1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038 |
- /*!
- \brief This function initializes the DTLS v1.2 client method.
- \return pointer This function returns a pointer to a new
- WOLFSSL_METHOD structure.
- \param none No parameters.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
- …
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- \endcode
- \sa wolfSSL_Init
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfSSLv23_client_method except that it is not determined
- which side yet (server/client).
- \return WOLFSSL_METHOD* On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- \param none No parameters.
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfSSLv23_method());
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfSSLv23_method(void);
- /*!
- \ingroup Setup
- \brief The wolfSSLv3_server_method() function is used to indicate
- that the application is a server and will only support the SSL 3.0
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv3_server_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv3_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfSSLv3_client_method() function is used to indicate
- that the application is a client and will only support the SSL 3.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be
- returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv3_client_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv3_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_server_method() function is used to indicate that the
- application is a server and will only support the TLS 1.0 protocol. This
- function allocates memory for and initializes a new wolfSSL_METHOD
- structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_server_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.0
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC,
- the failure value of the underlying malloc() implementation
- will be returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_client_method();
- if (method == NULL) {
- unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_1_server_method() function is used to indicate
- that the application is a server and will only support the TLS 1.1
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_1_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_1_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the
- newly created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_1_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_2_server_method() function is used to indicate
- that the application is a server and will only support the TLS 1.2
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_2_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfTLSv1_2_client_method() function is used to indicate
- that the application is a client and will only support the TLS 1.2
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_2_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_client_method() function is used to indicate that
- the application is a client and will only support the DTLS 1.0 protocol.
- This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls,
- or by defining wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_server_method() function is used to indicate
- that the application is a server and will only support the DTLS 1.0
- protocol. This function allocates memory for and initializes a
- new wolfSSL_METHOD structure to be used when creating the SSL/TLS
- context with wolfSSL_CTX_new(). This function is only available
- when wolfSSL has been compiled with DTLS support (--enable-dtls,
- or by defining wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_3_server_method() function is used to indicate that
- the application is a server and will only support the DTLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new(). This function is only available when wolfSSL has been
- compiled with DTLSv1.3 support (--enable-dtls13, or by defining
- wolfSSL_DTLS13).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_3_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLSv1_3_client_method
- */
- WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLSv1_3_client_method() function is used to indicate that
- the application is a client and will only support the DTLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context with
- wolfSSL_CTX_new(). This function is only available when wolfSSL has been
- compiled with DTLSv1.3 support (--enable-dtls13, or by defining
- wolfSSL_DTLS13).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLSv1_3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLSv1_3_server_method
- */
- WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLS_server_method() function is used to indicate that the
- application is a server and will support the highest version of DTLS
- available and all the version up to the minimum version allowed. The
- default minimum version allowed is based on the define
- WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
- wolfSSL_SetMinVersion(). This function allocates memory for and initializes
- a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls, or by defining
- wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLS_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLS_client_method
- \sa wolfSSL_SetMinVersion
- */
- WOLFSSL_METHOD *wolfDTLS_server_method(void);
- /*!
- \ingroup Setup
- \brief The wolfDTLS_client_method() function is used to indicate that the
- application is a client and will support the highest version of DTLS
- available and all the version up to the minimum version allowed. The
- default minimum version allowed is based on the define
- WOLFSSL_MIN_DTLS_DOWNGRADE and can be changed at runtime using
- wolfSSL_SetMinVersion(). This function allocates memory for and initializes
- a new wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new(). This function is only available when wolfSSL has
- been compiled with DTLS support (--enable-dtls, or by defining
- wolfSSL_DTLS).
- \return * If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfDTLS_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfDTLS_server_method
- \sa wolfSSL_SetMinVersion
- */
- WOLFSSL_METHOD *wolfDTLS_client_method(void);
- /*!
- \brief This function creates and initializes a WOLFSSL_METHOD for the
- server side.
- \return This function returns a WOLFSSL_METHOD pointer.
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- …
- \endcode
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
- /*!
- \ingroup Setup
- \brief Since there is some differences between the first release and
- newer versions of chacha-poly AEAD construction we have added an option
- to communicate with servers/clients using the older version. By default
- wolfSSL uses the new version.
- \return 0 upon success
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param value whether or not to use the older version of setting up the
- information for poly1305. Passing a flag value of 1 indicates yes use the
- old poly AEAD, to switch back to using the new version pass a flag value
- of 0.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_old_poly(ssl, 1);
- if (ret != 0) {
- // failed to set poly1305 AEAD version
- }
- \endcode
- \sa none
- */
- int wolfSSL_use_old_poly(WOLFSSL* ssl, int value);
- /*!
- \brief The wolfSSL_dtls_import() function is used to parse in a serialized
- session state. This allows for picking up the connection after the
- handshake has been completed.
- \return Success If successful, the amount of the buffer read will be
- returned.
- \return Failure All unsuccessful return values will be less than 0.
- \return VERSION_ERROR If a version mismatch is found ie DTLS v1 and ctx
- was set up for DTLS v1.2 then VERSION_ERROR is returned.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf serialized session to import.
- \param sz size of serialized session buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- unsigned char buf[MAX];
- bufSz = MAX;
- ...
- //get information sent from wc_dtls_export function and place it in buf
- fread(buf, 1, bufSz, input);
- ret = wolfSSL_dtls_import(ssl, buf, bufSz);
- if (ret < 0) {
- // handle error case
- }
- // no wolfSSL_accept needed since handshake was already done
- ...
- ret = wolfSSL_write(ssl) and wolfSSL_read(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- */
- int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
- unsigned int sz);
- /*!
- \brief Used to import a serialized TLS session. This function is for
- importing the state of the connection.
- WARNING: buf contains sensitive information about the state and is best to
- be encrypted before storing if stored.
- Additional debug info can be displayed with the macro
- WOLFSSL_SESSION_EXPORT_DEBUG defined.
- \return the number of bytes read from buffer 'buf'
- \param ssl WOLFSSL structure to import the session into
- \param buf serialized session
- \param sz size of buffer 'buf'
- \sa wolfSSL_dtls_import
- \sa wolfSSL_tls_export
- */
- int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf,
- unsigned int sz);
- /*!
- \brief The wolfSSL_CTX_dtls_set_export() function is used to set
- the callback function for exporting a session. It is allowed to
- pass in NULL as the parameter func to clear the export function
- previously stored. Used on the server side and is called immediately
- after handshake is completed.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG If null or not expected arguments are passed in
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param func wc_dtls_export function to use when exporting a session.
- _Example_
- \code
- int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
- // body of send session (wc_dtls_export) that passes
- // buf (serialized session) to destination
- WOLFSSL_CTX* ctx;
- int ret;
- ...
- ret = wolfSSL_CTX_dtls_set_export(ctx, send_session);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- ret = wolfSSL_accept(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_dtls_set_export
- \sa Static buffer use
- */
- int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
- wc_dtls_export func);
- /*!
- \brief The wolfSSL_dtls_set_export() function is used to set the callback
- function for exporting a session. It is allowed to pass in NULL as the
- parameter func to clear the export function previously stored. Used on
- the server side and is called immediately after handshake is completed.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG If null or not expected arguments are passed in
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param func wc_dtls_export function to use when exporting a session.
- _Example_
- \code
- int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx);
- // body of send session (wc_dtls_export) that passes
- // buf (serialized session) to destination
- WOLFSSL* ssl;
- int ret;
- ...
- ret = wolfSSL_dtls_set_export(ssl, send_session);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- ret = wolfSSL_accept(ssl);
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- */
- int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
- /*!
- \brief The wolfSSL_dtls_export() function is used to serialize a
- WOLFSSL session into the provided buffer. Allows for less memory
- overhead than using a function callback for sending a session and
- choice over when the session is serialized. If buffer is NULL when
- passed to function then sz will be set to the size of buffer needed
- for serializing the WOLFSSL session.
- \return Success If successful, the amount of the buffer used will
- be returned.
- \return Failure All unsuccessful return values will be less than 0.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf buffer to hold serialized session.
- \param sz size of buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- unsigned char buf[MAX];
- bufSz = MAX;
- ...
- ret = wolfSSL_dtls_export(ssl, buf, bufSz);
- if (ret < 0) {
- // handle error case
- }
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_dtls_set_export
- \sa wolfSSL_dtls_import
- */
- int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
- unsigned int* sz);
- /*!
- \brief Used to export a serialized TLS session. This function is for
- exporting a serialized state of the connection.
- In most cases wolfSSL_get1_session should be used instead of
- wolfSSL_tls_export.
- Additional debug info can be displayed with the macro
- WOLFSSL_SESSION_EXPORT_DEBUG defined.
- WARNING: buf contains sensitive information about the state and is best to
- be encrypted before storing if stored.
- \return the number of bytes written into buffer 'buf'
- \param ssl WOLFSSL structure to export the session from
- \param buf output of serialized session
- \param sz size in bytes set in 'buf'
- \sa wolfSSL_dtls_import
- \sa wolfSSL_tls_import
- */
- int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf,
- unsigned int* sz);
- /*!
- \brief This function is used to set aside static memory for a CTX. Memory
- set aside is then used for the CTX’s lifetime and for any SSL objects
- created from the CTX. By passing in a NULL ctx pointer and a
- wolfSSL_method_func function the creation of the CTX itself will also
- use static memory. wolfSSL_method_func has the function signature of
- WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);. Passing in 0 for max
- makes it behave as if not set and no max concurrent use restrictions is
- in place. The flag value passed in determines how the memory is used and
- behavior while operating. Available flags are the following: 0 - default
- general memory, WOLFMEM_IO_POOL - used for input/output buffer when
- sending receiving messages and overrides general memory, so all memory
- in buffer passed in is used for IO, WOLFMEM_IO_FIXED - same as
- WOLFMEM_IO_POOL but each SSL now keeps two buffers to themselves for
- their lifetime, WOLFMEM_TRACK_STATS - each SSL keeps track of memory
- stats while running.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE upon failure.
- \param ctx address of pointer to a WOLFSSL_CTX structure.
- \param method function to create protocol. (should be NULL if ctx is not
- also NULL)
- \param buf memory to use for all operations.
- \param sz size of memory buffer being passed in.
- \param flag type of memory.
- \param max max concurrent operations.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- int ret;
- unsigned char memory[MAX];
- int memorySz = MAX;
- unsigned char IO[MAX];
- int IOSz = MAX;
- int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS;
- ...
- // create ctx also using static memory, start with general memory to use
- ctx = NULL:
- ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex,
- memory, memorySz, 0, MAX_CONCURRENT_HANDSHAKES);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- // load in memory for use with IO
- ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag,
- MAX_CONCURRENT_IO);
- if (ret != SSL_SUCCESS) {
- // handle error case
- }
- ...
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_is_static_memory
- \sa wolfSSL_is_static_memory
- */
- int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
- wolfSSL_method_func method,
- unsigned char* buf, unsigned int sz,
- int flag, int max);
- /*!
- \brief This function does not change any of the connections behavior
- and is used only for gathering information about the static memory usage.
- \return 1 is returned if using static memory for the CTX is true.
- \return 0 is returned if not using static memory.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param mem_stats structure to hold information about static memory usage.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int ret;
- WOLFSSL_MEM_STATS mem_stats;
- ...
- //get information about static memory with CTX
- ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats);
- if (ret == 1) {
- // handle case of is using static memory
- // print out or inspect elements of mem_stats
- }
- if (ret == 0) {
- //handle case of ctx not using static memory
- }
- …
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_load_static_memory
- \sa wolfSSL_is_static_memory
- */
- int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
- WOLFSSL_MEM_STATS* mem_stats);
- /*!
- \brief wolfSSL_is_static_memory is used to gather information about
- a SSL’s static memory usage. The return value indicates if static
- memory is being used and WOLFSSL_MEM_CONN_STATS will be filled out
- if and only if the flag WOLFMEM_TRACK_STATS was passed to the parent
- CTX when loading in static memory.
- \return 1 is returned if using static memory for the CTX is true.
- \return 0 is returned if not using static memory.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param mem_stats structure to contain static memory usage.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- WOLFSSL_MEM_CONN_STATS mem_stats;
- ...
- ret = wolfSSL_is_static_memory(ssl, mem_stats);
- if (ret == 1) {
- // handle case when is static memory
- // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag
- }
- ...
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_is_static_memory
- */
- int wolfSSL_is_static_memory(WOLFSSL* ssl,
- WOLFSSL_MEM_CONN_STATS* mem_stats);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate file into the SSL context
- (WOLFSSL_CTX). The file is provided by the file argument. The
- format argument specifies the format type of the file, either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples
- for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include the file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs, Base16 decoding
- fails on the file.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the certificate
- to be loaded into the wolfSSL SSL context.
- \param format - format of the certificates pointed to by file. Possible
- options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_certificate_file(ctx, “./client-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key file into the SSL context
- (WOLFSSL_CTX). The file is provided by the file argument. The format
- argument specifies the format type of the file - SSL_FILETYPE_ASN1or
- SSL_FILETYPE_PEM. Please see the examples for proper usage.
- If using an external key store and do not have the private key you can
- instead provide the public key and register the crypro callback to handle
- the signing. For this you can build with either build with crypto callbacks
- or PK callbacks. To enable crypto callbacks use --enable-cryptocb
- or WOLF_CRYPTO_CB and register a crypto callback using
- wc_CryptoCb_RegisterDevice and set the associated devId using
- wolfSSL_CTX_SetDevId.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE The file is in the wrong format, or the wrong format
- has been given using the “format” argument. The file doesn’t exist, can’t
- be read, or is corrupted. An out of memory condition occurs. Base16
- decoding fails on the file. The key file is encrypted but no password
- is provided.
- \param none No parameters.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wc_CryptoCb_RegisterDevice
- \sa wolfSSL_CTX_SetDevId
- */
- int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads PEM-formatted CA certificate files into the SSL
- context (WOLFSSL_CTX). These certificates will be treated as trusted root
- certificates and used to verify certs received from peers during the SSL
- handshake. The root certificate file, provided by the file argument, may
- be a single certificate or a file containing multiple certificates.
- If multiple CA certs are included in the same file, wolfSSL will load them
- in the same order they are presented in the file. The path argument is
- a pointer to the name of a directory that contains certificates of
- trusted root CAs. If the value of file is not NULL, path may be specified
- as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
- defined when building the library, wolfSSL will load all CA certificates
- located in the given directory. This function will attempt to load all
- files in the directory. This function expects PEM formatted CERT_TYPE
- file with header “-----BEGIN CERTIFICATE-----”.
- \return SSL_SUCCESS up success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- path are NULL.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before the
- before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after the
- after date.
- \return BUFFER_E will be returned if a chain buffer is bigger than the
- receiving buffer.
- \return BAD_PATH_ERROR will be returned if opendir() fails when trying
- to open path.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing PEM-formatted CA
- certificates.
- \param path pointer to the name of a directory to load PEM-formatted
- certificates from.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_verify_locations(ctx, “./ca-cert.pem”, NULL);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations_ex
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
- const char* path);
- /*!
- \ingroup CertsKeys
- \brief This function loads PEM-formatted CA certificate files into the SSL
- context (WOLFSSL_CTX). These certificates will be treated as trusted root
- certificates and used to verify certs received from peers during the SSL
- handshake. The root certificate file, provided by the file argument, may
- be a single certificate or a file containing multiple certificates.
- If multiple CA certs are included in the same file, wolfSSL will load them
- in the same order they are presented in the file. The path argument is
- a pointer to the name of a directory that contains certificates of
- trusted root CAs. If the value of file is not NULL, path may be specified
- as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
- defined when building the library, wolfSSL will load all CA certificates
- located in the given directory. This function will attempt to load all
- files in the directory based on flags specified. This function expects PEM
- formatted CERT_TYPE files with header “-----BEGIN CERTIFICATE-----”.
- \return SSL_SUCCESS up success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- path are NULL. This will also be returned if at least one cert is loaded
- successfully but there is one or more that failed. Check error stack for reason.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than the
- receiving buffer.
- \return BAD_PATH_ERROR will be returned if opendir() fails when trying
- to open path.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing PEM-formatted CA
- certificates.
- \param path pointer to the name of a directory to load PEM-formatted
- certificates from.
- \param flags possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, “./certs/external",
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
- const char* path, unsigned int flags);
- /*!
- \ingroup CertsKeys
- \brief This function returns a pointer to an array of strings representing
- directories wolfSSL will search for system CA certs when
- wolfSSL_CTX_load_system_CA_certs is called. On systems that don't store
- certificates in an accessible system directory (such as Apple platforms),
- this function will always return NULL.
- \return Valid pointer on success.
- \return NULL pointer on failure.
- \param num pointer to a word32 that will be populated with the length of the
- array of strings.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- const char** dirs;
- word32 numDirs;
- dirs = wolfSSL_get_system_CA_dirs(&numDirs);
- for (int i = 0; i < numDirs; ++i) {
- printf("Potential system CA dir: %s\n", dirs[i]);
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_system_CA_certs
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_locations_ex
- */
- const char** wolfSSL_get_system_CA_dirs(word32* num);
- /*!
- \ingroup CertsKeys
- \brief On most platforms (including Linux and Windows), this function
- attempts to load CA certificates into a WOLFSSL_CTX from an OS-dependent
- CA certificate store. Loaded certificates will be trusted.
- On Apple platforms (excluding macOS), certificates can't be obtained from
- the system, and therefore cannot be loaded into the wolfSSL certificate
- manager. For these platforms, this function enables TLS connections bound to
- the WOLFSSL_CTX to use the native system trust APIs to verify authenticity
- of the peer certificate chain if the authenticity of the peer cannot first
- be authenticated against certificates loaded by the user.
- The platforms supported and tested are: Linux (Debian, Ubuntu,
- Gentoo, Fedora, RHEL), Windows 10/11, Android, macOS, and iOS.
- \return WOLFSSL_SUCCESS on success.
- \return WOLFSSL_BAD_PATH if no system CA certs were loaded.
- \return WOLFSSL_FAILURE for other failure types (e.g. Windows cert store
- wasn't properly closed).
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_load_system_CA_certs(ctx,);
- if (ret != WOLFSSL_SUCCESS) {
- // error loading system CA certs
- }
- ...
- \endcode
- \sa wolfSSL_get_system_CA_dirs
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_locations_ex
- */
- int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function loads a certificate to use for verifying a peer
- when performing a TLS/SSL handshake. The peer certificate sent during the
- handshake is compared by using the SKID when available and the signature.
- If these two things do not match then any loaded CAs are used. Feature is
- enabled by defining the macro WOLFSSL_TRUST_PEER_CERT. Please see the
- examples for proper usage.
- \return SSL_SUCCES upon success.
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- type are invalid.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param file pointer to name of the file containing certificates
- \param type type of certificate being loaded ie SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- ...
- ret = wolfSSL_CTX_trust_peer_cert(ctx, “./peer-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading trusted peer cert
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_trust_peer_buffer
- \sa wolfSSL_CTX_Unload_trust_peers
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type);
- /*!
- \ingroup CertsKeys
- \brief This function loads a chain of certificates into the SSL
- context (WOLFSSL_CTX). The file containing the certificate chain
- is provided by the file argument, and must contain PEM-formatted
- certificates. This function will process up to MAX_CHAIN_DEPTH
- (default = 9, defined in internal.h) certificates, plus the subject cert.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include the file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the chain of
- certificates to be loaded into the wolfSSL SSL context. Certificates
- must be in PEM format.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pem”);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *ctx,
- const char *file);
- /*!
- \ingroup openSSL
- \brief This function loads the private RSA key used in the SSL connection
- into the SSL context (WOLFSSL_CTX). This function is only available when
- wolfSSL has been compiled with the OpenSSL compatibility layer enabled
- (--enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the
- more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file
- argument contains a pointer to the RSA private key file, in the format
- specified by format.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The input key file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist, can’t
- be read, or is corrupted, an out of memory condition occurs.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the RSA private
- key to be loaded into the wolfSSL SSL context, with format as specified
- by format.
- \param format the encoding type of the RSA private key specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_use_RSAPrivateKey_file(ctx, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_RSAPrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- */
- int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, int format);
- /*!
- \ingroup IO
- \brief This function returns the maximum chain depth allowed, which is 9 by
- default, for a valid session i.e. there is a non-null session object (ssl).
- \return MAX_CHAIN_DEPTH returned if the WOLFSSL structure is not
- NULL. By default the value is 9.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- long sslDep = wolfSSL_get_verify_depth(ssl);
- if(sslDep > EXPECTED){
- // The verified depth is greater than what was expected
- } else {
- // The verified depth is smaller or equal to the expected value
- }
- \endcode
- \sa wolfSSL_CTX_get_verify_depth
- */
- long wolfSSL_get_verify_depth(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function gets the certificate chaining depth using the
- CTX structure.
- \return MAX_CHAIN_DEPTH returned if the CTX struct is not NULL. The
- constant representation of the max certificate chain peer depth.
- \return BAD_FUNC_ARG returned if the CTX structure is NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method; // protocol method
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- long ret = wolfSSL_CTX_get_verify_depth(ctx);
- if(ret == EXPECTED){
- // You have the expected value
- } else {
- // Handle an unexpected depth
- }
- \endcode
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_get_verify_depth
- */
- long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
- /*!
- \ingroup openSSL
- \brief This function loads a certificate file into the SSL session
- (WOLFSSL structure). The certificate file is provided by the file
- argument. The format argument specifies the format type of the file -
- either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The file is in the wrong format, or the wrong format has been
- given using the “format” argument, file doesn’t exist, can’t be read,
- or is corrupted, an out of memory condition occurs, Base16 decoding
- fails on the file
- \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
- \param file a pointer to the name of the file containing the certificate to
- be loaded into the wolfSSL SSL session, with format as specified by format.
- \param format the encoding type of the certificate specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_certificate_file(ssl, “./client-cert.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_use_certificate_buffer
- */
- int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup openSSL
- \brief This function loads a private key file into the SSL session
- (WOLFSSL structure). The key file is provided by the file argument.
- The format argument specifies the format type of the file -
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- If using an external key store and do not have the private key you can
- instead provide the public key and register the crypro callback to handle
- the signing. For this you can build with either build with crypto callbacks
- or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
- WOLF_CRYPTO_CB and register a crypto callback using
- wc_CryptoCb_RegisterDevice and set the associated devId using
- wolfSSL_SetDevId.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The file is in the wrong format, or the wrong format has been
- given using the “format” argument, The file doesn’t exist, can’t be read,
- or is corrupted, An out of memory condition occurs, Base16 decoding
- fails on the file, The key file is encrypted but no password is provided
- \param ssl a pointer to a WOLFSSL structure, created with wolfSSL_new().
- \param file a pointer to the name of the file containing the key file to
- be loaded into the wolfSSL SSL session, with format as specified by format.
- \param format the encoding type of the key specified by file. Possible
- values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_PrivateKey_file(ssl, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wc_CryptoCb_RegisterDevice
- \sa wolfSSL_SetDevId
- */
- int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup openSSL
- \brief This function loads a chain of certificates into the SSL
- session (WOLFSSL structure). The file containing the certificate
- chain is provided by the file argument, and must contain PEM-formatted
- certificates. This function will process up to MAX_CHAIN_DEPTH
- (default = 9, defined in internal.h) certificates, plus the
- subject certificate.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE If the function call fails, possible causes
- might include: The file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist,
- can’t be read, or is corrupted, an out of memory condition occurs
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
- \param file a pointer to the name of the file containing the chain
- of certificates to be loaded into the wolfSSL SSL session.
- Certificates must be in PEM format.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ctx;
- ...
- ret = wolfSSL_use_certificate_chain_file(ssl, “./cert-chain.pem”);
- if (ret != SSL_SUCCESS) {
- // error loading cert file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char *file);
- /*!
- \ingroup openSSL
- \brief This function loads the private RSA key used in the SSL
- connection into the SSL session (WOLFSSL structure). This
- function is only available when wolfSSL has been compiled with
- the OpenSSL compatibility layer enabled (--enable-opensslExtra,
- #define OPENSSL_EXTRA), and is identical to the more-typically
- used wolfSSL_use_PrivateKey_file() function. The file argument
- contains a pointer to the RSA private key file, in the format
- specified by format.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE If the function call fails, possible causes might
- include: The input key file is in the wrong format, or the wrong format
- has been given using the “format” argument, file doesn’t exist, can’t
- be read, or is corrupted, an out of memory condition occurs
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new()
- \param file a pointer to the name of the file containing the RSA private
- key to be loaded into the wolfSSL SSL session, with format as specified
- by format.
- \param format the encoding type of the RSA private key specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_use_RSAPrivateKey_file(ssl, “./server-key.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key file
- }
- ...
- \endcode
- \sa wolfSSL_CTX_use_RSAPrivateKey_file
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_PrivateKey_file
- */
- int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format);
- /*!
- \ingroup CertsKeys
- \brief This function is similar to wolfSSL_CTX_load_verify_locations,
- but allows the loading of DER-formatted CA files into the SSL context
- (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as
- well. These certificates will be treated as trusted root certificates
- and used to verify certs received from peers during the SSL handshake.
- The root certificate file, provided by the file argument, may be a single
- certificate or a file containing multiple certificates. If multiple CA
- certs are included in the same file, wolfSSL will load them in the same
- order they are presented in the file. The format argument specifies the
- format which the certificates are in either, SSL_FILETYPE_PEM or
- SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations,
- this function does not allow the loading of CA certificates from a given
- directory path. Note that this function is only available when the wolfSSL
- library was compiled with WOLFSSL_DER_LOAD defined.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE upon failure.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new()
- \param file a pointer to the name of the file containing the CA
- certificates to be loaded into the wolfSSL SSL context, with format
- as specified by format.
- \param format the encoding type of the certificates specified by file.
- Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.der”,
- SSL_FILETYPE_ASN1);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_load_verify_buffer
- */
- int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx,
- const char* file, int format);
- /*!
- \ingroup Setup
- \brief This function creates a new SSL context, taking a desired
- SSL/TLS protocol method for input.
- \return pointer If successful the call will return a pointer to the
- newly-created WOLFSSL_CTX.
- \return NULL upon failure.
- \param method pointer to the desired WOLFSSL_METHOD to use for the SSL
- context. This is created using one of the wolfSSLvXX_XXXX_method()
- functions to specify SSL/TLS/DTLS protocol level.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL_METHOD* method = 0;
- method = wolfSSLv3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- \endcode
- \sa wolfSSL_new
- */
- WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
- /*!
- \ingroup Setup
- \brief This function creates a new SSL session, taking an already
- created SSL context as input.
- \return * If successful the call will return a pointer to the
- newly-created wolfSSL structure.
- \return NULL Upon failure.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // SSL object creation failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- */
- WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function assigns a file descriptor (fd) as the
- input/output facility for the SSL connection. Typically this will be
- a socket file descriptor.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_fd(ssl, sockfd);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL file descriptor
- }
- \endcode
- \sa wolfSSL_CTX_SetIOSend
- \sa wolfSSL_CTX_SetIORecv
- \sa wolfSSL_SetIOReadCtx
- \sa wolfSSL_SetIOWriteCtx
- */
- int wolfSSL_set_fd(WOLFSSL* ssl, int fd);
- /*!
- \ingroup Setup
- \brief This function assigns a file descriptor (fd) as the
- input/output facility for the SSL connection. Typically this will be
- a socket file descriptor. This is a DTLS specific API because it marks that
- the socket is connected. recvfrom and sendto calls on this fd will have the
- addr and addr_len parameters set to NULL.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- if (connect(sockfd, peer_addr, peer_addr_len) != 0) {
- // handle connect error
- }
- ...
- ret = wolfSSL_set_dtls_fd_connected(ssl, sockfd);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL file descriptor
- }
- \endcode
- \sa wolfSSL_CTX_SetIOSend
- \sa wolfSSL_CTX_SetIORecv
- \sa wolfSSL_SetIOReadCtx
- \sa wolfSSL_SetIOWriteCtx
- \sa wolfDTLS_SetChGoodCb
- */
- int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd);
- /*!
- \ingroup Setup
- \brief Allows setting a callback for a correctly processed and verified DTLS
- client hello. When using a cookie exchange mechanism (either the
- HelloVerifyRequest in DTLS 1.2 or the HelloRetryRequest with a cookie
- extension in DTLS 1.3) this callback is called after the cookie
- exchange has succeeded. This is useful to use one WOLFSSL object as
- the listener for new connections and being able to isolate the
- WOLFSSL object once the ClientHello is verified (either through a
- cookie exchange or just checking if the ClientHello had the correct
- format).
- DTLS 1.2:
- https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
- DTLS 1.3:
- https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG upon failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param fd file descriptor to use with SSL/TLS connection.
- _Example_
- \code
- // Called when we have verified a connection
- static int chGoodCb(WOLFSSL* ssl, void* arg)
- {
- // setup peer and file descriptors
- }
- if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) {
- // error setting callback
- }
- \endcode
- \sa wolfSSL_set_dtls_fd_connected
- */
- int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
- /*!
- \ingroup IO
- \brief Get the name of cipher at priority level passed in.
- \return string Success
- \return 0 Priority is either out of bounds or not valid.
- \param priority Integer representing the priority level of a cipher.
- _Example_
- \code
- printf("The cipher at 1 is %s", wolfSSL_get_cipher_list(1));
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- */
- char* wolfSSL_get_cipher_list(int priority);
- /*!
- \ingroup IO
- \brief This function gets the ciphers enabled in wolfSSL.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the buf parameter was NULL or if the
- len argument was less than or equal to zero.
- \return BUFFER_E returned if the buffer is not large enough and
- will overflow.
- \param buf a char pointer representing the buffer.
- \param len the length of the buffer.
- _Example_
- \code
- static void ShowCiphers(void){
- char* ciphers;
- int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
- if(ret == SSL_SUCCES){
- printf(“%s\n”, ciphers);
- }
- }
- \endcode
- \sa GetCipherNames
- \sa wolfSSL_get_cipher_list
- \sa ShowCiphers
- */
- int wolfSSL_get_ciphers(char* buf, int len);
- /*!
- \ingroup IO
- \brief This function gets the cipher name in the format DHE-RSA by
- passing through argument to wolfSSL_get_cipher_name_internal.
- \return string This function returns the string representation of the
- cipher suite that was matched.
- \return NULL error or cipher not found.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- char* cipherS = wolfSSL_get_cipher_name(ssl);
- if(cipher == NULL){
- // There was not a cipher suite matched
- } else {
- // There was a cipher suite matched
- printf(“%s\n”, cipherS);
- }
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_name_internal
- */
- const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns the file descriptor (fd) used as the
- input/output facility for the SSL connection. Typically this
- will be a socket file descriptor.
- \return fd If successful the call will return the SSL session file
- descriptor.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int sockfd;
- WOLFSSL* ssl = 0;
- ...
- sockfd = wolfSSL_get_fd(ssl);
- ...
- \endcode
- \sa wolfSSL_set_fd
- */
- int wolfSSL_get_fd(const WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function informs the WOLFSSL object that the underlying
- I/O is non-blocking. After an application creates a WOLFSSL object,
- if it will be used with a non-blocking socket, call
- wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would
- block rather than that it timed out.
- \return none No return.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param nonblock value used to set non-blocking flag on WOLFSSL object.
- Use 1 to specify non-blocking, otherwise 0.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_set_using_nonblock(ssl, 1);
- \endcode
- \sa wolfSSL_get_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_get_current_timeout
- */
- void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock);
- /*!
- \ingroup IO
- \brief This function allows the application to determine if wolfSSL is
- using non-blocking I/O. If wolfSSL is using non-blocking I/O, this
- function will return 1, otherwise 0. After an application creates a
- WOLFSSL object, if it will be used with a non-blocking socket, call
- wolfSSL_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would block
- rather than that it timed out.
- \return 0 underlying I/O is blocking.
- \return 1 underlying I/O is non-blocking.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_get_using_nonblock(ssl);
- if (ret == 1) {
- // underlying I/O is non-blocking
- }
- ...
- \endcode
- \sa wolfSSL_set_session
- */
- int wolfSSL_get_using_nonblock(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function writes sz bytes from the buffer, data, to the SSL
- connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS
- session if the handshake has not already been performed yet by
- wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
- feature is compiled in, this function progresses the handshake only up to
- the point when it is possible to send data. Next invokations of
- wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
- handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_write() will return when
- the underlying I/O could not satisfy the needs of wolfSSL_write() to
- continue. In this case, a call to wolfSSL_get_error() will yield either
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
- repeat the call to wolfSSL_write() when the underlying I/O is ready. If the
- underlying I/O is blocking, wolfSSL_write() will only return once the buffer
- data of size sz has been completely written or an error occurred.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data data buffer which will be sent to peer.
- \param sz size, in bytes, of data to send to the peer (data).
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char msg[64] = “hello wolfssl!”;
- int msgSz = (int)strlen(msg);
- int flags;
- int ret;
- ...
- ret = wolfSSL_write(ssl, msg, msgSz);
- if (ret <= 0) {
- // wolfSSL_write() failed, call wolfSSL_get_error()
- }
- \endcode
- \sa wolfSSL_send
- \sa wolfSSL_read
- \sa wolfSSL_recv
- */
- int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz);
- /*!
- \ingroup IO
- \brief This function reads sz bytes from the SSL session (ssl)
- internal read buffer into the buffer data. The bytes read are removed
- from the internal receive buffer. If necessary wolfSSL_read() will
- negotiate an SSL/TLS session if the handshake has not already been
- performed yet by wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS
- protocol uses SSL records which have a maximum size of 16kB (the max
- record size can be controlled by the MAX_RECORD_SIZE define in
- <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
- entire SSL record internally before it is able to process and decrypt the
- record. Because of this, a call to wolfSSL_read() will only be able to
- return the maximum buffer size which has been decrypted at the time of
- calling. There may be additional not-yet-decrypted data waiting in the
- internal wolfSSL receive buffer which will be retrieved and decrypted with
- the next call to wolfSSL_read(). If sz is larger than the number of bytes
- in the internal read buffer, SSL_read() will return the bytes available in
- the internal read buffer. If no bytes are buffered in the internal read
- buffer yet, a call to wolfSSL_read() will trigger processing of the next
- record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either a
- clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_read() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_read() will place data read.
- \param sz number of bytes to read into data.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- ...
- input = wolfSSL_read(ssl, reply, sizeof(reply));
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- See wolfSSL examples (client, server, echoclient, echoserver) for more
- complete examples of wolfSSL_read().
- \endcode
- \sa wolfSSL_recv
- \sa wolfSSL_write
- \sa wolfSSL_peek
- \sa wolfSSL_pending
- */
- int wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
- /*!
- \ingroup IO
- \brief This function copies sz bytes from the SSL session (ssl) internal
- read buffer into the buffer data. This function is identical to
- wolfSSL_read() except that the data in the internal SSL session
- receive buffer is not removed or modified. If necessary, like
- wolfSSL_read(), wolfSSL_peek() will negotiate an SSL/TLS session if
- the handshake has not already been performed yet by wolfSSL_connect()
- or wolfSSL_accept(). The SSL/TLS protocol uses SSL records which have a
- maximum size of 16kB (the max record size can be controlled by the
- MAX_RECORD_SIZE define in <wolfssl_root>/wolfssl/internal.h). As such,
- wolfSSL needs to read an entire SSL record internally before it is able
- to process and decrypt the record. Because of this, a call to
- wolfSSL_peek() will only be able to return the maximum buffer size which
- has been decrypted at the time of calling. There may be additional
- not-yet-decrypted data waiting in the internal wolfSSL receive buffer
- which will be retrieved and decrypted with the next call to
- wolfSSL_peek() / wolfSSL_read(). If sz is larger than the number of bytes
- in the internal read buffer, SSL_peek() will return the bytes available
- in the internal read buffer. If no bytes are buffered in the internal
- read buffer yet, a call to wolfSSL_peek() will trigger processing of the
- next record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either
- a clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an
- error occurred or, when using non-blocking sockets, the
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE error was received and and
- the application needs to call wolfSSL_peek() again. Use
- wolfSSL_get_error() to get a specific error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_peek() will place data read.
- \param sz number of bytes to read into data.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- ...
- input = wolfSSL_peek(ssl, reply, sizeof(reply));
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- \endcode
- \sa wolfSSL_read
- */
- int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
- /*!
- \ingroup IO
- \brief This function is called on the server side and waits for an SSL
- client to initiate the SSL/TLS handshake. When this function is called,
- the underlying communication channel has already been set up.
