123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363 |
- /*!
- \brief This function initializes the DTLS v1.2 client method.
- \return pointer This function returns a pointer to a new
- WOLFSSL_METHOD structure.
- \param none No parameters.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
- …
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- \endcode
- \sa wolfSSL_Init
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfSSLv23_client_method except that it is not determined
- which side yet (server/client).
- \return WOLFSSL_METHOD* On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- \param none No parameters.
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfSSLv23_method());
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfSSLv23_method(void);
- /*!
- \ingroup Setup
- \brief The wolfSSLv3_server_method() function is used to indicate
- that the application is a server and will only support the SSL 3.0
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv3_server_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv3_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfSSLv3_client_method() function is used to indicate
- that the application is a client and will only support the SSL 3.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be
- returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv3_client_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv3_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_server_method() function is used to indicate that the
- application is a server and will only support the TLS 1.0 protocol. This
- function allocates memory for and initializes a new wolfSSL_METHOD
- structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_server_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.0
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC,
- the failure value of the underlying malloc() implementation
- will be returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_client_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_1_server_method() function is used to indicate
- that the application is a server and will only support the TLS 1.1
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_1_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_1_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the
- newly created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_1_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_2_server_method() function is used to indicate
- that the application is a server and will only support the TLS 1.2
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_2_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_2_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.2
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_2_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_client_method() function is used to indicate that
- the application is a client and will only support the DTLS 1.0 protocol.
- This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls,
- or by defining wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_server_method() function is used to indicate
- that the application is a server and will only support the DTLS 1.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new(). This function is only available
- when wolfSSL has been compiled with DTLS support (--enable-dtls,
- or by defining wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_3_server_method() function is used to indicate that
- the application is a server and will only support the DTLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new(). This function is only available when wolfSSL has been
- compiled with DTLSv1.3 support (--enable-dtls13, or by defining
- wolfSSL_DTLS13).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_3_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLSv1_3_client_method
- */
- WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_3_client_method() function is used to indicate that
- the application is a client and will only support the DTLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new(). This function is only available when wolfSSL has been
- compiled with DTLSv1.3 support (--enable-dtls13, or by defining
- wolfSSL_DTLS13).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLSv1_3_server_method
- */
- WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLS_server_method() function is used to indicate that the
- application is a server and will support the highest version of DTLS
- available and all the version up to the minimum version allowed. The
- default minimum version allowed is based on the define
- WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
- wolfSSL_SetMinVersion(). This function allocates memory for and initializes
- a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls, or by defining
- wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLS_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLS_client_method
- \sa wolfSSL_SetMinVersion
- */
- WOLFSSL_METHOD *wolfDTLS_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLS_client_method() function is used to indicate that the
- application is a client and will support the highest version of DTLS
- available and all the version up to the minimum version allowed. The
- default minimum version allowed is based on the define
- WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
- wolfSSL_SetMinVersion(). This function allocates memory for and initializes
- a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls, or by defining
- wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLS_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLS_server_method
- \sa wolfSSL_SetMinVersion
- */
- WOLFSSL_METHOD *wolfDTLS_client_method(void);
- /*!
- \brief This function creates and initializes a WOLFSSL_METHOD for the
- server side.
- \return This function returns a WOLFSSL_METHOD pointer.
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- …
- \endcode
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
- /*!
- \ingroup Setup
- \brief Since there is some differences between the first release and
- newer versions of chacha-poly AEAD construction we have added an option
- to communicate with servers/clients using the older version. By default
- wolfSSL uses the new version.
- \return 0 upon success
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param value whether or not to use the older version of setting up the
- information for poly1305. Passing a flag value of 1 indicates yes use the
- old poly AEAD, to switch back to using the new version pass a flag value
- of 0.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_old_poly(ssl, 1);
- if (ret != 0) {
- // failed to set poly1305 AEAD version
- }
- \endcode
- \sa none
- */
- int wolfSSL_use_old_poly(WOLFSSL* ssl, int value);
- /*!
- \brief The wolfSSL_dtls_import() function is used to parse in a serialized
- session state. This allows for picking up the connection after the
- handshake has been completed.
- \return Success If successful, the amount of the buffer read will be
- returned.
- \return Failure All unsuccessful return values will be less than 0.
- \return VERSION_ERROR If a version mismatch is found ie DTLS v1 and ctx
- was set up for DTLS v1.2 then VERSION_ERROR is returned.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf serialized session to import.
- \param sz size of serialized session buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- unsigned char buf[MAX];
- bufSz = MAX;
- ...
- //get information sent from wc_dtls_export function and place it in buf
- fread(buf, 1, bufSz, input);
- ret = wolfSSL_dtls_import(ssl, buf, bufSz);
- if (ret < 0) {
- // handle error case
- }
- // no wolfSSL_accept needed since handshake was already done
- ...
- ret = wolfSSL_write(ssl) and wolfSSL_read(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- */
- int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
- unsigned int sz);
- /*!
- \brief Used to import a serialized TLS session. This function is for
- importing the state of the connection.
- WARNING: buf contains sensitive information about the state and is best to
- be encrypted before storing if stored.
- Additional debug info can be displayed with the macro
- WOLFSSL_SESSION_EXPORT_DEBUG defined.
- \return the number of bytes read from buffer 'buf'
- \param ssl WOLFSSL structure to import the session into
- \param buf serialized session
- \param sz size of buffer 'buf'
- \sa wolfSSL_dtls_import
- \sa wolfSSL_tls_export
- */
- int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf,
- unsigned int sz);
- /*!
- \brief The wolfSSL_CTX_dtls_set_export() function is used to set
- the callback function for exporting a session. It is allowed to
- pass in NULL as the parameter func to clear the export function
- previously stored. Used on the server side and is called immediately
- after handshake is completed.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG If null or not expected arguments are passed in
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param func wc_dtls_export function to use when exporting a session.
- _Example_
- \code
- int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
- // body of send session (wc_dtls_export) that passes
- // buf (serialized session) to destination
- WOLFSSL_CTX* ctx;
- int ret;
- ...
- ret = wolfSSL_CTX_dtls_set_export(ctx, send_session);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- ret = wolfSSL_accept(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_dtls_set_export
- \sa Static buffer use
- */
- int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
- wc_dtls_export func);
- /*!
- \brief The wolfSSL_dtls_set_export() function is used to set the callback
- function for exporting a session. It is allowed to pass in NULL as the
- parameter func to clear the export function previously stored. Used on
- the server side and is called immediately after handshake is completed.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG If null or not expected arguments are passed in
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param func wc_dtls_export function to use when exporting a session.
- _Example_
- \code
- int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
- // body of send session (wc_dtls_export) that passes
- // buf (serialized session) to destination
- WOLFSSL* ssl;
- int ret;
- ...
- ret = wolfSSL_dtls_set_export(ssl, send_session);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- ret = wolfSSL_accept(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- */
- int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
- /*!
- \brief The wolfSSL_dtls_export() function is used to serialize a
- WOLFSSL session into the provided buffer. Allows for less memory
- overhead than using a function callback for sending a session and
- choice over when the session is serialized. If buffer is NULL when
- passed to function then sz will be set to the size of buffer needed
- for serializing the WOLFSSL session.
- \return Success If successful, the amount of the buffer used will
- be returned.
- \return Failure All unsuccessful return values will be less than 0.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf buffer to hold serialized session.
- \param sz size of buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- unsigned char buf[MAX];
- bufSz = MAX;
- ...
- ret = wolfSSL_dtls_export(ssl, buf, bufSz);
- if (ret < 0) {
- // handle error case
- }
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- \sa wolfSSL_dtls_import
- */
- int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
- unsigned int* sz);
- /*!
- \brief Used to export a serialized TLS session. This function is for
- exporting a serialized state of the connection.
- In most cases wolfSSL_get1_session should be used instead of
- wolfSSL_tls_export.
- Additional debug info can be displayed with the macro
- WOLFSSL_SESSION_EXPORT_DEBUG defined.
- WARNING: buf contains sensitive information about the state and is best to
- be encrypted before storing if stored.
- \return the number of bytes written into buffer 'buf'
- \param ssl WOLFSSL structure to export the session from
- \param buf output of serialized session
- \param sz size in bytes set in 'buf'
- \sa wolfSSL_dtls_import
- \sa wolfSSL_tls_import
- */
- int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf,
- unsigned int* sz);
- /*!
- \brief This function is used to set aside static memory for a CTX. Memory
- set aside is then used for the CTX’s lifetime and for any SSL objects
- created from the CTX. By passing in a NULL ctx pointer and a
- wolfSSL_method_func function the creation of the CTX itself will also
- use static memory. wolfSSL_method_func has the function signature of
- WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);. Passing in 0 for max
- makes it behave as if not set and no max concurrent use restrictions is
- in place. The flag value passed in determines how the memory is used and
- behavior while operating. Available flags are the following: 0 - default
- general memory, WOLFMEM_IO_POOL - used for input/output buffer when
- sending receiving messages and overrides general memory, so all memory
- in buffer passed in is used for IO, WOLFMEM_IO_FIXED - same as
- WOLFMEM_IO_POOL but each SSL now keeps two buffers to themselves for
- their lifetime, WOLFMEM_TRACK_STATS - each SSL keeps track of memory
- stats while running.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE upon failure.
- \param ctx address of pointer to a WOLFSSL_CTX structure.
- \param method function to create protocol. (should be NULL if ctx is not
- also NULL)
- \param buf memory to use for all operations.
- \param sz size of memory buffer being passed in.
- \param flag type of memory.
- \param max max concurrent operations.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- int ret;
- unsigned char memory[MAX];
- int memorySz = MAX;
- unsigned char IO[MAX];
- int IOSz = MAX;
- int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS;
- ...
- // create ctx also using static memory, start with general memory to use
- ctx = NULL:
- ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex,
- memory, memorySz, 0, MAX_CONCURRENT_HANDSHAKES);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- // load in memory for use with IO
- ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag,
- MAX_CONCURRENT_IO);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_is_static_memory
- \sa wolfSSL_is_static_memory
- */
- int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
- wolfSSL_method_func method,
- unsigned char* buf, unsigned int sz,
- int flag, int max);
- /*!
- \brief This function does not change any of the connections behavior
- and is used only for gathering information about the static memory usage.
- \return 1 is returned if using static memory for the CTX is true.
- \return 0 is returned if not using static memory.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param mem_stats structure to hold information about static memory usage.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int ret;
- WOLFSSL_MEM_STATS mem_stats;
- ...
- //get information about static memory with CTX
- ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats);
- if (ret == 1) {
- // handle case of is using static memory
- // print out or inspect elements of mem_stats
- }
- if (ret == 0) {
- //handle case of ctx not using static memory
- }
- …
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_load_static_memory
- \sa wolfSSL_is_static_memory
- */
- int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
- WOLFSSL_MEM_STATS* mem_stats);
- /*!
- \brief wolfSSL_is_static_memory is used to gather information about
- a SSL’s static memory usage. The return value indicates if static
- memory is being used and WOLFSSL_MEM_CONN_STATS will be filled out
- if and only if the flag WOLFMEM_TRACK_STATS was passed to the parent
- CTX when loading in static memory.
- \return 1 is returned if using static memory for the CTX is true.
- \return 0 is returned if not using static memory.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param mem_stats structure to contain static memory usage.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- WOLFSSL_MEM_CONN_STATS mem_stats;
- ...
- ret = wolfSSL_is_static_memory(ssl, mem_stats);
- if (ret == 1) {
- // handle case when is static memory
- // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag
- }
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_is_static_memory
- */
- int wolfSSL_is_static_memory(WOLFSSL* ssl,
- WOLFSSL_MEM_CONN_STATS* mem_stats);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate file into the SSL context
- (WOLFSSL_CTX). The file is provided by the file argument. The
- format argument specifies the format type of the file, either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples
- for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include the file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs, Base16 decoding
- fails on the file.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the certificate
- to be loaded into the wolfSSL SSL context.
- \param format - format of the certificates pointed to by file. Possible
- options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_certificate_file(ctx, “./client-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key file into the SSL context
- (WOLFSSL_CTX). The file is provided by the file argument. The format
- argument specifies the format type of the file - SSL_FILETYPE_ASN1or
- SSL_FILETYPE_PEM. Please see the examples for proper usage.
- If using an external key store and do not have the private key you can
- instead provide the public key and register the crypro callback to handle
- the signing. For this you can build with either build with crypto callbacks
- or PK callbacks. To enable crypto callbacks use --enable-cryptocb
- or WOLF_CRYPTO_CB and register a crypto callback using
- wc_CryptoCb_RegisterDevice and set the associated devId using
- wolfSSL_CTX_SetDevId.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE The file is in the wrong format, or the wrong format
- has been given using the “format” argument. The file doesn’t exist, can’t
- be read, or is corrupted. An out of memory condition occurs. Base16
- decoding fails on the file. The key file is encrypted but no password
- is provided.
- \param none No parameters.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wc_CryptoCb_RegisterDevice
- \sa wolfSSL_CTX_SetDevId
- */
- int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads PEM-formatted CA certificate files into the SSL
- context (WOLFSSL_CTX). These certificates will be treated as trusted root
- certificates and used to verify certs received from peers during the SSL
- handshake. The root certificate file, provided by the file argument, may
- be a single certificate or a file containing multiple certificates.
- If multiple CA certs are included in the same file, wolfSSL will load them
- in the same order they are presented in the file. The path argument is
- a pointer to the name of a directory that contains certificates of
- trusted root CAs. If the value of file is not NULL, path may be specified
- as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
- defined when building the library, wolfSSL will load all CA certificates
- located in the given directory. This function will attempt to load all
- files in the directory. This function expects PEM formatted CERT_TYPE
- file with header “-----BEGIN CERTIFICATE-----”.
- \return SSL_SUCCESS up success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- path are NULL.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before the
- before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after the
- after date.
- \return BUFFER_E will be returned if a chain buffer is bigger than the
- receiving buffer.
- \return BAD_PATH_ERROR will be returned if opendir() fails when trying
- to open path.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing PEM-formatted CA
- certificates.
- \param path pointer to the name of a directory to load PEM-formatted
- certificates from.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_verify_locations(ctx, “./ca-cert.pem”, NULL);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations_ex
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
- const char* path);
- /*!
- \ingroup CertsKeys
- \brief This function loads PEM-formatted CA certificate files into the SSL
- context (WOLFSSL_CTX). These certificates will be treated as trusted root
- certificates and used to verify certs received from peers during the SSL
- handshake. The root certificate file, provided by the file argument, may
- be a single certificate or a file containing multiple certificates.
- If multiple CA certs are included in the same file, wolfSSL will load them
- in the same order they are presented in the file. The path argument is
- a pointer to the name of a directory that contains certificates of
- trusted root CAs. If the value of file is not NULL, path may be specified
- as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
- defined when building the library, wolfSSL will load all CA certificates
- located in the given directory. This function will attempt to load all
- files in the directory based on flags specified. This function expects PEM
- formatted CERT_TYPE files with header “-----BEGIN CERTIFICATE-----”.
- \return SSL_SUCCESS up success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- path are NULL. This will also be returned if at least one cert is loaded
- successfully but there is one or more that failed. Check error stack for reason.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than the
- receiving buffer.
- \return BAD_PATH_ERROR will be returned if opendir() fails when trying
- to open path.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing PEM-formatted CA
- certificates.
- \param path pointer to the name of a directory to load PEM-formatted
- certificates from.
- \param flags possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, “./certs/external",
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
- const char* path, unsigned int flags);
- /*!
- \ingroup CertsKeys
- \brief This function returns a pointer to an array of strings representing
- directories wolfSSL will search for system CA certs when
- wolfSSL_CTX_load_system_CA_certs is called. On systems that don't store
- certificates in an accessible system directory (such as Apple platforms),
- this function will always return NULL.
- \return Valid pointer on success.
- \return NULL pointer on failure.
- \param num pointer to a word32 that will be populated with the length of the
- array of strings.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- const char** dirs;
- word32 numDirs;
- dirs = wolfSSL_get_system_CA_dirs(&numDirs);
- for (int i = 0; i < numDirs; ++i) {
- printf("Potential system CA dir: %s\n", dirs[i]);
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_system_CA_certs
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_locations_ex
- */
- const char** wolfSSL_get_system_CA_dirs(word32* num);
- /*!
- \ingroup CertsKeys
- \brief On most platforms (including Linux and Windows), this function
- attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent
- CA certificate store. Loaded certificates will be trusted.
- On Apple platforms (excluding macOS), certificates can't be obtained from
- the system, and therefore cannot be loaded into the wolfSSL certificate
- manager. For these platforms, this function enables TLS connections bound to
- the WOLFSSL_CTX to use the native system trust APIs to verify authenticity
- of the peer certificate chain if the authenticity of the peer cannot first
- be authenticated against certificates loaded by the user.
- The platforms supported and tested are: Linux (Debian, Ubuntu,
- Gentoo, Fedora, RHEL), Windows 10/11, Android, macOS, and iOS.
- \return WOLFSSL_SUCCESS on success.
- \return WOLFSSL_BAD_PATH if no system CA certs were loaded.
- \return WOLFSSL_FAILURE for other failure types (e.g. Windows cert store
- wasn't properly closed).
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_system_CA_certs(ctx,);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading system CA certs
- }
- ...
- \endcode
- \sa wolfSSL_get_system_CA_dirs
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_locations_ex
- */
- int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function loads a certificate to use for verifying a peer
- when performing a TLS/SSL handshake. The peer certificate sent during the
- handshake is compared by using the SKID when available and the signature.
- If these two things do not match then any loaded CAs are used. Feature is
- enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the
- examples for proper usage.
- \return SSL_SUCCES upon success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- type are invalid.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing certificates
- \param type type of certificate being loaded ie SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- ...
- ret = wolfSSL_CTX_trust_peer_cert(ctx, “./peer-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading trusted peer cert
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_trust_peer_buffer
- \sa wolfSSL_CTX_Unload_trust_peers
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type);
- /*!
- \ingroup CertsKeys
- \brief This function loads a chain of certificates into the SSL
- context (WOLFSSL_CTX). The file containing the certificate chain
- is provided by the file argument, and must contain PEM-formatted
- certificates. This function will process up to MAX_CHAIN_DEPTH
- (default = 9, defined in internal.h) certificates, plus the subject cert.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include the file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the chain of
- certificates to be loaded into the wolfSSL SSL context. Certificates
- must be in PEM format.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pem”);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *ctx,
- const char *file);
- /*!
- \ingroup openSSL
- \brief This function loads the private RSA key used in the SSL connection
- into the SSL context (WOLFSSL_CTX). This function is only available when
- wolfSSL has been compiled with the OpenSSL compatibility layer enabled
- (--enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the
- more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file
- argument contains a pointer to the RSA private key file, in the format
- specified by format.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The input key file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist, can’t
- be read, or is corrupted, an out of memory condition occurs.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the RSA private
- key to be loaded into the wolfSSL SSL context, with format as specified
- by format.
- \param format the encoding type of the RSA private key specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_RSAPrivateKey_file(ctx, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_RSAPrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- */
- int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
- /*!
- \ingroup IO
- \brief This function returns the maximum chain depth allowed, which is 9 by
- default, for a valid session i.e. there is a non-null session object (ssl).
- \return MAX_CHAIN_DEPTH returned if the WOLFSSL structure is not
- NULL. By default the value is 9.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- long sslDep = wolfSSL_get_verify_depth(ssl);
- if(sslDep > EXPECTED){
- // The verified depth is greater than what was expected
- } else {
- // The verified depth is smaller or equal to the expected value
- }
- \endcode
- \sa wolfSSL_CTX_get_verify_depth
- */
- long wolfSSL_get_verify_depth(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function gets the certificate chaining depth using the
- CTX structure.
- \return MAX_CHAIN_DEPTH returned if the CTX struct is not NULL. The
- constant representation of the max certificate chain peer depth.
- \return BAD_FUNC_ARG returned if the CTX structure is NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method; // protocol method
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- long ret = wolfSSL_CTX_get_verify_depth(ctx);
- if(ret == EXPECTED){
- // You have the expected value
- } else {
- // Handle an unexpected depth
- }
- \endcode
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_get_verify_depth
- */
- long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
- /*!
- \ingroup openSSL
- \brief This function loads a certificate file into the SSL session
- (WOLFSSL structure). The certificate file is provided by the file
- argument. The format argument specifies the format type of the file -
- either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs, Base16 decoding
- fails on the file
- \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
- \param file a pointer to the name of the file containing the certificate to
- be loaded into the wolfSSL SSL session, with format as specified by format.
- \param format the encoding type of the certificate specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_certificate_file(ssl, “./client-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup openSSL
- \brief This function loads a private key file into the SSL session
- (WOLFSSL structure). The key file is provided by the file argument.
- The format argument specifies the format type of the file -
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- If using an external key store and do not have the private key you can
- instead provide the public key and register the crypro callback to handle
- the signing. For this you can build with either build with crypto callbacks
- or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
- WOLF_CRYPTO_CB and register a crypto callback using
- wc_CryptoCb_RegisterDevice and set the associated devId using
- wolfSSL_SetDevId.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The file is in the wrong format, or the wrong format has been
- given using the “format” argument, The file doesn’t exist, can’t be read,
- or is corrupted, An out of memory condition occurs, Base16 decoding
- fails on the file, The key file is encrypted but no password is provided
- \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
- \param file a pointer to the name of the file containing the key file to
- be loaded into the wolfSSL SSL session, with format as specified by format.
- \param format the encoding type of the key specified by file. Possible
- values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_PrivateKey_file(ssl, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wc_CryptoCb_RegisterDevice
- \sa wolfSSL_SetDevId
- */
- int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup openSSL
- \brief This function loads a chain of certificates into the SSL
- session (WOLFSSL structure). The file containing the certificate
- chain is provided by the file argument, and must contain PEM-formatted
- certificates. This function will process up to MAX_CHAIN_DEPTH
- (default = 9, defined in internal.h) certificates, plus the
- subject certificate.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes
- might include: The file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist,
- can’t be read, or is corrupted, an out of memory condition occurs
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
- \param file a pointer to the name of the file containing the chain
- of certificates to be loaded into the wolfSSL SSL session.
- Certificates must be in PEM format.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ctx;
- ...
- ret = wolfSSL_use_certificate_chain_file(ssl, “./cert-chain.pem”);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char *file);
- /*!
- \ingroup openSSL
- \brief This function loads the private RSA key used in the SSL
- connection into the SSL session (WOLFSSL structure). This
- function is only available when wolfSSL has been compiled with
- the OpenSSL compatibility layer enabled (--enable-opensslExtra,
- #define OPENSSL_EXTRA), and is identical to the more-typically
- used wolfSSL_use_PrivateKey_file() function. The file argument
- contains a pointer to the RSA private key file, in the format
- specified by format.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The input key file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist, can’t
- be read, or is corrupted, an out of memory condition occurs
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
- \param file a pointer to the name of the file containing the RSA private
- key to be loaded into the wolfSSL SSL session, with format as specified
- by format.
- \param format the encoding type of the RSA private key specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_RSAPrivateKey_file(ssl, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_RSAPrivateKey_file
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- */
- int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup CertsKeys
- \brief This function is similar to wolfSSL_CTX_load_verify_locations,
- but allows the loading of DER-formatted CA files into the SSL context
- (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as
- well. These certificates will be treated as trusted root certificates
- and used to verify certs received from peers during the SSL handshake.
- The root certificate file, provided by the file argument, may be a single
- certificate or a file containing multiple certificates. If multiple CA
- certs are included in the same file, wolfSSL will load them in the same
- order they are presented in the file. The format argument specifies the
- format which the certificates are in either, SSL_FILETYPE_PEM or
- SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations,
- this function does not allow the loading of CA certificates from a given
- directory path. Note that this function is only available when the wolfSSL
- library was compiled with WOLFSSL_DER_LOAD defined.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE upon failure.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the CA
- certificates to be loaded into the wolfSSL SSL context, with format
- as specified by format.
- \param format the encoding type of the certificates specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.der”,
- SSL_FILETYPE_ASN1);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_buffer
- */
- int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx,
- const char* file, int format);
- /*!
- \ingroup Setup
- \brief This function creates a new SSL context, taking a desired
- SSL/TLS protocol method for input.
- \return pointer If successful the call will return a pointer to the
- newly-created WOLFSSL_CTX.
- \return NULL upon failure.
- \param method pointer to the desired WOLFSSL_METHOD to use for the SSL
- context. This is created using one of the wolfSSLvXX_XXXX_method()
- functions to specify SSL/TLS/DTLS protocol level.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL_METHOD* method = 0;
- method = wolfSSLv3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- \endcode
- \sa wolfSSL_new
- */
- WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
- /*!
- \ingroup Setup
- \brief This function creates a new SSL session, taking an already
- created SSL context as input.
- \return * If successful the call will return a pointer to the
- newly-created wolfSSL structure.
- \return NULL Upon failure.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // SSL object creation failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- */
- WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function assigns a file descriptor (fd) as the
- input/output facility for the SSL connection. Typically this will be
- a socket file descriptor.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_fd(ssl, sockfd);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL file descriptor
- }
- \endcode
- \sa wolfSSL_CTX_SetIOSend
- \sa wolfSSL_CTX_SetIORecv
- \sa wolfSSL_SetIOReadCtx
- \sa wolfSSL_SetIOWriteCtx
- */
- int wolfSSL_set_fd(WOLFSSL* ssl, int fd);
- /*!
- \ingroup Setup
- \brief This function assigns a file descriptor (fd) as the
- input/output facility for the SSL connection. Typically this will be
- a socket file descriptor. This is a DTLS specific API because it marks that
- the socket is connected. recvfrom and sendto calls on this fd will have the
- addr and addr_len parameters set to NULL.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- if (connect(sockfd, peer_addr, peer_addr_len) != 0) {
- // handle connect error
- }
- ...
- ret = wolfSSL_set_dtls_fd_connected(ssl, sockfd);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL file descriptor
- }
- \endcode
- \sa wolfSSL_CTX_SetIOSend
- \sa wolfSSL_CTX_SetIORecv
- \sa wolfSSL_SetIOReadCtx
- \sa wolfSSL_SetIOWriteCtx
- \sa wolfDTLS_SetChGoodCb
- */
- int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd);
- /*!
- \ingroup Setup
- \brief Allows setting a callback for a correctly processed and verified DTLS
- client hello. When using a cookie exchange mechanism (either the
- HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie
- extension in DTLS 1.3) this callback is called after the cookie
- exchange has succeeded. This is useful to use one WOLFSSL object as
- the listener for new connections and being able to isolate the
- WOLFSSL object once the ClientHello is verified (either through a
- cookie exchange or just checking if the ClientHello had the correct
- format).
- DTLS 1.2:
- https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
- DTLS 1.3:
- https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- // Called when we have verified a connection
- static int chGoodCb(WOLFSSL* ssl, void* arg)
- {
- // setup peer and file descriptors
- }
- if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) {
- // error setting callback
- }
- \endcode
- \sa wolfSSL_set_dtls_fd_connected
- */
- int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
- /*!
- \ingroup IO
- \brief Get the name of cipher at priority level passed in.
- \return string Success
- \return 0 Priority is either out of bounds or not valid.
- \param priority Integer representing the priority level of a cipher.
- _Example_
- \code
- printf("The cipher at 1 is %s", wolfSSL_get_cipher_list(1));
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- */
- char* wolfSSL_get_cipher_list(int priority);
- /*!
- \ingroup IO
- \brief This function gets the ciphers enabled in wolfSSL.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the buf parameter was NULL or if the
- len argument was less than or equal to zero.
- \return BUFFER_E returned if the buffer is not large enough and
- will overflow.
- \param buf a char pointer representing the buffer.
- \param len the length of the buffer.
- _Example_
- \code
- static void ShowCiphers(void){
- char* ciphers;
- int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
- if(ret == SSL_SUCCES){
- printf(“%s\n”, ciphers);
- }
- }
- \endcode
- \sa GetCipherNames
- \sa wolfSSL_get_cipher_list
- \sa ShowCiphers
- */
- int wolfSSL_get_ciphers(char* buf, int len);
- /*!
- \ingroup IO
- \brief This function gets the cipher name in the format DHE-RSA by
- passing through argument to wolfSSL_get_cipher_name_internal.
- \return string This function returns the string representation of the
- cipher suite that was matched.
- \return NULL error or cipher not found.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- char* cipherS = wolfSSL_get_cipher_name(ssl);
- if(cipher == NULL){
- // There was not a cipher suite matched
- } else {
- // There was a cipher suite matched
- printf(“%s\n”, cipherS);
- }
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_name_internal
- */
- const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns the read file descriptor (fd) used as the
- input facility for the SSL connection. Typically this
- will be a socket file descriptor.
- \return fd If successful the call will return the SSL session file
- descriptor.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- sockfd = wolfSSL_get_fd(ssl);
- ...
- \endcode
- \sa wolfSSL_set_fd
- \sa wolfSSL_set_read_fd
- \sa wolfSSL_set_write_fd
- */
- int wolfSSL_get_fd(const WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function returns the write file descriptor (fd) used as the
- output facility for the SSL connection. Typically this
- will be a socket file descriptor.
- \return fd If successful the call will return the SSL session file
- descriptor.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- sockfd = wolfSSL_get_wfd(ssl);
- ...
- \endcode
- \sa wolfSSL_set_fd
- \sa wolfSSL_set_read_fd
- \sa wolfSSL_set_write_fd
- */
- int wolfSSL_get_wfd(const WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function informs the WOLFSSL object that the underlying
- I/O is non-blocking. After an application creates a WOLFSSL object,
- if it will be used with a non-blocking socket, call
- wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would
- block rather than that it timed out.
- \return none No return.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param nonblock value used to set non-blocking flag on WOLFSSL object.
- Use 1 to specify non-blocking, otherwise 0.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_set_using_nonblock(ssl, 1);
- \endcode
- \sa wolfSSL_get_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_get_current_timeout
- */
- void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock);
- /*!
- \ingroup IO
- \brief This function allows the application to determine if wolfSSL is
- using non-blocking I/O. If wolfSSL is using non-blocking I/O, this
- function will return 1, otherwise 0. After an application creates a
- WOLFSSL object, if it will be used with a non-blocking socket, call
- wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would block
- rather than that it timed out.
- \return 0 underlying I/O is blocking.
- \return 1 underlying I/O is non-blocking.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_get_using_nonblock(ssl);
- if (ret == 1) {
- // underlying I/O is non-blocking
- }
- ...
- \endcode
- \sa wolfSSL_set_session
- */
- int wolfSSL_get_using_nonblock(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function writes sz bytes from the buffer, data, to the SSL
- connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS
- session if the handshake has not already been performed yet by
- wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
- feature is compiled in, this function progresses the handshake only up to
- the point when it is possible to send data. Next invocations of
- wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
- handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_write() will return when
- the underlying I/O could not satisfy the needs of wolfSSL_write() to
- continue. In this case, a call to wolfSSL_get_error() will yield either
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
- repeat the call to wolfSSL_write() when the underlying I/O is ready. If the
- underlying I/O is blocking, wolfSSL_write() will only return once the buffer
- data of size sz has been completely written or an error occurred.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data data buffer which will be sent to peer.
- \param sz size, in bytes, of data to send to the peer (data).
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char msg[64] = “hello wolfssl!”;
- int msgSz = (int)strlen(msg);
- int flags;
- int ret;
- ...
- ret = wolfSSL_write(ssl, msg, msgSz);
- if (ret <= 0) {
- // wolfSSL_write() failed, call wolfSSL_get_error()
- }
- \endcode
- \sa wolfSSL_send
- \sa wolfSSL_read
- \sa wolfSSL_recv
- */
- int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz);
- /*!
- \ingroup IO
- \brief This function reads sz bytes from the SSL session (ssl)
- internal read buffer into the buffer data. The bytes read are removed
- from the internal receive buffer. If necessary wolfSSL_read() will
- negotiate an SSL/TLS session if the handshake has not already been
- performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS
- protocol uses SSL records which have a maximum size of 16kB (the max
- record size can be controlled by the MAX_RECORD_SIZE define in
- <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
- entire SSL record internally before it is able to process and decrypt the
- record. Because of this, a call to wolfSSL_read() will only be able to
- return the maximum buffer size which has been decrypted at the time of
- calling. There may be additional not-yet-decrypted data waiting in the
- internal wolfSSL receive buffer which will be retrieved and decrypted with
- the next call to wolfSSL_read(). If sz is larger than the number of bytes
- in the internal read buffer, SSL_read() will return the bytes available in
- the internal read buffer. If no bytes are buffered in the internal read
- buffer yet, a call to wolfSSL_read() will trigger processing of the next
- record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either a
- clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_read() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_read() will place data read.
- \param sz number of bytes to read into data.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- ...
- input = wolfSSL_read(ssl, reply, sizeof(reply));
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- See wolfSSL examples (client, server, echoclient, echoserver) for more
- complete examples of wolfSSL_read().
- \endcode
- \sa wolfSSL_recv
- \sa wolfSSL_write
- \sa wolfSSL_peek
- \sa wolfSSL_pending
- */
- int wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
- /*!
- \ingroup IO
- \brief This function copies sz bytes from the SSL session (ssl) internal
- read buffer into the buffer data. This function is identical to
- wolfSSL_read() except that the data in the internal SSL session
- receive buffer is not removed or modified. If necessary, like
- wolfSSL_read(), wolfSSL_peek() will negotiate an SSL/TLS session if
- the handshake has not already been performed yet by wolfSSL_connect()
- or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a
- maximum size of 16kB (the max record size can be controlled by the
- MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such,
- wolfSSL needs to read an entire SSL record internally before it is able
- to process and decrypt the record. Because of this, a call to
- wolfSSL_peek() will only be able to return the maximum buffer size which
- has been decrypted at the time of calling. There may be additional
- not-yet-decrypted data waiting in the internal wolfSSL receive buffer
- which will be retrieved and decrypted with the next call to
- wolfSSL_peek() / wolfSSL_read(). If sz is larger than the number of bytes
- in the internal read buffer, SSL_peek() will return the bytes available
- in the internal read buffer. If no bytes are buffered in the internal
- read buffer yet, a call to wolfSSL_peek() will trigger processing of the
- next record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either
- a clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an
- error occurred or, when using non-blocking sockets, the
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error was received and and
- the application needs to call wolfSSL_peek() again. Use
- wolfSSL_get_error() to get a specific error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_peek() will place data read.
