bio(bio, &x509);
  10416. // use x509 returned (check for NULL)
  10417. \endcode
  10418. \sa none
  10419. */
  10420. WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509);
  10421. /*!
  10422. \ingroup Setup
  10423. \brief This is a getter function for the WOLFSSL_X509_STORE
  10424. structure in ctx.
  10425. \return WOLFSSL_X509_STORE* On successfully getting the pointer.
  10426. \return NULL Returned if NULL arguments are passed in.
  10427. \param ctx pointer to the WOLFSSL_CTX structure for getting cert
  10428. store pointer.
  10429. _Example_
  10430. \code
  10431. WOLFSSL_CTX ctx;
  10432. WOLFSSL_X509_STORE* st;
  10433. // setup ctx
  10434. st = wolfSSL_CTX_get_cert_store(ctx);
  10435. //use st
  10436. \endcode
  10437. \sa wolfSSL_CTX_new
  10438. \sa wolfSSL_CTX_free
  10439. \sa wolfSSL_CTX_set_cert_store
  10440. */
  10441. WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
  10442. /*!
  10443. \ingroup IO
  10444. \brief Gets the number of pending bytes to read. If BIO type is BIO_BIO
  10445. then is the number to read from pair. If BIO contains an SSL object then
  10446. is pending data from SSL object (wolfSSL_pending(ssl)). If is BIO_MEMORY
  10447. type then returns the size of memory buffer.
  10448. \return >=0 number of pending bytes.
  10449. \param bio pointer to the WOLFSSL_BIO structure that has already
  10450. been created.
  10451. _Example_
  10452. \code
  10453. WOLFSSL_BIO* bio;
  10454. int pending;
  10455. bio = wolfSSL_BIO_new();
  10456. pending = wolfSSL_BIO_ctrl_pending(bio);
  10457. \endcode
  10458. \sa wolfSSL_BIO_make_bio_pair
  10459. \sa wolfSSL_BIO_new
  10460. */
  10461. size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
  10462. /*!
  10463. \ingroup Setup
  10464. \brief This is used to get the random data sent by the server
  10465. during the handshake.
  10466. \return >0 On successfully getting data returns a value greater than 0
  10467. \return 0 If no random data buffer or an error state returns 0
  10468. \return max If outSz passed in is 0 then the maximum buffer size
  10469. needed is returned
  10470. \param ssl WOLFSSL structure to get clients random data buffer from.
  10471. \param out buffer to hold random data.
  10472. \param outSz size of out buffer passed in. (if 0 function will return max
  10473. buffer size needed)
  10474. _Example_
  10475. \code
  10476. WOLFSSL ssl;
  10477. unsigned char* buffer;
  10478. size_t bufferSz;
  10479. size_t ret;
  10480. bufferSz = wolfSSL_get_server_random(ssl, NULL, 0);
  10481. buffer = malloc(bufferSz);
  10482. ret = wolfSSL_get_server_random(ssl, buffer, bufferSz);
  10483. // check ret value
  10484. \endcode
  10485. \sa wolfSSL_new
  10486. \sa wolfSSL_free
  10487. */
  10488. size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
  10489. unsigned char *out, size_t outlen);
  10490. /*!
  10491. \ingroup Setup
  10492. \brief This is used to get the random data sent by the client during
  10493. the handshake.
  10494. \return >0 On successfully getting data returns a value greater than 0
  10495. \return 0 If no random data buffer or an error state returns 0
  10496. \return max If outSz passed in is 0 then the maximum buffer size needed
  10497. is returned
  10498. \param ssl WOLFSSL structure to get clients random data buffer from.
  10499. \param out buffer to hold random data.
  10500. \param outSz size of out buffer passed in. (if 0 function will return max
  10501. buffer size needed)
  10502. _Example_
  10503. \code
  10504. WOLFSSL ssl;
  10505. unsigned char* buffer;
  10506. size_t bufferSz;
  10507. size_t ret;
  10508. bufferSz = wolfSSL_get_client_random(ssl, NULL, 0);
  10509. buffer = malloc(bufferSz);
  10510. ret = wolfSSL_get_client_random(ssl, buffer, bufferSz);
  10511. // check ret value
  10512. \endcode
  10513. \sa wolfSSL_new
  10514. \sa wolfSSL_free
  10515. */
  10516. size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
  10517. unsigned char* out, size_t outSz);
  10518. /*!
  10519. \ingroup Setup
  10520. \brief This is a getter function for the password callback set in ctx.
  10521. \return func On success returns the callback function.
  10522. \return NULL If ctx is NULL then NULL is returned.
  10523. \param ctx WOLFSSL_CTX structure to get call back from.
  10524. _Example_
  10525. \code
  10526. WOLFSSL_CTX* ctx;
  10527. wc_pem_password_cb cb;
  10528. // setup ctx
  10529. cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
  10530. //use cb
  10531. \endcode
  10532. \sa wolfSSL_CTX_new
  10533. \sa wolfSSL_CTX_free
  10534. */
  10535. wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX*
  10536. ctx);
  10537. /*!
  10538. \ingroup Setup
  10539. \brief This is a getter function for the password callback user
  10540. data set in ctx.
  10541. \return pointer On success returns the user data pointer.
  10542. \return NULL If ctx is NULL then NULL is returned.
  10543. \param ctx WOLFSSL_CTX structure to get user data from.
  10544. _Example_
  10545. \code
  10546. WOLFSSL_CTX* ctx;
  10547. void* data;
  10548. // setup ctx
  10549. data = wolfSSL_CTX_get_default_passwd_cb(ctx);
  10550. //use data
  10551. \endcode
  10552. \sa wolfSSL_CTX_new
  10553. \sa wolfSSL_CTX_free
  10554. */
  10555. void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
  10556. /*!
  10557. \ingroup CertsKeys
  10558. \brief This function behaves the same as wolfSSL_PEM_read_bio_X509.
  10559. AUX signifies containing extra information such as trusted/rejected use
  10560. cases and friendly name for human readability.
  10561. \return WOLFSSL_X509 on successfully parsing the PEM buffer a WOLFSSL_X509
  10562. structure is returned.
  10563. \return Null if failed to parse PEM buffer.
  10564. \param bp WOLFSSL_BIO structure to get PEM buffer from.
  10565. \param x if setting WOLFSSL_X509 by function side effect.
  10566. \param cb password callback.
  10567. \param u NULL terminated user password.
  10568. _Example_
  10569. \code
  10570. WOLFSSL_BIO* bio;
  10571. WOLFSSL_X509* x509;
  10572. // setup bio
  10573. X509 = wolfSSL_PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
  10574. //check x509 is not null and then use it
  10575. \endcode
  10576. \sa wolfSSL_PEM_read_bio_X509
  10577. */
  10578. WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
  10579. (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u);
  10580. /*!
  10581. \ingroup CertsKeys
  10582. \brief Initializes the WOLFSSL_CTX structure’s dh member with the
  10583. Diffie-Hellman parameters.
  10584. \return SSL_SUCCESS returned if the function executed successfully.
  10585. \return BAD_FUNC_ARG returned if the ctx or dh structures are NULL.
  10586. \return SSL_FATAL_ERROR returned if there was an error setting a
  10587. structure value.
  10588. \return MEMORY_E returned if their was a failure to allocate memory.
  10589. \param ctx a pointer to a WOLFSSL_CTX structure, created using
  10590. wolfSSL_CTX_new().
  10591. \param dh a pointer to a WOLFSSL_DH structure.
  10592. _Example_
  10593. \code
  10594. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  10595. WOLFSSL_DH* dh;
  10596. return wolfSSL_CTX_set_tmp_dh(ctx, dh);
  10597. \endcode
  10598. \sa wolfSSL_BN_bn2bin
  10599. */
  10600. long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh);
  10601. /*!
  10602. \ingroup CertsKeys
  10603. \brief This function get the DSA parameters from a PEM buffer in bio.
  10604. \return WOLFSSL_DSA on successfully parsing the PEM buffer a WOLFSSL_DSA
  10605. structure is created and returned.
  10606. \return Null if failed to parse PEM buffer.
  10607. \param bio pointer to the WOLFSSL_BIO structure for getting PEM
  10608. memory pointer.
  10609. \param x pointer to be set to new WOLFSSL_DSA structure.
  10610. \param cb password callback function.
  10611. \param u null terminated password string.
  10612. _Example_
  10613. \code
  10614. WOLFSSL_BIO* bio;
  10615. WOLFSSL_DSA* dsa;
  10616. // setup bio
  10617. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  10618. // check dsa is not NULL and then use dsa
  10619. \endcode
  10620. \sa none
  10621. */
  10622. WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
  10623. WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u);
  10624. /*!
  10625. \ingroup Debug
  10626. \brief This function returns the absolute value of the last error from
  10627. WOLFSSL_ERROR encountered.
  10628. \return error Returns absolute value of last error.
  10629. \param none No parameters.
  10630. _Example_
  10631. \code
  10632. unsigned long err;
  10633. ...
  10634. err = wolfSSL_ERR_peek_last_error();
  10635. // inspect err value
  10636. \endcode
  10637. \sa wolfSSL_ERR_print_errors_fp
  10638. */
  10639. unsigned long wolfSSL_ERR_peek_last_error(void);
  10640. /*!
  10641. \ingroup CertsKeys
  10642. \brief This function gets the peer’s certificate chain.
  10643. \return pointer returns a pointer to the peer’s Certificate stack.
  10644. \return NULL returned if no peer certificate.
  10645. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10646. _Example_
  10647. \code
  10648. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
  10649. WOLFSSL* ssl = wolfSSL_new(ctx);
  10650. ...
  10651. wolfSSL_connect(ssl);
  10652. STACK_OF(WOLFSSL_X509)* chain = wolfSSL_get_peer_cert_chain(ssl);
  10653. ifchain){
  10654. // You have a pointer to the peer certificate chain
  10655. }
  10656. \endcode
  10657. \sa wolfSSL_X509_get_issuer_name
  10658. \sa wolfSSL_X509_get_subject_name
  10659. \sa wolfSSL_X509_get_isCA
  10660. */
  10661. WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
  10662. /*!
  10663. \ingroup Setup
  10664. \brief This function resets option bits of WOLFSSL_CTX object.
  10665. \return option new option bits
  10666. \param ctx pointer to the SSL context.
  10667. _Example_
  10668. \code
  10669. WOLFSSL_CTX* ctx = 0;
  10670. ...
