Functions
wolfSSL Certificates and Keys

Functions

WOLFSSL_API int wc_KeyPemToDer (const unsigned char *, int, unsigned char *, int, const char *)
 Converts a key in PEM format to DER format. More...
 
WOLFSSL_API int wc_CertPemToDer (const unsigned char *, int, unsigned char *, int, int)
 This function converts a PEM formatted certificate to DER format. Calls OpenSSL function PemToDer. More...
 
WOLFSSL_API int wolfSSL_CTX_use_certificate_file (WOLFSSL_CTX *, const char *, int)
 This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file (WOLFSSL_CTX *, const char *, int)
 This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_load_verify_locations (WOLFSSL_CTX *, const char *, const char *)
 This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”. More...
 
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex (WOLFSSL_CTX *, const char *, const char *, unsigned int flags)
 This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”. More...
 
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file (WOLFSSL_CTX *, const char *file)
 This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert. More...
 
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations (WOLFSSL_CTX *, const char *, int)
 This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as well. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The format argument specifies the format which the certificates are in either, SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path. Note that this function is only available when the wolfSSL library was compiled with WOLFSSL_DER_LOAD defined. More...
 
WOLFSSL_API void wolfSSL_SetCertCbCtx (WOLFSSL *, void *)
 This function stores user CTX object information for verify callback. More...
 
WOLFSSL_API int wolfSSL_CTX_save_cert_cache (WOLFSSL_CTX *, const char *)
 This function writes the cert cache from memory to file. More...
 
WOLFSSL_API int wolfSSL_CTX_restore_cert_cache (WOLFSSL_CTX *, const char *)
 This function persistes certificate cache from a file. More...
 
WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache (WOLFSSL_CTX *, void *, int, int *)
 This function persists the certificate cache to memory. More...
 
WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize (WOLFSSL_CTX *)
 Returns the size the certificate cache save buffer needs to be. More...
 
WOLFSSL_API char * wolfSSL_X509_NAME_oneline (WOLFSSL_X509_NAME *, char *, int)
 This function copies the name of the x509 into a buffer. More...
 
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_issuer_name (WOLFSSL_X509 *)
 This function returns the name of the certificate issuer. More...
 
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_subject_name (WOLFSSL_X509 *)
 This function returns the subject member of the WOLFSSL_X509 structure. More...
 
WOLFSSL_API int wolfSSL_X509_get_isCA (WOLFSSL_X509 *)
 Checks the isCa member of the WOLFSSL_X509 structure and returns the value. More...
 
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID (WOLFSSL_X509_NAME *, int, char *, int)
 This function gets the text related to the passed in NID value. More...
 
WOLFSSL_API int wolfSSL_X509_get_signature_type (WOLFSSL_X509 *)
 This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure. More...
 
WOLFSSL_API int wolfSSL_X509_get_signature (WOLFSSL_X509 *, unsigned char *, int *)
 Gets the X509 signature and stores it in the buffer. More...
 
WOLFSSL_API int wolfSSL_X509_STORE_add_cert (WOLFSSL_X509_STORE *, WOLFSSL_X509 *)
 This function adds a certificate to the WOLFSSL_X509_STRE structure. More...
 
WOLFSSL_API WOLFSSL_STACK * wolfSSL_X509_STORE_CTX_get_chain (WOLFSSL_X509_STORE_CTX *ctx)
 This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated. More...
 
WOLFSSL_API int wolfSSL_X509_STORE_set_flags (WOLFSSL_X509_STORE *store, unsigned long flag)
 This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in. An example of a flag used is WOLFSSL_CRL_CHECK. More...
 
WOLFSSL_API const byte * wolfSSL_X509_notBefore (WOLFSSL_X509 *x509)
 This function the certificate "not before" validity encoded as a byte array. More...
 
WOLFSSL_API const byte * wolfSSL_X509_notAfter (WOLFSSL_X509 *x509)
 This function the certificate "not after" validity encoded as a byte array. More...
 
WOLFSSL_API const char * wolfSSL_get_psk_identity_hint (const WOLFSSL *)
 This function returns the psk identity hint. More...
 
WOLFSSL_API const char * wolfSSL_get_psk_identity (const WOLFSSL *)
 The function returns a constant pointer to the client_identity member of the Arrays structure. More...
 
WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint (WOLFSSL_CTX *, const char *)
 This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure. More...
 
WOLFSSL_API int wolfSSL_use_psk_identity_hint (WOLFSSL *, const char *)
 This function stores the hint argument in the server_hint member of the Arrays structure within the WOLFSSL structure. More...
 
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_peer_certificate (WOLFSSL *ssl)
 This function gets the peer’s certificate. More...
 
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_chain_X509 (WOLFSSL_X509_CHAIN *, int idx)
 This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates. More...
 
WOLFSSL_API char * wolfSSL_X509_get_subjectCN (WOLFSSL_X509 *)
 Returns the common name of the subject from the certificate. More...
 
WOLFSSL_API const unsigned char * wolfSSL_X509_get_der (WOLFSSL_X509 *, int *)
 This function gets the DER encoded certificate in the WOLFSSL_X509 struct. More...
 
WOLFSSL_API WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notAfter (WOLFSSL_X509 *)
 This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x509 struct. More...
 
WOLFSSL_API int wolfSSL_X509_version (WOLFSSL_X509 *)
 This function retrieves the version of the X509 certificate. More...
 
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_d2i_fp (WOLFSSL_X509 **x509, FILE *file)
 If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it. More...
 
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_load_certificate_file (const char *fname, int format)
 The function loads the x509 certificate into memory. More...
 
WOLFSSL_API unsigned char * wolfSSL_X509_get_device_type (WOLFSSL_X509 *, unsigned char *, int *)
 This function copies the device type from the x509 structure to the buffer. More...
 
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_type (WOLFSSL_X509 *, unsigned char *, int *)
 The function copies the hwType member of the WOLFSSL_X509 structure to the buffer. More...
 
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_serial_number (WOLFSSL_X509 *, unsigned char *, int *)
 This function returns the hwSerialNum member of the x509 object. More...
 
WOLFSSL_API int wolfSSL_SetTmpDH (WOLFSSL *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
 Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE. More...
 