- wolfSSL_accept() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_accept() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_accept
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_accept when
- data is available to read and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O
- is blocking, wolfSSL_accept() will only return once the handshake has
- been finished or an error occurred.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_accept(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- */
- int wolfSSL_accept(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function frees an allocated WOLFSSL_CTX object. This
- function decrements the CTX reference count and only frees the context
- when the reference count has reached 0.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_free(ctx);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- void wolfSSL_CTX_free(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function frees an allocated wolfSSL object.
- \return none No return.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_free(ssl);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_CTX_free
- */
- void wolfSSL_free(WOLFSSL*);
- /*!
- \ingroup TLS
- \brief This function shuts down an active SSL/TLS connection using
- the SSL session, ssl. This function will try to send a “close notify”
- alert to the peer. The calling application can choose to wait for the
- peer to send its “close notify” alert in response or just go ahead
- and shut down the underlying connection after directly calling
- wolfSSL_shutdown (to save resources). Either option is allowed by
- the TLS specification. If the underlying connection will be used
- again in the future, the complete two-directional shutdown procedure
- must be performed to keep synchronization intact between the peers.
- wolfSSL_shutdown() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_shutdown() will
- return an error if the underlying I/O could not satisfy the needs of
- wolfSSL_shutdown() to continue. In this case, a call to
- wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE. The calling process must then repeat the call
- to wolfSSL_shutdown() when the underlying I/O is ready.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_SHUTDOWN_NOT_DONE will be returned when shutdown has not
- finished, and the function should be called again.
- \return SSL_FATAL_ERROR will be returned upon failure. Call
- wolfSSL_get_error() for a more specific error code.
- \param ssl pointer to the SSL session created with wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_shutdown(ssl);
- if (ret != 0) {
- // failed to shut down SSL connection
- }
- \endcode
- \sa wolfSSL_free
- \sa wolfSSL_CTX_free
- */
- int wolfSSL_shutdown(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function writes sz bytes from the buffer, data, to the SSL
- connection, ssl, using the specified flags for the underlying write
- operation. If necessary wolfSSL_send() will negotiate an SSL/TLS session
- if the handshake has not already been performed yet by wolfSSL_connect()
- or wolfSSL_accept(). wolfSSL_send() works with both blocking and
- non-blocking I/O. When the underlying I/O is non-blocking, wolfSSL_send()
- will return when the underlying I/O could not satisfy the needs of
- wolfSSL_send to continue. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_send() when
- the underlying I/O is ready. If the underlying I/O is blocking,
- wolfSSL_send() will only return once the buffer data of size sz has
- been completely written or an error occurred.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_send() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data data buffer to send to peer.
- \param sz size, in bytes, of data to be sent to peer.
- \param flags the send flags to use for the underlying send operation.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char msg[64] = “hello wolfssl!”;
- int msgSz = (int)strlen(msg);
- int flags = ... ;
- ...
- input = wolfSSL_send(ssl, msg, msgSz, flags);
- if (input != msgSz) {
- // wolfSSL_send() failed
- }
- \endcode
- \sa wolfSSL_write
- \sa wolfSSL_read
- \sa wolfSSL_recv
- */
- int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags);
- /*!
- \ingroup IO
- \brief This function reads sz bytes from the SSL session (ssl) internal
- read buffer into the buffer data using the specified flags for the
- underlying recv operation. The bytes read are removed from the internal
- receive buffer. This function is identical to wolfSSL_read() except
- that it allows the application to set the recv flags for the underlying
- read operation. If necessary wolfSSL_recv() will negotiate an SSL/TLS
- session if the handshake has not already been performed yet by
- wolfSSL_connect() or wolfSSL_accept(). The SSL/TLS protocol uses
- SSL records which have a maximum size of 16kB (the max record size
- can be controlled by the MAX_RECORD_SIZE define in
- <wolfssl_root>/wolfssl/internal.h). As such, wolfSSL needs to read an
- entire SSL record internally before it is able to process and decrypt
- the record. Because of this, a call to wolfSSL_recv() will only be
- able to return the maximum buffer size which has been decrypted at
- the time of calling. There may be additional not-yet-decrypted data
- waiting in the internal wolfSSL receive buffer which will be
- retrieved and decrypted with the next call to wolfSSL_recv(). If sz
- is larger than the number of bytes in the internal read buffer,
- SSL_recv() will return the bytes available in the internal read buffer.
- If no bytes are buffered in the internal read buffer yet, a call to
- wolfSSL_recv() will trigger processing of the next record.
- \return >0 the number of bytes read upon success.
- \return 0 will be returned upon failure. This may be caused by a either
- a clean (close notify alert) shutdown or just that the peer closed the
- connection. Call wolfSSL_get_error() for the specific error code.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_recv() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param data buffer where wolfSSL_recv() will place data read.
- \param sz number of bytes to read into data.
- \param flags the recv flags to use for the underlying recv operation.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char reply[1024];
- int flags = ... ;
- ...
- input = wolfSSL_recv(ssl, reply, sizeof(reply), flags);
- if (input > 0) {
- // “input” number of bytes returned into buffer “reply”
- }
- \endcode
- \sa wolfSSL_read
- \sa wolfSSL_write
- \sa wolfSSL_peek
- \sa wolfSSL_pending
- */
- int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags);
- /*!
- \ingroup Debug
- \brief This function returns a unique error code describing why the
- previous API function call (wolfSSL_connect, wolfSSL_accept, wolfSSL_read,
- wolfSSL_write, etc.) resulted in an error return code (SSL_FAILURE).
- The return value of the previous function is passed to wolfSSL_get_error
- through ret. After wolfSSL_get_error is called and returns the unique
- error code, wolfSSL_ERR_error_string() may be called to get a
- human-readable error string. See wolfSSL_ERR_error_string() for more
- information.
- \return On successful completion, this function will return the
- unique error code describing why the previous API function failed.
- \return SSL_ERROR_NONE will be returned if ret > 0. For ret <= 0, there are
- some cases when this value can also be returned when a previous API appeared
- to return an error code but no error actually occurred. An example is
- calling wolfSSL_read() with a zero sz parameter. A 0 return from
- wolfSSL_read() usually indicates an error but in this case no error
- occurred. If wolfSSL_get_error() is called afterwards, SSL_ERROR_NONE will
- be returned.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param ret return value of the previous function that resulted in an error
- return code.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string(err, buffer);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- int wolfSSL_get_error(WOLFSSL* ssl, int ret);
- /*!
- \ingroup IO
- \brief This function gets the alert history.
- \return SSL_SUCCESS returned when the function completed successfully.
- Either there was alert history or there wasn’t, either way, the
- return value is SSL_SUCCESS.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param h a pointer to a WOLFSSL_ALERT_HISTORY structure that will hold the
- WOLFSSL struct’s alert_history member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- WOLFSSL_ALERT_HISTORY* h;
- ...
- wolfSSL_get_alert_history(ssl, h);
- // h now has a copy of the ssl->alert_history contents
- \endcode
- \sa wolfSSL_get_error
- */
- int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
- /*!
- \ingroup Setup
- \brief This function sets the session to be used when the SSL object,
- ssl, is used to establish a SSL/TLS connection. For session resumption,
- before calling wolfSSL_shutdown() with your session object, an application
- should save the session ID from the object with a call to
- wolfSSL_get1_session(), which returns a pointer to the session.
- Later, the application should create a new WOLFSSL object and assign
- the saved session with wolfSSL_set_session(). At this point, the
- application may call wolfSSL_connect() and wolfSSL will try to resume
- the session. The wolfSSL server code allows session resumption by default.
- The object returned by wolfSSL_get1_session() needs to be freed after the
- application is done with it by calling wolfSSL_SESSION_free() on it.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return SSL_FAILURE will be returned on failure. This could be caused
- by the session cache being disabled, or if the session has timed out.
- \return When OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL are defined,
- SSL_SUCCESS will be returned even if the session has timed out.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param session pointer to the WOLFSSL_SESSION used to set the session
- for ssl.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- WOLFSSL_SESSION* session;
- ...
- session = wolfSSL_get1_session(ssl);
- if (session == NULL) {
- // failed to get session object from ssl object
- }
- ...
- ret = wolfSSL_set_session(ssl, session);
- if (ret != SSL_SUCCESS) {
- // failed to set the SSL session
- }
- wolfSSL_SESSION_free(session);
- ...
- \endcode
- \sa wolfSSL_get1_session
- */
- int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
- /*!
- \ingroup IO
- \brief When NO_SESSION_CACHE_REF is defined this function returns a pointer
- to the current session (WOLFSSL_SESSION) used in ssl. This function returns
- a non-persistent pointer to the WOLFSSL_SESSION object. The pointer returned
- will be freed when wolfSSL_free is called. This call should only be used to
- inspect or modify the current session. For session resumption it is
- recommended to use wolfSSL_get1_session(). For backwards compatibility when
- NO_SESSION_CACHE_REF is not defined this function returns a persistent
- session object pointer that is stored in the local cache. The cache size is
- finite and there is a risk that the session object will be overwritten by
- another ssl connection by the time the application calls
- wolfSSL_set_session() on it. It is recommended to define
- NO_SESSION_CACHE_REF in your application and to use wolfSSL_get1_session()
- for session resumption.
- \return pointer If successful the call will return a pointer to the the
- current SSL session object.
- \return NULL will be returned if ssl is NULL, the SSL session cache is
- disabled, wolfSSL doesn’t have the Session ID available, or mutex
- functions fail.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_SESSION* session;
- ...
- session = wolfSSL_get_session(ssl);
- if (session == NULL) {
- // failed to get session pointer
- }
- ...
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function flushes session from the session cache which
- have expired. The time, tm, is used for the time comparison. Note
- that wolfSSL currently uses a static table for sessions, so no flushing
- is needed. As such, this function is currently just a stub. This
- function provides OpenSSL compatibility (SSL_flush_sessions) when
- wolfSSL is compiled with the OpenSSL compatibility layer.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param tm time used in session expiration comparison.
- _Example_
- \code
- WOLFSSL_CTX* ssl;
- ...
- wolfSSL_flush_sessions(ctx, time(0));
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm);
- /*!
- \ingroup TLS
- \brief This function associates the client session with the server id.
- If the newSession flag is on, an existing session won’t be reused.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter
- is NULL or if len is not greater than zero.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param id a constant byte pointer that will be copied to the
- serverID member of the WOLFSSL_SESSION structure.
- \param len an int type representing the length of the session id parameter.
- \param newSession an int type representing the flag to denote whether
- to reuse a session or not.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- const byte id[MAX_SIZE]; // or dynamically create space
- int len = 0; // initialize length
- int newSession = 0; // flag to allow
- …
- int ret = wolfSSL_SetServerID(ssl, id, len, newSession);
- if (ret == WOLFSSL_SUCCESS) {
- // The Id was successfully set
- }
- \endcode
- \sa wolfSSL_set_session
- */
- int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id,
- int len, int newSession);
- /*!
- \ingroup IO
- \brief This function gets the session index of the WOLFSSL structure.
- \return int The function returns an int type representing the
- sessionIndex within the WOLFSSL struct.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- ...
- int sesIdx = wolfSSL_GetSessionIndex(ssl);
- if(sesIdx < 0 || sesIdx > sizeof(ssl->sessionIndex)/sizeof(int)){
- // You have an out of bounds index number and something is not right.
- }
- \endcode
- \sa wolfSSL_GetSessionAtIndex
- */
- int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function gets the session at specified index of the session
- cache and copies it into memory. The WOLFSSL_SESSION structure holds
- the session information.
- \return SSL_SUCCESS returned if the function executed successfully and
- no errors were thrown.
- \return BAD_MUTEX_E returned if there was an unlock or lock mutex error.
- \return SSL_FAILURE returned if the function did not execute successfully.
- \param idx an int type representing the session index.
- \param session a pointer to the WOLFSSL_SESSION structure.
- _Example_
- \code
- int idx; // The index to locate the session.
- WOLFSSL_SESSION* session; // Buffer to copy to.
- ...
- if(wolfSSL_GetSessionAtIndex(idx, session) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa UnLockMutex
- \sa LockMutex
- \sa wolfSSL_GetSessionIndex
- */
- int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
- /*!
- \ingroup IO
- \brief Returns the peer certificate chain from the WOLFSSL_SESSION struct.
- \return pointer A pointer to a WOLFSSL_X509_CHAIN structure that
- contains the peer certification chain.
- \param session a pointer to a WOLFSSL_SESSION structure.
- _Example_
- \code
- WOLFSSL_SESSION* session;
- WOLFSSL_X509_CHAIN* chain;
- ...
- chain = wolfSSL_SESSION_get_peer_chain(session);
- if(!chain){
- // There was no chain. Failure case.
- }
- \endcode
- \sa wolfSSL_GetSessionAtIndex
- \sa wolfSSL_GetSessionIndex
- \sa AddSession
- */
- WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
- /*!
- \ingroup Setup
- \brief This function sets the verification method for remote peers and
- also allows a verify callback to be registered with the SSL context.
- The verify callback will be called only when a verification failure has
- occurred. If no verify callback is desired, the NULL pointer can be used
- for verify_callback. The verification mode of peer certificates is a
- logically OR’d list of flags. The possible flag values include:
- SSL_VERIFY_NONE Client mode: the client will not verify the certificate
- received from the server and the handshake will continue as normal.
- Server mode: the server will not send a certificate request to the client.
- As such, client verification will not be enabled. SSL_VERIFY_PEER Client
- mode: the client will verify the certificate received from the server
- during the handshake. This is turned on by default in wolfSSL, therefore,
- using this option has no effect. Server mode: the server will send a
- certificate request to the client and verify the client certificate
- received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
- used on the client side. Server mode: the verification will fail on the
- server side if the client fails to send a certificate when requested to
- do so (when using SSL_VERIFY_PEER on the SSL server).
- SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
- side. Server mode: the verification is the same as
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
- If a PSK connection is being made then the connection will go through
- without a peer cert.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param mode flags indicating verification mode for peer's cert.
- \param verify_callback callback to be called when verification fails.
- If no callback is desired, the NULL pointer can be used for
- verify_callback.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER |
- WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
- \endcode
- \sa wolfSSL_set_verify
- */
- void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
- VerifyCallback verify_callback);
- /*!
- \ingroup Setup
- \brief This function sets the verification method for remote peers and
- also allows a verify callback to be registered with the SSL session.
- The verify callback will be called only when a verification failure has
- occurred. If no verify callback is desired, the NULL pointer can be used
- for verify_callback. The verification mode of peer certificates is a
- logically OR’d list of flags. The possible flag values include:
- SSL_VERIFY_NONE Client mode: the client will not verify the certificate
- received from the server and the handshake will continue as normal. Server
- mode: the server will not send a certificate request to the client.
- As such, client verification will not be enabled. SSL_VERIFY_PEER Client
- mode: the client will verify the certificate received from the server
- during the handshake. This is turned on by default in wolfSSL, therefore,
- using this option has no effect. Server mode: the server will send a
- certificate request to the client and verify the client certificate
- received. SSL_VERIFY_FAIL_IF_NO_PEER_CERT Client mode: no effect when
- used on the client side. Server mode: the verification will fail on the
- server side if the client fails to send a certificate when requested to do
- so (when using SSL_VERIFY_PEER on the SSL server).
- SSL_VERIFY_FAIL_EXCEPT_PSK Client mode: no effect when used on the client
- side. Server mode: the verification is the same as
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT except in the case of a PSK connection.
- If a PSK connection is being made then the connection will go through
- without a peer cert.
- \return none No return.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param mode flags indicating verification mode for peer's cert.
- \param verify_callback callback to be called when verification fails.
- If no callback is desired, the NULL pointer can
- be used for verify_callback.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- \endcode
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback);
- /*!
- \ingroup CertsKeys
- \brief This function stores user CTX object information for verify callback.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ctx a void pointer that is set to WOLFSSL structure’s verifyCbCtx
- member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- (void*)ctx;
- ...
- if(ssl != NULL){
- wolfSSL_SetCertCbCtx(ssl, ctx);
- } else {
- // Error case, the SSL is not initialized properly.
- }
- \endcode
- \sa wolfSSL_CTX_save_cert_cache
- \sa wolfSSL_CTX_restore_cert_cache
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx);
- /*!
- \ingroup CertsKeys
- \brief This function stores user CTX object information for verify callback.
- \return none No return.
- \param ctx a pointer to a WOLFSSL_CTX structure.
- \param userCtx a void pointer that is used to set WOLFSSL_CTX structure’s
- verifyCbCtx member’s value.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- void* userCtx = NULL; // Assign some user defined context
- ...
- if(ctx != NULL){
- wolfSSL_SetCertCbCtx(ctx, userCtx);
- } else {
- // Error case, the SSL is not initialized properly.
- }
- \endcode
- \sa wolfSSL_CTX_save_cert_cache
- \sa wolfSSL_CTX_restore_cert_cache
- \sa wolfSSL_CTX_set_verify
- */
- void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx);
- /*!
- \ingroup IO
- \brief This function returns the number of bytes which are buffered and
- available in the SSL object to be read by wolfSSL_read().
- \return int This function returns the number of bytes pending.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int pending = 0;
- WOLFSSL* ssl = 0;
- ...
- pending = wolfSSL_pending(ssl);
- printf(“There are %d bytes buffered and available for reading”, pending);
- \endcode
- \sa wolfSSL_recv
- \sa wolfSSL_read
- \sa wolfSSL_peek
- */
- int wolfSSL_pending(WOLFSSL*);
- /*!
- \ingroup Debug
- \brief This function is for OpenSSL compatibility (SSL_load_error_string)
- only and takes no action.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- wolfSSL_load_error_strings();
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_load_error_strings(void);
- /*!
- \ingroup TLS
- \brief This function is called internally in wolfSSL_CTX_new(). This
- function is a wrapper around wolfSSL_Init() and exists for OpenSSL
- compatibility (SSL_library_init) when wolfSSL has been compiled with
- OpenSSL compatibility layer. wolfSSL_Init() is the more typically-used
- wolfSSL initialization function.
- \return SSL_SUCCESS If successful the call will return.
- \return SSL_FATAL_ERROR is returned upon failure.
- \param none No parameters.
- _Example_
- \code
- int ret = 0;
- ret = wolfSSL_library_init();
- if (ret != SSL_SUCCESS) {
- failed to initialize wolfSSL
- }
- ...
- \endcode
- \sa wolfSSL_Init
- \sa wolfSSL_Cleanup
- */
- int wolfSSL_library_init(void);
- /*!
- \brief This function sets the Device Id at the WOLFSSL session level.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG if ssl is NULL.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
- _Example_
- \code
- WOLFSSL* ssl;
- int DevId = -2;
- wolfSSL_SetDevId(ssl, devId);
- \endcode
- \sa wolfSSL_CTX_SetDevId
- \sa wolfSSL_CTX_GetDevId
- */
- int wolfSSL_SetDevId(WOLFSSL* ssl, int devId);
- /*!
- \brief This function sets the Device Id at the WOLFSSL_CTX context level.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG if ssl is NULL.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int DevId = -2;
- wolfSSL_CTX_SetDevId(ctx, devId);
- \endcode
- \sa wolfSSL_SetDevId
- \sa wolfSSL_CTX_GetDevId
- */
- int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId);
- /*!
- \brief This function retrieves the Device Id.
- \return devId upon success.
- \return INVALID_DEVID if both ssl and ctx are NULL.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- wolfSSL_CTX_GetDevId(ctx, ssl);
- \endcode
- \sa wolfSSL_SetDevId
- \sa wolfSSL_CTX_SetDevId
- */
- int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function enables or disables SSL session caching.
- Behavior depends on the value used for mode. The following values
- for mode are available: SSL_SESS_CACHE_OFF- disable session caching.
- Session caching is turned on by default. SSL_SESS_CACHE_NO_AUTO_CLEAR -
- Disable auto-flushing of the session cache. Auto-flushing is turned on
- by default.
- \return SSL_SUCCESS will be returned upon success.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param mode modifier used to change behavior of the session cache.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
- if (ret != SSL_SUCCESS) {
- // failed to turn SSL session caching off
- }
- \endcode
- \sa wolfSSL_flush_sessions
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- \sa wolfSSL_get_sessionID
- \sa wolfSSL_CTX_set_timeout
- */
- long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode);
- /*!
- \brief This function sets the session secret callback function. The
- SessionSecretCb type has the signature: int (*SessionSecretCb)(WOLFSSL* ssl,
- void* secret, int* secretSz, void* ctx). The sessionSecretCb member of
- the WOLFSSL struct is set to the parameter cb.
- \return SSL_SUCCESS returned if the execution of the function did not
- return an error.
- \return SSL_FATAL_ERROR returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a SessionSecretCb type that is a function pointer with the above
- signature.
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- // Signature of SessionSecretCb
- int SessionSecretCB (WOLFSSL* ssl, void* secret, int* secretSz,
- void* ctx) = SessionSecretCb;
- …
- int wolfSSL_set_session_secret_cb(ssl, SessionSecretCB, (void*)ssl->ctx){
- // Function body.
- }
- \endcode
- \sa SessionSecretCb
- */
- int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx);
- /*!
- \ingroup IO
- \brief This function persists the session cache to file. It doesn’t use
- memsave because of additional memory use.
- \return SSL_SUCCESS returned if the function executed without error.
- The session cache has been written to a file.
- \return SSL_BAD_FILE returned if fname cannot be opened or is otherwise
- corrupt.
- \return FWRITE_ERROR returned if XFWRITE failed to write to the file.
- \return BAD_MUTEX_E returned if there was a mutex lock failure.
- \param fname is a constant char pointer that points to a file for writing.
- _Example_
- \code
- const char* fname;
- ...
- if(wolfSSL_save_session_cache(fname) != SSL_SUCCESS){
- // Fail to write to file.
- }
- \endcode
- \sa XFWRITE
- \sa wolfSSL_restore_session_cache
- \sa wolfSSL_memrestore_session_cache
- */
- int wolfSSL_save_session_cache(const char* fname);
- /*!
- \ingroup IO
- \brief This function restores the persistent session cache from file. It
- does not use memstore because of additional memory use.
- \return SSL_SUCCESS returned if the function executed without error.
- \return SSL_BAD_FILE returned if the file passed into the function was
- corrupted and could not be opened by XFOPEN.
- \return FREAD_ERROR returned if the file had a read error from XFREAD.
- \return CACHE_MATCH_ERROR returned if the session cache header match
- failed.
- \return BAD_MUTEX_E returned if there was a mutex lock failure.
- \param fname a constant char pointer file input that will be read.
- _Example_
- \code
- const char *fname;
- ...
- if(wolfSSL_restore_session_cache(fname) != SSL_SUCCESS){
- // Failure case. The function did not return SSL_SUCCESS.
- }
- \endcode
- \sa XFREAD
- \sa XFOPEN
- */
- int wolfSSL_restore_session_cache(const char* fname);
- /*!
- \ingroup IO
- \brief This function persists session cache to memory.
- \return SSL_SUCCESS returned if the function executed without error.
- The session cache has been successfully persisted to memory.
- \return BAD_MUTEX_E returned if there was a mutex lock error.
- \return BUFFER_E returned if the buffer size was too small.
- \param mem a void pointer representing the destination for the memory
- copy, XMEMCPY().
- \param sz an int type representing the size of mem.
- _Example_
- \code
- void* mem;
- int sz; // Max size of the memory buffer.
- …
- if(wolfSSL_memsave_session_cache(mem, sz) != SSL_SUCCESS){
- // Failure case, you did not persist the session cache to memory
- }
- \endcode
- \sa XMEMCPY
- \sa wolfSSL_get_session_cache_memsize
- */
- int wolfSSL_memsave_session_cache(void* mem, int sz);
- /*!
- \ingroup IO
- \brief This function restores the persistent session cache from memory.
- \return SSL_SUCCESS returned if the function executed without an error.
- \return BUFFER_E returned if the memory buffer is too small.
- \return BAD_MUTEX_E returned if the session cache mutex lock failed.
- \return CACHE_MATCH_ERROR returned if the session cache header match
- failed.
- \param mem a constant void pointer containing the source of the
- restoration.
- \param sz an integer representing the size of the memory buffer.
- _Example_
- \code
- const void* memoryFile;
- int szMf;
- ...
- if(wolfSSL_memrestore_session_cache(memoryFile, szMf) != SSL_SUCCESS){
- // Failure case. SSL_SUCCESS was not returned.
- }
- \endcode
- \sa wolfSSL_save_session_cache
- */
- int wolfSSL_memrestore_session_cache(const void* mem, int sz);
- /*!
- \ingroup IO
- \brief This function returns how large the session cache save buffer
- should be.
- \return int This function returns an integer that represents the size of
- the session cache save buffer.
- \param none No parameters.
- _Example_
- \code
- int sz = // Minimum size for error checking;
- ...
- if(sz < wolfSSL_get_session_cache_memsize()){
- // Memory buffer is too small
- }
- \endcode
- \sa wolfSSL_memrestore_session_cache
- */
- int wolfSSL_get_session_cache_memsize(void);
- /*!
- \ingroup CertsKeys
- \brief This function writes the cert cache from memory to file.
- \return SSL_SUCCESS if CM_SaveCertCache exits normally.
- \return BAD_FUNC_ARG is returned if either of the arguments are NULL.
- \return SSL_BAD_FILE if the cert cache save file could not be opened.
- \return BAD_MUTEX_E if the lock mutex failed.
- \return MEMORY_E the allocation of memory failed.
- \return FWRITE_ERROR Certificate cache file write failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, holding the
- certificate information.
- \param fname a constant char pointer that points to a file for writing.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
- const char* fname;
- ...
- if(wolfSSL_CTX_save_cert_cache(ctx, fname)){
- // file was written.
- }
- \endcode
- \sa CM_SaveCertCache
- \sa DoMemSaveCertCache
- */
- int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
- /*!
- \ingroup CertsKeys
- \brief This function persistes certificate cache from a file.
- \return SSL_SUCCESS returned if the function, CM_RestoreCertCache,
- executes normally.
- \return SSL_BAD_FILE returned if XFOPEN returns XBADFILE. The file is
- corrupted.
- \return MEMORY_E returned if the allocated memory for the temp buffer
- fails.
- \return BAD_FUNC_ARG returned if fname or ctx have a NULL value.
- \param ctx a pointer to a WOLFSSL_CTX structure, holding the certificate
- information.
- \param fname a constant char pointer that points to a file for reading.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* fname = "path to file";
- ...
- if(wolfSSL_CTX_restore_cert_cache(ctx, fname)){
- // check to see if the execution was successful
- }
- \endcode
- \sa CM_RestoreCertCache
- \sa XFOPEN
- */
- int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname);
- /*!
- \ingroup CertsKeys
- \brief This function persists the certificate cache to memory.
- \return SSL_SUCCESS returned on successful execution of the function.
- No errors were thrown.
- \return BAD_MUTEX_E mutex error where the WOLFSSL_CERT_MANAGER member
- caLock was not 0 (zero).
- \return BAD_FUNC_ARG returned if ctx, mem, or used is NULL or if sz
- is less than or equal to 0 (zero).
- \return BUFFER_E output buffer mem was too small.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- using wolfSSL_CTX_new().
- \param mem a void pointer to the destination (output buffer).
- \param sz the size of the output buffer.
- \param used a pointer to size of the cert cache header.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
- void* mem;
- int sz;
- int* used;
- ...
- if(wolfSSL_CTX_memsave_cert_cache(ctx, mem, sz, used) != SSL_SUCCESS){
- // The function returned with an error
- }
- \endcode
- \sa DoMemSaveCertCache
- \sa GetCertCacheMemSize
- \sa CM_MemRestoreCertCache
- \sa CM_GetCertCacheMemSize
- */
- int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used);
- /*!
- \ingroup Setup
- \brief This function restores the certificate cache from memory.
- \return SSL_SUCCESS returned if the function and subroutines
- executed without an error.
- \return BAD_FUNC_ARG returned if the ctx or mem parameters are
- NULL or if the sz parameter is less than or equal to zero.
- \return BUFFER_E returned if the cert cache memory buffer is too small.
- \return CACHE_MATCH_ERROR returned if there was a cert cache
- header mismatch.
- \return BAD_MUTEX_E returned if the lock mutex on failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param mem a void pointer with a value that will be restored to
- the certificate cache.
- \param sz an int type that represents the size of the mem parameter.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- void* mem;
- int sz = (*int) sizeof(mem);
- …
- if(wolfSSL_CTX_memrestore_cert_cache(ssl->ctx, mem, sz)){
- // The success case
- }
- \endcode
- \sa CM_MemRestoreCertCache
- */
- int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz);
- /*!
- \ingroup CertsKeys
- \brief Returns the size the certificate cache save buffer needs to be.
- \return int integer value returned representing the memory size
- upon success.
- \return BAD_FUNC_ARG is returned if the WOLFSSL_CTX struct is NULL.
- \return BAD_MUTEX_E - returned if there was a mutex lock error.
- \param ctx a pointer to a wolfSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol);
- ...
- int certCacheSize = wolfSSL_CTX_get_cert_cache_memsize(ctx);
- if(certCacheSize != BAD_FUNC_ARG || certCacheSize != BAD_MUTEX_E){
- // Successfully retrieved the memory size.
- }
- \endcode
- \sa CM_GetCertCacheMemSize
- */
- int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function sets cipher suite list for a given WOLFSSL_CTX.
- This cipher suite list becomes the default list for any new SSL sessions
- (WOLFSSL) created using this context. The ciphers in the list should be
- sorted in order of preference from highest to lowest. Each call to
- wolfSSL_CTX_set_cipher_list() resets the cipher suite list for the
- specific SSL context to the provided list each time the function is
- called. The cipher suite list, list, is a null-terminated text string,
- and a colon-delimited list. For example, one value for list may be
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256" Valid cipher
- values are the full name values from the cipher_names[] array in
- src/internal.c (for a definite list of valid cipher values check
- src/internal.c)
- \return SSL_SUCCESS will be returned upon successful function completion.
- \return SSL_FAILURE will be returned on failure.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param list null-terminated text string and a colon-delimited list of
- cipher suites to use with the specified SSL context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_cipher_list(ctx,
- “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
- if (ret != SSL_SUCCESS) {
- // failed to set cipher suite list
- }
- \endcode
- \sa wolfSSL_set_cipher_list
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list);
- /*!
- \ingroup Setup
- \brief This function sets cipher suite list for a given WOLFSSL object
- (SSL session). The ciphers in the list should be sorted in order of
- preference from highest to lowest. Each call to wolfSSL_set_cipher_list()
- resets the cipher suite list for the specific SSL session to the provided
- list each time the function is called. The cipher suite list, list, is a
- null-terminated text string, and a colon-delimited list. For example, one
- value for list may be
- "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256".
- Valid cipher values are the full name values from the cipher_names[]
- array in src/internal.c (for a definite list of valid cipher values
- check src/internal.c)
- \return SSL_SUCCESS will be returned upon successful function completion.
- \return SSL_FAILURE will be returned on failure.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param list null-terminated text string and a colon-delimited list of
- cipher suites to use with the specified SSL session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_cipher_list(ssl,
- “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256”);
- if (ret != SSL_SUCCESS) {
- // failed to set cipher suite list
- }
- \endcode
- \sa wolfSSL_CTX_set_cipher_list
- \sa wolfSSL_new
- */
- int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list);
- /*!
- \brief This function informs the WOLFSSL DTLS object that the underlying
- UDP I/O is non-blocking. After an application creates a WOLFSSL object,
- if it will be used with a non-blocking UDP socket, call
- wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would
- block rather than that it timed out.
- \return none No return.
- \param ssl pointer to the DTLS session, created with wolfSSL_new().
- \param nonblock value used to set non-blocking flag on WOLFSSL object.
- Use 1 to specify non-blocking, otherwise 0.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- \endcode
- \sa wolfSSL_dtls_get_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_get_current_timeout
- */
- void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock);
- /*!
- \brief This function allows the application to determine if wolfSSL is
- using non-blocking I/O with UDP. If wolfSSL is using non-blocking I/O, this
- function will return 1, otherwise 0. After an application creates a
- WOLFSSL object, if it will be used with a non-blocking UDP socket, call
- wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know
- that receiving EWOULDBLOCK means that the recvfrom call would block
- rather than that it timed out. This function is only meaningful to DTLS
- sessions.
- \return 0 underlying I/O is blocking.
- \return 1 underlying I/O is non-blocking.
- \param ssl pointer to the DTLS session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_dtls_get_using_nonblock(ssl);
- if (ret == 1) {
- // underlying I/O is non-blocking
- }
- ...
- \endcode
- \sa wolfSSL_dtls_set_using_nonblock
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_using_nonblock
- */
- int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl);
- /*!
- \brief This function returns the current timeout value in seconds for
- the WOLFSSL object. When using non-blocking sockets, something in the user
- code needs to decide when to check for available recv data and how long
- it has been waiting. The value returned by this function indicates how
- long the application should wait.
- \return seconds The current DTLS timeout value in seconds
- \return NOT_COMPILED_IN if wolfSSL was not built with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int timeout = 0;
- WOLFSSL* ssl;
- ...
- timeout = wolfSSL_get_dtls_current_timeout(ssl);
- printf(“DTLS timeout (sec) = %d\n”, timeout);
- \endcode
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- */
- int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
- /*!
- \brief This function returns true if the application should setup a quicker
- timeout. When using non-blocking sockets, something in the user code needs
- to decide when to check for available data and how long it needs to wait. If
- this function returns true, it means that the library already detected some
- disruption in the communication, but it wants to wait for a little longer in
- case some messages from the other peers are still in flight. Is up to the
- application to fine tune the value of this timer, a good one may be
- dtls_get_current_timeout() / 4.
- \return true if the application code should setup a quicker timeout
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls13_set_send_more_acks
- */
- int wolfSSL_dtls13_use_quick_timeout(WOLFSSL *ssl);
- /*!
- \ingroup Setup
- \brief This function sets whether the library should send ACKs to the other
- peer immediately when detecting disruption or not. Sending ACKs immediately
- assures minimum latency but it may consume more bandwidth than necessary. If
- the application manages the timer by itself and this option is set to 0 then
- application code can use wolfSSL_dtls13_use_quick_timeout() to determine if
- it should setup a quicker timeout to send those delayed ACKs.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param value 1 to set the option, 0 to disable the option
- \sa wolfSSL_dtls
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls13_use_quick_timeout
- */
- void wolfSSL_dtls13_set_send_more_acks(WOLFSSL *ssl, int value);
- /*!
- \ingroup Setup
- \brief This function sets the dtls timeout.
- \return SSL_SUCCESS returned if the function executes without an error.
- The dtls_timeout_init and the dtls_timeout members of SSL have been set.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- the timeout is not greater than 0. It will also return if the timeout
- argument exceeds the maximum value allowed.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param timeout an int type that will be set to the dtls_timeout_init
- member of the WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int timeout = TIMEOUT;
- ...
- if(wolfSSL_dtls_set_timeout_init(ssl, timeout)){
- // the dtls timeout was set
- } else {
- // Failed to set DTLS timeout.
- }
- \endcode
- \sa wolfSSL_dtls_set_timeout_max
- \sa wolfSSL_dtls_got_timeout
- */
- int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
- /*!
- \brief This function sets the maximum dtls timeout.
- \return SSL_SUCCESS returned if the function executed without an error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- the timeout argument is not greater than zero or is less than the
- dtls_timeout_init member of the WOLFSSL structure.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param timeout an int type representing the dtls maximum timeout.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int timeout = TIMEOUTVAL;
- ...
- int ret = wolfSSL_dtls_set_timeout_max(ssl);
- if(!ret){
- // Failed to set the max timeout
- }
- \endcode
- \sa wolfSSL_dtls_set_timeout_init
- \sa wolfSSL_dtls_got_timeout
- */
- int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
- /*!
- \brief When using non-blocking sockets with DTLS, this function should
- be called on the WOLFSSL object when the controlling code thinks the
- transmission has timed out. It performs the actions needed to retry
- the last transmit, including adjusting the timeout value. If it
- has been too long, this will return a failure.
- \return SSL_SUCCESS will be returned upon success
- \return SSL_FATAL_ERROR will be returned if there have been too many
- retransmissions/timeouts without getting a response from the peer.
- \return NOT_COMPILED_IN will be returned if wolfSSL was not compiled with
- DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- See the following files for usage examples:
- <wolfssl_root>/examples/client/client.c
- <wolfssl_root>/examples/server/server.c
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
- /*!