  10671. wolfSSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1);
  10672. \endcode
  10673. \sa wolfSSL_CTX_new
  10674. \sa wolfSSL_new
  10675. \sa wolfSSL_free
  10676. */
  10677. long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
  10678. /*!
  10679. \ingroup IO
  10680. \brief This function sets the jObjectRef member of the WOLFSSL structure.
  10681. \return SSL_SUCCESS returned if jObjectRef is properly set to objPtr.
  10682. \return SSL_FAILURE returned if the function did not properly execute and
  10683. jObjectRef is not set.
  10684. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10685. \param objPtr a void pointer that will be set to jObjectRef.
  10686. _Example_
  10687. \code
  10688. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  10689. WOLFSSL* ssl = WOLFSSL_new();
  10690. void* objPtr = &obj;
  10691. ...
  10692. if(wolfSSL_set_jobject(ssl, objPtr)){
  10693. // The success case
  10694. }
  10695. \endcode
  10696. \sa wolfSSL_get_jobject
  10697. */
  10698. int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
  10699. /*!
  10700. \ingroup IO
  10701. \brief This function returns the jObjectRef member of the WOLFSSL structure.
  10702. \return value If the WOLFSSL struct is not NULL, the function returns the
  10703. jObjectRef value.
  10704. \return NULL returned if the WOLFSSL struct is NULL.
  10705. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10706. _Example_
  10707. \code
  10708. WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
  10709. WOLFSSL* ssl = wolfSSL(ctx);
  10710. ...
  10711. void* jobject = wolfSSL_get_jobject(ssl);
  10712. if(jobject != NULL){
  10713. // Success case
  10714. }
  10715. \endcode
  10716. \sa wolfSSL_set_jobject
  10717. */
  10718. void* wolfSSL_get_jobject(WOLFSSL* ssl);
  10719. /*!
  10720. \ingroup Setup
  10721. \brief This function sets a callback in the ssl. The callback is to
  10722. observe handshake messages. NULL value of cb resets the callback.
  10723. \return SSL_SUCCESS On success.
  10724. \return SSL_FAILURE If an NULL ssl passed in.
  10725. \param ssl WOLFSSL structure to set callback argument.
  10726. _Example_
  10727. \code
  10728. static cb(int write_p, int version, int content_type,
  10729. const void *buf, size_t len, WOLFSSL *ssl, void *arg)
  10730. WOLFSSL* ssl;
  10731. ret = wolfSSL_set_msg_callback(ssl, cb);
  10732. // check ret
  10733. \endcode
  10734. \sa wolfSSL_set_msg_callback_arg
  10735. */
  10736. int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
  10737. /*!
  10738. \ingroup Setup
  10739. \brief This function sets associated callback context value in the ssl.
  10740. The value is handed over to the callback argument.
  10741. \return none No return.
  10742. \param ssl WOLFSSL structure to set callback argument.
  10743. _Example_
  10744. \code
  10745. static cb(int write_p, int version, int content_type,
  10746. const void *buf, size_t len, WOLFSSL *ssl, void *arg)
  10747. WOLFSSL* ssl;
  10748. ret = wolfSSL_set_msg_callback(ssl, cb);
  10749. // check ret
  10750. wolfSSL_set_msg_callback(ssl, arg);
  10751. \endcode
  10752. \sa wolfSSL_set_msg_callback
  10753. */
  10754. int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
  10755. /*!
  10756. \ingroup CertsKeys
  10757. \brief This function returns the next, if any, altname from the peer certificate.
  10758. \return NULL if there is not a next altname.
  10759. \return cert->altNamesNext->name from the WOLFSSL_X509 structure that is a
  10760. string value from the altName list is returned if it exists.
  10761. \param cert a pointer to the wolfSSL_X509 structure.
  10762. _Example_
  10763. \code
  10764. WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  10765. DYNAMIC_TYPE_X509);
  10766. int x509NextAltName = wolfSSL_X509_get_next_altname(x509);
  10767. if(x509NextAltName == NULL){
  10768. //There isn’t another alt name
  10769. }
  10770. \endcode
  10771. \sa wolfSSL_X509_get_issuer_name
  10772. \sa wolfSSL_X509_get_subject_name
  10773. */
  10774. char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
  10775. /*!
  10776. \ingroup CertsKeys
  10777. \brief The function checks to see if x509 is NULL and if it’s not, it
  10778. returns the notBefore member of the x509 struct.
  10779. \return pointer to struct with ASN1_TIME to the notBefore
  10780. member of the x509 struct.
  10781. \return NULL the function returns NULL if the x509 structure is NULL.
  10782. \param x509 a pointer to the WOLFSSL_X509 struct.
  10783. _Example_
  10784. \code
  10785. WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALLOC(sizeof(WOLFSSL_X509), NULL,
  10786. DYNAMIC_TYPE_X509) ;
  10787. const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509);
  10788. if(notAfter == NULL){
  10789. //The x509 object was NULL
  10790. }
  10791. \endcode
  10792. \sa wolfSSL_X509_get_notAfter
  10793. */
  10794. WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509*);
  10795. /*!
  10796. \ingroup IO
  10797. \brief This function is called on the client side and initiates an SSL/TLS
  10798. handshake with a server. When this function is called, the underlying
  10799. communication channel has already been set up.
  10800. wolfSSL_connect() works with both blocking and non-blocking I/O. When the
  10801. underlying I/O is non-blocking, wolfSSL_connect() will return when the
  10802. underlying I/O could not satisfy the needs of wolfSSL_connect to continue
  10803. the handshake. In this case, a call to wolfSSL_get_error() will yield
  10804. either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process
  10805. must then repeat the call to wolfSSL_connect() when the underlying I/O is
  10806. ready and wolfSSL will pick up where it left off. When using a non-blocking
  10807. socket, nothing needs to be done, but select() can be used to check for the
  10808. required condition.
  10809. If the underlying I/O is blocking, wolfSSL_connect() will only return once
  10810. the handshake has been finished or an error occurred.
  10811. wolfSSL takes a different approach to certificate verification than OpenSSL
  10812. does. The default policy for the client is to verify the server, this
  10813. means that if you don't load CAs to verify the server you'll get a connect
  10814. error, unable to verify (-155). It you want to mimic OpenSSL behavior of
  10815. having SSL_connect succeed even if verifying the server fails and reducing
  10816. security you can do this by calling:
  10817. SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new();
  10818. Though it's not recommended.
  10819. \return SSL_SUCCESS If successful.
  10820. \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
  10821. more detailed error code, call wolfSSL_get_error().
  10822. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10823. _Example_
  10824. \code
  10825. int ret = 0;
  10826. int err = 0;
  10827. WOLFSSL* ssl;
  10828. char buffer[80];
  10829. ...
  10830. ret = wolfSSL_connect(ssl);
  10831. if (ret != SSL_SUCCESS) {
  10832. err = wolfSSL_get_error(ssl, ret);
  10833. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  10834. }
  10835. \endcode
  10836. \sa wolfSSL_get_error
  10837. \sa wolfSSL_accept
  10838. */
  10839. int wolfSSL_connect(WOLFSSL* ssl);
  10840. /*!
  10841. \ingroup Setup
  10842. \brief This function is called on the server side to indicate that a
  10843. HelloRetryRequest message must contain a Cookie and, in case of using
  10844. protocol DTLS v1.3, that the handshake will always include a cookie
  10845. exchange. Please note that when using protocol DTLS v1.3, the cookie
  10846. exchange is enabled by default. The Cookie holds a hash of the current
  10847. transcript so that another server process can handle the ClientHello in
  10848. reply. The secret is used when generating the integrity check on the Cookie
  10849. data.
  10850. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10851. \param [in] secret a pointer to a buffer holding the secret.
  10852. Passing NULL indicates to generate a new random secret.
  10853. \param [in] secretSz Size of the secret in bytes.
  10854. Passing 0 indicates to use the default size: WC_SHA256_DIGEST_SIZE (or WC_SHA_DIGEST_SIZE when SHA-256 not available).
  10855. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  10856. \return SIDE_ERROR if called with a client.
  10857. \return WOLFSSL_SUCCESS if successful.
  10858. \return MEMORY_ERROR if allocating dynamic memory for storing secret failed.
  10859. \return Another -ve value on internal error.
  10860. _Example_
  10861. \code
  10862. int ret;
  10863. WOLFSSL* ssl;
  10864. char secret[32];
  10865. ...
  10866. ret = wolfSSL__send_hrr_cookie(ssl, secret, sizeof(secret));
  10867. if (ret != WOLFSSL_SUCCESS) {
  10868. // failed to set use of Cookie and secret
  10869. }
  10870. \endcode
  10871. \sa wolfSSL_new
  10872. \sa wolfSSL_disable_hrr_cookie
  10873. */
  10874. int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
  10875. const unsigned char* secret, unsigned int secretSz);
  10876. /*!
  10877. \ingroup Setup
  10878. \brief This function is called on the server side to indicate that a
  10879. HelloRetryRequest message must NOT contain a Cookie and that, if using
  10880. protocol DTLS v1.3, a cookie exchange will not be included in the
  10881. handshake. Please note that not doing a cookie exchange when using protocol
  10882. DTLS v1.3 can make the server susceptible to DoS/Amplification attacks.
  10883. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10884. \return WOLFSSL_SUCCESS if successful
  10885. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3
  10886. \return SIDE_ERROR if invoked on client
  10887. \sa wolfSSL_send_hrr_cookie
  10888. */
  10889. int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl);
  10890. /*!
  10891. \ingroup Setup
  10892. \brief This function is called on the server to stop it from sending
  10893. a resumption session ticket once the handshake is complete.
  10894. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  10895. with wolfSSL_CTX_new().
  10896. \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
  10897. \return SIDE_ERROR if called with a client.
  10898. \return 0 if successful.
  10899. _Example_
  10900. \code
  10901. int ret;
  10902. WOLFSSL_CTX* ctx;
  10903. ...
  10904. ret = wolfSSL_CTX_no_ticket_TLSv13(ctx);
  10905. if (ret != 0) {
  10906. // failed to set no ticket
  10907. }
  10908. \endcode
  10909. \sa wolfSSL_no_ticket_TLSv13
  10910. */
  10911. int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
  10912. /*!
  10913. \ingroup Setup
  10914. \brief This function is called on the server to stop it from sending
  10915. a resumption session ticket once the handshake is complete.
  10916. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10917. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  10918. \return SIDE_ERROR if called with a client.
  10919. \return 0 if successful.
  10920. _Example_
  10921. \code
  10922. int ret;
  10923. WOLFSSL* ssl;
  10924. ...