WOLFSSL_API int wolfSSL_SetTmpDH_buffer (WOLFSSL *, const unsigned char *b, long sz, int format)
 The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman parameters. More...
 
WOLFSSL_API int wolfSSL_SetTmpDH_file (WOLFSSL *, const char *f, int format)
 This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters. More...
 
WOLFSSL_API int wolfSSL_CTX_SetTmpDH (WOLFSSL_CTX *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
 Sets the parameters for the server CTX Diffie-Hellman. More...
 
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer (WOLFSSL_CTX *, const unsigned char *b, long sz, int format)
 A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper. More...
 
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file (WOLFSSL_CTX *, const char *f, int format)
 The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters. More...
 
WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz (WOLFSSL_CTX *ctx, word16)
 This function sets the minimum size (in bits) of the Diffie Hellman key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure. More...
 
WOLFSSL_API int wolfSSL_SetMinDhKey_Sz (WOLFSSL *, word16)
 Sets the minimum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure. More...
 
WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz (WOLFSSL_CTX *, word16)
 This function sets the maximum size (in bits) of the Diffie Hellman key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure. More...
 
WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz (WOLFSSL *, word16)
 Sets the maximum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure. More...
 
WOLFSSL_API int wolfSSL_GetDhKey_Sz (WOLFSSL *)
 Returns the value of dhKeySz (in bits) that is a member of the options structure. This value represents the Diffie-Hellman key size in bytes. More...
 
WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz (WOLFSSL_CTX *, short)
 Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structure. More...
 
WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz (WOLFSSL *, short)
 Sets the minimum allowable key size in bits for RSA located in the WOLFSSL structure. More...
 
WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz (WOLFSSL_CTX *, short)
 Sets the minimum size in bits for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER structure. More...
 
WOLFSSL_API int wolfSSL_SetMinEccKey_Sz (WOLFSSL *, short)
 Sets the value of the minEccKeySz member of the options structure. The options struct is a member of the WOLFSSL structure and is accessed through the ssl parameter. More...
 
WOLFSSL_API int wolfSSL_make_eap_keys (WOLFSSL *, void *key, unsigned int len, const char *label)
 This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret. More...
 
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer (WOLFSSL_CTX *, const unsigned char *, long, int)
 This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex (WOLFSSL_CTX *, const unsigned char *, long, int, int, word32)
 This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. The _ex version was added in PR 2413 and supports additional arguments for userChain and flags. More...
 
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format (WOLFSSL_CTX *, const unsigned char *, long, int)
 This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer (WOLFSSL_CTX *, const unsigned char *, long, int)
 This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer (WOLFSSL_CTX *, const unsigned char *, long, int)
 This function loads a private key buffer into the SSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer (WOLFSSL_CTX *, const unsigned char *, long)
 This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_use_certificate_buffer (WOLFSSL *, const unsigned char *, long, int)
 This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer (WOLFSSL *, const unsigned char *, long, int)
 This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer (WOLFSSL *, const unsigned char *, long)
 This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage. More...
 
WOLFSSL_API int wolfSSL_UnloadCertsKeys (WOLFSSL *)
 This function unloads any certificates or keys that SSL owns. More...
 
WOLFSSL_API int wolfSSL_GetIVSize (WOLFSSL *)
 Returns the iv_size member of the specs structure held in the WOLFSSL struct. More...
 
WOLFSSL_API void wolfSSL_KeepArrays (WOLFSSL *)
 Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function before the handshake begins will prevent wolfSSL from freeing temporary arrays. Temporary arrays may be needed for things such as wolfSSL_get_keys() or PSK hints. When the user is done with temporary arrays, either wolfSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed. More...
 
WOLFSSL_API void wolfSSL_FreeArrays (WOLFSSL *)
 Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() has been called before the handshake, wolfSSL will not free temporary arrays. This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources. More...
 
WOLFSSL_API int wolfSSL_DeriveTlsKeys (unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type)
 An external facing wrapper to derive TLS Keys. More...
 
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID (const WOLFSSL_X509 *x509, int nid, int lastPos)
 This function looks for and returns the extension index matching the passed in NID value. More...
 
WOLFSSL_API void * wolfSSL_X509_get_ext_d2i (const WOLFSSL_X509 *x509, int nid, int *c, int *idx)
 This function looks for and returns the extension matching the passed in NID value. More...
 
WOLFSSL_API int wolfSSL_X509_digest (const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len)
 This function returns the hash of the DER certificate. More...
 
WOLFSSL_API int wolfSSL_use_PrivateKey (WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey)
 This is used to set the private key for the WOLFSSL structure. More...
 
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1 (int pri, WOLFSSL *ssl, unsigned char *der, long derSz)
 This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected. More...
 
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1 (WOLFSSL *ssl, unsigned char *der, long derSz)
 This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expected. More...
 
WOLFSSL_API WOLFSSL_DH * wolfSSL_DSA_dup_DH (const WOLFSSL_DSA *r)
 This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure. More...
 
WOLFSSL_X509 * wolfSSL_d2i_X509_bio (WOLFSSL_BIO *bio, WOLFSSL_X509 **x509)
 This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure. More...
 
WOLFSSL_API WOLFSSL_X509 * wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u)
 This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra information such as trusted/rejected use cases and friendly name for human readability. More...
 
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh (WOLFSSL_CTX *, WOLFSSL_DH *)
 Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters. More...
 
WOLFSSL_API WOLFSSL_DSA * wolfSSL_PEM_read_bio_DSAparams (WOLFSSL_BIO *bp, WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u)
 This function get the DSA parameters from a PEM buffer in bio. More...
 
WOLFSSL_API WOLF_STACK_OF (WOLFSSL_X509)*wolfSSL_get_peer_cert_chain(const WOLFSSL *)
 This function gets the peer’s certificate chain. More...
 
WOLFSSL_API char * wolfSSL_X509_get_next_altname (WOLFSSL_X509 *)
 This function returns the next, if any, altname from the peer certificate. More...
 
WOLFSSL_API WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notBefore (WOLFSSL_X509 *)
 The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x509 struct. More...
 

Detailed Description

Function Documentation

WOLFSSL_API int wc_CertPemToDer ( const unsigned char *  ,
int  ,
unsigned char *  ,
int  ,
int   
)

This function converts a PEM formatted certificate to DER format. Calls OpenSSL function PemToDer.