- \brief When using non-blocking sockets with DTLS, this function retransmits
- the last handshake flight ignoring the expected timeout value and
- retransmit count. It is useful for applications that are using DTLS and
- need to manage even the timeout and retry count.
- \return SSL_SUCCESS will be returned upon success
- \return SSL_FATAL_ERROR will be returned if there have been too many
- retransmissions/timeouts without getting a response from the peer.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_dtls_retransmit(ssl);
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_retransmit(WOLFSSL* ssl);
- /*!
- \brief This function is used to determine if the SSL session has been
- configured to use DTLS.
- \return 1 If the SSL session (ssl) has been configured to use DTLS, this
- function will return 1.
- \return 0 otherwise.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_dtls(ssl);
- if (ret) {
- // SSL session has been configured to use DTLS
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- */
- int wolfSSL_dtls(WOLFSSL* ssl);
- /*!
- \brief This function sets the DTLS peer, peer (sockaddr_in) with size of
- peerSz.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to peer’s sockaddr_in structure. If NULL then the peer
- information in ssl is cleared.
- \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
- then the peer information in ssl is cleared.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in addr;
- ...
- ret = wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
- if (ret != SSL_SUCCESS) {
- // failed to set DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_get_peer
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
- /*!
- \brief This function gets the sockaddr_in (of size peerSz) of the current
- DTLS peer. The function will compare peerSz to the actual DTLS peer size
- stored in the SSL session. If the peer will fit into peer, the peer’s
- sockaddr_in will be copied into peer, with peerSz set to the size of peer.
- \return SSL_SUCCESS will be returned upon success.
- \return SSL_FAILURE will be returned upon failure.
- \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
- with DTLS support.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param peer pointer to memory location to store peer’s sockaddr_in
- structure.
- \param peerSz input/output size. As input, the size of the allocated memory
- pointed to by peer. As output, the size of the actual sockaddr_in structure
- pointed to by peer.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- sockaddr_in addr;
- ...
- ret = wolfSSL_dtls_get_peer(ssl, &addr, sizeof(addr));
- if (ret != SSL_SUCCESS) {
- // failed to get DTLS peer
- }
- \endcode
- \sa wolfSSL_dtls_get_current_timeout
- \sa wolfSSL_dtls_got_timeout
- \sa wolfSSL_dtls_set_peer
- \sa wolfSSL_dtls
- */
- int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
- /*!
- \ingroup Debug
- \brief This function converts an error code returned by
- wolfSSL_get_error() into a more human-readable error string.
- errNumber is the error code returned by wolfSSL_get_error() and data
- is the storage buffer which the error string will be placed in.
- The maximum length of data is 80 characters by default, as defined by
- MAX_ERROR_SZ is wolfssl/wolfcrypt/error.h.
- \return success On successful completion, this function returns the same
- string as is returned in data.
- \return failure Upon failure, this function returns a string with the
- appropriate failure reason, msg.
- \param errNumber error code returned by wolfSSL_get_error().
- \param data output buffer containing human-readable error string matching
- errNumber.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string(err, buffer);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data);
- /*!
- \ingroup Debug
- \brief This function is a version of wolfSSL_ERR_error_string() where
- len specifies the maximum number of characters that may be written to buf.
- Like wolfSSL_ERR_error_string(), this function converts an error code
- returned from wolfSSL_get_error() into a more human-readable error string.
- The human-readable string is placed in buf.
- \return none No returns.
- \param e error code returned by wolfSSL_get_error().
- \param buff output buffer containing human-readable error string matching e.
- \param len maximum length in characters which may be written to buf.
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_error_string_n(err, buffer, 80);
- printf(“err = %d, %s\n”, err, buffer);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_print_errors_fp
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
- unsigned long sz);
- /*!
- \ingroup TLS
- \brief This function checks the shutdown conditions in closeNotify or
- connReset or sentNotify members of the Options structure. The Options
- structure is within the WOLFSSL structure.
- \return 1 SSL_SENT_SHUTDOWN is returned.
- \return 2 SSL_RECEIVED_SHUTDOWN is returned.
- \param ssl a constant pointer to a WOLFSSL structure, created using
- wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- …
- int ret;
- ret = wolfSSL_get_shutdown(ssl);
- if(ret == 1){
- SSL_SENT_SHUTDOWN
- } else if(ret == 2){
- SSL_RECEIVED_SHUTDOWN
- } else {
- Fatal error.
- }
- \endcode
- \sa wolfSSL_SESSION_free
- */
- int wolfSSL_get_shutdown(const WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns the resuming member of the options struct. The
- flag indicates whether or not to reuse a session. If not, a new session must
- be established.
- \return This function returns an int type held in the Options structure
- representing the flag for session reuse.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if(!wolfSSL_session_reused(sslResume)){
- // No session reuse allowed.
- }
- \endcode
- \sa wolfSSL_SESSION_free
- \sa wolfSSL_GetSessionIndex
- \sa wolfSSL_memsave_session_cache
- */
- int wolfSSL_session_reused(WOLFSSL* ssl);
- /*!
- \ingroup TLS
- \brief This function checks to see if the connection is established.
- \return 0 returned if the connection is not established, i.e. the WOLFSSL
- struct is NULL or the handshake is not done.
- \return 1 returned if the connection is not established i.e. the WOLFSSL
- struct is null or the handshake is not done.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _EXAMPLE_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_is_init_finished(ssl)){
- Handshake is done and connection is established
- }
- \endcode
- \sa wolfSSL_set_accept_state
- \sa wolfSSL_get_keys
- \sa wolfSSL_set_shutdown
- */
- int wolfSSL_is_init_finished(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Returns the SSL version being used as a string.
- \return "SSLv3" Using SSLv3
- \return "TLSv1" Using TLSv1
- \return "TLSv1.1" Using TLSv1.1
- \return "TLSv1.2" Using TLSv1.2
- \return "TLSv1.3" Using TLSv1.3
- \return "DTLS": Using DTLS
- \return "DTLSv1.2" Using DTLSv1.2
- \return "unknown" There was a problem determining which version of TLS
- being used.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- printf(wolfSSL_get_version("Using version: %s", ssl));
- \endcode
- \sa wolfSSL_lib_version
- */
- const char* wolfSSL_get_version(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Returns the current cipher suit an ssl session is using.
- \return ssl->options.cipherSuite An integer representing the current
- cipher suite.
- \return 0 The ssl session provided is null.
- \param ssl The SSL session to check.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_get_current_cipher_suite(ssl) == 0)
- {
- // Error getting cipher suite
- }
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_list
- */
- int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function returns a pointer to the current cipher in the
- ssl session.
- \return The function returns the address of the cipher member of the
- WOLFSSL struct. This is a pointer to the WOLFSSL_CIPHER structure.
- \return NULL returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- WOLFSSL_CIPHER* cipherCurr = wolfSSL_get_current_cipher;
- if(!cipherCurr){
- // Failure case.
- } else {
- // The cipher was returned to cipherCurr
- }
- \endcode
- \sa wolfSSL_get_cipher
- \sa wolfSSL_get_cipher_name_internal
- \sa wolfSSL_get_cipher_name
- */
- WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function matches the cipher suite in the SSL object with
- the available suites and returns the string representation.
- \return string This function returns the string representation of the
- matched cipher suite.
- \return none It will return “None” if there are no suites matched.
- \param cipher a constant pointer to a WOLFSSL_CIPHER structure.
- _Example_
- \code
- // gets cipher name in the format DHE_RSA ...
- const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl){
- WOLFSSL_CIPHER* cipher;
- const char* fullName;
- …
- cipher = wolfSSL_get_curent_cipher(ssl);
- fullName = wolfSSL_CIPHER_get_name(cipher);
- if(fullName){
- // sanity check on returned cipher
- }
- \endcode
- \sa wolfSSL_get_cipher
- \sa wolfSSL_get_current_cipher
- \sa wolfSSL_get_cipher_name_internal
- \sa wolfSSL_get_cipher_name
- */
- const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
- /*!
- \ingroup IO
- \brief This function matches the cipher suite in the SSL object with
- the available suites.
- \return This function returns the string value of the suite matched. It
- will return “None” if there are no suites matched.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #ifdef WOLFSSL_DTLS
- …
- // make sure a valid suite is used
- if(wolfSSL_get_cipher(ssl) == NULL){
- WOLFSSL_MSG(“Can not match cipher suite imported”);
- return MATCH_SUITE_ERROR;
- }
- …
- #endif // WOLFSSL_DTLS
- \endcode
- \sa wolfSSL_CIPHER_get_name
- \sa wolfSSL_get_current_cipher
- */
- const char* wolfSSL_get_cipher(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function returns the WOLFSSL_SESSION from the WOLFSSL structure
- as a reference type. This requires calling wolfSSL_SESSION_free to release
- the session reference. The WOLFSSL_SESSION pointed to contains all the
- necessary information required to perform a session resumption and
- reestablish the connection without a new handshake. For
- session resumption, before calling wolfSSL_shutdown() with your session
- object, an application should save the session ID from the object with a
- call to wolfSSL_get1_session(), which returns a pointer to the session.
- Later, the application should create a new WOLFSSL object and assign the
- saved session with wolfSSL_set_session(). At this point, the application
- may call wolfSSL_connect() and wolfSSL will try to resume the session.
- The wolfSSL server code allows session resumption by default. The object
- returned by wolfSSL_get1_session() needs to be freed after the application
- is done with it by calling wolfSSL_SESSION_free() on it.
- \return WOLFSSL_SESSION On success return session pointer.
- \return NULL will be returned if ssl is NULL, the SSL session cache is
- disabled, wolfSSL doesn’t have the Session ID available, or mutex
- functions fail.
- \param ssl WOLFSSL structure to get session from.
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_SESSION* ses;
- // attempt/complete handshake
- wolfSSL_connect(ssl);
- ses = wolfSSL_get1_session(ssl);
- // check ses information
- // disconnect / setup new SSL instance
- wolfSSL_set_session(ssl, ses);
- // attempt/resume handshake
- wolfSSL_SESSION_free(ses);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_SESSION_free
- */
- WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief The wolfSSLv23_client_method() function is used to indicate that
- the application is a client and will support the highest protocol
- version supported by the server between SSL 3.0 - TLS 1.3. This function
- allocates memory for and initializes a new WOLFSSL_METHOD structure
- to be used when creating the SSL/TLS context with wolfSSL_CTX_new().
- Both wolfSSL clients and servers have robust version downgrade capability.
- If a specific protocol version method is used on either side, then only
- that version will be negotiated or an error will be returned. For
- example, a client that uses TLSv1 and tries to connect to a SSLv3 only
- server will fail, likewise connecting to a TLSv1.1 will fail as well.
- To resolve this issue, a client that uses the wolfSSLv23_client_method()
- function will use the highest protocol version supported by the server and
- downgrade to SSLv3 if needed. In this case, the client will be able to
- connect to a server running SSLv3 - TLSv1.3.
- \return pointer upon success a pointer to a WOLFSSL_METHOD.
- \return Failure If memory allocation fails when calling XMALLOC,
- the failure value of the underlying malloc() implementation will be
- returned (typically NULL with errno will be set to ENOMEM).
- \param none No parameters
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv23_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD* wolfSSLv23_client_method(void);
- /*!
- \ingroup IO
- \brief This is used to set a byte pointer to the start of the
- internal memory buffer.
- \return size On success the size of the buffer is returned
- \return SSL_FATAL_ERROR If an error case was encountered.
- \param bio WOLFSSL_BIO structure to get memory buffer of.
- \param p byte pointer to set to memory buffer.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- const byte* p;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_get_mem_data(bio, &p);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
- /*!
- \ingroup IO
- \brief Sets the file descriptor for bio to use.
- \return SSL_SUCCESS(1) upon success.
- \param bio WOLFSSL_BIO structure to set fd.
- \param fd file descriptor to use.
- \param closeF flag for behavior when closing fd.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int fd;
- // setup bio
- wolfSSL_BIO_set_fd(bio, fd, BIO_NOCLOSE);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
- /*!
- \ingroup IO
- \brief Sets the close flag, used to indicate that the i/o stream should be
- closed when the BIO is freed
- \return SSL_SUCCESS(1) upon success.
- \param bio WOLFSSL_BIO structure.
- \param flag flag for behavior when closing i/o stream.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- // setup bio
- wolfSSL_BIO_set_close(bio, BIO_NOCLOSE);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
- /*!
- \ingroup IO
- \brief This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
- \return WOLFSSL_BIO_METHOD pointer to a WOLFSSL_BIO_METHOD structure
- that is a socket type
- \param none No parameters.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket);
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- */
- WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
- /*!
- \ingroup IO
- \brief This is used to set the size of write buffer for a
- WOLFSSL_BIO. If write buffer has been previously set this
- function will free it when resetting the size. It is similar to
- wolfSSL_BIO_reset in that it resets read and write indexes to 0.
- \return SSL_SUCCESS On successfully setting the write buffer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set fd.
- \param size size of buffer to allocate.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_set_write_buf_size(bio, 15000);
- // check return value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
- /*!
- \ingroup IO
- \brief This is used to pair two bios together. A pair of bios acts
- similar to a two way pipe writing to one can be read by the other
- and vice versa. It is expected that both bios be in the same thread,
- this function is not thread safe. Freeing one of the two bios removes
- both from being paired. If a write buffer size was not previously
- set for either of the bios it is set to a default size of 17000
- (WOLFSSL_BIO_SIZE) before being paired.
- \return SSL_SUCCESS On successfully pairing the two bios.
- \return SSL_FAILURE If an error case was encountered.
- \param b1 WOLFSSL_BIO structure to set pair.
- \param b2 second WOLFSSL_BIO structure to complete pair.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_BIO* bio2;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
- bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio());
- ret = wolfSSL_BIO_make_bio_pair(bio, bio2);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
- /*!
- \ingroup IO
- \brief This is used to set the read request flag back to 0.
- \return SSL_SUCCESS On successfully setting value.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set read request flag.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- ...
- ret = wolfSSL_BIO_ctrl_reset_read_request(bio);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_new, wolfSSL_BIO_free
- */
- int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *bio);
- /*!
- \ingroup IO
- \brief This is used to get a buffer pointer for reading from. Unlike
- wolfSSL_BIO_nread the internal read index is not advanced by the number
- returned from the function call. Reading past the value returned can
- result in reading out of array bounds.
- \return >=0 on success return the number of bytes to read
- \param bio WOLFSSL_BIO structure to read from.
- \param buf pointer to set at beginning of read array.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nread0(bio, &bufPt); // read as many bytes as possible
- // handle negative ret check
- // read ret bytes from bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_nwrite0
- */
- int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
- /*!
- \ingroup IO
- \brief This is used to get a buffer pointer for reading from. The internal
- read index is advanced by the number returned from the function call with
- buf being pointed to the beginning of the buffer to read from. In the
- case that less bytes are in the read buffer than the value requested with
- num the lesser value is returned. Reading past the value returned can
- result in reading out of array bounds.
- \return >=0 on success return the number of bytes to read
- \return WOLFSSL_BIO_ERROR(-1) on error case with nothing to read return -1
- \param bio WOLFSSL_BIO structure to read from.
- \param buf pointer to set at beginning of read array.
- \param num number of bytes to try and read.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nread(bio, &bufPt, 10); // try to read 10 bytes
- // handle negative ret check
- // read ret bytes from bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_nwrite
- */
- int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
- /*!
- \ingroup IO
- \brief Gets a pointer to the buffer for writing as many bytes as returned by
- the function. Writing more bytes to the pointer returned then the value
- returned can result in writing out of bounds.
- \return int Returns the number of bytes that can be written to the buffer
- pointer returned.
- \return WOLFSSL_BIO_UNSET(-2) in the case that is not part of a bio pair
- \return WOLFSSL_BIO_ERROR(-1) in the case that there is no more room to
- write to
- \param bio WOLFSSL_BIO structure to write to.
- \param buf pointer to buffer to write to.
- \param num number of bytes desired to be written.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- char* bufPt;
- int ret;
- // set up bio
- ret = wolfSSL_BIO_nwrite(bio, &bufPt, 10); // try to write 10 bytes
- // handle negative ret check
- // write ret bytes to bufPt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- \sa wolfSSL_BIO_nread
- */
- int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
- /*!
- \ingroup IO
- \brief Resets bio to an initial state. As an example for type BIO_BIO
- this resets the read and write index.
- \return 0 On successfully resetting the bio.
- \return WOLFSSL_BIO_ERROR(-1) Returned on bad input or unsuccessful reset.
- \param bio WOLFSSL_BIO structure to reset.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- // setup bio
- wolfSSL_BIO_reset(bio);
- //use pt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
- /*!
- \ingroup IO
- \brief This function adjusts the file pointer to the offset given. This
- is the offset from the head of the file.
- \return 0 On successfully seeking.
- \return -1 If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set.
- \param ofs offset into file.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_set_fp(bio, &fp);
- // check ret value
- ret = wolfSSL_BIO_seek(bio, 3);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
- /*!
- \ingroup IO
- \brief This is used to set and write to a file. WIll overwrite any data
- currently in the file and is set to close the file when the bio is freed.
- \return SSL_SUCCESS On successfully opening and setting file.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set file.
- \param name name of file to write to.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_write_filename(bio, “test.txt”);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_file
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
- /*!
- \ingroup IO
- \brief This is used to set the end of file value. Common value is -1 so
- as not to get confused with expected positive values.
- \return 0 returned on completion
- \param bio WOLFSSL_BIO structure to set end of file value.
- \param v value to set in bio.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ret = wolfSSL_BIO_set_mem_eof_return(bio, -1);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
- /*!
- \ingroup IO
- \brief This is a getter function for WOLFSSL_BIO memory pointer.
- \return SSL_SUCCESS On successfully getting the pointer SSL_SUCCESS is
- returned (currently value of 1).
- \return SSL_FAILURE Returned if NULL arguments are passed in (currently
- value of 0).
- \param bio pointer to the WOLFSSL_BIO structure for getting memory pointer.
- \param ptr structure that is currently a char*. Is set to point to
- bio’s memory.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_BUF_MEM* pt;
- // setup bio
- wolfSSL_BIO_get_mem_ptr(bio, &pt);
- //use pt
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- */
- long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
- /*!
- \ingroup CertsKeys
- \brief This function copies the name of the x509 into a buffer.
- \return A char pointer to the buffer with the WOLFSSL_X509_NAME structures
- name member’s data is returned if the function executed normally.
- \param name a pointer to a WOLFSSL_X509 structure.
- \param in a buffer to hold the name copied from the
- WOLFSSL_X509_NAME structure.
- \param sz the maximum size of the buffer.
- _Example_
- \code
- WOLFSSL_X509 x509;
- char* name;
- ...
- name = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
- if(name <= 0){
- // There’s nothing in the buffer.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_version
- */
- char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
- /*!
- \ingroup CertsKeys
- \brief This function returns the name of the certificate issuer.
- \return point a pointer to the WOLFSSL_X509 struct’s issuer member is
- returned.
- \return NULL if the cert passed in is NULL.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509;
- WOLFSSL_X509_NAME issuer;
- ...
- issuer = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
- if(!issuer){
- // NULL was returned
- } else {
- // issuer hods the name of the certificate issuer.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_NAME_oneline
- */
- WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief This function returns the subject member of the WOLFSSL_X509
- structure.
- \return pointer a pointer to the WOLFSSL_X509_NAME structure. The pointer
- may be NULL if the WOLFSSL_X509 struct is NULL or if the subject member of
- the structure is NULL.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* cert;
- WOLFSSL_X509_NAME name;
- …
- name = wolfSSL_X509_get_subject_name(cert);
- if(name == NULL){
- // Deal with the NULL cacse
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- */
- WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief Checks the isCa member of the WOLFSSL_X509 structure and returns
- the value.
- \return isCA returns the value in the isCA member of the WOLFSSL_X509
- structure is returned.
- \return 0 returned if there is not a valid x509 structure passed in.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_X509_get_isCA(ssl)){
- // This is the CA
- }else {
- // Failure case
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- */
- int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert);
- /*!
- \ingroup CertsKeys
- \brief This function gets the text related to the passed in NID value.
- \return int returns the size of the text buffer.
- \param name WOLFSSL_X509_NAME to search for text.
- \param nid NID to search for.
- \param buf buffer to hold text when found.
- \param len length of buffer.
- _Example_
- \code
- WOLFSSL_X509_NAME* name;
- char buffer[100];
- int bufferSz;
- int ret;
- // get WOLFSSL_X509_NAME
- ret = wolfSSL_X509_NAME_get_text_by_NID(name, NID_commonName,
- buffer, bufferSz);
- //check ret value
- \endcode
- \sa none
- */
- int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid,
- char* buf, int len);
- /*!
- \ingroup CertsKeys
- \brief This function returns the value stored in the sigOID
- member of the WOLFSSL_X509 structure.
- \return 0 returned if the WOLFSSL_X509 structure is NULL.
- \return int an integer value is returned which was retrieved from
- the x509 object.
- \param cert a pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- int x509SigType = wolfSSL_X509_get_signature_type(x509);
- if(x509SigType != EXPECTED){
- // Deal with an unexpected value
- }
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_notAfter
- \sa wolfSSL_X509_free
- */
- int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert);
- /*!
- \brief This function frees a WOLFSSL_X509 structure.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- wolfSSL_X509_free(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_notAfter
- */
- void wolfSSL_X509_free(WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief Gets the X509 signature and stores it in the buffer.
- \return SSL_SUCCESS returned if the function successfully executes.
- The signature is loaded into the buffer.
- \return SSL_FATAL_ERRROR returns if the x509 struct or the bufSz member
- is NULL. There is also a check for the length member of the sig structure
- (sig is a member of x509).
- \param x509 pointer to a WOLFSSL_X509 structure.
- \param buf a char pointer to the buffer.
- \param bufSz an integer pointer to the size of the buffer.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- unsigned char* buf; // Initialize
- int* bufSz = sizeof(buf)/sizeof(unsigned char);
- ...
- if(wolfSSL_X509_get_signature(x509, buf, bufSz) != SSL_SUCCESS){
- // The function did not execute successfully.
- } else{
- // The buffer was written to correctly.
- }
- \endcode
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_get_signature_type
- \sa wolfSSL_X509_get_device_type
- */
- int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz);
- /*!
- \ingroup CertsKeys
- \brief This function adds a certificate to the WOLFSSL_X509_STRE structure.
- \return SSL_SUCCESS If certificate is added successfully.
- \return SSL_FATAL_ERROR: If certificate is not added successfully.
- \param str certificate store to add the certificate to.
- \param x509 certificate to add.
- _Example_
- \code
- WOLFSSL_X509_STORE* str;
- WOLFSSL_X509* x509;
- int ret;
- ret = wolfSSL_X509_STORE_add_cert(str, x509);
- //check ret value
- \endcode
- \sa wolfSSL_X509_free
- */
- int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief This function is a getter function for chain variable
- in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
- \return pointer if successful returns WOLFSSL_STACK
- (same as STACK_OF(WOLFSSL_X509)) pointer
- \return Null upon failure
- \param ctx certificate store ctx to get parse chain from.
- _Example_
- \code
- WOLFSSL_STACK* sk;
- WOLFSSL_X509_STORE_CTX* ctx;
- sk = wolfSSL_X509_STORE_CTX_get_chain(ctx);
- //check sk for NULL and then use it. sk needs freed after done.
- \endcode
- \sa wolfSSL_sk_X509_free
- */
- WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
- WOLFSSL_X509_STORE_CTX* ctx);
- /*!
- \ingroup CertsKeys
- \brief This function takes in a flag to change the behavior of the
- WOLFSSL_X509_STORE structure passed in. An example of a flag used
- is WOLFSSL_CRL_CHECK.
- \return SSL_SUCCESS If no errors were encountered when setting the flag.
- \return <0 a negative value will be returned upon failure.
- \param str certificate store to set flag in.
- \param flag flag for behavior.
- _Example_
- \code
- WOLFSSL_X509_STORE* str;
- int ret;
- // create and set up str
- ret = wolfSSL_X509_STORE_set_flags(str, WOLFSSL_CRL_CHECKALL);
- If (ret != SSL_SUCCESS) {
- //check ret value and handle error case
- }
- \endcode
- \sa wolfSSL_X509_STORE_new
- \sa wolfSSL_X509_STORE_free
- */
- int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
- unsigned long flag);
- /*!
- \ingroup CertsKeys
- \brief This function the certificate "not before" validity encoded as
- a byte array.
- \return NULL returned if the WOLFSSL_X509 structure is NULL.
- \return byte is returned that contains the notBeforeData.
- \param x509 pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- byte* notBeforeData = wolfSSL_X509_notBefore(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notAfter
- \sa wolfSSL_X509_free
- */
- const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509);
- /*!
- \ingroup CertsKeys
- \brief This function the certificate "not after" validity encoded as
- a byte array.
- \return NULL returned if the WOLFSSL_X509 structure is NULL.
- \return byte is returned that contains the notAfterData.
- \param x509 pointer to a WOLFSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- byte* notAfterData = wolfSSL_X509_notAfter(x509);
- \endcode
- \sa wolfSSL_X509_get_signature
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_get_der
- \sa wolfSSL_X509_get_serial_number
- \sa wolfSSL_X509_notBefore
- \sa wolfSSL_X509_free
- */
- const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This function is used to copy a WOLFSSL_ASN1_INTEGER
- value to a WOLFSSL_BIGNUM structure.
- \return pointer On successfully copying the WOLFSSL_ASN1_INTEGER
- value a WOLFSSL_BIGNUM pointer is returned.
- \return Null upon failure.
- \param ai WOLFSSL_ASN1_INTEGER structure to copy from.
- \param bn if wanting to copy into an already existing
- WOLFSSL_BIGNUM struct then pass in a pointer to it.
- Optionally this can be NULL and a new WOLFSSL_BIGNUM
- structure will be created.
- _Example_
- \code
- WOLFSSL_ASN1_INTEGER* ai;
- WOLFSSL_BIGNUM* bn;
- // create ai
- bn = wolfSSL_ASN1_INTEGER_to_BN(ai, NULL);
- // or if having already created bn and wanting to reuse structure
- // wolfSSL_ASN1_INTEGER_to_BN(ai, bn);
- // check bn is or return value is not NULL
- \endcode
- \sa none
- */
- WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
- WOLFSSL_BIGNUM *bn);
- /*!
- \ingroup Setup
- \brief This function adds the certificate to the internal chain
- being built in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS after successfully adding the certificate.
- \return SSL_FAILURE if failing to add the certificate to the chain.
- \param ctx WOLFSSL_CTX structure to add certificate to.
- \param x509 certificate to add to the chain.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL_X509* x509;
- int ret;
- // create ctx
- ret = wolfSSL_CTX_add_extra_chain_cert(ctx, x509);
- // check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This function returns the get read ahead flag from a
- WOLFSSL_CTX structure.
- \return flag On success returns the read ahead flag.
- \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
- \param ctx WOLFSSL_CTX structure to get read ahead flag from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int flag;
- // setup ctx
- flag = wolfSSL_CTX_get_read_ahead(ctx);
- //check flag
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_set_read_ahead
- */
- int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function sets the read ahead flag in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS If ctx read ahead flag set.
- \return SSL_FAILURE If ctx is NULL then SSL_FAILURE is returned.
- \param ctx WOLFSSL_CTX structure to set read ahead flag.
- \param v read ahead flag
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- int flag;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_read_ahead(ctx, flag);
- // check return value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_get_read_ahead
- */
- int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v);
- /*!
- \ingroup Setup
- \brief This function sets the options argument to use with OCSP.
- \return SSL_FAILURE If ctx or it’s cert manager is NULL.
- \return SSL_SUCCESS If successfully set.
- \param ctx WOLFSSL_CTX structure to set user argument.
- \param arg user argument.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_tlsext_status_arg(ctx, data);
- //check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg);
- /*!
- \ingroup Setup
- \brief This function sets the optional argument to be passed to
- the PRF callback.
- \return SSL_FAILURE If ctx is NULL.
- \return SSL_SUCCESS If successfully set.
- \param ctx WOLFSSL_CTX structure to set user argument.
- \param arg user argument.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- int ret;
- // setup ctx
- ret = wolfSSL_CTX_set_tlsext_opaques_prf_input_callback_arg(ctx, data);
- //check ret value
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
- WOLFSSL_CTX* ctx, void* arg);
- /*!
- \ingroup Setup
- \brief This function sets the options mask in the ssl.
- Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE,
- SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1,
- SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
- \return val Returns the updated options mask value stored in ssl.
- \param s WOLFSSL structure to set options mask.
- \param op This function sets the options mask in the ssl.
- Some valid options are:
- SSL_OP_ALL
- SSL_OP_COOKIE_EXCHANGE
- SSL_OP_NO_SSLv2
- SSL_OP_NO_SSLv3
- SSL_OP_NO_TLSv1
- SSL_OP_NO_TLSv1_1
- SSL_OP_NO_TLSv1_2
- SSL_OP_NO_COMPRESSION
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned long mask;
- mask = SSL_OP_NO_TLSv1
- mask = wolfSSL_set_options(ssl, mask);
- // check mask
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_get_options
- */
- long wolfSSL_set_options(WOLFSSL *s, long op);
- /*!
- \ingroup Setup
- \brief This function returns the current options mask.
- \return val Returns the mask value stored in ssl.
- \param ssl WOLFSSL structure to get options mask from.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned long mask;
- mask = wolfSSL_get_options(ssl);
- // check mask
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_set_options
- */
- long wolfSSL_get_options(const WOLFSSL *ssl);
- /*!
- \ingroup Setup
- \brief This is used to set the debug argument passed around.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to set argument in.
- \param arg argument to use.
- _Example_
- \code
- WOLFSSL* ssl;
- void* args;
- int ret;
- // create ssl object
- ret = wolfSSL_set_tlsext_debug_arg(ssl, args);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg);
- /*!
- \ingroup openSSL
- \brief This function is called when the client application request
- that a server send back an OCSP status response (also known as
- OCSP stapling).Currently, the only supported type is
- TLSEXT_STATUSTYPE_ocsp.
- \return 1 upon success.
- \return 0 upon error.
- \param s pointer to WOLFSSL struct which is created by SSL_new() function
- \param type ssl extension type which TLSEXT_STATUSTYPE_ocsp is
- only supported.
- _Example_
- \code
- WOLFSSL *ssl;
- WOLFSSL_CTX *ctx;
- int ret;
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- ssl = wolfSSL_new(ctx);
- ret = WolfSSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_new
- \sa wolfSSL_free
- \sa wolfSSL_CTX_free
- */
- long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
- /*!
- \ingroup Setup
- \brief This is used to get the results after trying to verify the peer's
- certificate.
- \return X509_V_OK On successful verification.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to get verification results from.
- _Example_
- \code
- WOLFSSL* ssl;
- long ret;
- // attempt/complete handshake
- ret = wolfSSL_get_verify_result(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_get_verify_result(const WOLFSSL *ssl);
- /*!
- \ingroup Debug
- \brief This function converts an error code returned by
- wolfSSL_get_error() into a more human-readable error string
- and prints that string to the output file - fp. err is the
- error code returned by wolfSSL_get_error() and fp is the
- file which the error string will be placed in.
- \return none No returns.
- \param fp output file for human-readable error string to be written to.
- \param err error code returned by wolfSSL_get_error().
- _Example_
- \code
- int err = 0;
- WOLFSSL* ssl;
- FILE* fp = ...
- ...
- err = wolfSSL_get_error(ssl, 0);
- wolfSSL_ERR_print_errors_fp(fp, err);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_print_errors_fp(XFILE fp, int err);
- /*!
- \ingroup Debug
- \brief This function uses the provided callback to handle error reporting.
- The callback function is executed for each error line. The string, length,
- and userdata are passed into the callback parameters.
- \return none No returns.
- \param cb the callback function.
- \param u userdata to pass into the callback function.
- _Example_
- \code
- int error_cb(const char *str, size_t len, void *u)
- { fprintf((FILE*)u, "%-*.*s\n", (int)len, (int)len, str); return 0; }
- ...
- FILE* fp = ...
- wolfSSL_ERR_print_errors_cb(error_cb, fp);
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_ERR_error_string
- \sa wolfSSL_ERR_error_string_n
- \sa wolfSSL_load_error_strings
- */
- void wolfSSL_ERR_print_errors_cb (
- int (*cb)(const char *str, size_t len, void *u), void *u);
- /*!
- \brief The function sets the client_psk_cb member of the
- WOLFSSL_CTX structure.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param cb wc_psk_client_callback is a function pointer that will be
- stored in the WOLFSSL_CTX structure. Return value is the key length on
- success or zero on error.
- unsigned int (*wc_psk_client_callback)
- PSK client callback parameters:
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- const char* hint - A stored string that could be displayed to provide a
- hint to the user.
- char* identity - The ID will be stored here.
- unsigned int id_max_len - Size of the ID buffer.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
- …
- static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
- char* identity, unsigned int id_max_len, unsigned char* key,
- Unsigned int key_max_len){
- …
- wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
- \endcode
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- */
- void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
- wc_psk_client_callback cb);
- /*!
- \brief Sets the PSK client side callback.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to type wc_psk_client_callback. Return value
- is the key length on success or zero on error.
- unsigned int (*wc_psk_client_callback)
- PSK client callback parameters:
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- const char* hint - A stored string that could be displayed to provide a
- hint to the user.
- char* identity - The ID will be stored here.
- unsigned int id_max_len - Size of the ID buffer.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL* ssl;
- static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
- char* identity, unsigned int id_max_len, unsigned char* key,
- Unsigned int key_max_len){
- …
- if(ssl){
- wolfSSL_set_psk_client_callback(ssl, my_psk_client_cb);
- } else {
- // could not set callback
- }
- \endcode
- \sa wolfSSL_CTX_set_psk_client_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_set_psk_server_callback
- */
- void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,
- wc_psk_client_callback);
- /*!
- \ingroup CertsKeys
- \brief This function returns the psk identity hint.
- \return pointer a const char pointer to the value that was stored in
- the arrays member of the WOLFSSL structure is returned.
- \return NULL returned if the WOLFSSL or Arrays structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- char* idHint;
- ...
- idHint = wolfSSL_get_psk_identity_hint(ssl);
- if(idHint){
- // The hint was retrieved
- return idHint;
- } else {
- // Hint wasn’t successfully retrieved
- }
- \endcode
- \sa wolfSSL_get_psk_identity
- */
- const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief The function returns a constant pointer to the client_identity
- member of the Arrays structure.
- \return string the string value of the client_identity member of the
- Arrays structure.
- \return NULL if the WOLFSSL structure is NULL or if the Arrays member of
- the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* pskID;
- ...
- pskID = wolfSSL_get_psk_identity(ssl);
- if(pskID == NULL){
- // There is not a value in pskID
- }
- \endcode
- \sa wolfSSL_get_psk_identity_hint
- \sa wolfSSL_use_psk_identity_hint
- */
- const char* wolfSSL_get_psk_identity(const WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief This function stores the hint argument in the server_hint
- member of the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned for successful execution of the function.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param hint a constant char pointer that will be copied to the
- WOLFSSL_CTX structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- const char* hint;
- int ret;
- …
- ret = wolfSSL_CTX_use_psk_identity_hint(ctx, hint);
- if(ret == SSL_SUCCESS){
- // Function was successful.
- return ret;
- } else {
- // Failure case.
- }
- \endcode
- \sa wolfSSL_use_psk_identity_hint
- */
- int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint);
- /*!
- \ingroup CertsKeys
- \brief This function stores the hint argument in the server_hint member
- of the Arrays structure within the WOLFSSL structure.
- \return SSL_SUCCESS returned if the hint was successfully stored in the
- WOLFSSL structure.
- \return SSL_FAILURE returned if the WOLFSSL or Arrays structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param hint a constant character pointer that holds the hint to be saved
- in memory.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* hint;
- ...
- if(wolfSSL_use_psk_identity_hint(ssl, hint) != SSL_SUCCESS){
- // Handle failure case.
- }
- \endcode
- \sa wolfSSL_CTX_use_psk_identity_hint
- */
- int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint);
- /*!
- \brief This function sets the psk callback for the server side in
- the WOLFSSL_CTX structure.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer for the callback and will be stored in
- the WOLFSSL_CTX structure. Return value is the key length on success or
- zero on error.
- unsigned int (*wc_psk_server_callback)
- PSK server callback parameters
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- char* identity - The ID will be stored here.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
- unsigned char* key, unsigned int key_max_len)
- {
- // Function body.
- }
- …
- if(ctx != NULL){
- wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
- } else {
- // The CTX object was not properly initialized.