  10925. ret = wolfSSL_no_ticket_TLSv13(ssl);
  10926. if (ret != 0) {
  10927. // failed to set no ticket
  10928. }
  10929. \endcode
  10930. \sa wolfSSL_CTX_no_ticket_TLSv13
  10931. */
  10932. int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
  10933. /*!
  10934. \ingroup Setup
  10935. \brief This function is called on a TLS v1.3 wolfSSL context to disallow
  10936. Diffie-Hellman (DH) style key exchanges when handshakes are using
  10937. pre-shared keys for authentication.
  10938. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  10939. with wolfSSL_CTX_new().
  10940. \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
  10941. \return 0 if successful.
  10942. _Example_
  10943. \code
  10944. int ret;
  10945. WOLFSSL_CTX* ctx;
  10946. ...
  10947. ret = wolfSSL_CTX_no_dhe_psk(ctx);
  10948. if (ret != 0) {
  10949. // failed to set no DHE for PSK handshakes
  10950. }
  10951. \endcode
  10952. \sa wolfSSL_no_dhe_psk
  10953. */
  10954. int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
  10955. /*!
  10956. \ingroup Setup
  10957. \brief This function is called on a TLS v1.3 client or server wolfSSL to
  10958. disallow Diffie-Hellman (DH) style key exchanges when handshakes are using
  10959. pre-shared keys for authentication.
  10960. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10961. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  10962. \return 0 if successful.
  10963. _Example_
  10964. \code
  10965. int ret;
  10966. WOLFSSL* ssl;
  10967. ...
  10968. ret = wolfSSL_no_dhe_psk(ssl);
  10969. if (ret != 0) {
  10970. // failed to set no DHE for PSK handshakes
  10971. }
  10972. \endcode
  10973. \sa wolfSSL_CTX_no_dhe_psk
  10974. */
  10975. int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
  10976. /*!
  10977. \ingroup IO
  10978. \brief This function is called on a TLS v1.3 client or server wolfSSL to
  10979. force the rollover of keys. A KeyUpdate message is sent to the peer and
  10980. new keys are calculated for encryption. The peer will send back a KeyUpdate
  10981. message and the new decryption keys will then be calculated.
  10982. This function can only be called after a handshake has been completed.
  10983. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  10984. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  10985. \return WANT_WRITE if the writing is not ready.
  10986. \return WOLFSSL_SUCCESS if successful.
  10987. _Example_
  10988. \code
  10989. int ret;
  10990. WOLFSSL* ssl;
  10991. ...
  10992. ret = wolfSSL_update_keys(ssl);
  10993. if (ret == WANT_WRITE) {
  10994. // need to call again when I/O ready
  10995. }
  10996. else if (ret != WOLFSSL_SUCCESS) {
  10997. // failed to send key update
  10998. }
  10999. \endcode
  11000. \sa wolfSSL_write
  11001. */
  11002. int wolfSSL_update_keys(WOLFSSL* ssl);
  11003. /*!
  11004. \ingroup IO
  11005. \brief This function is called on a TLS v1.3 client or server wolfSSL to
  11006. determine whether a rollover of keys is in progress. When
  11007. wolfSSL_update_keys() is called, a KeyUpdate message is sent and the
  11008. encryption key is updated. The decryption key is updated when the response
  11009. is received.
  11010. \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11011. \param [out] required 0 when no key update response required. 1 when no key update response required.
  11012. \return 0 on successful.
  11013. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  11014. _Example_
  11015. \code
  11016. int ret;
  11017. WOLFSSL* ssl;
  11018. int required;
  11019. ...
  11020. ret = wolfSSL_key_update_response(ssl, &required);
  11021. if (ret != 0) {
  11022. // bad parameters
  11023. }
  11024. if (required) {
  11025. // encrypt Key updated, awaiting response to change decrypt key
  11026. }
  11027. \endcode
  11028. \sa wolfSSL_update_keys
  11029. */
  11030. int wolfSSL_key_update_response(WOLFSSL* ssl, int* required);
  11031. /*!
  11032. \ingroup Setup
  11033. \brief This function is called on a TLS v1.3 client wolfSSL context to allow
  11034. a client certificate to be sent post handshake upon request from server.
  11035. This is useful when connecting to a web server that has some pages that
  11036. require client authentication and others that don't.
  11037. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11038. with wolfSSL_CTX_new().
  11039. \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
  11040. \return SIDE_ERROR if called with a server.
  11041. \return 0 if successful.
  11042. _Example_
  11043. \code
  11044. int ret;
  11045. WOLFSSL_CTX* ctx;
  11046. ...
  11047. ret = wolfSSL_allow_post_handshake_auth(ctx);
  11048. if (ret != 0) {
  11049. // failed to allow post handshake authentication
  11050. }
  11051. \endcode
  11052. \sa wolfSSL_allow_post_handshake_auth
  11053. \sa wolfSSL_request_certificate
  11054. */
  11055. int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
  11056. /*!
  11057. \ingroup Setup
  11058. \brief This function is called on a TLS v1.3 client wolfSSL to allow
  11059. a client certificate to be sent post handshake upon request from server.
  11060. A Post-Handshake Client Authentication extension is sent in the ClientHello.
  11061. This is useful when connecting to a web server that has some pages that
  11062. require client authentication and others that don't.
  11063. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11064. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  11065. \return SIDE_ERROR if called with a server.
  11066. \return 0 if successful.
  11067. _Example_
  11068. \code
  11069. int ret;
  11070. WOLFSSL* ssl;
  11071. ...
  11072. ret = wolfSSL_allow_post_handshake_auth(ssl);
  11073. if (ret != 0) {
  11074. // failed to allow post handshake authentication
  11075. }
  11076. \endcode
  11077. \sa wolfSSL_CTX_allow_post_handshake_auth
  11078. \sa wolfSSL_request_certificate
  11079. */
  11080. int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
  11081. /*!
  11082. \ingroup IO
  11083. \brief This function requests a client certificate from the TLS v1.3 client.
  11084. This is useful when a web server is serving some pages that require client
  11085. authentication and others that don't.
  11086. A maximum of 256 requests can be sent on a connection.
  11087. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11088. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  11089. \return WANT_WRITE if the writing is not ready.
  11090. \return SIDE_ERROR if called with a client.
  11091. \return NOT_READY_ERROR if called when the handshake is not finished.
  11092. \return POST_HAND_AUTH_ERROR if posthandshake authentication is disallowed.
  11093. \return MEMORY_E if dynamic memory allocation fails.
  11094. \return WOLFSSL_SUCCESS if successful.
  11095. _Example_
  11096. \code
  11097. int ret;
  11098. WOLFSSL* ssl;
  11099. ...
  11100. ret = wolfSSL_request_certificate(ssl);
  11101. if (ret == WANT_WRITE) {
  11102. // need to call again when I/O ready
  11103. }
  11104. else if (ret != WOLFSSL_SUCCESS) {
  11105. // failed to request a client certificate
  11106. }
  11107. \endcode
  11108. \sa wolfSSL_allow_post_handshake_auth
  11109. \sa wolfSSL_write
  11110. */
  11111. int wolfSSL_request_certificate(WOLFSSL* ssl);
  11112. /*!
  11113. \ingroup Setup
  11114. \brief This function sets the list of elliptic curve groups to allow on
  11115. a wolfSSL context in order of preference.
  11116. The list is a null-terminated text string, and a colon-delimited list.
  11117. Call this function to set the key exchange elliptic curve parameters to
  11118. use with the TLS v1.3 connections.
  11119. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11120. with wolfSSL_CTX_new().
  11121. \param [in] list a string that is a colon-delimited list of elliptic curve
  11122. groups.
  11123. \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
  11124. WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
  11125. using TLS v1.3.
  11126. \return WOLFSSL_SUCCESS if successful.
  11127. _Example_
  11128. \code
  11129. int ret;
  11130. WOLFSSL_CTX* ctx;
  11131. const char* list = "P-384:P-256";
  11132. ...
  11133. ret = wolfSSL_CTX_set1_groups_list(ctx, list);
  11134. if (ret != WOLFSSL_SUCCESS) {
  11135. // failed to set group list
  11136. }
  11137. \endcode
  11138. \sa wolfSSL_set1_groups_list
  11139. \sa wolfSSL_CTX_set_groups
  11140. \sa wolfSSL_set_groups
  11141. \sa wolfSSL_UseKeyShare
  11142. \sa wolfSSL_preferred_group
  11143. */
  11144. int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
  11145. /*!
  11146. \ingroup Setup
  11147. \brief This function sets the list of elliptic curve groups to allow on
  11148. a wolfSSL in order of preference.
  11149. The list is a null-terminated text string, and a colon-delimited list.
  11150. Call this function to set the key exchange elliptic curve parameters to
  11151. use with the TLS v1.3 connections.
  11152. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11153. \param [in] list a string that is a colon separated list of key exchange
  11154. groups.
  11155. \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
  11156. WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
  11157. using TLS v1.3.
  11158. \return WOLFSSL_SUCCESS if successful.
  11159. _Example_
  11160. \code
  11161. int ret;
  11162. WOLFSSL* ssl;
  11163. const char* list = "P-384:P-256";
  11164. ...
  11165. ret = wolfSSL_CTX_set1_groups_list(ssl, list);
  11166. if (ret != WOLFSSL_SUCCESS) {
  11167. // failed to set group list
  11168. }
  11169. \endcode
  11170. \sa wolfSSL_CTX_set1_groups_list
  11171. \sa wolfSSL_CTX_set_groups
  11172. \sa wolfSSL_set_groups
  11173. \sa wolfSSL_UseKeyShare
  11174. \sa wolfSSL_preferred_group
  11175. */
  11176. int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
  11177. /*!
  11178. \ingroup TLS
  11179. \brief This function returns the key exchange group the client prefers to
  11180. use in the TLS v1.3 handshake.
  11181. Call this function to after a handshake is complete to determine which
  11182. group the server prefers so that this information can be used in future
  11183. connections to pre-generate a key pair for key exchange.
  11184. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11185. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  11186. \return SIDE_ERROR if called with a server.
  11187. \return NOT_READY_ERROR if called before handshake is complete.
  11188. \return Group identifier if successful.
  11189. _Example_
  11190. \code
  11191. int ret;
  11192. int group;
  11193. WOLFSSL* ssl;
  11194. ...