Returns
buffer returns the bytes written to the buffer.
Parameters
pempointer PEM formatted certificate.
pemSzsize of the certificate.
buffbuffer to be copied to DER format.
buffSzsize of the buffer.
typeCertificate file type found in asn_public.h enum CertType.

Example

1 const unsigned char* pem;
2 int pemSz;
3 unsigned char buff[BUFSIZE];
4 int buffSz = sizeof(buff)/sizeof(char);
5 int type;
6 ...
7 if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
8  // There were bytes written to buffer
9 }
See also
wc_PemToDer
WOLFSSL_API int wc_KeyPemToDer ( const unsigned char *  ,
int  ,
unsigned char *  ,
int  ,
const char *   
)

Converts a key in PEM format to DER format.

Returns
int the function returns the number of bytes written to the buffer on successful execution.
int negative int returned indicating an error.
Parameters
pema pointer to the PEM encoded certificate.
pemSzthe size of the PEM buffer (pem)
buffa pointer to the copy of the buffer member of the DerBuffer struct.
buffSzsize of the buffer space allocated in the DerBuffer struct.
passpassword passed into the function.

Example

1 byte* loadBuf;
2 long fileSz = 0;
3 byte* bufSz;
4 static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
5 const char* keyFile,
6  int typeKey, const char* password);
7 …
8 bufSz = wc_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
9 (int)fileSz, password);
10 
11 if(saveBufSz > 0){
12  // Bytes were written to the buffer.
13 }
See also
wc_PemToDer
WOLFSSL_API WOLF_STACK_OF ( WOLFSSL_X509  ) const

This function gets the peer’s certificate chain.

Returns
pointer returns a pointer to the peer’s Certificate stack.
NULL returned if no peer certificate.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 ...
4 wolfSSL_connect(ssl);
5 STACK_OF(WOLFSSL_X509)* chain = wolfSSL_get_peer_cert_chain(ssl);
6 ifchain){
7  // You have a pointer to the peer certificate chain
8 }
See also
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_isCA
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations ( WOLFSSL_CTX *  ,
const char *  ,
int   
)

This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatted CA files into the SSL context (WOLFSSL_CTX). It may still be used to load PEM-formatted CA files as well. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The format argument specifies the format which the certificates are in either, SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 (DER). Unlike wolfSSL_CTX_load_verify_locations, this function does not allow the loading of CA certificates from a given directory path. Note that this function is only available when the wolfSSL library was compiled with WOLFSSL_DER_LOAD defined.

Returns
SSL_SUCCESS upon success.
SSL_FAILURE upon failure.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new()
filea pointer to the name of the file containing the CA certificates to be loaded into the wolfSSL SSL context, with format as specified by format.
formatthe encoding type of the certificates specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1.

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.der”,
5  SSL_FILETYPE_ASN1);
6 if (ret != SSL_SUCCESS) {
7  // error loading CA certs
8 }
9 ...
See also
wolfSSL_CTX_load_verify_locations
wolfSSL_CTX_load_verify_buffer
WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize ( WOLFSSL_CTX *  )

Returns the size the certificate cache save buffer needs to be.

Returns
int integer value returned representing the memory size upon success.
BAD_FUNC_ARG is returned if the WOLFSSL_CTX struct is NULL.
BAD_MUTEX_E - returned if there was a mutex lock error.
Parameters
ctxa pointer to a wolfSSL_CTX structure, created using wolfSSL_CTX_new().

Example

1 WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol);
2 ...
3 int certCacheSize = wolfSSL_CTX_get_cert_cache_memsize(ctx);
4 
5 if(certCacheSize != BAD_FUNC_ARG || certCacheSize != BAD_MUTEX_E){
6 // Successfully retrieved the memory size.
7 }
See also
CM_GetCertCacheMemSize
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inpointer to the CA certificate buffer.
szsize of the input CA certificate buffer, in.
formatformat of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte certBuff[...];
5 ...
6 
7 ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
8 if (ret != SSL_SUCCESS) {
9  // error loading CA certs from buffer
10 }
11 ...
See also
wolfSSL_CTX_load_verify_locations
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long  ,
int  ,
int  ,
word32   
)

This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. The _ex version was added in PR 2413 and supports additional arguments for userChain and flags.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inpointer to the CA certificate buffer.
szsize of the input CA certificate buffer, in.
formatformat of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
userChainIf using format WOLFSSL_FILETYPE_ASN1 this set to non-zero indicates a chain of DER's is being presented.
flagsSee ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte certBuff[...];
5 ...
6 
7 // Example for force loading an expired certificate
8 ret = wolfSSL_CTX_load_verify_buffer_ex(ctx, certBuff, sz, SSL_FILETYPE_PEM,
9  0, (WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
10 if (ret != SSL_SUCCESS) {
11  // error loading CA certs from buffer
12 }
13 ...
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_load_verify_locations
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More than one CA certificate may be loaded per buffer as long as the format is in PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inpointer to the CA certificate buffer.
szsize of the input CA certificate buffer, in.
formatformat of the buffer certificate, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte certBuff[...];
5 ...
6 
7 ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
8  certBuff, sz, WOLFSSL_FILETYPE_ASN1);
9 if (ret != SSL_SUCCESS) {
10  // error loading CA certs from buffer
11 }
12 ...
See also
wolfSSL_CTX_load_verify_locations
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_load_verify_locations ( WOLFSSL_CTX *  ,
const char *  ,
const char *   
)

This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”.

Returns
SSL_SUCCESS up success.
SSL_FAILURE will be returned if ctx is NULL, or if both file and path are NULL.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
ASN_BEFORE_DATE_E will be returned if the current date is before the before date.
ASN_AFTER_DATE_E will be returned if the current date is after the after date.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
BAD_PATH_ERROR will be returned if opendir() fails when trying to open path.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
filepointer to name of the file containing PEM-formatted CA certificates.
pathpointer to the name of a directory to load PEM-formatted certificates from.

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_load_verify_locations(ctx, “./ca-cert.pem”, NULL);
5 if (ret != WOLFSSL_SUCCESS) {
6  // error loading CA certs
7 }
8 ...
See also
wolfSSL_CTX_load_verify_locations_ex
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_file
wolfSSL_CTX_use_PrivateKey_file
wolfSSL_CTX_use_certificate_chain_file
wolfSSL_use_certificate_file
wolfSSL_use_PrivateKey_file
wolfSSL_use_certificate_chain_file
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex ( WOLFSSL_CTX *  ,
const char *  ,
const char *  ,
unsigned int  flags 
)

This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”.