- \param sz number of bytes to read into data.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- ...
- input = wolfSSL_peek(ssl, reply, sizeof(reply));
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- \endcode
- \sa wolfSSL_read
- */
- int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
- /*!
- \ingroup IO
- \brief This function is called on the server side and waits for an SSL
- client to initiate the SSL/TLS handshake. When this function is called,
- the underlying communication channel has already been set up.
- wolfSSL_accept() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_accept() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_accept
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_accept when
- data is available to read and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O
- is blocking, wolfSSL_accept() will only return once the handshake has
- been finished or an error occurred.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_accept(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- */
- int wolfSSL_accept(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function is called on the server side and statelessly listens
- for an SSL client to initiate the DTLS handshake.
- \return WOLFSSL_SUCCESS ClientHello containing a valid cookie was received.
- The connection can be continued with wolfSSL_accept().
- \return WOLFSSL_FAILURE The I/O layer returned WANT_READ. This is either
- because there is no data to read and we are using non-blocking sockets or
- we sent a cookie request and we are waiting for a reply. The user should
- call wolfDTLS_accept_stateless again after data becomes available in
- the I/O layer.
- \return WOLFSSL_FATAL_ERROR A fatal error occurred. The ssl object should be
- free'd and allocated again to continue.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- ...
- do {
- ret = wolfDTLS_accept_stateless(ssl);
- if (ret == WOLFSSL_FATAL_ERROR)
- // re-allocate the ssl object with wolfSSL_free() and wolfSSL_new()
- } while (ret != WOLFSSL_SUCCESS);
- ret = wolfSSL_accept(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_accept
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- */
- int wolfDTLS_accept_stateless(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function frees an allocated WOLFSSL_CTX object. This
- function decrements the CTX reference count and only frees the context
- when the reference count has reached 0.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_free(ctx);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- void wolfSSL_CTX_free(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function frees an allocated wolfSSL object.
- \return none No return.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_free(ssl);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_CTX_free
- */
- void wolfSSL_free(WOLFSSL*);
- /*!
- \ingroup TLS
- \brief This function shuts down an active SSL/TLS connection using
- the SSL session, ssl. This function will try to send a “close notify”
- alert to the peer. The calling application can choose to wait for the
- peer to send its “close notify” alert in response or just go ahead
- and shut down the underlying connection after directly calling
- wolfSSL_shutdown (to save resources). Either option is allowed by
- the TLS specification. If the underlying connection will be used
- again in the future, the complete two-directional shutdown procedure
- must be performed to keep synchronization intact between the peers.
- wolfSSL_shutdown() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_shutdown() will
- return an error if the underlying I/O could not satisfy the needs of
- wolfSSL_shutdown() to continue. In this case, a call to
- wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE. The calling process must then repeat the call
- to wolfSSL_shutdown() when the underlying I/O is ready.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_SHUTDOWN_NOT_DONE will be returned when shutdown has not
- finished, and the function should be called again.
- \return SSL_FATAL_ERROR will be returned upon failure. Call
- wolfSSL_get_error() for a more specific error code.
- \param ssl pointer to the SSL session created with wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_shutdown(ssl);
- if (ret != 0) {
- // failed to shut down SSL connection
- }
- \endcode
- \sa wolfSSL_free
- \sa wolfSSL_CTX_free
- */
- int wolfSSL_shutdown(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function writes sz bytes from the buffer, data, to the SSL
- connection, ssl, using the specified flags for the underlying write
- operation. If necessary wolfSSL_send() will negotiate an SSL/TLS session
- if the handshake has not already been performed yet by wolfSSL_connect()
- or wolfSSL_accept(). wolfSSL_send() works with both blocking and
- non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_send()
- will return when the underlying I/O could not satisfy the needs of
- wolfSSL_send to continue. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_send() when
- the underlying I/O is ready. If the underlying I/O is blocking,
- wolfSSL_send() will only return once the buffer data of size sz has
- been completely written or an error occurred.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_send() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data data buffer to send to peer.
- \param sz size, in bytes, of data to be sent to peer.
- \param flags the send flags to use for the underlying send operation.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char msg[64] = “hello wolfssl!”;
- int msgSz = (int)strlen(msg);
- int flags = ... ;
- ...
- input = wolfSSL_send(ssl, msg, msgSz, flags);
- if (input != msgSz) {
- // wolfSSL_send() failed
- }
- \endcode
- \sa wolfSSL_write
- \sa wolfSSL_read
- \sa wolfSSL_recv
- */
- int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags);
- /*!
- \ingroup IO
- \brief This function reads sz bytes from the SSL session (ssl) internal
- read buffer into the buffer data using the specified flags for the
- underlying recv operation. The bytes read are removed from the internal
- receive buffer. This function is identical to wolfSSL_read() except
- that it allows the application to set the recv flags for the underlying
- read operation. If necessary wolfSSL_recv() will negotiate an SSL/TLS
- session if the handshake has not already been performed yet by
- wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses
- SSL records which have a maximum size of 16kB (the max record size
- can be controlled by the MAX_RECORD_SIZE define in
- <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
- entire SSL record internally before it is able to process and decrypt
- the record. Because of this, a call to wolfSSL_recv() will only be
- able to return the maximum buffer size which has been decrypted at
- the time of calling. There may be additional not-yet-decrypted data
- waiting in the internal wolfSSL receive buffer which will be
- retrieved and decrypted with the next call to wolfSSL_recv(). If sz
- is larger than the number of bytes in the internal read buffer,
- SSL_recv() will return the bytes available in the internal read buffer.
- If no bytes are buffered in the internal read buffer yet, a call to
- wolfSSL_recv() will trigger processing of the next record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either
- a clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_recv() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_recv() will place data read.
- \param sz number of bytes to read into data.
- \param flags the recv flags to use for the underlying recv operation.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- int flags = ... ;
- ...
- input = wolfSSL_recv(ssl, reply, sizeof(reply), flags);
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- \endcode
- \sa wolfSSL_read
- \sa wolfSSL_write
- \sa wolfSSL_peek
- \sa wolfSSL_pending
- */
- int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags);
- /*!
- \ingroup Debug
- \brief This function returns a unique error code describing why the
- previous API function call (wolfSSL_connect, wolfSSL_accept, wolfSSL_read,
- wolfSSL_write, etc.) resulted in an error return code (SSL_FAILURE).
- The return value of the previous function is passed to wolfSSL_get_error
- through ret. After wolfSSL_get_error is called and returns the unique
- error code, wolfSSL_ERR_error_string() may be called to get a
- human-readable error string. See wolfSSL_ERR_error_string() for more
- information.
- \return On successful completion, this function will return the
- unique error code describing why the previous API function failed.
- \return SSL_ERROR_NONE will be returned if ret > 0. For ret <= 0, there are
- some cases when this value can also be returned when a previous API appeared
- to return an error code but no error actually occurred. An example is
- calling wolfSSL_read() with a zero sz parameter. A 0 return from
- wolfSSL_read() usually indicates an error but in this case no error
- occurred. If wolfSSL_get_error() is called afterwards, SSL_ERROR_NONE will
- be returned.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param ret return value of the previous function that resulted in an error
- return code.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string(err, buffer);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- int wolfSSL_get_error(WOLFSSL* ssl, int ret);
- /*!
- \ingroup IO
- \brief This function gets the alert history.
- \return SSL_SUCCESS returned when the function completed successfully.
- Either there was alert history or there wasn’t, either way, the
- return value is SSL_SUCCESS.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param h a pointer to a WOLFSSL_ALERT_HISTORY structure that will hold the
- WOLFSSL struct’s alert_history member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- WOLFSSL_ALERT_HISTORY* h;
- ...
- wolfSSL_get_alert_history(ssl, h);
- // h now has a copy of the ssl->alert_history contents
- \endcode
- \sa wolfSSL_get_error
- */
- int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
- /*!
- \ingroup Setup
- \brief This function sets the session to be used when the SSL object,
- ssl, is used to establish a SSL/TLS connection. For session resumption,
- before calling wolfSSL_shutdown() with your session object, an application
- should save the session ID from the object with a call to
- wolfSSL_get1_session(), which returns a pointer to the session.
- Later, the application should create a new WOLFSSL object and assign
- the saved session with wolfSSL_set_session(). At this point, the
- application may call wolfSSL_connect() and wolfSSL will try to resume
- the session. The wolfSSL server code allows session resumption by default.
- The object returned by wolfSSL_get1_session() needs to be freed after the
- application is done with it by calling wolfSSL_SESSION_free() on it.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return SSL_FAILURE will be returned on failure. This could be caused
- by the session cache being disabled, or if the session has timed out.
- \return When OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL are defined,
- SSL_SUCCESS will be returned even if the session has timed out.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param session pointer to the WOLFSSL_SESSION used to set the session
- for ssl.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- WOLFSSL_SESSION* session;
- ...
- session = wolfSSL_get1_session(ssl);
- if (session == NULL) {
- // failed to get session object from ssl object
- }
- ...
- ret = wolfSSL_set_session(ssl, session);
- if (ret != SSL_SUCCESS) {
- // failed to set the SSL session
- }
- wolfSSL_SESSION_free(session);
- ...
- \endcode
- \sa wolfSSL_get1_session
- */
- int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
- /*!
- \ingroup IO
- \brief When NO_SESSION_CACHE_REF is defined this function returns a pointer
- to the current session (WOLFSSL_SESSION) used in ssl. This function returns
- a non-persistent pointer to the WOLFSSL_SESSION object. The pointer returned
- will be freed when wolfSSL_free is called. This call should only be used to
- inspect or modify the current session. For session resumption it is
- recommended to use wolfSSL_get1_session(). For backwards compatibility when
- NO_SESSION_CACHE_REF is not defined this function returns a persistent
- session object pointer that is stored in the local cache. The cache size is
- finite and there is a risk that the session object will be overwritten by
- another ssl connection by the time the application calls
- wolfSSL_set_session() on it. It is recommended to define
- NO_SESSION_CACHE_REF in your application and to use wolfSSL_get1_session()
- for session resumption.
- \return pointer If successful the call will return a pointer to the the
- current SSL session object.
- \return NULL will be returned if ssl is NULL, the SSL session cache is
- disabled, wolfSSL doesn’t have the Session ID available, or mutex
- functions fail.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_SESSION* session;
- ...
- session = wolfSSL_get_session(ssl);
- if (session == NULL) {
- // failed to get session pointer
- }
- ...
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function flushes session from the session cache which
- have expired. The time, tm, is used for the time comparison. Note
- that wolfSSL currently uses a static table for sessions, so no flushing
- is needed. As such, this function is currently just a stub. This
- function provides OpenSSL compatibility (SSL_flush_sessions) when
- wolfSSL is compiled with the OpenSSL compatibility layer.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param tm time used in session expiration comparison.
- _Example_
- \code
- WOLFSSL_CTX* ssl;
- ...
- wolfSSL_flush_sessions(ctx, time(0));
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm);
- /*!
- \ingroup TLS
- \brief This function associates the client session with the server id.
- If the newSession flag is on, an existing session won’t be reused.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter
- is NULL or if len is not greater than zero.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param id a constant byte pointer that will be copied to the
- serverID member of the WOLFSSL_SESSION structure.
- \param len an int type representing the length of the session id parameter.
- \param newSession an int type representing the flag to denote whether
- to reuse a session or not.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- const byte id[MAX_SIZE]; // or dynamically create space
- int len = 0; // initialize length
- int newSession = 0; // flag to allow
- …
- int ret = wolfSSL_SetServerID(ssl, id, len, newSession);
- if (ret == WOLFSSL_SUCCESS) {
- // The Id was successfully set
- }
- \endcode
- \sa wolfSSL_set_session
- */
- int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id,
- int len, int newSession);
- /*!
- \ingroup IO
- \brief This function gets the session index of the WOLFSSL structure.
- \return int The function returns an int type representing the
- sessionIndex within the WOLFSSL struct.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- ...
- int sesIdx = wolfSSL_GetSessionIndex(ssl);
- if(sesIdx < 0 || sesIdx > sizeof(ssl->sessionIndex)/sizeof(int)){
- // You have an out of bounds index number and something is not right.
- }
- \endcode
- \sa wolfSSL_GetSessionAtIndex
- */
- int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function gets the session at specified index of the session
- cache and copies it into memory. The WOLFSSL_SESSION structure holds
- the session information.
- \return SSL_SUCCESS returned if the function executed successfully and
- no errors were thrown.
- \return BAD_MUTEX_E returned if there was an unlock or lock mutex error.
- \return SSL_FAILURE returned if the function did not execute successfully.
- \param idx an int type representing the session index.
- \param session a pointer to the WOLFSSL_SESSION structure.
- _Example_
- \code
- int idx; // The index to locate the session.
- WOLFSSL_SESSION* session; // Buffer to copy to.
- ...
- if(wolfSSL_GetSessionAtIndex(idx, session) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa UnLockMutex
- \sa LockMutex
- \sa wolfSSL_GetSessionIndex
- */
- int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
- /*!
- \ingroup IO
- \brief Returns the peer certificate chain from the WOLFSSL_SESSION struct.
- \return pointer A pointer to a WOLFSSL_X509_CHAIN structure that
- contains the peer certification chain.
- \param session a pointer to a WOLFSSL_SESSION structure.
- _Example_
- \code
- WOLFSSL_SESSION* session;
- WOLFSSL_X509_CHAIN* chain;
- ...
- chain = wolfSSL_SESSION_get_peer_chain(session);
- if(!chain){
- // There was no chain. Failure case.
- }
- \endcode
- \sa wolfSSL_GetSessionAtIndex
- \sa wolfSSL_GetSessionIndex
- \sa AddSession
- */
- WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
- /*!
- \ingroup Setup
- \brief This function sets the verification method for remote peers and
- also allows a verify callback to be registered with the SSL context.
- The verify callback will be called only when a verification failure has
- occurred. If no verify callback is desired, the NULL pointer can be used
- for verify_callback. The verification mode of peer certificates is a
- logically OR’d list of flags. The possible flag values include:
- SSL_VERIFY_NONE Client mode: the client will not verify the certificate
- received from the server and the handshake will continue as normal.
- Server mode: the server will not send a certificate request to the client.
- As such, client verification will not be enabled. SSL_VERIFY_PEER Client
- mode: the client will verify the certificate received from the server
- during the handshake. This is turned on by default in wolfSSL, therefore,
- using this option has no effect. Server mode: the server will send a
- certificate request to the client and verify the client certificate
- received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
- used on the client side. Server mode: the verification will fail on the
- server side if the client fails to send a certificate when requested to
- do so (when using SSL_VERIFY_PEER on the SSL server).
- SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
- side. Server mode: the verification is the same as
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
- If a PSK connection is being made then the connection will go through
- without a peer cert.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param mode flags indicating verification mode for peer's cert.
- \param verify_callback callback to be called when verification fails.
- If no callback is desired, the NULL pointer can be used for
- verify_callback.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER |
- WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
- \endcode
- \sa wolfSSL_set_verify
- */
- void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
- VerifyCallback verify_callback);
- /*!
- \ingroup Setup
- \brief This function sets the verification method for remote peers and
- also allows a verify callback to be registered with the SSL session.
- The verify callback will be called only when a verification failure has
- occurred. If no verify callback is desired, the NULL pointer can be used
- for verify_callback. The verification mode of peer certificates is a
- logically OR’d list of flags. The possible flag values include:
- SSL_VERIFY_NONE Client mode: the client will not verify the certificate
- received from the server and the handshake will continue as normal. Server
- mode: the server will not send a certificate request to the client.
- As such, client verification will not be enabled. SSL_VERIFY_PEER Client
- mode: the client will verify the certificate received from the server
- during the handshake. This is turned on by default in wolfSSL, therefore,
- using this option has no effect. Server mode: the server will send a
- certificate request to the client and verify the client certificate
- received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
- used on the client side. Server mode: the verification will fail on the
- server side if the client fails to send a certificate when requested to do
- so (when using SSL_VERIFY_PEER on the SSL server).
- SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
- side. Server mode: the verification is the same as
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
- If a PSK connection is being made then the connection will go through
- without a peer cert.
- \return none No return.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param mode flags indicating verification mode for peer's cert.
- \param verify_callback callback to be called when verification fails.
- If no callback is desired, the NULL pointer can
- be used for verify_callback.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- \endcode
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback);
- /*!
- \ingroup CertsKeys
- \brief This function stores user CTX object information for verify callback.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ctx a void pointer that is set to WOLFSSL structure’s verifyCbCtx
- member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- (void*)ctx;
- ...
- if(ssl != NULL){
- wolfSSL_SetCertCbCtx(ssl, ctx);
- } else {
- // Error case, the SSL is not initialized properly.
- }
- \endcode
- \sa wolfSSL_CTX_save_cert_cache
- \sa wolfSSL_CTX_restore_cert_cache
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx);
- /*!
- \ingroup CertsKeys
- \brief This function stores user CTX object information for verify callback.
- \return none No return.
- \param ctx a pointer to a WOLFSSL_CTX structure.
- \param userCtx a void pointer that is used to set WOLFSSL_CTX structure’s
- verifyCbCtx member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- void* userCtx = NULL; // Assign some user defined context
- ...
- if(ctx != NULL){
- wolfSSL_SetCertCbCtx(ctx, userCtx);
- } else {
- // Error case, the SSL is not initialized properly.
- }
- \endcode
- \sa wolfSSL_CTX_save_cert_cache
- \sa wolfSSL_CTX_restore_cert_cache
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx);
- /*!
- \ingroup IO
- \brief This function returns the number of bytes which are buffered and
- available in the SSL object to be read by wolfSSL_read().
- \return int This function returns the number of bytes pending.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int pending = 0;
- WOLFSSL* ssl = 0;
- ...
- pending = wolfSSL_pending(ssl);
- printf(“There are %d bytes buffered and available for reading”, pending);
- \endcode
- \sa wolfSSL_recv
- \sa wolfSSL_read
- \sa wolfSSL_peek
- */
- int wolfSSL_pending(WOLFSSL*);
- /*!
- \ingroup Debug
- \brief This function is for OpenSSL compatibility (SSL_load_error_string)
- only and takes no action.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- wolfSSL_load_error_strings();
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_load_error_strings(void);
- /*!
- \ingroup TLS
- \brief This function is called internally in wolfSSL_CTX_new(). This
- function is a wrapper around wolfSSL_Init() and exists for OpenSSL
- compatibility (SSL_library_init) when wolfSSL has been compiled with
- OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used
- wolfSSL initialization function.
- \return SSL_SUCCESS If successful the call will return.
- \return SSL_FATAL_ERROR is returned upon failure.
- \param none No parameters.
- _Example_
- \code
- int ret = 0;
- ret = wolfSSL_library_init();
- if (ret != SSL_SUCCESS) {
- failed to initialize wolfSSL
- }
- ...
- \endcode
- \sa wolfSSL_Init
- \sa wolfSSL_Cleanup
- */
- int wolfSSL_library_init(void);
- /*!
- \brief This function sets the Device Id at the WOLFSSL session level.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG if ssl is NULL.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
- _Example_
- \code
- WOLFSSL* ssl;
- int DevId = -2;
- wolfSSL_SetDevId(ssl, devId);
- \endcode
- \sa wolfSSL_CTX_SetDevId
- \sa wolfSSL_CTX_GetDevId
- */
- int wolfSSL_SetDevId(WOLFSSL* ssl, int devId);
- /*!
- \brief This function sets the Device Id at the WOLFSSL_CTX context level.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG if ssl is NULL.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int DevId = -2;
- wolfSSL_CTX_SetDevId(ctx, devId);
- \endcode
- \sa wolfSSL_SetDevId
- \sa wolfSSL_CTX_GetDevId
- */
- int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId);
- /*!
- \brief This function retrieves the Device Id.
- \return devId upon success.
- \return INVALID_DEVID if both ssl and ctx are NULL.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- wolfSSL_CTX_GetDevId(ctx, ssl);
- \endcode
- \sa wolfSSL_SetDevId
- \sa wolfSSL_CTX_SetDevId
- */
- int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function enables or disables SSL session caching.
- Behavior depends on the value used for mode. The following values
- for mode are available: SSL_SESS_CACHE_OFF- disable session caching.
- Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR -
- Disable auto-flushing of the session cache. Auto-flushing is turned on
- by default.
- \return SSL_SUCCESS will be returned upon success.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param mode modifier used to change behavior of the session cache.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
- if (ret != SSL_SUCCESS) {
- // failed to turn SSL session caching off
- }
- \endcode
- \sa wolfSSL_flush_sessions
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- \sa wolfSSL_get_sessionID
- \sa wolfSSL_CTX_set_timeout
- */
- long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode);
- /*!
- \brief This function sets the session secret callback function. The
- SessionSecretCb type has the signature: int (*SessionSecretCb)(WOLFSSL* ssl,
- void* secret, int* secretSz, void* ctx). The sessionSecretCb member of
- the WOLFSSL struct is set to the parameter cb.
- \return SSL_SUCCESS returned if the execution of the function did not
- return an error.
- \return SSL_FATAL_ERROR returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a SessionSecretCb type that is a function pointer with the above
- signature.
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- // Signature of SessionSecretCb
- int SessionSecretCB (WOLFSSL* ssl, void* secret, int* secretSz,
- void* ctx) = SessionSecretCb;
- …
- int wolfSSL_set_session_secret_cb(ssl, SessionSecretCB, (void*)ssl->ctx){
- // Function body.
- }
- \endcode
- \sa SessionSecretCb
- */
- int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx);
- /*!
- \ingroup IO
- \brief This function persists the session cache to file. It doesn’t use
- memsave because of additional memory use.
- \return SSL_SUCCESS returned if the function executed without error.
- The session cache has been written to a file.
- \return SSL_BAD_FILE returned if fname cannot be opened or is otherwise
- corrupt.
- \return FWRITE_ERROR returned if XFWRITE failed to write to the file.
- \return BAD_MUTEX_E returned if there was a mutex lock failure.
- \param fname is a constant char pointer that points to a file for writing.
- _Example_
- \code
- const char* fname;
- ...
- if(wolfSSL_save_session_cache(fname) != SSL_SUCCESS){
- // Fail to write to file.
- }
- \endcode
- \sa XFWRITE
- \sa wolfSSL_restore_session_cache
- \sa wolfSSL_memrestore_session_cache
- */
- int wolfSSL_save_session_cache(const char* fname);
- /*!
- \ingroup IO
- \brief This function restores the persistent session cache from file. It
- does not use memstore because of additional memory use.
- \return SSL_SUCCESS returned if the function executed without error.
- \return SSL_BAD_FILE returned if the file passed into the function was
- corrupted and could not be opened by XFOPEN.
- \return FREAD_ERROR returned if the file had a read error from XFREAD.
- \return CACHE_MATCH_ERROR returned if the session cache header match
- failed.
- \return BAD_MUTEX_E returned if there was a mutex lock failure.
- \param fname a constant char pointer file input that will be read.
- _Example_
- \code
- const char *fname;
- ...
- if(wolfSSL_restore_session_cache(fname) != SSL_SUCCESS){
- // Failure case. The function did not return SSL_SUCCESS.
- }
- \endcode
- \sa XFREAD
- \sa XFOPEN
- */
- int wolfSSL_restore_session_cache(const char* fname);
- /*!
- \ingroup IO
- \brief This function persists session cache to memory.
- \return SSL_SUCCESS returned if the function executed without error.
- The session cache has been successfully persisted to memory.
- \return BAD_MUTEX_E returned if there was a mutex lock error.
- \return BUFFER_E returned if the buffer size was too small.
- \param mem a void pointer representing the destination for the memory
- copy, XMEMCPY().
- \param sz an int type representing the size of mem.
- _Example_
- \code
- void* mem;
- int sz; // Max size of the memory buffer.
- …
- if(wolfSSL_memsave_session_cache(mem, sz) != SSL_SUCCESS){
- // Failure case, you did not persist the session cache to memory
- }
- \endcode
- \sa XMEMCPY
- \sa wolfSSL_get_session_cache_memsize
- */
- int wolfSSL_memsave_session_cache(void* mem, int sz);
- /*!
- \ingroup IO
- \brief This function restores the persistent session cache from memory.
- \return SSL_SUCCESS returned if the function executed without an error.
- \return BUFFER_E returned if the memory buffer is too small.
- \return BAD_MUTEX_E returned if the session cache mutex lock failed.
- \return CACHE_MATCH_ERROR returned if the session cache header match
- failed.
- \param mem a constant void pointer containing the source of the
- restoration.
- \param sz an integer representing the size of the memory buffer.
- _Example_
- \code
- const void* memoryFile;
- int szMf;
- ...
- if(wolfSSL_memrestore_session_cache(memoryFile, szMf) != SSL_SUCCESS){
- // Failure case. SSL_SUCCESS was not returned.
- }
- \endcode
- \sa wolfSSL_save_session_cache
- */
- int wolfSSL_memrestore_session_cache(const void* mem, int sz);
- /*!
- \ingroup IO
- \brief This function returns how large the session cache save buffer
- should be.
- \return int This function returns an integer that represents the size of
- the session cache save buffer.
- \param none No parameters.
- _Example_
- \code
- int sz = // Minimum size for error checking;
- ...
- if(sz < wolfSSL_get_session_cache_memsize()){
- // Memory buffer is too small
- }
- \endcode
- \sa wolfSSL_memrestore_session_cache
- */
- int wolfSSL_get_session_cache_memsize(void);
- /*!
- \ingroup CertsKeys
- \brief This function writes the cert cache from memory to file.
- \return SSL_SUCCESS if CM_SaveCertCache exits normally.
- \return BAD_FUNC_ARG is returned if either of the arguments are NULL.
- \return SSL_BAD_FILE if the cert cache save file could not be opened.
- \return BAD_MUTEX_E if the lock mutex failed.
- \return MEMORY_E the allocation of memory failed.
- \return FWRITE_ERROR Certificate cache file write failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, holding the
- certificate information.
- \param fname a constant char pointer that points to a file for writing.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
- const char* fname;
- ...
- if(wolfSSL_CTX_save_cert_cache(ctx, fname)){
- // file was written.
- }
- \endcode
- \sa CM_SaveCertCache
- \sa DoMemSaveCertCache
- */
- int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
- /*!
- \ingroup CertsKeys
- \brief This function persistes certificate cache from a file.
- \return SSL_SUCCESS returned if the function, CM_RestoreCertCache,
- executes normally.
- \return SSL_BAD_FILE returned if XFOPEN returns XBADFILE. The file is
- corrupted.
- \return MEMORY_E returned if the allocated memory for the temp buffer
- fails.
- \return BAD_FUNC_ARG returned if fname or ctx have a NULL value.
- \param ctx a pointer to a WOLFSSL_CTX structure, holding the certificate
- information.
- \param fname a constant char pointer that points to a file for reading.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* fname = "path to file";
- ...
- if(wolfSSL_CTX_restore_cert_cache(ctx, fname)){
- // check to see if the execution was successful
- }
- \endcode
- \sa CM_RestoreCertCache
- \sa XFOPEN
- */
- int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
- /*!
- \ingroup CertsKeys
- \brief This function persists the certificate cache to memory.
- \return SSL_SUCCESS returned on successful execution of the function.
- No errors were thrown.
- \return BAD_MUTEX_E mutex error where the WOLFSSL_CERT_MANAGER member
- caLock was not 0 (zero).
- \return BAD_FUNC_ARG returned if ctx, mem, or used is NULL or if sz
- is less than or equal to 0 (zero).
- \return BUFFER_E output buffer mem was too small.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- using wolfSSL_CTX_new().
- \param mem a void pointer to the destination (output buffer).
- \param sz the size of the output buffer.
- \param used a pointer to size of the cert cache header.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
- void* mem;
- int sz;
- int* used;
- ...
- if(wolfSSL_CTX_memsave_cert_cache(ctx, mem, sz, used) != SSL_SUCCESS){
- // The function returned with an error
- }
- \endcode
- \sa DoMemSaveCertCache
- \sa GetCertCacheMemSize
- \sa CM_MemRestoreCertCache
- \sa CM_GetCertCacheMemSize
- */
- int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used);
- /*!
- \ingroup Setup
- \brief This function restores the certificate cache from memory.
- \return SSL_SUCCESS returned if the function and subroutines
- executed without an error.
- \return BAD_FUNC_ARG returned if the ctx or mem parameters are
- NULL or if the sz parameter is less than or equal to zero.
- \return BUFFER_E returned if the cert cache memory buffer is too small.
- \return CACHE_MATCH_ERROR returned if there was a cert cache
- header mismatch.
- \return BAD_MUTEX_E returned if the lock mutex on failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param mem a void pointer with a value that will be restored to
- the certificate cache.
- \param sz an int type that represents the size of the mem parameter.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- void* mem;
- int sz = (*int) sizeof(mem);
- …
- if(wolfSSL_CTX_memrestore_cert_cache(ssl->ctx, mem, sz)){
- // The success case
- }
- \endcode
- \sa CM_MemRestoreCertCache
- */
- int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz);
- /*!
- \ingroup CertsKeys
- \brief Returns the size the certificate cache save buffer needs to be.
- \return int integer value returned representing the memory size
- upon success.
- \return BAD_FUNC_ARG is returned if the WOLFSSL_CTX struct is NULL.
- \return BAD_MUTEX_E - returned if there was a mutex lock error.
- \param ctx a pointer to a wolfSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol);
- ...
- int certCacheSize = wolfSSL_CTX_get_cert_cache_memsize(ctx);
- if(certCacheSize != BAD_FUNC_ARG || certCacheSize != BAD_MUTEX_E){
- // Successfully retrieved the memory size.
- }
- \endcode
- \sa CM_GetCertCacheMemSize
- */
- int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function sets cipher suite list for a given WOLFSSL_CTX.
- This cipher suite list becomes the default list for any new SSL sessions
- (WOLFSSL) created using this context. The ciphers in the list should be
- sorted in order of preference from highest to lowest. Each call to
- wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the
- specific SSL context to the provided list each time the function is
- called. The cipher suite list, list, is a null-terminated text string,
- and a colon-delimited list. For example, one value for list may be
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher
- values are the full name values from the cipher_names[] array in
- src/internal.c (for a definite list of valid cipher values check
- src/internal.c)
- \return SSL_SUCCESS will be returned upon successful function completion.
- \return SSL_FAILURE will be returned on failure.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param list null-terminated text string and a colon-delimited list of
- cipher suites to use with the specified SSL context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_cipher_list(ctx,
- “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
- if (ret != SSL_SUCCESS) {
- // failed to set cipher suite list
- }
- \endcode
- \sa wolfSSL_set_cipher_list
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list);
- /*!
- \ingroup Setup
- \brief This function sets cipher suite list for a given WOLFSSL object
- (SSL session). The ciphers in the list should be sorted in order of
- preference from highest to lowest. Each call to wolfSSL_set_cipher_list()
- resets the cipher suite list for the specific SSL session to the provided
- list each time the function is called. The cipher suite list, list, is a
- null-terminated text string, and a colon-delimited list. For example, one
- value for list may be
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256".
- Valid cipher values are the full name values from the cipher_names[]
- array in src/internal.c (for a definite list of valid cipher values
- check src/internal.c)
- \return SSL_SUCCESS will be returned upon successful function completion.
- \return SSL_FAILURE will be returned on failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param list null-terminated text string and a colon-delimited list of
- cipher suites to use with the specified SSL session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_cipher_list(ssl,
- “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
- if (ret != SSL_SUCCESS) {
- // failed to set cipher suite list
- }
- \endcode
- \sa wolfSSL_CTX_set_cipher_list
- \sa wolfSSL_new
- */
- int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list);
- /*!
- \brief This function informs the WOLFSSL DTLS object that the underlying
- UDP I/O is non-blocking. After an application creates a WOLFSSL object,
- if it will be used with a non-blocking UDP socket, call
- wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would
- block rather than that it timed out.
- \return none No return.
- \param ssl pointer to the DTLS session, created with wolfSSL_new().
- \param nonblock value used to set non-blocking flag on WOLFSSL object.
- Use 1 to specify non-blocking, otherwise 0.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- \endcode
- \sa wolfSSL_dtls_get_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_get_current_timeout
- */
- void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock);
- /*!
- \brief This function allows the application to determine if wolfSSL is
- using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this
- function will return 1, otherwise 0. After an application creates a
- WOLFSSL object, if it will be used with a non-blocking UDP socket, call
- wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would block
- rather than that it timed out. This function is only meaningful to DTLS
- sessions.
- \return 0 underlying I/O is blocking.
- \return 1 underlying I/O is non-blocking.
- \param ssl pointer to the DTLS session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_dtls_get_using_nonblock(ssl);
- if (ret == 1) {
- // underlying I/O is non-blocking
- }
- ...
- \endcode
- \sa wolfSSL_dtls_set_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_using_nonblock
- */
- int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl);
- /*!
- \brief This function returns the current timeout value in seconds for
- the WOLFSSL object. When using non-blocking sockets, something in the user
- code needs to decide when to check for available recv data and how long
- it has been waiting. The value returned by this function indicates how
- long the application should wait.
- \return seconds The current DTLS timeout value in seconds
- \return NOT_COMPILED_IN if wolfSSL was not built with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int timeout = 0;
- WOLFSSL* ssl;
- ...