- }
- \endcode
- \sa wc_psk_server_callback
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- */
- void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
- wc_psk_server_callback cb);
- /*!
- \brief Sets the psk callback for the server side by setting the
- WOLFSSL structure options members.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer for the callback and will be stored in
- the WOLFSSL structure. Return value is the key length on success or zero
- on error.
- unsigned int (*wc_psk_server_callback)
- PSK server callback parameters
- WOLFSSL* ssl - Pointer to the wolfSSL structure
- char* identity - The ID will be stored here.
- unsigned char* key - The key will be stored here.
- unsigned int key_max_len - The max size of the key.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- …
- static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
- unsigned char* key, unsigned int key_max_len)
- {
- // Function body.
- }
- …
- if(ssl != NULL && cb != NULL){
- wolfSSL_set_psk_server_callback(ssl, my_psk_server_cb);
- }
- \endcode
- \sa wolfSSL_set_psk_client_callback
- \sa wolfSSL_CTX_set_psk_server_callback
- \sa wolfSSL_CTX_set_psk_client_callback
- \sa wolfSSL_get_psk_identity_hint
- \sa wc_psk_server_callback
- \sa InitSuites
- */
- void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,
- wc_psk_server_callback cb);
- /*!
- \brief Sets a PSK user context in the WOLFSSL structure options member.
- \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param psk_ctx void pointer to user PSK context
- \sa wolfSSL_get_psk_callback_ctx
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx);
- /*!
- \brief Sets a PSK user context in the WOLFSSL_CTX structure.
- \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
- \param psk_ctx void pointer to user PSK context
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_get_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx);
- /*!
- \brief Get a PSK user context in the WOLFSSL structure options member.
- \return void pointer to user PSK context
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_CTX_get_psk_callback_ctx
- */
- void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl);
- /*!
- \brief Get a PSK user context in the WOLFSSL_CTX structure.
- \return void pointer to user PSK context
- \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
- \sa wolfSSL_CTX_set_psk_callback_ctx
- \sa wolfSSL_set_psk_callback_ctx
- \sa wolfSSL_get_psk_callback_ctx
- */
- void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function enables the havAnon member of the CTX structure if
- HAVE_ANON is defined during compilation.
- \return SSL_SUCCESS returned if the function executed successfully and the
- haveAnnon member of the CTX is set to 1.
- \return SSL_FAILURE returned if the CTX structure was NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- #ifdef HAVE_ANON
- if(cipherList == NULL){
- wolfSSL_CTX_allow_anon_cipher(ctx);
- if(wolfSSL_CTX_set_cipher_list(ctx, “ADH_AES128_SHA”) != SSL_SUCCESS){
- // failure case
- }
- }
- #endif
- \endcode
- \sa none
- */
- int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief The wolfSSLv23_server_method() function is used to indicate
- that the application is a server and will support clients connecting
- with protocol version from SSL 3.0 - TLS 1.3. This function allocates
- memory for and initializes a new WOLFSSL_METHOD structure to be used when
- creating the SSL/TLS context with wolfSSL_CTX_new().
- \return pointer If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return Failure If memory allocation fails when calling XMALLOC, the
- failure value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- \param none No parameters
- _Example_
- \code
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfSSLv23_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfSSLv23_server_method(void);
- /*!
- \ingroup Setup
- \brief This is used to get the internal error state of the WOLFSSL structure.
- \return wolfssl_error returns ssl error state, usually a negative
- \return BAD_FUNC_ARG if ssl is NULL.
- \return ssl WOLFSSL structure to get state from.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- // create ssl object
- ret = wolfSSL_state(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_state(WOLFSSL* ssl);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s certificate.
- \return pointer a pointer to the peerCert member of the WOLFSSL_X509
- structure if it exists.
- \return 0 returned if the peer certificate issuer size is not defined.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- WOLFSSL_X509* peerCert = wolfSSL_get_peer_certificate(ssl);
- if(peerCert){
- // You have a pointer peerCert to the peer certification
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- */
- WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
- /*!
- \ingroup Debug
- \brief This function is similar to calling wolfSSL_get_error() and
- getting SSL_ERROR_WANT_READ in return. If the underlying error state
- is SSL_ERROR_WANT_READ, this function will return 1, otherwise, 0.
- \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_READ, the
- underlying I/O has data available for reading.
- \return 0 There is no SSL_ERROR_WANT_READ error state.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_want_read(ssl);
- if (ret == 1) {
- // underlying I/O has data available for reading (SSL_ERROR_WANT_READ)
- }
- \endcode
- \sa wolfSSL_want_write
- \sa wolfSSL_get_error
- */
- int wolfSSL_want_read(WOLFSSL*);
- /*!
- \ingroup Debug
- \brief This function is similar to calling wolfSSL_get_error() and getting
- SSL_ERROR_WANT_WRITE in return. If the underlying error state is
- SSL_ERROR_WANT_WRITE, this function will return 1, otherwise, 0.
- \return 1 wolfSSL_get_error() would return SSL_ERROR_WANT_WRITE, the
- underlying I/O needs data to be written in order for progress to be
- made in the underlying SSL connection.
- \return 0 There is no SSL_ERROR_WANT_WRITE error state.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_want_write(ssl);
- if (ret == 1) {
- // underlying I/O needs data to be written (SSL_ERROR_WANT_WRITE)
- }
- \endcode
- \sa wolfSSL_want_read
- \sa wolfSSL_get_error
- */
- int wolfSSL_want_write(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief wolfSSL by default checks the peer certificate for a valid date
- range and a verified signature. Calling this function before
- wolfSSL_connect() or wolfSSL_accept() will add a domain name check to
- the list of checks to perform. dn holds the domain name to check
- against the peer certificate when it’s received.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE will be returned if a memory error was encountered.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param dn domain name to check against the peer certificate when received.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- char* domain = (char*) “www.yassl.com”;
- ...
- ret = wolfSSL_check_domain_name(ssl, domain);
- if (ret != SSL_SUCCESS) {
- // failed to enable domain name check
- }
- \endcode
- \sa none
- */
- int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
- /*!
- \ingroup TLS
- \brief Initializes the wolfSSL library for use. Must be called once per
- application and before any other call to the library.
- \return SSL_SUCCESS If successful the call will return.
- \return BAD_MUTEX_E is an error that may be returned.
- \return WC_INIT_E wolfCrypt initialization error returned.
- _Example_
- \code
- int ret = 0;
- ret = wolfSSL_Init();
- if (ret != SSL_SUCCESS) {
- failed to initialize wolfSSL library
- }
- \endcode
- \sa wolfSSL_Cleanup
- */
- int wolfSSL_Init(void);
- /*!
- \ingroup TLS
- \brief Un-initializes the wolfSSL library from further use. Doesn’t have
- to be called, though it will free any resources used by the library.
- \return SSL_SUCCESS return no errors.
- \return BAD_MUTEX_E a mutex error return.]
- _Example_
- \code
- wolfSSL_Cleanup();
- \endcode
- \sa wolfSSL_Init
- */
- int wolfSSL_Cleanup(void);
- /*!
- \ingroup IO
- \brief This function returns the current library version.
- \return LIBWOLFSSL_VERSION_STRING a const char pointer defining the
- version.
- \param none No parameters.
- _Example_
- \code
- char version[MAXSIZE];
- version = wolfSSL_KeepArrays();
- …
- if(version != ExpectedVersion){
- // Handle the mismatch case
- }
- \endcode
- \sa word32_wolfSSL_lib_version_hex
- */
- const char* wolfSSL_lib_version(void);
- /*!
- \ingroup IO
- \brief This function returns the current library version in hexadecimal
- notation.
- \return LILBWOLFSSL_VERSION_HEX returns the hexadecimal version defined in
- wolfssl/version.h.
- \param none No parameters.
- _Example_
- \code
- word32 libV;
- libV = wolfSSL_lib_version_hex();
- if(libV != EXPECTED_HEX){
- // How to handle an unexpected value
- } else {
- // The expected result for libV
- }
- \endcode
- \sa wolfSSL_lib_version
- */
- word32 wolfSSL_lib_version_hex(void);
- /*!
- \ingroup IO
- \brief Performs the actual connect or accept based on the side of the SSL
- method. If called from the client side then an wolfSSL_connect() is done
- while a wolfSSL_accept() is performed if called from the server side.
- \return SSL_SUCCESS will be returned if successful. (Note, older versions
- will return 0.)
- \return SSL_FATAL_ERROR will be returned if the underlying call resulted
- in an error. Use wolfSSL_get_error() to get a specific error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = SSL_FATAL_ERROR;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_negotiate(ssl);
- if (ret == SSL_FATAL_ERROR) {
- // SSL establishment failed
- int error_code = wolfSSL_get_error(ssl);
- ...
- }
- ...
- \endcode
- \sa SSL_connect
- \sa SSL_accept
- */
- int wolfSSL_negotiate(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief Turns on the ability to use compression for the SSL connection.
- Both sides must have compression turned on otherwise compression will not be
- used. The zlib library performs the actual data compression. To compile
- into the library use --with-libz for the configure system and define
- HAVE_LIBZ otherwise. Keep in mind that while compressing data before
- sending decreases the actual size of the messages being sent and received,
- the amount of data saved by compression usually takes longer in time to
- analyze than it does to send it raw on all but the slowest of networks.
- \return SSL_SUCCESS upon success.
- \return NOT_COMPILED_IN will be returned if compression support wasn’t
- built into the library.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_compression(ssl);
- if (ret == SSL_SUCCESS) {
- // successfully enabled compression for SSL session
- }
- \endcode
- \sa none
- */
- int wolfSSL_set_compression(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the SSL session timeout value in seconds.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned if ssl is NULL.
- \param ssl pointer to the SSL object, created with wolfSSL_new().
- \param to value, in seconds, used to set the SSL session timeout.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_timeout(ssl, 500);
- if (ret != SSL_SUCCESS) {
- // failed to set session timeout value
- }
- ...
- \endcode
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- */
- int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to);
- /*!
- \ingroup Setup
- \brief This function sets the timeout value for SSL sessions, in seconds,
- for the specified SSL context.
- \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
- \return defined on success. If not defined, SSL_SUCCESS will be returned.
- \return BAD_FUNC_ARG will be returned when the input context (ctx) is null.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param to session timeout value in seconds.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_timeout(ctx, 500);
- if (ret != SSL_SUCCESS) {
- // failed to set session timeout value
- }
- \endcode
- \sa wolfSSL_flush_sessions
- \sa wolfSSL_get1_session
- \sa wolfSSL_set_session
- \sa wolfSSL_get_sessionID
- \sa wolfSSL_CTX_set_session_cache_mode
- */
- int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s certificate chain.
- \return chain If successful the call will return the peer’s
- certificate chain.
- \return 0 will be returned if an invalid WOLFSSL pointer is passed to the
- function.
- \param ssl pointer to a valid WOLFSSL structure.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
- /*!
- \ingroup openSSL
- \brief Retrieve's the peers certificate chain count.
- \return Success If successful the call will return the peer’s certificate
- chain count.
- \return 0 will be returned if an invalid chain pointer is passed to
- the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s ASN1.DER certificate length in bytes
- at index (idx).
- \return Success If successful the call will return the peer’s
- certificate length in bytes by index.
- \return 0 will be returned if an invalid chain pointer is passed
- to the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx index to start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_cert
- \sa wolfSSL_get_chain_cert_pem
- */
- int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s ASN1.DER certificate at index (idx).
- \return Success If successful the call will return the peer’s
- certificate by index.
- \return 0 will be returned if an invalid chain pointer is passed
- to the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx index to start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert_pem
- */
- unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s wolfSSL_X509_certificate at
- index (idx) from the chain of certificates.
- \return pointer returns a pointer to a WOLFSSL_X509 structure.
- \param chain a pointer to the WOLFSSL_X509_CHAIN used for no dynamic
- memory SESSION_CACHE.
- \param idx the index of the WOLFSSL_X509 certificate.
- Note that it is the user's responsibility to free the returned memory
- by calling wolfSSL_FreeX509().
- _Example_
- \code
- WOLFSSL_X509_CHAIN* chain = &session->chain;
- int idx = 999; // set idx
- ...
- WOLFSSL_X509_CHAIN ptr;
- prt = wolfSSL_get_chain_X509(chain, idx);
- if(ptr != NULL){
- // ptr contains the cert at the index specified
- wolfSSL_FreeX509(ptr);
- } else {
- // ptr is NULL
- }
- \endcode
- \sa InitDecodedCert
- \sa ParseCertRelative
- \sa CopyDecodedToX509
- */
- WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s PEM certificate at index (idx).
- \return Success If successful the call will return the peer’s
- certificate by index.
- \return 0 will be returned if an invalid chain pointer is passed to
- the function.
- \param chain pointer to a valid WOLFSSL_X509_CHAIN structure.
- \param idx indexto start of chain.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_get_peer_chain
- \sa wolfSSL_get_chain_count
- \sa wolfSSL_get_chain_length
- \sa wolfSSL_get_chain_cert
- */
- int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
- unsigned char* buf, int inLen, int* outLen);
- /*!
- \ingroup openSSL
- \brief Retrieves the session’s ID. The session ID is always 32 bytes long.
- \return id The session ID.
- \param session pointer to a valid wolfssl session.
- _Example_
- \code
- none
- \endcode
- \sa SSL_get_session
- */
- const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
- /*!
- \ingroup openSSL
- \brief Retrieves the peer’s certificate serial number. The serial
- number buffer (in) should be at least 32 bytes long and be provided
- as the *inOutSz argument as input. After calling the function *inOutSz
- will hold the actual length in bytes written to the in buffer.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if a bad function argument
- was encountered.
- \param in The serial number buffer and should be at least 32 bytes long
- \param inOutSz will hold the actual length in bytes written to the
- in buffer.
- _Example_
- \code
- none
- \endcode
- \sa SSL_get_peer_certificate
- */
- int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief Returns the common name of the subject from the certificate.
- \return NULL returned if the x509 structure is null
- \return string a string representation of the subject's common
- name is returned upon success
- \param x509 a pointer to a WOLFSSL_X509 structure containing
- certificate information.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- ...
- int x509Cn = wolfSSL_X509_get_subjectCN(x509);
- if(x509Cn == NULL){
- // Deal with NULL case
- } else {
- // x509Cn contains the common name
- }
- \endcode
- \sa wolfSSL_X509_Name_get_entry
- \sa wolfSSL_X509_get_next_altname
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief This function gets the DER encoded certificate in the
- WOLFSSL_X509 struct.
- \return buffer This function returns the DerBuffer structure’s
- buffer member, which is of type byte.
- \return NULL returned if the x509 or outSz parameter is NULL.
- \param x509 a pointer to a WOLFSSL_X509 structure containing
- certificate information.
- \param outSz length of the derBuffer member of the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- int* outSz; // initialize
- ...
- byte* x509Der = wolfSSL_X509_get_der(x509, outSz);
- if(x509Der == NULL){
- // Failure case one of the parameters was NULL
- }
- \endcode
- \sa wolfSSL_X509_version
- \sa wolfSSL_X509_Name_get_entry
- \sa wolfSSL_X509_get_next_altname
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz);
- /*!
- \ingroup CertsKeys
- \brief This function checks to see if x509 is NULL and if it’s not,
- it returns the notAfter member of the x509 struct.
- \return pointer to struct with ASN1_TIME to the notAfter
- member of the x509 struct.
- \return NULL returned if the x509 object is NULL.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- ...
- const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509);
- if(notAfter == NULL){
- // Failure case, the x509 object is null.
- }
- \endcode
- \sa wolfSSL_X509_get_notBefore
- */
- WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief This function retrieves the version of the X509 certificate.
- \return 0 returned if the x509 structure is NULL.
- \return version the version stored in the x509 structure will be returned.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_X509* x509;
- int version;
- ...
- version = wolfSSL_X509_version(x509);
- if(!version){
- // The function returned 0, failure case.
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- */
- int wolfSSL_X509_version(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief If NO_STDIO_FILESYSTEM is defined this function will allocate
- heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it.
- \return *WOLFSSL_X509 WOLFSSL_X509 structure pointer is returned if
- the function executes successfully.
- \return NULL if the call to XFTELL macro returns a negative value.
- \param x509 a pointer to a WOLFSSL_X509 pointer.
- \param file a defined type that is a pointer to a FILE.
- _Example_
- \code
- WOLFSSL_X509* x509a = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- WOLFSSL_X509** x509 = x509a;
- XFILE file; (mapped to struct fs_file*)
- ...
- WOLFSSL_X509* newX509 = wolfSSL_X509_d2i_fp(x509, file);
- if(newX509 == NULL){
- // The function returned NULL
- }
- \endcode
- \sa wolfSSL_X509_d2i
- \sa XFTELL
- \sa XREWIND
- \sa XFSEEK
- */
- WOLFSSL_X509*
- wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
- /*!
- \ingroup CertsKeys
- \brief The function loads the x509 certificate into memory.
- \return pointer a successful execution returns pointer to a
- WOLFSSL_X509 structure.
- \return NULL returned if the certificate was not able to be written.
- \param fname the certificate file to be loaded.
- \param format the format of the certificate.
- _Example_
- \code
- #define cliCert “certs/client-cert.pem”
- …
- X509* x509;
- …
- x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
- AssertNotNull(x509);
- \endcode
- \sa InitDecodedCert
- \sa PemToDer
- \sa wolfSSL_get_certificate
- \sa AssertNotNull
- */
- WOLFSSL_X509*
- wolfSSL_X509_load_certificate_file(const char* fname, int format);
- /*!
- \ingroup CertsKeys
- \brief This function copies the device type from the x509 structure
- to the buffer.
- \return pointer returns a byte pointer holding the device type from
- the x509 structure.
- \return NULL returned if the buffer size is NULL.
- \param x509 pointer to a WOLFSSL_X509 structure, created with
- WOLFSSL_X509_new().
- \param in a pointer to a byte type that will hold the device type
- (the buffer).
- \param inOutSz the minimum of either the parameter inOutSz or the
- deviceTypeSz member of the x509 structure.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- byte* in;
- int* inOutSz;
- ...
- byte* deviceType = wolfSSL_X509_get_device_type(x509, in, inOutSz);
- if(!deviceType){
- // Failure case, NULL was returned.
- }
- \endcode
- \sa wolfSSL_X509_get_hw_type
- \sa wolfSSL_X509_get_hw_serial_number
- \sa wolfSSL_X509_d2i
- */
- unsigned char*
- wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief The function copies the hwType member of the WOLFSSL_X509
- structure to the buffer.
- \return byte The function returns a byte type of the data previously held
- in the hwType member of the WOLFSSL_X509 structure.
- \return NULL returned if inOutSz is NULL.
- \param x509 a pointer to a WOLFSSL_X509 structure containing certificate
- information.
- \param in pointer to type byte that represents the buffer.
- \param inOutSz pointer to type int that represents the size of the buffer.
- _Example_
- \code
- WOLFSSL_X509* x509; // X509 certificate
- byte* in; // initialize the buffer
- int* inOutSz; // holds the size of the buffer
- ...
- byte* hwType = wolfSSL_X509_get_hw_type(x509, in, inOutSz);
- if(hwType == NULL){
- // Failure case function returned NULL.
- }
- \endcode
- \sa wolfSSL_X509_get_hw_serial_number
- \sa wolfSSL_X509_get_device_type
- */
- unsigned char*
- wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, unsigned char* in,
- int* inOutSz);
- /*!
- \ingroup CertsKeys
- \brief This function returns the hwSerialNum member of the x509 object.
- \return pointer the function returns a byte pointer to the in buffer that
- will contain the serial number loaded from the x509 object.
- \param x509 pointer to a WOLFSSL_X509 structure containing certificate
- information.
- \param in a pointer to the buffer that will be copied to.
- \param inOutSz a pointer to the size of the buffer.
- _Example_
- \code
- char* serial;
- byte* in;
- int* inOutSz;
- WOLFSSL_X509 x509;
- ...
- serial = wolfSSL_X509_get_hw_serial_number(x509, in, inOutSz);
- if(serial == NULL || serial <= 0){
- // Failure case
- }
- \endcode
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_isCA
- \sa wolfSSL_get_peer_certificate
- \sa wolfSSL_X509_version
- */
- unsigned char*
- wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,
- unsigned char* in, int* inOutSz);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates an
- SSL/TLS handshake with a server only long enough to get the peer’s
- certificate chain. When this function is called, the underlying
- communication channel has already been set up. wolfSSL_connect_cert()
- works with both blocking and non-blocking I/O. When the underlying I/O
- is non-blocking, wolfSSL_connect_cert() will return when the underlying
- I/O could not satisfy the needs of wolfSSL_connect_cert() to continue the
- handshake. In this case, a call to wolfSSL_get_error() will yield either
- SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process must then
- repeat the call to wolfSSL_connect_cert() when the underlying I/O is ready
- and wolfSSL will pick up where it left off. When using a non-blocking
- socket, nothing needs to be done, but select() can be used to check for
- the required condition. If the underlying I/O is blocking,
- wolfSSL_connect_cert() will only return once the peer’s certificate chain
- has been received.
- \return SSL_SUCCESS upon success.
- \return SSL_FAILURE will be returned if the SSL session parameter is NULL.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a more
- detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect_cert(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- \sa wolfSSL_accept
- */
- int wolfSSL_connect_cert(WOLFSSL* ssl);
- /*!
- \ingroup openSSL
- \brief wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12
- information from WOLFSSL_BIO to the structure WC_PKCS12. The information
- is divided up in the structure as a list of Content Infos along with a
- structure to hold optional MAC information. After the information has been
- divided into chunks (but not decrypted) in the structure WC_PKCS12, it can
- then be parsed and decrypted by calling.
- \return WC_PKCS12 pointer to a WC_PKCS12 structure.
- \return Failure If function failed it will return NULL.
- \param bio WOLFSSL_BIO structure to read PKCS12 buffer from.
- \param pkcs12 WC_PKCS12 structure pointer for new PKCS12 structure created.
- Can be NULL
- _Example_
- \code
- WC_PKCS12* pkcs;
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* cert;
- WOLFSSL_EVP_PKEY* pkey;
- STACK_OF(X509) certs;
- //bio loads in PKCS12 file
- wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
- wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
- wc_PKCS12_free(pkcs)
- //use cert, pkey, and optionally certs stack
- \endcode
- \sa wolfSSL_PKCS12_parse
- \sa wc_PKCS12_free
- */
- WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
- WC_PKCS12** pkcs12);
- /*!
- \ingroup openSSL
- \brief wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert
- information from the structure WC_PKCS12 to WOLFSSL_BIO.
- \return 1 for success.
- \return Failure 0.
- \param bio WOLFSSL_BIO structure to write PKCS12 buffer to.
- \param pkcs12 WC_PKCS12 structure for PKCS12 structure as input.
- _Example_
- \code
- WC_PKCS12 pkcs12;
- FILE *f;
- byte buffer[5300];
- char file[] = "./test.p12";
- int bytes;
- WOLFSSL_BIO* bio;
- pkcs12 = wc_PKCS12_new();
- f = fopen(file, "rb");
- bytes = (int)fread(buffer, 1, sizeof(buffer), f);
- fclose(f);
- //convert the DER file into an internal structure
- wc_d2i_PKCS12(buffer, bytes, pkcs12);
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- //convert PKCS12 structure into bio
- wolfSSL_i2d_PKCS12_bio(bio, pkcs12);
- wc_PKCS12_free(pkcs)
- //use bio
- \endcode
- \sa wolfSSL_PKCS12_parse
- \sa wc_PKCS12_free
- */
- WC_PKCS12* wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO* bio,
- WC_PKCS12* pkcs12);
- /*!
- \ingroup openSSL
- \brief PKCS12 can be enabled with adding –enable-opensslextra to the
- configure command. It can use triple DES and RC4 for decryption so would
- recommend also enabling these features when enabling opensslextra
- (--enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so
- decryption with RC2 is currently not available. This may be noticeable
- with default encryption schemes used by OpenSSL command line to create
- .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this
- function does is check the MAC is correct if present. If the MAC fails
- then the function returns and does not try to decrypt any of the stored
- Content Infos. This function then parses through each Content Info
- looking for a bag type, if the bag type is known it is decrypted as
- needed and either stored in the list of certificates being built or as
- a key found. After parsing through all bags the key found is then
- compared with the certificate list until a matching pair is found.
- This matching pair is then returned as the key and certificate,
- optionally the certificate list found is returned as a STACK_OF
- certificates. At the moment a CRL, Secret or SafeContents bag will be
- skipped over and not parsed. It can be seen if these or other “Unknown”
- bags are skipped over by viewing the debug print out. Additional attributes
- such as friendly name are skipped over when parsing a PKCS12 file.
- \return SSL_SUCCESS On successfully parsing PKCS12.
- \return SSL_FAILURE If an error case was encountered.
- \param pkcs12 WC_PKCS12 structure to parse.
- \param paswd password for decrypting PKCS12.
- \param pkey structure to hold private key decoded from PKCS12.
- \param cert structure to hold certificate decoded from PKCS12.
- \param stack optional stack of extra certificates.
- _Example_
- \code
- WC_PKCS12* pkcs;
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* cert;
- WOLFSSL_EVP_PKEY* pkey;
- STACK_OF(X509) certs;
- //bio loads in PKCS12 file
- wolfSSL_d2i_PKCS12_bio(bio, &pkcs);
- wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
- wc_PKCS12_free(pkcs)
- //use cert, pkey, and optionally certs stack
- \endcode
- \sa wolfSSL_d2i_PKCS12_bio
- \sa wc_PKCS12_free
- */
- int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
- WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca);
- /*!
- \ingroup CertsKeys
- \brief Server Diffie-Hellman Ephemeral parameters setting. This function
- sets up the group parameters to be used if the server negotiates a cipher
- suite that uses DHE.
- \return SSL_SUCCESS upon success.
- \return MEMORY_ERROR will be returned if a memory error was encountered.
- \return SIDE_ERROR will be returned if this function is called on an SSL
- client instead of an SSL server.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param p Diffie-Hellman prime number parameter.
- \param pSz size of p.
- \param g Diffie-Hellman “generator” parameter.
- \param gSz size of g.
- _Example_
- \code
- WOLFSSL* ssl;
- static unsigned char p[] = {...};
- static unsigned char g[] = {...};
- ...
- wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
- \endcode
- \sa SSL_accept
- */
- int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
- const unsigned char* g, int gSz);
- /*!
- \ingroup CertsKeys
- \brief The function calls the wolfSSL_SetTMpDH_buffer_wrapper,
- which is a wrapper for Diffie-Hellman parameters.
- \return SSL_SUCCESS on successful execution.
- \return SSL_BAD_FILETYPE if the file type is not PEM and is not
- ASN.1. It will also be returned if the wc_DhParamsLoad does not
- return normally.
- \return SSL_NO_PEM_HEADER returns from PemToDer if there is not
- a PEM header.
- \return SSL_BAD_FILE returned if there is a file error in PemToDer.
- \return SSL_FATAL_ERROR returned from PemToDer if there was a copy error.
- \return MEMORY_E - if there was a memory allocation error.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if
- there was otherwise a NULL argument passed to a subroutine.
- \return DH_KEY_SIZE_E is returned if their is a key size error in
- wolfSSL_SetTmpDH() or in wolfSSL_CTX_SetTmpDH().
- \return SIDE_ERROR returned if it is not the server side
- in wolfSSL_SetTmpDH.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf allocated buffer passed in from wolfSSL_SetTMpDH_file_wrapper.
- \param sz a long int that holds the size of the file
- (fname within wolfSSL_SetTmpDH_file_wrapper).
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate
- format.
- _Example_
- \code
- Static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- Const char* fname, int format);
- long sz = 0;
- byte* myBuffer = staticBuffer[FILE_BUFFER_SIZE];
- …
- if(ssl)
- ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wc_DhParamsLoad
- \sa wolfSSL_SetTmpDH
- \sa PemToDer
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* b, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function calls wolfSSL_SetTmpDH_file_wrapper to set server
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned on successful completion of this function
- and its subroutines.
- \return MEMORY_E returned if a memory allocation failed in this function
- or a subroutine.
- \return SIDE_ERROR if the side member of the Options structure found
- in the WOLFSSL struct is not the server side.
- \return SSL_BAD_FILETYPE returns if the certificate fails a set of checks.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member in the WOLFSSL struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member in the WOLFSSL struct.
- \return BAD_FUNC_ARG returns if an argument value is NULL that is not
- permitted such as, the WOLFSSL structure.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param fname a constant char pointer holding the certificate.
- \param format an integer type that holds the format of the certification.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* dhParam;
- …
- AssertIntNE(SSL_SUCCESS,
- wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM));
- \endcode
- \sa wolfSSL_CTX_SetTmpDH_file
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa wolfSSL_SetTmpDH_buffer
- \sa wolfSSL_CTX_SetTmpDH_buffer
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH
- */
- int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* f, int format);
- /*!
- \ingroup CertsKeys
- \brief Sets the parameters for the server CTX Diffie-Hellman.
- \return SSL_SUCCESS returned if the function and all subroutines
- return without error.
- \return BAD_FUNC_ARG returned if the CTX, p or g parameters are NULL.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member of the WOLFSSL_CTX struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
- \return MEMORY_E returned if the allocation of memory failed in this
- function or a subroutine.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param p a constant unsigned char pointer loaded into the buffer
- member of the serverDH_P struct.
- \param pSz an int type representing the size of p, initialized
- to MAX_DH_SIZE.
- \param g a constant unsigned char pointer loaded into the buffer
- member of the serverDH_G struct.
- \param gSz an int type representing the size of g, initialized to
- MAX_DH_SIZE.
- _Exmaple_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
- byte* p;
- byte* g;
- word32 pSz = (word32)sizeof(p)/sizeof(byte);
- word32 gSz = (word32)sizeof(g)/sizeof(byte);
- …
- int ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
- if(ret != SSL_SUCCESS){
- // Failure case
- }
- \endcode
- \sa wolfSSL_SetTmpDH
- \sa wc_DhParamsLoad
- */
- int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p,
- int pSz, const unsigned char* g, int gSz);
- /*!
- \ingroup CertsKeys
- \brief A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper
- \return 0 returned for a successful execution.
- \return BAD_FUNC_ARG returned if the ctx or buf parameters are NULL.
- \return MEMORY_E if there is a memory allocation error.
- \return SSL_BAD_FILETYPE returned if format is not correct.
- \param ctx a pointer to a WOLFSSL structure, created using
- wolfSSL_CTX_new().
- \param buf a pointer to a constant unsigned char type that is
- allocated as the buffer and passed through to
- wolfSSL_SetTmpDH_buffer_wrapper.
- \param sz a long integer type that is derived from the fname parameter
- in wolfSSL_SetTmpDH_file_wrapper().
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper().
- _Example_
- \code
- static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- Const char* fname, int format);
- #ifdef WOLFSSL_SMALL_STACK
- byte staticBuffer[1]; // force heap usage
- #else
- byte* staticBuffer;
- long sz = 0;
- …
- if(ssl){
- ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
- } else {
- ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
- }
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTMpDH_buffer
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* b,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief The function calls wolfSSL_SetTmpDH_file_wrapper to set the server
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned if the wolfSSL_SetTmpDH_file_wrapper or any
- of its subroutines return successfully.
- \return MEMORY_E returned if an allocation of dynamic memory fails in a
- subroutine.
- \return BAD_FUNC_ARG returned if the ctx or fname parameters are NULL or
- if
- a subroutine is passed a NULL argument.
- \return SSL_BAD_FILE returned if the certificate file is unable to open or
- if the a set of checks on the file fail from wolfSSL_SetTmpDH_file_wrapper.
- \return SSL_BAD_FILETYPE returned if the format is not PEM or ASN.1 from
- wolfSSL_SetTmpDH_buffer_wrapper().
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is less than
- the value of the minDhKeySz member of the WOLFSSL_CTX struct.
- \return DH_KEY_SIZE_E returned if the DH parameter's key size is greater
- than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
- \return SIDE_ERROR returned in wolfSSL_SetTmpDH() if the side is not the
- server end.
- \return SSL_NO_PEM_HEADER returned from PemToDer if there is no PEM header.
- \return SSL_FATAL_ERROR returned from PemToDer if there is a memory copy
- failure.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param fname a constant character pointer to a certificate file.
- \param format an integer type passed through from
- wolfSSL_SetTmpDH_file_wrapper() that is a representation of
- the certificate format.
- _Example_
- \code
- #define dhParam “certs/dh2048.pem”
- #DEFINE aSSERTiNTne(x, y) AssertInt(x, y, !=, ==)
- WOLFSSL_CTX* ctx;
- …
- AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))
- …
- AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParam,
- SSL_FILETYPE_PEM));
- \endcode
- \sa wolfSSL_SetTmpDH_buffer_wrapper
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_SetTmpDH_buffer
- \sa wolfSSL_CTX_SetTmpDH_buffer
- \sa wolfSSL_SetTmpDH_file_wrapper
- \sa AllocDer
- \sa PemToDer
- */
- int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* f,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function sets the minimum size (in bits) of the Diffie Hellman
- key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function completes successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz_bits is greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the minimum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
- _Example_
- \code
- public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey){
- …
- return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits);
- \endcode
- \sa wolfSSL_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetMaxDhKey_Sz
- \sa wolfSSL_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- \sa wolfSSL_CTX_SetTMpDH_file
- */
- int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum size (in bits) for a Diffie-Hellman key in the
- WOLFSSL structure.
- \return SSL_SUCCESS the minimum size was successfully set.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL or if the keySz_bits is
- greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the minimum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the minDhKeySz member.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- word16 keySz_bits;
- ...
- if(wolfSSL_SetMinDhKey_Sz(ssl, keySz_bits) != SSL_SUCCESS){
- // Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- */
- int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief This function sets the maximum size (in bits) of the Diffie Hellman
- key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function completes successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz_bits is greater than 16,000 or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz_bits a word16 type used to set the maximum DH key size in bits.
- The WOLFSSL_CTX struct holds this information in the maxDhKeySz member.
- _Example_
- \code
- public static int CTX_SetMaxDhKey_Sz(IntPtr ctx, short maxDhKey){
- …
- return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits);
- \endcode
- \sa wolfSSL_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- \sa wolfSSL_CTX_SetTMpDH_file
- */
- int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief Sets the maximum size (in bits) for a Diffie-Hellman key in the
- WOLFSSL structure.
- \return SSL_SUCCESS the maximum size was successfully set.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL or the keySz parameter
- was greater than the allowable size or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz a word16 type representing the bit size of the maximum DH key.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- word16 keySz;
- ...
- if(wolfSSL_SetMaxDhKey(ssl, keySz) != SSL_SUCCESS){
- // Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMaxDhKey_Sz
- \sa wolfSSL_GetDhKey_Sz
- */
- int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits);
- /*!
- \ingroup CertsKeys
- \brief Returns the value of dhKeySz (in bits) that is a member of the
- options structure. This value represents the Diffie-Hellman key size in
- bytes.
- \return dhKeySz returns the value held in ssl->options.dhKeySz which is an
- integer value representing a size in bits.
- \return BAD_FUNC_ARG returns if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int dhKeySz;
- ...
- dhKeySz = wolfSSL_GetDhKey_Sz(ssl);
- if(dhKeySz == BAD_FUNC_ARG || dhKeySz <= 0){
- // Failure case
- } else {
- // dhKeySz holds the size of the key.
- }
- \endcode
- \sa wolfSSL_SetMinDhKey_sz
- \sa wolfSSL_CTX_SetMinDhKey_Sz
- \sa wolfSSL_CTX_SetTmpDH
- \sa wolfSSL_SetTmpDH
- \sa wolfSSL_CTX_SetTmpDH_file
- */
- int wolfSSL_GetDhKey_Sz(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum RSA key size in both the WOLFSSL_CTX structure
- and the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the ctx structure is NULL or the keySz
- is less than zero or not divisible by 8.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param keySz a short integer type stored in minRsaKeySz in the ctx
- structure and the cm structure converted to bytes.
- _Example_
- \code
- WOLFSSL_CTX* ctx = SSL_CTX_new(method);
- (void)minDhKeyBits;
- ourCert = myoptarg;
- …
- minDhKeyBits = atoi(myoptarg);
- …
- if(wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
- …
- \endcode
- \sa wolfSSL_SetMinRsaKey_Sz
- */
- int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum allowable key size in bits for RSA located in the
- WOLFSSL structure.
- \return SSL_SUCCESS the minimum was set successfully.