Returns
SSL_SUCCESS up success.
SSL_FAILURE will be returned if ctx is NULL, or if both file and path are NULL. This will also be returned if at least one cert is loaded successfully but there is one or more that failed. Check error stack for reason.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
BAD_PATH_ERROR will be returned if opendir() fails when trying to open path.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
filepointer to name of the file containing PEM-formatted CA certificates.
pathpointer to the name of a directory to load PEM-formatted certificates from.
flagspossible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NUULL, “./certs/external",
5  WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
6 if (ret != WOLFSSL_SUCCESS) {
7  // error loading CA certs
8 }
9 ...
See also
wolfSSL_CTX_load_verify_locations
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_file
wolfSSL_CTX_use_PrivateKey_file
wolfSSL_CTX_use_certificate_chain_file
wolfSSL_use_certificate_file
wolfSSL_use_PrivateKey_file
wolfSSL_use_certificate_chain_file
WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache ( WOLFSSL_CTX *  ,
void *  ,
int  ,
int *   
)

This function persists the certificate cache to memory.

Returns
SSL_SUCCESS returned on successful execution of the function. No errors were thrown.
BAD_MUTEX_E mutex error where the WOLFSSL_CERT_MANAGER member caLock was not 0 (zero).
BAD_FUNC_ARG returned if ctx, mem, or used is NULL or if sz is less than or equal to 0 (zero).
BUFFER_E output buffer mem was too small.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
mema void pointer to the destination (output buffer).
szthe size of the output buffer.
useda pointer to size of the cert cache header.

Example

1 WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
2 void* mem;
3 int sz;
4 int* used;
5 ...
6 if(wolfSSL_CTX_memsave_cert_cache(ctx, mem, sz, used) != SSL_SUCCESS){
7  // The function returned with an error
8 }
See also
DoMemSaveCertCache
GetCertCacheMemSize
CM_MemRestoreCertCache
CM_GetCertCacheMemSize
WOLFSSL_API int wolfSSL_CTX_restore_cert_cache ( WOLFSSL_CTX *  ,
const char *   
)

This function persistes certificate cache from a file.

Returns
SSL_SUCCESS returned if the function, CM_RestoreCertCache, executes normally.
SSL_BAD_FILE returned if XFOPEN returns XBADFILE. The file is corrupted.
MEMORY_E returned if the allocated memory for the temp buffer fails.
BAD_FUNC_ARG returned if fname or ctx have a NULL value.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, holding the certificate information.
fnamethe cert cache buffer.

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 const char* fname = "path to file";
4 ...
5 if(wolfSSL_CTX_restore_cert_cache(ctx, fname)){
6  // check to see if the execution was successful
7 }
See also
CM_RestoreCertCache
XFOPEN
WOLFSSL_API int wolfSSL_CTX_save_cert_cache ( WOLFSSL_CTX *  ,
const char *   
)

This function writes the cert cache from memory to file.

Returns
SSL_SUCCESS if CM_SaveCertCache exits normally.
BAD_FUNC_ARG is returned if either of the arguments are NULL.
SSL_BAD_FILE if the cert cache save file could not be opened.
BAD_MUTEX_E if the lock mutex failed.
MEMORY_E the allocation of memory failed.
FWRITE_ERROR Certificate cache file write failed.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, holding the certificate information.
fnamethe cert cache buffer.

Example

1 WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def );
2 const char* fname;
3 ...
4 if(wolfSSL_CTX_save_cert_cache(ctx, fname)){
5  // file was written.
6 }
See also
CM_SaveCertCache
DoMemSaveCertCache
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh ( WOLFSSL_CTX *  ,
WOLFSSL_DH *   
)

Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters.

Returns
SSL_SUCCESS returned if the function executed successfully.
BAD_FUNC_ARG returned if the ctx or dh structures are NULL.
SSL_FATAL_ERROR returned if there was an error setting a structure value.
MEMORY_E returned if their was a failure to allocate memory.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
dha pointer to a WOLFSSL_DH structure.

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
2 WOLFSSL_DH* dh;
3 …
4 return wolfSSL_CTX_set_tmp_dh(ctx, dh);
See also
wolfSSL_BN_bn2bin
WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz ( WOLFSSL_CTX *  ,
word16   
)

This function sets the maximum size (in bits) of the Diffie Hellman key size by accessing the maxDhKeySz member in the WOLFSSL_CTX structure.

Returns
SSL_SUCCESS returned if the function completes successfully.
BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if the keySz_bits is greater than 16,000 or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySz_bitsa word16 type used to set the maximum DH key size in bits. The WOLFSSL_CTX struct holds this information in the maxDhKeySz member.

Example

1 public static int CTX_SetMaxDhKey_Sz(IntPtr ctx, short maxDhKey){
2 …
3 return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits);
See also
wolfSSL_SetMinDhKey_Sz
wolfSSL_CTX_SetMinDhKey_Sz
wolfSSL_SetMaxDhKey_Sz
wolfSSL_GetDhKey_Sz
wolfSSL_CTX_SetTMpDH_file
WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz ( WOLFSSL_CTX *  ctx,
word16   
)

This function sets the minimum size (in bits) of the Diffie Hellman key size by accessing the minDhKeySz member in the WOLFSSL_CTX structure.

Returns
SSL_SUCCESS returned if the function completes successfully.
BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if the keySz_bits is greater than 16,000 or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySz_bitsa word16 type used to set the minimum DH key size in bits. The WOLFSSL_CTX struct holds this information in the minDhKeySz member.

Example

1 public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey){
2 …
3 return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits);
See also
wolfSSL_SetMinDhKey_Sz
wolfSSL_CTX_SetMaxDhKey_Sz
wolfSSL_SetMaxDhKey_Sz
wolfSSL_GetDhKey_Sz
wolfSSL_CTX_SetTMpDH_file
WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz ( WOLFSSL_CTX *  ,
short   
)

Sets the minimum size in bits for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER structure.