- timeout = wolfSSL_get_dtls_current_timeout(ssl);
- printf(“DTLS timeout (sec) = %d\n”, timeout);
- \endcode
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- */
- int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
- /*!
- \brief This function returns true if the application should setup a quicker
- timeout. When using non-blocking sockets, something in the user code needs
- to decide when to check for available data and how long it needs to wait. If
- this function returns true, it means that the library already detected some
- disruption in the communication, but it wants to wait for a little longer in
- case some messages from the other peers are still in flight. Is up to the
- application to fine tune the value of this timer, a good one may be
- dtls_get_current_timeout() / 4.
- \return true if the application code should setup a quicker timeout
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls13_set_send_more_acks
- */
- int wolfSSL_dtls13_use_quick_timeout(WOLFSSL *ssl);
- /*!
- \ingroup Setup
- \brief This function sets whether the library should send ACKs to the other
- peer immediately when detecting disruption or not. Sending ACKs immediately
- assures minimum latency but it may consume more bandwidth than necessary. If
- the application manages the timer by itself and this option is set to 0 then
- application code can use wolfSSL_dtls13_use_quick_timeout() to determine if
- it should setup a quicker timeout to send those delayed ACKs.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param value 1 to set the option, 0 to disable the option
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls13_use_quick_timeout
- */
- void wolfSSL_dtls13_set_send_more_acks(WOLFSSL *ssl, int value);
- /*!
- \ingroup Setup
- \brief This function sets the dtls timeout.
- \return SSL_SUCCESS returned if the function executes without an error.
- The dtls_timeout_init and the dtls_timeout members of SSL have been set.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- the timeout is not greater than 0. It will also return if the timeout
- argument exceeds the maximum value allowed.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param timeout an int type that will be set to the dtls_timeout_init
- member of the WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int timeout = TIMEOUT;
- ...
- if(wolfSSL_dtls_set_timeout_init(ssl, timeout)){
- // the dtls timeout was set
- } else {
- // Failed to set DTLS timeout.
- }
- \endcode
- \sa wolfSSL_dtls_set_timeout_max
- \sa wolfSSL_dtls_got_timeout
- */
- int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
- /*!
- \brief This function sets the maximum dtls timeout.
- \return SSL_SUCCESS returned if the function executed without an error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- the timeout argument is not greater than zero or is less than the
- dtls_timeout_init member of the WOLFSSL structure.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param timeout an int type representing the dtls maximum timeout.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int timeout = TIMEOUTVAL;
- ...
- int ret = wolfSSL_dtls_set_timeout_max(ssl);
- if(!ret){
- // Failed to set the max timeout
- }
- \endcode
- \sa wolfSSL_dtls_set_timeout_init
- \sa wolfSSL_dtls_got_timeout
- */
- int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
- /*!
- \brief When using non-blocking sockets with DTLS, this function should
- be called on the WOLFSSL object when the controlling code thinks the
- transmission has timed out. It performs the actions needed to retry
- the last transmit, including adjusting the timeout value. If it
- has been too long, this will return a failure.
- \return SSL_SUCCESS will be returned upon success
- \return SSL_FATAL_ERROR will be returned if there have been too many
- retransmissions/timeouts without getting a response from the peer.
- \return NOT_COMPILED_IN will be returned if wolfSSL was not compiled with
- DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- See the following files for usage examples:
- <wolfssl_root>/examples/client/client.c
- <wolfssl_root>/examples/server/server.c
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
- /*!
- \brief When using non-blocking sockets with DTLS, this function retransmits
- the last handshake flight ignoring the expected timeout value and
- retransmit count. It is useful for applications that are using DTLS and
- need to manage even the timeout and retry count.
- \return SSL_SUCCESS will be returned upon success
- \return SSL_FATAL_ERROR will be returned if there have been too many
- retransmissions/timeouts without getting a response from the peer.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_dtls_retransmit(ssl);
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_retransmit(WOLFSSL* ssl);
- /*!
- \brief This function is used to determine if the SSL session has been
- configured to use DTLS.
- \return 1 If the SSL session (ssl) has been configured to use DTLS, this
- function will return 1.
- \return 0 otherwise.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_dtls(ssl);
- if (ret) {
- // SSL session has been configured to use DTLS
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- */
- int wolfSSL_dtls(WOLFSSL* ssl);
- /*!
- \brief This function sets the DTLS peer, peer (sockaddr_in) with size of
- peerSz.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to peer’s sockaddr_in structure. If NULL then the peer
- information in ssl is cleared.
- \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
- then the peer information in ssl is cleared.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in addr;
- ...
- ret = wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
- if (ret != SSL_SUCCESS) {
- // failed to set DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_set_pending_peer
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
- /*!
- \brief This function sets the pending DTLS peer, peer (sockaddr_in) with
- size of peerSz. This sets the pending peer that will be upgraded to a
- regular peer when we successfully de-protect the next record. This is useful
- in scenarios where the peer's address can change to avoid off-path attackers
- from changing the peer address. This should be used with Connection ID's to
- allow seamless and safe transition to a new peer address.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to peer’s sockaddr_in structure. If NULL then the peer
- information in ssl is cleared.
- \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
- then the peer information in ssl is cleared.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in addr;
- ...
- ret = wolfSSL_dtls_set_pending_peer(ssl, &addr, sizeof(addr));
- if (ret != SSL_SUCCESS) {
- // failed to set DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
- unsigned int peerSz);
- /*!
- \brief This function gets the sockaddr_in (of size peerSz) of the current
- DTLS peer. The function will compare peerSz to the actual DTLS peer size
- stored in the SSL session. If the peer will fit into peer, the peer’s
- sockaddr_in will be copied into peer, with peerSz set to the size of peer.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to memory location to store peer’s sockaddr_in
- structure.
- \param peerSz input/output size. As input, the size of the allocated memory
- pointed to by peer. As output, the size of the actual sockaddr_in structure
- pointed to by peer.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in addr;
- ...
- ret = wolfSSL_dtls_get_peer(ssl, &addr, sizeof(addr));
- if (ret != SSL_SUCCESS) {
- // failed to get DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
- /*!
- \brief This function gets the sockaddr_in (of size peerSz) of the current
- DTLS peer. This is a zero-copy alternative to wolfSSL_dtls_get_peer().
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to return the internal buffer holding the peer address
- \param peerSz output the size of the actual sockaddr_in structure
- pointed to by peer.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in* addr;
- unsigned int addrSz;
- ...
- ret = wolfSSL_dtls_get_peer(ssl, &addr, &addrSz);
- if (ret != SSL_SUCCESS) {
- // failed to get DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
- unsigned int* peerSz);
- /*!
- \ingroup Debug
- \brief This function converts an error code returned by
- wolfSSL_get_error() into a more human-readable error string.
- errNumber is the error code returned by wolfSSL_get_error() and data
- is the storage buffer which the error string will be placed in.
- The maximum length of data is 80 characters by default, as defined by
- MAX_ERROR_SZ is wolfssl/wolfcrypt/error.h.
- \return success On successful completion, this function returns the same
- string as is returned in data.
- \return failure Upon failure, this function returns a string with the
- appropriate failure reason, msg.
- \param errNumber error code returned by wolfSSL_get_error().
- \param data output buffer containing human-readable error string matching
- errNumber.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string(err, buffer);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data);
- /*!
- \ingroup Debug
- \brief This function is a version of wolfSSL_ERR_error_string() where
- len specifies the maximum number of characters that may be written to buf.
- Like wolfSSL_ERR_error_string(), this function converts an error code
- returned from wolfSSL_get_error() into a more human-readable error string.
- The human-readable string is placed in buf.
- \return none No returns.
- \param e error code returned by wolfSSL_get_error().
- \param buff output buffer containing human-readable error string matching e.
- \param len maximum length in characters which may be written to buf.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string_n(err, buffer, 80);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
- unsigned long sz);
- /*!
- \ingroup TLS
- \brief This function checks the shutdown conditions in closeNotify or
- connReset or sentNotify members of the Options structure. The Options
- structure is within the WOLFSSL structure.
- \return 1 SSL_SENT_SHUTDOWN is returned.
- \return 2 SSL_RECEIVED_SHUTDOWN is returned.
- \param ssl a constant pointer to a WOLFSSL structure, created using
- wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- …
- int ret;
- ret = wolfSSL_get_shutdown(ssl);
- if(ret == 1){
- SSL_SENT_SHUTDOWN
- } else if(ret == 2){
- SSL_RECEIVED_SHUTDOWN
- } else {
- Fatal error.
- }
- \endcode
- \sa wolfSSL_SESSION_free
- */
- int wolfSSL_get_shutdown(const WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns the resuming member of the options struct. The
- flag indicates whether or not to reuse a session. If not, a new session must
- be established.
- \return This function returns an int type held in the Options structure
- representing the flag for session reuse.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if(!wolfSSL_session_reused(sslResume)){
- // No session reuse allowed.
- }
- \endcode
- \sa wolfSSL_SESSION_free
- \sa wolfSSL_GetSessionIndex
- \sa wolfSSL_memsave_session_cache
- */
- int wolfSSL_session_reused(WOLFSSL* ssl);
- /*!
- \ingroup TLS
- \brief This function checks to see if the connection is established.
- \return 0 returned if the connection is not established, i.e. the WOLFSSL
- struct is NULL or the handshake is not done.
- \return 1 returned if the connection is established i.e. the WOLFSSL
- handshake is done.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _EXAMPLE_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_is_init_finished(ssl)){
- Handshake is done and connection is established
- }
- \endcode
- \sa wolfSSL_set_accept_state
- \sa wolfSSL_get_keys
- \sa wolfSSL_set_shutdown
- */
- int wolfSSL_is_init_finished(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Returns the SSL version being used as a string.
- \return "SSLv3" Using SSLv3
- \return "TLSv1" Using TLSv1
- \return "TLSv1.1" Using TLSv1.1
- \return "TLSv1.2" Using TLSv1.2
- \return "TLSv1.3" Using TLSv1.3
- \return "DTLS": Using DTLS
- \return "DTLSv1.2" Using DTLSv1.2
- \return "unknown" There was a problem determining which version of TLS
- being used.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- printf(wolfSSL_get_version("Using version: %s", ssl));
- \endcode
- \sa wolfSSL_lib_version
- */
- const char* wolfSSL_get_version(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Returns the current cipher suit an ssl session is using.
- \return ssl->options.cipherSuite An integer representing the current
- cipher suite.
- \return 0 The ssl session provided is null.
- \param ssl The SSL session to check.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_get_current_cipher_suite(ssl) == 0)
- {
- // Error getting cipher suite
- }
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_list
- */
- int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns a pointer to the current cipher in the
- ssl session.
- \return The function returns the address of the cipher member of the
- WOLFSSL struct. This is a pointer to the WOLFSSL_CIPHER structure.
- \return NULL returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- WOLFSSL_CIPHER* cipherCurr = wolfSSL_get_current_cipher;
- if(!cipherCurr){
- // Failure case.
- } else {
- // The cipher was returned to cipherCurr
- }
- \endcode
- \sa wolfSSL_get_cipher
- \sa wolfSSL_get_cipher_name_internal
- \sa wolfSSL_get_cipher_name
- */
- WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function matches the cipher suite in the SSL object with
- the available suites and returns the string representation.
- \return string This function returns the string representation of the
- matched cipher suite.
- \return none It will return “None” if there are no suites matched.
- \param cipher a constant pointer to a WOLFSSL_CIPHER structure.
- _Example_
- \code
- // gets cipher name in the format DHE_RSA ...
- const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl){
- WOLFSSL_CIPHER* cipher;
- const char* fullName;
- …
- cipher = wolfSSL_get_curent_cipher(ssl);
- fullName = wolfSSL_CIPHER_get_name(cipher);
- if(fullName){
- // sanity check on returned cipher
- }
- \endcode
- \sa wolfSSL_get_cipher
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_name_internal
- \sa wolfSSL_get_cipher_name
- */
- const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
- /*!
- \ingroup IO
- \brief This function matches the cipher suite in the SSL object with
- the available suites.
- \return This function returns the string value of the suite matched. It
- will return “None” if there are no suites matched.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #ifdef WOLFSSL_DTLS
- …
- // make sure a valid suite is used
- if(wolfSSL_get_cipher(ssl) == NULL){
- WOLFSSL_MSG(“Can not match cipher suite imported”);
- return MATCH_SUITE_ERROR;
- }
- …
- #endif // WOLFSSL_DTLS
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- */
- const char* wolfSSL_get_cipher(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function returns the WOLFSSL_SESSION from the WOLFSSL structure
- as a reference type. This requires calling wolfSSL_SESSION_free to release
- the session reference. The WOLFSSL_SESSION pointed to contains all the
- necessary information required to perform a session resumption and
- reestablish the connection without a new handshake. For
- session resumption, before calling wolfSSL_shutdown() with your session
- object, an application should save the session ID from the object with a
- call to wolfSSL_get1_session(), which returns a pointer to the session.
- Later, the application should create a new WOLFSSL object and assign the
- saved session with wolfSSL_set_session(). At this point, the application
- may call wolfSSL_connect() and wolfSSL will try to resume the session.
- The wolfSSL server code allows session resumption by default. The object
- returned by wolfSSL_get1_session() needs to be freed after the application
- is done with it by calling wolfSSL_SESSION_free() on it.
- \return WOLFSSL_SESSION On success return session pointer.
- \return NULL will be returned if ssl is NULL, the SSL session cache is
- disabled, wolfSSL doesn’t have the Session ID available, or mutex
- functions fail.
- \param ssl WOLFSSL structure to get session from.
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_SESSION* ses;
- // attempt/complete handshake
- wolfSSL_connect(ssl);
- ses = wolfSSL_get1_session(ssl);
- // check ses information
- // disconnect / setup new SSL instance
- wolfSSL_set_session(ssl, ses);
- // attempt/resume handshake
- wolfSSL_SESSION_free(ses);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_SESSION_free
- */
- WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief The wolfSSLv23_client_method() function is used to indicate that
- the application is a client and will support the highest protocol
- version supported by the server between SSL 3.0 - TLS 1.3. This function
- allocates memory for and initializes a new WOLFSSL_METHOD structure
- to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
- Both wolfSSL clients and servers have robust version downgrade capability.
- If a specific protocol version method is used on either side, then only
- that version will be negotiated or an error will be returned. For
- example, a client that uses TLSv1 and tries to connect to a SSLv3 only
- server will fail, likewise connecting to a TLSv1.1 will fail as well.
- To resolve this issue, a client that uses the wolfSSLv23_client_method()
- function will use the highest protocol version supported by the server and
- downgrade to SSLv3 if needed. In this case, the client will be able to
- connect to a server running SSLv3 - TLSv1.3.
- \return pointer upon success a pointer to a WOLFSSL_METHOD.
- \return Failure If memory allocation fails when calling XMALLOC,
- the failure value of the underlying malloc() implementation will be
- returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv23_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD* wolfSSLv23_client_method(void);
- /*!
- \ingroup IO
- \brief This is used to set a byte pointer to the start of the
- internal memory buffer.
- \return size On success the size of the buffer is returned
- \return SSL_FATAL_ERROR If an error case was encountered.
- \param bio WOLFSSL_BIO structure to get memory buffer of.
- \param p byte pointer to set to memory buffer.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- const byte* p;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_get_mem_data(bio, &p);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
- /*!
- \ingroup IO
- \brief Sets the file descriptor for bio to use.
- \return SSL_SUCCESS(1) upon success.
- \param bio WOLFSSL_BIO structure to set fd.
- \param fd file descriptor to use.
- \param closeF flag for behavior when closing fd.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int fd;
- // setup bio
- wolfSSL_BIO_set_fd(bio, fd, BIO_NOCLOSE);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
- /*!
- \ingroup IO
- \brief Sets the close flag, used to indicate that the i/o stream should be
- closed when the BIO is freed
- \return SSL_SUCCESS(1) upon success.
- \param bio WOLFSSL_BIO structure.
- \param flag flag for behavior when closing i/o stream.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- // setup bio
- wolfSSL_BIO_set_close(bio, BIO_NOCLOSE);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
- /*!
- \ingroup IO
- \brief This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
- \return WOLFSSL_BIO_METHOD pointer to a WOLFSSL_BIO_METHOD structure
- that is a socket type
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- */
- WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
- /*!
- \ingroup IO
- \brief This is used to set the size of write buffer for a
- WOLFSSL_BIO. If write buffer has been previously set this
- function will free it when resetting the size. It is similar to
- wolfSSL_BIO_reset in that it resets read and write indexes to 0.
- \return SSL_SUCCESS On successfully setting the write buffer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set fd.
- \param size size of buffer to allocate.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_set_write_buf_size(bio, 15000);
- // check return value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
- /*!
- \ingroup IO
- \brief This is used to pair two bios together. A pair of bios acts
- similar to a two way pipe writing to one can be read by the other
- and vice versa. It is expected that both bios be in the same thread,
- this function is not thread safe. Freeing one of the two bios removes
- both from being paired. If a write buffer size was not previously
- set for either of the bios it is set to a default size of 17000
- (WOLFSSL_BIO_SIZE) before being paired.
- \return SSL_SUCCESS On successfully pairing the two bios.
- \return SSL_FAILURE If an error case was encountered.
- \param b1 WOLFSSL_BIO structure to set pair.
- \param b2 second WOLFSSL_BIO structure to complete pair.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_BIO* bio2;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
- bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
- ret = wolfSSL_BIO_make_bio_pair(bio, bio2);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
- /*!
- \ingroup IO
- \brief This is used to set the read request flag back to 0.
- \return SSL_SUCCESS On successfully setting value.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set read request flag.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- ...
- ret = wolfSSL_BIO_ctrl_reset_read_request(bio);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_new, wolfSSL_BIO_free
- */
- int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *bio);
- /*!
- \ingroup IO
- \brief This is used to get a buffer pointer for reading from. Unlike
- wolfSSL_BIO_nread the internal read index is not advanced by the number
- returned from the function call. Reading past the value returned can
- result in reading out of array bounds.
- \return >=0 on success return the number of bytes to read
- \param bio WOLFSSL_BIO structure to read from.
- \param buf pointer to set at beginning of read array.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nread0(bio, &bufPt); // read as many bytes as possible
- // handle negative ret check
- // read ret bytes from bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_nwrite0
- */
- int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
- /*!
- \ingroup IO
- \brief This is used to get a buffer pointer for reading from. The internal
- read index is advanced by the number returned from the function call with
- buf being pointed to the beginning of the buffer to read from. In the
- case that less bytes are in the read buffer than the value requested with
- num the lesser value is returned. Reading past the value returned can
- result in reading out of array bounds.
- \return >=0 on success return the number of bytes to read
- \return WOLFSSL_BIO_ERROR(-1) on error case with nothing to read return -1
- \param bio WOLFSSL_BIO structure to read from.
- \param buf pointer to set at beginning of read array.
- \param num number of bytes to try and read.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nread(bio, &bufPt, 10); // try to read 10 bytes
- // handle negative ret check
- // read ret bytes from bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_nwrite
- */
- int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
- /*!
- \ingroup IO
- \brief Gets a pointer to the buffer for writing as many bytes as returned by
- the function. Writing more bytes to the pointer returned then the value
- returned can result in writing out of bounds.
- \return int Returns the number of bytes that can be written to the buffer
- pointer returned.
- \return WOLFSSL_BIO_UNSET(-2) in the case that is not part of a bio pair
- \return WOLFSSL_BIO_ERROR(-1) in the case that there is no more room to
- write to
- \param bio WOLFSSL_BIO structure to write to.
- \param buf pointer to buffer to write to.
- \param num number of bytes desired to be written.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nwrite(bio, &bufPt, 10); // try to write 10 bytes
- // handle negative ret check
- // write ret bytes to bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- \sa wolfSSL_BIO_nread
- */
- int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
- /*!
- \ingroup IO
- \brief Resets bio to an initial state. As an example for type BIO_BIO
- this resets the read and write index.
- \return 0 On successfully resetting the bio.
- \return WOLFSSL_BIO_ERROR(-1) Returned on bad input or unsuccessful reset.
- \param bio WOLFSSL_BIO structure to reset.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- // setup bio
- wolfSSL_BIO_reset(bio);
- //use pt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
- /*!
- \ingroup IO
- \brief This function adjusts the file pointer to the offset given. This
- is the offset from the head of the file.
- \return 0 On successfully seeking.
- \return -1 If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set.
- \param ofs offset into file.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_set_fp(bio, &fp);
- // check ret value
- ret = wolfSSL_BIO_seek(bio, 3);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
- /*!
- \ingroup IO
- \brief This is used to set and write to a file. WIll overwrite any data
- currently in the file and is set to close the file when the bio is freed.
- \return SSL_SUCCESS On successfully opening and setting file.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set file.
- \param name name of file to write to.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_write_filename(bio, “test.txt”);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_file
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
- /*!
- \ingroup IO
- \brief This is used to set the end of file value. Common value is -1 so
- as not to get confused with expected positive values.
- \return 0 returned on completion
- \param bio WOLFSSL_BIO structure to set end of file value.
- \param v value to set in bio.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_set_mem_eof_return(bio, -1);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
- /*!
- \ingroup IO
- \brief This is a getter function for WOLFSSL_BIO memory pointer.
- \return SSL_SUCCESS On successfully getting the pointer SSL_SUCCESS is
- returned (currently value of 1).
- \return SSL_FAILURE Returned if NULL arguments are passed in (currently
- value of 0).
- \param bio pointer to the WOLFSSL_BIO structure for getting memory pointer.
- \param ptr structure that is currently a char*. Is set to point to
- bio’s memory.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_BUF_MEM* pt;
- // setup bio
- wolfSSL_BIO_get_mem_ptr(bio, &pt);
- //use pt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- */
- long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
- /*!
- \ingroup CertsKeys
- \brief This function copies the name of the x509 into a buffer.
- \return A char pointer to the buffer with the WOLFSSL_X509_NAME structures
- name member’s data is returned if the function executed normally.
- \param name a pointer to a WOLFSSL_X509 structure.
- \param in a buffer to hold the name copied from the
- WOLFSSL_X509_NAME structure.
- \param sz the maximum size of the buffer.
- _Example_
- \code
- WOLFSSL_X509 x509;
- char* name;
- ...
- name = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
- if(name <= 0){
- // There’s nothing in the buffer.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_version
- */
- char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
- /*!
- \ingroup CertsKeys
- \brief This function returns the name of the certificate issuer.
- \return point a pointer to the WOLFSSL_X509 struct’s issuer member is
- returned.
- \return NULL if the cert passed in is NULL.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509;
- WOLFSSL_X509_NAME issuer;
- ...
- issuer = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
- if(!issuer){
- // NULL was returned
- } else {
- // issuer hods the name of the certificate issuer.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_NAME_oneline
- */
- WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief This function returns the subject member of the WOLFSSL_X509
- structure.
- \return pointer a pointer to the WOLFSSL_X509_NAME structure. The pointer
- may be NULL if the WOLFSSL_X509 struct is NULL or if the subject member of
- the structure is NULL.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* cert;
- WOLFSSL_X509_NAME name;
- …
- name = wolfSSL_X509_get_subject_name(cert);
- if(name == NULL){
- // Deal with the NULL cacse
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- */
- WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief Checks the isCa member of the WOLFSSL_X509 structure and returns
- the value.
- \return isCA returns the value in the isCA member of the WOLFSSL_X509
- structure is returned.
- \return 0 returned if there is not a valid x509 structure passed in.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_X509_get_isCA(ssl)){
- // This is the CA
- }else {
- // Failure case
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- */
- int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief This function gets the text related to the passed in NID value.
- \return int returns the size of the text buffer.
- \param name WOLFSSL_X509_NAME to search for text.
- \param nid NID to search for.
- \param buf buffer to hold text when found.
- \param len length of buffer.
- _Example_
- \code
- WOLFSSL_X509_NAME* name;
- char buffer[100];
- int bufferSz;
- int ret;
- // get WOLFSSL_X509_NAME
- ret = wolfSSL_X509_NAME_get_text_by_NID(name, NID_commonName,
- buffer, bufferSz);
- //check ret value
- \endcode
- \sa none
- */
- int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid,
- char* buf, int len);
- /*!
- \ingroup CertsKeys
- \brief This function returns the value stored in the sigOID
- member of the WOLFSSL_X509 structure.
- \return 0 returned if the WOLFSSL_X509 structure is NULL.
- \return int an integer value is returned which was retrieved from
- the x509 object.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- int x509SigType = wolfSSL_X509_get_signature_type(x509);
- if(x509SigType != EXPECTED){
- // Deal with an unexpected value
- }
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_notAfter
- \sa wolfSSL_X509_free
- */
- int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert);
- /*!
- \brief This function frees a WOLFSSL_X509 structure.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- wolfSSL_X509_free(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_notAfter
- */
- void wolfSSL_X509_free(WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief Gets the X509 signature and stores it in the buffer.
- \return SSL_SUCCESS returned if the function successfully executes.
- The signature is loaded into the buffer.
- \return SSL_FATAL_ERRROR returns if the x509 struct or the bufSz member
- is NULL. There is also a check for the length member of the sig structure
- (sig is a member of x509).
- \param x509 pointer to a WOLFSSL_X509 structure.
- \param buf a char pointer to the buffer.
- \param bufSz an integer pointer to the size of the buffer.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- unsigned char* buf; // Initialize
- int* bufSz = sizeof(buf)/sizeof(unsigned char);
- ...
- if(wolfSSL_X509_get_signature(x509, buf, bufSz) != SSL_SUCCESS){
- // The function did not execute successfully.
- } else{
- // The buffer was written to correctly.
- }
- \endcode
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_get_signature_type
- \sa wolfSSL_X509_get_device_type
- */
- int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz);
- /*!
- \ingroup CertsKeys
- \brief This function adds a certificate to the WOLFSSL_X509_STRE structure.
- \return SSL_SUCCESS If certificate is added successfully.
- \return SSL_FATAL_ERROR: If certificate is not added successfully.
- \param str certificate store to add the certificate to.
- \param x509 certificate to add.
- _Example_
- \code
- WOLFSSL_X509_STORE* str;
- WOLFSSL_X509* x509;
- int ret;
- ret = wolfSSL_X509_STORE_add_cert(str, x509);
- //check ret value
- \endcode
- \sa wolfSSL_X509_free
- */
- int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief This function is a getter function for chain variable
- in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
- \return pointer if successful returns WOLFSSL_STACK
- (same as STACK_OF(WOLFSSL_X509)) pointer
- \return Null upon failure
- \param ctx certificate store ctx to get parse chain from.
- _Example_
- \code
- WOLFSSL_STACK* sk;
- WOLFSSL_X509_STORE_CTX* ctx;
- sk = wolfSSL_X509_STORE_CTX_get_chain(ctx);
- //check sk for NULL and then use it. sk needs freed after done.
- \endcode
- \sa wolfSSL_sk_X509_free
- */
- WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
- WOLFSSL_X509_STORE_CTX* ctx);
- /*!
- \ingroup CertsKeys
- \brief This function takes in a flag to change the behavior of the
- WOLFSSL_X509_STORE structure passed in. An example of a flag used
- is WOLFSSL_CRL_CHECK.
- \return SSL_SUCCESS If no errors were encountered when setting the flag.
- \return <0 a negative value will be returned upon failure.
- \param str certificate store to set flag in.
- \param flag flag for behavior.
- _Example_
- \code
- WOLFSSL_X509_STORE* str;
- int ret;
- // create and set up str
- ret = wolfSSL_X509_STORE_set_flags(str, WOLFSSL_CRL_CHECKALL);
- If (ret != SSL_SUCCESS) {
- //check ret value and handle error case
- }
- \endcode
- \sa wolfSSL_X509_STORE_new
- \sa wolfSSL_X509_STORE_free
- */
- int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
- unsigned long flag);
- /*!
- \ingroup CertsKeys
- \brief This function the certificate "not before" validity encoded as
- a byte array.
- \return NULL returned if the WOLFSSL_X509 structure is NULL.
- \return byte is returned that contains the notBeforeData.
- \param x509 pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- byte* notBeforeData = wolfSSL_X509_notBefore(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notAfter
- \sa wolfSSL_X509_free
- */
- const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief This function the certificate "not after" validity encoded as
- a byte array.
- \return NULL returned if the WOLFSSL_X509 structure is NULL.
- \return byte is returned that contains the notAfterData.
- \param x509 pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- byte* notAfterData = wolfSSL_X509_notAfter(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_free
- */
- const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This function is used to copy a WOLFSSL_ASN1_INTEGER
- value to a WOLFSSL_BIGNUM structure.
- \return pointer On successfully copying the WOLFSSL_ASN1_INTEGER
- value a WOLFSSL_BIGNUM pointer is returned.
- \return Null upon failure.
- \param ai WOLFSSL_ASN1_INTEGER structure to copy from.
- \param bn if wanting to copy into an already existing
- WOLFSSL_BIGNUM struct then pass in a pointer to it.
- Optionally this can be NULL and a new WOLFSSL_BIGNUM
- structure will be created.
- _Example_
- \code
- WOLFSSL_ASN1_INTEGER* ai;
- WOLFSSL_BIGNUM* bn;
- // create ai
- bn = wolfSSL_ASN1_INTEGER_to_BN(ai, NULL);
- // or if having already created bn and wanting to reuse structure
- // wolfSSL_ASN1_INTEGER_to_BN(ai, bn);
- // check bn is or return value is not NULL
- \endcode
- \sa none
- */
- WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
- WOLFSSL_BIGNUM *bn);
- /*!
- \ingroup Setup
- \brief This function adds the certificate to the internal chain
- being built in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS after successfully adding the certificate.
- \return SSL_FAILURE if failing to add the certificate to the chain.
- \param ctx WOLFSSL_CTX structure to add certificate to.
- \param x509 certificate to add to the chain.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL_X509* x509;
- int ret;
- // create ctx
- ret = wolfSSL_CTX_add_extra_chain_cert(ctx, x509);
- // check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This function returns the get read ahead flag from a
- WOLFSSL_CTX structure.
- \return flag On success returns the read ahead flag.
- \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
- \param ctx WOLFSSL_CTX structure to get read ahead flag from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int flag;
- // setup ctx
- flag = wolfSSL_CTX_get_read_ahead(ctx);
- //check flag
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_set_read_ahead
- */
- int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function sets the read ahead flag in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS If ctx read ahead flag set.
- \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
- \param ctx WOLFSSL_CTX structure to set read ahead flag.
- \param v read ahead flag
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int flag;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_read_ahead(ctx, flag);
- // check return value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_get_read_ahead
- */
- int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v);
- /*!
- \ingroup Setup
- \brief This function sets the options argument to use with OCSP.
- \return SSL_FAILURE If ctx or it’s cert manager is NULL.
- \return SSL_SUCCESS If successfully set.
- \param ctx WOLFSSL_CTX structure to set user argument.
- \param arg user argument.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_tlsext_status_arg(ctx, data);
- //check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg);
- /*!
- \ingroup Setup
- \brief This function sets the optional argument to be passed to
- the PRF callback.
- \return SSL_FAILURE If ctx is NULL.
- \return SSL_SUCCESS If successfully set.
- \param ctx WOLFSSL_CTX structure to set user argument.
- \param arg user argument.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_tlsext_opaques_prf_input_callback_arg(ctx, data);
- //check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
- WOLFSSL_CTX* ctx, void* arg);
- /*!
- \ingroup Setup
- \brief This function sets the options mask in the ssl.
- Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE,
- SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1,
- SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
- \return val Returns the updated options mask value stored in ssl.
- \param s WOLFSSL structure to set options mask.
- \param op This function sets the options mask in the ssl.
- Some valid options are:
- SSL_OP_ALL
- SSL_OP_COOKIE_EXCHANGE
- SSL_OP_NO_SSLv2
- SSL_OP_NO_SSLv3
- SSL_OP_NO_TLSv1
- SSL_OP_NO_TLSv1_1
- SSL_OP_NO_TLSv1_2
- SSL_OP_NO_COMPRESSION
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned long mask;
- mask = SSL_OP_NO_TLSv1
- mask = wolfSSL_set_options(ssl, mask);
- // check mask
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_get_options
- */
- long wolfSSL_set_options(WOLFSSL *s, long op);
- /*!
- \ingroup Setup
- \brief This function returns the current options mask.
- \return val Returns the mask value stored in ssl.
- \param ssl WOLFSSL structure to get options mask from.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned long mask;
- mask = wolfSSL_get_options(ssl);
- // check mask
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_set_options
- */
- long wolfSSL_get_options(const WOLFSSL *ssl);
- /*!
- \ingroup Setup
- \brief This is used to set the debug argument passed around.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to set argument in.
- \param arg argument to use.
- _Example_
- \code
- WOLFSSL* ssl;
- void* args;
- int ret;
- // create ssl object
- ret = wolfSSL_set_tlsext_debug_arg(ssl, args);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg);
- /*!
- \ingroup openSSL
- \brief This function is called when the client application request
- that a server send back an OCSP status response (also known as
- OCSP stapling).Currently, the only supported type is
- TLSEXT_STATUSTYPE_ocsp.
- \return 1 upon success.
- \return 0 upon error.
- \param s pointer to WOLFSSL struct which is created by SSL_new() function
- \param type ssl extension type which TLSEXT_STATUSTYPE_ocsp is
- only supported.
- _Example_
- \code
- WOLFSSL *ssl;
- WOLFSSL_CTX *ctx;
- int ret;
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- ssl = wolfSSL_new(ctx);
- ret = WolfSSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_free
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
- /*!
- \ingroup Setup
- \brief This is used to get the results after trying to verify the peer's
- certificate.
- \return X509_V_OK On successful verification.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to get verification results from.
- _Example_
- \code
- WOLFSSL* ssl;
- long ret;
- // attempt/complete handshake
- ret = wolfSSL_get_verify_result(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_get_verify_result(const WOLFSSL *ssl);
- /*!