  11195. ret = wolfSSL_CTX_set1_groups_list(ssl)
  11196. if (ret < 0) {
  11197. // failed to get group
  11198. }
  11199. group = ret;
  11200. \endcode
  11201. \sa wolfSSL_UseKeyShare
  11202. \sa wolfSSL_CTX_set_groups
  11203. \sa wolfSSL_set_groups
  11204. \sa wolfSSL_CTX_set1_groups_list
  11205. \sa wolfSSL_set1_groups_list
  11206. */
  11207. int wolfSSL_preferred_group(WOLFSSL* ssl);
  11208. /*!
  11209. \ingroup Setup
  11210. \brief This function sets the list of elliptic curve groups to allow on
  11211. a wolfSSL context in order of preference.
  11212. The list is an array of group identifiers with the number of identifiers
  11213. specified in count.
  11214. Call this function to set the key exchange elliptic curve parameters to
  11215. use with the TLS v1.3 connections.
  11216. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11217. with wolfSSL_CTX_new().
  11218. \param [in] groups a list of key exchange groups by identifier.
  11219. \param [in] count the number of key exchange groups in groups.
  11220. \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
  11221. exceeds WOLFSSL_MAX_GROUP_COUNT or not using TLS v1.3.
  11222. \return WOLFSSL_SUCCESS if successful.
  11223. _Example_
  11224. \code
  11225. int ret;
  11226. WOLFSSL_CTX* ctx;
  11227. int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
  11228. int count = 2;
  11229. ...
  11230. ret = wolfSSL_CTX_set1_groups_list(ctx, groups, count);
  11231. if (ret != WOLFSSL_SUCCESS) {
  11232. // failed to set group list
  11233. }
  11234. \endcode
  11235. \sa wolfSSL_set_groups
  11236. \sa wolfSSL_UseKeyShare
  11237. \sa wolfSSL_CTX_set_groups
  11238. \sa wolfSSL_set_groups
  11239. \sa wolfSSL_CTX_set1_groups_list
  11240. \sa wolfSSL_set1_groups_list
  11241. \sa wolfSSL_preferred_group
  11242. */
  11243. int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
  11244. int count);
  11245. /*!
  11246. \ingroup Setup
  11247. \brief This function sets the list of elliptic curve groups to allow on
  11248. a wolfSSL.
  11249. The list is an array of group identifiers with the number of identifiers
  11250. specified in count.
  11251. Call this function to set the key exchange elliptic curve parameters to
  11252. use with the TLS v1.3 connections.
  11253. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11254. \param [in] groups a list of key exchange groups by identifier.
  11255. \param [in] count the number of key exchange groups in groups.
  11256. \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
  11257. exceeds WOLFSSL_MAX_GROUP_COUNT, any of the identifiers are unrecognized or
  11258. not using TLS v1.3.
  11259. \return WOLFSSL_SUCCESS if successful.
  11260. _Example_
  11261. \code
  11262. int ret;
  11263. WOLFSSL* ssl;
  11264. int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
  11265. int count = 2;
  11266. ...
  11267. ret = wolfSSL_set_groups(ssl, groups, count);
  11268. if (ret != WOLFSSL_SUCCESS) {
  11269. // failed to set group list
  11270. }
  11271. \endcode
  11272. \sa wolfSSL_CTX_set_groups
  11273. \sa wolfSSL_UseKeyShare
  11274. \sa wolfSSL_CTX_set_groups
  11275. \sa wolfSSL_set_groups
  11276. \sa wolfSSL_CTX_set1_groups_list
  11277. \sa wolfSSL_set1_groups_list
  11278. \sa wolfSSL_preferred_group
  11279. */
  11280. int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
  11281. /*!
  11282. \ingroup IO
  11283. \brief This function is called on the client side and initiates a
  11284. TLS v1.3 handshake with a server. When this function is called, the
  11285. underlying communication channel has already been set up.
  11286. wolfSSL_connect() works with both blocking and non-blocking I/O.
  11287. When the underlying I/O is non-blocking, wolfSSL_connect() will return
  11288. when the underlying I/O could not satisfy the needs of wolfSSL_connect
  11289. to continue the handshake. In this case, a call to wolfSSL_get_error()
  11290. will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The
  11291. calling process must then repeat the call to wolfSSL_connect() when
  11292. the underlying I/O is ready and wolfSSL will pick up where it left off.
  11293. When using a non-blocking socket, nothing needs to be done, but select()
  11294. can be used to check for the required condition. If the underlying I/O is
  11295. blocking, wolfSSL_connect() will only return once the handshake has been
  11296. finished or an error occurred. wolfSSL takes a different approach to
  11297. certificate verification than OpenSSL does. The default policy for the
  11298. client is to verify the server, this means that if you don't load CAs to
  11299. verify the server you'll get a connect error, unable to verify (-155). It
  11300. you want to mimic OpenSSL behavior of having SSL_connect succeed even if
  11301. verifying the server fails and reducing security you can do this by
  11302. calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling
  11303. SSL_new(); Though it's not recommended.
  11304. \return SSL_SUCCESS upon success.
  11305. \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
  11306. more detailed error code, call wolfSSL_get_error().
  11307. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11308. _Example_
  11309. \code
  11310. int ret = 0;
  11311. int err = 0;
  11312. WOLFSSL* ssl;
  11313. char buffer[80];
  11314. ...
  11315. ret = wolfSSL_connect_TLSv13(ssl);
  11316. if (ret != SSL_SUCCESS) {
  11317. err = wolfSSL_get_error(ssl, ret);
  11318. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  11319. }
  11320. \endcode
  11321. \sa wolfSSL_get_error
  11322. \sa wolfSSL_connect
  11323. \sa wolfSSL_accept_TLSv13
  11324. \sa wolfSSL_accept
  11325. */
  11326. int wolfSSL_connect_TLSv13(WOLFSSL*);
  11327. /*!
  11328. \ingroup IO
  11329. \brief This function is called on the server side and waits for a SSL/TLS
  11330. client to initiate the SSL/TLS handshake. When this function is called,
  11331. the underlying communication channel has already been set up.
  11332. wolfSSL_accept() works with both blocking and non-blocking I/O.
  11333. When the underlying I/O is non-blocking, wolfSSL_accept() will return
  11334. when the underlying I/O could not satisfy the needs of wolfSSL_accept
  11335. to continue the handshake. In this case, a call to wolfSSL_get_error()
  11336. will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
  11337. The calling process must then repeat the call to wolfSSL_accept when
  11338. data is available to read and wolfSSL will pick up where it left off.
  11339. When using a non-blocking socket, nothing needs to be done, but select()
  11340. can be used to check for the required condition. If the underlying I/O
  11341. is blocking, wolfSSL_accept() will only return once the handshake has
  11342. been finished or an error occurred.
  11343. Call this function when expecting a TLS v1.3 connection though older
  11344. version ClientHello messages are supported.
  11345. \return SSL_SUCCESS upon success.
  11346. \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
  11347. more detailed error code, call wolfSSL_get_error().
  11348. \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11349. _Example_
  11350. \code
  11351. int ret = 0;
  11352. int err = 0;
  11353. WOLFSSL* ssl;
  11354. char buffer[80];
  11355. ...
  11356. ret = wolfSSL_accept_TLSv13(ssl);
  11357. if (ret != SSL_SUCCESS) {
  11358. err = wolfSSL_get_error(ssl, ret);
  11359. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  11360. }
  11361. \endcode
  11362. \sa wolfSSL_get_error
  11363. \sa wolfSSL_connect_TLSv13
  11364. \sa wolfSSL_connect
  11365. \sa wolfSSL_accept_TLSv13
  11366. \sa wolfSSL_accept
  11367. */
  11368. wolfSSL_accept_TLSv13(WOLFSSL* ssl);
  11369. /*!
  11370. \ingroup Setup
  11371. \brief This function sets the maximum amount of early data that a
  11372. TLS v1.3 client or server is willing to exchange using the wolfSSL context.
  11373. Call this function to limit the amount of early data to process to mitigate
  11374. replay attacks. Early data is protected by keys derived from those of the
  11375. connection that the session ticket was sent and therefore will be the same
  11376. every time a session ticket is used in resumption.
  11377. The value is included in the session ticket for resumption.
  11378. A server value of zero indicates no early data is to be sent by client using
  11379. session tickets. A client value of zero indicates that the client will
  11380. not send any early data.
  11381. It is recommended that the number of early data bytes be kept as low as
  11382. practically possible in the application.
  11383. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11384. with wolfSSL_CTX_new().
  11385. \param [in] sz the amount of early data to accept in bytes.
  11386. \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
  11387. \return 0 if successful.
  11388. _Example_
  11389. \code
  11390. int ret;
  11391. WOLFSSL_CTX* ctx;
  11392. ...
  11393. ret = wolfSSL_CTX_set_max_early_data(ctx, 128);
  11394. if (ret != WOLFSSL_SUCCESS) {
  11395. // failed to set group list
  11396. }
  11397. \endcode
  11398. \sa wolfSSL_set_max_early_data
  11399. \sa wolfSSL_write_early_data
  11400. \sa wolfSSL_read_early_data
  11401. */
  11402. int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
  11403. unsigned int sz);
  11404. /*!
  11405. \ingroup Setup
  11406. \brief This function sets the maximum amount of early data that a
  11407. TLS v1.3 client or server is willing to exchange.
  11408. Call this function to limit the amount of early data to process to mitigate
  11409. replay attacks. Early data is protected by keys derived from those of the
  11410. connection that the session ticket was sent and therefore will be the same
  11411. every time a session ticket is used in resumption.
  11412. The value is included in the session ticket for resumption.
  11413. A server value of zero indicates no early data is to be sent by client using
  11414. session tickets. A client value of zero indicates that the client will
  11415. not send any early data.
  11416. It is recommended that the number of early data bytes be kept as low as
  11417. practically possible in the application.
  11418. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11419. \param [in] sz the amount of early data to accept from client in bytes.
  11420. \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
  11421. \return 0 if successful.
  11422. _Example_
  11423. \code
  11424. int ret;
  11425. WOLFSSL* ssl;
  11426. ...
  11427. ret = wolfSSL_set_max_early_data(ssl, 128);
  11428. if (ret != WOLFSSL_SUCCESS) {
  11429. // failed to set group list
  11430. }
  11431. \endcode
  11432. \sa wolfSSL_CTX_set_max_early_data
  11433. \sa wolfSSL_write_early_data
  11434. \sa wolfSSL_read_early_data
  11435. */
  11436. int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
  11437. /*!
  11438. \ingroup IO
  11439. \brief This function writes early data to the server on resumption.
  11440. Call this function instead of wolfSSL_connect() or wolfSSL_connect_TLSv13()
  11441. to connect to the server and send the data in the handshake.