Returns
SSL_SUCCESS returned for a successful execution and the minEccKeySz member is set.
BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if the keySz is negative or not divisible by 8.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
keySza short integer type that represents the minimum ECC key size in bits.

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
2 short keySz; // minimum key size
3 …
4 if(wolfSSL_CTX_SetMinEccKey(ctx, keySz) != SSL_SUCCESS){
5  // Failed to set min key size
6 }
See also
wolfSSL_SetMinEccKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz ( WOLFSSL_CTX *  ,
short   
)

Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structure.

Returns
SSL_SUCCESS returned on successful execution of the function.
BAD_FUNC_ARG returned if the ctx structure is NULL or the keySz is less than zero or not divisible by 8.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
keySza short integer type stored in minRsaKeySz in the ctx structure and the cm structure converted to bytes.

Example

1 WOLFSSL_CTX* ctx = SSL_CTX_new(method);
2 (void)minDhKeyBits;
3 ourCert = myoptarg;
4 …
5 minDhKeyBits = atoi(myoptarg);
6 …
7 if(wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
8 …
See also
wolfSSL_SetMinRsaKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetTmpDH ( WOLFSSL_CTX *  ,
const unsigned char *  p,
int  pSz,
const unsigned char *  g,
int  gSz 
)

Sets the parameters for the server CTX Diffie-Hellman.

Returns
SSL_SUCCESS returned if the function and all subroutines return without error.
BAD_FUNC_ARG returned if the CTX, p or g parameters are NULL.
DH_KEY_SIZE_E returned if the DH parameter's key size is less than the value of the minDhKeySz member of the WOLFSSL_CTX struct.
DH_KEY_SIZE_E returned if the DH parameter's key size is greater than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
MEMORY_E returned if the allocation of memory failed in this function or a subroutine.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
pa constant unsigned char pointer loaded into the buffer member of the serverDH_P struct.
pSzan int type representing the size of p, initialized to MAX_DH_SIZE.
ga constant unsigned char pointer loaded into the buffer member of the serverDH_G struct.
gSzan int type representing the size of g, initialized ot MAX_DH_SIZE.

Exmaple

1 WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol );
2 byte* p;
3 byte* g;
4 word32 pSz = (word32)sizeof(p)/sizeof(byte);
5 word32 gSz = (word32)sizeof(g)/sizeof(byte);
6 …
7 int ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
8 
9 if(ret != SSL_SUCCESS){
10  // Failure case
11 }
See also
wolfSSL_SetTmpDH
wc_DhParamsLoad
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer ( WOLFSSL_CTX *  ,
const unsigned char *  b,
long  sz,
int  format 
)

A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper.

Returns
0 returned for a successful execution.
BAD_FUNC_ARG returned if the ctx or buf parameters are NULL.
MEMORY_E if there is a memory allocation error.
SSL_BAD_FILETYPE returned if format is not correct.
Parameters
ctxa pointer to a WOLFSSL structure, created using wolfSSL_CTX_new().
bufa pointer to a constant unsigned char type that is allocated as the buffer and passed through to wolfSSL_SetTmpDH_buffer_wrapper.
sza long integer type that is derived from the fname parameter in wolfSSL_SetTmpDH_file_wrapper().
formatan integer type passed through from wolfSSL_SetTmpDH_file_wrapper().

Example

1 static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
2 Const char* fname, int format);
3 #ifdef WOLFSSL_SMALL_STACK
4 byte staticBuffer[1]; // force heap usage
5 #else
6 byte* staticBuffer;
7 long sz = 0;
8 …
9 if(ssl){
10  ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
11 } else {
12 ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
13 }
See also
wolfSSL_SetTmpDH_buffer_wrapper
wolfSSL_SetTMpDH_buffer
wolfSSL_SetTmpDH_file_wrapper
wolfSSL_CTX_SetTmpDH_file
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file ( WOLFSSL_CTX *  ,
const char *  f,
int  format 
)

The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters.

Returns
SSL_SUCCESS returned if the wolfSSL_SetTmpDH_file_wrapper or any of its subroutines return successfully.
MEMORY_E returned if an allocation of dynamic memory fails in a subroutine.
BAD_FUNC_ARG returned if the ctx or fname parameters are NULL or if a subroutine is passed a NULL argument.
SSL_BAD_FILE returned if the certificate file is unable to open or if the a set of checks on the file fail from wolfSSL_SetTmpDH_file_wrapper.
SSL_BAD_FILETYPE returned if the format is not PEM or ASN.1 from wolfSSL_SetTmpDH_buffer_wrapper().
DH_KEY_SIZE_E returned if the DH parameter's key size is less than the value of the minDhKeySz member of the WOLFSSL_CTX struct.
DH_KEY_SIZE_E returned if the DH parameter's key size is greater than the value of the maxDhKeySz member of the WOLFSSL_CTX struct.
SIDE_ERROR returned in wolfSSL_SetTmpDH() if the side is not the server end.
SSL_NO_PEM_HEADER returned from PemToDer if there is no PEM header.
SSL_FATAL_ERROR returned from PemToDer if there is a memory copy failure.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
fnamea constant character pointer to a certificate file.
formatan integer type passed through from wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate format.

Example

1 #define dhParam “certs/dh2048.pem”
2 #DEFINE aSSERTiNTne(x, y) AssertInt(x, y, !=, ==)
3 WOLFSSL_CTX* ctx;
4 …
5 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))
6 …
7 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParam,
8 SSL_FILETYPE_PEM));
See also
wolfSSL_SetTmpDH_buffer_wrapper
wolfSSL_SetTmpDH
wolfSSL_CTX_SetTmpDH
wolfSSL_SetTmpDH_buffer
wolfSSL_CTX_SetTmpDH_buffer
wolfSSL_SetTmpDH_file_wrapper
AllocDer
PemToDer
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inthe input buffer containing the certificate to be loaded.
szthe size of the input buffer.
formatthe format of the certificate located in the input buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte certBuff[...];
5 ...
6 ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
7 if (ret != SSL_SUCCESS) {
8  // error loading certificate from buffer
9 }
10 ...
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long   
)

This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inthe input buffer containing the PEM-formatted certificate chain to be loaded.
szthe size of the input buffer.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte certChainBuff[...];
5 ...
6 ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
7 if (ret != SSL_SUCCESS) {
8  // error loading certificate chain from buffer
9 }
10 ...
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file ( WOLFSSL_CTX *  ,
const char *  file 
)

This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert.