- \return BAD_FUNC_ARG returned if the ssl structure is NULL or if the ksySz
- is less than zero or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz a short integer value representing the the minimum key in bits.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- short keySz;
- …
- int isSet = wolfSSL_SetMinRsaKey_Sz(ssl, keySz);
- if(isSet != SSL_SUCCESS){
- Failed to set.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinRsaKey_Sz
- */
- int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the minimum size in bits for the ECC key in the WOLF_CTX
- structure and the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned for a successful execution and the minEccKeySz
- member is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if
- the keySz is negative or not divisible by 8.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param keySz a short integer type that represents the minimum ECC key
- size in bits.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- short keySz; // minimum key size
- …
- if(wolfSSL_CTX_SetMinEccKey(ctx, keySz) != SSL_SUCCESS){
- // Failed to set min key size
- }
- \endcode
- \sa wolfSSL_SetMinEccKey_Sz
- */
- int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief Sets the value of the minEccKeySz member of the options structure.
- The options struct is a member of the WOLFSSL structure and is
- accessed through the ssl parameter.
- \return SSL_SUCCESS if the function successfully set the minEccKeySz
- member of the options structure.
- \return BAD_FUNC_ARG if the WOLFSSL_CTX structure is NULL or if the
- key size (keySz) is less than 0 (zero) or not divisible by 8.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param keySz value used to set the minimum ECC key size. Sets
- value in the options structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx); // New session
- short keySz = 999; // should be set to min key size allowable
- ...
- if(wolfSSL_SetMinEccKey_Sz(ssl, keySz) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CTX_SetMinEccKey_Sz
- \sa wolfSSL_CTX_SetMinRsaKey_Sz
- \sa wolfSSL_SetMinRsaKey_Sz
- */
- int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz);
- /*!
- \ingroup CertsKeys
- \brief This function is used by EAP_TLS and EAP-TTLS to derive
- keying material from the master secret.
- \return BUFFER_E returned if the actual size of the buffer exceeds
- the maximum size allowable.
- \return MEMORY_E returned if there is an error with memory allocation.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param msk a void pointer variable that will hold the result
- of the p_hash function.
- \param len an unsigned integer that represents the length of
- the msk variable.
- \param label a constant char pointer that is copied from in wc_PRF().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);;
- void* msk;
- unsigned int len;
- const char* label;
- …
- return wolfSSL_make_eap_keys(ssl, msk, len, label);
- \endcode
- \sa wc_PRF
- \sa wc_HmacFinal
- \sa wc_HmacUpdate
- */
- int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
- const char* label);
- /*!
- \ingroup IO
- \brief Simulates writev semantics but doesn’t actually do block at a time
- because of SSL_write() behavior and because front adds may be small.
- Makes porting into software that uses writev easier.
- \return >0 the number of bytes written upon success.
- \return 0 will be returned upon failure. Call wolfSSL_get_error() for
- the specific error code.
- \return MEMORY_ERROR will be returned if a memory error was encountered.
- \return SSL_FATAL_ERROR will be returned upon failure when either an error
- occurred or, when using non-blocking sockets, the SSL_ERROR_WANT_READ or
- SSL_ERROR_WANT_WRITE error was received and and the application needs to
- call wolfSSL_write() again. Use wolfSSL_get_error() to get a specific
- error code.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param iov array of I/O vectors to write
- \param iovcnt number of vectors in iov array.
- _Example_
- \code
- WOLFSSL* ssl = 0;
- char *bufA = “hello\n”;
- char *bufB = “hello world\n”;
- int iovcnt;
- struct iovec iov[2];
- iov[0].iov_base = buffA;
- iov[0].iov_len = strlen(buffA);
- iov[1].iov_base = buffB;
- iov[1].iov_len = strlen(buffB);
- iovcnt = 2;
- ...
- ret = wolfSSL_writev(ssl, iov, iovcnt);
- // wrote “ret” bytes, or error if <= 0.
- \endcode
- \sa wolfSSL_write
- */
- int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
- int iovcnt);
- /*!
- \ingroup Setup
- \brief This function unloads the CA signer list and frees
- the whole signer table.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
- are otherwise unpermitted argument values passed in a subroutine.
- \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
- did not return 0.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
- // The function did not unload CAs
- }
- \endcode
- \sa wolfSSL_CertManagerUnloadCAs
- \sa LockMutex
- \sa UnlockMutex
- */
- int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function unloads intermediate certificates added to the CA
- signer list and frees them.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
- are otherwise unpermitted argument values passed in a subroutine.
- \return BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
- \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
- did not return 0.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
- …
- if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
- // The function did not unload CAs
- }
- \endcode
- \sa wolfSSL_CTX_UnloadCAs
- \sa wolfSSL_CertManagerUnloadIntermediateCerts
- */
- int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is used to unload all previously loaded trusted peer
- certificates. Feature is enabled by defining the macro
- WOLFSSL_TRUST_PEER_CERT.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if ctx is NULL.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_Unload_trust_peers(ctx);
- if (ret != SSL_SUCCESS) {
- // error unloading trusted peer certs
- }
- ...
- \endcode
- \sa wolfSSL_CTX_trust_peer_buffer
- \sa wolfSSL_CTX_trust_peer_cert
- */
- int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function loads a certificate to use for verifying a peer
- when performing a TLS/SSL handshake. The peer certificate sent during
- the handshake is compared by using the SKID when available and the
- signature. If these two things do not match then any loaded CAs are used.
- Is the same functionality as wolfSSL_CTX_trust_peer_cert except is from
- a buffer instead of a file. Feature is enabled by defining the macro
- WOLFSSL_TRUST_PEER_CERT Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_FAILURE will be returned if ctx is NULL, or if both file and
- type are invalid.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param buffer pointer to the buffer containing certificates.
- \param sz length of the buffer input.
- \param type type of certificate being loaded i.e. SSL_FILETYPE_ASN1 or
- SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_trust_peer_buffer(ctx, bufferPtr, bufferSz,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading trusted peer cert
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_file
- \sa wolfSSL_CTX_use_PrivateKey_file
- \sa wolfSSL_CTX_use_certificate_chain_file
- \sa wolfSSL_CTX_trust_peer_cert
- \sa wolfSSL_CTX_Unload_trust_peers
- \sa wolfSSL_use_certificate_file
- \sa wolfSSL_use_PrivateKey_file
- \sa wolfSSL_use_certificate_chain_file
- */
- int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- ...
- ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. The _ex version was added in PR 2413 and supports
- additional arguments for userChain and flags.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- \param userChain If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero
- indicates a chain of DER's is being presented.
- \param flags: See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- ...
- // Example for force loading an expired certificate
- ret = wolfSSL_CTX_load_verify_buffer_ex(ctx, certBuff, sz, SSL_FILETYPE_PEM,
- 0, (WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format, int userChain, word32 flags);
- /*!
- \ingroup CertsKeys
- \brief This function loads a CA certificate chain buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. format specifies
- the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- More than one CA certificate may be loaded per buffer as long as the
- format is in PEM. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in pointer to the CA certificate buffer.
- \param sz size of the input CA certificate buffer, in.
- \param format format of the buffer certificate, either SSL_FILETYPE_ASN1
- or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- ...
- ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
- certBuff, sz, WOLFSSL_FILETYPE_ASN1);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
- const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate buffer into the WOLFSSL Context.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
- see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the certificate to be loaded.
- \param sz the size of the input buffer.
- \param format the format of the certificate located in the input
- buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte certBuff[...];
- ...
- ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading certificate from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key buffer into the SSL Context.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format type
- of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the
- examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return NO_PASSWORD will be returned if the key file is encrypted but no
- password is provided.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the private key to be loaded.
- \param sz the size of the input buffer.
- \param format the format of the private key located in the input
- buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte keyBuff[...];
- ...
- ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // error loading private key from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz,
- int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate chain buffer into the WOLFSSL
- Context. It behaves like the non-buffered version, only differing in
- its ability to be called with a buffer as input instead of a file.
- The buffer is provided by the in argument of size sz. The buffer must
- be in PEM format and start with the subject’s certificate, ending with
- the root certificate. Please see the examples for proper usage.
- \return SSL_SUCCESS upon success
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param in the input buffer containing the PEM-formatted certificate
- chain to be loaded.
- \param sz the size of the input buffer.
- _Example_
- \code
- int ret = 0;
- int sz = 0;
- WOLFSSL_CTX* ctx;
- byte certChainBuff[...];
- ...
- ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
- if (ret != SSL_SUCCESS) {
- // error loading certificate chain from buffer
- }
- ...
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
- const unsigned char* in, long sz);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate buffer into the WOLFSSL object.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer
- is provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- Please see the examples for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
- be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing certificate to load.
- \param sz size of the certificate located in buffer.
- \param format format of the certificate to be loaded.
- Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int buffSz;
- int ret;
- byte certBuff[...];
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // failed to load certificate from buffer
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a private key buffer into the WOLFSSL object.
- It behaves like the non-buffered version, only differing in its ability
- to be called with a buffer as input instead of a file. The buffer is
- provided by the in argument of size sz. format specifies the format
- type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please
- see the examples for proper usage.
- \return SSL_SUCCESS upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return NO_PASSWORD will be returned if the key file is encrypted but no
- password is provided.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing private key to load.
- \param sz size of the private key located in buffer.
- \param format format of the private key to be loaded. Possible values are
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int buffSz;
- int ret;
- byte keyBuff[...];
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- // failed to load private key from buffer
- }
- \endcode
- \sa wolfSSL_use_PrivateKey
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_certificate_chain_buffer
- */
- int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
- long sz, int format);
- /*!
- \ingroup CertsKeys
- \brief This function loads a certificate chain buffer into the WOLFSSL
- object. It behaves like the non-buffered version, only differing in its
- ability to be called with a buffer as input instead of a file. The buffer
- is provided by the in argument of size sz. The buffer must be in PEM format
- and start with the subject’s certificate, ending with the root certificate.
- Please see the examples for proper usage.
- \return SSL_SUCCES upon success.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BUFFER_E will be returned if a chain buffer is bigger than
- the receiving buffer.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- \param in buffer containing certificate to load.
- \param sz size of the certificate located in buffer.
- _Example_
- \code
- int buffSz;
- int ret;
- byte certChainBuff[...];
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
- if (ret != SSL_SUCCESS) {
- // failed to load certificate chain from buffer
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa wolfSSL_CTX_use_certificate_buffer
- \sa wolfSSL_CTX_use_PrivateKey_buffer
- \sa wolfSSL_CTX_use_certificate_chain_buffer
- \sa wolfSSL_use_certificate_buffer
- \sa wolfSSL_use_PrivateKey_buffer
- */
- int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
- const unsigned char* in, long sz);
- /*!
- \ingroup CertsKeys
- \brief This function unloads any certificates or keys that SSL owns.
- \return SSL_SUCCESS - returned if the function executed successfully.
- \return BAD_FUNC_ARG - returned if the WOLFSSL object is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- int unloadKeys = wolfSSL_UnloadCertsKeys(ssl);
- if(unloadKeys != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CTX_UnloadCAs
- */
- int wolfSSL_UnloadCertsKeys(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function turns on grouping of handshake messages where possible.
- \return SSL_SUCCESS will be returned upon success.
- \return BAD_FUNC_ARG will be returned if the input context is null.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- ret = wolfSSL_CTX_set_group_messages(ctx);
- if (ret != SSL_SUCCESS) {
- // failed to set handshake message grouping
- }
- \endcode
- \sa wolfSSL_set_group_messages
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
- /*!
- \ingroup Setup
- \brief This function turns on grouping of handshake messages where possible.
- \return SSL_SUCCESS will be returned upon success.
- \return BAD_FUNC_ARG will be returned if the input context is null.
- \param ssl pointer to the SSL session, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = 0;
- ...
- ret = wolfSSL_set_group_messages(ssl);
- if (ret != SSL_SUCCESS) {
- // failed to set handshake message grouping
- }
- \endcode
- \sa wolfSSL_CTX_set_group_messages
- \sa wolfSSL_new
- */
- int wolfSSL_set_group_messages(WOLFSSL*);
- /*!
- \brief This function sets the fuzzer callback.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cbf a CallbackFuzzer type that is a function pointer of the form:
- int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, int
- type, void* fuzzCtx);
- \param fCtx a void pointer type that will be set to the fuzzerCtx member of
- the WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- void* fCtx;
- int callbackFuzzerCB(WOLFSSL* ssl, const unsigned char* buf, int sz,
- int type, void* fuzzCtx){
- // function definition
- }
- …
- wolfSSL_SetFuzzerCb(ssl, callbackFuzzerCB, fCtx);
- \endcode
- \sa CallbackFuzzer
- */
- void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
- /*!
- \brief This function sets a new dtls cookie secret.
- \return 0 returned if the function executed without an error.
- \return BAD_FUNC_ARG returned if there was an argument passed
- to the function with an unacceptable value.
- \return COOKIE_SECRET_SZ returned if the secret size is 0.
- \return MEMORY_ERROR returned if there was a problem allocating
- memory for a new cookie secret.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param secret a constant byte pointer representing the secret buffer.
- \param secretSz the size of the buffer.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const* byte secret;
- word32 secretSz; // size of secret
- …
- if(!wolfSSL_DTLS_SetCookieSecret(ssl, secret, secretSz)){
- // Code block for failure to set DTLS cookie secret
- } else {
- // Success! Cookie secret is set.
- }
- \endcode
- \sa ForceZero
- \sa wc_RNG_GenerateBlock
- */
- int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
- const unsigned char* secret,
- unsigned int secretSz);
- /*!
- \brief This function retrieves the random number.
- \return rng upon success.
- \return NULL if ssl is NULL.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- wolfSSL_GetRNG(ssl);
- \endcode
- \sa wolfSSL_CTX_new_rng
- */
- WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the minimum downgrade version allowed.
- Applicable only when the connection allows downgrade using
- (wolfSSLv23_client_method or wolfSSLv23_server_method).
- \return SSL_SUCCESS returned if the function returned without
- error and the minimum version is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure was
- NULL or if the minimum version is not supported.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param version an integer representation of the version to be set as the
- minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
- WOLFSSL_TLSV1_2 = 3.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- int version; // macrop representation
- …
- if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
- // Failed to set min version
- }
- \endcode
- \sa SetMinVersionHelper
- */
- int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
- /*!
- \ingroup TLS
- \brief This function sets the minimum downgrade version allowed.
- Applicable only when the connection allows downgrade using
- (wolfSSLv23_client_method or wolfSSLv23_server_method).
- \return SSL_SUCCESS returned if this function and its subroutine executes
- without error.
- \return BAD_FUNC_ARG returned if the SSL object is NULL. In
- the subroutine this error is thrown if there is not a good version match.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param version an integer representation of the version to be set as the
- minimum: WOLFSSL_SSLV3 = 0, WOLFSSL_TLSV1 = 1, WOLFSSL_TLSV1_1 = 2 or
- WOLFSSL_TLSV1_2 = 3.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol method);
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- int version; macro representation
- …
- if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){
- Failed to set min version
- }
- \endcode
- \sa SetMinVersionHelper
- */
- int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
- /*!
- \brief This function returns the size of the WOLFSSL object and will be
- dependent on build options and settings. If SHOW_SIZES has been defined
- when building wolfSSL, this function will also print the sizes of individual
- objects within the WOLFSSL object (Suites, Ciphers, etc.) to stdout.
- \return size This function returns the size of the WOLFSSL object.
- \param none No parameters.
- _Example_
- \code
- int size = 0;
- size = wolfSSL_GetObjectSize();
- printf(“sizeof(WOLFSSL) = %d\n”, size);
- \endcode
- \sa wolfSSL_new
- */
- int wolfSSL_GetObjectSize(void); /* object size based on build */
- /*!
- \brief Returns the record layer size of the plaintext input. This is helpful
- when an application wants to know how many bytes will be sent across the
- Transport layer, given a specified plaintext input size. This function
- must be called after the SSL/TLS handshake has been completed.
- \return size Upon success, the requested size will be returned
- \return INPUT_SIZE_E will be returned if the input size is greater than the
- maximum TLS fragment size (see wolfSSL_GetMaxOutputSize())
- \return BAD_FUNC_ARG will be returned upon invalid function argument, or if
- the SSL/TLS handshake has not been completed yet
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param inSz size of plaintext data.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetMaxOutputSize
- */
- int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz);
- /*!
- \brief Returns the maximum record layer size for plaintext data. This
- will correspond to either the maximum SSL/TLS record size as specified
- by the protocol standard, the maximum TLS fragment size as set by the
- TLS Max Fragment Length extension. This function is helpful when the
- application has called wolfSSL_GetOutputSize() and received a INPUT_SIZE_E
- error. This function must be called after the SSL/TLS handshake has been
- completed.
- \return size Upon success, the maximum output size will be returned
- \return BAD_FUNC_ARG will be returned upon invalid function argument,
- or if the SSL/TLS handshake has not been completed yet.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetOutputSize
- */
- int wolfSSL_GetMaxOutputSize(WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function sets the SSL/TLS protocol version for the specified
- SSL session (WOLFSSL object) using the version as specified by version.
- This will override the protocol setting for the SSL session (ssl) -
- originally defined and set by the SSL context (wolfSSL_CTX_new())
- method type.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG will be returned if the input SSL object is
- NULL or an incorrect protocol version is given for version.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param version SSL/TLS protocol version. Possible values include
- WOLFSSL_SSLV3, WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2.
- _Example_
- \code
- int ret = 0;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1);
- if (ret != SSL_SUCCESS) {
- // failed to set SSL session protocol version
- }
- \endcode
- \sa wolfSSL_CTX_new
- */
- int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Mac/Encrypt Callback. The callback should return 0 for success
- or < 0 for an error. The ssl and ctx pointers are available
- for the user’s convenience. macOut is the output buffer where
- the result of the mac should be stored. macIn is the mac input
- buffer and macInSz notes the size of the buffer. macContent
- and macVerify are needed for wolfSSL_SetTlsHmacInner() and be
- passed along as is. encOut is the output buffer where the result
- on the encryption should be stored. encIn is the input buffer to
- encrypt while encSz is the size of the input. An example callback
- can be found wolfssl/test.h myMacEncryptCb().
- \return none No return.
- \param No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetMacEncryptCtx
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb);
- /*!
- \brief Allows caller to set the Atomic User Record Processing Mac/Encrypt
- Callback Context to ctx.
- \return none No return.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetMacEncryptCb
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Atomic User Record Processing
- Mac/Encrypt Callback Context previously stored with
- wolfSSL_SetMacEncryptCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetMacEncryptCb
- \sa wolfSSL_SetMacEncryptCtx
- */
- void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Decrypt/Verify Callback. The callback should return 0 for success
- or < 0 for an error. The ssl and ctx pointers are available for
- the user’s convenience. decOut is the output buffer where the result
- of the decryption should be stored. decIn is the encrypted input
- buffer and decInSz notes the size of the buffer. content and verify
- are needed for wolfSSL_SetTlsHmacInner() and be passed along as is.
- padSz is an output variable that should be set with the total value
- of the padding. That is, the mac size plus any padding and pad bytes.
- An example callback can be found wolfssl/test.h myDecryptVerifyCb().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetMacEncryptCtx
- \sa wolfSSL_GetMacEncryptCtx
- */
- void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx,
- CallbackDecryptVerify cb);
- /*!
- \brief Allows caller to set the Atomic User Record Processing
- Decrypt/Verify Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetDecryptVerifyCb
- \sa wolfSSL_GetDecryptVerifyCtx
- */
- void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Atomic User Record Processing
- Decrypt/Verify Callback Context previously stored with
- wolfSSL_SetDecryptVerifyCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetDecryptVerifyCb
- \sa wolfSSL_SetDecryptVerifyCtx
- */
- void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows retrieval of the Hmac/Mac secret from the handshake process.
- The verify parameter specifies whether this is for verification of a
- peer message.
- \return pointer If successful the call will return a valid pointer to the
- secret. The size of the secret can be obtained from wolfSSL_GetHmacSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param verify specifies whether this is for verification of a peer message.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetHmacSize
- */
- const unsigned char* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify);
- /*!
- \brief Allows retrieval of the client write key from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- key. The size of the key can be obtained from wolfSSL_GetKeySize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetClientWriteIV
- */
- const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
- /*!
- \brief Allows retrieval of the client write IV (initialization vector)
- from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetCipherBlockSize()
- \sa wolfSSL_GetClientWriteKey()
- */
- const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
- /*!
- \brief Allows retrieval of the server write key from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- key. The size of the key can be obtained from wolfSSL_GetKeySize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetServerWriteIV
- */
- const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
- /*!
- \brief Allows retrieval of the server write IV (initialization vector)
- from the handshake process.
- \return pointer If successful the call will return a valid pointer to the
- IV. The size of the IV can be obtained from wolfSSL_GetCipherBlockSize().
- \return NULL will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \sa wolfSSL_GetCipherBlockSize
- \sa wolfSSL_GetClientWriteKey
- */
- const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
- /*!
- \brief Allows retrieval of the key size from the handshake process.
- \return size If successful the call will return the key size in bytes.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetClientWriteKey
- \sa wolfSSL_GetServerWriteKey
- */
- int wolfSSL_GetKeySize(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Returns the iv_size member of the specs structure
- held in the WOLFSSL struct.
- \return iv_size returns the value held in ssl->specs.iv_size.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int ivSize;
- ...
- ivSize = wolfSSL_GetIVSize(ssl);
- if(ivSize > 0){
- // ivSize holds the specs.iv_size value.
- }
- \endcode
- \sa wolfSSL_GetKeySize
- \sa wolfSSL_GetClientWriteIV
- \sa wolfSSL_GetServerWriteIV
- */
- int wolfSSL_GetIVSize(WOLFSSL*);
- /*!
- \brief Allows retrieval of the side of this WOLFSSL connection.
- \return success If successful the call will return either
- WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END depending on the
- side of WOLFSSL object.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetClientWriteKey
- \sa wolfSSL_GetServerWriteKey
- */
- int wolfSSL_GetSide(WOLFSSL*);
- /*!
- \brief Allows caller to determine if the negotiated protocol version
- is at least TLS version 1.1 or greater.
- \return true/false If successful the call will return 1 for true or
- 0 for false.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetSide
- */
- int wolfSSL_IsTLSv1_1(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated bulk cipher algorithm
- from the handshake.
- \return If successful the call will return one of the following:
- wolfssl_cipher_null, wolfssl_des, wolfssl_triple_des, wolfssl_aes,
- wolfssl_aes_gcm, wolfssl_aes_ccm, wolfssl_camellia.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetCipherBlockSize
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetBulkCipher(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated cipher block size from
- the handshake.
- \return size If successful the call will return the size in bytes of the
- cipher block size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetCipherBlockSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated aead mac size from the
- handshake. For cipher type WOLFSSL_AEAD_TYPE.
- \return size If successful the call will return the size in bytes of the
- aead mac size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetKeySize
- */
- int wolfSSL_GetAeadMacSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated (h)mac size from the
- handshake. For cipher types except WOLFSSL_AEAD_TYPE.
- \return size If successful the call will return the size in bytes of
- the (h)mac size.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_GetHmacSize(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated (h)mac type from the
- handshake. For cipher types except WOLFSSL_AEAD_TYPE.
- \return If successful the call will return one of the following:
- MD5, SHA, SHA256, SHA384.
- \return BAD_FUNC_ARG may be returned for an error state.
- \return SSL_FATAL_ERROR may also be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacSize
- */
- int wolfSSL_GetHmacType(WOLFSSL*);
- /*!
- \brief Allows caller to determine the negotiated cipher type
- from the handshake.
- \return If successful the call will return one of the following:
- WOLFSSL_BLOCK_TYPE, WOLFSSL_STREAM_TYPE, WOLFSSL_AEAD_TYPE.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_GetCipherType(WOLFSSL*);
- /*!
- \brief Allows caller to set the Hmac Inner vector for message
- sending/receiving. The result is written to inner which should
- be at least wolfSSL_GetHmacSize() bytes. The size of the message
- is specified by sz, content is the type of message, and verify
- specifies whether this is a verification of a peer message. Valid
- for cipher types excluding WOLFSSL_AEAD_TYPE.
- \return 1 upon success.
- \return BAD_FUNC_ARG will be returned for an error state.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_GetBulkCipher
- \sa wolfSSL_GetHmacType
- */
- int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner,
- word32 sz, int content, int verify);
- /*!
- \brief Allows caller to set the Public Key Callback for ECC Signing.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to sign while inSz denotes the length of the input.
- out is the output buffer where the result of the signature should be stored.
- outSz is an input/output variable that specifies the size of the output
- buffer upon invocation and the actual size of the signature should be stored
- there before returning. keyDer is the ECC Private key in ASN1 format and
- keySz is the length of the key in bytes. An example callback can be found
- wolfssl/test.h myEccSign().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetEccSignCtx
- \sa wolfSSL_GetEccSignCtx
- */
- void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb);
- /*!
- \brief Allows caller to set the Public Key Ecc Signing Callback
- Context to ctx.
- \return none No returns.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_GetEccSignCtx
- */
- void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Signing Callback
- Context previously stored with wolfSSL_SetEccSignCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param ssl a pointer to a WOLFSSL object, created using wolfSSL_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_SetEccSignCtx
- */
- void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Ecc Signing Callback
- Context to ctx.
- \return none No returns.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param ctx a pointer to the user context to be stored
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_CTX_GetEccSignCtx
- */
- void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Signing Callback
- Context previously stored with wolfSSL_SetEccSignCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccSignCb
- \sa wolfSSL_CTX_SetEccSignCtx
- */
- void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx);
- /*!
- \brief Allows caller to set the Public Key Callback for ECC Verification.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- sig is the signature to verify and sigSz denotes the length of the
- signature. hash is an input buffer containing the digest of the message
- and hashSz denotes the length in bytes of the hash. result is an output
- variable where the result of the verification should be stored, 1 for
- success and 0 for failure. keyDer is the ECC Private key in ASN1
- format and keySz is the length of the key in bytes. An example
- callback can be found wolfssl/test.h myEccVerify().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetEccVerifyCtx
- \sa wolfSSL_GetEccVerifyCtx
- */
- void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb);
- /*!
- \brief Allows caller to set the Public Key Ecc Verification Callback
- Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccVerifyCb
- \sa wolfSSL_GetEccVerifyCtx
- */
- void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key Ecc Verification Callback
- Context previously stored with wolfSSL_SetEccVerifyCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetEccVerifyCb
- \sa wolfSSL_SetEccVerifyCtx
- */
- void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Signing.
- The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to sign while inSz denotes the length of the input.
- out is the output buffer where the result of the signature should be stored.
- outSz is an input/output variable that specifies the size of the output
- buffer upon invocation and the actual size of the signature should be
- stored there before returning. keyDer is the RSA Private key in ASN1 format
- and keySz is the length of the key in bytes. An example callback can be
- found wolfssl/test.h myRsaSign().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaSignCtx
- \sa wolfSSL_GetRsaSignCtx
- */
- void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb);
- /*!
- \brief Allows caller to set the Public Key RSA Signing Callback Context
- to ctx.
- \return none No Returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaSignCb
- \sa wolfSSL_GetRsaSignCtx
- */
- void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Signing Callback
- Context previously stored with wolfSSL_SetRsaSignCtx().
- \return pointer If successful the call will return a valid pointer to the
- context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaSignCb
- \sa wolfSSL_SetRsaSignCtx
- */
- void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Verification.
- The callback should return the number of plaintext bytes for success or
- < 0 for an error. The ssl and ctx pointers are available for the user’s
- convenience. sig is the signature to verify and sigSz denotes the length
- of the signature. out should be set to the beginning of the verification
- buffer after the decryption process and any padding. keyDer is the RSA
- Public key in ASN1 format and keySz is the length of the key in bytes.
- An example callback can be found wolfssl/test.h myRsaVerify().
- \return none No returns.
- \param none No parameters.
- \sa wolfSSL_SetRsaVerifyCtx
- \sa wolfSSL_GetRsaVerifyCtx
- */
- void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb);
- /*!
- \brief Allows caller to set the Public Key RSA Verification Callback
- Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaVerifyCb
- \sa wolfSSL_GetRsaVerifyCtx
- */
- void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Verification Callback
- Context previously stored with wolfSSL_SetRsaVerifyCtx().
- \return pointer If successful the call will return a valid pointer to
- the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaVerifyCb
- \sa wolfSSL_SetRsaVerifyCtx
- */
- void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Public
- Encrypt. The callback should return 0 for success or < 0 for an error.
- The ssl and ctx pointers are available for the user’s convenience.
- in is the input buffer to encrypt while inSz denotes the length of
- the input. out is the output buffer where the result of the encryption
- should be stored. outSz is an input/output variable that specifies
- the size of the output buffer upon invocation and the actual size of
- the encryption should be stored there before returning. keyDer is the
- RSA Public key in ASN1 format and keySz is the length of the key in
- bytes. An example callback can be found wolfssl/test.h myRsaEnc().
- \return none No returns.
- \param none No parameters.
- _Examples_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaEncCtx
- \sa wolfSSL_GetRsaEncCtx
- */
- void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb);
- /*!
- \brief Allows caller to set the Public Key RSA Public Encrypt
- Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaEncCb
- \sa wolfSSL_GetRsaEncCtx
- */
- void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Public Encrypt
- Callback Context previously stored with wolfSSL_SetRsaEncCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaEncCb
- \sa wolfSSL_SetRsaEncCtx
- */
- void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
- /*!
- \brief Allows caller to set the Public Key Callback for RSA Private
- Decrypt. The callback should return the number of plaintext bytes
- for success or < 0 for an error. The ssl and ctx pointers are available
- for the user’s convenience. in is the input buffer to decrypt and inSz
- denotes the length of the input. out should be set to the beginning
- of the decryption buffer after the decryption process and any padding.
- keyDer is the RSA Private key in ASN1 format and keySz is the length
- of the key in bytes. An example callback can be found
- wolfssl/test.h myRsaDec().
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_SetRsaDecCtx
- \sa wolfSSL_GetRsaDecCtx
- */
- void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb);
- /*!
- \brief Allows caller to set the Public Key RSA Private Decrypt
- Callback Context to ctx.
- \return none No returns.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaDecCb
- \sa wolfSSL_GetRsaDecCtx
- */
- void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
- /*!
- \brief Allows caller to retrieve the Public Key RSA Private Decrypt
- Callback Context previously stored with wolfSSL_SetRsaDecCtx().
- \return pointer If successful the call will return a valid pointer
- to the context.
- \return NULL will be returned for a blank context.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_SetRsaDecCb
- \sa wolfSSL_SetRsaDecCtx
- */
- void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
- /*!
- \brief This function registers a callback with the SSL context
- (WOLFSSL_CTX) to be called when a new CA certificate is loaded
- into wolfSSL. The callback is given a buffer with the DER-encoded
- certificate.
- \return none No return.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param callback function to be registered as the CA callback for the
- wolfSSL context, ctx. The signature of this function must follow that
- as shown above in the Synopsis section.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- // CA callback prototype
- int MyCACallback(unsigned char *der, int sz, int type);
- // Register the custom CA callback with the SSL context
- wolfSSL_CTX_SetCACb(ctx, MyCACallback);
- int MyCACallback(unsigned char* der, int sz, int type)
- {
- // custom CA callback function, DER-encoded cert
- // located in “der” of size “sz” with type “type”
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_locations
- */
- void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb);
- /*!
- \ingroup CertManager
- \brief Allocates and initializes a new Certificate Manager context.
- This context may be used independent of SSL needs. It may be used to
- load certificates, verify certificates, and check the revocation status.
- \return WOLFSSL_CERT_MANAGER If successful the call will return a valid
- WOLFSSL_CERT_MANAGER pointer.
- \return NULL will be returned for an error state.
- \param none No parameters.
- \sa wolfSSL_CertManagerFree
- */
- WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
- /*!
- \ingroup CertManager
- \brief Allocates and initializes a new Certificate Manager context.
- This context may be used independent of SSL needs. It may be used to
- load certificates, verify certificates, and check the revocation status.
- \return WOLFSSL_CERT_MANAGER If successful the call will return a
- valid WOLFSSL_CERT_MANAGER pointer.
- \return NULL will be returned for an error state.
- \param none No parameters.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- // error creating new cert manager
- }
- \endcode
- \sa wolfSSL_CertManagerFree
- */
- WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
- /*!
- \ingroup CertManager
- \brief Frees all resources associated with the Certificate Manager
- context. Call this when you no longer need to use the Certificate Manager.
- \return none
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- ...
- wolfSSL_CertManagerFree(cm);
- \endcode
- \sa wolfSSL_CertManagerNew
- */
- void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief Specifies the locations for CA certificate loading into the
- manager context. The PEM certificate CAfile may contain several
- trusted CA certificates. If CApath is not NULL it specifies a
- directory containing CA certificates in PEM format.
- \return SSL_SUCCESS If successful the call will return.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist,
- can’t be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a
- pointer is not provided.
- \return SSL_FATAL_ERROR - will be returned upon failure.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created
- using wolfSSL_CertManagerNew().
- \param file pointer to the name of the file containing CA
- certificates to load.
- \param path pointer to the name of a directory path containing CA c
- ertificates to load. The NULL pointer may be used if no
- certificate directory is desired.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerLoadCA(cm, “path/to/cert-file.pem”, 0);
- if (ret != SSL_SUCCESS) {
- // error loading CA certs into cert manager
- }
- \endcode
- \sa wolfSSL_CertManagerVerify
- */
- int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f,
- const char* d);
- /*!
- \ingroup CertManager
- \brief Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and
- returning that result using a temporary cm so as not to lose the information
- in the cm passed into the function.
- \return SSL_FATAL_ERROR is returned if the WOLFSSL_CERT_MANAGER struct is
- NULL or if wolfSSL_CTX_new() returns NULL.
- \return SSL_SUCCESS is returned for a successful execution.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param in buffer for cert information.
- \param sz length of the buffer.
- \param format certificate format, either PEM or DER.
- _Example_
- \code
- WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
- …
- const unsigned char* in;
- long sz;
- int format;
- …
- if(wolfSSL_CertManagerLoadCABuffer(vp, sz, format) != SSL_SUCCESS){
- Error returned. Failure case code block.
- }
- \endcode
- \sa wolfSSL_CTX_load_verify_buffer
- \sa ProcessChainBuffer
- \sa ProcessBuffer
- \sa cm_pick_method
- */
- int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* in, long sz, int format);
- /*!
- \ingroup CertManager
- \brief This function unloads the CA signer list.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E returned if there was a mutex error.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
- created using wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
- ...
- if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa UnlockMutex
- */
- int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief This function unloads intermediate certificates add to the CA
- signer list.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E returned if there was a mutex error.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
- created using wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
- ...
- if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa UnlockMutex
- */
- int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief The function will free the Trusted Peer linked list and unlocks
- the trusted peer list.
- \return SSL_SUCCESS if the function completed normally.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
- \return BAD_MUTEX_E mutex error if tpLock, a member of the
- WOLFSSL_CERT_MANAGER struct, is 0 (nill).
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- ...
- if(wolfSSL_CertManagerUnload_trust_peers(cm) != SSL_SUCCESS){
- The function did not execute successfully.
- }
- \endcode
- \sa UnLockMutex
- */
- int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief Specifies the certificate to verify with the Certificate Manager
- context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
- \return SSL_SUCCESS If successful.
- \return ASN_SIG_CONFIRM_E will be returned if the signature could not be
- verified.
- \return ASN_SIG_OID_E will be returned if the signature type is not
- supported.
- \return CRL_CERT_REVOKED is an error that is returned if this certificate
- has been revoked.
- \return CRL_MISSING is an error that is returned if a current issuer CRL is
- not available.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before the
- before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after the
- after date.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be
- read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer is
- not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param fname pointer to the name of the file containing the certificates
- to verify.
- \param format format of the certificate to verify - either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerVerify(cm, “path/to/cert-file.pem”,
- SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- error verifying certificate
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCA
- \sa wolfSSL_CertManagerVerifyBuffer
- */
- int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* f,
- int format);
- /*!
- \ingroup CertManager
- \brief Specifies the certificate buffer to verify with the Certificate
- Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
- \return SSL_SUCCESS If successful.
- \return ASN_SIG_CONFIRM_E will be returned if the signature could not
- be verified.
- \return ASN_SIG_OID_E will be returned if the signature type is not
- supported.
- \return CRL_CERT_REVOKED is an error that is returned if this certificate
- has been revoked.