  11442. This function is only used with clients.
  11443. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11444. \param [in] data the buffer holding the early data to write to server.
  11445. \param [in] sz the amount of early data to write in bytes.
  11446. \param [out] outSz the amount of early data written in bytes.
  11447. \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
  11448. not using TLSv1.3.
  11449. \return SIDE_ERROR if called with a server.
  11450. \return WOLFSSL_FATAL_ERROR if the connection is not made.
  11451. \return WOLFSSL_SUCCESS if successful.
  11452. _Example_
  11453. \code
  11454. int ret = 0;
  11455. int err = 0;
  11456. WOLFSSL* ssl;
  11457. byte earlyData[] = { early data };
  11458. int outSz;
  11459. char buffer[80];
  11460. ...
  11461. ret = wolfSSL_write_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
  11462. if (ret != WOLFSSL_SUCCESS) {
  11463. err = wolfSSL_get_error(ssl, ret);
  11464. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  11465. goto err_label;
  11466. }
  11467. if (outSz < sizeof(earlyData)) {
  11468. // not all early data was sent
  11469. }
  11470. ret = wolfSSL_connect_TLSv13(ssl);
  11471. if (ret != SSL_SUCCESS) {
  11472. err = wolfSSL_get_error(ssl, ret);
  11473. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  11474. }
  11475. \endcode
  11476. \sa wolfSSL_read_early_data
  11477. \sa wolfSSL_connect
  11478. \sa wolfSSL_connect_TLSv13
  11479. */
  11480. int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
  11481. int sz, int* outSz);
  11482. /*!
  11483. \ingroup IO
  11484. \brief This function reads any early data from a client on resumption.
  11485. Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
  11486. to accept a client and read any early data in the handshake. The function
  11487. should be invoked until wolfSSL_is_init_finished() returns true. Early data
  11488. may be sent by the client in multiple messages. If there is no early data
  11489. then the handshake will be processed as normal. This function is only used
  11490. with servers.
  11491. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11492. \param [out] data a buffer to hold the early data read from client.
  11493. \param [in] sz size of the buffer in bytes.
  11494. \param [out] outSz number of bytes of early data read.
  11495. \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
  11496. not using TLSv1.3.
  11497. \return SIDE_ERROR if called with a client.
  11498. \return WOLFSSL_FATAL_ERROR if accepting a connection fails.
  11499. \return Number of early data bytes read (may be zero).
  11500. _Example_
  11501. \code
  11502. int ret = 0;
  11503. int err = 0;
  11504. WOLFSSL* ssl;
  11505. byte earlyData[128];
  11506. int outSz;
  11507. char buffer[80];
  11508. ...
  11509. do {
  11510. ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
  11511. if (ret < 0) {
  11512. err = wolfSSL_get_error(ssl, ret);
  11513. printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
  11514. }
  11515. if (outSz > 0) {
  11516. // early data available
  11517. }
  11518. } while (!wolfSSL_is_init_finished(ssl));
  11519. \endcode
  11520. \sa wolfSSL_write_early_data
  11521. \sa wolfSSL_accept
  11522. \sa wolfSSL_accept_TLSv13
  11523. */
  11524. int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
  11525. int* outSz);
  11526. /*!
  11527. \ingroup IO
  11528. \brief This function is called to inject data into the WOLFSSL object. This
  11529. is useful when data needs to be read from a single place and demultiplexed
  11530. into multiple connections. The caller should then call wolfSSL_read() to
  11531. extract the plaintext data from the WOLFSSL object.
  11532. \param [in] ssl a pointer to a WOLFSSL structure, created using
  11533. wolfSSL_new().
  11534. \param [in] data data to inject into the ssl object.
  11535. \param [in] sz number of bytes of data to inject.
  11536. \return BAD_FUNC_ARG if any pointer parameter is NULL or sz <= 0
  11537. \return APP_DATA_READY if there is application data left to read
  11538. \return MEMORY_E if allocation fails
  11539. \return WOLFSSL_SUCCESS on success
  11540. _Example_
  11541. \code
  11542. byte buf[2000]
  11543. sz = recv(fd, buf, sizeof(buf), 0);
  11544. if (sz <= 0)
  11545. // error
  11546. if (wolfSSL_inject(ssl, buf, sz) != WOLFSSL_SUCCESS)
  11547. // error
  11548. sz = wolfSSL_read(ssl, buf, sizeof(buf);
  11549. \endcode
  11550. \sa wolfSSL_read
  11551. */
  11552. int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
  11553. /*!
  11554. \ingroup Setup
  11555. \brief This function sets the Pre-Shared Key (PSK) client side callback
  11556. for TLS v1.3 connections.
  11557. The callback is used to find a PSK identity and return its key and
  11558. the name of the cipher to use for the handshake.
  11559. The function sets the client_psk_tls13_cb member of the
  11560. WOLFSSL_CTX structure.
  11561. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11562. with wolfSSL_CTX_new().
  11563. \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
  11564. _Example_
  11565. \code
  11566. WOLFSSL_CTX* ctx;
  11567. ...
  11568. wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
  11569. \endcode
  11570. \sa wolfSSL_set_psk_client_tls13_callback
  11571. \sa wolfSSL_CTX_set_psk_server_tls13_callback
  11572. \sa wolfSSL_set_psk_server_tls13_callback
  11573. */
  11574. void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx,
  11575. wc_psk_client_tls13_callback cb);
  11576. /*!
  11577. \ingroup Setup
  11578. \brief This function sets the Pre-Shared Key (PSK) client side callback
  11579. for TLS v1.3 connections.
  11580. The callback is used to find a PSK identity and return its key and
  11581. the name of the cipher to use for the handshake.
  11582. The function sets the client_psk_tls13_cb member of the options field in
  11583. WOLFSSL structure.
  11584. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11585. \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
  11586. _Example_
  11587. \code
  11588. WOLFSSL* ssl;
  11589. ...
  11590. wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
  11591. \endcode
  11592. \sa wolfSSL_CTX_set_psk_client_tls13_callback
  11593. \sa wolfSSL_CTX_set_psk_server_tls13_callback
  11594. \sa wolfSSL_set_psk_server_tls13_callback
  11595. */
  11596. void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
  11597. wc_psk_client_tls13_callback cb);
  11598. /*!
  11599. \ingroup Setup
  11600. \brief This function sets the Pre-Shared Key (PSK) server side callback
  11601. for TLS v1.3 connections.
  11602. The callback is used to find a PSK identity and return its key and
  11603. the name of the cipher to use for the handshake.
  11604. The function sets the server_psk_tls13_cb member of the
  11605. WOLFSSL_CTX structure.
  11606. \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
  11607. with wolfSSL_CTX_new().
  11608. \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
  11609. _Example_
  11610. \code
  11611. WOLFSSL_CTX* ctx;
  11612. ...
  11613. wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_client_tls13_cb);
  11614. \endcode
  11615. \sa wolfSSL_CTX_set_psk_client_tls13_callback
  11616. \sa wolfSSL_set_psk_client_tls13_callback
  11617. \sa wolfSSL_set_psk_server_tls13_callback
  11618. */
  11619. void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX* ctx,
  11620. wc_psk_server_tls13_callback cb);
  11621. /*!
  11622. \ingroup Setup
  11623. \brief This function sets the Pre-Shared Key (PSK) server side callback
  11624. for TLS v1.3 connections.
  11625. The callback is used to find a PSK identity and return its key and
  11626. the name of the cipher to use for the handshake.
  11627. The function sets the server_psk_tls13_cb member of the options field in
  11628. WOLFSSL structure.
  11629. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11630. \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
  11631. _Example_
  11632. \code
  11633. WOLFSSL* ssl;
  11634. ...
  11635. wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb);
  11636. \endcode
  11637. \sa wolfSSL_CTX_set_psk_client_tls13_callback
  11638. \sa wolfSSL_set_psk_client_tls13_callback
  11639. \sa wolfSSL_CTX_set_psk_server_tls13_callback
  11640. */
  11641. void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
  11642. wc_psk_server_tls13_callback cb);
  11643. /*!
  11644. \ingroup Setup
  11645. \brief This function creates a key share entry from the group including
  11646. generating a key pair.
  11647. The KeyShare extension contains all the generated public keys for key
  11648. exchange. If this function is called, then only the groups specified will
  11649. be included.
  11650. Call this function when a preferred group has been previously established
  11651. for the server.
  11652. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11653. \param [in] group a key exchange group identifier.
  11654. \return BAD_FUNC_ARG if ssl is NULL.
  11655. \return MEMORY_E when dynamic memory allocation fails.
  11656. \return WOLFSSL_SUCCESS if successful.
  11657. _Example_
  11658. \code
  11659. int ret;
  11660. WOLFSSL* ssl;
  11661. ...
  11662. ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
  11663. if (ret != WOLFSSL_SUCCESS) {
  11664. // failed to set key share
  11665. }
  11666. \endcode
  11667. \sa wolfSSL_preferred_group
  11668. \sa wolfSSL_CTX_set1_groups_list
  11669. \sa wolfSSL_set1_groups_list
  11670. \sa wolfSSL_CTX_set_groups
  11671. \sa wolfSSL_set_groups
  11672. \sa wolfSSL_NoKeyShares
  11673. */
  11674. int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
  11675. /*!
  11676. \ingroup Setup
  11677. \brief This function is called to ensure no key shares are sent in the
  11678. ClientHello. This will force the server to respond with a HelloRetryRequest
  11679. if a key exchange is required in the handshake.
  11680. Call this function when the expected key exchange group is not known and
  11681. to avoid the generation of keys unnecessarily.
  11682. Note that an extra round-trip will be required to complete the handshake
  11683. when a key exchange is required.
  11684. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
  11685. \return BAD_FUNC_ARG if ssl is NULL.
  11686. \return SIDE_ERROR if called with a server.
  11687. \return WOLFSSL_SUCCESS if successful.
  11688. _Example_
  11689. \code
  11690. int ret;
  11691. WOLFSSL* ssl;
  11692. ...
  11693. ret = wolfSSL_NoKeyShares(ssl);
  11694. if (ret != WOLFSSL_SUCCESS) {
  11695. // failed to set no key shares
  11696. }
  11697. \endcode
  11698. \sa wolfSSL_UseKeyShare
  11699. */
  11700. int wolfSSL_NoKeyShares(WOLFSSL* ssl);
  11701. /*!
  11702. \ingroup Setup
  11703. \brief This function is used to indicate
  11704. that the application is a server and will only support the TLS 1.3
  11705. protocol. This function allocates memory for and initializes a new
  11706. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  11707. with wolfSSL_CTX_new().