Returns
SSL_SUCCESS upon success
SSL_FAILURE If the function call fails, possible causes might include the file is in the wrong format, or the wrong format has been given using the “format” argument, file doesn’t exist, can’t be read, or is corrupted, an out of memory condition occurs.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new()
filea pointer to the name of the file containing the chain of certificates to be loaded into the wolfSSL SSL context. Certificates must be in PEM format.

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pem”);
5 if (ret != SSL_SUCCESS) {
6  // error loading cert file
7 }
8 ...
See also
wolfSSL_CTX_use_certificate_file
wolfSSL_CTX_use_certificate_buffer
wolfSSL_use_certificate_file
wolfSSL_use_certificate_buffer
WOLFSSL_API int wolfSSL_CTX_use_certificate_file ( WOLFSSL_CTX *  ,
const char *  ,
int   
)

This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file, either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success.
SSL_FAILURE If the function call fails, possible causes might include the file is in the wrong format, or the wrong format has been given using the “format” argument, file doesn’t exist, can’t be read, or is corrupted, an out of memory condition occurs, Base16 decoding fails on the file.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new()
filea pointer to the name of the file containing the certificate to be loaded into the wolfSSL SSL context.
format- format of the certificates pointed to by file. Possible options are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_use_certificate_file(ctx, “./client-cert.pem”,
5  SSL_FILETYPE_PEM);
6 if (ret != SSL_SUCCESS) {
7  // error loading cert file
8 }
9 ...
See also
wolfSSL_CTX_use_certificate_buffer
wolfSSL_use_certificate_file
wolfSSL_use_certificate_buffer
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer ( WOLFSSL_CTX *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a private key buffer into the SSL Context. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
NO_PASSWORD will be returned if the key file is encrypted but no password is provided.
Parameters
ctxpointer to the SSL context, created with wolfSSL_CTX_new().
inthe input buffer containing the private key to be loaded.
szthe size of the input buffer.
formatthe format of the private key located in the input buffer (in). Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int ret = 0;
2 int sz = 0;
3 WOLFSSL_CTX* ctx;
4 byte keyBuff[...];
5 ...
6 ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
7 if (ret != SSL_SUCCESS) {
8  // error loading private key from buffer
9 }
10 ...
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file ( WOLFSSL_CTX *  ,
const char *  ,
int   
)

This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1or SSL_FILETYPE_PEM. Please see the examples for proper usage.

If using an external key store and do not have the private key you can instead provide the public key and register the crypro callback to handle the signing. For this you can build with either build with crypto callbacks or PK callbacks. To enable crypto callbacks use –enable-cryptocb or WOLF_CRYPTO_CB and register a crypto callback using wc_CryptoCb_RegisterDevice and set the associated devId using wolfSSL_CTX_SetDevId.

Returns
SSL_SUCCESS upon success.
SSL_FAILURE The file is in the wrong format, or the wrong format has been given using the “format” argument. The file doesn’t exist, can’t be read, or is corrupted. An out of memory condition occurs. Base16 decoding fails on the file. The key file is encrypted but no password is provided.
Parameters
noneNo parameters.

Example

1 int ret = 0;
2 WOLFSSL_CTX* ctx;
3 ...
4 ret = wolfSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pem”,
5  SSL_FILETYPE_PEM);
6 if (ret != SSL_SUCCESS) {
7  // error loading key file
8 }
9 ...
See also
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_use_PrivateKey_file
wolfSSL_use_PrivateKey_buffer
wc_CryptoCb_RegisterDevice
wolfSSL_CTX_SetDevId
WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint ( WOLFSSL_CTX *  ,
const char *   
)

This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure.

Returns
SSL_SUCCESS returned for successful execution of the function.
Parameters
ctxa pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
hinta constant char pointer that will be copied to the WOLFSSL_CTX structure.

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
2 const char* hint;
3 int ret;
4 …
5 ret = wolfSSL_CTX_use_psk_identity_hint(ctx, hint);
6 if(ret == SSL_SUCCESS){
7  // Function was successful.
8 return ret;
9 } else {
10  // Failure case.
11 }
See also
wolfSSL_use_psk_identity_hint
WOLFSSL_X509* wolfSSL_d2i_X509_bio ( WOLFSSL_BIO *  bio,
WOLFSSL_X509 **  x509 
)

This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure.

Returns
pointer returns a WOLFSSL_X509 structure pointer on success.
Null returns NULL on failure
Parameters
biopointer to the WOLFSSL_BIO structure that has the DER certificate buffer.
x509pointer that get set to new WOLFSSL_X509 structure created.

Example

1 WOLFSSL_BIO* bio;
2 WOLFSSL_X509* x509;
3 // load DER into bio
4 x509 = wolfSSL_d2i_X509_bio(bio, NULL);
5 Or
6 wolfSSL_d2i_X509_bio(bio, &x509);
7 // use x509 returned (check for NULL)
See also
none
WOLFSSL_API int wolfSSL_DeriveTlsKeys ( unsigned char *  key_data,
word32  keyLen,
const unsigned char *  ms,
word32  msLen,
const unsigned char *  sr,
const unsigned char *  cr,
int  tls1_2,
int  hash_type 
)

An external facing wrapper to derive TLS Keys.

Returns
0 returned on success.
BUFFER_E returned if the sum of labLen and seedLen (computes total size) exceeds the maximum size.
MEMORY_E returned if the allocation of memory failed.
Parameters
key_dataa byte pointer that is allocateded in DeriveTlsKeys and passed through to wc_PRF to hold the final hash.
keyLena word32 type that is derived in DeriveTlsKeys from the WOLFSSL structure’s specs member.
msa constant pointer type holding the master secret held in the arrays structure within the WOLFSSL structure.
msLena word32 type that holds the length of the master secret in an enumerated define, SECRET_LEN.
sra constant byte pointer to the serverRandom member of the arrays structure within the WOLFSSL structure.
cra constant byte pointer to the clientRandom member of the arrays structure within the WOLFSSL structure.
tls1_2an integer type returned from IsAtLeastTLSv1_2().
hash_typean integer type held in the WOLFSSL structure.