- \return CRL_MISSING is an error that is returned if a current issuer CRL
- is not available.
- \return ASN_BEFORE_DATE_E will be returned if the current date is before
- the before date.
- \return ASN_AFTER_DATE_E will be returned if the current date is after
- the after date.
- \return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
- \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t
- be read, or is corrupted.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer
- is not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param buff buffer containing the certificates to verify.
- \param sz size of the buffer, buf.
- \param format format of the certificate to verify, located in buf - either
- SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- int sz = 0;
- WOLFSSL_CERT_MANAGER* cm;
- byte certBuff[...];
- ...
- ret = wolfSSL_CertManagerVerifyBuffer(cm, certBuff, sz, SSL_FILETYPE_PEM);
- if (ret != SSL_SUCCESS) {
- error verifying certificate
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCA
- \sa wolfSSL_CertManagerVerify
- */
- int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* buff, long sz, int format);
- /*!
- \ingroup CertManager
- \brief The function sets the verifyCallback function in the Certificate
- Manager. If present, it will be called for each cert loaded. If there is
- a verification error, the verify callback can be used to over-ride the
- error.
- \return none No return.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param vc a VerifyCallback function pointer to the callback routine
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
- { // do custom verification of certificate }
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- ...
- wolfSSL_CertManagerSetVerify(cm, myVerify);
- \endcode
- \sa wolfSSL_CertManagerVerify
- */
- void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
- VerifyCallback vc);
- /*!
- \brief Check CRL if the option is enabled and compares the cert to the
- CRL list.
- \return SSL_SUCCESS returns if the function returned as expected. If
- the crlEnabled member of the WOLFSSL_CERT_MANAGER struct is turned on.
- \return MEMORY_E returns if the allocated memory failed.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER struct.
- \param der pointer to a DER formatted certificate.
- \param sz size of the certificate.
- _Example_
- \code
- WOLFSSL_CERT_MANAGER* cm;
- byte* der;
- int sz; // size of der
- ...
- if(wolfSSL_CertManagerCheckCRL(cm, der, sz) != SSL_SUCCESS){
- // Error returned. Deal with failure case.
- }
- \endcode
- \sa CheckCertCRL
- \sa ParseCertRelative
- \sa wolfSSL_CertManagerSetCRL_CB
- \sa InitDecodedCert
- */
- int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
- unsigned char* der, int sz);
- /*!
- \ingroup CertManager
- \brief Turns on Certificate Revocation List checking when verifying
- certificates with the Certificate Manager. By default, CRL checking
- is off. options include WOLFSSL_CRL_CHECKALL which performs CRL
- checking on each certificate in the chain versus the Leaf certificate
- only which is the default.
- \return SSL_SUCCESS If successful the call will return.
- \return NOT_COMPILED_IN will be returned if wolfSSL was not built with
- CRL enabled.
- \return MEMORY_E will be returned if an out of memory condition occurs.
- \return BAD_FUNC_ARG is the error that will be returned if a pointer
- is not provided.
- \return SSL_FAILURE will be returned if the CRL context cannot be
- initialized properly.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param options options to use when enabling the Certification Manager, cm.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerEnableCRL(cm, 0);
- if (ret != SSL_SUCCESS) {
- error enabling cert manager
- }
- ...
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- */
- int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
- int options);
- /*!
- \ingroup CertManager
- \brief Turns off Certificate Revocation List checking when verifying
- certificates with the Certificate Manager. By default, CRL checking is
- off. You can use this function to temporarily or permanently disable CRL
- checking with this Certificate Manager context that previously had CRL
- checking enabled.
- \return SSL_SUCCESS If successful the call will return.
- \return BAD_FUNC_ARG is the error that will be returned if a function
- pointer is not provided.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int ret = 0;
- WOLFSSL_CERT_MANAGER* cm;
- ...
- ret = wolfSSL_CertManagerDisableCRL(cm);
- if (ret != SSL_SUCCESS) {
- error disabling cert manager
- }
- ...
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- */
- int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief Error checks and passes through to LoadCRL() in order to load the
- cert into the CRL for revocation checking. An updated CRL can be loaded by
- first calling wolfSSL_CertManagerFreeCRL, then loading the new CRL.
- \return SSL_SUCCESS if there is no error in wolfSSL_CertManagerLoadCRL and
- if LoadCRL returns successfully.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER struct is NULL.
- \return SSL_FATAL_ERROR if wolfSSL_CertManagerEnableCRL returns anything
- other than SSL_SUCCESS.
- \return BAD_PATH_ERROR if the path is NULL.
- \return MEMORY_E if LoadCRL fails to allocate heap memory.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param path a constant char pointer holding the CRL path.
- \param type type of certificate to be loaded.
- \param monitor requests monitoring in LoadCRL().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type,
- int monitor);
- …
- wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa wolfSSL_LoadCRL
- \sa wolfSSL_CertManagerFreeCRL
- */
- int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
- const char* path, int type, int monitor);
- /*!
- \ingroup CertManager
- \brief The function loads the CRL file by calling BufferLoadCRL.
- \return SSL_SUCCESS returned if the function completed without errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \return SSL_FATAL_ERROR returned if there is an error associated
- with the WOLFSSL_CERT_MANAGER.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
- \param buff a constant byte type and is the buffer.
- \param sz a long int representing the size of the buffer.
- \param type a long integer that holds the certificate type.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm;
- const unsigned char* buff;
- long sz; size of buffer
- int type; cert type
- ...
- int ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buff, sz, type);
- if(ret == SSL_SUCCESS){
- return ret;
- } else {
- Failure case.
- }
- \endcode
- \sa BufferLoadCRL
- \sa wolfSSL_CertManagerEnableCRL
- */
- int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
- const unsigned char* buff, long sz,
- int type);
- /*!
- \ingroup CertManager
- \brief This function sets the CRL Certificate Manager callback. If
- HAVE_CRL is defined and a matching CRL record is not found then the
- cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This
- allows you to externally retrieve the CRL and load it.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
- the certificate.
- \param cb a function pointer to (*CbMissingCRL) that is set to the
- cbMissingCRL member of the WOLFSSL_CERT_MANAGER.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- void cb(const char* url){
- Function body.
- }
- …
- CbMissingCRL cb = CbMissingCRL;
- …
- if(ctx){
- return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
- }
- \endcode
- \sa CbMissingCRL
- \sa wolfSSL_SetCRL_Cb
- */
- int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbMissingCRL cb);
- /*!
- \ingroup CertManager
- \brief This function frees the CRL stored in the Cert Manager. An
- application can update the CRL by calling wolfSSL_CertManagerFreeCRL
- and then loading the new CRL.
- \return SSL_SUCCESS returned upon successful execution of the function and
- subroutines.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- const char* crl1 = "./certs/crl/crl.pem";
- WOLFSSL_CERT_MANAGER* cm = NULL;
- cm = wolfSSL_CertManagerNew();
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0);
- …
- wolfSSL_CertManagerFreeCRL(cm);
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- */
- int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
- /*!
- \ingroup CertManager
- \brief The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled
- to signify that the OCSP check option is enabled.
- \return SSL_SUCCESS returned on successful execution of the function. The
- ocspEnabled member of the WOLFSSL_CERT_MANAGER is enabled.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
- NULL or if an argument value that is not allowed is passed to a subroutine.
- \return MEMORY_E returned if there is an error allocating memory within
- this function or a subroutine.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param der a byte pointer to the certificate.
- \param sz an int type representing the size of the DER cert.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* der;
- int sz; size of der
- ...
- if(wolfSSL_CertManagerCheckOCSP(cm, der, sz) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa ParseCertRelative
- \sa CheckCertOCSP
- */
- int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
- unsigned char* der, int sz);
- /*!
- \ingroup CertManager
- \brief Turns on OCSP if it’s turned off and if compiled with the
- set option available.
- \return SSL_SUCCESS returned if the function call is successful.
- \return BAD_FUNC_ARG if cm struct is NULL.
- \return MEMORY_E if WOLFSSL_OCSP struct value is NULL.
- \return SSL_FAILURE initialization of WOLFSSL_OCSP struct fails
- to initialize.
- \return NOT_COMPILED_IN build not compiled with correct feature enabled.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
- wolfSSL_CertManagerNew().
- \param options used to set values in WOLFSSL_CERT_MANAGER struct.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- int options;
- …
- if(wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa wolfSSL_CertManagerNew
- */
- int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm,
- int options);
- /*!
- \ingroup CertManager
- \brief Disables OCSP certificate revocation.
- \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled the
- crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
- \param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CertManagerDisableOCSP(ssl) != SSL_SUCCESS){
- Fail case.
- }
- \endcode
- \sa wolfSSL_DisableCRL
- */
- int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
- /*!
- \ingroup CertManager
- \brief The function copies the url to the ocspOverrideURL member of the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS the function was able to execute as expected.
- \return BAD_FUNC_ARG the WOLFSSL_CERT_MANAGER struct is NULL.
- \return MEMEORY_E Memory was not able to be allocated for the
- ocspOverrideURL member of the certificate manager.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
- const char* url;
- …
- int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
- …
- if(wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url) != SSL_SUCCESS){
- Failure case.
- }
- \endcode
- \sa ocspOverrideURL
- \sa wolfSSL_SetOCSP_OverrideURL
- */
- int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
- const char* url);
- /*!
- \ingroup CertManager
- \brief The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
- \return SSL_SUCCESS returned on successful execution. The arguments are
- saved in the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure.
- \param ioCb a function pointer of type CbOCSPIO.
- \param respFreeCb - a function pointer of type CbOCSPRespFree.
- \param ioCbCtx - a void pointer variable to the I/O callback user
- registered context.
- _Example_
- \code
- #include <wolfssl/ssl.h>
- wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb,
- CbOCSPRespFree respFreeCb, void* ioCbCtx){
- …
- return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, ioCbCtx);
- \endcode
- \sa wolfSSL_CertManagerSetOCSPOverrideURL
- \sa wolfSSL_CertManagerCheckOCSP
- \sa wolfSSL_CertManagerEnableOCSPStapling
- \sa wolfSSL_EnableOCSP
- \sa wolfSSL_DisableOCSP
- \sa wolfSSL_SetOCSP_Cb
- */
- int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \ingroup CertManager
- \brief This function turns on OCSP stapling if it is not turned on as well
- as set the options.
- \return SSL_SUCCESS returned if there were no errors and the function
- executed successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is
- NULL or otherwise if there was a unpermitted argument value passed to
- a subroutine.
- \return MEMORY_E returned if there was an issue allocating memory.
- \return SSL_FAILURE returned if the initialization of the OCSP
- structure failed.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
- HAVE_CERTIFICATE_STATUS_REQUEST option.
- \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, a member of the
- WOLFSSL_CTX structure.
- _Example_
- \code
- int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx){
- …
- return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
- \endcode
- \sa wolfSSL_CTX_EnableOCSPStapling
- */
- int wolfSSL_CertManagerEnableOCSPStapling(
- WOLFSSL_CERT_MANAGER* cm);
- /*!
- \brief Enables CRL certificate revocation.
- \return SSL_SUCCESS the function and subroutines returned with no errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \return MEMORY_E returned if the allocation of memory failed.
- \return SSL_FAILURE returned if the InitCRL function does not return
- successfully.
- \return NOT_COMPILED_IN HAVE_CRL was not enabled during the compiling.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param options an integer that is used to determine the setting of
- crlCheckAll member of the WOLFSSL_CERT_MANAGER structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS){
- // Failure case. SSL_SUCCESS was not returned by this function or
- a subroutine
- }
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa InitCRL
- */
- int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
- /*!
- \brief Disables CRL certificate revocation.
- \return SSL_SUCCESS wolfSSL_CertMangerDisableCRL successfully disabled
- the crlEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return BAD_FUNC_ARG the WOLFSSL structure was NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_DisableCRL(ssl) != SSL_SUCCESS){
- // Failure case
- }
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_DisableCRL(WOLFSSL* ssl);
- /*!
- \brief A wrapper function that ends up calling LoadCRL to load the
- certificate for revocation checking.
- \return WOLFSSL_SUCCESS returned if the function and all of the
- subroutines executed without error.
- \return SSL_FATAL_ERROR returned if one of the subroutines does not
- return successfully.
- \return BAD_FUNC_ARG if the WOLFSSL_CERT_MANAGER or the WOLFSSL
- structure are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param path a constant character pointer that holds the path to the
- crl file.
- \param type an integer representing the type of certificate.
- \param monitor an integer variable used to verify the monitor path if
- requested.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- const char* crlPemDir;
- …
- if(wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS){
- // Failure case. Did not return SSL_SUCCESS.
- }
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- \sa wolfSSL_CertManagerEnableCRL
- \sa LoadCRL
- */
- int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor);
- /*!
- \brief Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function or subroutine executes
- without error. The cbMissingCRL member of the WOLFSSL_CERT_MANAGER is set.
- \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
- structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to CbMissingCRL.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- void cb(const char* url) // required signature
- {
- // Function body
- }
- …
- int crlCb = wolfSSL_SetCRL_Cb(ssl, cb);
- if(crlCb != SSL_SUCCESS){
- // The callback was not set properly
- }
- \endcode
- \sa CbMissingCRL
- \sa wolfSSL_CertManagerSetCRL_Cb
- */
- int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
- /*!
- \brief This function enables OCSP certificate verification. The value of
- options if formed by or’ing one or more of the following options:
- WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
- certificates. The override URL is specified using the
- wolfSSL_CTX_SetOCSP_OverrideURL() function.
- WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
- WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
- \return SSL_SUCCESS returned if the function and subroutines executes
- without errors.
- \return BAD_FUNC_ARG returned if an argument in this function or any
- subroutine receives an invalid argument value.
- \return MEMORY_E returned if there was an error allocating memory for
- a structure or other variable.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with the
- HAVE_OCSP option.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param options an integer type passed to wolfSSL_CertMangerENableOCSP()
- used for settings check.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- int options; // initialize to option constant
- …
- int ret = wolfSSL_EnableOCSP(ssl, options);
- if(ret != SSL_SUCCESS){
- // OCSP is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSP
- */
- int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options);
- /*!
- \brief Disables the OCSP certificate revocation option.
- \return SSL_SUCCESS returned if the function and its subroutine return with
- no errors. The ocspEnabled member of the WOLFSSL_CERT_MANAGER structure was
- successfully set.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if(wolfSSL_DisableOCSP(ssl) != SSL_SUCCESS){
- // Returned with an error. Failure case in this block.
- }
- \endcode
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_DisableOCSP(WOLFSSL*);
- /*!
- \brief This function sets the ocspOverrideURL member in the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned on successful execution of the function.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if a
- unpermitted argument was passed to a subroutine.
- \return MEMORY_E returned if there was an error allocating memory in the
- subroutine.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param url a constant char pointer to the url that will be stored in the
- ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- char url[URLSZ];
- ...
- if(wolfSSL_SetOCSP_OverrideURL(ssl, url)){
- // The override url is set to the new value
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSPOverrideURL
- */
- int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url);
- /*!
- \brief This function sets the OCSP callback in the
- WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The ocspIOCb, ocspRespFreeCb, and ocspIOCtx members of the CM are set.
- \return BAD_FUNC_ARG returned if the WOLFSSL or WOLFSSL_CERT_MANAGER
- structures are NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ioCb a function pointer to type CbOCSPIO.
- \param respFreeCb a function pointer to type CbOCSPRespFree which is the
- call to free the response memory.
- \param ioCbCtx a void pointer that will be held in the ocspIOCtx member
- of the CM.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int OCSPIO_CB(void* , const char*, int , unsigned char* , int,
- unsigned char**){ // must have this signature
- // Function Body
- }
- …
- void OCSPRespFree_CB(void* , unsigned char* ){ // must have this signature
- // function body
- }
- …
- void* ioCbCtx;
- CbOCSPRespFree CB_OCSPRespFree;
- if(wolfSSL_SetOCSP_Cb(ssl, OCSPIO_CB( pass args ), CB_OCSPRespFree,
- ioCbCtx) != SSL_SUCCESS){
- // Callback not set
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSP_Cb
- \sa CbOCSPIO
- \sa CbOCSPRespFree
- */
- int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \brief Enables CRL certificate verification through the CTX.
- \return SSL_SUCCESS returned if this function and it’s subroutines
- execute without errors.
- \return BAD_FUNC_ARG returned if the CTX struct is NULL or there
- was otherwise an invalid argument passed in a subroutine.
- \return MEMORY_E returned if there was an error allocating
- memory during execution of the function.
- \return SSL_FAILURE returned if the crl member of the
- WOLFSSL_CERT_MANAGER fails to initialize correctly.
- \return NOT_COMPILED_IN wolfSSL was not compiled with the HAVE_CRL option.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CTX_EnableCRL(ssl->ctx, options) != SSL_SUCCESS){
- // The function failed
- }
- \endcode
- \sa wolfSSL_CertManagerEnableCRL
- \sa InitCRL
- \sa wolfSSL_CTX_DisableCRL
- */
- int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
- /*!
- \brief This function disables CRL verification in the CTX structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The crlEnabled member of the WOLFSSL_CERT_MANAGER struct is set to 0.
- \return BAD_FUNC_ARG returned if either the CTX struct or the CM
- struct has a NULL value.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_CTX_DisableCRL(ssl->ctx) != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa wolfSSL_CertManagerDisableCRL
- */
- int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
- /*!
- \brief This function loads CRL into the WOLFSSL_CTX structure through
- wolfSSL_CertManagerLoadCRL().
- \return SSL_SUCCESS - returned if the function and its subroutines
- execute without error.
- \return BAD_FUNC_ARG - returned if this function or any subroutines
- are passed NULL structures.
- \return BAD_PATH_ERROR - returned if the path variable opens as NULL.
- \return MEMORY_E - returned if an allocation of memory failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param path the path to the certificate.
- \param type an integer variable holding the type of certificate.
- \param monitor an integer variable used to determine if the monitor
- path is requested.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- const char* path;
- …
- return wolfSSL_CTX_LoadCRL(ctx, path, SSL_FILETYPE_PEM, 0);
- \endcode
- \sa wolfSSL_CertManagerLoadCRL
- \sa LoadCRL
- */
- int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor);
- /*!
- \brief This function will set the callback argument to the cbMissingCRL
- member of the WOLFSSL_CERT_MANAGER structure by calling
- wolfSSL_CertManagerSetCRL_Cb.
- \return SSL_SUCCESS returned for a successful execution. The
- WOLFSSL_CERT_MANAGER structure’s member cbMssingCRL was successfully
- set to cb.
- \return BAD_FUNC_ARG returned if WOLFSSL_CTX or WOLFSSL_CERT_MANAGER
- are NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created with
- wolfSSL_CTX_new().
- \param cb a pointer to a callback function of type CbMissingCRL.
- Signature requirement:
- void (*CbMissingCRL)(const char* url);
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- …
- void cb(const char* url) // Required signature
- {
- // Function body
- }
- …
- if (wolfSSL_CTX_SetCRL_Cb(ctx, cb) != SSL_SUCCESS){
- // Failure case, cb was not set correctly.
- }
- \endcode
- \sa wolfSSL_CertManagerSetCRL_Cb
- \sa CbMissingCRL
- */
- int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
- /*!
- \brief This function sets options to configure behavior of OCSP
- functionality in wolfSSL. The value of options if formed by or’ing
- one or more of the following options:
- WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
- certificates. The override URL is specified using the
- wolfSSL_CTX_SetOCSP_OverrideURL() function.
- WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
- WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
- This function only sets the OCSP options when wolfSSL has been compiled with
- OCSP support (--enable-ocsp, #define HAVE_OCSP).
- \return SSL_SUCCESS is returned upon success.
- \return SSL_FAILURE is returned upon failure.
- \return NOT_COMPILED_IN is returned when this function has been called,
- but OCSP support was not enabled when wolfSSL was compiled.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param options value used to set the OCSP options.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- int options; // initialize to option constant
- …
- int ret = wolfSSL_CTX_EnableOCSP(ctx, options);
- if(ret != SSL_SUCCESS){
- // OCSP is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSP
- \sa wolfSSL_EnableOCSP
- */
- int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options);
- /*!
- \brief This function disables OCSP certificate revocation checking by
- affecting the ocspEnabled member of the WOLFSSL_CERT_MANAGER structure.
- \return SSL_SUCCESS returned if the function executes without error.
- The ocspEnabled member of the CM has been disabled.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(!wolfSSL_CTX_DisableOCSP(ssl->ctx)){
- // OCSP is not disabled
- }
- \endcode
- \sa wolfSSL_DisableOCSP
- \sa wolfSSL_CertManagerDisableOCSP
- */
- int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
- /*!
- \brief This function manually sets the URL for OCSP to use. By default,
- OCSP will use the URL found in the individual certificate unless the
- WOLFSSL_OCSP_URL_OVERRIDE option is set using the wolfSSL_CTX_EnableOCSP.
- \return SSL_SUCCESS is returned upon success.
- \return SSL_FAILURE is returned upon failure.
- \return NOT_COMPILED_IN is returned when this function has been called,
- but OCSP support was not enabled when wolfSSL was compiled.
- \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
- \param url pointer to the OCSP URL for wolfSSL to use.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_OCSP_set_override_url(ctx, “custom-url-here”);
- \endcode
- \sa wolfSSL_CTX_OCSP_set_options
- */
- int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url);
- /*!
- \brief Sets the callback for the OCSP in the WOLFSSL_CTX structure.
- \return SSL_SUCCESS returned if the function executed successfully. The
- ocspIOCb, ocspRespFreeCb, and ocspIOCtx members in the CM were
- successfully set.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX or
- WOLFSSL_CERT_MANAGER structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param ioCb a CbOCSPIO type that is a function pointer.
- \param respFreeCb a CbOCSPRespFree type that is a function pointer.
- \param ioCbCtx a void pointer that will be held in the WOLFSSL_CERT_MANAGER.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- …
- CbOCSPIO ocspIOCb;
- CbOCSPRespFree ocspRespFreeCb;
- …
- void* ioCbCtx;
- int isSetOCSP = wolfSSL_CTX_SetOCSP_Cb(ctx, ocspIOCb,
- ocspRespFreeCb, ioCbCtx);
- if(isSetOCSP != SSL_SUCCESS){
- // The function did not return successfully.
- }
- \endcode
- \sa wolfSSL_CertManagerSetOCSP_Cb
- \sa CbOCSPIO
- \sa CbOCSPRespFree
- */
- int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
- CbOCSPIO ioCb, CbOCSPRespFree respFreeCb,
- void* ioCbCtx);
- /*!
- \brief This function enables OCSP stapling by calling
- wolfSSL_CertManagerEnableOCSPStapling().
- \return SSL_SUCCESS returned if there were no errors and the function
- executed successfully.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
- otherwise if there was a unpermitted argument value passed to a subroutine.
- \return MEMORY_E returned if there was an issue allocating memory.
- \return SSL_FAILURE returned if the initialization of the OCSP
- structure failed.
- \return NOT_COMPILED_IN returned if wolfSSL was not compiled with
- HAVE_CERTIFICATE_STATUS_REQUEST option.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- _Example_
- \code
- WOLFSSL* ssl = WOLFSSL_new();
- ssl->method.version; // set to desired protocol
- ...
- if(!wolfSSL_CTX_EnableOCSPStapling(ssl->ctx)){
- // OCSP stapling is not enabled
- }
- \endcode
- \sa wolfSSL_CertManagerEnableOCSPStapling
- \sa InitOCSP
- */
- int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
- /*!
- \ingroup CertsKeys
- \brief Normally, at the end of the SSL handshake, wolfSSL frees
- temporary arrays. Calling this function before the handshake begins
- will prevent wolfSSL from freeing temporary arrays. Temporary arrays
- may be needed for things such as wolfSSL_get_keys() or PSK hints.
- When the user is done with temporary arrays, either wolfSSL_FreeArrays()
- may be called to free the resources immediately, or alternatively the
- resources will be freed when the associated SSL object is freed.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_KeepArrays(ssl);
- \endcode
- \sa wolfSSL_FreeArrays
- */
- void wolfSSL_KeepArrays(WOLFSSL*);
- /*!
- \ingroup CertsKeys
- \brief Normally, at the end of the SSL handshake, wolfSSL frees temporary
- arrays. If wolfSSL_KeepArrays() has been called before the handshake,
- wolfSSL will not free temporary arrays. This function explicitly frees
- temporary arrays and should be called when the user is done with temporary
- arrays and does not want to wait for the SSL object to be freed to free
- these resources.
- \return none No return.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_FreeArrays(ssl);
- \endcode
- \sa wolfSSL_KeepArrays
- */
- void wolfSSL_FreeArrays(WOLFSSL*);
- /*!
- \brief This function enables the use of Server Name Indication in the SSL
- object passed in the 'ssl' parameter. It means that the SNI extension will
- be sent on ClientHello by wolfSSL client and wolfSSL server will respond
- ClientHello + SNI with either ServerHello + blank SNI or alert fatal in
- case of SNI mismatch.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ssl is NULL, data is NULL, type is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the server name data.
- \param size size of the server name data.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
- strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseSNI
- */
- int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
- const void* data, unsigned short size);
- /*!
- \brief This function enables the use of Server Name Indication for SSL
- objects created from the SSL context passed in the 'ctx' parameter. It
- means that the SNI extension will be sent on ClientHello by wolfSSL
- clients and wolfSSL servers will respond ClientHello + SNI with either
- ServerHello + blank SNI or alert fatal in case of SNI mismatch.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ctx is NULL, data is NULL, type is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the server name data.
- \param size size of the server name data.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.yassl.com",
- strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseSNI
- */
- int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
- const void* data, unsigned short size);
- /*!
- \brief This function is called on the server side to configure the
- behavior of the SSL session using Server Name Indication in the SSL
- object passed in the 'ssl' parameter. The options are explained below.
- \return none No returns.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param options a bitwise semaphore with the chosen options. The available
- options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort the
- handshake by sending a fatal-level unrecognized_name(112) alert if the
- hostname provided by the client mismatch with the servers.
- \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the server
- will not send a SNI response instead of aborting the session.
- \param WOLFSSL_SNI_ANSWER_ON_MISMATCH - With this option set, the server
- will send a SNI response as if the host names match instead of aborting
- the session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_SNI_SetOptions
- */
- void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
- unsigned char options);
- /*!
- \brief This function is called on the server side to configure the behavior
- of the SSL sessions using Server Name Indication for SSL objects created
- from the SSL context passed in the 'ctx' parameter. The options are
- explained below.
- \return none No returns.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param type indicates which type of server name is been passed in data.
- The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param options a bitwise semaphore with the chosen options. The available
- options are: enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }; Normally the server will abort
- the handshake by sending a fatal-level unrecognized_name(112) alert if the
- hostname provided by the client mismatch with the servers.
- \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH With this option set, the
- server will not send a SNI response instead of aborting the session.
- \param WOLFSSL_SNI_ANSWER_ON_MISMATCH With this option set, the server
- will send a SNI response as if the host names match instead of aborting
- the session.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSNI(ctx, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_UseSNI
- \sa wolfSSL_SNI_SetOptions
- */
- void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
- unsigned char type, unsigned char options);
- /*!
- \brief This function is called on the server side to retrieve the Server
- Name Indication provided by the client from the Client Hello message sent
- by the client to start a session. It does not requires context or session
- setup to retrieve the SNI.
- \return WOLFSSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of this
- cases: buffer is NULL, bufferSz <= 0, sni is NULL, inOutSz is NULL or <= 0
- \return BUFFER_ERROR is the error returned when there is a malformed
- Client Hello message.
- \return INCOMPLETE_DATA is the error returned when there is not enough
- data to complete the extraction.
- \param buffer pointer to the data provided by the client (Client Hello).
- \param bufferSz size of the Client Hello message.
- \param type indicates which type of server name is been retrieved
- from the buffer. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param sni pointer to where the output is going to be stored.
- \param inOutSz pointer to the output size, this value will be updated
- to MIN("SNI's length", inOutSz).
- _Example_
- \code
- unsigned char buffer[1024] = {0};
- unsigned char result[32] = {0};
- int length = 32;
- // read Client Hello to buffer...
- ret = wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, result, &length));
- if (ret != WOLFSSL_SUCCESS) {
- // sni retrieve failed
- }
- \endcode
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_UseSNI
- \sa wolfSSL_SNI_GetRequest
- */
- int wolfSSL_SNI_GetFromBuffer(
- const unsigned char* clientHello, unsigned int helloSz,
- unsigned char type, unsigned char* sni, unsigned int* inOutSz);
- /*!
- \ingroup IO
- \brief This function gets the status of an SNI object.
- \return value This function returns the byte value of the SNI struct’s
- status member if the SNI is not NULL.
- \return 0 if the SNI object is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param type the SNI type.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- #define AssertIntEQ(x, y) AssertInt(x, y, ==, !=)
- …
- Byte type = WOLFSSL_SNI_HOST_NAME;
- char* request = (char*)&type;
- AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
- …
- \endcode
- \sa TLSX_SNI_Status
- \sa TLSX_SNI_find
- \sa TLSX_Find
- */
- unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
- /*!
- \brief This function is called on the server side to retrieve the
- Server Name Indication provided by the client in a SSL session.
- \return size the size of the provided SNI data.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param type indicates which type of server name is been retrieved in
- data. The known types are: enum { WOLFSSL_SNI_HOST_NAME = 0 };
- \param data pointer to the data provided by the client.
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com"));
- if (ret != WOLFSSL_SUCCESS) {
- // sni usage failed
- }
- if (wolfSSL_accept(ssl) == SSL_SUCCESS) {
- void *data = NULL;
- unsigned short size = wolfSSL_SNI_GetRequest(ssl, 0, &data);
- }
- \endcode
- \sa wolfSSL_UseSNI
- \sa wolfSSL_CTX_UseSNI
- */
- unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
- unsigned char type, void** data);
- /*!
- \ingroup Setup
- \brief Setup ALPN use for a wolfSSL session.
- \return WOLFSSL_SUCCESS: upon success.
- \return BAD_FUNC_ARG Returned if ssl or protocol_name_list
- is null or protocol_name_listSz is too large or options
- contain something not supported.
- \return MEMORY_ERROR Error allocating memory for protocol list.
- \return SSL_FAILURE upon failure.
- \param ssl The wolfSSL session to use.
- \param protocol_name_list List of protocol names to use.
- Comma delimited string is required.
- \param protocol_name_listSz Size of the list of protocol names.
- \param options WOLFSSL_ALPN_CONTINUE_ON_MISMATCH or
- WOLFSSL_ALPN_FAILED_ON_MISMATCH.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- char alpn_list[] = {};
- if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_APN_FAILED_ON_MISMATCH) != WOLFSSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseALPN
- */
- int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
- unsigned int protocol_name_listSz,
- unsigned char options);
- /*!
- \ingroup TLS
- \brief This function gets the protocol name set by the server.
- \return SSL_SUCCESS returned on successful execution where no
- errors were thrown.
- \return SSL_FATAL_ERROR returned if the extension was not found or
- if there was no protocol match with peer. There will also be an
- error thrown if there is more than one protocol name accepted.
- \return SSL_ALPN_NOT_FOUND returned signifying that no protocol
- match with peer was found.
- \return BAD_FUNC_ARG returned if there was a NULL argument passed
- into the function.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param protocol_name a pointer to a char that represents the protocol
- name and will be held in the ALPN structure.
- \param size a word16 type that represents the size of the protocol_name.
- _Example_
- \code
- WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new(ctx);
- ...
- int err;
- char* protocol_name = NULL;
- Word16 protocol_nameSz = 0;
- err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
- if(err == SSL_SUCCESS){
- // Sent ALPN protocol
- }
- \endcode
- \sa TLSX_ALPN_GetRequest
- \sa TLSX_Find
- */
- int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
- unsigned short *size);
- /*!
- \ingroup TLS
- \brief This function copies the alpn_client_list data from the SSL
- object to the buffer.
- \return SSL_SUCCESS returned if the function executed without error. The
- alpn_client_list member of the SSL object has been copied to the
- list parameter.
- \return BAD_FUNC_ARG returned if the list or listSz parameter is NULL.
- \return BUFFER_ERROR returned if there will be a problem with the
- list buffer (either it’s NULL or the size is 0).
- \return MEMORY_ERROR returned if there was a problem dynamically
- allocating memory.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param list a pointer to the buffer. The data from the SSL object will
- be copied into it.
- \param listSz the buffer size.
- _Example_
- \code
- #import <wolfssl/ssl.h>
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method);
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- #ifdef HAVE_ALPN
- char* list = NULL;
- word16 listSz = 0;
- …
- err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
- if(err == SSL_SUCCESS){
- List of protocols names sent by client
- }
- \endcode
- \sa wolfSSL_UseALPN
- */
- int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
- unsigned short *listSz);
- /*!
- \brief This function is called on the client side to enable the use of
- Maximum Fragment Length in the SSL object passed in the 'ssl' parameter.
- It means that the Maximum Fragment Length extension will be sent on
- ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ssl is NULL, mfl is out of range.
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param mfl indicates witch is the Maximum Fragment Length requested for the
- session. The available options are: enum { WOLFSSL_MFL_2_9 = 1, 512 bytes
- WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
- WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
- bytes wolfSSL ONLY!!! };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_2_11);
- if (ret != 0) {
- // max fragment usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseMaxFragment
- */
- int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
- /*!
- \brief This function is called on the client side to enable the use
- of Maximum Fragment Length for SSL objects created from the SSL context
- passed in the 'ctx' parameter. It means that the Maximum Fragment Length
- extension will be sent on ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ctx is NULL, mfl is out of range.
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param mfl indicates which is the Maximum Fragment Length requested
- for the session. The available options are:
- enum { WOLFSSL_MFL_2_9 = 1 512 bytes, WOLFSSL_MFL_2_10 = 2 1024 bytes,
- WOLFSSL_MFL_2_11 = 3 2048 bytes WOLFSSL_MFL_2_12 = 4 4096 bytes,
- WOLFSSL_MFL_2_13 = 5 8192 bytes wolfSSL ONLY!!!,
- WOLFSSL_MFL_2_13 = 6 256 bytes wolfSSL ONLY!!!
- };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11);
- if (ret != 0) {
- // max fragment usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseMaxFragment
- */
- int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
- /*!
- \brief This function is called on the client side to enable the use of
- Truncated HMAC in the SSL object passed in the 'ssl' parameter. It
- means that the Truncated HMAC extension will be sent on ClientHello
- by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ssl is NULL
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new()
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseTruncatedHMAC(ssl);
- if (ret != 0) {
- // truncated HMAC usage failed
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_CTX_UseMaxFragment
- */
- int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
- /*!
- \brief This function is called on the client side to enable the use of
- Truncated HMAC for SSL objects created from the SSL context passed in
- the 'ctx' parameter. It means that the Truncated HMAC extension will
- be sent on ClientHello by wolfSSL clients.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of
- these cases: ctx is NULL
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseTruncatedHMAC(ctx);
- if (ret != 0) {
- // truncated HMAC usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseMaxFragment
- */
- int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
- /*!
- \brief Stapling eliminates the need to contact the CA. Stapling
- lowers the cost of certificate revocation check presented in OCSP.
- \return SSL_SUCCESS returned if TLSX_UseCertificateStatusRequest
- executes without error.
- \return MEMORY_E returned if there is an error with the allocation
- of memory.
- \return BAD_FUNC_ARG returned if there is an argument that has a
- NULL or otherwise unacceptable value passed into the function.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param status_type a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- \param options a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS){
- // Failed case.
- }
- \endcode
- \sa TLSX_UseCertificateStatusRequest
- \sa wolfSSL_CTX_UseOCSPStapling
- */
- int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
- unsigned char status_type, unsigned char options);
- /*!
- \brief This function requests the certificate status during the handshake.
- \return SSL_SUCCESS returned if the function and subroutines execute
- without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or
- otherwise if a unpermitted value is passed to a subroutine.
- \return MEMORY_E returned if the function or subroutine failed to properly
- allocate memory.
- \param ctx a pointer to a WOLFSSL_CTX structure,
- created using wolfSSL_CTX_new().
- \param status_type a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- \param options a byte type that is passed through to
- TLSX_UseCertificateStatusRequest() and stored in the
- CertificateStatusRequest structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte statusRequest = 0; // Initialize status request
- …
- switch(statusRequest){
- case WOLFSSL_CSR_OCSP:
- if(wolfSSL_CTX_UseOCSPStapling(ssl->ctx, WOLFSSL_CSR_OCSP,
- WOLF_CSR_OCSP_USE_NONCE) != SSL_SUCCESS){
- // UseCertificateStatusRequest failed
- }
- // Continue switch cases
- \endcode
- \sa wolfSSL_UseOCSPStaplingV2
- \sa wolfSSL_UseOCSPStapling
- \sa TLSX_UseCertificateStatusRequest
- */
- int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
- unsigned char status_type, unsigned char options);
- /*!