  11708. \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
  11709. \return If successful, the call will return a pointer to the newly
  11710. created WOLFSSL_METHOD structure.
  11711. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  11712. value of the underlying malloc() implementation will be returned
  11713. (typically NULL with errno will be set to ENOMEM).
  11714. _Example_
  11715. \code
  11716. #include <wolfssl/ssl.h>
  11717. WOLFSSL_METHOD* method;
  11718. WOLFSSL_CTX* ctx;
  11719. method = wolfTLSv1_3_server_method_ex(NULL);
  11720. if (method == NULL) {
  11721. // unable to get method
  11722. }
  11723. ctx = wolfSSL_CTX_new(method);
  11724. ...
  11725. \endcode
  11726. \sa wolfSSLv3_server_method
  11727. \sa wolfTLSv1_server_method
  11728. \sa wolfTLSv1_1_server_method
  11729. \sa wolfTLSv1_2_server_method
  11730. \sa wolfTLSv1_3_server_method
  11731. \sa wolfDTLSv1_server_method
  11732. \sa wolfSSLv23_server_method
  11733. \sa wolfSSL_CTX_new
  11734. */
  11735. WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
  11736. /*!
  11737. \ingroup Setup
  11738. \brief This function is used to indicate
  11739. that the application is a client and will only support the TLS 1.3
  11740. protocol. This function allocates memory for and initializes a new
  11741. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  11742. with wolfSSL_CTX_new().
  11743. \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
  11744. \return If successful, the call will return a pointer to the newly
  11745. created WOLFSSL_METHOD structure.
  11746. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  11747. value of the underlying malloc() implementation will be returned
  11748. (typically NULL with errno will be set to ENOMEM).
  11749. _Example_
  11750. \code
  11751. #include <wolfssl/ssl.h>
  11752. WOLFSSL_METHOD* method;
  11753. WOLFSSL_CTX* ctx;
  11754. method = wolfTLSv1_3_client_method_ex(NULL);
  11755. if (method == NULL) {
  11756. // unable to get method
  11757. }
  11758. ctx = wolfSSL_CTX_new(method);
  11759. ...
  11760. \endcode
  11761. \sa wolfSSLv3_client_method
  11762. \sa wolfTLSv1_client_method
  11763. \sa wolfTLSv1_1_client_method
  11764. \sa wolfTLSv1_2_client_method
  11765. \sa wolfTLSv1_3_client_method
  11766. \sa wolfDTLSv1_client_method
  11767. \sa wolfSSLv23_client_method
  11768. \sa wolfSSL_CTX_new
  11769. */
  11770. WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
  11771. /*!
  11772. \ingroup Setup
  11773. \brief This function is used to indicate
  11774. that the application is a server and will only support the TLS 1.3
  11775. protocol. This function allocates memory for and initializes a new
  11776. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  11777. with wolfSSL_CTX_new().
  11778. \return If successful, the call will return a pointer to the newly
  11779. created WOLFSSL_METHOD structure.
  11780. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  11781. value of the underlying malloc() implementation will be returned
  11782. (typically NULL with errno will be set to ENOMEM).
  11783. _Example_
  11784. \code
  11785. #include <wolfssl/ssl.h>
  11786. WOLFSSL_METHOD* method;
  11787. WOLFSSL_CTX* ctx;
  11788. method = wolfTLSv1_3_server_method();
  11789. if (method == NULL) {
  11790. // unable to get method
  11791. }
  11792. ctx = wolfSSL_CTX_new(method);
  11793. ...
  11794. \endcode
  11795. \sa wolfSSLv3_server_method
  11796. \sa wolfTLSv1_server_method
  11797. \sa wolfTLSv1_1_server_method
  11798. \sa wolfTLSv1_2_server_method
  11799. \sa wolfTLSv1_3_server_method_ex
  11800. \sa wolfDTLSv1_server_method
  11801. \sa wolfSSLv23_server_method
  11802. \sa wolfSSL_CTX_new
  11803. */
  11804. WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
  11805. /*!
  11806. \ingroup Setup
  11807. \brief This function is used to indicate
  11808. that the application is a client and will only support the TLS 1.3
  11809. protocol. This function allocates memory for and initializes a new
  11810. wolfSSL_METHOD structure to be used when creating the SSL/TLS context
  11811. with wolfSSL_CTX_new().
  11812. \return If successful, the call will return a pointer to the newly
  11813. created WOLFSSL_METHOD structure.
  11814. \return FAIL If memory allocation fails when calling XMALLOC, the failure
  11815. value of the underlying malloc() implementation will be returned
  11816. (typically NULL with errno will be set to ENOMEM).
  11817. _Example_
  11818. \code
  11819. #include <wolfssl/ssl.h>
  11820. WOLFSSL_METHOD* method;
  11821. WOLFSSL_CTX* ctx;
  11822. method = wolfTLSv1_3_client_method();
  11823. if (method == NULL) {
  11824. // unable to get method
  11825. }
  11826. ctx = wolfSSL_CTX_new(method);
  11827. ...
  11828. \endcode
  11829. \sa wolfSSLv3_client_method
  11830. \sa wolfTLSv1_client_method
  11831. \sa wolfTLSv1_1_client_method
  11832. \sa wolfTLSv1_2_client_method
  11833. \sa wolfTLSv1_3_client_method_ex
  11834. \sa wolfDTLSv1_client_method
  11835. \sa wolfSSLv23_client_method
  11836. \sa wolfSSL_CTX_new
  11837. */
  11838. WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
  11839. /*!
  11840. \ingroup Setup
  11841. \brief This function returns a WOLFSSL_METHOD similar to
  11842. wolfTLSv1_3_client_method except that it is not determined
  11843. which side yet (server/client).
  11844. \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
  11845. \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
  11846. pointer
  11847. \return NULL Null if memory allocation error or failure to create method
  11848. _Example_
  11849. \code
  11850. WOLFSSL* ctx;
  11851. ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
  11852. // check ret value
  11853. \endcode
  11854. \sa wolfSSL_new
  11855. \sa wolfSSL_free
  11856. */
  11857. WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
  11858. /*!
  11859. \ingroup Setup
  11860. \brief This function returns a WOLFSSL_METHOD similar to
  11861. wolfTLSv1_3_client_method except that it is not determined
  11862. which side yet (server/client).
  11863. \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
  11864. pointer
  11865. \return NULL Null if memory allocation error or failure to create method
  11866. _Example_
  11867. \code
  11868. WOLFSSL* ctx;
  11869. ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
  11870. // check ret value
  11871. \endcode
  11872. \sa wolfSSL_new
  11873. \sa wolfSSL_free
  11874. */
  11875. WOLFSSL_METHOD *wolfTLSv1_3_method(void);
  11876. /*!
  11877. \ingroup SSL
  11878. \brief This function sets a fixed / static ephemeral key for testing only
  11879. \return 0 Key loaded successfully
  11880. \param ctx A WOLFSSL_CTX context pointer
  11881. \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
  11882. \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
  11883. \param keySz key size (should be 0 for "key" arg is file path)
  11884. \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
  11885. \sa wolfSSL_CTX_get_ephemeral_key
  11886. */
  11887. int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const char* key, unsigned int keySz, int format);
  11888. /*!
  11889. \ingroup SSL
  11890. \brief This function sets a fixed / static ephemeral key for testing only
  11891. \return 0 Key loaded successfully
  11892. \param ssl A WOLFSSL object pointer
  11893. \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
  11894. \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
  11895. \param keySz key size (should be 0 for "key" arg is file path)
  11896. \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
  11897. \sa wolfSSL_get_ephemeral_key
  11898. */
  11899. int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format);
  11900. /*!
  11901. \ingroup SSL
  11902. \brief This function returns pointer to loaded key as ASN.1/DER
  11903. \return 0 Key returned successfully
  11904. \param ctx A WOLFSSL_CTX context pointer
  11905. \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
  11906. \param key key buffer pointer
  11907. \param keySz key size pointer
  11908. \sa wolfSSL_CTX_set_ephemeral_key
  11909. */
  11910. int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
  11911. const unsigned char** key, unsigned int* keySz);
  11912. /*!
  11913. \ingroup SSL
  11914. \brief This function returns pointer to loaded key as ASN.1/DER
  11915. \return 0 Key returned successfully
  11916. \param ssl A WOLFSSL object pointer
  11917. \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
  11918. \param key key buffer pointer
  11919. \param keySz key size pointer
  11920. \sa wolfSSL_set_ephemeral_key
  11921. */
  11922. int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
  11923. const unsigned char** key, unsigned int* keySz);
  11924. /*!
  11925. \ingroup SSL
  11926. \brief Sign a message with the chosen message digest, padding, and RSA key
  11927. \return WOLFSSL_SUCCESS on success and c on error
  11928. \param type Hash NID
  11929. \param m Message to sign. Most likely this will be the digest of
  11930. the message to sign
  11931. \param mLen Length of message to sign
  11932. \param sigRet Output buffer
  11933. \param sigLen On Input: length of sigRet buffer
  11934. On Output: length of data written to sigRet
  11935. \param rsa RSA key used to sign the input
  11936. \param flag 1: Output the signature
  11937. 0: Output the value that the unpadded signature should be
  11938. compared to. Note: for RSA_PKCS1_PSS_PADDING the
  11939. wc_RsaPSS_CheckPadding_ex function should be used to check
  11940. the output of a *Verify* function.
  11941. \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and
  11942. RSA_PKCS1_PADDING are currently supported for signing.
  11943. */
  11944. int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
  11945. unsigned int mLen, unsigned char* sigRet,
  11946. unsigned int* sigLen, WOLFSSL_RSA* rsa,
  11947. int flag, int padding);
  11948. /*!
  11949. \brief checks if DTLSv1.3 stack has some messages sent but not yet acknowledged
  11950. by the other peer
  11951. \return 1 if there are pending messages, 0 otherwise
  11952. \param ssl A WOLFSSL object pointer
  11953. */
  11954. int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
  11955. /*!
  11956. \ingroup SSL
  11957. \brief Get the maximum size of Early Data from a session.
  11958. \param [in] s the WOLFSSL_SESSION instance.
  11959. \return the value of max_early_data that was configured in the WOLFSSL* the session
  11960. was derived from.
  11961. \sa wolfSSL_set_max_early_data
  11962. \sa wolfSSL_write_early_data
  11963. \sa wolfSSL_read_early_data
  11964. */
  11965. unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s);
  11966. /*!