Example

1 int DeriveTlsKeys(WOLFSSL* ssl){
2 int ret;
3 …
4 ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret,
5 SECRET_LEN, ssl->arrays->clientRandom,
6 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
7 …
8 }
See also
wc_PRF
DeriveTlsKeys
IsAtLeastTLSv1_2
WOLFSSL_API WOLFSSL_DH* wolfSSL_DSA_dup_DH ( const WOLFSSL_DSA *  r)

This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure.

Returns
WOLFSSL_DH If duplicated returns WOLFSSL_DH structure
NULL upon failure
Parameters
dsaWOLFSSL_DSA structure to duplicate.

Example

1 WOLFSSL_DH* dh;
2 WOLFSSL_DSA* dsa;
3 // set up dsa
4 dh = wolfSSL_DSA_dup_DH(dsa);
5 
6 // check dh is not null
See also
none
WOLFSSL_API void wolfSSL_FreeArrays ( WOLFSSL *  )

Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() has been called before the handshake, wolfSSL will not free temporary arrays. This function explicitly frees temporary arrays and should be called when the user is done with temporary arrays and does not want to wait for the SSL object to be freed to free these resources.

Returns
none No return.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL* ssl;
2 ...
3 wolfSSL_FreeArrays(ssl);
See also
wolfSSL_KeepArrays
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509 ( WOLFSSL_X509_CHAIN *  ,
int  idx 
)

This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates.

Returns
pointer returns a pointer to a WOLFSSL_X509 structure.
Parameters
chaina pointer to the WOLFSSL_X509_CHAIN used for no dynamic memory SESSION_CACHE.
idxthe index of the WOLFSSL_X509 certificate.

Example

1 WOLFSSL_X509_CHAIN* chain = &session->chain;
2 int idx = 999; // set idx
3 ...
4 WOLFSSL_X509_CHAIN ptr;
5 prt = wolfSSL_get_chain_X509(chain, idx);
6 
7 if(ptr != NULL){
8  //ptr contains the cert at the index specified
9 } else {
10  // ptr is NULL
11 }
See also
InitDecodedCert
ParseCertRelative
CopyDecodedToX509
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate ( WOLFSSL *  ssl)

This function gets the peer’s certificate.

Returns
pointer a pointer to the peerCert member of the WOLFSSL_X509 structure if it exists.
0 returned if the peer certificate issuer size is not defined.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 ...
4 WOLFSSL_X509* peerCert = wolfSSL_get_peer_certificate(ssl);
5 
6 if(peerCert){
7  // You have a pointer peerCert to the peer certification
8 }
See also
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_isCA
WOLFSSL_API const char* wolfSSL_get_psk_identity ( const WOLFSSL *  )

The function returns a constant pointer to the client_identity member of the Arrays structure.

Returns
string the string value of the client_identity member of the Arrays structure.
NULL if the WOLFSSL structure is NULL or if the Arrays member of the WOLFSSL structure is NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 const char* pskID;
4 ...
5 pskID = wolfSSL_get_psk_identity(ssl);
6 
7 if(pskID == NULL){
8  // There is not a value in pskID
9 }
See also
wolfSSL_get_psk_identity_hint
wolfSSL_use_psk_identity_hint
WOLFSSL_API const char* wolfSSL_get_psk_identity_hint ( const WOLFSSL *  )

This function returns the psk identity hint.

Returns
pointer a const char pointer to the value that was stored in the arrays member of the WOLFSSL structure is returned.
NULL returned if the WOLFSSL or Arrays structures are NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 char* idHint;
3 ...
4 idHint = wolfSSL_get_psk_identity_hint(ssl);
5 if(idHint){
6  // The hint was retrieved
7  return idHint;
8 } else {
9  // Hint wasn’t successfully retrieved
10 }
See also
wolfSSL_get_psk_identity
WOLFSSL_API int wolfSSL_GetDhKey_Sz ( WOLFSSL *  )

Returns the value of dhKeySz (in bits) that is a member of the options structure. This value represents the Diffie-Hellman key size in bytes.

Returns
dhKeySz returns the value held in ssl->options.dhKeySz which is an integer value representing a size in bits.
BAD_FUNC_ARG returns if the WOLFSSL struct is NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 int dhKeySz;
4 ...
5 dhKeySz = wolfSSL_GetDhKey_Sz(ssl);
6 
7 if(dhKeySz == BAD_FUNC_ARG || dhKeySz <= 0){
8  // Failure case
9 } else {
10  // dhKeySz holds the size of the key.
11 }
See also
wolfSSL_SetMinDhKey_sz
wolfSSL_CTX_SetMinDhKey_Sz
wolfSSL_CTX_SetTmpDH
wolfSSL_SetTmpDH
wolfSSL_CTX_SetTmpDH_file
WOLFSSL_API int wolfSSL_GetIVSize ( WOLFSSL *  )

Returns the iv_size member of the specs structure held in the WOLFSSL struct.

Returns
iv_size returns the value held in ssl->specs.iv_size.
BAD_FUNC_ARG returned if the WOLFSSL structure is NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 int ivSize;
4 ...
5 ivSize = wolfSSL_GetIVSize(ssl);
6 
7 if(ivSize > 0){
8  // ivSize holds the specs.iv_size value.
9 }
See also
wolfSSL_GetKeySize
wolfSSL_GetClientWriteIV
wolfSSL_GetServerWriteIV
WOLFSSL_API void wolfSSL_KeepArrays ( WOLFSSL *  )

Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function before the handshake begins will prevent wolfSSL from freeing temporary arrays. Temporary arrays may be needed for things such as wolfSSL_get_keys() or PSK hints. When the user is done with temporary arrays, either wolfSSL_FreeArrays() may be called to free the resources immediately, or alternatively the resources will be freed when the associated SSL object is freed.

Returns
none No return.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL* ssl;
2 ...
3 wolfSSL_KeepArrays(ssl);
See also
wolfSSL_FreeArrays
WOLFSSL_API int wolfSSL_make_eap_keys ( WOLFSSL *  ,
void *  key,
unsigned int  len,
const char *  label 
)

This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret.

Returns
BUFFER_E returned if the actual size of the buffer exceeds the maximum size allowable.
MEMORY_E returned if there is an error with memory allocation.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
mska void pointer variable that will hold the result of the p_hash function.
lenan unsigned integer that represents the length of the msk variable.
labela constant char pointer that is copied from in wc_PRF().