- \brief The function sets the status type and options for OCSP.
- \return SSL_SUCCESS - returned if the function and subroutines
- executed without error.
- \return MEMORY_E - returned if there was an allocation of memory error.
- \return BAD_FUNC_ARG - returned if a NULL or otherwise unaccepted
- argument was passed to the function or a subroutine.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param status_type a byte type that loads the OCSP status type.
- \param options a byte type that holds the OCSP options, set in
- wolfSSL_SNI_SetOptions() and wolfSSL_CTX_SNI_SetOptions().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS){
- // Did not execute properly. Failure case code block.
- }
- \endcode
- \sa TLSX_UseCertificatStatusRequestV2
- \sa wolfSSL_SNI_SetOptions
- \sa wolfSSL_CTX_SNI_SetOptions
- */
- int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
- unsigned char status_type, unsigned char options);
- /*!
- \brief Creates and initializes the certificate status request
- for OCSP Stapling.
- \return SSL_SUCCESS if the function and subroutines executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL_CTX structure is NULL or if
- the side variable is not client side.
- \return MEMORY_E returned if the allocation of memory failed.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param status_type a byte type that is located in the
- CertificatStatusRequest structure and must be either WOLFSSL_CSR2_OCSP
- or WOLFSSL_CSR2_OCSP_MULTI.
- \param options a byte type that will be held in
- CertificateStatusRequestItemV2 struct.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- byte status_type;
- byte options;
- ...
- if(wolfSSL_CTX_UseOCSPStaplingV2(ctx, status_type, options); != SSL_SUCCESS){
- // Failure case.
- }
- \endcode
- \sa TLSX_UseCertificateStatusRequestV2
- \sa wc_RNG_GenerateBlock
- \sa TLSX_Push
- */
- int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
- unsigned char status_type, unsigned char options);
- /*!
- \brief This function is called on the client side to enable the use of
- Supported Elliptic Curves Extension in the SSL object passed in the 'ssl'
- parameter. It means that the supported curves enabled will be sent on
- ClientHello by wolfSSL clients. This function can be called more than
- one time to enable multiple curves.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ssl is NULL, name is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ssl pointer to a SSL object, created with wolfSSL_new().
- \param name indicates which curve will be supported for the session. The
- available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
- WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
- WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
- WOLFSSL_ECC_SECP521R1 = 0x19 };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- // ssl creation failed
- }
- ret = wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1);
- if (ret != 0) {
- // Elliptic Curve Extension usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_UseSupportedCurve
- */
- int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
- /*!
- \brief This function is called on the client side to enable the use of
- Supported Elliptic Curves Extension for SSL objects created from the SSL
- context passed in the 'ctx' parameter. It means that the supported curves
- enabled will be sent on ClientHello by wolfSSL clients. This function can
- be called more than one time to enable multiple curves.
- \return SSL_SUCCESS upon success.
- \return BAD_FUNC_ARG is the error that will be returned in one of these
- cases: ctx is NULL, name is a unknown value. (see below)
- \return MEMORY_E is the error returned when there is not enough memory.
- \param ctx pointer to a SSL context, created with wolfSSL_CTX_new().
- \param name indicates which curve will be supported for the session.
- The available options are: enum { WOLFSSL_ECC_SECP160R1 = 0x10,
- WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15,
- WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18,
- WOLFSSL_ECC_SECP521R1 = 0x19 };
- _Example_
- \code
- int ret = 0;
- WOLFSSL_CTX* ctx = 0;
- ctx = wolfSSL_CTX_new(method);
- if (ctx == NULL) {
- // context creation failed
- }
- ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1);
- if (ret != 0) {
- // Elliptic Curve Extension usage failed
- }
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_UseSupportedCurve
- */
- int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
- word16 name);
- /*!
- \ingroup IO
- \brief This function forces secure renegotiation for the supplied
- WOLFSSL structure. This is not recommended.
- \return SSL_SUCCESS Successfully set secure renegotiation.
- \return BAD_FUNC_ARG Returns error if ssl is null.
- \return MEMORY_E Returns error if unable to allocate memory for secure
- renegotiation.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
- {
- // Error setting secure renegotiation
- }
- \endcode
- \sa TLSX_Find
- \sa TLSX_UseSecureRenegotiation
- */
- int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function executes a secure renegotiation handshake; this is user
- forced as wolfSSL discourages this functionality.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure was NULL or otherwise
- if an unacceptable argument was passed in a subroutine.
- \return SECURE_RENEGOTIATION_E returned if there was an error with
- renegotiating the handshake.
- \return SSL_FATAL_ERROR returned if there was an error with the
- server or client configuration and the renegotiation could
- not be completed. See wolfSSL_negotiate().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- if(wolfSSL_Rehandshake(ssl) != SSL_SUCCESS){
- // There was an error and the rehandshake is not successful.
- }
- \endcode
- \sa wolfSSL_negotiate
- \sa wc_InitSha512
- \sa wc_InitSha384
- \sa wc_InitSha256
- \sa wc_InitSha
- \sa wc_InitMd5
- */
- int wolfSSL_Rehandshake(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief Force provided WOLFSSL structure to use session ticket. The
- constant HAVE_SESSION_TICKET should be defined and the constant
- NO_WOLFSSL_CLIENT should not be defined to use this function.
- \return SSL_SUCCESS Successfully set use session ticket.
- \return BAD_FUNC_ARG Returned if ssl is null.
- \return MEMORY_E Error allocating memory for setting session ticket.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl;
- WOLFSSL_METHOD method = // Some wolfSSL method
- ctx = wolfSSL_CTX_new(method);
- ssl = wolfSSL_new(ctx);
- if(wolfSSL_UseSessionTicket(ssl) != SSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseSessionTicket
- */
- int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets wolfSSL context to use a session ticket.
- \return SSL_SUCCESS Function executed successfully.
- \return BAD_FUNC_ARG Returned if ctx is null.
- \return MEMORY_E Error allocating memory in internal function.
- \param ctx The WOLFSSL_CTX structure to use.
- _Example_
- \code
- wolfSSL_Init();
- WOLFSSL_CTX* ctx;
- WOLFSSL_METHOD method = // Some wolfSSL method ;
- ctx = wolfSSL_CTX_new(method);
- if(wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
- {
- // Error setting session ticket
- }
- \endcode
- \sa TLSX_UseSessionTicket
- */
- int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
- /*!
- \ingroup IO
- \brief This function copies the ticket member of the Session structure to
- the buffer.
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if one of the arguments was NULL or if the
- bufSz argument was 0.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf a byte pointer representing the memory buffer.
- \param bufSz a word32 pointer representing the buffer size.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* buf;
- word32 bufSz; // Initialize with buf size
- …
- if(wolfSSL_get_SessionTicket(ssl, buf, bufSz) <= 0){
- // Nothing was written to the buffer
- } else {
- // the buffer holds the content from ssl->session->ticket
- }
- \endcode
- \sa wolfSSL_UseSessionTicket
- \sa wolfSSL_set_SessionTicket
- */
- int wolfSSL_get_SessionTicket(WOLFSSL* ssl, unsigned char* buf, word32* bufSz);
- /*!
- \ingroup IO
- \brief This function sets the ticket member of the WOLFSSL_SESSION
- structure within the WOLFSSL struct. The buffer passed into the function
- is copied to memory.
- \return SSL_SUCCESS returned on successful execution of the function.
- The function returned without errors.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL. This will
- also be thrown if the buf argument is NULL but the bufSz argument
- is not zero.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param buf a byte pointer that gets loaded into the ticket member
- of the session structure.
- \param bufSz a word32 type that represents the size of the buffer.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- byte* buffer; // File to load
- word32 bufSz;
- ...
- if(wolfSSL_KeepArrays(ssl, buffer, bufSz) != SSL_SUCCESS){
- // There was an error loading the buffer to memory.
- }
- \endcode
- \sa wolfSSL_set_SessionTicket_cb
- */
- int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const unsigned char* buf,
- word32 bufSz);
- /*!
- \brief This function sets the session ticket callback. The type
- CallbackSessionTicket is a function pointer with the signature of:
- int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*)
- \return SSL_SUCCESS returned if the function executed without error.
- \return BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer to the type CallbackSessionTicket.
- \param ctx a void pointer to the session_ticket_ctx member of the
- WOLFSSL structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int sessionTicketCB(WOLFSSL* ssl, const unsigned char* ticket, int ticketSz,
- void* ctx){ … }
- wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)”initial session”);
- \endcode
- \sa wolfSSL_get_SessionTicket
- \sa CallbackSessionTicket
- \sa sessionTicketCB
- */
- int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
- CallbackSessionTicket cb, void* ctx);
- /*!
- \brief This function sends a session ticket to the client after a TLS v1.3
- handhsake has been established.
- \return WOLFSSL_SUCCESS returned if a new session ticket was sent.
- \return BAD_FUNC_ARG returned if WOLFSSL structure is NULL, or not using
- TLS v1.3.
- \return SIDE_ERROR returned if not a server.
- \return NOT_READY_ERROR returned if the handshake has not completed.
- \return WOLFSSL_FATAL_ERROR returned if creating or sending message fails.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- ret = wolfSSL_send_SessionTicket(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- // New session ticket not sent.
- }
- \endcode
- \sa wolfSSL_get_SessionTicket
- \sa CallbackSessionTicket
- \sa sessionTicketCB
- */
- int wolfSSL_send_SessionTicket(WOLFSSL* ssl);
- /*!
- \brief This function sets the session ticket key encrypt callback function
- for a server to support session tickets as specified in RFC 5077.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
- invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
- \param cb user callback function to encrypt/decrypt session tickets
- \param ssl(Callback) pointer to the WOLFSSL object, created with
- wolfSSL_new()
- \param key_name(Callback) unique key name for this ticket context, should
- be randomly generated
- \param iv(Callback) unique IV for this ticket, up to 128 bits, should
- be randomly generated
- \param mac(Callback) up to 256 bit mac for this ticket
- \param enc(Callback) if this encrypt parameter is true the user should fill
- in key_name, iv, mac, and encrypt the ticket in-place of length inLen and
- set the resulting output length in *outLen. Returning WOLFSSL_TICKET_RET_OK
- tells wolfSSL that the encryption was successful. If this encrypt parameter
- is false, the user should perform a decrypt of the ticket in-place of length
- inLen using key_name, iv, and mac. The resulting decrypt length should be
- set in *outLen. Returning WOLFSSL_TICKET_RET_OK tells wolfSSL to proceed
- using the decrypted ticket. Returning WOLFSSL_TICKET_RET_CREATE tells
- wolfSSL to use the decrypted ticket but also to generate a new one to
- send to the client, helpful if recently rolled keys and don’t want to
- force a full handshake. Returning WOLFSSL_TICKET_RET_REJECT tells
- wolfSSL to reject this ticket, perform a full handshake, and create
- a new standard session ID for normal session resumption. Returning
- WOLFSSL_TICKET_RET_FATAL tells wolfSSL to end the connection
- attempt with a fatal error.
- \param ticket(Callback) the input/output buffer for the encrypted ticket.
- See the enc parameter
- \param inLen(Callback) the input length of the ticket parameter
- \param outLen(Callback) the resulting output length of the ticket parameter.
- When entering the callback outLen will indicate the maximum size available
- in the ticket buffer.
- \param userCtx(Callback) the user context set with
- wolfSSL_CTX_set_TicketEncCtx()
- _Example_
- \code
- See wolfssl/test.h myTicketEncCb() used by the example
- server and example echoserver.
- \endcode
- \sa wolfSSL_CTX_set_TicketHint
- \sa wolfSSL_CTX_set_TicketEncCtx
- */
- int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
- SessionTicketEncCb);
- /*!
- \brief This function sets the session ticket hint relayed to the client.
- For server side use.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by passing
- invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created with wolfSSL_CTX_new().
- \param hint number of seconds the ticket might be valid for. Hint to client.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCb
- */
- int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
- /*!
- \brief This function sets the session ticket encrypt user context for the
- callback. For server side use.
- \return SSL_SUCCESS will be returned upon successfully setting the session.
- \return BAD_FUNC_ARG will be returned on failure. This is caused by
- passing invalid arguments to the function.
- \param ctx pointer to the WOLFSSL_CTX object, created
- with wolfSSL_CTX_new().
- \param userCtx the user context for the callback
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCb
- */
- int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
- /*!
- \brief This function gets the session ticket encrypt user context for the
- callback. For server side use.
- \return userCtx will be returned upon successfully getting the session.
- \return NULL will be returned on failure. This is caused by
- passing invalid arguments to the function, or when the user context has
- not been set.
- \param ctx pointer to the WOLFSSL_CTX object, created
- with wolfSSL_CTX_new().
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_CTX_set_TicketEncCtx
- */
- void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
- /*!
- \brief This function sets the handshake done callback. The hsDoneCb and
- hsDoneCtx members of the WOLFSSL structure are set in this function.
- \return SSL_SUCCESS returned if the function executed without an error.
- The hsDoneCb and hsDoneCtx members of the WOLFSSL struct are set.
- \return BAD_FUNC_ARG returned if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param cb a function pointer of type HandShakeDoneCb with the signature of
- the form: int (*HandShakeDoneCb)(WOLFSSL*, void*);
- \param user_ctx a void pointer to the user registered context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- …
- int myHsDoneCb(WOLFSSL* ssl, void* user_ctx){
- // callback function
- }
- …
- wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
- \endcode
- \sa HandShakeDoneCb
- */
- int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx);
- /*!
- \ingroup IO
- \brief This function prints the statistics from the session.
- \return SSL_SUCCESS returned if the function and subroutines return without
- error. The session stats have been successfully retrieved and printed.
- \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
- was passed an unacceptable argument.
- \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
- \param none No parameters.
- _Example_
- \code
- // You will need to have a session object to retrieve stats from.
- if(wolfSSL_PrintSessionStats(void) != SSL_SUCCESS ){
- // Did not print session stats
- }
- \endcode
- \sa wolfSSL_get_session_stats
- */
- int wolfSSL_PrintSessionStats(void);
- /*!
- \ingroup IO
- \brief This function gets the statistics for the session.
- \return SSL_SUCCESS returned if the function and subroutines return without
- error. The session stats have been successfully retrieved and printed.
- \return BAD_FUNC_ARG returned if the subroutine wolfSSL_get_session_stats()
- was passed an unacceptable argument.
- \return BAD_MUTEX_E returned if there was a mutex error in the subroutine.
- \param active a word32 pointer representing the total current sessions.
- \param total a word32 pointer representing the total sessions.
- \param peak a word32 pointer representing the peak sessions.
- \param maxSessions a word32 pointer representing the maximum sessions.
- _Example_
- \code
- int wolfSSL_PrintSessionStats(void){
- …
- ret = wolfSSL_get_session_stats(&totalSessionsNow,
- &totalSessionsSeen, &peak, &maxSessions);
- …
- return ret;
- \endcode
- \sa wolfSSL_PrintSessionStats
- */
- int wolfSSL_get_session_stats(unsigned int* active,
- unsigned int* total,
- unsigned int* peak,
- unsigned int* maxSessions);
- /*!
- \ingroup TLS
- \brief This function copies the values of cr and sr then passes through to
- wc_PRF (pseudo random function) and returns that value.
- \return 0 on success
- \return BUFFER_E returned if there will be an error
- with the size of the buffer.
- \return MEMORY_E returned if a subroutine failed
- to allocate dynamic memory.
- \param ms the master secret held in the Arrays structure.
- \param msLen the length of the master secret.
- \param pms the pre-master secret held in the Arrays structure.
- \param pmsLen the length of the pre-master secret.
- \param cr the client random.
- \param sr the server random.
- \param tls1_2 signifies that the version is at least tls version 1.2.
- \param hash_type signifies the hash type.
- _Example_
- \code
- WOLFSSL* ssl;
- called in MakeTlsMasterSecret and retrieves the necessary
- information as follows:
- int MakeTlsMasterSecret(WOLFSSL* ssl){
- int ret;
- ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
- ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
- ssl->arrays->clientRandom, ssl->arrays->serverRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
- …
- return ret;
- }
- \endcode
- \sa wc_PRF
- \sa MakeTlsMasterSecret
- */
- int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
- const unsigned char* pms, word32 pmsLen,
- const unsigned char* cr, const unsigned char* sr,
- int tls1_2, int hash_type);
- /*!
- \ingroup CertsKeys
- \brief An external facing wrapper to derive TLS Keys.
- \return 0 returned on success.
- \return BUFFER_E returned if the sum of labLen and
- seedLen (computes total size) exceeds the maximum size.
- \return MEMORY_E returned if the allocation of memory failed.
- \param key_data a byte pointer that is allocateded in DeriveTlsKeys
- and passed through to wc_PRF to hold the final hash.
- \param keyLen a word32 type that is derived in DeriveTlsKeys
- from the WOLFSSL structure’s specs member.
- \param ms a constant pointer type holding the master secret
- held in the arrays structure within the WOLFSSL structure.
- \param msLen a word32 type that holds the length of the
- master secret in an enumerated define, SECRET_LEN.
- \param sr a constant byte pointer to the serverRandom
- member of the arrays structure within the WOLFSSL structure.
- \param cr a constant byte pointer to the clientRandom
- member of the arrays structure within the WOLFSSL structure.
- \param tls1_2 an integer type returned from IsAtLeastTLSv1_2().
- \param hash_type an integer type held in the WOLFSSL structure.
- _Example_
- \code
- int DeriveTlsKeys(WOLFSSL* ssl){
- int ret;
- …
- ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret,
- SECRET_LEN, ssl->arrays->clientRandom,
- IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
- …
- }
- \endcode
- \sa wc_PRF
- \sa DeriveTlsKeys
- \sa IsAtLeastTLSv1_2
- */
- int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
- const unsigned char* ms, word32 msLen,
- const unsigned char* sr, const unsigned char* cr,
- int tls1_2, int hash_type);
- /*!
- \brief wolfSSL_connect_ex() is an extension that allows
- a HandShake Callback to be set. This can be useful in
- embedded systems for debugging support when a debugger isn’t
- available and sniffing is impractical. The HandShake Callback
- will be called whether or not a handshake error occurred.
- No dynamic memory is used since the maximum number of SSL
- packets is known. Packet names can be accessed through packetNames[].
- The connect extension also allows a Timeout Callback to be set along
- with a timeout value. This is useful if the user doesn’t want
- to wait for the TCP stack to timeout. This extension can be called
- with either, both, or neither callbacks.
- \return SSL_SUCCESS upon success.
- \return GETTIME_ERROR will be returned if gettimeofday()
- encountered an error.
- \return SETITIMER_ERROR will be returned if setitimer()
- encountered an error.
- \return SIGACT_ERROR will be returned if sigaction() encountered an error.
- \return SSL_FATAL_ERROR will be returned if the underlying SSL_connect()
- call encountered an error.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_accept_ex
- */
- int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
- TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
- /*!
- \brief wolfSSL_accept_ex() is an extension that allows a HandShake Callback
- to be set. This can be useful in embedded systems for debugging support
- when a debugger isn’t available and sniffing is impractical. The HandShake
- Callback will be called whether or not a handshake error occurred.
- No dynamic memory is used since the maximum number of SSL packets is known.
- Packet names can be accessed through packetNames[]. The connect extension
- also allows a Timeout Callback to be set along with a timeout value.
- This is useful if the user doesn’t want to wait for the TCP stack to timeout.
- This extension can be called with either, both, or neither callbacks.
- \return SSL_SUCCESS upon success.
- \return GETTIME_ERROR will be returned if gettimeofday()
- encountered an error.
- \return SETITIMER_ERROR will be returned if setitimer()
- encountered an error.
- \return SIGACT_ERROR will be returned if sigaction() encountered an error.
- \return SSL_FATAL_ERROR will be returned if the underlying
- SSL_accept() call encountered an error.
- \param none No parameters.
- _Example_
- \code
- none
- \endcode
- \sa wolfSSL_connect_ex
- */
- int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb,
- TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout);
- /*!
- \ingroup IO
- \brief This is used to set the internal file pointer for a BIO.
- \return SSL_SUCCESS On successfully setting file pointer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set pair.
- \param fp file pointer to set in bio.
- \param c close file behavior flag.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_get_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
- /*!
- \ingroup IO
- \brief This is used to get the internal file pointer for a BIO.
- \return SSL_SUCCESS On successfully getting file pointer.
- \return SSL_FAILURE If an error case was encountered.
- \param bio WOLFSSL_BIO structure to set pair.
- \param fp file pointer to set in bio.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- XFILE fp;
- int ret;
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ret = wolfSSL_BIO_get_fp(bio, &fp);
- // check ret value
- \endcode
- \sa wolfSSL_BIO_new
- \sa wolfSSL_BIO_s_mem
- \sa wolfSSL_BIO_set_fp
- \sa wolfSSL_BIO_free
- */
- long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
- /*!
- \ingroup Setup
- \brief This function checks that the private key is a match
- with the certificate being used.
- \return SSL_SUCCESS On successfully match.
- \return SSL_FAILURE If an error case was encountered.
- \return <0 All error cases other than SSL_FAILURE are negative values.
- \param ssl WOLFSSL structure to check.
- _Example_
- \code
- WOLFSSL* ssl;
- int ret;
- // create and set up ssl
- ret = wolfSSL_check_private_key(ssl);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_check_private_key(const WOLFSSL* ssl);
- /*!
- \ingroup CertsKeys
- \brief This function looks for and returns the extension index
- matching the passed in NID value.
- \return >= 0 If successful the extension index is returned.
- \return -1 If extension is not found or error is encountered.
- \param x509 certificate to get parse through for extension.
- \param nid extension OID to be found.
- \param lastPos start search from extension after lastPos.
- Set to -1 initially.
- _Example_
- \code
- const WOLFSSL_X509* x509;
- int lastPos = -1;
- int idx;
- idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos);
- \endcode
- */
- int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509,
- int nid, int lastPos);
- /*!
- \ingroup CertsKeys
- \brief This function looks for and returns the extension
- matching the passed in NID value.
- \return pointer If successful a STACK_OF(WOLFSSL_ASN1_OBJECT)
- pointer is returned.
- \return NULL If extension is not found or error is encountered.
- \param x509 certificate to get parse through for extension.
- \param nid extension OID to be found.
- \param c if not NULL is set to -2 for multiple extensions found -1
- if not found, 0 if found and not critical and 1 if found and critical.
- \param idx if NULL return first extension matched otherwise if not
- stored in x509 start at idx.
- _Example_
- \code
- const WOLFSSL_X509* x509;
- int c;
- int idx = 0;
- STACK_OF(WOLFSSL_ASN1_OBJECT)* sk;
- sk = wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, &c, &idx);
- //check sk for NULL and then use it. sk needs freed after done.
- \endcode
- \sa wolfSSL_sk_ASN1_OBJECT_free
- */
- void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
- int nid, int* c, int* idx);
- /*!
- \ingroup CertsKeys
- \brief This function returns the hash of the DER certificate.
- \return SSL_SUCCESS On successfully creating a hash.
- \return SSL_FAILURE Returned on bad input or unsuccessful hash.
- \param x509 certificate to get the hash of.
- \param digest the hash algorithm to use.
- \param buf buffer to hold hash.
- \param len length of buffer.
- _Example_
- \code
- WOLFSSL_X509* x509;
- unsigned char buffer[64];
- unsigned int bufferSz;
- int ret;
- ret = wolfSSL_X509_digest(x509, wolfSSL_EVP_sha256(), buffer, &bufferSz);
- //check ret value
- \endcode
- \sa none
- */
- int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
- const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
- /*!
- \ingroup Setup
- \brief his is used to set the certificate for WOLFSSL structure to use
- during a handshake.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL argument passed in.
- \param ssl WOLFSSL structure to set certificate in.
- \param x509 certificate to use.
- _Example_
- \code WOLFSSL* ssl;
- WOLFSSL_X509* x509
- int ret;
- // create ssl object and x509
- ret = wolfSSL_use_certificate(ssl, x509);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
- /*!
- \ingroup Setup
- \brief This is used to set the certificate for WOLFSSL structure
- to use during a handshake. A DER formatted buffer is expected.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL argument passed in.
- \param ssl WOLFSSL structure to set certificate in.
- \param der DER certificate to use.
- \param derSz size of the DER buffer passed in.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* der;
- int derSz;
- int ret;
- // create ssl object and set DER variables
- ret = wolfSSL_use_certificate_ASN1(ssl, der, derSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
- int derSz);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL structure.
- \return SSL_SUCCESS On successful setting argument.
- \return SSL_FAILURE If a NULL ssl passed in. All error
- cases will be negative values.
- \param ssl WOLFSSL structure to set argument in.
- \param pkey private key to use.
- _Example_
- \code
- WOLFSSL* ssl;
- WOLFSSL_EVP_PKEY* pkey;
- int ret;
- // create ssl object and set up private key
- ret = wolfSSL_use_PrivateKey(ssl, pkey);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL
- structure. A DER formatted key buffer is expected.
- \return SSL_SUCCESS On successful setting parsing and
- setting the private key.
- \return SSL_FAILURE If an NULL ssl passed in. All error cases
- will be negative values.
- \param pri type of private key.
- \param ssl WOLFSSL structure to set argument in.
- \param der buffer holding DER key.
- \param derSz size of der buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* pkey;
- long pkeySz;
- int ret;
- // create ssl object and set up private key
- ret = wolfSSL_use_PrivateKey_ASN1(1, ssl, pkey, pkeySz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_use_PrivateKey
- */
- int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
- unsigned char* der, long derSz);
- /*!
- \ingroup CertsKeys
- \brief This is used to set the private key for the WOLFSSL
- structure. A DER formatted RSA key buffer is expected.
- \return SSL_SUCCESS On successful setting parsing and setting
- the private key.
- \return SSL_FAILURE If an NULL ssl passed in. All error cases
- will be negative values.
- \param ssl WOLFSSL structure to set argument in.
- \param der buffer holding DER key.
- \param derSz size of der buffer.
- _Example_
- \code
- WOLFSSL* ssl;
- unsigned char* pkey;
- long pkeySz;
- int ret;
- // create ssl object and set up RSA private key
- ret = wolfSSL_use_RSAPrivateKey_ASN1(ssl, pkey, pkeySz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- \sa wolfSSL_use_PrivateKey
- */
- int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
- long derSz);
- /*!
- \ingroup CertsKeys
- \brief This function duplicates the parameters in dsa to a
- newly created WOLFSSL_DH structure.
- \return WOLFSSL_DH If duplicated returns WOLFSSL_DH structure
- \return NULL upon failure
- \param dsa WOLFSSL_DSA structure to duplicate.
- _Example_
- \code
- WOLFSSL_DH* dh;
- WOLFSSL_DSA* dsa;
- // set up dsa
- dh = wolfSSL_DSA_dup_DH(dsa);
- // check dh is not null
- \endcode
- \sa none
- */
- WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
- /*!
- \ingroup Setup
- \brief This is used to get the master key after completing a handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer
- size needed is returned
- \param ses WOLFSSL_SESSION structure to get master secret buffer from.
- \param out buffer to hold data.
- \param outSz size of out buffer passed in. (if 0 function will
- return max buffer size needed)
- _Example_
- \code
- WOLFSSL_SESSION ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- // complete handshake and get session structure
- bufferSz = wolfSSL_SESSION_get_master_secret(ses, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_SESSION_get_master_secret(ses, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
- unsigned char* out, int outSz);
- /*!
- \ingroup Setup
- \brief This is used to get the master secret key length.
- \return size Returns master secret key size.
- \param ses WOLFSSL_SESSION structure to get master secret buffer from.
- _Example_
- \code
- WOLFSSL_SESSION ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- // complete handshake and get session structure
- bufferSz = wolfSSL_SESSION_get_master_secret_length(ses);
- buffer = malloc(bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
- /*!
- \ingroup Setup
- \brief This is a setter function for the WOLFSSL_X509_STORE
- structure in ctx.
- \return none No return.
- \param ctx pointer to the WOLFSSL_CTX structure for setting
- cert store pointer.
- \param str pointer to the WOLFSSL_X509_STORE to set in ctx.
- _Example_
- \code
- WOLFSSL_CTX ctx;
- WOLFSSL_X509_STORE* st;
- // setup ctx and st
- st = wolfSSL_CTX_set_cert_store(ctx, st);
- //use st
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
- WOLFSSL_X509_STORE* str);
- /*!
- \ingroup CertsKeys
- \brief This function get the DER buffer from bio and converts it
- to a WOLFSSL_X509 structure.
- \return pointer returns a WOLFSSL_X509 structure pointer on success.
- \return Null returns NULL on failure
- \param bio pointer to the WOLFSSL_BIO structure that has the DER
- certificate buffer.
- \param x509 pointer that get set to new WOLFSSL_X509 structure created.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* x509;
- // load DER into bio
- x509 = wolfSSL_d2i_X509_bio(bio, NULL);
- Or
- wolfSSL_d2i_X509_bio(bio, &x509);
- // use x509 returned (check for NULL)
- \endcode
- \sa none
- */
- WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509);
- /*!
- \ingroup Setup
- \brief This is a getter function for the WOLFSSL_X509_STORE
- structure in ctx.
- \return WOLFSSL_X509_STORE* On successfully getting the pointer.
- \return NULL Returned if NULL arguments are passed in.
- \param ctx pointer to the WOLFSSL_CTX structure for getting cert
- store pointer.
- _Example_
- \code
- WOLFSSL_CTX ctx;
- WOLFSSL_X509_STORE* st;
- // setup ctx
- st = wolfSSL_CTX_get_cert_store(ctx);
- //use st
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- \sa wolfSSL_CTX_set_cert_store
- */
- WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
- /*!
- \ingroup IO
- \brief Gets the number of pending bytes to read. If BIO type is BIO_BIO
- then is the number to read from pair. If BIO contains an SSL object then
- is pending data from SSL object (wolfSSL_pending(ssl)). If is BIO_MEMORY
- type then returns the size of memory buffer.
- \return >=0 number of pending bytes.
- \param bio pointer to the WOLFSSL_BIO structure that has already
- been created.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- int pending;
- bio = wolfSSL_BIO_new();
- …
- pending = wolfSSL_BIO_ctrl_pending(bio);
- \endcode
- \sa wolfSSL_BIO_make_bio_pair
- \sa wolfSSL_BIO_new
- */
- size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
- /*!
- \ingroup Setup
- \brief This is used to get the random data sent by the server
- during the handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer size
- needed is returned
- \param ssl WOLFSSL structure to get clients random data buffer from.
- \param out buffer to hold random data.
- \param outSz size of out buffer passed in. (if 0 function will return max
- buffer size needed)
- _Example_
- \code
- WOLFSSL ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- bufferSz = wolfSSL_get_server_random(ssl, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_get_server_random(ssl, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
- unsigned char *out, size_t outlen);
- /*!
- \ingroup Setup
- \brief This is used to get the random data sent by the client during
- the handshake.
- \return >0 On successfully getting data returns a value greater than 0
- \return 0 If no random data buffer or an error state returns 0
- \return max If outSz passed in is 0 then the maximum buffer size needed
- is returned
- \param ssl WOLFSSL structure to get clients random data buffer from.
- \param out buffer to hold random data.
- \param outSz size of out buffer passed in. (if 0 function will return max
- buffer size needed)
- _Example_
- \code
- WOLFSSL ssl;
- unsigned char* buffer;
- size_t bufferSz;
- size_t ret;
- bufferSz = wolfSSL_get_client_random(ssl, NULL, 0);
- buffer = malloc(bufferSz);
- ret = wolfSSL_get_client_random(ssl, buffer, bufferSz);
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
- unsigned char* out, size_t outSz);
- /*!
- \ingroup Setup
- \brief This is a getter function for the password callback set in ctx.
- \return func On success returns the callback function.
- \return NULL If ctx is NULL then NULL is returned.
- \param ctx WOLFSSL_CTX structure to get call back from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- wc_pem_password_cb cb;
- // setup ctx
- cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
- //use cb
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX*
- ctx);
- /*!
- \ingroup Setup
- \brief This is a getter function for the password callback user
- data set in ctx.
- \return pointer On success returns the user data pointer.
- \return NULL If ctx is NULL then NULL is returned.
- \param ctx WOLFSSL_CTX structure to get user data from.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- void* data;
- // setup ctx
- data = wolfSSL_CTX_get_default_passwd_cb(ctx);
- //use data
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_CTX_free
- */
- void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
- /*!
- \ingroup CertsKeys
- \brief This function behaves the same as wolfSSL_PEM_read_bio_X509.
- AUX signifies containing extra information such as trusted/rejected use
- cases and friendly name for human readability.
- \return WOLFSSL_X509 on successfully parsing the PEM buffer a WOLFSSL_X509
- structure is returned.
- \return Null if failed to parse PEM buffer.
- \param bp WOLFSSL_BIO structure to get PEM buffer from.
- \param x if setting WOLFSSL_X509 by function side effect.
- \param cb password callback.
- \param u NULL terminated user password.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_X509* x509;
- // setup bio
- X509 = wolfSSL_PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
- //check x509 is not null and then use it
- \endcode
- \sa wolfSSL_PEM_read_bio_X509
- */
- WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
- (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u);
- /*!
- \ingroup CertsKeys
- \brief Initializes the WOLFSSL_CTX structure’s dh member with the
- Diffie-Hellman parameters.
- \return SSL_SUCCESS returned if the function executed successfully.
- \return BAD_FUNC_ARG returned if the ctx or dh structures are NULL.
- \return SSL_FATAL_ERROR returned if there was an error setting a
- structure value.
- \return MEMORY_E returned if their was a failure to allocate memory.
- \param ctx a pointer to a WOLFSSL_CTX structure, created using
- wolfSSL_CTX_new().
- \param dh a pointer to a WOLFSSL_DH structure.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL_DH* dh;
- …
- return wolfSSL_CTX_set_tmp_dh(ctx, dh);
- \endcode
- \sa wolfSSL_BN_bn2bin
- */
- long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh);
- /*!
- \ingroup CertsKeys
- \brief This function get the DSA parameters from a PEM buffer in bio.
- \return WOLFSSL_DSA on successfully parsing the PEM buffer a WOLFSSL_DSA
- structure is created and returned.
- \return Null if failed to parse PEM buffer.
- \param bio pointer to the WOLFSSL_BIO structure for getting PEM
- memory pointer.
- \param x pointer to be set to new WOLFSSL_DSA structure.
- \param cb password callback function.
- \param u null terminated password string.
- _Example_
- \code
- WOLFSSL_BIO* bio;
- WOLFSSL_DSA* dsa;
- // setup bio
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- // check dsa is not NULL and then use dsa
- \endcode
- \sa none
- */
- WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
- WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u);
- /*!
- \ingroup Debug
- \brief This function returns the absolute value of the last error from
- WOLFSSL_ERROR encountered.
- \return error Returns absolute value of last error.
- \param none No parameters.
- _Example_
- \code
- unsigned long err;
- ...
- err = wolfSSL_ERR_peek_last_error();
- // inspect err value
- \endcode
- \sa wolfSSL_ERR_print_errors_fp
- */
- unsigned long wolfSSL_ERR_peek_last_error(void);
- /*!
- \ingroup CertsKeys
- \brief This function gets the peer’s certificate chain.
- \return pointer returns a pointer to the peer’s Certificate stack.
- \return NULL returned if no peer certificate.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
- WOLFSSL* ssl = wolfSSL_new(ctx);
- ...
- wolfSSL_connect(ssl);
- STACK_OF(WOLFSSL_X509)* chain = wolfSSL_get_peer_cert_chain(ssl);
- ifchain){
- // You have a pointer to the peer certificate chain
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- \sa wolfSSL_X509_get_isCA
- */
- WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
- /*!
- \ingroup Setup
- \brief This function resets option bits of WOLFSSL_CTX object.
- \return option new option bits
- \param ctx pointer to the SSL context.
- _Example_
- \code
- WOLFSSL_CTX* ctx = 0;
- ...
- wolfSSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1);
- \endcode
- \sa wolfSSL_CTX_new
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
- /*!
- \ingroup IO
- \brief This function sets the jObjectRef member of the WOLFSSL structure.
- \return SSL_SUCCESS returned if jObjectRef is properly set to objPtr.