- \ingroup Debug
- \brief This function converts an error code returned by
- wolfSSL_get_error() into a more human-readable error string
- and prints that string to the output file - fp. err is the
- error code returned by wolfSSL_get_error() and fp is the
- file which the error string will be placed in.
- \return none No returns.
- \param fp output file for human-readable error string to be written to.
- \param err error code returned by wolfSSL_get_error().
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- FILE* fp = ...
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_print_errors_fp(fp, err);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_print_errors_fp(XFILE fp, int err);
- /*!
- \ingroup Debug
- \brief This function uses the provided callback to handle error reporting.
- The callback function is executed for each error line. The string, length,
- and userdata are passed into the callback parameters.
- \return none No returns.
- \param cb the callback function.
- \param u userdata to pass into the callback function.
- _Example_
- \code
- int error_cb(const char *str, size_t len, void *u)
- { fprintf((FILE*)u, "%-*.*s\n", (int)len, (int)len, str); return 0; }
- ...
- FILE* fp = ...
- wolfSSL_ERR_print_errors_cb(error_cb, fp);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_print_errors_cb (
- int (*cb)(const char *str, size_t len, void *u), void *u);
- /*!
- \brief The function sets the client_psk_cb member of the
- WOLFSSL_CTX structure.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param cb wc_psk_client_callback is a function pointer that will be
- stored in the WOLFSSL_CTX structure. Return value is the key length on
- success or zero on error.
- unsigned int (*wc_psk_client_callback)
- PSK client callback parameters:
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- const char* hint - A stored string that could be displayed to provide a
- hint to the user.
- char* identity - The ID will be stored here.
- unsigned int id_max_len - Size of the ID buffer.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
- …
- static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
- char* identity, unsigned int id_max_len, unsigned char* key,
- Unsigned int key_max_len){
- …
- wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
- \endcode
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- */
- void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
- wc_psk_client_callback cb);
- /*!
- \brief Sets the PSK client side callback.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to type wc_psk_client_callback. Return value
- is the key length on success or zero on error.
- unsigned int (*wc_psk_client_callback)
- PSK client callback parameters:
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- const char* hint - A stored string that could be displayed to provide a
- hint to the user.
- char* identity - The ID will be stored here.
- unsigned int id_max_len - Size of the ID buffer.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL* ssl;
- static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
- char* identity, unsigned int id_max_len, unsigned char* key,
- Unsigned int key_max_len){
- …
- if(ssl){
- wolfSSL_set_psk_client_callback(ssl, my_psk_client_cb);
- } else {
- // could not set callback
- }
- \endcode
- \sa wolfSSL_CTX_set_psk_client_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_set_psk_server_callback
- */
- void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,
- wc_psk_client_callback);
- /*!
- \ingroup CertsKeys
- \brief This function returns the psk identity hint.
- \return pointer a const char pointer to the value that was stored in
- the arrays member of the WOLFSSL structure is returned.
- \return NULL returned if the WOLFSSL or Arrays structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- char* idHint;
- ...
- idHint = wolfSSL_get_psk_identity_hint(ssl);
- if(idHint){
- // The hint was retrieved
- return idHint;
- } else {
- // Hint wasn’t successfully retrieved
- }
- \endcode
- \sa wolfSSL_get_psk_identity
- */
- const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief The function returns a constant pointer to the client_identity
- member of the Arrays structure.
- \return string the string value of the client_identity member of the
- Arrays structure.
- \return NULL if the WOLFSSL structure is NULL or if the Arrays member of
- the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* pskID;
- ...
- pskID = wolfSSL_get_psk_identity(ssl);
- if(pskID == NULL){
- // There is not a value in pskID
- }
- \endcode
- \sa wolfSSL_get_psk_identity_hint
- \sa wolfSSL_use_psk_identity_hint
- */
- const char* wolfSSL_get_psk_identity(const WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief This function stores the hint argument in the server_hint
- member of the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned for successful execution of the function.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param hint a constant char pointer that will be copied to the
- WOLFSSL_CTX structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- const char* hint;
- int ret;
- …
- ret = wolfSSL_CTX_use_psk_identity_hint(ctx, hint);
- if(ret == SSL_SUCCESS){
- // Function was successful.
- return ret;
- } else {
- // Failure case.
- }
- \endcode
- \sa wolfSSL_use_psk_identity_hint
- */
- int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint);
- /*!
- \ingroup CertsKeys
- \brief This function stores the hint argument in the server_hint member
- of the Arrays structure within the WOLFSSL structure.
- \return SSL_SUCCESS returned if the hint was successfully stored in the
- WOLFSSL structure.
- \return SSL_FAILURE returned if the WOLFSSL or Arrays structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param hint a constant character pointer that holds the hint to be saved
- in memory.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* hint;
- ...
- if(wolfSSL_use_psk_identity_hint(ssl, hint) != SSL_SUCCESS){
- // Handle failure case.
- }
- \endcode
- \sa wolfSSL_CTX_use_psk_identity_hint
- */
- int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint);
- /*!
- \brief This function sets the psk callback for the server side in
- the WOLFSSL_CTX structure.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer for the callback and will be stored in
- the WOLFSSL_CTX structure. Return value is the key length on success or
- zero on error.
- unsigned int (*wc_psk_server_callback)
- PSK server callback parameters
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- char* identity - The ID will be stored here.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
- unsigned char* key, unsigned int key_max_len)
- {
- // Function body.
- }
- …
- if(ctx != NULL){
- wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
- } else {
- // The CTX object was not properly initialized.
- }
- \endcode
- \sa wc_psk_server_callback
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- */
- void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
- wc_psk_server_callback cb);
- /*!
- \brief Sets the psk callback for the server side by setting the
- WOLFSSL structure options members.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer for the callback and will be stored in
- the WOLFSSL structure. Return value is the key length on success or zero
- on error.
- unsigned int (*wc_psk_server_callback)
- PSK server callback parameters
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- char* identity - The ID will be stored here.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- …
- static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
- unsigned char* key, unsigned int key_max_len)
- {
- // Function body.
- }
- …
- if(ssl != NULL && cb != NULL){
- wolfSSL_set_psk_server_callback(ssl, my_psk_server_cb);
- }
- \endcode
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- \sa wolfSSL_get_psk_identity_hint
- \sa wc_psk_server_callback
- \sa InitSuites
- */
- void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,
- wc_psk_server_callback cb);
- /*!
- \brief Sets a PSK user context in the WOLFSSL structure options member.
- \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param psk_ctx void pointer to user PSK context
- \sa wolfSSL_get_psk_callback_ctx
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx);
- /*!
- \brief Sets a PSK user context in the WOLFSSL_CTX structure.
- \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
- \param psk_ctx void pointer to user PSK context
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_get_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx);
- /*!
- \brief Get a PSK user context in the WOLFSSL structure options member.
- \return void pointer to user PSK context
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl);
- /*!
- \brief Get a PSK user context in the WOLFSSL_CTX structure.
- \return void pointer to user PSK context
- \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_get_psk_callback_ctx
- */
- void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function enables the havAnon member of the CTX structure if
- HAVE_ANON is defined during compilation.
- \return SSL_SUCCESS returned if the function executed successfully and the
- haveAnnon member of the CTX is set to 1.
- \return SSL_FAILURE returned if the CTX structure was NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- #ifdef HAVE_ANON
- if(cipherList == NULL){
- wolfSSL_CTX_allow_anon_cipher(ctx);
- if(wolfSSL_CTX_set_cipher_list(ctx, “ADH_AES128_SHA”) != SSL_SUCCESS){
- // failure case
- }
- }
- #endif
- \endcode
- \sa none
- */
- int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief The wolfSSLv23_server_method() function is used to indicate
- that the application is a server and will support clients connecting
- with protocol version from SSL 3.0 - TLS 1.3. This function allocates
- memory for and initializes a new WOLFSSL_METHOD structure to be used when
- creating the SSL/TLS context with wolfSSL_CTX_new().
- \return pointer If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return Failure If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv23_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv23_server_method(void);
- /*!
- \ingroup Setup
- \brief This is used to get the internal error state of the WOLFSSL structure.
- \return wolfssl_error returns ssl error state, usually a negative
- \return BAD_FUNC_ARG if ssl is NULL.
- \return ssl WOLFSSL structure to get state from.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- // create ssl object
- ret = wolfSSL_state(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_state(WOLFSSL* ssl);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s certificate.
- \return pointer a pointer to the peerCert member of the WOLFSSL_X509
- structure if it exists.
- \return 0 returned if the peer certificate issuer size is not defined.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- WOLFSSL_X509* peerCert = wolfSSL_get_peer_certificate(ssl);
- if(peerCert){
- // You have a pointer peerCert to the peer certification
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- */
- WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
- /*!
- \ingroup Debug
- \brief This function is similar to calling wolfSSL_get_error() and
- getting SSL_ERROR_WANT_READ in return. If the underlying error state
- is SSL_ERROR_WANT_READ, this function will return 1, otherwise, 0.
- \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_READ, the
- underlying I/O has data available for reading.
- \return 0 There is no SSL_ERROR_WANT_READ error state.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_want_read(ssl);
- if (ret == 1) {
- // underlying I/O has data available for reading (SSL_ERROR_WANT_READ)
- }
- \endcode
- \sa wolfSSL_want_write
- \sa wolfSSL_get_error
- */
- int wolfSSL_want_read(WOLFSSL*);
- /*!
- \ingroup Debug
- \brief This function is similar to calling wolfSSL_get_error() and getting
- SSL_ERROR_WANT_WRITE in return. If the underlying error state is
- SSL_ERROR_WANT_WRITE, this function will return 1, otherwise, 0.
- \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_WRITE, the
- underlying I/O needs data to be written in order for progress to be
- made in the underlying SSL connection.
- \return 0 There is no SSL_ERROR_WANT_WRITE error state.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_want_write(ssl);
- if (ret == 1) {
- // underlying I/O needs data to be written (SSL_ERROR_WANT_WRITE)
- }
- \endcode
- \sa wolfSSL_want_read
- \sa wolfSSL_get_error
- */
- int wolfSSL_want_write(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief wolfSSL by default checks the peer certificate for a valid date
- range and a verified signature. Calling this function before
- wolfSSL_connect() or wolfSSL_accept() will add a domain name check to
- the list of checks to perform. dn holds the domain name to check
- against the peer certificate when it’s received.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE will be returned if a memory error was encountered.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param dn domain name to check against the peer certificate when received.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- char* domain = (char*) “www.yassl.com”;
- ...
- ret = wolfSSL_check_domain_name(ssl, domain);
- if (ret != SSL_SUCCESS) {
- // failed to enable domain name check
- }
- \endcode
- \sa none
- */
- int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
- /*!
- \ingroup TLS
- \brief Initializes the wolfSSL library for use. Must be called once per
- application and before any other call to the library.
- \return SSL_SUCCESS If successful the call will return.
- \return BAD_MUTEX_E is an error that may be returned.
- \return WC_INIT_E wolfCrypt initialization error returned.
- _Example_
- \code
- int ret = 0;
- ret = wolfSSL_Init();
- if (ret != SSL_SUCCESS) {
- failed to initialize wolfSSL library
- }
- \endcode
- \sa wolfSSL_Cleanup
- */
- int wolfSSL_Init(void);
- /*!
- \ingroup TLS
- \brief Un-initializes the wolfSSL library from further use. Doesn’t have
- to be called, though it will free any resources used by the library.
- \return SSL_SUCCESS return no errors.
- \return BAD_MUTEX_E a mutex error return.]
- _Example_
- \code
- wolfSSL_Cleanup();
- \endcode
- \sa wolfSSL_Init
- */
- int wolfSSL_Cleanup(void);
- /*!
- \ingroup IO
- \brief This function returns the current library version.
- \return LIBWOLFSSL_VERSION_STRING a const char pointer defining the
- version.
- \param none No parameters.
- _Example_
- \code
- char version[MAXSIZE];
- version = wolfSSL_KeepArrays();
- …
- if(version != ExpectedVersion){
- // Handle the mismatch case
- }
- \endcode
- \sa word32_wolfSSL_lib_version_hex
- */
- const char* wolfSSL_lib_version(void);
- /*!
- \ingroup IO
- \brief This function returns the current library version in hexadecimal
- notation.
- \return LILBWOLFSSL_VERSION_HEX returns the hexadecimal version defined in
- wolfssl/version.h.
- \param none No parameters.
- _Example_
- \code
- word32 libV;
- libV = wolfSSL_lib_version_hex();
- if(libV != EXPECTED_HEX){
- // How to handle an unexpected value
- } else {
- // The expected result for libV
- }
- \endcode
- \sa wolfSSL_lib_version
- */
- word32 wolfSSL_lib_version_hex(void);
- /*!
- \ingroup IO
- \brief Performs the actual connect or accept based on the side of the SSL
- method. If called from the client side then an wolfSSL_connect() is done
- while a wolfSSL_accept() is performed if called from the server side.
- \return SSL_SUCCESS will be returned if successful. (Note, older versions
- will return 0.)
- \return SSL_FATAL_ERROR will be returned if the underlying call resulted
- in an error. Use wolfSSL_get_error() to get a specific error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = SSL_FATAL_ERROR;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_negotiate(ssl);
- if (ret == SSL_FATAL_ERROR) {
- // SSL establishment failed
- int error_code = wolfSSL_get_error(ssl);
- ...
- }
- ...
- \endcode
- \sa SSL_connect
- \sa SSL_accept
- */
- int wolfSSL_negotiate(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief Turns on the ability to use compression for the SSL connection.
- Both sides must have compression turned on otherwise compression will not be
- used. The zlib library performs the actual data compression. To compile
- into the library use --with-libz for the configure system and define
- HAVE_LIBZ otherwise. Keep in mind that while compressing data before
- sending decreases the actual size of the messages being sent and received,
- the amount of data saved by compression usually takes longer in time to
- analyze than it does to send it raw on all but the slowest of networks.
- \return SSL_SUCCESS upon success.
- \return NOT_COMPILED_IN will be returned if compression support wasn’t
- built into the library.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_compression(ssl);
- if (ret == SSL_SUCCESS) {
- // successfully enabled compression for SSL session
- }
- \endcode
- \sa none
- */
- int wolfSSL_set_compression(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the SSL session timeout value in seconds.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned if ssl is NULL.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param to value, in seconds, used to set the SSL session timeout.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_timeout(ssl, 500);
- if (ret != SSL_SUCCESS) {
- // failed to set session timeout value
- }
- ...
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to);
- /*!
- \ingroup Setup
- \brief This function sets the timeout value for SSL sessions, in seconds,
- for the specified SSL context.
- \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
- \return defined on success. If not defined, SSL_SUCCESS will be returned.
- \return BAD_FUNC_ARG will be returned when the input context (ctx) is null.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param to session timeout value in seconds.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_timeout(ctx, 500);
- if (ret != SSL_SUCCESS) {
- // failed to set session timeout value
- }
- \endcode
- \sa wolfSSL_flush_sessions
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- \sa wolfSSL_get_sessionID
- \sa wolfSSL_CTX_set_session_cache_mode
- */
- int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s certificate chain.
- \return chain If successful the call will return the peer’s
- certificate chain.
- \return 0 will be returned if an invalid WOLFSSL pointer is passed to the
- function.
- \param ssl pointer to a valid WOLFSSL structure.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
- /*!
- \ingroup openSSL
- \brief Retrieve's the peers certificate chain count.
- \return Success If successful the call will return the peer’s certificate
- chain count.
- \return 0 will be returned if an invalid chain pointer is passed to
- the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s ASN1.DER certificate length in bytes
- at index (idx).
- \return Success If successful the call will return the peer’s
- certificate length in bytes by index.
- \return 0 will be returned if an invalid chain pointer is passed
- to the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx index to start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s ASN1.DER certificate at index (idx).
- \return Success If successful the call will return the peer’s
- certificate by index.
- \return 0 will be returned if an invalid chain pointer is passed
- to the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx index to start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert_pem
- */
- unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s wolfSSL_X509_certificate at
- index (idx) from the chain of certificates.
- \return pointer returns a pointer to a WOLFSSL_X509 structure.
- \param chain a pointer to the WOLFSSL_X509_CHAIN used for no dynamic
- memory SESSION_CACHE.
- \param idx the index of the WOLFSSL_X509 certificate.
- Note that it is the user's responsibility to free the returned memory
- by calling wolfSSL_FreeX509().
- _Example_
- \code
- WOLFSSL_X509_CHAIN* chain = &session->chain;
- int idx = 999; // set idx
- ...
- WOLFSSL_X509_CHAIN ptr;
- prt = wolfSSL_get_chain_X509(chain, idx);
- if(ptr != NULL){
- // ptr contains the cert at the index specified
- wolfSSL_FreeX509(ptr);
- } else {
- // ptr is NULL
- }
- \endcode
- \sa InitDecodedCert
- \sa ParseCertRelative
- \sa CopyDecodedToX509
- */
- WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s PEM certificate at index (idx).
- \return Success If successful the call will return the peer’s
- certificate by index.
- \return 0 will be returned if an invalid chain pointer is passed to
- the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx indexto start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- */
- int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
- unsigned char* buf, int inLen, int* outLen);
- /*!
- \ingroup openSSL
- \brief Retrieves the session’s ID. The session ID is always 32 bytes long.
- \return id The session ID.
- \param session pointer to a valid wolfssl session.
- _Example_
- \code
- none
- \endcode
- \sa SSL_get_session
- */
- const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s certificate serial number. The serial
- number buffer (in) should be at least 32 bytes long and be provided
- as the *inOutSz argument as input. After calling the function *inOutSz
- will hold the actual length in bytes written to the in buffer.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if a bad function argument
- was encountered.
- \param in The serial number buffer and should be at least 32 bytes long
- \param inOutSz will hold the actual length in bytes written to the
- in buffer.
- _Example_
- \code
- none
- \endcode
- \sa SSL_get_peer_certificate
- */
- int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief Returns the common name of the subject from the certificate.
- \return NULL returned if the x509 structure is null
- \return string a string representation of the subject's common
- name is returned upon success
- \param x509 a pointer to a WOLFSSL_X509 structure containing
- certificate information.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- int x509Cn = wolfSSL_X509_get_subjectCN(x509);
- if(x509Cn == NULL){
- // Deal with NULL case
- } else {
- // x509Cn contains the common name
- }
- \endcode
- \sa wolfSSL_X509_Name_get_entry
- \sa wolfSSL_X509_get_next_altname
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief This function gets the DER encoded certificate in the
- WOLFSSL_X509 struct.
- \return buffer This function returns the DerBuffer structure’s
- buffer member, which is of type byte.
- \return NULL returned if the x509 or outSz parameter is NULL.
- \param x509 a pointer to a WOLFSSL_X509 structure containing
- certificate information.
- \param outSz length of the derBuffer member of the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- int* outSz; // initialize
- ...
- byte* x509Der = wolfSSL_X509_get_der(x509, outSz);
- if(x509Der == NULL){
- // Failure case one of the parameters was NULL
- }
- \endcode
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_Name_get_entry
- \sa wolfSSL_X509_get_next_altname
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz);
- /*!
- \ingroup CertsKeys
- \brief This function checks to see if x509 is NULL and if it’s not,
- it returns the notAfter member of the x509 struct.
- \return pointer to struct with ASN1_TIME to the notAfter
- member of the x509 struct.
- \return NULL returned if the x509 object is NULL.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- ...
- const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509);
- if(notAfter == NULL){
- // Failure case, the x509 object is null.
- }
- \endcode
- \sa wolfSSL_X509_get_notBefore
- */
- WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief This function retrieves the version of the X509 certificate.
- \return 0 returned if the x509 structure is NULL.
- \return version the version stored in the x509 structure will be returned.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_X509* x509;
- int version;
- ...
- version = wolfSSL_X509_version(x509);
- if(!version){
- // The function returned 0, failure case.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- */
- int wolfSSL_X509_version(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief If NO_STDIO_FILESYSTEM is defined this function will allocate
- heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it.
- \return *WOLFSSL_X509 WOLFSSL_X509 structure pointer is returned if
- the function executes successfully.
- \return NULL if the call to XFTELL macro returns a negative value.
- \param x509 a pointer to a WOLFSSL_X509 pointer.
- \param file a defined type that is a pointer to a FILE.
- _Example_
- \code
- WOLFSSL_X509* x509a = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- WOLFSSL_X509** x509 = x509a;
- XFILE file; (mapped to struct fs_file*)
- ...
- WOLFSSL_X509* newX509 = wolfSSL_X509_d2i_fp(x509, file);
- if(newX509 == NULL){
- // The function returned NULL
- }
- \endcode
- \sa wolfSSL_X509_d2i
- \sa XFTELL
- \sa XREWIND
- \sa XFSEEK
- */
- WOLFSSL_X509*
- wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
- /*!
- \ingroup CertsKeys
- \brief The function loads the x509 certificate into memory.
- \return pointer a successful execution returns pointer to a
- WOLFSSL_X509 structure.
- \return NULL returned if the certificate was not able to be written.
- \param fname the certificate file to be loaded.
- \param format the format of the certificate.
- _Example_
- \code
- #define cliCert “certs/client-cert.pem”
- …
- X509* x509;
- …
- x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
- AssertNotNull(x509);
- \endcode
- \sa InitDecodedCert
- \sa PemToDer
- \sa wolfSSL_get_certificate
- \sa AssertNotNull
- */
- WOLFSSL_X509*
- wolfSSL_X509_load_certificate_file(const char* fname, int format);
- /*!
- \ingroup CertsKeys
- \brief This function copies the device type from the x509 structure
- to the buffer.
- \return pointer returns a byte pointer holding the device type from
- the x509 structure.
- \return NULL returned if the buffer size is NULL.
- \param x509 pointer to a WOLFSSL_X509 structure, created with
- WOLFSSL_X509_new().
- \param in a pointer to a byte type that will hold the device type
- (the buffer).
- \param inOutSz the minimum of either the parameter inOutSz or the
- deviceTypeSz member of the x509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- byte* in;
- int* inOutSz;
- ...
- byte* deviceType = wolfSSL_X509_get_device_type(x509, in, inOutSz);
- if(!deviceType){
- // Failure case, NULL was returned.
- }
- \endcode
- \sa wolfSSL_X509_get_hw_type
- \sa wolfSSL_X509_get_hw_serial_number
- \sa wolfSSL_X509_d2i
- */
- unsigned char*
- wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief The function copies the hwType member of the WOLFSSL_X509
- structure to the buffer.
- \return byte The function returns a byte type of the data previously held
- in the hwType member of the WOLFSSL_X509 structure.
- \return NULL returned if inOutSz is NULL.
- \param x509 a pointer to a WOLFSSL_X509 structure containing certificate
- information.
- \param in pointer to type byte that represents the buffer.
- \param inOutSz pointer to type int that represents the size of the buffer.
- _Example_
- \code
- WOLFSSL_X509* x509; // X509 certificate
- byte* in; // initialize the buffer
- int* inOutSz; // holds the size of the buffer
- ...
- byte* hwType = wolfSSL_X509_get_hw_type(x509, in, inOutSz);
- if(hwType == NULL){
- // Failure case function returned NULL.
- }
- \endcode
- \sa wolfSSL_X509_get_hw_serial_number
- \sa wolfSSL_X509_get_device_type
- */
- unsigned char*
- wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief This function returns the hwSerialNum member of the x509 object.
- \return pointer the function returns a byte pointer to the in buffer that
- will contain the serial number loaded from the x509 object.
- \param x509 pointer to a WOLFSSL_X509 structure containing certificate
- information.
- \param in a pointer to the buffer that will be copied to.
- \param inOutSz a pointer to the size of the buffer.
- _Example_
- \code
- char* serial;
- byte* in;
- int* inOutSz;
- WOLFSSL_X509 x509;
- ...
- serial = wolfSSL_X509_get_hw_serial_number(x509, in, inOutSz);
- if(serial == NULL || serial <= 0){
- // Failure case
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_version
- */
- unsigned char*
- wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,
- unsigned char* in, int* inOutSz);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates an
- SSL/TLS handshake with a server only long enough to get the peer’s
- certificate chain. When this function is called, the underlying
- communication channel has already been set up. wolfSSL_connect_cert()
- works with both blocking and non-blocking I/O. When the underlying I/O
- is non-blocking, wolfSSL_connect_cert() will return when the underlying
- I/O could not satisfy the needs of wolfSSL_connect_cert() to continue the
- handshake. In this case, a call to wolfSSL_get_error() will yield either
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
- repeat the call to wolfSSL_connect_cert() when the underlying I/O is ready
- and wolfSSL will pick up where it left off. When using a non-blocking
- socket, nothing needs to be done, but select() can be used to check for
- the required condition. If the underlying I/O is blocking,
- wolfSSL_connect_cert() will only return once the peer’s certificate chain
- has been received.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE will be returned if the SSL session parameter is NULL.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a more
- detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect_cert(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- \sa wolfSSL_accept
- */
- int wolfSSL_connect_cert(WOLFSSL* ssl);
- /*!
- \ingroup openSSL
- \brief wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12
- information from WOLFSSL_BIO to the structure WC_PKCS12. The information
- is divided up in the structure as a list of Content Infos along with a
- structure to hold optional MAC information. After the information has been
- divided into chunks (but not decrypted) in the structure WC_PKCS12, it can
- then be parsed and decrypted by calling.
- \return WC_PKCS12 pointer to a WC_PKCS12 structure.
- \return Failure If function failed it will return NULL.
- \param bio WOLFSSL_BIO structure to read PKCS12 buffer from.
- \param pkcs12 WC_PKCS12 structure pointer for new PKCS12 structure created.
- Can be NULL
- _Example_
- \code
- WC_PKCS12* pkcs;
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* cert;
- WOLFSSL_EVP_PKEY* pkey;
- STACK_OF(X509) certs;
- //bio loads in PKCS12 file
- wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
- wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
- wc_PKCS12_free(pkcs)
- //use cert, pkey, and optionally certs stack
- \endcode
- \sa wolfSSL_PKCS12_parse
- \sa wc_PKCS12_free
- */
- WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
- WC_PKCS12** pkcs12);
- /*!
- \ingroup openSSL
- \brief wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert
- information from the structure WC_PKCS12 to WOLFSSL_BIO.
- \return 1 for success.
- \return Failure 0.
- \param bio WOLFSSL_BIO structure to write PKCS12 buffer to.
- \param pkcs12 WC_PKCS12 structure for PKCS12 structure as input.
- _Example_
- \code
- WC_PKCS12 pkcs12;
- FILE *f;
- byte buffer[5300];
- char file[] = "./test.p12";
- int bytes;
- WOLFSSL_BIO* bio;
- pkcs12 = wc_PKCS12_new();
- f = fopen(file, "rb");
- bytes = (int)fread(buffer, 1, sizeof(buffer), f);
- fclose(f);
- //convert the DER file into an internal structure
- wc_d2i_PKCS12(buffer, bytes, pkcs12);
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- //convert PKCS12 structure into bio
- wolfSSL_i2d_PKCS12_bio(bio, pkcs12);
- wc_PKCS12_free(pkcs)
- //use bio
- \endcode
- \sa wolfSSL_PKCS12_parse
- \sa wc_PKCS12_free
- */
- WC_PKCS12* wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO* bio,
- WC_PKCS12* pkcs12);
- /*!
- \ingroup openSSL
- \brief PKCS12 can be enabled with adding –enable-opensslextra to the
- configure command. It can use triple DES and RC4 for decryption so would
- recommend also enabling these features when enabling opensslextra
- (--enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so
- decryption with RC2 is currently not available. This may be noticeable
- with default encryption schemes used by OpenSSL command line to create
- .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this
- function does is check the MAC is correct if present. If the MAC fails
- then the function returns and does not try to decrypt any of the stored
- Content Infos. This function then parses through each Content Info
- looking for a bag type, if the bag type is known it is decrypted as
- needed and either stored in the list of certificates being built or as
- a key found. After parsing through all bags the key found is then
- compared with the certificate list until a matching pair is found.
- This matching pair is then returned as the key and certificate,
- optionally the certificate list found is returned as a STACK_OF
- certificates. At the moment a CRL, Secret or SafeContents bag will be
- skipped over and not parsed. It can be seen if these or other “Unknown”
- bags are skipped over by viewing the debug print out. Additional attributes
- such as friendly name are skipped over when parsing a PKCS12 file.
- \return SSL_SUCCESS On successfully parsing PKCS12.
- \return SSL_FAILURE If an error case was encountered.
- \param pkcs12 WC_PKCS12 structure to parse.
- \param paswd password for decrypting PKCS12.
- \param pkey structure to hold private key decoded from PKCS12.
- \param cert structure to hold certificate decoded from PKCS12.
- \param stack optional stack of extra certificates.
- _Example_
- \code
- WC_PKCS12* pkcs;
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* cert;
- WOLFSSL_EVP_PKEY* pkey;
- STACK_OF(X509) certs;
- //bio loads in PKCS12 file
- wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
- wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
- wc_PKCS12_free(pkcs)
- //use cert, pkey, and optionally certs stack
- \endcode
- \sa wolfSSL_d2i_PKCS12_bio
- \sa wc_PKCS12_free
- */
- int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
- WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca);
- /*!
- \ingroup CertsKeys
- \brief Server Diffie-Hellman Ephemeral parameters setting. This function
- sets up the group parameters to be used if the server negotiates a cipher
- suite that uses DHE.
- \return SSL_SUCCESS upon success.
- \return MEMORY_ERROR will be returned if a memory error was encountered.
- \return SIDE_ERROR will be returned if this function is called on an SSL
- client instead of an SSL server.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param p Diffie-Hellman prime number parameter.
- \param pSz size of p.
- \param g Diffie-Hellman “generator” parameter.
- \param gSz size of g.
- _Example_
- \code
- WOLFSSL* ssl;
- static unsigned char p[] = {...};
- static unsigned char g[] = {...};
- ...
- wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
- \endcode
- \sa SSL_accept
- */
- int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz);
- /*!
- \ingroup CertsKeys
- \brief The function calls the wolfSSL_SetTMpDH_buffer_wrapper,
- which is a wrapper for Diffie-Hellman parameters.
- \return SSL_SUCCESS on successful execution.
- \return SSL_BAD_FILETYPE if the file type is not PEM and is not
- ASN.1. It will also be returned if the wc_DhParamsLoad does not
- return normally.
- \return SSL_NO_PEM_HEADER returns from PemToDer if there is not
- a PEM header.
- \return SSL_BAD_FILE returned if there is a file error in PemToDer.
- \return SSL_FATAL_ERROR returned from PemToDer if there was a copy error.
- \return MEMORY_E - if there was a memory allocation error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- there was otherwise a NULL argument passed to a subroutine.
- \return DH_KEY_SIZE_E is returned if their is a key size error in
- wolfSSL_SetTmpDH() or in wolfSSL_CTX_SetTmpDH().
- \return SIDE_ERROR returned if it is not the server side
- in wolfSSL_SetTmpDH.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf allocated buffer passed in from wolfSSL_SetTMpDH_file_wrapper.
- \param sz a long int that holds the size of the file
- (fname within wolfSSL_SetTmpDH_file_wrapper).
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate
- format.
- _Example_
- \code
- Static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- Const char* fname, int format);
- long sz = 0;
- byte* myBuffer = staticBuffer[FILE_BUFFER_SIZE];
- …
- if(ssl)
- ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wc_DhParamsLoad
- \sa wolfSSL_SetTmpDH
- \sa PemToDer
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* b, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function calls wolfSSL_SetTmpDH_file_wrapper to set server
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned on successful completion of this function
- and its subroutines.
- \return MEMORY_E returned if a memory allocation failed in this function
- or a subroutine.
- \return SIDE_ERROR if the side member of the Options structure found
- in the WOLFSSL struct is not the server side.
- \return SSL_BAD_FILETYPE returns if the certificate fails a set of checks.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member in the WOLFSSL struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member in the WOLFSSL struct.
- \return BAD_FUNC_ARG returns if an argument value is NULL that is not
- permitted such as, the WOLFSSL structure.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param fname a constant char pointer holding the certificate.
- \param format an integer type that holds the format of the certification.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* dhParam;
- …
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM));
- \endcode
- \sa wolfSSL_CTX_SetTmpDH_file
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa wolfSSL_SetTmpDH_buffer
- \sa wolfSSL_CTX_SetTmpDH_buffer
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH
- */
- int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* f, int format);
- /*!
- \ingroup CertsKeys
- \brief Sets the parameters for the server CTX Diffie-Hellman.
- \return SSL_SUCCESS returned if the function and all subroutines
- return without error.
- \return BAD_FUNC_ARG returned if the CTX, p or g parameters are NULL.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member of the WOLFSSL_CTX struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
- \return MEMORY_E returned if the allocation of memory failed in this
- function or a subroutine.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param p a constant unsigned char pointer loaded into the buffer
- member of the serverDH_P struct.
- \param pSz an int type representing the size of p, initialized
- to MAX_DH_SIZE.
- \param g a constant unsigned char pointer loaded into the buffer
- member of the serverDH_G struct.
- \param gSz an int type representing the size of g, initialized to
- MAX_DH_SIZE.
- _Exmaple_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
- byte* p;
- byte* g;
- word32 pSz = (word32)sizeof(p)/sizeof(byte);
- word32 gSz = (word32)sizeof(g)/sizeof(byte);
- …
- int ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
- if(ret != SSL_SUCCESS){
- // Failure case
- }
- \endcode
- \sa wolfSSL_SetTmpDH
- \sa wc_DhParamsLoad
- */
- int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p,
- int pSz, const unsigned char* g, int gSz);
- /*!
- \ingroup CertsKeys
- \brief A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper
- \return 0 returned for a successful execution.
- \return BAD_FUNC_ARG returned if the ctx or buf parameters are NULL.