  11967. \ingroup SSL
  11968. \brief Get a new index for external data. This entry applies also for the
  11969. following API:
  11970. - wolfSSL_CTX_get_ex_new_index
  11971. - wolfSSL_get_ex_new_index
  11972. - wolfSSL_SESSION_get_ex_new_index
  11973. - wolfSSL_X509_get_ex_new_index
  11974. \param [in] All input parameters are ignored. The callback functions are not
  11975. supported with wolfSSL.
  11976. \return The new index value to be used with the external data API for this
  11977. object class.
  11978. */
  11979. int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*);
  11980. /*!
  11981. \ingroup Setup
  11982. \brief In case this function is called in a client side, set certificate types
  11983. that can be sent to its peer. In case called in a server side,
  11984. set certificate types that can be acceptable from its peer. Put cert types in the
  11985. buffer with prioritised order. To reset the settings to default, pass NULL
  11986. for the buffer or pass zero for len. By default, certificate type is only X509.
  11987. In case both side intend to send or accept "Raw public key" cert,
  11988. WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
  11989. \return WOLFSSL_SUCCESS if cert types set successfully
  11990. \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
  11991. cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
  11992. a duplicate value is found in buf.
  11993. \param ctx WOLFSSL_CTX object pointer
  11994. \param buf A buffer where certificate types are stored
  11995. \param len buf size in bytes (same as number of certificate types included)
  11996. _Example_
  11997. \code
  11998. int ret;
  11999. WOLFSSL_CTX* ctx;
  12000. char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
  12001. int len = sizeof(buf)/sizeof(char);
  12002. ...
  12003. ret = wolfSSL_CTX_set_client_cert_type(ctx, buf, len);
  12004. \endcode
  12005. \sa wolfSSL_set_client_cert_type
  12006. \sa wolfSSL_CTX_set_server_cert_type
  12007. \sa wolfSSL_set_server_cert_type
  12008. \sa wolfSSL_get_negotiated_client_cert_type
  12009. \sa wolfSSL_get_negotiated_server_cert_type
  12010. */
  12011. int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
  12012. /*!
  12013. \ingroup Setup
  12014. \brief In case this function is called in a server side, set certificate types
  12015. that can be sent to its peer. In case called in a client side,
  12016. set certificate types that can be acceptable from its peer. Put cert types in the
  12017. buffer with prioritised order. To reset the settings to default, pass NULL
  12018. for the buffer or pass zero for len. By default, certificate type is only X509.
  12019. In case both side intend to send or accept "Raw public key" cert,
  12020. WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
  12021. \return WOLFSSL_SUCCESS if cert types set successfully
  12022. \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
  12023. cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
  12024. a duplicate value is found in buf.
  12025. \param ctx WOLFSSL_CTX object pointer
  12026. \param buf A buffer where certificate types are stored
  12027. \param len buf size in bytes (same as number of certificate types included)
  12028. _Example_
  12029. \code
  12030. int ret;
  12031. WOLFSSL_CTX* ctx;
  12032. char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
  12033. int len = sizeof(buf)/sizeof(char);
  12034. ...
  12035. ret = wolfSSL_CTX_set_server_cert_type(ctx, buf, len);
  12036. \endcode
  12037. \sa wolfSSL_set_client_cert_type
  12038. \sa wolfSSL_CTX_set_client_cert_type
  12039. \sa wolfSSL_set_server_cert_type
  12040. \sa wolfSSL_get_negotiated_client_cert_type
  12041. \sa wolfSSL_get_negotiated_server_cert_type
  12042. */
  12043. int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
  12044. /*!
  12045. \ingroup Setup
  12046. \brief In case this function is called in a client side, set certificate types
  12047. that can be sent to its peer. In case called in a server side,
  12048. set certificate types that can be acceptable from its peer. Put cert types in the
  12049. buffer with prioritised order. To reset the settings to default, pass NULL
  12050. for the buffer or pass zero for len. By default, certificate type is only X509.
  12051. In case both side intend to send or accept "Raw public key" cert,
  12052. WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
  12053. \return WOLFSSL_SUCCESS if cert types set successfully
  12054. \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
  12055. cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
  12056. a duplicate value is found in buf.
  12057. \param ssl WOLFSSL object pointer
  12058. \param buf A buffer where certificate types are stored
  12059. \param len buf size in bytes (same as number of certificate types included)
  12060. _Example_
  12061. \code
  12062. int ret;
  12063. WOLFSSL* ssl;
  12064. char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
  12065. int len = sizeof(buf)/sizeof(char);
  12066. ...
  12067. ret = wolfSSL_set_client_cert_type(ssl, buf, len);
  12068. \endcode
  12069. \sa wolfSSL_CTX_set_client_cert_type
  12070. \sa wolfSSL_CTX_set_server_cert_type
  12071. \sa wolfSSL_set_server_cert_type
  12072. \sa wolfSSL_get_negotiated_client_cert_type
  12073. \sa wolfSSL_get_negotiated_server_cert_type
  12074. */
  12075. int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
  12076. /*!
  12077. \ingroup Setup
  12078. \brief In case this function is called in a server side, set certificate types
  12079. that can be sent to its peer. In case called in a client side,
  12080. set certificate types that can be acceptable from its peer. Put cert types in the
  12081. buffer with prioritised order. To reset the settings to default, pass NULL
  12082. for the buffer or pass zero for len. By default, certificate type is only X509.
  12083. In case both side intend to send or accept "Raw public key" cert,
  12084. WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
  12085. \return WOLFSSL_SUCCESS if cert types set successfully
  12086. \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
  12087. cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
  12088. a duplicate value is found in buf.
  12089. \param ctx WOLFSSL_CTX object pointer
  12090. \param buf A buffer where certificate types are stored
  12091. \param len buf size in bytes (same as number of certificate types included)
  12092. _Example_
  12093. \code
  12094. int ret;
  12095. WOLFSSL* ssl;
  12096. char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
  12097. int len = sizeof(buf)/sizeof(char);
  12098. ...
  12099. ret = wolfSSL_set_server_cert_type(ssl, buf, len);
  12100. \endcode
  12101. \sa wolfSSL_set_client_cert_type
  12102. \sa wolfSSL_CTX_set_server_cert_type
  12103. \sa wolfSSL_set_server_cert_type
  12104. \sa wolfSSL_get_negotiated_client_cert_type
  12105. \sa wolfSSL_get_negotiated_server_cert_type
  12106. */
  12107. int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
  12108. /*!
  12109. \ingroup SSL
  12110. \brief This function returns the result of the client certificate type
  12111. negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
  12112. a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
  12113. returned as the certificate type.
  12114. \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
  12115. \return BAD_FUNC_ARG if NULL was passed for ctx or tp
  12116. \param ssl WOLFSSL object pointer
  12117. \param tp A buffer where a certificate type is to be returned. One of three
  12118. certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
  12119. WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
  12120. _Example_
  12121. \code
  12122. int ret;
  12123. WOLFSSL* ssl;
  12124. int tp;
  12125. ...
  12126. ret = wolfSSL_get_negotiated_client_cert_type(ssl, &tp);
  12127. \endcode
  12128. \sa wolfSSL_set_client_cert_type
  12129. \sa wolfSSL_CTX_set_client_cert_type
  12130. \sa wolfSSL_set_server_cert_type
  12131. \sa wolfSSL_CTX_set_server_cert_type
  12132. \sa wolfSSL_get_negotiated_server_cert_type
  12133. */
  12134. int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
  12135. /*!
  12136. \ingroup SSL
  12137. \brief This function returns the result of the server certificate type
  12138. negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
  12139. a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
  12140. returned as the certificate type.
  12141. \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
  12142. \return BAD_FUNC_ARG if NULL was passed for ctx or tp
  12143. \param ssl WOLFSSL object pointer
  12144. \param tp A buffer where a certificate type is to be returned. One of three
  12145. certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
  12146. WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
  12147. _Example_
  12148. \code
  12149. int ret;
  12150. WOLFSSL* ssl;
  12151. int tp;
  12152.  ...
  12153. ret = wolfSSL_get_negotiated_server_cert_type(ssl, &tp);
  12154. \endcode
  12155. \sa wolfSSL_set_client_cert_type
  12156. \sa wolfSSL_CTX_set_client_cert_type
  12157. \sa wolfSSL_set_server_cert_type
  12158. \sa wolfSSL_CTX_set_server_cert_type
  12159. \sa wolfSSL_get_negotiated_client_cert_type
  12160. */
  12161. int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp);
  12162. /*!
  12163. \brief Enable use of ConnectionID extensions for the SSL object. See RFC 9146
  12164. and RFC 9147
  12165. \return WOLFSSL_SUCCESS on success, error code otherwise
  12166. \param ssl A WOLFSSL object pointer
  12167. \sa wolfSSL_dtls_cid_is_enabled
  12168. \sa wolfSSL_dtls_cid_set
  12169. \sa wolfSSL_dtls_cid_get_rx_size
  12170. \sa wolfSSL_dtls_cid_get_rx
  12171. \sa wolfSSL_dtls_cid_get_tx_size
  12172. \sa wolfSSL_dtls_cid_get_tx
  12173. */
  12174. int wolfSSL_dtls_cid_use(WOLFSSL* ssl);
  12175. /*!
  12176. \brief If invoked after the handshake is complete it checks if ConnectionID was
  12177. successfully negotiated for the SSL object. See RFC 9146 and RFC 9147
  12178. \return 1 if ConnectionID was correctly negotiated, 0 otherwise
  12179. \param ssl A WOLFSSL object pointer
  12180. \sa wolfSSL_dtls_cid_use
  12181. \sa wolfSSL_dtls_cid_set
  12182. \sa wolfSSL_dtls_cid_get_rx_size
  12183. \sa wolfSSL_dtls_cid_get_rx
  12184. \sa wolfSSL_dtls_cid_get_tx_size
  12185. \sa wolfSSL_dtls_cid_get_tx
  12186. */
  12187. int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
  12188. /*!
  12189. \brief Set the ConnectionID used by the other peer to send records in this
  12190. connection. See RFC 9146 and RFC 9147. The ConnectionID must be at maximum
  12191. DTLS_CID_MAX_SIZE, that is an tunable compile time define, and it can't
  12192. never be bigger than 255 bytes.