- \return SSL_FAILURE returned if the function did not properly execute and
- jObjectRef is not set.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param objPtr a void pointer that will be set to jObjectRef.
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = WOLFSSL_new();
- void* objPtr = &obj;
- ...
- if(wolfSSL_set_jobject(ssl, objPtr)){
- // The success case
- }
- \endcode
- \sa wolfSSL_get_jobject
- */
- int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
- /*!
- \ingroup IO
- \brief This function returns the jObjectRef member of the WOLFSSL structure.
- \return value If the WOLFSSL struct is not NULL, the function returns the
- jObjectRef value.
- \return NULL returned if the WOLFSSL struct is NULL.
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
- WOLFSSL* ssl = wolfSSL(ctx);
- ...
- void* jobject = wolfSSL_get_jobject(ssl);
- if(jobject != NULL){
- // Success case
- }
- \endcode
- \sa wolfSSL_set_jobject
- */
- void* wolfSSL_get_jobject(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets a callback in the ssl. The callback is to
- observe handshake messages. NULL value of cb resets the callback.
- \return SSL_SUCCESS On success.
- \return SSL_FAILURE If an NULL ssl passed in.
- \param ssl WOLFSSL structure to set callback argument.
- _Example_
- \code
- static cb(int write_p, int version, int content_type,
- const void *buf, size_t len, WOLFSSL *ssl, void *arg)
- …
- WOLFSSL* ssl;
- ret = wolfSSL_set_msg_callback(ssl, cb);
- // check ret
- \endcode
- \sa wolfSSL_set_msg_callback_arg
- */
- int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
- /*!
- \ingroup Setup
- \brief This function sets associated callback context value in the ssl.
- The value is handed over to the callback argument.
- \return none No return.
- \param ssl WOLFSSL structure to set callback argument.
- _Example_
- \code
- static cb(int write_p, int version, int content_type,
- const void *buf, size_t len, WOLFSSL *ssl, void *arg)
- …
- WOLFSSL* ssl;
- ret = wolfSSL_set_msg_callback(ssl, cb);
- // check ret
- wolfSSL_set_msg_callback(ssl, arg);
- \endcode
- \sa wolfSSL_set_msg_callback
- */
- int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
- /*!
- \ingroup CertsKeys
- \brief This function returns the next, if any, altname from the peer certificate.
- \return NULL if there is not a next altname.
- \return cert->altNamesNext->name from the WOLFSSL_X509 structure that is a
- string value from the altName list is returned if it exists.
- \param cert a pointer to the wolfSSL_X509 structure.
- _Example_
- \code
- WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509);
- …
- int x509NextAltName = wolfSSL_X509_get_next_altname(x509);
- if(x509NextAltName == NULL){
- //There isn’t another alt name
- }
- \endcode
- \sa wolfSSL_X509_get_issuer_name
- \sa wolfSSL_X509_get_subject_name
- */
- char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
- /*!
- \ingroup CertsKeys
- \brief The function checks to see if x509 is NULL and if it’s not, it
- returns the notBefore member of the x509 struct.
- \return pointer to struct with ASN1_TIME to the notBefore
- member of the x509 struct.
- \return NULL the function returns NULL if the x509 structure is NULL.
- \param x509 a pointer to the WOLFSSL_X509 struct.
- _Example_
- \code
- WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALLOC(sizeof(WOLFSSL_X509), NULL,
- DYNAMIC_TYPE_X509) ;
- …
- const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509);
- if(notAfter == NULL){
- //The x509 object was NULL
- }
- \endcode
- \sa wolfSSL_X509_get_notAfter
- */
- WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509*);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates an SSL/TLS
- handshake with a server. When this function is called, the underlying
- communication channel has already been set up.
- wolfSSL_connect() works with both blocking and non-blocking I/O. When the
- underlying I/O is non-blocking, wolfSSL_connect() will return when the
- underlying I/O could not satisfy the needs of wolfSSL_connect to continue
- the handshake. In this case, a call to wolfSSL_get_error() will yield
- either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process
- must then repeat the call to wolfSSL_connect() when the underlying I/O is
- ready and wolfSSL will pick up where it left off. When using a non-blocking
- socket, nothing needs to be done, but select() can be used to check for the
- required condition.
- If the underlying I/O is blocking, wolfSSL_connect() will only return once
- the handshake has been finished or an error occurred.
- wolfSSL takes a different approach to certificate verification than OpenSSL
- does. The default policy for the client is to verify the server, this
- means that if you don't load CAs to verify the server you'll get a connect
- error, unable to verify (-155). It you want to mimic OpenSSL behavior of
- having SSL_connect succeed even if verifying the server fails and reducing
- security you can do this by calling:
- SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new();
- Though it's not recommended.
- \return SSL_SUCCESS If successful.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_accept
- */
- int wolfSSL_connect(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on the server side to indicate that a
- HelloRetryRequest message must contain a Cookie and, in case of using
- protocol DTLS v1.3, that the handshake will always include a cookie
- exchange. Please note that when using protocol DTLS v1.3, the cookie
- exchange is enabled by default. The Cookie holds a hash of the current
- transcript so that another server process can handle the ClientHello in
- reply. The secret is used when generating the integrity check on the Cookie
- data.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] secret a pointer to a buffer holding the secret.
- Passing NULL indicates to generate a new random secret.
- \param [in] secretSz Size of the secret in bytes.
- Passing 0 indicates to use the default size: WC_SHA256_DIGEST_SIZE (or WC_SHA_DIGEST_SIZE when SHA-256 not available).
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return WOLFSSL_SUCCESS if successful.
- \return MEMORY_ERROR if allocating dynamic memory for storing secret failed.
- \return Another -ve value on internal error.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char secret[32];
- ...
- ret = wolfSSL__send_hrr_cookie(ssl, secret, sizeof(secret));
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set use of Cookie and secret
- }
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_disable_hrr_cookie
- */
- int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
- const unsigned char* secret, unsigned int secretSz);
- /*!
- \ingroup Setup
- \brief This function is called on the server side to indicate that a
- HelloRetryRequest message must NOT contain a Cookie and that, if using
- protocol DTLS v1.3, a cookie exchange will not be included in the
- handshake. Please note that not doing a cookie exchange when using protocol
- DTLS v1.3 can make the server susceptible to DoS/Amplification attacks.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return WOLFSSL_SUCCESS if successful
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3
- \return SIDE_ERROR if invoked on client
- \sa wolfSSL_send_hrr_cookie
- */
- int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on the server to stop it from sending
- a resumption session ticket once the handshake is complete.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_no_ticket_TLSv13(ctx);
- if (ret != 0) {
- // failed to set no ticket
- }
- \endcode
- \sa wolfSSL_no_ticket_TLSv13
- */
- int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on the server to stop it from sending
- a resumption session ticket once the handshake is complete.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a client.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_no_ticket_TLSv13(ssl);
- if (ret != 0) {
- // failed to set no ticket
- }
- \endcode
- \sa wolfSSL_CTX_no_ticket_TLSv13
- */
- int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 wolfSSL context to disallow
- Diffie-Hellman (DH) style key exchanges when handshakes are using
- pre-shared keys for authentication.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_no_dhe_psk(ctx);
- if (ret != 0) {
- // failed to set no DHE for PSK handshakes
- }
- \endcode
- \sa wolfSSL_no_dhe_psk
- */
- int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- disallow Diffie-Hellman (DH) style key exchanges when handshakes are using
- pre-shared keys for authentication.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_no_dhe_psk(ssl);
- if (ret != 0) {
- // failed to set no DHE for PSK handshakes
- }
- \endcode
- \sa wolfSSL_CTX_no_dhe_psk
- */
- int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- force the rollover of keys. A KeyUpdate message is sent to the peer and
- new keys are calculated for encryption. The peer will send back a KeyUpdate
- message and the new decryption keys will then be calculated.
- This function can only be called after a handshake has been completed.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return WANT_WRITE if the writing is not ready.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_update_keys(ssl);
- if (ret == WANT_WRITE) {
- // need to call again when I/O ready
- }
- else if (ret != WOLFSSL_SUCCESS) {
- // failed to send key update
- }
- \endcode
- \sa wolfSSL_write
- */
- int wolfSSL_update_keys(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function is called on a TLS v1.3 client or server wolfSSL to
- determine whether a rollover of keys is in progress. When
- wolfSSL_update_keys() is called, a KeyUpdate message is sent and the
- encryption key is updated. The decryption key is updated when the response
- is received.
- \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [out] required 0 when no key update response required. 1 when no key update response required.
- \return 0 on successful.
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int required;
- ...
- ret = wolfSSL_key_update_response(ssl, &required);
- if (ret != 0) {
- // bad parameters
- }
- if (required) {
- // encrypt Key updated, awaiting response to change decrypt key
- }
- \endcode
- \sa wolfSSL_update_keys
- */
- int wolfSSL_key_update_response(WOLFSSL* ssl, int* required);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client wolfSSL context to allow
- a client certificate to be sent post handshake upon request from server.
- This is useful when connecting to a web server that has some pages that
- require client authentication and others that don't.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_allow_post_handshake_auth(ctx);
- if (ret != 0) {
- // failed to allow post handshake authentication
- }
- \endcode
- \sa wolfSSL_allow_post_handshake_auth
- \sa wolfSSL_request_certificate
- */
- int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
- /*!
- \ingroup Setup
- \brief This function is called on a TLS v1.3 client wolfSSL to allow
- a client certificate to be sent post handshake upon request from server.
- A Post-Handshake Client Authentication extension is sent in the ClientHello.
- This is useful when connecting to a web server that has some pages that
- require client authentication and others that don't.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_allow_post_handshake_auth(ssl);
- if (ret != 0) {
- // failed to allow post handshake authentication
- }
- \endcode
- \sa wolfSSL_CTX_allow_post_handshake_auth
- \sa wolfSSL_request_certificate
- */
- int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
- /*!
- \ingroup IO
- \brief This function requests a client certificate from the TLS v1.3 client.
- This is useful when a web server is serving some pages that require client
- authentication and others that don't.
- A maximum of 256 requests can be sent on a connection.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return WANT_WRITE if the writing is not ready.
- \return SIDE_ERROR if called with a client.
- \return NOT_READY_ERROR if called when the handshake is not finished.
- \return POST_HAND_AUTH_ERROR if posthandshake authentication is disallowed.
- \return MEMORY_E if dynamic memory allocation fails.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_request_certificate(ssl);
- if (ret == WANT_WRITE) {
- // need to call again when I/O ready
- }
- else if (ret != WOLFSSL_SUCCESS) {
- // failed to request a client certificate
- }
- \endcode
- \sa wolfSSL_allow_post_handshake_auth
- \sa wolfSSL_write
- */
- int wolfSSL_request_certificate(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL context in order of preference.
- The list is a null-terminated text string, and a colon-delimited list.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] list a string that is a colon-delimited list of elliptic curve
- groups.
- \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
- WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
- using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- const char* list = "P-384:P-256";
- ...
- ret = wolfSSL_CTX_set1_groups_list(ctx, list);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL in order of preference.
- The list is a null-terminated text string, and a colon-delimited list.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] list a string that is a colon separated list of key exchange
- groups.
- \return WOLFSSL_FAILURE if pointer parameters are NULL, there are more than
- WOLFSSL_MAX_GROUP_COUNT groups, a group name is not recognized or not
- using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- const char* list = "P-384:P-256";
- ...
- ret = wolfSSL_CTX_set1_groups_list(ssl, list);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
- /*!
- \ingroup TLS
- \brief This function returns the key exchange group the client prefers to
- use in the TLS v1.3 handshake.
- Call this function to after a handshake is complete to determine which
- group the server prefers so that this information can be used in future
- connections to pre-generate a key pair for key exchange.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return SIDE_ERROR if called with a server.
- \return NOT_READY_ERROR if called before handshake is complete.
- \return Group identifier if successful.
- _Example_
- \code
- int ret;
- int group;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_CTX_set1_groups_list(ssl)
- if (ret < 0) {
- // failed to get group
- }
- group = ret;
- \endcode
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- */
- int wolfSSL_preferred_group(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL context in order of preference.
- The list is an array of group identifiers with the number of identifiers
- specified in count.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] groups a list of key exchange groups by identifier.
- \param [in] count the number of key exchange groups in groups.
- \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
- exceeds WOLFSSL_MAX_GROUP_COUNT or not using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
- int count = 2;
- ...
- ret = wolfSSL_CTX_set1_groups_list(ctx, groups, count);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
- int count);
- /*!
- \ingroup Setup
- \brief This function sets the list of elliptic curve groups to allow on
- a wolfSSL.
- The list is an array of group identifiers with the number of identifiers
- specified in count.
- Call this function to set the key exchange elliptic curve parameters to
- use with the TLS v1.3 connections.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] groups a list of key exchange groups by identifier.
- \param [in] count the number of key exchange groups in groups.
- \return BAD_FUNC_ARG if a pointer parameter is null, the number of groups
- exceeds WOLFSSL_MAX_GROUP_COUNT, any of the identifiers are unrecognized or
- not using TLS v1.3.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int* groups = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_SECP256R1 };
- int count = 2;
- ...
- ret = wolfSSL_set_groups(ssl, groups, count);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_UseKeyShare
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_preferred_group
- */
- int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
- /*!
- \ingroup IO
- \brief This function is called on the client side and initiates a
- TLS v1.3 handshake with a server. When this function is called, the
- underlying communication channel has already been set up.
- wolfSSL_connect() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_connect() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_connect
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The
- calling process must then repeat the call to wolfSSL_connect() when
- the underlying I/O is ready and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O is
- blocking, wolfSSL_connect() will only return once the handshake has been
- finished or an error occurred. wolfSSL takes a different approach to
- certificate verification than OpenSSL does. The default policy for the
- client is to verify the server, this means that if you don't load CAs to
- verify the server you'll get a connect error, unable to verify (-155). It
- you want to mimic OpenSSL behavior of having SSL_connect succeed even if
- verifying the server fails and reducing security you can do this by
- calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling
- SSL_new(); Though it's not recommended.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_connect_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect
- \sa wolfSSL_accept_TLSv13
- \sa wolfSSL_accept
- */
- int wolfSSL_connect_TLSv13(WOLFSSL*);
- /*!
- \ingroup IO
- \brief This function is called on the server side and waits for a SSL/TLS
- client to initiate the SSL/TLS handshake. When this function is called,
- the underlying communication channel has already been set up.
- wolfSSL_accept() works with both blocking and non-blocking I/O.
- When the underlying I/O is non-blocking, wolfSSL_accept() will return
- when the underlying I/O could not satisfy the needs of wolfSSL_accept
- to continue the handshake. In this case, a call to wolfSSL_get_error()
- will yield either SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
- The calling process must then repeat the call to wolfSSL_accept when
- data is available to read and wolfSSL will pick up where it left off.
- When using a non-blocking socket, nothing needs to be done, but select()
- can be used to check for the required condition. If the underlying I/O
- is blocking, wolfSSL_accept() will only return once the handshake has
- been finished or an error occurred.
- Call this function when expecting a TLS v1.3 connection though older
- version ClientHello messages are supported.
- \return SSL_SUCCESS upon success.
- \return SSL_FATAL_ERROR will be returned if an error occurred. To get a
- more detailed error code, call wolfSSL_get_error().
- \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- char buffer[80];
- ...
- ret = wolfSSL_accept_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_get_error
- \sa wolfSSL_connect_TLSv13
- \sa wolfSSL_connect
- \sa wolfSSL_accept_TLSv13
- \sa wolfSSL_accept
- */
- wolfSSL_accept_TLSv13(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function sets the maximum amount of early data that a
- TLS v1.3 client or server is willing to exchange using the wolfSSL context.
- Call this function to limit the amount of early data to process to mitigate
- replay attacks. Early data is protected by keys derived from those of the
- connection that the session ticket was sent and therefore will be the same
- every time a session ticket is used in resumption.
- The value is included in the session ticket for resumption.
- A server value of zero indicates no early data is to be sent by client using
- session tickets. A client value of zero indicates that the client will
- not send any early data.
- It is recommended that the number of early data bytes be kept as low as
- practically possible in the application.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] sz the amount of early data to accept in bytes.
- \return BAD_FUNC_ARG if ctx is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- ...
- ret = wolfSSL_CTX_set_max_early_data(ctx, 128);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
- unsigned int sz);
- /*!
- \ingroup Setup
- \brief This function sets the maximum amount of early data that a
- TLS v1.3 client or server is willing to exchange.
- Call this function to limit the amount of early data to process to mitigate
- replay attacks. Early data is protected by keys derived from those of the
- connection that the session ticket was sent and therefore will be the same
- every time a session ticket is used in resumption.
- The value is included in the session ticket for resumption.
- A server value of zero indicates no early data is to be sent by client using
- session tickets. A client value of zero indicates that the client will
- not send any early data.
- It is recommended that the number of early data bytes be kept as low as
- practically possible in the application.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] sz the amount of early data to accept from client in bytes.
- \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3.
- \return 0 if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_set_max_early_data(ssl, 128);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set group list
- }
- \endcode
- \sa wolfSSL_CTX_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
- /*!
- \ingroup IO
- \brief This function writes early data to the server on resumption.
- Call this function instead of wolfSSL_connect() or wolfSSL_connect_TLSv13()
- to connect to the server and send the data in the handshake.
- This function is only used with clients.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] data the buffer holding the early data to write to server.
- \param [in] sz the amount of early data to write in bytes.
- \param [out] outSz the amount of early data written in bytes.
- \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
- not using TLSv1.3.
- \return SIDE_ERROR if called with a server.
- \return WOLFSSL_FATAL_ERROR if the connection is not made.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- byte earlyData[] = { early data };
- int outSz;
- char buffer[80];
- ...
- ret = wolfSSL_write_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- goto err_label;
- }
- if (outSz < sizeof(earlyData)) {
- // not all early data was sent
- }
- ret = wolfSSL_connect_TLSv13(ssl);
- if (ret != SSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- \endcode
- \sa wolfSSL_read_early_data
- \sa wolfSSL_connect
- \sa wolfSSL_connect_TLSv13
- */
- int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
- int sz, int* outSz);
- /*!
- \ingroup IO
- \brief This function reads any early data from a client on resumption.
- Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
- to accept a client and read any early data in the handshake. The function
- should be invoked until wolfSSL_is_init_finished() returns true. Early data
- may be sent by the client in multiple messsages. If there is no early data
- then the handshake will be processed as normal. This function is only used
- with servers.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [out] data a buffer to hold the early data read from client.
- \param [in] sz size of the buffer in bytes.
- \param [out] outSz number of bytes of early data read.
- \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
- not using TLSv1.3.
- \return SIDE_ERROR if called with a client.
- \return WOLFSSL_FATAL_ERROR if accepting a connection fails.
- \return Number of early data bytes read (may be zero).
- _Example_
- \code
- int ret = 0;
- int err = 0;
- WOLFSSL* ssl;
- byte earlyData[128];
- int outSz;
- char buffer[80];
- ...
- do {
- ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
- if (ret < 0) {
- err = wolfSSL_get_error(ssl, ret);
- printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
- }
- if (outSz > 0) {
- // early data available
- }
- } while (!wolfSSL_is_init_finished(ssl));
- \endcode
- \sa wolfSSL_write_early_data
- \sa wolfSSL_accept
- \sa wolfSSL_accept_TLSv13
- */
- int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
- int* outSz);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) client side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the client_psk_tls13_cb member of the
- WOLFSSL_CTX structure.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- ...
- wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx,
- wc_psk_client_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) client side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the client_psk_tls13_cb member of the options field in
- WOLFSSL structure.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 client.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
- wc_psk_client_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) server side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the server_psk_tls13_cb member of the
- WOLFSSL_CTX structure.
- \param [in,out] ctx a pointer to a WOLFSSL_CTX structure, created
- with wolfSSL_CTX_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
- _Example_
- \code
- WOLFSSL_CTX* ctx;
- ...
- wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_client_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_server_tls13_callback
- */
- void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX* ctx,
- wc_psk_server_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function sets the Pre-Shared Key (PSK) server side callback
- for TLS v1.3 connections.
- The callback is used to find a PSK identity and return its key and
- the name of the cipher to use for the handshake.
- The function sets the server_psk_tls13_cb member of the options field in
- WOLFSSL structure.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] cb a Pre-Shared Key (PSK) callback for a TLS 1.3 server.
- _Example_
- \code
- WOLFSSL* ssl;
- ...
- wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb);
- \endcode
- \sa wolfSSL_CTX_set_psk_client_tls13_callback
- \sa wolfSSL_set_psk_client_tls13_callback
- \sa wolfSSL_CTX_set_psk_server_tls13_callback
- */
- void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
- wc_psk_server_tls13_callback cb);
- /*!
- \ingroup Setup
- \brief This function creates a key share entry from the group including
- generating a key pair.
- The KeyShare extension contains all the generated public keys for key
- exchange. If this function is called, then only the groups specified will
- be included.
- Call this function when a preferred group has been previously established
- for the server.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \param [in] group a key exchange group identifier.
- \return BAD_FUNC_ARG if ssl is NULL.
- \return MEMORY_E when dynamic memory allocation fails.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set key share
- }
- \endcode
- \sa wolfSSL_preferred_group
- \sa wolfSSL_CTX_set1_groups_list
- \sa wolfSSL_set1_groups_list
- \sa wolfSSL_CTX_set_groups
- \sa wolfSSL_set_groups
- \sa wolfSSL_NoKeyShares
- */
- int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
- /*!
- \ingroup Setup
- \brief This function is called to ensure no key shares are sent in the
- ClientHello. This will force the server to respond with a HelloRetryRequest
- if a key exchange is required in the handshake.
- Call this function when the expected key exchange group is not known and
- to avoid the generation of keys unnecessarily.
- Note that an extra round-trip will be required to complete the handshake
- when a key exchange is required.
- \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
- \return BAD_FUNC_ARG if ssl is NULL.
- \return SIDE_ERROR if called with a server.
- \return WOLFSSL_SUCCESS if successful.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- ...
- ret = wolfSSL_NoKeyShares(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- // failed to set no key shares
- }
- \endcode
- \sa wolfSSL_UseKeyShare
- */
- int wolfSSL_NoKeyShares(WOLFSSL* ssl);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a server and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_server_method_ex(NULL);
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a client and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_client_method_ex(NULL);
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a server and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_server_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_server_method
- \sa wolfTLSv1_server_method
- \sa wolfTLSv1_1_server_method
- \sa wolfTLSv1_2_server_method
- \sa wolfTLSv1_3_server_method_ex
- \sa wolfDTLSv1_server_method
- \sa wolfSSLv23_server_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
- /*!
- \ingroup Setup
- \brief This function is used to indicate
- that the application is a client and will only support the TLS 1.3
- protocol. This function allocates memory for and initializes a new
- wolfSSL_METHOD structure to be used when creating the SSL/TLS context
- with wolfSSL_CTX_new().
- \return If successful, the call will return a pointer to the newly
- created WOLFSSL_METHOD structure.
- \return FAIL If memory allocation fails when calling XMALLOC, the failure
- value of the underlying malloc() implementation will be returned
- (typically NULL with errno will be set to ENOMEM).
- _Example_
- \code
- #include <wolfssl/ssl.h>
- WOLFSSL_METHOD* method;
- WOLFSSL_CTX* ctx;
- method = wolfTLSv1_3_client_method();
- if (method == NULL) {
- // unable to get method
- }
- ctx = wolfSSL_CTX_new(method);
- ...
- \endcode
- \sa wolfSSLv3_client_method
- \sa wolfTLSv1_client_method
- \sa wolfTLSv1_1_client_method
- \sa wolfTLSv1_2_client_method
- \sa wolfTLSv1_3_client_method_ex
- \sa wolfDTLSv1_client_method
- \sa wolfSSLv23_client_method
- \sa wolfSSL_CTX_new
- */
- WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfTLSv1_3_client_method except that it is not determined
- which side yet (server/client).
- \param [in] heap a pointer to a buffer that the static memory allocator will use during dynamic memory allocation.
- \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
- /*!
- \ingroup Setup
- \brief This function returns a WOLFSSL_METHOD similar to
- wolfTLSv1_3_client_method except that it is not determined
- which side yet (server/client).
- \return WOLFSSL_METHOD On successful creations returns a WOLFSSL_METHOD
- pointer
- \return NULL Null if memory allocation error or failure to create method
- _Example_
- \code
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
- // check ret value
- \endcode
- \sa wolfSSL_new
- \sa wolfSSL_free
- */
- WOLFSSL_METHOD *wolfTLSv1_3_method(void);
- /*!
- \ingroup SSL
- \brief This function sets a fixed / static ephemeral key for testing only
- \return 0 Key loaded successfully
- \param ctx A WOLFSSL_CTX context pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
- \param keySz key size (should be 0 for "key" arg is file path)
- \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
- \sa wolfSSL_CTX_get_ephemeral_key
- */
- int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const char* key, unsigned int keySz, int format);
- /*!
- \ingroup SSL
- \brief This function sets a fixed / static ephemeral key for testing only
- \return 0 Key loaded successfully
- \param ssl A WOLFSSL object pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key file path (if keySz == 0) or actual key buffer (PEM or ASN.1)
- \param keySz key size (should be 0 for "key" arg is file path)
- \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM
- \sa wolfSSL_get_ephemeral_key
- */
- int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format);
- /*!
- \ingroup SSL
- \brief This function returns pointer to loaded key as ASN.1/DER
- \return 0 Key returned successfully
- \param ctx A WOLFSSL_CTX context pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key buffer pointer
- \param keySz key size pointer
- \sa wolfSSL_CTX_set_ephemeral_key
- */
- int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
- const unsigned char** key, unsigned int* keySz);
- /*!
- \ingroup SSL
- \brief This function returns pointer to loaded key as ASN.1/DER
- \return 0 Key returned successfully
- \param ssl A WOLFSSL object pointer
- \param keyAlgo enum wc_PkType like WC_PK_TYPE_DH and WC_PK_TYPE_ECDH
- \param key key buffer pointer
- \param keySz key size pointer
- \sa wolfSSL_set_ephemeral_key
- */
- int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
- const unsigned char** key, unsigned int* keySz);
- /*!
- \ingroup SSL
- \brief Sign a message with the chosen message digest, padding, and RSA key
- \return WOLFSSL_SUCCESS on success and c on error
- \param type Hash NID
- \param m Message to sign. Most likely this will be the digest of
- the message to sign
- \param mLen Length of message to sign
- \param sigRet Output buffer
- \param sigLen On Input: length of sigRet buffer
- On Output: length of data written to sigRet
- \param rsa RSA key used to sign the input
- \param flag 1: Output the signature
- 0: Output the value that the unpadded signature should be
- compared to. Note: for RSA_PKCS1_PSS_PADDING the
- wc_RsaPSS_CheckPadding_ex function should be used to check
- the output of a *Verify* function.
- \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and
- RSA_PKCS1_PADDING are currently supported for signing.
- */
- int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
- unsigned int mLen, unsigned char* sigRet,
- unsigned int* sigLen, WOLFSSL_RSA* rsa,
- int flag, int padding);
- /*!
- \brief checks if DTLSv1.3 stack has some messages sent but not yet acknowledged
- by the other peer
- \return 1 if there are pending messages, 0 otherwise
- \param ssl A WOLFSSL object pointer
- */
- int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
- /*!
- \ingroup SSL
- \brief Get the maximum size of Early Data from a session.
- \param [in] s the WOLFSSL_SESSION instance.
- \return the value of max_early_data that was configured in the WOLFSSL* the session
- was derived from.
- \sa wolfSSL_set_max_early_data
- \sa wolfSSL_write_early_data
- \sa wolfSSL_read_early_data
- */
- unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s);
- /*!
- \ingroup SSL
- \brief Get a new index for external data. This entry applies also for the
- following API:
- - wolfSSL_CTX_get_ex_new_index
- - wolfSSL_get_ex_new_index
- - wolfSSL_SESSION_get_ex_new_index
- - wolfSSL_X509_get_ex_new_index
- \param [in] All input parameters are ignored. The callback functions are not
- supported with wolfSSL.
- \return The new index value to be used with the external data API for this
- object class.
- */
- int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*);
- /*!
- \ingroup Setup
- \brief In case this function is called in a client side, set certificate types
- that can be sent to its peer. In case called in a server side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_CTX_set_client_cert_type(ctx, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a server side, set certificate types
- that can be sent to its peer. In case called in a client side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL_CTX* ctx;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_CTX_set_server_cert_type(ctx, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a client side, set certificate types
- that can be sent to its peer. In case called in a server side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ssl WOLFSSL object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_set_client_cert_type(ssl, buf, len);
- \endcode
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
- /*!
- \ingroup Setup
- \brief In case this function is called in a server side, set certificate types
- that can be sent to its peer. In case called in a client side,
- set certificate types that can be acceptable from its peer. Put cert types in the
- buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509.
- In case both side intend to send or accept "Raw public key" cert,
- WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
- \return WOLFSSL_SUCCESS if cert types set successfully
- \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
- cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
- a duplicate value is found in buf.
- \param ctx WOLFSSL_CTX object pointer
- \param buf A buffer where certificate types are stored
- \param len buf size in bytes (same as number of certificate types included)
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509};
- int len = sizeof(buf)/sizeof(char);
- ...
- ret = wolfSSL_set_server_cert_type(ssl, buf, len);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
- /*!
- \ingroup SSL
- \brief This function returns the result of the client certificate type
- negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
- a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
- returned as the certificate type.
- \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
- \return BAD_FUNC_ARG if NULL was passed for ctx or tp
- \param ssl WOLFSSL object pointer
- \param tp A buffer where a certificate type is to be returned. One of three
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
- WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int tp;
- ...
- ret = wolfSSL_get_negotiated_client_cert_type(ssl, &tp);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_get_negotiated_server_cert_type
- */
- int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
- /*!
- \ingroup SSL
- \brief This function returns the result of the server certificate type
- negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
- a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
- returned as the certificate type.
- \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
- \return BAD_FUNC_ARG if NULL was passed for ctx or tp
- \param ssl WOLFSSL object pointer
- \param tp A buffer where a certificate type is to be returned. One of three
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
- WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
- _Example_
- \code
- int ret;
- WOLFSSL* ssl;
- int tp;
- ...
- ret = wolfSSL_get_negotiated_server_cert_type(ssl, &tp);
- \endcode
- \sa wolfSSL_set_client_cert_type
- \sa wolfSSL_CTX_set_client_cert_type
- \sa wolfSSL_set_server_cert_type
- \sa wolfSSL_CTX_set_server_cert_type
- \sa wolfSSL_get_negotiated_client_cert_type
- */
- int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp);
- /*!
- \brief Enable use of ConnectionID extensions for the SSL object. See RFC 9146
- and RFC 9147
- \return WOLFSSL_SUCCESS on success, error code otherwise
- \param ssl A WOLFSSL object pointer
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_use(WOLFSSL* ssl);
- /*!
- \brief If invoked after the handshake is complete it checks if ConnectionID was
- successfully negotiated for the SSL object. See RFC 9146 and RFC 9147
- \return 1 if ConnectionID was correctly negotiated, 0 otherwise
- \param ssl A WOLFSSL object pointer
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
- /*!
- \brief Set the ConnectionID used by the other peer to send records in this
- connection. See RFC 9146 and RFC 9147. The ConnectionID must be at maximum
- DTLS_CID_MAX_SIZE, that is an tunable compile time define, and it can't
- never be bigger than 255 bytes.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly set, error code otherwise
- \param ssl A WOLFSSL object pointern
- \param cid the ConnectionID to be used
- \param size of the ConnectionID provided
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid,
- unsigned int size);
- /*!
- \brief Get the size of the ConnectionID used by the other peer to send records
- in this connection. See RFC 9146 and RFC 9147. The size is stored in the
- parameter size.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly negotiated, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param size a pointer to an unsigned int where the size will be stored
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl,
- unsigned int* size);
- /*!
- \brief Copy the ConnectionID used by the other peer to send records in this
- connection into the buffer pointed by the parameter buffer. See RFC 9146 and RFC
- 9147. The available space in the buffer need to be provided in bufferSz.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param buffer A buffer where the ConnectionID will be copied
- \param bufferSz available space in buffer
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_tx_size
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
- unsigned int bufferSz);
- /*!
- \brief Get the size of the ConnectionID used to send records in this
- connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
- \return WOLFSSL_SUCCESS if ConnectionID size was correctly stored, error
- code otherwise
- \param ssl A WOLFSSL object pointern
- \param size a pointer to an unsigned int where the size will be stored
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx
- */
- int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size);
- /*!
- \brief Copy the ConnectionID used when sending records in this connection into
- the buffer pointer by the parameter buffer. See RFC 9146 and RFC 9147. The
- available size need to be provided in bufferSz.
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
- \param ssl A WOLFSSL object pointern
- \param buffer A buffer where the ConnectionID will be copied
- \param bufferSz available space in buffer
- \sa wolfSSL_dtls_cid_use
- \sa wolfSSL_dtls_cid_is_enabled
- \sa wolfSSL_dtls_cid_set
- \sa wolfSSL_dtls_cid_get_rx_size
- \sa wolfSSL_dtls_cid_get_rx
- \sa wolfSSL_dtls_cid_get_tx_size
- */
- int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
- unsigned int bufferSz);
- /*!
- \ingroup TLS
- \brief This function returns the raw list of ciphersuites and signature
- algorithms offered by the client. The lists are only stored and returned
- inside a callback setup with wolfSSL_CTX_set_cert_cb(). This is useful to
- be able to dynamically load certificates and keys based on the available
- ciphersuites and signature algorithms.
- \param [in] ssl The WOLFSSL object to extract the lists from.
- \param [out] optional suites Raw and unfiltered list of client ciphersuites
- \param [out] optional suiteSz Size of suites in bytes
- \param [out] optional hashSigAlgo Raw and unfiltered list of client
- signature algorithms
- \param [out] optional hashSigAlgoSz Size of hashSigAlgo in bytes
- \return WOLFSSL_SUCCESS when suites available
- \return WOLFSSL_FAILURE when suites not available
- _Example_
- \code
- int certCB(WOLFSSL* ssl, void* arg)
- {
- const byte* suites = NULL;
- word16 suiteSz = 0;
- const byte* hashSigAlgo = NULL;
- word16 hashSigAlgoSz = 0;
- wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo,
- &hashSigAlgoSz);
- // Choose certificate to load based on ciphersuites and sigalgs
- }
- WOLFSSL* ctx;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL));
- wolfSSL_CTX_set_cert_cb(ctx, certCB, NULL);
- \endcode
- \sa wolfSSL_get_ciphersuite_info
- \sa wolfSSL_get_sigalg_info
- */
- int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
- const byte** suites, word16* suiteSz,
- const byte** hashSigAlgo, word16* hashSigAlgoSz);
- /*!
- \ingroup TLS
- \brief This returns information about the ciphersuite directly from the
- raw ciphersuite bytes.
- \param [in] first First byte of the ciphersuite
- \param [in] second Second byte of the ciphersuite
- \return WOLFSSL_CIPHERSUITE_INFO A struct containing information about the
- type of authentication used in the ciphersuite.
- _Example_
- \code
- WOLFSSL_CIPHERSUITE_INFO info =
- wolfSSL_get_ciphersuite_info(suites[0], suites[1]);
- if (info.rsaAuth)
- haveRSA = 1;
- else if (info.eccAuth)
- haveECC = 1;
- \endcode
- \sa wolfSSL_get_client_suites_sigalgs
- \sa wolfSSL_get_sigalg_info
- */
- WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
- byte second);
- /*!
- \ingroup TLS
- \brief This returns information about the hash and signature algorithm
- directly from the raw ciphersuite bytes.
- \param [in] first First byte of the hash and signature algorithm
- \param [in] second Second byte of the hash and signature algorithm
- \param [out] hashAlgo The enum wc_HashType of the MAC algorithm
- \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
- \return 0 when info was correctly set
- \return BAD_FUNC_ARG when either input paramters are NULL or the bytes
- are not a recognized sigalg suite
- _Example_
- \code
- enum wc_HashType hashAlgo;
- enum Key_Sum sigAlgo;
- wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
- &hashAlgo, &sigAlgo);
- if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
- haveRSA = 1;
- else if (sigAlgo == ECDSAk)
- haveECC = 1;
- \endcode
- \sa wolfSSL_get_client_suites_sigalgs
- \sa wolfSSL_get_ciphersuite_info
- */
- int wolfSSL_get_sigalg_info(byte first, byte second,
- int* hashAlgo, int* sigAlgo);
|