- \return MEMORY_E if there is a memory allocation error.
- \return SSL_BAD_FILETYPE returned if format is not correct.
- \param ctx a pointer to a WOLFSSL structure, created using
- wolfSSL_CTX_new().
- \param buf a pointer to a constant unsigned char type that is
- allocated as the buffer and passed through to
- wolfSSL_SetTmpDH_buffer_wrapper.
- \param sz a long integer type that is derived from the fname parameter
- in wolfSSL_SetTmpDH_file_wrapper().
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper().
- _Example_
- \code
- static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- Const char* fname, int format);
- #ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; // force heap usage
- #else
- byte* staticBuffer;
- long sz = 0;
- …
- if(ssl){
- ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
- } else {
- ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
- }
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTMpDH_buffer
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* b,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief The function calls wolfSSL_SetTmpDH_file_wrapper to set the server
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned if the wolfSSL_SetTmpDH_file_wrapper or any
- of its subroutines return successfully.
- \return MEMORY_E returned if an allocation of dynamic memory fails in a
- subroutine.
- \return BAD_FUNC_ARG returned if the ctx or fname parameters are NULL or
- if
- a subroutine is passed a NULL argument.
- \return SSL_BAD_FILE returned if the certificate file is unable to open or
- if the a set of checks on the file fail from wolfSSL_SetTmpDH_file_wrapper.
- \return SSL_BAD_FILETYPE returned if the format is not PEM or ASN.1 from
- wolfSSL_SetTmpDH_buffer_wrapper().
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member of the WOLFSSL_CTX struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
- \return SIDE_ERROR returned in wolfSSL_SetTmpDH() if the side is not the
- server end.
- \return SSL_NO_PEM_HEADER returned from PemToDer if there is no PEM header.
- \return SSL_FATAL_ERROR returned from PemToDer if there is a memory copy
- failure.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param fname a constant character pointer to a certificate file.
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper() that is a representation of
- the certificate format.
- _Example_
- \code
- #define dhParam “certs/dh2048.pem”
- #DEFINE aSSERTiNTne(x, y) AssertInt(x, y, !=, ==)
- WOLFSSL_CTX* ctx;
- …
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))
- …
- AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParam,
- SSL_FILETYPE_PEM));
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_SetTmpDH_buffer
- \sa wolfSSL_CTX_SetTmpDH_buffer
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa AllocDer
- \sa PemToDer
- */
- int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* f,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function sets the minimum size (in bits) of the Diffie Hellman
- key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function completes successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz_bits is greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the minimum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
- _Example_
- \code
- public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey){
- …
- return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits);
- \endcode
- \sa wolfSSL_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetMaxDhKey_Sz
- \sa wolfSSL_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- \sa wolfSSL_CTX_SetTMpDH_file
- */
- int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum size (in bits) for a Diffie-Hellman key in the
- WOLFSSL structure.
- \return SSL_SUCCESS the minimum size was successfully set.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL or if the keySz_bits is
- greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the minimum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- word16 keySz_bits;
- ...
- if(wolfSSL_SetMinDhKey_Sz(ssl, keySz_bits) != SSL_SUCCESS){
- // Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- */
- int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief This function sets the maximum size (in bits) of the Diffie Hellman
- key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function completes successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz_bits is greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the maximum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the maxDhKeySz member.
- _Example_
- \code
- public static int CTX_SetMaxDhKey_Sz(IntPtr ctx, short maxDhKey){
- …
- return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits);
- \endcode
- \sa wolfSSL_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- \sa wolfSSL_CTX_SetTMpDH_file
- */
- int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief Sets the maximum size (in bits) for a Diffie-Hellman key in the
- WOLFSSL structure.
- \return SSL_SUCCESS the maximum size was successfully set.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL or the keySz parameter
- was greater than the allowable size or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz a word16 type representing the bit size of the maximum DH key.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- word16 keySz;
- ...
- if(wolfSSL_SetMaxDhKey(ssl, keySz) != SSL_SUCCESS){
- // Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- */
- int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief Returns the value of dhKeySz (in bits) that is a member of the
- options structure. This value represents the Diffie-Hellman key size in
- bytes.
- \return dhKeySz returns the value held in ssl->options.dhKeySz which is an
- integer value representing a size in bits.
- \return BAD_FUNC_ARG returns if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int dhKeySz;
- ...
- dhKeySz = wolfSSL_GetDhKey_Sz(ssl);
- if(dhKeySz == BAD_FUNC_ARG || dhKeySz <= 0){
- // Failure case
- } else {
- // dhKeySz holds the size of the key.
- }
- \endcode
- \sa wolfSSL_SetMinDhKey_sz
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_GetDhKey_Sz(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum RSA key size in both the WOLFSSL_CTX structure
- and the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the ctx structure is NULL or the keySz
- is less than zero or not divisible by 8.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param keySz a short integer type stored in minRsaKeySz in the ctx
- structure and the cm structure converted to bytes.
- _Example_
- \code
- WOLFSSL_CTX* ctx = SSL_CTX_new(method);
- (void)minDhKeyBits;
- ourCert = myoptarg;
- …
- minDhKeyBits = atoi(myoptarg);
- …
- if(wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
- …
- \endcode
- \sa wolfSSL_SetMinRsaKey_Sz
- */
- int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum allowable key size in bits for RSA located in the
- WOLFSSL structure.
- \return SSL_SUCCESS the minimum was set successfully.
- \return BAD_FUNC_ARG returned if the ssl structure is NULL or if the ksySz
- is less than zero or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz a short integer value representing the the minimum key in bits.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- short keySz;
- …
- int isSet = wolfSSL_SetMinRsaKey_Sz(ssl, keySz);
- if(isSet != SSL_SUCCESS){
- Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinRsaKey_Sz
- */
- int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum size in bits for the ECC key in the WOLF_CTX
- structure and the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned for a successful execution and the minEccKeySz
- member is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz is negative or not divisible by 8.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param keySz a short integer type that represents the minimum ECC key
- size in bits.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- short keySz; // minimum key size
- …
- if(wolfSSL_CTX_SetMinEccKey(ctx, keySz) != SSL_SUCCESS){
- // Failed to set min key size
- }
- \endcode
- \sa wolfSSL_SetMinEccKey_Sz
- */
- int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the value of the minEccKeySz member of the options structure.
- The options struct is a member of the WOLFSSL structure and is
- accessed through the ssl parameter.
- \return SSL_SUCCESS if the function successfully set the minEccKeySz
- member of the options structure.
- \return BAD_FUNC_ARG if the WOLFSSL_CTX structure is NULL or if the
- key size (keySz) is less than 0 (zero) or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz value used to set the minimum ECC key size. Sets
- value in the options structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx); // New session
- short keySz = 999; // should be set to min key size allowable
- ...
- if(wolfSSL_SetMinEccKey_Sz(ssl, keySz) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinEccKey_Sz
- \sa wolfSSL_CTX_SetMinRsaKey_Sz
- \sa wolfSSL_SetMinRsaKey_Sz
- */
- int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief This function is used by EAP_TLS and EAP-TTLS to derive
- keying material from the master secret.
- \return BUFFER_E returned if the actual size of the buffer exceeds
- the maximum size allowable.
- \return MEMORY_E returned if there is an error with memory allocation.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param msk a void pointer variable that will hold the result
- of the p_hash function.
- \param len an unsigned integer that represents the length of
- the msk variable.
- \param label a constant char pointer that is copied from in wc_PRF().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);;
- void* msk;
- unsigned int len;
- const char* label;
- …
- return wolfSSL_make_eap_keys(ssl, msk, len, label);
- \endcode
- \sa wc_PRF
- \sa wc_HmacFinal
- \sa wc_HmacUpdate
- */
- int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
- const char* label);
- /*!
- \ingroup IO
- \brief Simulates writev semantics but doesn’t actually do block at a time
- because of SSL_write() behavior and because front adds may be small.
- Makes porting into software that uses writev easier.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return MEMORY_ERROR will be returned if a memory error was encountered.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param iov array of I/O vectors to write
- \param iovcnt number of vectors in iov array.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char *bufA = “hello\n”;
- char *bufB = “hello world\n”;
- int iovcnt;
- struct iovec iov[2];
- iov[0].iov_base = buffA;
- iov[0].iov_len = strlen(buffA);
- iov[1].iov_base = buffB;
- iov[1].iov_len = strlen(buffB);
- iovcnt = 2;
- ...
- ret = wolfSSL_writev(ssl, iov, iovcnt);
- // wrote “ret” bytes, or error if <= 0.
- \endcode
- \sa wolfSSL_write
- */
- int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
- int iovcnt);
- /*!
- \ingroup Setup
- \brief This function unloads the CA signer list and frees
- the whole signer table.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
- are otherwise unpermitted argument values passed in a subroutine.
- \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
- did not return 0.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
- // The function did not unload CAs
- }
- \endcode
- \sa wolfSSL_CertManagerUnloadCAs
- \sa LockMutex
- \sa UnlockMutex
- */
- int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function unloads intermediate certificates added to the CA
- signer list and frees them.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
- are otherwise unpermitted argument values passed in a subroutine.
- \return BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
- \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
- did not return 0.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
- // The function did not unload CAs
- }
- \endcode
- \sa wolfSSL_CTX_UnloadCAs
- \sa wolfSSL_CertManagerUnloadIntermediateCerts
- */
- int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is used to unload all previously loaded trusted peer
- certificates. Feature is enabled by defining the macro
- WOLFSSL_TRUST_PEER_CERT.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if ctx is NULL.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_Unload_trust_peers(ctx);
- if (ret != SSL_SUCCESS) {
- // error unloading trusted peer certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_trust_peer_buffer
- \sa wolfSSL_CTX_trust_peer_cert
- */
- int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function loads a certificate to use for verifying a peer
- when performing a TLS/SSL handshake. The peer certificate sent during
- the handshake is compared by using the SKID when available and the
- signature. If these two things do not match then any loaded CAs are used.
- Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from
- a buffer instead of a file. Feature is enabled by defining the macro
- WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- type are invalid.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param buffer pointer to the buffer containing certificates.
- \param sz length of the buffer input.
- \param type type of certificate being loaded i.e. SSL_FILETYPE_ASN1 or
- SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_trust_peer_buffer(ctx, bufferPtr, bufferSz,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading trusted peer cert
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_trust_peer_cert
- \sa wolfSSL_CTX_Unload_trust_peers
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- long sz = sizeof(certBuff);
- ...
- ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. The _ex version was added in PR 2413 and supports
- additional arguments for userChain and flags.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- \param userChain If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero
- indicates a chain of DER's is being presented.
- \param flags: See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- long sz = sizeof(certBuff);
- ...
- // Example for force loading an expired certificate
- ret = wolfSSL_CTX_load_verify_buffer_ex(ctx, certBuff, sz, SSL_FILETYPE_PEM,
- 0, (WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format, int userChain, word32 flags);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate chain buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- long sz = sizeof(certBuff);
- ...
- ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
- certBuff, sz, WOLFSSL_FILETYPE_ASN1);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
- const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate buffer into the WOLFSSL Context.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
- see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the certificate to be loaded.
- \param sz the size of the input buffer.
- \param format the format of the certificate located in the input
- buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- long sz = sizeof(certBuff);
- ...
- ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading certificate from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key buffer into the SSL Context.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format type
- of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the
- examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return NO_PASSWORD will be returned if the key file is encrypted but no
- password is provided.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the private key to be loaded.
- \param sz the size of the input buffer.
- \param format the format of the private key located in the input
- buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte keyBuff[...];
- long sz = sizeof(certBuff);
- ...
- ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate chain buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. The buffer must
- be in PEM format and start with the subject’s certificate, ending with
- the root certificate. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the PEM-formatted certificate
- chain to be loaded.
- \param sz the size of the input buffer.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- byte certChainBuff[...];
- long sz = sizeof(certBuff);
- ...
- ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
- if (ret != SSL_SUCCESS) {
- // error loading certificate chain from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate buffer into the WOLFSSL object.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer
- is provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- Please see the examples for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
- be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing certificate to load.
- \param sz size of the certificate located in buffer.
- \param format format of the certificate to be loaded.
- Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret;
- byte certBuff[...];
- WOLFSSL* ssl = 0;
- long buffSz = sizeof(certBuff);
- ...
- ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // failed to load certificate from buffer
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key buffer into the WOLFSSL object.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
- see the examples for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return NO_PASSWORD will be returned if the key file is encrypted but no
- password is provided.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing private key to load.
- \param sz size of the private key located in buffer.
- \param format format of the private key to be loaded. Possible values are
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret;
- byte keyBuff[...];
- WOLFSSL* ssl = 0;
- long buffSz = sizeof(certBuff);
- ...
- ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // failed to load private key from buffer
- }
- \endcode
- \sa wolfSSL_use_PrivateKey
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate chain buffer into the WOLFSSL
- object. It behaves like the non-buffered version, only differing in its
- ability to be called with a buffer as input instead of a file. The buffer
- is provided by the in argument of size sz. The buffer must be in PEM format
- and start with the subject’s certificate, ending with the root certificate.
- Please see the examples for proper usage.
- \return SSL_SUCCES upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing certificate to load.
- \param sz size of the certificate located in buffer.
- _Example_
- \code
- int ret;
- byte certChainBuff[...];
- WOLFSSL* ssl = 0;
- long buffSz = sizeof(certBuff);
- ...
- ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
- if (ret != SSL_SUCCESS) {
- // failed to load certificate chain from buffer
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- */
- int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
- const unsigned char* in, long sz);
- /*!
- \ingroup CertsKeys
- \brief This function unloads any certificates or keys that SSL owns.
- \return SSL_SUCCESS - returned if the function executed successfully.
- \return BAD_FUNC_ARG - returned if the WOLFSSL object is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- int unloadKeys = wolfSSL_UnloadCertsKeys(ssl);
- if(unloadKeys != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CTX_UnloadCAs
- */
- int wolfSSL_UnloadCertsKeys(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function turns on grouping of handshake messages where possible.
- \return SSL_SUCCESS will be returned upon success.
- \return BAD_FUNC_ARG will be returned if the input context is null.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_group_messages(ctx);
- if (ret != SSL_SUCCESS) {
- // failed to set handshake message grouping
- }
- \endcode
- \sa wolfSSL_set_group_messages
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function turns on grouping of handshake messages where possible.
- \return SSL_SUCCESS will be returned upon success.
- \return BAD_FUNC_ARG will be returned if the input context is null.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_group_messages(ssl);
- if (ret != SSL_SUCCESS) {
- // failed to set handshake message grouping
- }
- \endcode
- \sa wolfSSL_CTX_set_group_messages
- \sa wolfSSL_new
- */
- int wolfSSL_set_group_messages(WOLFSSL*);
- /*!
- \brief This function sets the fuzzer callback.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cbf a CallbackFuzzer type that is a function pointer of the form:
- int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, int
- type, void* fuzzCtx);
- \param fCtx a void pointer type that will be set to the fuzzerCtx member of
- the WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- void* fCtx;
- int callbackFuzzerCB(WOLFSSL* ssl, const unsigned char* buf, int sz,
- int type, void* fuzzCtx){
- // function definition
- }
- …
- wolfSSL_SetFuzzerCb(ssl, callbackFuzzerCB, fCtx);
- \endcode
- \sa CallbackFuzzer
- */
- void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
- /*!
- \brief This function sets a new dtls cookie secret.
- \return 0 returned if the function executed without an error.
- \return BAD_FUNC_ARG returned if there was an argument passed
- to the function with an unacceptable value.
- \return COOKIE_SECRET_SZ returned if the secret size is 0.
- \return MEMORY_ERROR returned if there was a problem allocating
- memory for a new cookie secret.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param secret a constant byte pointer representing the secret buffer.
- \param secretSz the size of the buffer.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const* byte secret;
- word32 secretSz; // size of secret
- …
- if(!wolfSSL_DTLS_SetCookieSecret(ssl, secret, secretSz)){
- // Code block for failure to set DTLS cookie secret
- } else {
- // Success! Cookie secret is set.
- }
- \endcode
- \sa ForceZero
- \sa wc_RNG_GenerateBlock
- */
- int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
- const unsigned char* secret,
- unsigned int secretSz);
- /*!
- \brief This function retrieves the random number.
- \return rng upon success.
- \return NULL if ssl is NULL.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- wolfSSL_GetRNG(ssl);
- \endcode
- \sa wolfSSL_CTX_new_rng
- */
- WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the minimum downgrade version allowed.
- Applicable only when the connection allows downgrade using
- (wolfSSLv23_client_method or wolfSSLv23_server_method).
- \return SSL_SUCCESS returned if the function returned without
- error and the minimum version is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure was
- NULL or if the minimum version is not supported.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param version an integer representation of the version to be set as the
- minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
- WOLFSSL_TLSV1_2 = 3.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- int version; // macrop representation
- …
- if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
- // Failed to set min version
- }
- \endcode
- \sa SetMinVersionHelper
- */
- int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
- /*!
- \ingroup TLS
- \brief This function sets the minimum downgrade version allowed.
- Applicable only when the connection allows downgrade using
- (wolfSSLv23_client_method or wolfSSLv23_server_method).
- \return SSL_SUCCESS returned if this function and its subroutine executes
- without error.
- \return BAD_FUNC_ARG returned if the SSL object is NULL. In
- the subroutine this error is thrown if there is not a good version match.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param version an integer representation of the version to be set as the
- minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
- WOLFSSL_TLSV1_2 = 3.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol method);
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- int version; macro representation
- …
- if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
- Failed to set min version
- }
- \endcode
- \sa SetMinVersionHelper
- */
- int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
- /*!
- \brief This function returns the size of the WOLFSSL object and will be
- dependent on build options and settings. If SHOW_SIZES has been defined
- when building wolfSSL, this function will also print the sizes of individual
- objects within the WOLFSSL object (Suites, Ciphers, etc.) to stdout.
- \return size This function returns the size of the WOLFSSL object.
- \param none No parameters.
- _Example_
- \code
- int size = 0;
- size = wolfSSL_GetObjectSize();
- printf(“sizeof(WOLFSSL) = %d\n”, size);
- \endcode
- \sa wolfSSL_new
- */
- int wolfSSL_GetObjectSize(void); /* object size based on build */
- /*!
- \brief Returns the record layer size of the plaintext input. This is helpful
- when an application wants to know how many bytes will be sent across the
- Transport layer, given a specified plaintext input size. This function
- must be called after the SSL/TLS handshake has been completed.
- \return size Upon success, the requested size will be returned
- \return INPUT_SIZE_E will be returned if the input size is greater than the
- maximum TLS fragment size (see wolfSSL_GetMaxOutputSize())
- \return BAD_FUNC_ARG will be returned upon invalid function argument, or if
- the SSL/TLS handshake has not been completed yet
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param inSz size of plaintext data.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetMaxOutputSize
- */
- int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz);
- /*!
- \brief Returns the maximum record layer size for plaintext data. This
- will correspond to either the maximum SSL/TLS record size as specified
- by the protocol standard, the maximum TLS fragment size as set by the
- TLS Max Fragment Length extension. This function is helpful when the
- application has called wolfSSL_GetOutputSize() and received a INPUT_SIZE_E
- error. This function must be called after the SSL/TLS handshake has been
- completed.
- \return size Upon success, the maximum output size will be returned
- \return BAD_FUNC_ARG will be returned upon invalid function argument,
- or if the SSL/TLS handshake has not been completed yet.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetOutputSize
- */
- int wolfSSL_GetMaxOutputSize(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function sets the SSL/TLS protocol version for the specified
- SSL session (WOLFSSL object) using the version as specified by version.
- This will override the protocol setting for the SSL session (ssl) -
- originally defined and set by the SSL context (wolfSSL_CTX_new())
- method type.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if the input SSL object is
- NULL or an incorrect protocol version is given for version.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param version SSL/TLS protocol version. Possible values include
- WOLFSSL_SSLV3, WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL session protocol version
- }
- \endcode
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Mac/Encrypt Callback. The callback should return 0 for success
- or < 0 for an error. The ssl and ctx pointers are available
- for the user’s convenience. macOut is the output buffer where
- the result of the mac should be stored. macIn is the mac input
- buffer and macInSz notes the size of the buffer. macContent
- and macVerify are needed for wolfSSL_SetTlsHmacInner() and be
- passed along as is. encOut is the output buffer where the result
- on the encryption should be stored. encIn is the input buffer to
- encrypt while encSz is the size of the input. An example callback
- can be found wolfssl/test.h myMacEncryptCb().
- \return none No return.
- \param No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetMacEncryptCtx
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb);
- /*!
- \brief Allows caller to set the Atomic User Record Processing Mac/Encrypt
- Callback Context to ctx.
- \return none No return.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetMacEncryptCb
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Atomic User Record Processing
- Mac/Encrypt Callback Context previously stored with
- wolfSSL_SetMacEncryptCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetMacEncryptCb
- \sa wolfSSL_SetMacEncryptCtx
- */
- void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Decrypt/Verify Callback. The callback should return 0 for success
- or < 0 for an error. The ssl and ctx pointers are available for
- the user’s convenience. decOut is the output buffer where the result
- of the decryption should be stored. decIn is the encrypted input
- buffer and decInSz notes the size of the buffer. content and verify
- are needed for wolfSSL_SetTlsHmacInner() and be passed along as is.
- padSz is an output variable that should be set with the total value
- of the padding. That is, the mac size plus any padding and pad bytes.
- An example callback can be found wolfssl/test.h myDecryptVerifyCb().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetMacEncryptCtx
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx,
- CallbackDecryptVerify cb);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Decrypt/Verify Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetDecryptVerifyCb
- \sa wolfSSL_GetDecryptVerifyCtx
- */
- void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Atomic User Record Processing
- Decrypt/Verify Callback Context previously stored with
- wolfSSL_SetDecryptVerifyCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetDecryptVerifyCb
- \sa wolfSSL_SetDecryptVerifyCtx
- */
- void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows retrieval of the Hmac/Mac secret from the handshake process.
- The verify parameter specifies whether this is for verification of a
- peer message.
- \return pointer If successful the call will return a valid pointer to the
- secret. The size of the secret can be obtained from wolfSSL_GetHmacSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param verify specifies whether this is for verification of a peer message.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetHmacSize
- */
- const unsigned char* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify);
- /*!
- \brief Allows retrieval of the client write key from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- key. The size of the key can be obtained from wolfSSL_GetKeySize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetClientWriteIV
- */
- const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
- /*!
- \brief Allows retrieval of the client write IV (initialization vector)
- from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetCipherBlockSize()
- \sa wolfSSL_GetClientWriteKey()
- */
- const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
- /*!
- \brief Allows retrieval of the server write key from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- key. The size of the key can be obtained from wolfSSL_GetKeySize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetServerWriteIV
- */
- const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
- /*!
- \brief Allows retrieval of the server write IV (initialization vector)
- from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \sa wolfSSL_GetCipherBlockSize
- \sa wolfSSL_GetClientWriteKey
- */
- const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
- /*!
- \brief Allows retrieval of the key size from the handshake process.
- \return size If successful the call will return the key size in bytes.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetClientWriteKey
- \sa wolfSSL_GetServerWriteKey
- */
- int wolfSSL_GetKeySize(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Returns the iv_size member of the specs structure
- held in the WOLFSSL struct.
- \return iv_size returns the value held in ssl->specs.iv_size.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int ivSize;
- ...
- ivSize = wolfSSL_GetIVSize(ssl);
- if(ivSize > 0){
- // ivSize holds the specs.iv_size value.
- }
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetClientWriteIV
- \sa wolfSSL_GetServerWriteIV
- */
- int wolfSSL_GetIVSize(WOLFSSL*);
- /*!
- \brief Allows retrieval of the side of this WOLFSSL connection.
- \return success If successful the call will return either
- WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END depending on the
- side of WOLFSSL object.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetClientWriteKey
- \sa wolfSSL_GetServerWriteKey
- */
- int wolfSSL_GetSide(WOLFSSL*);
- /*!
- \brief Allows caller to determine if the negotiated protocol version
- is at least TLS version 1.1 or greater.
- \return true/false If successful the call will return 1 for true or
- 0 for false.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetSide
- */
- int wolfSSL_IsTLSv1_1(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated bulk cipher algorithm
- from the handshake.
- \return If successful the call will return one of the following:
- wolfssl_cipher_null, wolfssl_des, wolfssl_triple_des, wolfssl_aes,
- wolfssl_aes_gcm, wolfssl_aes_ccm, wolfssl_camellia.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetCipherBlockSize
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetBulkCipher(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated cipher block size from
- the handshake.
- \return size If successful the call will return the size in bytes of the
- cipher block size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetCipherBlockSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated aead mac size from the
- handshake. For cipher type WOLFSSL_AEAD_TYPE.
- \return size If successful the call will return the size in bytes of the
- aead mac size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetAeadMacSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated (h)mac size from the
- handshake. For cipher types except WOLFSSL_AEAD_TYPE.
- \return size If successful the call will return the size in bytes of
- the (h)mac size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_GetHmacSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated (h)mac type from the
- handshake. For cipher types except WOLFSSL_AEAD_TYPE.
- \return If successful the call will return one of the following:
- MD5, SHA, SHA256, SHA384.
- \return BAD_FUNC_ARG may be returned for an error state.
- \return SSL_FATAL_ERROR may also be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacSize
- */
- int wolfSSL_GetHmacType(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated cipher type
- from the handshake.
- \return If successful the call will return one of the following:
- WOLFSSL_BLOCK_TYPE, WOLFSSL_STREAM_TYPE, WOLFSSL_AEAD_TYPE.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_GetCipherType(WOLFSSL*);
- /*!
- \brief Allows caller to set the Hmac Inner vector for message
- sending/receiving. The result is written to inner which should
- be at least wolfSSL_GetHmacSize() bytes. The size of the message
- is specified by sz, content is the type of message, and verify
- specifies whether this is a verification of a peer message. Valid
- for cipher types excluding WOLFSSL_AEAD_TYPE.
- \return 1 upon success.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner,
- word32 sz, int content, int verify);
- /*!
- \brief Allows caller to set the Public Key Callback for ECC Signing.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to sign while inSz denotes the length of the input.
- out is the output buffer where the result of the signature should be stored.
- outSz is an input/output variable that specifies the size of the output
- buffer upon invocation and the actual size of the signature should be stored
- there before returning. keyDer is the ECC Private key in ASN1 format and
- keySz is the length of the key in bytes. An example callback can be found
- wolfssl/test.h myEccSign().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetEccSignCtx
- \sa wolfSSL_GetEccSignCtx
- */
- void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb);
- /*!
- \brief Allows caller to set the Public Key Ecc Signing Callback
- Context to ctx.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_GetEccSignCtx
- */
- void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Signing Callback
- Context previously stored with wolfSSL_SetEccSignCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_SetEccSignCtx
- */
- void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Ecc Signing Callback
- Context to ctx.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_CTX_GetEccSignCtx
- */
- void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Signing Callback
- Context previously stored with wolfSSL_SetEccSignCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_CTX_SetEccSignCtx
- */
- void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx);
- /*!
- \brief Allows caller to set the Public Key Callback for ECC Verification.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- sig is the signature to verify and sigSz denotes the length of the
- signature. hash is an input buffer containing the digest of the message
- and hashSz denotes the length in bytes of the hash. result is an output
- variable where the result of the verification should be stored, 1 for
- success and 0 for failure. keyDer is the ECC Private key in ASN1
- format and keySz is the length of the key in bytes. An example
- callback can be found wolfssl/test.h myEccVerify().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetEccVerifyCtx
- \sa wolfSSL_GetEccVerifyCtx
- */
- void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb);
- /*!
- \brief Allows caller to set the Public Key Ecc Verification Callback
- Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccVerifyCb
- \sa wolfSSL_GetEccVerifyCtx
- */
- void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Verification Callback
- Context previously stored with wolfSSL_SetEccVerifyCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccVerifyCb
- \sa wolfSSL_SetEccVerifyCtx
- */
- void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Signing.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to sign while inSz denotes the length of the input.
- out is the output buffer where the result of the signature should be stored.
- outSz is an input/output variable that specifies the size of the output
- buffer upon invocation and the actual size of the signature should be
- stored there before returning. keyDer is the RSA Private key in ASN1 format
- and keySz is the length of the key in bytes. An example callback can be
- found wolfssl/test.h myRsaSign().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaSignCtx
- \sa wolfSSL_GetRsaSignCtx
- */
- void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb);
- /*!
- \brief Allows caller to set the Public Key RSA Signing Callback Context
- to ctx.
- \return none No Returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaSignCb
- \sa wolfSSL_GetRsaSignCtx
- */
- void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Signing Callback
- Context previously stored with wolfSSL_SetRsaSignCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaSignCb
- \sa wolfSSL_SetRsaSignCtx
- */
- void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Verification.
- The callback should return the number of plaintext bytes for success or
- < 0 for an error. The ssl and ctx pointers are available for the user’s
- convenience. sig is the signature to verify and sigSz denotes the length
- of the signature. out should be set to the beginning of the verification
- buffer after the decryption process and any padding. keyDer is the RSA
- Public key in ASN1 format and keySz is the length of the key in bytes.
- An example callback can be found wolfssl/test.h myRsaVerify().
- \return none No returns.
- \param none No parameters.
- \sa wolfSSL_SetRsaVerifyCtx
- \sa wolfSSL_GetRsaVerifyCtx
- */
- void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb);
- /*!
- \brief Allows caller to set the Public Key RSA Verification Callback
- Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaVerifyCb
- \sa wolfSSL_GetRsaVerifyCtx
- */
- void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Verification Callback
- Context previously stored with wolfSSL_SetRsaVerifyCtx().
- \return pointer If successful the call will return a valid pointer to
- the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaVerifyCb
- \sa wolfSSL_SetRsaVerifyCtx
- */
- void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Public
- Encrypt. The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to encrypt while inSz denotes the length of
- the input. out is the output buffer where the result of the encryption
- should be stored. outSz is an input/output variable that specifies
- the size of the output buffer upon invocation and the actual size of
- the encryption should be stored there before returning. keyDer is the
- RSA Public key in ASN1 format and keySz is the length of the key in
- bytes. An example callback can be found wolfssl/test.h myRsaEnc().
- \return none No returns.
- \param none No parameters.
- _Examples_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaEncCtx
- \sa wolfSSL_GetRsaEncCtx
- */
- void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb);
- /*!
- \brief Allows caller to set the Public Key RSA Public Encrypt
- Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaEncCb
- \sa wolfSSL_GetRsaEncCtx
- */
- void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Public Encrypt
- Callback Context previously stored with wolfSSL_SetRsaEncCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaEncCb
- \sa wolfSSL_SetRsaEncCtx
- */
- void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Private
- Decrypt. The callback should return the number of plaintext bytes
- for success or < 0 for an error. The ssl and ctx pointers are available
- for the user’s convenience. in is the input buffer to decrypt and inSz
- denotes the length of the input. out should be set to the beginning
- of the decryption buffer after the decryption process and any padding.
- keyDer is the RSA Private key in ASN1 format and keySz is the length
- of the key in bytes. An example callback can be found
- wolfssl/test.h myRsaDec().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaDecCtx
- \sa wolfSSL_GetRsaDecCtx
- */
- void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb);
- /*!
- \brief Allows caller to set the Public Key RSA Private Decrypt
- Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaDecCb
- \sa wolfSSL_GetRsaDecCtx
- */
- void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Private Decrypt
- Callback Context previously stored with wolfSSL_SetRsaDecCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaDecCb
- \sa wolfSSL_SetRsaDecCtx
- */
- void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
- /*!
- \brief This function registers a callback with the SSL context
- (WOLFSSL_CTX) to be called when a new CA certificate is loaded
- into wolfSSL. The callback is given a buffer with the DER-encoded
- certificate.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param callback function to be registered as the CA callback for the
- wolfSSL context, ctx. The signature of this function must follow that
- as shown above in the Synopsis section.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- // CA callback prototype
- int MyCACallback(unsigned char *der, int sz, int type);
- // Register the custom CA callback with the SSL context
- wolfSSL_CTX_SetCACb(ctx, MyCACallback);
- int MyCACallback(unsigned char* der, int sz, int type)
- {
- // custom CA callback function, DER-encoded cert
- // located in “der” of size “sz” with type “type”
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- */
- void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb);
- /*!
- \ingroup CertManager
- \brief Allocates and initializes a new Certificate Manager context.
- This context may be used independent of SSL needs. It may be used to
- load certificates, verify certificates, and check the revocation status.
- \return WOLFSSL_CERT_MANAGER If successful the call will return a valid
- WOLFSSL_CERT_MANAGER pointer.
- \return NULL will be returned for an error state.
- \param none No parameters.
- \sa wolfSSL_CertManagerFree
- */
- WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
- /*!
- \ingroup CertManager
- \brief Allocates and initializes a new Certificate Manager context.
- This context may be used independent of SSL needs. It may be used to
- load certificates, verify certificates, and check the revocation status.
- \return WOLFSSL_CERT_MANAGER If successful the call will return a
- valid WOLFSSL_CERT_MANAGER pointer.
- \return NULL will be returned for an error state.
- \param none No parameters.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- // error creating new cert manager
- }
- \endcode
- \sa wolfSSL_CertManagerFree
- */
- WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
- /*!
- \ingroup CertManager
- \brief Frees all resources associated with the Certificate Manager
- context. Call this when you no longer need to use the Certificate Manager.
- \return none
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- ...
- wolfSSL_CertManagerFree(cm);
- \endcode
- \sa wolfSSL_CertManagerNew
- */
- void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief Specifies the locations for CA certificate loading into the
- manager context. The PEM certificate CAfile may contain several
- trusted CA certificates. If CApath is not NULL it specifies a
- directory containing CA certificates in PEM format.
- \return SSL_SUCCESS If successful the call will return.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a
- pointer is not provided.