  12193. \return WOLFSSL_SUCCESS if ConnectionID was correctly set, error code otherwise
  12194. \param ssl A WOLFSSL object pointern
  12195. \param cid the ConnectionID to be used
  12196. \param size of the ConnectionID provided
  12197. \sa wolfSSL_dtls_cid_use
  12198. \sa wolfSSL_dtls_cid_is_enabled
  12199. \sa wolfSSL_dtls_cid_get_rx_size
  12200. \sa wolfSSL_dtls_cid_get_rx
  12201. \sa wolfSSL_dtls_cid_get_tx_size
  12202. \sa wolfSSL_dtls_cid_get_tx
  12203. */
  12204. int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid,
  12205. unsigned int size);
  12206. /*!
  12207. \brief Get the size of the ConnectionID used by the other peer to send records
  12208. in this connection. See RFC 9146 and RFC 9147. The size is stored in the
  12209. parameter size.
  12210. \return WOLFSSL_SUCCESS if ConnectionID was correctly negotiated, error code
  12211. otherwise
  12212. \param ssl A WOLFSSL object pointern
  12213. \param size a pointer to an unsigned int where the size will be stored
  12214. \sa wolfSSL_dtls_cid_use
  12215. \sa wolfSSL_dtls_cid_is_enabled
  12216. \sa wolfSSL_dtls_cid_set
  12217. \sa wolfSSL_dtls_cid_get_rx
  12218. \sa wolfSSL_dtls_cid_get_tx_size
  12219. \sa wolfSSL_dtls_cid_get_tx
  12220. */
  12221. int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl,
  12222. unsigned int* size);
  12223. /*!
  12224. \brief Copy the ConnectionID used by the other peer to send records in this
  12225. connection into the buffer pointed by the parameter buffer. See RFC 9146 and RFC
  12226. 9147. The available space in the buffer need to be provided in bufferSz.
  12227. \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
  12228. otherwise
  12229. \param ssl A WOLFSSL object pointern
  12230. \param buffer A buffer where the ConnectionID will be copied
  12231. \param bufferSz available space in buffer
  12232. \sa wolfSSL_dtls_cid_get0_rx
  12233. \sa wolfSSL_dtls_cid_use
  12234. \sa wolfSSL_dtls_cid_is_enabled
  12235. \sa wolfSSL_dtls_cid_set
  12236. \sa wolfSSL_dtls_cid_get_rx_size
  12237. \sa wolfSSL_dtls_cid_get_tx_size
  12238. \sa wolfSSL_dtls_cid_get_tx
  12239. */
  12240. int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
  12241. unsigned int bufferSz);
  12242. /*!
  12243. \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
  12244. 9147.
  12245. \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
  12246. \param ssl A WOLFSSL object pointern
  12247. \param cid Pointer that will be set to the internal memory that holds the CID
  12248. \sa wolfSSL_dtls_cid_get_rx
  12249. \sa wolfSSL_dtls_cid_use
  12250. \sa wolfSSL_dtls_cid_is_enabled
  12251. \sa wolfSSL_dtls_cid_set
  12252. \sa wolfSSL_dtls_cid_get_rx_size
  12253. \sa wolfSSL_dtls_cid_get_tx_size
  12254. \sa wolfSSL_dtls_cid_get_tx
  12255. */
  12256. int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
  12257. /*!
  12258. \brief Get the size of the ConnectionID used to send records in this
  12259. connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
  12260. \return WOLFSSL_SUCCESS if ConnectionID size was correctly stored, error
  12261. code otherwise
  12262. \param ssl A WOLFSSL object pointern
  12263. \param size a pointer to an unsigned int where the size will be stored
  12264. \sa wolfSSL_dtls_cid_use
  12265. \sa wolfSSL_dtls_cid_is_enabled
  12266. \sa wolfSSL_dtls_cid_set
  12267. \sa wolfSSL_dtls_cid_get_rx_size
  12268. \sa wolfSSL_dtls_cid_get_rx
  12269. \sa wolfSSL_dtls_cid_get_tx
  12270. */
  12271. int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size);
  12272. /*!
  12273. \brief Copy the ConnectionID used when sending records in this connection into
  12274. the buffer pointer by the parameter buffer. See RFC 9146 and RFC 9147. The
  12275. available size need to be provided in bufferSz.
  12276. \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
  12277. otherwise
  12278. \param ssl A WOLFSSL object pointern
  12279. \param buffer A buffer where the ConnectionID will be copied
  12280. \param bufferSz available space in buffer
  12281. \sa wolfSSL_dtls_cid_get0_tx
  12282. \sa wolfSSL_dtls_cid_use
  12283. \sa wolfSSL_dtls_cid_is_enabled
  12284. \sa wolfSSL_dtls_cid_set
  12285. \sa wolfSSL_dtls_cid_get_rx_size
  12286. \sa wolfSSL_dtls_cid_get_rx
  12287. \sa wolfSSL_dtls_cid_get_tx_size
  12288. */
  12289. int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
  12290. unsigned int bufferSz);
  12291. /*!
  12292. \brief Get the ConnectionID used when sending records in this connection. See
  12293. RFC 9146 and RFC 9147.
  12294. \return WOLFSSL_SUCCESS if ConnectionID was correctly retrieved, error code
  12295. otherwise
  12296. \param ssl A WOLFSSL object pointern
  12297. \param cid Pointer that will be set to the internal memory that holds the CID
  12298. \sa wolfSSL_dtls_cid_get_tx
  12299. \sa wolfSSL_dtls_cid_use
  12300. \sa wolfSSL_dtls_cid_is_enabled
  12301. \sa wolfSSL_dtls_cid_set
  12302. \sa wolfSSL_dtls_cid_get_rx_size
  12303. \sa wolfSSL_dtls_cid_get_rx
  12304. \sa wolfSSL_dtls_cid_get_tx_size
  12305. */
  12306. int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
  12307. /*!
  12308. \brief Extract the ConnectionID from a record datagram/message. See
  12309. RFC 9146 and RFC 9147.
  12310. \param msg buffer holding the datagram read from the network
  12311. \param msgSz size of msg in bytes
  12312. \param cid pointer to the start of the CID inside the msg buffer
  12313. \param cidSz the expected size of the CID. The record layer does not have a CID
  12314. size field so we have to know beforehand the size of the CID. It is recommended
  12315. to use a constant CID for all connections.
  12316. \sa wolfSSL_dtls_cid_get_tx
  12317. \sa wolfSSL_dtls_cid_use
  12318. \sa wolfSSL_dtls_cid_is_enabled
  12319. \sa wolfSSL_dtls_cid_set
  12320. \sa wolfSSL_dtls_cid_get_rx_size
  12321. \sa wolfSSL_dtls_cid_get_rx
  12322. \sa wolfSSL_dtls_cid_get_tx_size
  12323. */
  12324. void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz,
  12325. const unsigned char** cid, unsigned int cidSz);
  12326. /*!
  12327. \ingroup TLS
  12328. \brief This function returns the raw list of ciphersuites and signature
  12329. algorithms offered by the client. The lists are only stored and returned
  12330. inside a callback setup with wolfSSL_CTX_set_cert_cb(). This is useful to
  12331. be able to dynamically load certificates and keys based on the available
  12332. ciphersuites and signature algorithms.
  12333. \param [in] ssl The WOLFSSL object to extract the lists from.
  12334. \param [out] optional suites Raw and unfiltered list of client ciphersuites
  12335. \param [out] optional suiteSz Size of suites in bytes
  12336. \param [out] optional hashSigAlgo Raw and unfiltered list of client
  12337. signature algorithms
  12338. \param [out] optional hashSigAlgoSz Size of hashSigAlgo in bytes
  12339. \return WOLFSSL_SUCCESS when suites available
  12340. \return WOLFSSL_FAILURE when suites not available
  12341. _Example_
  12342. \code
  12343. int certCB(WOLFSSL* ssl, void* arg)
  12344. {
  12345. const byte* suites = NULL;
  12346. word16 suiteSz = 0;
  12347. const byte* hashSigAlgo = NULL;
  12348. word16 hashSigAlgoSz = 0;
  12349. wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo,
  12350. &hashSigAlgoSz);
  12351. // Choose certificate to load based on ciphersuites and sigalgs
  12352. }
  12353. WOLFSSL* ctx;
  12354. ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
  12355. wolfSSL_CTX_set_cert_cb(ctx, certCB, NULL);
  12356. \endcode
  12357. \sa wolfSSL_get_ciphersuite_info
  12358. \sa wolfSSL_get_sigalg_info
  12359. */
  12360. int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
  12361. const byte** suites, word16* suiteSz,
  12362. const byte** hashSigAlgo, word16* hashSigAlgoSz);
  12363. /*!
  12364. \ingroup TLS
  12365. \brief This returns information about the ciphersuite directly from the
  12366. raw ciphersuite bytes.
  12367. \param [in] first First byte of the ciphersuite
  12368. \param [in] second Second byte of the ciphersuite
  12369. \return WOLFSSL_CIPHERSUITE_INFO A struct containing information about the
  12370. type of authentication used in the ciphersuite.
  12371. _Example_
  12372. \code
  12373. WOLFSSL_CIPHERSUITE_INFO info =
  12374. wolfSSL_get_ciphersuite_info(suites[0], suites[1]);
  12375. if (info.rsaAuth)
  12376. haveRSA = 1;
  12377. else if (info.eccAuth)
  12378. haveECC = 1;
  12379. \endcode
  12380. \sa wolfSSL_get_client_suites_sigalgs
  12381. \sa wolfSSL_get_sigalg_info
  12382. */
  12383. WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
  12384. byte second);
  12385. /*!
  12386. \ingroup TLS
  12387. \brief This returns information about the hash and signature algorithm
  12388. directly from the raw ciphersuite bytes.
  12389. \param [in] first First byte of the hash and signature algorithm
  12390. \param [in] second Second byte of the hash and signature algorithm
  12391. \param [out] hashAlgo The enum wc_HashType of the MAC algorithm
  12392. \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
  12393. \return 0 when info was correctly set
  12394. \return BAD_FUNC_ARG when either input parameters are NULL or the bytes
  12395. are not a recognized sigalg suite
  12396. _Example_
  12397. \code
  12398. enum wc_HashType hashAlgo;
  12399. enum Key_Sum sigAlgo;
  12400. wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
  12401. &hashAlgo, &sigAlgo);
  12402. if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
  12403. haveRSA = 1;
  12404. else if (sigAlgo == ECDSAk)
  12405. haveECC = 1;
  12406. \endcode
  12407. \sa wolfSSL_get_client_suites_sigalgs
  12408. \sa wolfSSL_get_ciphersuite_info
  12409. */
  12410. int wolfSSL_get_sigalg_info(byte first, byte second,
  12411. int* hashAlgo, int* sigAlgo);