- \return SSL_FATAL_ERROR - will be returned upon failure.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created
- using wolfSSL_CertManagerNew().
- \param file pointer to the name of the file containing CA
- certificates to load.
- \param path pointer to the name of a directory path containing CA c
- ertificates to load. The NULL pointer may be used if no
- certificate directory is desired.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerLoadCA(cm, “path/to/cert-file.pem”, 0);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs into cert manager
- }
- \endcode
- \sa wolfSSL_CertManagerVerify
- */
- int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f,
- const char* d);
- /*!
- \ingroup CertManager
- \brief Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and
- returning that result using a temporary cm so as not to lose the information
- in the cm passed into the function.
- \return SSL_FATAL_ERROR is returned if the WOLFSSL_CERT_MANAGER struct is
- NULL or if wolfSSL_CTX_new() returns NULL.
- \return SSL_SUCCESS is returned for a successful execution.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param in buffer for cert information.
- \param sz length of the buffer.
- \param format certificate format, either PEM or DER.
- _Example_
- \code
- WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
- …
- const unsigned char* in;
- long sz;
- int format;
- …
- if(wolfSSL_CertManagerLoadCABuffer(vp, sz, format) != SSL_SUCCESS){
- Error returned. Failure case code block.
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa ProcessChainBuffer
- \sa ProcessBuffer
- \sa cm_pick_method
- */
- int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* in, long sz, int format);
- /*!
- \ingroup CertManager
- \brief This function unloads the CA signer list.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E returned if there was a mutex error.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
- created using wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
- ...
- if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa UnlockMutex
- */
- int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief This function unloads intermediate certificates add to the CA
- signer list.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E returned if there was a mutex error.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
- created using wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
- ...
- if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa UnlockMutex
- */
- int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief The function will free the Trusted Peer linked list and unlocks
- the trusted peer list.
- \return SSL_SUCCESS if the function completed normally.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E mutex error if tpLock, a member of the
- WOLFSSL_CERT_MANAGER struct, is 0 (nill).
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- ...
- if(wolfSSL_CertManagerUnload_trust_peers(cm) != SSL_SUCCESS){
- The function did not execute successfully.
- }
- \endcode
- \sa UnLockMutex
- */
- int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief Specifies the certificate to verify with the Certificate Manager
- context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
- \return SSL_SUCCESS If successful.
- \return ASN_SIG_CONFIRM_E will be returned if the signature could not be
- verified.
- \return ASN_SIG_OID_E will be returned if the signature type is not
- supported.
- \return CRL_CERT_REVOKED is an error that is returned if this certificate
- has been revoked.
- \return CRL_MISSING is an error that is returned if a current issuer CRL is
- not available.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before the
- before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after the
- after date.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer is
- not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param fname pointer to the name of the file containing the certificates
- to verify.
- \param format format of the certificate to verify - either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerVerify(cm, “path/to/cert-file.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- error verifying certificate
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCA
- \sa wolfSSL_CertManagerVerifyBuffer
- */
- int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* f,
- int format);
- /*!
- \ingroup CertManager
- \brief Specifies the certificate buffer to verify with the Certificate
- Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
- \return SSL_SUCCESS If successful.
- \return ASN_SIG_CONFIRM_E will be returned if the signature could not
- be verified.
- \return ASN_SIG_OID_E will be returned if the signature type is not
- supported.
- \return CRL_CERT_REVOKED is an error that is returned if this certificate
- has been revoked.
- \return CRL_MISSING is an error that is returned if a current issuer CRL
- is not available.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before
- the before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after
- the after date.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
- be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer
- is not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param buff buffer containing the certificates to verify.
- \param sz size of the buffer, buf.
- \param format format of the certificate to verify, located in buf - either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- int sz = 0;
- WOLFSSL_CERT_MANAGER* cm;
- byte certBuff[...];
- ...
- ret = wolfSSL_CertManagerVerifyBuffer(cm, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- error verifying certificate
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCA
- \sa wolfSSL_CertManagerVerify
- */
- int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* buff, long sz, int format);
- /*!
- \ingroup CertManager
- \brief The function sets the verifyCallback function in the Certificate
- Manager. If present, it will be called for each cert loaded. If there is
- a verification error, the verify callback can be used to over-ride the
- error.
- \return none No return.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param vc a VerifyCallback function pointer to the callback routine
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
- { // do custom verification of certificate }
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- ...
- wolfSSL_CertManagerSetVerify(cm, myVerify);
- \endcode
- \sa wolfSSL_CertManagerVerify
- */
- void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
- VerifyCallback vc);
- /*!
- \brief Check CRL if the option is enabled and compares the cert to the
- CRL list.
- \return SSL_SUCCESS returns if the function returned as expected. If
- the crlEnabled member of the WOLFSSL_CERT_MANAGER struct is turned on.
- \return MEMORY_E returns if the allocated memory failed.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER struct.
- \param der pointer to a DER formatted certificate.
- \param sz size of the certificate.
- _Example_
- \code
- WOLFSSL_CERT_MANAGER* cm;
- byte* der;
- int sz; // size of der
- ...
- if(wolfSSL_CertManagerCheckCRL(cm, der, sz) != SSL_SUCCESS){
- // Error returned. Deal with failure case.
- }
- \endcode
- \sa CheckCertCRL
- \sa ParseCertRelative
- \sa wolfSSL_CertManagerSetCRL_CB
- \sa InitDecodedCert
- */
- int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
- unsigned char* der, int sz);
- /*!
- \ingroup CertManager
- \brief Turns on Certificate Revocation List checking when verifying
- certificates with the Certificate Manager. By default, CRL checking
- is off. options include WOLFSSL_CRL_CHECKALL which performs CRL
- checking on each certificate in the chain versus the Leaf certificate
- only which is the default.
- \return SSL_SUCCESS If successful the call will return.
- \return NOT_COMPILED_IN will be returned if wolfSSL was not built with
- CRL enabled.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer
- is not provided.
- \return SSL_FAILURE will be returned if the CRL context cannot be
- initialized properly.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param options options to use when enabling the Certification Manager, cm.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerEnableCRL(cm, 0);
- if (ret != SSL_SUCCESS) {
- error enabling cert manager
- }
- ...
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- */
- int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
- int options);
- /*!
- \ingroup CertManager
- \brief Turns off Certificate Revocation List checking when verifying
- certificates with the Certificate Manager. By default, CRL checking is
- off. You can use this function to temporarily or permanently disable CRL
- checking with this Certificate Manager context that previously had CRL
- checking enabled.
- \return SSL_SUCCESS If successful the call will return.
- \return BAD_FUNC_ARG is the error that will be returned if a function
- pointer is not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerDisableCRL(cm);
- if (ret != SSL_SUCCESS) {
- error disabling cert manager
- }
- ...
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- */
- int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief Error checks and passes through to LoadCRL() in order to load the
- cert into the CRL for revocation checking. An updated CRL can be loaded by
- first calling wolfSSL_CertManagerFreeCRL, then loading the new CRL.
- \return SSL_SUCCESS if there is no error in wolfSSL_CertManagerLoadCRL and
- if LoadCRL returns successfully.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER struct is NULL.
- \return SSL_FATAL_ERROR if wolfSSL_CertManagerEnableCRL returns anything
- other than SSL_SUCCESS.
- \return BAD_PATH_ERROR if the path is NULL.
- \return MEMORY_E if LoadCRL fails to allocate heap memory.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param path a constant char pointer holding the CRL path.
- \param type type of certificate to be loaded.
- \param monitor requests monitoring in LoadCRL().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type,
- int monitor);
- …
- wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa wolfSSL_LoadCRL
- \sa wolfSSL_CertManagerFreeCRL
- */
- int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
- const char* path, int type, int monitor);
- /*!
- \ingroup CertManager
- \brief The function loads the CRL file by calling BufferLoadCRL.
- \return SSL_SUCCESS returned if the function completed without errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return SSL_FATAL_ERROR returned if there is an error associated
- with the WOLFSSL_CERT_MANAGER.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
- \param buff a constant byte type and is the buffer.
- \param sz a long int representing the size of the buffer.
- \param type a long integer that holds the certificate type.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- const unsigned char* buff;
- long sz; size of buffer
- int type; cert type
- ...
- int ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buff, sz, type);
- if(ret == SSL_SUCCESS){
- return ret;
- } else {
- Failure case.
- }
- \endcode
- \sa BufferLoadCRL
- \sa wolfSSL_CertManagerEnableCRL
- */
- int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* buff, long sz,
- int type);
- /*!
- \ingroup CertManager
- \brief This function sets the CRL Certificate Manager callback. If
- HAVE_CRL is defined and a matching CRL record is not found then the
- cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This
- allows you to externally retrieve the CRL and load it.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
- the certificate.
- \param cb a function pointer to (*CbMissingCRL) that is set to the
- cbMissingCRL member of the WOLFSSL_CERT_MANAGER.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- void cb(const char* url){
- Function body.
- }
- …
- CbMissingCRL cb = CbMissingCRL;
- …
- if(ctx){
- return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
- }
- \endcode
- \sa CbMissingCRL
- \sa wolfSSL_SetCRL_Cb
- */
- int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbMissingCRL cb);
- /*!
- \ingroup CertManager
- \brief This function sets the CRL Update callback. If
- HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same
- issuer and a lower CRL number exists when a CRL is added, then the
- CbUpdateCRL is called with the details of the existing entry and the
- new one replacing it.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
- the certificate.
- \param cb a function pointer to (*CbUpdateCRL) that is set to the
- cbUpdateCRL member of the WOLFSSL_CERT_MANAGER.
- Signature requirement:
- void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new);
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- void cb(CrlInfo *old, CrlInfo *new){
- Function body.
- }
- …
- CbUpdateCRL cb = CbUpdateCRL;
- …
- if(ctx){
- return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb);
- }
- \endcode
- \sa CbUpdateCRL
- */
- int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbUpdateCRL cb);
- /*!
- \ingroup CertManager
- \brief This function yields a structure with parsed CRL information from
- an encoded CRL buffer.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm the WOLFSSL_CERT_MANAGER structure..
- \param info pointer to caller managed CrlInfo structure that will receive
- the CRL information.
- \param buff input buffer containing encoded CRL.
- \param sz the length in bytes of the input CRL data in buff.
- \param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER
- _Example_
- \code
- #include <wolfssl/ssl.h>
- CrlInfo info;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- cm = wolfSSL_CertManagerNew();
- // Read crl data from file into buffer
- wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen,
- WOLFSSL_FILETYPE_PEM);
- \endcode
- \sa CbUpdateCRL
- \sa wolfSSL_SetCRL_Cb
- */
- int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
- const byte* buff, long sz, int type)
- /*!
- \ingroup CertManager
- \brief This function frees the CRL stored in the Cert Manager. An
- application can update the CRL by calling wolfSSL_CertManagerFreeCRL
- and then loading the new CRL.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- const char* crl1 = "./certs/crl/crl.pem";
- WOLFSSL_CERT_MANAGER* cm = NULL;
- cm = wolfSSL_CertManagerNew();
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0);
- …
- wolfSSL_CertManagerFreeCRL(cm);
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- */
- int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled
- to signify that the OCSP check option is enabled.
- \return SSL_SUCCESS returned on successful execution of the function. The
- ocspEnabled member of the WOLFSSL_CERT_MANAGER is enabled.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
- NULL or if an argument value that is not allowed is passed to a subroutine.
- \return MEMORY_E returned if there is an error allocating memory within
- this function or a subroutine.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param der a byte pointer to the certificate.
- \param sz an int type representing the size of the DER cert.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* der;
- int sz; size of der
- ...
- if(wolfSSL_CertManagerCheckOCSP(cm, der, sz) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa ParseCertRelative
- \sa CheckCertOCSP
- */
- int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
- unsigned char* der, int sz);
- /*!
- \ingroup CertManager
- \brief Turns on OCSP if it’s turned off and if compiled with the
- set option available.
- \return SSL_SUCCESS returned if the function call is successful.
- \return BAD_FUNC_ARG if cm struct is NULL.
- \return MEMORY_E if WOLFSSL_OCSP struct value is NULL.
- \return SSL_FAILURE initialization of WOLFSSL_OCSP struct fails
- to initialize.
- \return NOT_COMPILED_IN build not compiled with correct feature enabled.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param options used to set values in WOLFSSL_CERT_MANAGER struct.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- int options;
- …
- if(wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa wolfSSL_CertManagerNew
- */
- int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm,
- int options);
- /*!
- \ingroup CertManager
- \brief Disables OCSP certificate revocation.
- \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled the
- crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
- \param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CertManagerDisableOCSP(ssl) != SSL_SUCCESS){
- Fail case.
- }
- \endcode
- \sa wolfSSL_DisableCRL
- */
- int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief The function copies the url to the ocspOverrideURL member of the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS the function was able to execute as expected.
- \return BAD_FUNC_ARG the WOLFSSL_CERT_MANAGER struct is NULL.
- \return MEMEORY_E Memory was not able to be allocated for the
- ocspOverrideURL member of the certificate manager.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- const char* url;
- …
- int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
- …
- if(wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa ocspOverrideURL
- \sa wolfSSL_SetOCSP_OverrideURL
- */
- int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
- const char* url);
- /*!
- \ingroup CertManager
- \brief The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
- \return SSL_SUCCESS returned on successful execution. The arguments are
- saved in the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
- \param ioCb a function pointer of type CbOCSPIO.
- \param respFreeCb - a function pointer of type CbOCSPRespFree.
- \param ioCbCtx - a void pointer variable to the I/O callback user
- registered context.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb,
- CbOCSPRespFree respFreeCb, void* ioCbCtx){
- …
- return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, ioCbCtx);
- \endcode
- \sa wolfSSL_CertManagerSetOCSPOverrideURL
- \sa wolfSSL_CertManagerCheckOCSP
- \sa wolfSSL_CertManagerEnableOCSPStapling
- \sa wolfSSL_EnableOCSP
- \sa wolfSSL_DisableOCSP
- \sa wolfSSL_SetOCSP_Cb
- */
- int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \ingroup CertManager
- \brief This function turns on OCSP stapling if it is not turned on as well
- as set the options.
- \return SSL_SUCCESS returned if there were no errors and the function
- executed successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
- NULL or otherwise if there was a unpermitted argument value passed to
- a subroutine.
- \return MEMORY_E returned if there was an issue allocating memory.
- \return SSL_FAILURE returned if the initialization of the OCSP
- structure failed.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
- HAVE_CERTIFICATE_STATUS_REQUEST option.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, a member of the
- WOLFSSL_CTX structure.
- _Example_
- \code
- int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx){
- …
- return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
- \endcode
- \sa wolfSSL_CTX_EnableOCSPStapling
- */
- int wolfSSL_CertManagerEnableOCSPStapling(
- WOLFSSL_CERT_MANAGER* cm);
- /*!
- \brief Enables CRL certificate revocation.
- \return SSL_SUCCESS the function and subroutines returned with no errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \return MEMORY_E returned if the allocation of memory failed.
- \return SSL_FAILURE returned if the InitCRL function does not return
- successfully.
- \return NOT_COMPILED_IN HAVE_CRL was not enabled during the compiling.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param options an integer that is used to determine the setting of
- crlCheckAll member of the WOLFSSL_CERT_MANAGER structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS){
- // Failure case. SSL_SUCCESS was not returned by this function or
- a subroutine
- }
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa InitCRL
- */
- int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
- /*!
- \brief Disables CRL certificate revocation.
- \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled
- the crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_DisableCRL(ssl) != SSL_SUCCESS){
- // Failure case
- }
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_DisableCRL(WOLFSSL* ssl);
- /*!
- \brief A wrapper function that ends up calling LoadCRL to load the
- certificate for revocation checking.
- \return WOLFSSL_SUCCESS returned if the function and all of the
- subroutines executed without error.
- \return SSL_FATAL_ERROR returned if one of the subroutines does not
- return successfully.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER or the WOLFSSL
- structure are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param path a constant character pointer that holds the path to the
- crl file.
- \param type an integer representing the type of certificate.
- \param monitor an integer variable used to verify the monitor path if
- requested.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* crlPemDir;
- …
- if(wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS){
- // Failure case. Did not return SSL_SUCCESS.
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- \sa wolfSSL_CertManagerEnableCRL
- \sa LoadCRL
- */
- int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor);
- /*!
- \brief Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function or subroutine executes
- without error. The cbMissingCRL member of the WOLFSSL_CERT_MANAGER is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
- structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to CbMissingCRL.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- void cb(const char* url) // required signature
- {
- // Function body
- }
- …
- int crlCb = wolfSSL_SetCRL_Cb(ssl, cb);
- if(crlCb != SSL_SUCCESS){
- // The callback was not set properly
- }
- \endcode
- \sa CbMissingCRL
- \sa wolfSSL_CertManagerSetCRL_Cb
- */
- int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
- /*!
- \brief This function enables OCSP certificate verification. The value of
- options if formed by or’ing one or more of the following options:
- WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
- certificates. The override URL is specified using the
- wolfSSL_CTX_SetOCSP_OverrideURL() function.
- WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
- WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
- \return SSL_SUCCESS returned if the function and subroutines executes
- without errors.
- \return BAD_FUNC_ARG returned if an argument in this function or any
- subroutine receives an invalid argument value.
- \return MEMORY_E returned if there was an error allocating memory for
- a structure or other variable.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with the
- HAVE_OCSP option.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param options an integer type passed to wolfSSL_CertMangerENableOCSP()
- used for settings check.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int options; // initialize to option constant
- …
- int ret = wolfSSL_EnableOCSP(ssl, options);
- if(ret != SSL_SUCCESS){
- // OCSP is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSP
- */
- int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options);
- /*!
- \brief Disables the OCSP certificate revocation option.
- \return SSL_SUCCESS returned if the function and its subroutine return with
- no errors. The ocspEnabled member of the WOLFSSL_CERT_MANAGER structure was
- successfully set.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if(wolfSSL_DisableOCSP(ssl) != SSL_SUCCESS){
- // Returned with an error. Failure case in this block.
- }
- \endcode
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_DisableOCSP(WOLFSSL*);
- /*!
- \brief This function sets the ocspOverrideURL member in the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if a
- unpermitted argument was passed to a subroutine.
- \return MEMORY_E returned if there was an error allocating memory in the
- subroutine.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param url a constant char pointer to the url that will be stored in the
- ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- char url[URLSZ];
- ...
- if(wolfSSL_SetOCSP_OverrideURL(ssl, url)){
- // The override url is set to the new value
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSPOverrideURL
- */
- int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url);
- /*!
- \brief This function sets the OCSP callback in the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The ocspIOCb, ocspRespFreeCb, and ocspIOCtx members of the CM are set.
- \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
- structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ioCb a function pointer to type CbOCSPIO.
- \param respFreeCb a function pointer to type CbOCSPRespFree which is the
- call to free the response memory.
- \param ioCbCtx a void pointer that will be held in the ocspIOCtx member
- of the CM.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int OCSPIO_CB(void* , const char*, int , unsigned char* , int,
- unsigned char**){ // must have this signature
- // Function Body
- }
- …
- void OCSPRespFree_CB(void* , unsigned char* ){ // must have this signature
- // function body
- }
- …
- void* ioCbCtx;
- CbOCSPRespFree CB_OCSPRespFree;
- if(wolfSSL_SetOCSP_Cb(ssl, OCSPIO_CB( pass args ), CB_OCSPRespFree,
- ioCbCtx) != SSL_SUCCESS){
- // Callback not set
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSP_Cb
- \sa CbOCSPIO
- \sa CbOCSPRespFree
- */
- int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \brief Enables CRL certificate verification through the CTX.
- \return SSL_SUCCESS returned if this function and it’s subroutines
- execute without errors.
- \return BAD_FUNC_ARG returned if the CTX struct is NULL or there
- was otherwise an invalid argument passed in a subroutine.
- \return MEMORY_E returned if there was an error allocating
- memory during execution of the function.
- \return SSL_FAILURE returned if the crl member of the
- WOLFSSL_CERT_MANAGER fails to initialize correctly.
- \return NOT_COMPILED_IN wolfSSL was not compiled with the HAVE_CRL option.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CTX_EnableCRL(ssl->ctx, options) != SSL_SUCCESS){
- // The function failed
- }
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa InitCRL
- \sa wolfSSL_CTX_DisableCRL
- */
- int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
- /*!
- \brief This function disables CRL verification in the CTX structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The crlEnabled member of the WOLFSSL_CERT_MANAGER struct is set to 0.
- \return BAD_FUNC_ARG returned if either the CTX struct or the CM
- struct has a NULL value.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CTX_DisableCRL(ssl->ctx) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- */
- int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
- /*!
- \brief This function loads CRL into the WOLFSSL_CTX structure through
- wolfSSL_CertManagerLoadCRL().
- \return SSL_SUCCESS - returned if the function and its subroutines
- execute without error.
- \return BAD_FUNC_ARG - returned if this function or any subroutines
- are passed NULL structures.
- \return BAD_PATH_ERROR - returned if the path variable opens as NULL.
- \return MEMORY_E - returned if an allocation of memory failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param path the path to the certificate.
- \param type an integer variable holding the type of certificate.
- \param monitor an integer variable used to determine if the monitor
- path is requested.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- const char* path;
- …
- return wolfSSL_CTX_LoadCRL(ctx, path, SSL_FILETYPE_PEM, 0);
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- \sa LoadCRL
- */
- int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor);
- /*!
- \brief This function will set the callback argument to the cbMissingCRL
- member of the WOLFSSL_CERT_MANAGER structure by calling
- wolfSSL_CertManagerSetCRL_Cb.
- \return SSL_SUCCESS returned for a successful execution. The
- WOLFSSL_CERT_MANAGER structure’s member cbMssingCRL was successfully
- set to cb.
- \return BAD_FUNC_ARG returned if WOLFSSL_CTX or WOLFSSL_CERT_MANAGER
- are NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created with
- wolfSSL_CTX_new().
- \param cb a pointer to a callback function of type CbMissingCRL.
- Signature requirement:
- void (*CbMissingCRL)(const char* url);
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- …
- void cb(const char* url) // Required signature
- {
- // Function body
- }
- …
- if (wolfSSL_CTX_SetCRL_Cb(ctx, cb) != SSL_SUCCESS){
- // Failure case, cb was not set correctly.
- }
- \endcode
- \sa wolfSSL_CertManagerSetCRL_Cb
- \sa CbMissingCRL
- */
- int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
- /*!
- \brief This function sets options to configure behavior of OCSP
- functionality in wolfSSL. The value of options if formed by or’ing
- one or more of the following options:
- WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
- certificates. The override URL is specified using the
- wolfSSL_CTX_SetOCSP_OverrideURL() function.
- WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
- WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
- This function only sets the OCSP options when wolfSSL has been compiled with
- OCSP support (--enable-ocsp, #define HAVE_OCSP).
- \return SSL_SUCCESS is returned upon success.
- \return SSL_FAILURE is returned upon failure.
- \return NOT_COMPILED_IN is returned when this function has been called,
- but OCSP support was not enabled when wolfSSL was compiled.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param options value used to set the OCSP options.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- int options; // initialize to option constant
- …
- int ret = wolfSSL_CTX_EnableOCSP(ctx, options);
- if(ret != SSL_SUCCESS){
- // OCSP is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSP
- \sa wolfSSL_EnableOCSP
- */
- int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options);
- /*!
- \brief This function disables OCSP certificate revocation checking by
- affecting the ocspEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The ocspEnabled member of the CM has been disabled.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(!wolfSSL_CTX_DisableOCSP(ssl->ctx)){
- // OCSP is not disabled
- }
- \endcode
- \sa wolfSSL_DisableOCSP
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
- /*!
- \brief This function manually sets the URL for OCSP to use. By default,
- OCSP will use the URL found in the individual certificate unless the
- WOLFSSL_OCSP_URL_OVERRIDE option is set using the wolfSSL_CTX_EnableOCSP.
- \return SSL_SUCCESS is returned upon success.
- \return SSL_FAILURE is returned upon failure.
- \return NOT_COMPILED_IN is returned when this function has been called,
- but OCSP support was not enabled when wolfSSL was compiled.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param url pointer to the OCSP URL for wolfSSL to use.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_OCSP_set_override_url(ctx, “custom-url-here”);
- \endcode
- \sa wolfSSL_CTX_OCSP_set_options
- */
- int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url);
- /*!
- \brief Sets the callback for the OCSP in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function executed successfully. The
- ocspIOCb, ocspRespFreeCb, and ocspIOCtx members in the CM were
- successfully set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX or
- WOLFSSL_CERT_MANAGER structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ioCb a CbOCSPIO type that is a function pointer.
- \param respFreeCb a CbOCSPRespFree type that is a function pointer.
- \param ioCbCtx a void pointer that will be held in the WOLFSSL_CERT_MANAGER.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- …
- CbOCSPIO ocspIOCb;
- CbOCSPRespFree ocspRespFreeCb;
- …
- void* ioCbCtx;
- int isSetOCSP = wolfSSL_CTX_SetOCSP_Cb(ctx, ocspIOCb,
- ocspRespFreeCb, ioCbCtx);
- if(isSetOCSP != SSL_SUCCESS){
- // The function did not return successfully.
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSP_Cb
- \sa CbOCSPIO
- \sa CbOCSPRespFree
- */
- int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \brief This function enables OCSP stapling by calling
- wolfSSL_CertManagerEnableOCSPStapling().
- \return SSL_SUCCESS returned if there were no errors and the function
- executed successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
- otherwise if there was a unpermitted argument value passed to a subroutine.
- \return MEMORY_E returned if there was an issue allocating memory.
- \return SSL_FAILURE returned if the initialization of the OCSP
- structure failed.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
- HAVE_CERTIFICATE_STATUS_REQUEST option.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL* ssl = WOLFSSL_new();
- ssl->method.version; // set to desired protocol
- ...
- if(!wolfSSL_CTX_EnableOCSPStapling(ssl->ctx)){
- // OCSP stapling is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSPStapling
- \sa InitOCSP
- */
- int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
- /*!
- \ingroup CertsKeys
- \brief Normally, at the end of the SSL handshake, wolfSSL frees
- temporary arrays. Calling this function before the handshake begins
- will prevent wolfSSL from freeing temporary arrays. Temporary arrays
- may be needed for things such as wolfSSL_get_keys() or PSK hints.
- When the user is done with temporary arrays, either wolfSSL_FreeArrays()
- may be called to free the resources immediately, or alternatively the
- resources will be freed when the associated SSL object is freed.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_KeepArrays(ssl);
- \endcode
- \sa wolfSSL_FreeArrays
- */
- void wolfSSL_KeepArrays(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Normally, at the end of the SSL handshake, wolfSSL frees temporary
- arrays. If wolfSSL_KeepArrays() has been called before the handshake,
- wolfSSL will not free temporary arrays. This function explicitly frees
- temporary arrays and should be called when the user is done with temporary
- arrays and does not want to wait for the SSL object to be freed to free
- these resources.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_FreeArrays(ssl);
- \endcode
- \sa wolfSSL_KeepArrays
- */
- void wolfSSL_FreeArrays(WOLFSSL*);
- /*!
- \brief This function enables the use of Server Name Indication in the SSL
- object passed in the 'ssl' parameter. It means that the SNI extension will
- be sent on ClientHello by wolfSSL client and wolfSSL server will respond
- ClientHello + SNI with either ServerHello + blank SNI or alert fatal in
- case of SNI mismatch.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ssl is NULL, data is NULL, type is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the server name data.
- \param size size of the server name data.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
- strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseSNI
- */
- int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
- const void* data, unsigned short size);
- /*!
- \brief This function enables the use of Server Name Indication for SSL
- objects created from the SSL context passed in the 'ctx' parameter. It
- means that the SNI extension will be sent on ClientHello by wolfSSL
- clients and wolfSSL servers will respond ClientHello + SNI with either
- ServerHello + blank SNI or alert fatal in case of SNI mismatch.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ctx is NULL, data is NULL, type is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the server name data.
- \param size size of the server name data.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
- strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseSNI
- */
- int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
- const void* data, unsigned short size);
- /*!
- \brief This function is called on the server side to configure the
- behavior of the SSL session using Server Name Indication in the SSL
- object passed in the 'ssl' parameter. The options are explained below.
- \return none No returns.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param options a bitwise semaphore with the chosen options. The available
- options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort the
- handshake by sending a fatal-level unrecognized_name(112) alert if the
- hostname provided by the client mismatch with the servers.
- \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the server
- will not send a SNI response instead of aborting the session.
- \param WOLFSSL_SNI_ANSWER_ON_MISMATCH - With this option set, the server
- will send a SNI response as if the host names match instead of aborting
- the session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_SNI_SetOptions
- */
- void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
- unsigned char options);
- /*!
- \brief This function is called on the server side to configure the behavior
- of the SSL sessions using Server Name Indication for SSL objects created
- from the SSL context passed in the 'ctx' parameter. The options are
- explained below.
- \return none No returns.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param options a bitwise semaphore with the chosen options. The available
- options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort
- the handshake by sending a fatal-level unrecognized_name(112) alert if the
- hostname provided by the client mismatch with the servers.
- \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the
- server will not send a SNI response instead of aborting the session.
- \param WOLFSSL_SNI_ANSWER_ON_MISMATCH With this option set, the server
- will send a SNI response as if the host names match instead of aborting
- the session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSNI(ctx, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_UseSNI
- \sa wolfSSL_SNI_SetOptions
- */
- void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
- unsigned char type, unsigned char options);
- /*!
- \brief This function is called on the server side to retrieve the Server
- Name Indication provided by the client from the Client Hello message sent
- by the client to start a session. It does not requires context or session
- setup to retrieve the SNI.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of this
- cases: buffer is NULL, bufferSz <= 0, sni is NULL, inOutSz is NULL or <= 0
- \return BUFFER_ERROR is the error returned when there is a malformed
- Client Hello message.
- \return INCOMPLETE_DATA is the error returned when there is not enough
- data to complete the extraction.
- \param buffer pointer to the data provided by the client (Client Hello).
- \param bufferSz size of the Client Hello message.
- \param type indicates which type of server name is been retrieved
- from the buffer. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param sni pointer to where the output is going to be stored.
- \param inOutSz pointer to the output size, this value will be updated
- to MIN("SNI's length", inOutSz).
- _Example_
- \code
- unsigned char buffer[1024] = {0};
- unsigned char result[32] = {0};
- int length = 32;
- // read Client Hello to buffer...
- ret = wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, result, &length));
- if (ret != WOLFSSL_SUCCESS) {
- // sni retrieve failed
- }
- \endcode
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_UseSNI
- \sa wolfSSL_SNI_GetRequest
- */
- int wolfSSL_SNI_GetFromBuffer(
- const unsigned char* clientHello, unsigned int helloSz,
- unsigned char type, unsigned char* sni, unsigned int* inOutSz);
- /*!
- \ingroup IO
- \brief This function gets the status of an SNI object.
- \return value This function returns the byte value of the SNI struct’s
- status member if the SNI is not NULL.
- \return 0 if the SNI object is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param type the SNI type.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- #define AssertIntEQ(x, y) AssertInt(x, y, ==, !=)
- …
- Byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = (char*)&type;
- AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
- …
- \endcode
- \sa TLSX_SNI_Status
- \sa TLSX_SNI_find
- \sa TLSX_Find
- */
- unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
- /*!
- \brief This function is called on the server side to retrieve the
- Server Name Indication provided by the client in a SSL session.
- \return size the size of the provided SNI data.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been retrieved in
- data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the data provided by the client.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- if (wolfSSL_accept(ssl) == SSL_SUCCESS) {
- void *data = NULL;
- unsigned short size = wolfSSL_SNI_GetRequest(ssl, 0, &data);
- }
- \endcode
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_UseSNI
- */
- unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
- unsigned char type, void** data);
- /*!
- \ingroup Setup
- \brief Setup ALPN use for a wolfSSL session.
- \return WOLFSSL_SUCCESS: upon success.
- \return BAD_FUNC_ARG Returned if ssl or protocol_name_list
- is null or protocol_name_listSz is too large or options
- contain something not supported.
- \return MEMORY_ERROR Error allocating memory for protocol list.
- \return SSL_FAILURE upon failure.
- \param ssl The wolfSSL session to use.
- \param protocol_name_list List of protocol names to use.
- Comma delimited string is required.
- \param protocol_name_listSz Size of the list of protocol names.
- \param options WOLFSSL_ALPN_CONTINUE_ON_MISMATCH or
- WOLFSSL_ALPN_FAILED_ON_MISMATCH.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- char alpn_list[] = {};
- if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_APN_FAILED_ON_MISMATCH) != WOLFSSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseALPN
- */
- int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
- unsigned int protocol_name_listSz,
- unsigned char options);
- /*!
- \ingroup TLS
- \brief This function gets the protocol name set by the server.
- \return SSL_SUCCESS returned on successful execution where no
- errors were thrown.
- \return SSL_FATAL_ERROR returned if the extension was not found or
- if there was no protocol match with peer. There will also be an
- error thrown if there is more than one protocol name accepted.
- \return SSL_ALPN_NOT_FOUND returned signifying that no protocol
- match with peer was found.
- \return BAD_FUNC_ARG returned if there was a NULL argument passed
- into the function.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param protocol_name a pointer to a char that represents the protocol
- name and will be held in the ALPN structure.
- \param size a word16 type that represents the size of the protocol_name.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- ...
- int err;
- char* protocol_name = NULL;
- Word16 protocol_nameSz = 0;
- err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
- if(err == SSL_SUCCESS){
- // Sent ALPN protocol
- }
- \endcode
- \sa TLSX_ALPN_GetRequest
- \sa TLSX_Find
- */
- int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
- unsigned short *size);
- /*!
- \ingroup TLS
- \brief This function copies the alpn_client_list data from the SSL
- object to the buffer.
- \return SSL_SUCCESS returned if the function executed without error. The
- alpn_client_list member of the SSL object has been copied to the
- list parameter.
- \return BAD_FUNC_ARG returned if the list or listSz parameter is NULL.
- \return BUFFER_ERROR returned if there will be a problem with the
- list buffer (either it’s NULL or the size is 0).
- \return MEMORY_ERROR returned if there was a problem dynamically
- allocating memory.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param list a pointer to the buffer. The data from the SSL object will
- be copied into it.
- \param listSz the buffer size.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- #ifdef HAVE_ALPN
- char* list = NULL;
- word16 listSz = 0;
- …
- err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
- if(err == SSL_SUCCESS){
- List of protocols names sent by client
- }
- \endcode
- \sa wolfSSL_UseALPN
- */
- int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
- unsigned short *listSz);
- /*!
- \brief This function is called on the client side to enable the use of
- Maximum Fragment Length in the SSL object passed in the 'ssl' parameter.
- It means that the Maximum Fragment Length extension will be sent on
- ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ssl is NULL, mfl is out of range.
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param mfl indicates which is the Maximum Fragment Length requested for the
- session. The available options are: enum { WOLFSSL_MFL_2_9 = 1, 512 bytes
- WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
- WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
- bytes wolfSSL ONLY!!! };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_2_11);
- if (ret != 0) {
- // max fragment usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseMaxFragment
- */
- int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
- /*!
- \brief This function is called on the client side to enable the use
- of Maximum Fragment Length for SSL objects created from the SSL context
- passed in the 'ctx' parameter. It means that the Maximum Fragment Length
- extension will be sent on ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ctx is NULL, mfl is out of range.
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param mfl indicates which is the Maximum Fragment Length requested
- for the session. The available options are:
- enum { WOLFSSL_MFL_2_9 = 1 512 bytes, WOLFSSL_MFL_2_10 = 2 1024 bytes,
- WOLFSSL_MFL_2_11 = 3 2048 bytes WOLFSSL_MFL_2_12 = 4 4096 bytes,
- WOLFSSL_MFL_2_13 = 5 8192 bytes wolfSSL ONLY!!!,
- WOLFSSL_MFL_2_13 = 6 256 bytes wolfSSL ONLY!!!
- };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11);
- if (ret != 0) {
- // max fragment usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseMaxFragment
- */
- int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
- /*!
- \brief This function is called on the client side to enable the use of
- Truncated HMAC in the SSL object passed in the 'ssl' parameter. It
- means that the Truncated HMAC extension will be sent on ClientHello
- by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ssl is NULL
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new()
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseTruncatedHMAC(ssl);
- if (ret != 0) {
- // truncated HMAC usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseMaxFragment
- */
- int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
- /*!
- \brief This function is called on the client side to enable the use of
- Truncated HMAC for SSL objects created from the SSL context passed in
- the 'ctx' parameter. It means that the Truncated HMAC extension will
- be sent on ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ctx is NULL
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseTruncatedHMAC(ctx);
- if (ret != 0) {
- // truncated HMAC usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseMaxFragment
- */
- int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
- /*!
- \brief Stapling eliminates the need to contact the CA. Stapling
- lowers the cost of certificate revocation check presented in OCSP.
- \return SSL_SUCCESS returned if TLSX_UseCertificateStatusRequest
- executes without error.
- \return MEMORY_E returned if there is an error with the allocation
- of memory.
- \return BAD_FUNC_ARG returned if there is an argument that has a
- NULL or otherwise unacceptable value passed into the function.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param status_type a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- \param options a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS){
- // Failed case.
- }
- \endcode
- \sa TLSX_UseCertificateStatusRequest
- \sa wolfSSL_CTX_UseOCSPStapling
- */
- int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
- unsigned char status_type, unsigned char options);
- /*!
- \brief This function requests the certificate status during the handshake.
- \return SSL_SUCCESS returned if the function and subroutines execute
- without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
- otherwise if a unpermitted value is passed to a subroutine.
- \return MEMORY_E returned if the function or subroutine failed to properly
- allocate memory.
- \param ctx a pointer to a WOLFSSL_CTX structure,
- created using wolfSSL_CTX_new().
- \param status_type a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- \param options a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte statusRequest = 0; // Initialize status request
- …
- switch(statusRequest){
- case WOLFSSL_CSR_OCSP:
- if(wolfSSL_CTX_UseOCSPStapling(ssl->ctx, WOLFSSL_CSR_OCSP,
- WOLF_CSR_OCSP_USE_NONCE) != SSL_SUCCESS){
- // UseCertificateStatusRequest failed
- }
- // Continue switch cases
- \endcode
- \sa wolfSSL_UseOCSPStaplingV2
- \sa wolfSSL_UseOCSPStapling
- \sa TLSX_UseCertificateStatusRequest
- */
- int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
- unsigned char status_type, unsigned char options);
- /*!
- \brief The function sets the status type and options for OCSP.
- \return SSL_SUCCESS - returned if the function and subroutines
- executed without error.
- \return MEMORY_E - returned if there was an allocation of memory error.
- \return BAD_FUNC_ARG - returned if a NULL or otherwise unaccepted
- argument was passed to the function or a subroutine.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param status_type a byte type that loads the OCSP status type.
- \param options a byte type that holds the OCSP options, set in
- wolfSSL_SNI_SetOptions() and wolfSSL_CTX_SNI_SetOptions().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS){
- // Did not execute properly. Failure case code block.
- }
- \endcode
- \sa TLSX_UseCertificatStatusRequestV2
- \sa wolfSSL_SNI_SetOptions
- \sa wolfSSL_CTX_SNI_SetOptions
- */
- int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
- unsigned char status_type, unsigned char options);
- /*!
- \brief Creates and initializes the certificate status request
- for OCSP Stapling.
- \return SSL_SUCCESS if the function and subroutines executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or if
- the side variable is not client side.
- \return MEMORY_E returned if the allocation of memory failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param status_type a byte type that is located in the
- CertificatStatusRequest structure and must be either WOLFSSL_CSR2_OCSP
- or WOLFSSL_CSR2_OCSP_MULTI.
- \param options a byte type that will be held in
- CertificateStatusRequestItemV2 struct.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- byte status_type;
- byte options;
- ...
- if(wolfSSL_CTX_UseOCSPStaplingV2(ctx, status_type, options); != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa TLSX_UseCertificateStatusRequestV2
- \sa wc_RNG_GenerateBlock
- \sa TLSX_Push
- */
- int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
- unsigned char status_type, unsigned char options);
- /*!
- \brief This function is called on the client side to enable the use of
- Supported Elliptic Curves Extension in the SSL object passed in the 'ssl'
- parameter. It means that the supported curves enabled will be sent on
- ClientHello by wolfSSL clients. This function can be called more than
- one time to enable multiple curves.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ssl is NULL, name is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param name indicates which curve will be supported for the session. The
- available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
- WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
- WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
- WOLFSSL_ECC_SECP521R1 = 0x19 };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1);
- if (ret != 0) {
- // Elliptic Curve Extension usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_UseSupportedCurve
- */
- int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
- /*!
- \brief This function is called on the client side to enable the use of
- Supported Elliptic Curves Extension for SSL objects created from the SSL
- context passed in the 'ctx' parameter. It means that the supported curves
- enabled will be sent on ClientHello by wolfSSL clients. This function can
- be called more than one time to enable multiple curves.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ctx is NULL, name is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param name indicates which curve will be supported for the session.
- The available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
- WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
- WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
- WOLFSSL_ECC_SECP521R1 = 0x19 };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1);
- if (ret != 0) {
- // Elliptic Curve Extension usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseSupportedCurve
- */
- int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
- word16 name);
- /*!
- \ingroup IO
- \brief This function forces secure renegotiation for the supplied
- WOLFSSL structure. This is not recommended.
- \return SSL_SUCCESS Successfully set secure renegotiation.
- \return BAD_FUNC_ARG Returns error if ssl is null.
- \return MEMORY_E Returns error if unable to allocate memory for secure
- renegotiation.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
- {
- // Error setting secure renegotiation
- }
- \endcode
- \sa TLSX_Find
- \sa TLSX_UseSecureRenegotiation
- */
- int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function executes a secure renegotiation handshake; this is user
- forced as wolfSSL discourages this functionality.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure was NULL or otherwise
- if an unacceptable argument was passed in a subroutine.
- \return SECURE_RENEGOTIATION_E returned if there was an error with
- renegotiating the handshake.
- \return SSL_FATAL_ERROR returned if there was an error with the
- server or client configuration and the renegotiation could
- not be completed. See wolfSSL_negotiate().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_Rehandshake(ssl) != SSL_SUCCESS){
- // There was an error and the rehandshake is not successful.
- }
- \endcode
- \sa wolfSSL_negotiate
- \sa wc_InitSha512
- \sa wc_InitSha384
- \sa wc_InitSha256
- \sa wc_InitSha
- \sa wc_InitMd5
- */
- int wolfSSL_Rehandshake(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Force provided WOLFSSL structure to use session ticket. The
- constant HAVE_SESSION_TICKET should be defined and the constant
- NO_WOLFSSL_CLIENT should not be defined to use this function.
- \return SSL_SUCCESS Successfully set use session ticket.
- \return BAD_FUNC_ARG Returned if ssl is null.
- \return MEMORY_E Error allocating memory for setting session ticket.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_UseSessionTicket(ssl) != SSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseSessionTicket
- */
- int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets wolfSSL context to use a session ticket.
- \return SSL_SUCCESS Function executed successfully.
- \return BAD_FUNC_ARG Returned if ctx is null.
- \return MEMORY_E Error allocating memory in internal function.
- \param ctx The WOLFSSL_CTX structure to use.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL_METHOD method = // Some wolfSSL method ;
- ctx = wolfSSL_CTX_new(method);
- if(wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseSessionTicket
- */
- int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
- /*!
- \ingroup IO
- \brief This function copies the ticket member of the Session structure to
- the buffer.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if one of the arguments was NULL or if the
- bufSz argument was 0.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf a byte pointer representing the memory buffer.
- \param bufSz a word32 pointer representing the buffer size.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* buf;
- word32 bufSz; // Initialize with buf size
- …
- if(wolfSSL_get_SessionTicket(ssl, buf, bufSz) <= 0){
- // Nothing was written to the buffer
- } else {
- // the buffer holds the content from ssl->session->ticket
- }
- \endcode
- \sa wolfSSL_UseSessionTicket
- \sa wolfSSL_set_SessionTicket
- */
- int wolfSSL_get_SessionTicket(WOLFSSL* ssl, unsigned char* buf, word32* bufSz);
- /*!
- \ingroup IO
- \brief This function sets the ticket member of the WOLFSSL_SESSION
- structure within the WOLFSSL struct. The buffer passed into the function
- is copied to memory.
- \return SSL_SUCCESS returned on successful execution of the function.
- The function returned without errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL. This will
- also be thrown if the buf argument is NULL but the bufSz argument
- is not zero.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf a byte pointer that gets loaded into the ticket member
- of the session structure.
- \param bufSz a word32 type that represents the size of the buffer.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* buffer; // File to load
- word32 bufSz;
- ...
- if(wolfSSL_KeepArrays(ssl, buffer, bufSz) != SSL_SUCCESS){
- // There was an error loading the buffer to memory.
- }
- \endcode
- \sa wolfSSL_set_SessionTicket_cb
- */
- int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const unsigned char* buf,
- word32 bufSz);
- /*!
- \brief This function sets the session ticket callback. The type
- CallbackSessionTicket is a function pointer with the signature of:
- int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*)
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to the type CallbackSessionTicket.
- \param ctx a void pointer to the session_ticket_ctx member of the
- WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int sessionTicketCB(WOLFSSL* ssl, const unsigned char* ticket, int ticketSz,
- void* ctx){ … }
- wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)”initial session”);
- \endcode
- \sa wolfSSL_get_SessionTicket
- \sa CallbackSessionTicket
- \sa sessionTicketCB
- */
- int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
- CallbackSessionTicket cb, void* ctx);
- /*!
- \brief This function sends a session ticket to the client after a TLS v1.3
- handhsake has been established.
- \return WOLFSSL_SUCCESS returned if a new session ticket was sent.
- \return BAD_FUNC_ARG returned if WOLFSSL structure is NULL, or not using
- TLS v1.3.
- \return SIDE_ERROR returned if not a server.
- \return NOT_READY_ERROR returned if the handshake has not completed.
- \return WOLFSSL_FATAL_ERROR returned if creating or sending message fails.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- ret = wolfSSL_send_SessionTicket(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- // New session ticket not sent.
- }
- \endcode
- \sa wolfSSL_get_SessionTicket
- \sa CallbackSessionTicket
- \sa sessionTicketCB
- */
- int wolfSSL_send_SessionTicket(WOLFSSL* ssl);
- /*!
- \brief This function sets the session ticket key encrypt callback function
- for a server to support session tickets as specified in RFC 5077.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
- invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
- \param cb user callback function to encrypt/decrypt session tickets
- \param ssl(Callback) pointer to the WOLFSSL object, created with
- wolfSSL_new()
- \param key_name(Callback) unique key name for this ticket context, should
- be randomly generated
- \param iv(Callback) unique IV for this ticket, up to 128 bits, should
- be randomly generated
- \param mac(Callback) up to 256 bit mac for this ticket
- \param enc(Callback) if this encrypt parameter is true the user should fill
- in key_name, iv, mac, and encrypt the ticket in-place of length inLen and
- set the resulting output length in *outLen. Returning WOLFSSL_TICKET_RET_OK
- tells wolfSSL that the encryption was successful. If this encrypt parameter
- is false, the user should perform a decrypt of the ticket in-place of length
- inLen using key_name, iv, and mac. The resulting decrypt length should be
- set in *outLen. Returning WOLFSSL_TICKET_RET_OK tells wolfSSL to proceed
- using the decrypted ticket. Returning WOLFSSL_TICKET_RET_CREATE tells
- wolfSSL to use the decrypted ticket but also to generate a new one to
- send to the client, helpful if recently rolled keys and don’t want to
- force a full handshake. Returning WOLFSSL_TICKET_RET_REJECT tells
- wolfSSL to reject this ticket, perform a full handshake, and create
- a new standard session ID for normal session resumption. Returning
- WOLFSSL_TICKET_RET_FATAL tells wolfSSL to end the connection
- attempt with a fatal error.
- \param ticket(Callback) the input/output buffer for the encrypted ticket.
- See the enc parameter
- \param inLen(Callback) the input length of the ticket parameter
- \param outLen(Callback) the resulting output length of the ticket parameter.
- When entering the callback outLen will indicate the maximum size available
- in the ticket buffer.
- \param userCtx(Callback) the user context set with
- wolfSSL_CTX_set_TicketEncCtx()
- _Example_
- \code
- See wolfssl/test.h myTicketEncCb() used by the example
- server and example echoserver.
- \endcode
- \sa wolfSSL_CTX_set_TicketHint
- \sa wolfSSL_CTX_set_TicketEncCtx
- */
- int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
- SessionTicketEncCb);
- /*!
- \brief This function sets the session ticket hint relayed to the client.
- For server side use.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
- invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
- \param hint number of seconds the ticket might be valid for. Hint to client.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCb
- */
- int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
- /*!
- \brief This function sets the session ticket encrypt user context for the
- callback. For server side use.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by
- passing invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created
- with wolfSSL_CTX_new().
- \param userCtx the user context for the callback
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCb
- */
- int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
- /*!
- \brief This function gets the session ticket encrypt user context for the
- callback. For server side use.
- \return userCtx will be returned upon successfully getting the session.
- \return NULL will be returned on failure. This is caused by
- passing invalid arguments to the function, or when the user context has
- not been set.
- \param ctx pointer to the WOLFSSL_CTX object, created
- with wolfSSL_CTX_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCtx
- */
- void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
- /*!
- \brief This function sets the handshake done callback. The hsDoneCb and
- hsDoneCtx members of the WOLFSSL structure are set in this function.
- \return SSL_SUCCESS returned if the function executed without an error.
- The hsDoneCb and hsDoneCtx members of the WOLFSSL struct are set.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer of type HandShakeDoneCb with the signature of
- the form: int (*HandShakeDoneCb)(WOLFSSL*, void*);
- \param user_ctx a void pointer to the user registered context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int myHsDoneCb(WOLFSSL* ssl, void* user_ctx){
- // callback function
- }
- …
- wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
- \endcode
- \sa HandShakeDoneCb
- */
- int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx);
- /*!
- \ingroup IO
- \brief This function prints the statistics from the session.
- \return SSL_SUCCESS returned if the function and subroutines return without
- error. The session stats have been successfully retrieved and printed.
- \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
- was passed an unacceptable argument.
- \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
- \param none No parameters.
- _Example_
- \code
- // You will need to have a session object to retrieve stats from.
- if(wolfSSL_PrintSessionStats(void) != SSL_SUCCESS ){
- // Did not print session stats
- }
- \endcode
- \sa wolfSSL_get_session_stats
- */
- int wolfSSL_PrintSessionStats(void);
- /*!
- \ingroup IO
- \brief This function gets the statistics for the session.
- \return SSL_SUCCESS returned if the function and subroutines return without
- error. The session stats have been successfully retrieved and printed.
- \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
- was passed an unacceptable argument.
- \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
- \param active a word32 pointer representing the total current sessions.
- \param total a word32 pointer representing the total sessions.
- \param peak a word32 pointer representing the peak sessions.
- \param maxSessions a word32 pointer representing the maximum sessions.
- _Example_
- \code
- int wolfSSL_PrintSessionStats(void){
- …
- ret = wolfSSL_get_session_stats(&totalSessionsNow,
- &totalSessionsSeen, &peak, &maxSessions);
- …
- return ret;
- \endcode
- \sa wolfSSL_PrintSessionStats
- */
- int wolfSSL_get_session_stats(unsigned int* active,
- unsigned int* total,
- unsigned int* peak,
- unsigned int* maxSessions);
- /*!
- \ingroup TLS
- \brief This function copies the values of cr and sr then passes through to
- wc_PRF (pseudo random function) and returns that value.
- \return 0 on success
- \return BUFFER_E returned if there will be an error
- with the size of the buffer.
- \return MEMORY_E returned if a subroutine failed
- to allocate dynamic memory.
- \param ms the master secret held in the Arrays structure.
- \param msLen the length of the master secret.
- \param pms the pre-master secret held in the Arrays structure.
- \param pmsLen the length of the pre-master secret.
- \param cr the client random.
- \param sr the server random.
- \param tls1_2 signifies that the version is at least tls version 1.2.
- \param hash_type signifies the hash type.
- _Example_
- \code
- WOLFSSL* ssl;
- called in MakeTlsMasterSecret and retrieves the necessary
- information as follows:
- int MakeTlsMasterSecret(WOLFSSL* ssl){
- int ret;
- ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
- ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
- ssl->arrays->clientRandom, ssl->arrays->serverRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
- …
- return ret;
- }
- \endcode
- \sa wc_PRF
- \sa MakeTlsMasterSecret
- */
- int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
- const unsigned char* pms, word32 pmsLen,
- const unsigned char* cr, const unsigned char* sr,
- int tls1_2, int hash_type);
- /*!
- \ingroup CertsKeys
- \brief An external facing wrapper to derive TLS Keys.
- \return 0 returned on success.
- \return BUFFER_E returned if the sum of labLen and
- seedLen (computes total size) exceeds the maximum size.
- \return MEMORY_E returned if the allocation of memory failed.
- \param key_data a byte pointer that is allocateded in DeriveTlsKeys
- and passed through to wc_PRF to hold the final hash.
- \param keyLen a word32 type that is derived in DeriveTlsKeys
- from the WOLFSSL structure’s specs member.
- \param ms a constant pointer type holding the master secret
- held in the arrays structure within the WOLFSSL structure.
- \param msLen a word32 type that holds the length of the
- master secret in an enumerated define, SECRET_LEN.
- \param sr a constant byte pointer to the serverRandom
- member of the arrays structure within the WOLFSSL structure.
- \param cr a constant byte pointer to the clientRandom
- member of the arrays structure within the WOLFSSL structure.
- \param tls1_2 an integer type returned from IsAtLeastTLSv1_2().
- \param hash_type an integer type held in the WOLFSSL structure.
- _Example_
- \code
- int DeriveTlsKeys(WOLFSSL* ssl){
- int ret;
- …
- ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret,
- SECRET_LEN, ssl->arrays->clientRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
- …
- }
- \endcode
- \sa wc_PRF
- \sa DeriveTlsKeys
- \sa IsAtLeastTLSv1_2
- */
- int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
- const unsigned char* ms, word32 msLen,
- const unsigned char* sr, const unsigned char* cr,
- int tls1_2, int hash_type);
- /*!
- \brief wolfSSL_connect_ex() is an extension that allows
- a HandShake Callback to be set. This can be useful in
- embedded systems for debugging support when a debugger isn’t
- available and sniffing is impractical. The HandShake Callback
- will be called whether or not a handshake error occurred.
- No dynamic memory is used since the maximum number of SSL
- packets is known. Packet names can be accessed through packetNames[].
- The connect extension also allows a Timeout Callback to be set along
- with a timeout value. This is useful if the user doesn’t want
- to wait for the TCP stack to timeout. This extension can be called
- with either, both, or neither callbacks.
- \return SSL_SUCCESS upon success.
- \return GETTIME_ERROR will be returned if gettimeofday()
- encountered an error.
- \return SETITIMER_ERROR will be returned if setitimer()
- encountered an error.
- \return SIGACT_ERROR will be returned if sigaction() encountered an error.
- \return SSL_FATAL_ERROR will be returned if the underlying SSL_connect()
- call encountered an error.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_accept_ex
- */
- int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
- TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
- /*!
- \brief wolfSSL_accept_ex() is an extension that allows a HandShake Callback
- to be set. This can be useful in embedded systems for debugging support
- when a debugger isn’t available and sniffing is impractical. The HandShake
- Callback will be called whether or not a handshake error occurred.
- No dynamic memory is used since the maximum number of SSL packets is known.
- Packet names can be accessed through packetNames[]. The connect extension
- also allows a Timeout Callback to be set along with a timeout value.
- This is useful if the user doesn’t want to wait for the TCP stack to timeout.
- This extension can be called with either, both, or neither callbacks.
- \return SSL_SUCCESS upon success.
- \return GETTIME_ERROR will be returned if gettimeofday()
- encountered an error.
- \return SETITIMER_ERROR will be returned if setitimer()
- encountered an error.
- \return SIGACT_ERROR will be returned if sigaction() encountered an error.
- \return SSL_FATAL_ERROR will be returned if the underlying
- SSL_accept() call encountered an error.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_connect_ex
- */
- int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb,
- TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
- /*!
- \ingroup IO
- \brief This is used to set the internal file pointer for a BIO.
- \return SSL_SUCCESS On successfully setting file pointer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set pair.
- \param fp file pointer to set in bio.
- \param c close file behavior flag.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_get_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
- /*!
- \ingroup IO
- \brief This is used to get the internal file pointer for a BIO.
- \return SSL_SUCCESS On successfully getting file pointer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set pair.
- \param fp file pointer to set in bio.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_get_fp(bio, &fp);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
- /*!
- \ingroup Setup
- \brief This function checks that the private key is a match
- with the certificate being used.
- \return SSL_SUCCESS On successfully match.
- \return SSL_FAILURE If an error case was encountered.
- \return <0 All error cases other than SSL_FAILURE are negative values.
- \param ssl WOLFSSL structure to check.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- // create and set up ssl
- ret = wolfSSL_check_private_key(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_check_private_key(const WOLFSSL* ssl);
- /*!
- \ingroup CertsKeys
- \brief This function looks for and returns the extension index
- matching the passed in NID value.
- \return >= 0 If successful the extension index is returned.
- \return -1 If extension is not found or error is encountered.
- \param x509 certificate to get parse through for extension.
- \param nid extension OID to be found.
- \param lastPos start search from extension after lastPos.
- Set to -1 initially.
- _Example_
- \code
- const WOLFSSL_X509* x509;
- int lastPos = -1;
- int idx;
- idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos);
- \endcode
- */
- int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509,
- int nid, int lastPos);
- /*!
- \ingroup CertsKeys
- \brief This function looks for and returns the extension
- matching the passed in NID value.
- \return pointer If successful a STACK_OF(WOLFSSL_ASN1_OBJECT)
- pointer is returned.
- \return NULL If extension is not found or error is encountered.
- \param x509 certificate to get parse through for extension.
- \param nid extension OID to be found.
- \param c if not NULL is set to -2 for multiple extensions found -1
- if not found, 0 if found and not critical and 1 if found and critical.
- \param idx if NULL return first extension matched otherwise if not
- stored in x509 start at idx.
- _Example_
- \code
- const WOLFSSL_X509* x509;
- int c;
- int idx = 0;
- STACK_OF(WOLFSSL_ASN1_OBJECT)* sk;
- sk = wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, &c, &idx);
- //check sk for NULL and then use it. sk needs freed after done.
- \endcode
- \sa wolfSSL_sk_ASN1_OBJECT_free
- */
- void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
- int nid, int* c, int* idx);
- /*!
- \ingroup CertsKeys
- \brief This function returns the hash of the DER certificate.
- \return SSL_SUCCESS On successfully creating a hash.
- \return SSL_FAILURE Returned on bad input or unsuccessful hash.
- \param x509 certificate to get the hash of.
- \param digest the hash algorithm to use.
- \param buf buffer to hold hash.
- \param len length of buffer.
- _Example_
- \code
- WOLFSSL_X509* x509;
- unsigned char buffer[64];
- unsigned int bufferSz;
- int ret;
- ret = wolfSSL_X509_digest(x509, wolfSSL_EVP_sha256(), buffer, &bufferSz);
- //check ret value
- \endcode
- \sa none
- */
- int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
- const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
- /*!
- \ingroup Setup
- \brief his is used to set the certificate for WOLFSSL structure to use
- during a handshake.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL argument passed in.
- \param ssl WOLFSSL structure to set certificate in.
- \param x509 certificate to use.
- _Example_
- \code WOLFSSL* ssl;
- WOLFSSL_X509* x509
- int ret;
- // create ssl object and x509
- ret = wolfSSL_use_certificate(ssl, x509);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This is used to set the certificate for WOLFSSL structure
- to use during a handshake. A DER formatted buffer is expected.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL argument passed in.
- \param ssl WOLFSSL structure to set certificate in.
- \param der DER certificate to use.
- \param derSz size of the DER buffer passed in.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* der;
- int derSz;
- int ret;
- // create ssl object and set DER variables
- ret = wolfSSL_use_certificate_ASN1(ssl, der, derSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
- int derSz);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL structure.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL ssl passed in. All error
- cases will be negative values.
- \param ssl WOLFSSL structure to set argument in.
- \param pkey private key to use.
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_EVP_PKEY* pkey;
- int ret;
- // create ssl object and set up private key
- ret = wolfSSL_use_PrivateKey(ssl, pkey);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL
- structure. A DER formatted key buffer is expected.
- \return SSL_SUCCESS On successful setting parsing and
- setting the private key.
- \return SSL_FAILURE If an NULL ssl passed in. All error cases
- will be negative values.
- \param pri type of private key.
- \param ssl WOLFSSL structure to set argument in.
- \param der buffer holding DER key.
- \param derSz size of der buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* pkey;
- long pkeySz;
- int ret;
- // create ssl object and set up private key
- ret = wolfSSL_use_PrivateKey_ASN1(1, ssl, pkey, pkeySz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_use_PrivateKey
- */
- int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
- unsigned char* der, long derSz);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL
- structure. A DER formatted RSA key buffer is expected.
- \return SSL_SUCCESS On successful setting parsing and setting
- the private key.
- \return SSL_FAILURE If an NULL ssl passed in. All error cases
- will be negative values.
- \param ssl WOLFSSL structure to set argument in.
- \param der buffer holding DER key.
- \param derSz size of der buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* pkey;
- long pkeySz;
- int ret;
- // create ssl object and set up RSA private key
- ret = wolfSSL_use_RSAPrivateKey_ASN1(ssl, pkey, pkeySz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_use_PrivateKey
- */
- int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
- long derSz);
- /*!
- \ingroup CertsKeys
- \brief This function duplicates the parameters in dsa to a
- newly created WOLFSSL_DH structure.
- \return WOLFSSL_DH If duplicated returns WOLFSSL_DH structure
- \return NULL upon failure
- \param dsa WOLFSSL_DSA structure to duplicate.
- _Example_
- \code
- WOLFSSL_DH* dh;
- WOLFSSL_DSA* dsa;
- // set up dsa
- dh = wolfSSL_DSA_dup_DH(dsa);
- // check dh is not null
- \endcode
- \sa none
- */
- WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
- /*!
- \ingroup Setup
- \brief This is used to get the master key after completing a handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer
- size needed is returned
- \param ses WOLFSSL_SESSION structure to get master secret buffer from.
- \param out buffer to hold data.
- \param outSz size of out buffer passed in. (if 0 function will
- return max buffer size needed)
- _Example_
- \code
- WOLFSSL_SESSION ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- // complete handshake and get session structure
- bufferSz = wolfSSL_SESSION_get_master_secret(ses, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_SESSION_get_master_secret(ses, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
- unsigned char* out, int outSz);
- /*!
- \ingroup Setup
- \brief This is used to get the master secret key length.
- \return size Returns master secret key size.
- \param ses WOLFSSL_SESSION structure to get master secret buffer from.
- _Example_
- \code
- WOLFSSL_SESSION ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- // complete handshake and get session structure
- bufferSz = wolfSSL_SESSION_get_master_secret_length(ses);
- buffer = malloc(bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
- /*!
- \ingroup Setup
- \brief This is a setter function for the WOLFSSL_X509_STORE
- structure in ctx.
- \return none No return.
- \param ctx pointer to the WOLFSSL_CTX structure for setting
- cert store pointer.
- \param str pointer to the WOLFSSL_X509_STORE to set in ctx.
- _Example_
- \code
- WOLFSSL_CTX ctx;
- WOLFSSL_X509_STORE* st;
- // setup ctx and st
- st = wolfSSL_CTX_set_cert_store(ctx, st);
- //use st
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
- WOLFSSL_X509_STORE* str);
- /*!
- \ingroup CertsKeys
- \brief This function get the DER buffer from bio and converts it
- to a WOLFSSL_X509 structure.
- \return pointer returns a WOLFSSL_X509 structure pointer on success.
- \return Null returns NULL on failure
- \param bio pointer to the WOLFSSL_BIO structure that has the DER
- certificate buffer.
- \param x509 pointer that get set to new WOLFSSL_X509 structure created.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* x509;
- // load DER into bio
- x509 = wolfSSL_d2i_X509_bio(bio, NULL);
- Or
- wolfSSL_d2i_X509_bio(bio, &x509);
- // use x509 returned (check for NULL)
- \endcode
- \sa none
- */
- WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509);
- /*!
- \ingroup Setup
- \brief This is a getter function for the WOLFSSL_X509_STORE
- structure in ctx.
- \return WOLFSSL_X509_STORE* On successfully getting the pointer.
- \return NULL Returned if NULL arguments are passed in.
- \param ctx pointer to the WOLFSSL_CTX structure for getting cert
- store pointer.
- _Example_
- \code
- WOLFSSL_CTX ctx;
- WOLFSSL_X509_STORE* st;
- // setup ctx
- st = wolfSSL_CTX_get_cert_store(ctx);
- //use st
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_set_cert_store
- */
- WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
- /*!
- \ingroup IO
- \brief Gets the number of pending bytes to read. If BIO type is BIO_BIO
- then is the number to read from pair. If BIO contains an SSL object then
- is pending data from SSL object (wolfSSL_pending(ssl)). If is BIO_MEMORY
- type then returns the size of memory buffer.
- \return >=0 number of pending bytes.
- \param bio pointer to the WOLFSSL_BIO structure that has already
- been created.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int pending;
- bio = wolfSSL_BIO_new();
- …
- pending = wolfSSL_BIO_ctrl_pending(bio);
- \endcode
- \sa wolfSSL_BIO_make_bio_pair
- \sa wolfSSL_BIO_new
- */
- size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
- /*!
- \ingroup Setup
- \brief This is used to get the random data sent by the server
- during the handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer size
- needed is returned
- \param ssl WOLFSSL structure to get clients random data buffer from.
- \param out buffer to hold random data.
- \param outSz size of out buffer passed in. (if 0 function will return max
- buffer size needed)
- _Example_
- \code
- WOLFSSL ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- bufferSz = wolfSSL_get_server_random(ssl, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_get_server_random(ssl, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
- unsigned char *out, size_t outlen);
- /*!
- \ingroup Setup
- \brief This is used to get the random data sent by the client during
- the handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer size needed
- is returned
- \param ssl WOLFSSL structure to get clients random data buffer from.
- \param out buffer to hold random data.
- \param outSz size of out buffer passed in. (if 0 function will return max
- buffer size needed)
- _Example_
- \code
- WOLFSSL ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- bufferSz = wolfSSL_get_client_random(ssl, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_get_client_random(ssl, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
- unsigned char* out, size_t outSz);
- /*!
- \ingroup Setup
- \brief This is a getter function for the password callback set in ctx.
- \return func On success returns the callback function.
- \return NULL If ctx is NULL then NULL is returned.
- \param ctx WOLFSSL_CTX structure to get call back from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- wc_pem_password_cb cb;
- // setup ctx
- cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
- //use cb
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX*
- ctx);
- /*!
- \ingroup Setup
- \brief This is a getter function for the password callback user
- data set in ctx.
- \return pointer On success returns the user data pointer.
- \return NULL If ctx is NULL then NULL is returned.
- \param ctx WOLFSSL_CTX structure to get user data from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- // setup ctx
- data = wolfSSL_CTX_get_default_passwd_cb(ctx);
- //use data
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
- /*!
- \ingroup CertsKeys
- \brief This function behaves the same as wolfSSL_PEM_read_bio_X509.
- AUX signifies containing extra information such as trusted/rejected use
- cases and friendly name for human readability.
- \return WOLFSSL_X509 on successfully parsing the PEM buffer a WOLFSSL_X509
- structure is returned.
- \return Null if failed to parse PEM buffer.
- \param bp WOLFSSL_BIO structure to get PEM buffer from.
- \param x if setting WOLFSSL_X509 by function side effect.
- \param cb password callback.
- \param u NULL terminated user password.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* x509;
- // setup bio
- X509 = wolfSSL_PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
- //check x509 is not null and then use it
- \endcode
- \sa wolfSSL_PEM_read_bio_X509
- */
- WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
- (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u);
- /*!
- \ingroup CertsKeys
- \brief Initializes the WOLFSSL_CTX structure’s dh member with the
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned if the function executed successfully.
- \return BAD_FUNC_ARG returned if the ctx or dh structures are NULL.
- \return SSL_FATAL_ERROR returned if there was an error setting a
- structure value.
- \return MEMORY_E returned if their was a failure to allocate memory.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param dh a pointer to a WOLFSSL_DH structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL_DH* dh;
- …
- return wolfSSL_CTX_set_tmp_dh(ctx, dh);
- \endcode
- \sa wolfSSL_BN_bn2bin
- */
- long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh);
- /*!
- \ingroup CertsKeys
- \brief This function get the DSA parameters from a PEM buffer in bio.
- \return WOLFSSL_DSA on successfully parsing the PEM buffer a WOLFSSL_DSA
- structure is created and returned.
- \return Null if failed to parse PEM buffer.
- \param bio pointer to the WOLFSSL_BIO structure for getting PEM
- memory pointer.
- \param x pointer to be set to new WOLFSSL_DSA structure.
- \param cb password callback function.
- \param u null terminated password string.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_DSA* dsa;
- // setup bio
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- // check dsa is not NULL and then use dsa
- \endcode
- \sa none
- */
- WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
- WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u);
- /*!
- \ingroup Debug
- \brief This function returns the absolute value of the last error from
- WOLFSSL_ERROR encountered.
- \return error Returns absolute value of last error.
- \param none No parameters.
- _Example_
- \code
- unsigned long err;
- ...
- err = wolfSSL_ERR_peek_last_error();
- // inspect err value
- \endcode
- \sa wolfSSL_ERR_print_errors_fp
- */
- unsigned long wolfSSL_ERR_peek_last_error(void);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s certificate chain.
- \return pointer returns a pointer to the peer’s Certificate stack.
- \return NULL returned if no peer certificate.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- wolfSSL_connect(ssl);
- STACK_OF(WOLFSSL_X509)* chain = wolfSSL_get_peer_cert_chain(ssl);
- ifchain){
- // You have a pointer to the peer certificate chain
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- */
- WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function resets option bits of WOLFSSL_CTX object.
- \return option new option bits
- \param ctx pointer to the SSL context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
- /*!
- \ingroup IO
- \brief This function sets the jObjectRef member of the WOLFSSL structure.
- \return SSL_SUCCESS returned if jObjectRef is properly set to objPtr.
- \return SSL_FAILURE returned if the function did not properly execute and
- jObjectRef is not set.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param objPtr a void pointer that will be set to jObjectRef.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new();
- void* objPtr = &obj;
- ...
- if(wolfSSL_set_jobject(ssl, objPtr)){
- // The success case
- }
- \endcode
- \sa wolfSSL_get_jobject
- */
- int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
- /*!
- \ingroup IO
- \brief This function returns the jObjectRef member of the WOLFSSL structure.
- \return value If the WOLFSSL struct is not NULL, the function returns the
- jObjectRef value.
- \return NULL returned if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL(ctx);
- ...
- void* jobject = wolfSSL_get_jobject(ssl);
- if(jobject != NULL){
- // Success case
- }
- \endcode
- \sa wolfSSL_set_jobject
- */
- void* wolfSSL_get_jobject(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets a callback in the ssl. The callback is to
- observe handshake messages. NULL value of cb resets the callback.
- \return SSL_SUCCESS On success.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to set callback argument.
- _Example_
- \code
- static cb(int write_p, int version, int content_type,
- const void *buf, size_t len, WOLFSSL *ssl, void *arg)
- …
- WOLFSSL* ssl;
- ret = wolfSSL_set_msg_callback(ssl, cb);
- // check ret
- \endcode
- \sa wolfSSL_set_msg_callback_arg
- */
- int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
- /*!
- \ingroup Setup
- \brief This function sets associated callback context value in the ssl.
- The value is handed over to the callback argument.
- \return none No return.
- \param ssl WOLFSSL structure to set callback argument.
- _Example_
- \code
- static cb(int write_p, int version, int content_type,
- const void *buf, size_t len, WOLFSSL *ssl, void *arg)
- …
- WOLFSSL* ssl;
- ret = wolfSSL_set_msg_callback(ssl, cb);
- // check ret
- wolfSSL_set_msg_callback(ssl, arg);
- \endcode
- \sa wolfSSL_set_msg_callback
- */
- int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
- /*!
- \ingroup CertsKeys
- \brief This function returns the next, if any, altname from the peer certificate.
- \return NULL if there is not a next altname.
- \return cert->altNamesNext->name from the WOLFSSL_X509 structure that is a
- string value from the altName list is returned if it exists.
- \param cert a pointer to the wolfSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- …
- int x509NextAltName = wolfSSL_X509_get_next_altname(x509);
- if(x509NextAltName == NULL){
- //There isn’t another alt name
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief The function checks to see if x509 is NULL and if it’s not, it
- returns the notBefore member of the x509 struct.
- \return pointer to struct with ASN1_TIME to the notBefore
- member of the x509 struct.
- \return NULL the function returns NULL if the x509 structure is NULL.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- …
- const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509);
- if(notAfter == NULL){
- //The x509 object was NULL
- }
- \endcode
- \sa wolfSSL_X509_get_notAfter
- */
- WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509*);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates an SSL/TLS
- handshake with a server. When this function is called, the underlying
- communication channel has already been set up.
- wolfSSL_connect() works with both blocking and non-blocking I/O. When the
- underlying I/O is non-blocking, wolfSSL_connect() will return when the
- underlying I/O could not satisfy the needs of wolfSSL_connect to continue
- the handshake. In this case, a call to wolfSSL_get_error() will yield
- either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process
- must then repeat the call to wolfSSL_connect() when the underlying I/O is
- ready and wolfSSL will pick up where it left off. When using a non-blocking
- socket, nothing needs to be done, but select() can be used to check for the
- required condition.
- If the underlying I/O is blocking, wolfSSL_connect() will only return once
- the handshake has been finished or an error occurred.
- wolfSSL takes a different approach to certificate verification than OpenSSL
- does. The default policy for the client is to verify the server, this
- means that if you don't load CAs to verify the server you'll get a connect
- error, unable to verify (-155). It you want to mimic OpenSSL behavior of
- having SSL_connect succeed even if verifying the server fails and reducing
- security you can do this by calling:
- SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new();
- Though it's not recommended.
- \return SSL_SUCCESS If successful.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_accept
- */
- int wolfSSL_connect(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on the server side to indicate that a
- HelloRetryRequest message must contain a Cookie and, in case of using
- protocol DTLS v1.3, that the handshake will always include a cookie
- exchange. Please note that when using protocol DTLS v1.3, the cookie
- exchange is enabled by default. The Cookie holds a hash of the current
- transcript so that another server process can handle the ClientHello in
- reply. The secret is used when generating the integrity check on the Cookie
- data.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] secret a pointer to a buffer holding the secret.
- Passing NULL indicates to generate a new random secret.
- \param [in] secretSz Size of the secret in bytes.
- Passing 0 indicates to use the default size: WC_SHA256_DIGEST_SIZE (or WC_SHA_DIGEST_SIZE when SHA-256 not available).
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return WOLFSSL_SUCCESS if successful.
- \return MEMORY_ERROR if allocating dynamic memory for storing secret failed.
- \return Another -ve value on internal error.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char secret[32];
- ...
- ret = wolfSSL__send_hrr_cookie(ssl, secret, sizeof(secret));
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set use of Cookie and secret
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_disable_hrr_cookie
- */
- int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
- const unsigned char* secret, unsigned int secretSz);
- /*!
- \ingroup Setup
- \brief This function is called on the server side to indicate that a
- HelloRetryRequest message must NOT contain a Cookie and that, if using
- protocol DTLS v1.3, a cookie exchange will not be included in the
- handshake. Please note that not doing a cookie exchange when using protocol
- DTLS v1.3 can make the server susceptible to DoS/Amplification attacks.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return WOLFSSL_SUCCESS if successful
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3
- \return SIDE_ERROR if invoked on client
- \sa wolfSSL_send_hrr_cookie
- */
- int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on the server to stop it from sending
- a resumption session ticket once the handshake is complete.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_no_ticket_TLSv13(ctx);
- if (ret != 0) {
- // failed to set no ticket
- }
- \endcode
- \sa wolfSSL_no_ticket_TLSv13
- */
- int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on the server to stop it from sending
- a resumption session ticket once the handshake is complete.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_no_ticket_TLSv13(ssl);
- if (ret != 0) {
- // failed to set no ticket
- }
- \endcode
- \sa wolfSSL_CTX_no_ticket_TLSv13
- */
- int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 wolfSSL context to disallow
- Diffie-Hellman (DH) style key exchanges when handshakes are using
- pre-shared keys for authentication.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_no_dhe_psk(ctx);
- if (ret != 0) {
- // failed to set no DHE for PSK handshakes
- }
- \endcode
- \sa wolfSSL_no_dhe_psk
- */
- int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- disallow Diffie-Hellman (DH) style key exchanges when handshakes are using
- pre-shared keys for authentication.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_no_dhe_psk(ssl);
- if (ret != 0) {
- // failed to set no DHE for PSK handshakes
- }
- \endcode
- \sa wolfSSL_CTX_no_dhe_psk
- */
- int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- force the rollover of keys. A KeyUpdate message is sent to the peer and
- new keys are calculated for encryption. The peer will send back a KeyUpdate
- message and the new decryption keys will then be calculated.
- This function can only be called after a handshake has been completed.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return WANT_WRITE if the writing is not ready.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_update_keys(ssl);
- if (ret == WANT_WRITE) {
- // need to call again when I/O ready
- }
- else if (ret != WOLFSSL_SUCCESS) {
- // failed to send key update
- }
- \endcode
- \sa wolfSSL_write
- */
- int wolfSSL_update_keys(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- determine whether a rollover of keys is in progress. When
- wolfSSL_update_keys() is called, a KeyUpdate message is sent and the
- encryption key is updated. The decryption key is updated when the response
- is received.
- \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [out] required 0 when no key update response required. 1 when no key update response required.
- \return 0 on successful.
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int required;
- ...
- ret = wolfSSL_key_update_response(ssl, &required);
- if (ret != 0) {
- // bad parameters
- }
- if (required) {
- // encrypt Key updated, awaiting response to change decrypt key
- }
- \endcode
- \sa wolfSSL_update_keys
- */
- int wolfSSL_key_update_response(WOLFSSL* ssl, int* required);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client wolfSSL context to allow
- a client certificate to be sent post handshake upon request from server.
- This is useful when connecting to a web server that has some pages that
- require client authentication and others that don't.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_allow_post_handshake_auth(ctx);
- if (ret != 0) {
- // failed to allow post handshake authentication
- }
- \endcode
- \sa wolfSSL_allow_post_handshake_auth
- \sa wolfSSL_request_certificate
- */
- int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client wolfSSL to allow
- a client certificate to be sent post handshake upon request from server.
- A Post-Handshake Client Authentication extension is sent in the ClientHello.
- This is useful when connecting to a web server that has some pages that
- require client authentication and others that don't.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_allow_post_handshake_auth(ssl);
- if (ret != 0) {
- // failed to allow post handshake authentication
- }
- \endcode
- \sa wolfSSL_CTX_allow_post_handshake_auth
- \sa wolfSSL_request_certificate
- */
- int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function requests a client certificate from the TLS v1.3 client.
- This is useful when a web server is serving some pages that require client
- authentication and others that don't.
- A maximum of 256 requests can be sent on a connection.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return WANT_WRITE if the writing is not ready.
- \return SIDE_ERROR if called with a client.
- \return NOT_READY_ERROR if called when the handshake is not finished.
- \return POST_HAND_AUTH_ERROR if posthandshake authentication is disallowed.
- \return MEMORY_E if dynamic memory allocation fails.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_request_certificate(ssl);
- if (ret == WANT_WRITE) {
- // need to call again when I/O ready
- }
- else if (ret != WOLFSSL_SUCCESS) {
- // failed to request a client certificate
- }
- \endcode
- \sa wolfSSL_allow_post_handshake_auth
- \sa wolfSSL_write
- */
- int wolfSSL_request_certificate(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL context in order of preference.
- The list is a null-terminated text string, and a colon-delimited list.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] list a string that is a colon-delimited list of elliptic curve
- groups.
- \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
- WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
- using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- const char* list = "P-384:P-256";
- ...
- ret = wolfSSL_CTX_set1_groups_list(ctx, list);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL in order of preference.
- The list is a null-terminated text string, and a colon-delimited list.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] list a string that is a colon separated list of key exchange
- groups.
- \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
- WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
- using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- const char* list = "P-384:P-256";
- ...
- ret = wolfSSL_CTX_set1_groups_list(ssl, list);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
- /*!
- \ingroup TLS
- \brief This function returns the key exchange group the client prefers to
- use in the TLS v1.3 handshake.
- Call this function to after a handshake is complete to determine which
- group the server prefers so that this information can be used in future
- connections to pre-generate a key pair for key exchange.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return NOT_READY_ERROR if called before handshake is complete.
- \return Group identifier if successful.
- _Example_
- \code
- int ret;
- int group;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_CTX_set1_groups_list(ssl)
- if (ret < 0) {
- // failed to get group
- }
- group = ret;
- \endcode
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- */
- int wolfSSL_preferred_group(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL context in order of preference.
- The list is an array of group identifiers with the number of identifiers
- specified in count.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] groups a list of key exchange groups by identifier.
- \param [in] count the number of key exchange groups in groups.
- \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
- exceeds WOLFSSL_MAX_GROUP_COUNT or not using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
- int count = 2;
- ...
- ret = wolfSSL_CTX_set1_groups_list(ctx, groups, count);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
- int count);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL.
- The list is an array of group identifiers with the number of identifiers
- specified in count.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] groups a list of key exchange groups by identifier.
- \param [in] count the number of key exchange groups in groups.
- \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
- exceeds WOLFSSL_MAX_GROUP_COUNT, any of the identifiers are unrecognized or
- not using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
- int count = 2;
- ...
- ret = wolfSSL_set_groups(ssl, groups, count);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates a
- TLS v1.3 handshake with a server. When this function is called, the
- underlying communication channel has already been set up.
- wolfSSL_connect() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_connect() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_connect
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The
- calling process must then repeat the call to wolfSSL_connect() when
- the underlying I/O is ready and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O is
- blocking, wolfSSL_connect() will only return once the handshake has been
- finished or an error occurred. wolfSSL takes a different approach to
- certificate verification than OpenSSL does. The default policy for the
- client is to verify the server, this means that if you don't load CAs to
- verify the server you'll get a connect error, unable to verify (-155). It
- you want to mimic OpenSSL behavior of having SSL_connect succeed even if
- verifying the server fails and reducing security you can do this by
- calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling
- SSL_new(); Though it's not recommended.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- \sa wolfSSL_accept_TLSv13
- \sa wolfSSL_accept
- */
- int wolfSSL_connect_TLSv13(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function is called on the server side and waits for a SSL/TLS
- client to initiate the SSL/TLS handshake. When this function is called,
- the underlying communication channel has already been set up.
- wolfSSL_accept() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_accept() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_accept
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_accept when
- data is available to read and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O
- is blocking, wolfSSL_accept() will only return once the handshake has
- been finished or an error occurred.
- Call this function when expecting a TLS v1.3 connection though older
- version ClientHello messages are supported.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_accept_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect_TLSv13
- \sa wolfSSL_connect
- \sa wolfSSL_accept_TLSv13
- \sa wolfSSL_accept
- */
- wolfSSL_accept_TLSv13(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the maximum amount of early data that a
- TLS v1.3 client or server is willing to exchange using the wolfSSL context.
- Call this function to limit the amount of early data to process to mitigate
- replay attacks. Early data is protected by keys derived from those of the
- connection that the session ticket was sent and therefore will be the same
- every time a session ticket is used in resumption.
- The value is included in the session ticket for resumption.
- A server value of zero indicates no early data is to be sent by client using
- session tickets. A client value of zero indicates that the client will
- not send any early data.
- It is recommended that the number of early data bytes be kept as low as
- practically possible in the application.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] sz the amount of early data to accept in bytes.
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_set_max_early_data(ctx, 128);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
- unsigned int sz);
- /*!
- \ingroup Setup
- \brief This function sets the maximum amount of early data that a
- TLS v1.3 client or server is willing to exchange.
- Call this function to limit the amount of early data to process to mitigate
- replay attacks. Early data is protected by keys derived from those of the
- connection that the session ticket was sent and therefore will be the same
- every time a session ticket is used in resumption.
- The value is included in the session ticket for resumption.
- A server value of zero indicates no early data is to be sent by client using
- session tickets. A client value of zero indicates that the client will
- not send any early data.
- It is recommended that the number of early data bytes be kept as low as
- practically possible in the application.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] sz the amount of early data to accept from client in bytes.
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_set_max_early_data(ssl, 128);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
- /*!
- \ingroup IO
- \brief This function writes early data to the server on resumption.
- Call this function instead of wolfSSL_connect() or wolfSSL_connect_TLSv13()
- to connect to the server and send the data in the handshake.
- This function is only used with clients.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] data the buffer holding the early data to write to server.
- \param [in] sz the amount of early data to write in bytes.
- \param [out] outSz the amount of early data written in bytes.
- \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
- not using TLSv1.3.
- \return SIDE_ERROR if called with a server.
- \return WOLFSSL_FATAL_ERROR if the connection is not made.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- byte earlyData[] = { early data };
- int outSz;
- char buffer[80];
- ...
- ret = wolfSSL_write_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- goto err_label;
- }
- if (outSz < sizeof(earlyData)) {
- // not all early data was sent
- }
- ret = wolfSSL_connect_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_read_early_data
- \sa wolfSSL_connect
- \sa wolfSSL_connect_TLSv13
- */
- int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
- int sz, int* outSz);
- /*!
- \ingroup IO
- \brief This function reads any early data from a client on resumption.
- Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
- to accept a client and read any early data in the handshake. The function
- should be invoked until wolfSSL_is_init_finished() returns true. Early data
- may be sent by the client in multiple messages. If there is no early data
- then the handshake will be processed as normal. This function is only used
- with servers.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [out] data a buffer to hold the early data read from client.
- \param [in] sz size of the buffer in bytes.
- \param [out] outSz number of bytes of early data read.
- \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
- not using TLSv1.3.
- \return SIDE_ERROR if called with a client.
- \return WOLFSSL_FATAL_ERROR if accepting a connection fails.
- \return Number of early data bytes read (may be zero).
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- byte earlyData[128];
- int outSz;
- char buffer[80];
- ...
- do {
- ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
- if (ret < 0) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- if (outSz > 0) {
- // early data available
- }
- } while (!wolfSSL_is_init_finished(ssl));
- \endcode
- \sa wolfSSL_write_early_data
- \sa wolfSSL_accept
- \sa wolfSSL_accept_TLSv13
- */
- int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
- int* outSz);
- /*!
- \ingroup IO
- \brief This function is called to inject data into the WOLFSSL object. This
- is useful when data needs to be read from a single place and demultiplexed
- into multiple connections. The caller should then call wolfSSL_read() to
- extract the plaintext data from the WOLFSSL object.
- \param [in] ssl a pointer to a WOLFSSL structure, created using
- wolfSSL_new().
- \param [in] data data to inject into the ssl object.
- \param [in] sz number of bytes of data to inject.
- \return BAD_FUNC_ARG if any pointer parameter is NULL or sz <= 0
- \return APP_DATA_READY if there is application data left to read
- \return MEMORY_E if allocation fails
- \return WOLFSSL_SUCCESS on success
- _Example_
- \code
- byte buf[2000]
- sz = recv(fd, buf, sizeof(buf), 0);
- if (sz <= 0)
- // error
- if (wolfSSL_inject(ssl, buf, sz) != WOLFSSL_SUCCESS)
- // error
- sz = wolfSSL_read(ssl, buf, sizeof(buf);
- \endcode
- \sa wolfSSL_read
- */
- int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) client side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the client_psk_tls13_cb member of the
- WOLFSSL_CTX structure.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- ...
- wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx,
- wc_psk_client_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) client side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the client_psk_tls13_cb member of the options field in
- WOLFSSL structure.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
- wc_psk_client_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) server side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the server_psk_tls13_cb member of the
- WOLFSSL_CTX structure.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- ...
- wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX* ctx,
- wc_psk_server_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) server side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the server_psk_tls13_cb member of the options field in
- WOLFSSL structure.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- */
- void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
- wc_psk_server_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function creates a key share entry from the group including
- generating a key pair.
- The KeyShare extension contains all the generated public keys for key
- exchange. If this function is called, then only the groups specified will
- be included.
- Call this function when a preferred group has been previously established
- for the server.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] group a key exchange group identifier.
- \return BAD_FUNC_ARG if ssl is NULL.
- \return MEMORY_E when dynamic memory allocation fails.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set key share
- }
- \endcode
- \sa wolfSSL_preferred_group
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_NoKeyShares
- */
- int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
- /*!
- \ingroup Setup
- \brief This function is called to ensure no key shares are sent in the
- ClientHello. This will force the server to respond with a HelloRetryRequest
- if a key exchange is required in the handshake.
- Call this function when the expected key exchange group is not known and
- to avoid the generation of keys unnecessarily.
- Note that an extra round-trip will be required to complete the handshake
- when a key exchange is required.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL.
- \return SIDE_ERROR if called with a server.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_NoKeyShares(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set no key shares
- }
- \endcode
- \sa wolfSSL_UseKeyShare
- */
- int wolfSSL_NoKeyShares(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a server and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_server_method_ex(NULL);
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a client and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_client_method_ex(NULL);
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a server and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method_ex
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a client and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method_ex
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfTLSv1_3_client_method except that it is not determined
- which side yet (server/client).
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfTLSv1_3_client_method except that it is not determined
- which side yet (server/client).
- \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfTLSv1_3_method(void);
- /*!
- \ingroup SSL
- \brief This function sets a fixed / static ephemeral key for testing only
- \return 0 Key loaded successfully
- \param ctx A WOLFSSL_CTX context pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
- \param keySz key size (should be 0 for "key" arg is file path)
- \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
- \sa wolfSSL_CTX_get_ephemeral_key
- */
- int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const char* key, unsigned int keySz, int format);
- /*!
- \ingroup SSL
- \brief This function sets a fixed / static ephemeral key for testing only
- \return 0 Key loaded successfully
- \param ssl A WOLFSSL object pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
- \param keySz key size (should be 0 for "key" arg is file path)
- \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
- \sa wolfSSL_get_ephemeral_key
- */
- int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format);
- /*!
- \ingroup SSL
- \brief This function returns pointer to loaded key as ASN.1/DER
- \return 0 Key returned successfully
- \param ctx A WOLFSSL_CTX context pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key buffer pointer
- \param keySz key size pointer
- \sa wolfSSL_CTX_set_ephemeral_key
- */
- int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
- const unsigned char** key, unsigned int* keySz);
- /*!
- \ingroup SSL
- \brief This function returns pointer to loaded key as ASN.1/DER
- \return 0 Key returned successfully
- \param ssl A WOLFSSL object pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key buffer pointer
- \param keySz key size pointer
- \sa wolfSSL_set_ephemeral_key
- */
- int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
- const unsigned char** key, unsigned int* keySz);
- /*!
- \ingroup SSL
- \brief Sign a message with the chosen message digest, padding, and RSA key
- \return WOLFSSL_SUCCESS on success and c on error
- \param type Hash NID
- \param m Message to sign. Most likely this will be the digest of
- the message to sign
- \param mLen Length of message to sign
- \param sigRet Output buffer
- \param sigLen On Input: length of sigRet buffer
- On Output: length of data written to sigRet
- \param rsa RSA key used to sign the input
- \param flag 1: Output the signature
- 0: Output the value that the unpadded signature should be
- compared to. Note: for RSA_PKCS1_PSS_PADDING the
- wc_RsaPSS_CheckPadding_ex function should be used to check
- the output of a *Verify* function.
- \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and
- RSA_PKCS1_PADDING are currently supported for signing.
- */
- int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
- unsigned int mLen, unsigned char* sigRet,
- unsigned int* sigLen, WOLFSSL_RSA* rsa,
- int flag, int padding);
- /*!
- \brief checks if DTLSv1.3 stack has some messages sent but not yet acknowledged
- by the other peer
- \return 1 if there are pending messages, 0 otherwise
- \param ssl A WOLFSSL object pointer
- */
- int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
- /*!
- \ingroup SSL
- \brief Get the maximum size of Early Data from a session.
- \param [in] s the WOLFSSL_SESSION instance.
- \return the value of max_early_data that was configured in the WOLFSSL* the session
- was derived from.
- \sa wolfSSL_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s);
- /*!
- \ingroup SSL
- \brief Get a new index for external data. This entry applies also for the
- following API:
- - wolfSSL_CTX_get_ex_new_index
- - wolfSSL_get_ex_new_index
- - wolfSSL_SESSION_get_ex_new_index
- - wolfSSL_X509_get_ex_new_index
- \param [in] All input parameters are ignored. The callback functions are not
- supported with wolfSSL.
- \return The new index value to be used with the external data API for this
- object class.
- */
- int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*);
- /*!
- \ingroup Setup
- \brief In case this function is called in a client side, set certificate types
- that can be sent to its peer. In case called in a server side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_CTX_set_client_cert_type(ctx, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a server side, set certificate types
- that can be sent to its peer. In case called in a client side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_CTX_set_server_cert_type(ctx, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a client side, set certificate types
- that can be sent to its peer. In case called in a server side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ssl WOLFSSL object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_set_client_cert_type(ssl, buf, len);
- \endcode
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a server side, set certificate types
- that can be sent to its peer. In case called in a client side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_set_server_cert_type(ssl, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
- /*!
- \ingroup SSL
- \brief This function returns the result of the client certificate type
- negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
- a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
- returned as the certificate type.
- \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
- \return BAD_FUNC_ARG if NULL was passed for ctx or tp
- \param ssl WOLFSSL object pointer
- \param tp A buffer where a certificate type is to be returned. One of three
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
- WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int tp;
- ...
- ret = wolfSSL_get_negotiated_client_cert_type(ssl, &tp);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
- /*!
- \ingroup SSL
- \brief This function returns the result of the server certificate type
- negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
- a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
- returned as the certificate type.
- \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
- \return BAD_FUNC_ARG if NULL was passed for ctx or tp
- \param ssl WOLFSSL object pointer
- \param tp A buffer where a certificate type is to be returned. One of three
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
- WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int tp;
- ...
- ret = wolfSSL_get_negotiated_server_cert_type(ssl, &tp);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- */
- int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp);
- /*!
- \brief Enable use of ConnectionID extensions for the SSL object. See RFC 9146
- and RFC 9147
- \return WOLFSSL_SUCCESS on success, error code otherwise
- \param ssl A WOLFSSL object pointer
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_use(WOLFSSL* ssl);
- /*!
- \brief If invoked after the handshake is complete it checks if ConnectionID was
- successfully negotiated for the SSL object. See RFC 9146 and RFC 9147
- \return 1 if ConnectionID was correctly negotiated, 0 otherwise
- \param ssl A WOLFSSL object pointer
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
- /*!
- \brief Set the ConnectionID used by the other peer to send records in this
- connection. See RFC 9146 and RFC 9147. The ConnectionID must be at maximum
- DTLS_CID_MAX_SIZE, that is an tunable compile time define, and it can't
- never be bigger than 255 bytes.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly set, error code otherwise
- \param ssl A WOLFSSL object pointern
- \param cid the ConnectionID to be used
- \param size of the ConnectionID provided
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid,
- unsigned int size);
- /*!
- \brief Get the size of the ConnectionID used by the other peer to send records
- in this connection. See RFC 9146 and RFC 9147. The size is stored in the
- parameter size.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly negotiated, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param size a pointer to an unsigned int where the size will be stored
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl,
- unsigned int* size);
- /*!
- \brief Copy the ConnectionID used by the other peer to send records in this
- connection into the buffer pointed by the parameter buffer. See RFC 9146 and RFC
- 9147. The available space in the buffer need to be provided in bufferSz.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param buffer A buffer where the ConnectionID will be copied
- \param bufferSz available space in buffer
- \sa wolfSSL_dtls_cid_get0_rx
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
- unsigned int bufferSz);
- /*!
- \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
- 9147.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
- \param ssl A WOLFSSL object pointern
- \param cid Pointer that will be set to the internal memory that holds the CID
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
- /*!
- \brief Get the size of the ConnectionID used to send records in this
- connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
- \return WOLFSSL_SUCCESS if ConnectionID size was correctly stored, error
- code otherwise
- \param ssl A WOLFSSL object pointern
- \param size a pointer to an unsigned int where the size will be stored
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size);
- /*!
- \brief Copy the ConnectionID used when sending records in this connection into
- the buffer pointer by the parameter buffer. See RFC 9146 and RFC 9147. The
- available size need to be provided in bufferSz.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param buffer A buffer where the ConnectionID will be copied
- \param bufferSz available space in buffer
- \sa wolfSSL_dtls_cid_get0_tx
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- */
- int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
- unsigned int bufferSz);
- /*!
- \brief Get the ConnectionID used when sending records in this connection. See
- RFC 9146 and RFC 9147.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly retrieved, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param cid Pointer that will be set to the internal memory that holds the CID
- \sa wolfSSL_dtls_cid_get_tx
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- */
- int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
- /*!
- \brief Extract the ConnectionID from a record datagram/message. See
- RFC 9146 and RFC 9147.
- \param msg buffer holding the datagram read from the network
- \param msgSz size of msg in bytes
- \param cid pointer to the start of the CID inside the msg buffer
- \param cidSz the expected size of the CID. The record layer does not have a CID
- size field so we have to know beforehand the size of the CID. It is recommended
- to use a constant CID for all connections.
- \sa wolfSSL_dtls_cid_get_tx
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- */
- void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz,
- const unsigned char** cid, unsigned int cidSz);
- /*!
- \ingroup TLS
- \brief This function returns the raw list of ciphersuites and signature
- algorithms offered by the client. The lists are only stored and returned
- inside a callback setup with wolfSSL_CTX_set_cert_cb(). This is useful to
- be able to dynamically load certificates and keys based on the available
- ciphersuites and signature algorithms.
- \param [in] ssl The WOLFSSL object to extract the lists from.
- \param [out] optional suites Raw and unfiltered list of client ciphersuites
- \param [out] optional suiteSz Size of suites in bytes
- \param [out] optional hashSigAlgo Raw and unfiltered list of client
- signature algorithms
- \param [out] optional hashSigAlgoSz Size of hashSigAlgo in bytes
- \return WOLFSSL_SUCCESS when suites available
- \return WOLFSSL_FAILURE when suites not available
- _Example_
- \code
- int certCB(WOLFSSL* ssl, void* arg)
- {
- const byte* suites = NULL;
- word16 suiteSz = 0;
- const byte* hashSigAlgo = NULL;
- word16 hashSigAlgoSz = 0;
- wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo,
- &hashSigAlgoSz);
- // Choose certificate to load based on ciphersuites and sigalgs
- }
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
- wolfSSL_CTX_set_cert_cb(ctx, certCB, NULL);
- \endcode
- \sa wolfSSL_get_ciphersuite_info
- \sa wolfSSL_get_sigalg_info
- */
- int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
- const byte** suites, word16* suiteSz,
- const byte** hashSigAlgo, word16* hashSigAlgoSz);
- /*!
- \ingroup TLS
- \brief This returns information about the ciphersuite directly from the
- raw ciphersuite bytes.
- \param [in] first First byte of the ciphersuite
- \param [in] second Second byte of the ciphersuite
- \return WOLFSSL_CIPHERSUITE_INFO A struct containing information about the
- type of authentication used in the ciphersuite.
- _Example_
- \code
- WOLFSSL_CIPHERSUITE_INFO info =
- wolfSSL_get_ciphersuite_info(suites[0], suites[1]);
- if (info.rsaAuth)
- haveRSA = 1;
- else if (info.eccAuth)
- haveECC = 1;
- \endcode
- \sa wolfSSL_get_client_suites_sigalgs
- \sa wolfSSL_get_sigalg_info
- */
- WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
- byte second);
- /*!
- \ingroup TLS
- \brief This returns information about the hash and signature algorithm
- directly from the raw ciphersuite bytes.
- \param [in] first First byte of the hash and signature algorithm
- \param [in] second Second byte of the hash and signature algorithm
- \param [out] hashAlgo The enum wc_HashType of the MAC algorithm
- \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
- \return 0 when info was correctly set
- \return BAD_FUNC_ARG when either input parameters are NULL or the bytes
- are not a recognized sigalg suite
- _Example_
- \code
- enum wc_HashType hashAlgo;
- enum Key_Sum sigAlgo;
- wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
- &hashAlgo, &sigAlgo);
- if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
- haveRSA = 1;
- else if (sigAlgo == ECDSAk)
- haveECC = 1;
- \endcode
- \sa wolfSSL_get_client_suites_sigalgs
- \sa wolfSSL_get_ciphersuite_info
- */
- int wolfSSL_get_sigalg_info(byte first, byte second,
- int* hashAlgo, int* sigAlgo);
|