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);;
2 void* msk;
3 unsigned int len;
4 const char* label;
5 …
6 return wolfSSL_make_eap_keys(ssl, msk, len, label);
See also
wc_PRF
wc_HmacFinal
wc_HmacUpdate
WOLFSSL_API WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAparams ( WOLFSSL_BIO *  bp,
WOLFSSL_DSA **  x,
wc_pem_password_cb *  cb,
void *  u 
)

This function get the DSA parameters from a PEM buffer in bio.

Returns
WOLFSSL_DSA on successfully parsing the PEM buffer a WOLFSSL_DSA structure is created and returned.
Null if failed to parse PEM buffer.
Parameters
biopointer to the WOLFSSL_BIO structure for getting PEM memory pointer.
xpointer to be set to new WOLFSSL_DSA structure.
cbpassword callback function.
unull terminated password string.

Example

1 WOLFSSL_BIO* bio;
2 WOLFSSL_DSA* dsa;
3 // setup bio
4 dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
5 
6 // check dsa is not NULL and then use dsa
See also
none
WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_bio_X509_AUX ( WOLFSSL_BIO *  bp,
WOLFSSL_X509 **  x,
wc_pem_password_cb *  cb,
void *  u 
)

This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra information such as trusted/rejected use cases and friendly name for human readability.

Returns
WOLFSSL_X509 on successfully parsing the PEM buffer a WOLFSSL_X509 structure is returned.
Null if failed to parse PEM buffer.
Parameters
bpWOLFSSL_BIO structure to get PEM buffer from.
xif setting WOLFSSL_X509 by function side effect.
cbpassword callback.
uNULL terminated user password.

Example

1 WOLFSSL_BIO* bio;
2 WOLFSSL_X509* x509;
3 // setup bio
4 X509 = wolfSSL_PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
5 //check x509 is not null and then use it
See also
wolfSSL_PEM_read_bio_X509
WOLFSSL_API void wolfSSL_SetCertCbCtx ( WOLFSSL *  ,
void *   
)

This function stores user CTX object information for verify callback.

Returns
none No return.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
ctxa void pointer that is set to WOLFSSL structure’s verifyCbCtx member’s value.

Example

1 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
2 WOLFSSL* ssl = wolfSSL_new(ctx);
3 (void*)ctx;
4 ...
5 if(ssl != NULL){
6 wolfSSL_SetCertCbCtx(ssl, ctx);
7 } else {
8  // Error case, the SSL is not initialized properly.
9 }
See also
wolfSSL_CTX_save_cert_cache
wolfSSL_CTX_restore_cert_cache
wolfSSL_CTX_set_verify
WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz ( WOLFSSL *  ,
word16   
)

Sets the maximum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.

Returns
SSL_SUCCESS the maximum size was successfully set.
BAD_FUNC_ARG the WOLFSSL structure was NULL or the keySz parameter was greater than the allowable size or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySza word16 type representing the bit size of the maximum DH key.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 word16 keySz;
3 ...
4 if(wolfSSL_SetMaxDhKey(ssl, keySz) != SSL_SUCCESS){
5  // Failed to set.
6 }
See also
wolfSSL_CTX_SetMaxDhKey_Sz
wolfSSL_GetDhKey_Sz
WOLFSSL_API int wolfSSL_SetMinDhKey_Sz ( WOLFSSL *  ,
word16   
)

Sets the minimum size (in bits) for a Diffie-Hellman key in the WOLFSSL structure.

Returns
SSL_SUCCESS the minimum size was successfully set.
BAD_FUNC_ARG the WOLFSSL structure was NULL or if the keySz_bits is greater than 16,000 or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySz_bitsa word16 type used to set the minimum DH key size in bits. The WOLFSSL_CTX struct holds this information in the minDhKeySz member.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 word16 keySz_bits;
3 ...
4 if(wolfSSL_SetMinDhKey_Sz(ssl, keySz_bits) != SSL_SUCCESS){
5  // Failed to set.
6 }
See also
wolfSSL_CTX_SetMinDhKey_Sz
wolfSSL_GetDhKey_Sz
WOLFSSL_API int wolfSSL_SetMinEccKey_Sz ( WOLFSSL *  ,
short   
)

Sets the value of the minEccKeySz member of the options structure. The options struct is a member of the WOLFSSL structure and is accessed through the ssl parameter.

Returns
SSL_SUCCESS if the function successfully set the minEccKeySz member of the options structure.
BAD_FUNC_ARG if the WOLFSSL_CTX structure is NULL or if the key size (keySz) is less than 0 (zero) or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySzvalue used to set the minimum ECC key size. Sets value in the options structure.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx); // New session
2 short keySz = 999; // should be set to min key size allowable
3 ...
4 if(wolfSSL_SetMinEccKey_Sz(ssl, keySz) != SSL_SUCCESS){
5  // Failure case.
6 }
See also
wolfSSL_CTX_SetMinEccKey_Sz
wolfSSL_CTX_SetMinRsaKey_Sz
wolfSSL_SetMinRsaKey_Sz
WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz ( WOLFSSL *  ,
short   
)

Sets the minimum allowable key size in bits for RSA located in the WOLFSSL structure.

Returns
SSL_SUCCESS the minimum was set successfully.
BAD_FUNC_ARG returned if the ssl structure is NULL or if the ksySz is less than zero or not divisible by 8.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
keySza short integer value representing the the minimum key in bits.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 short keySz;
3 …
4 
5 int isSet = wolfSSL_SetMinRsaKey_Sz(ssl, keySz);
6 if(isSet != SSL_SUCCESS){
7  Failed to set.
8 }
See also
wolfSSL_CTX_SetMinRsaKey_Sz
WOLFSSL_API int wolfSSL_SetTmpDH ( WOLFSSL *  ,
const unsigned char *  p,
int  pSz,
const unsigned char *  g,
int  gSz 
)

Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE.

Returns
SSL_SUCCESS upon success.
MEMORY_ERROR will be returned if a memory error was encountered.
SIDE_ERROR will be returned if this function is called on an SSL client instead of an SSL server.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
pDiffie-Hellman prime number parameter.
pSzsize of p.
gDiffie-Hellman “generator” parameter.
gSzsize of g.

Example

1 WOLFSSL* ssl;
2 static unsigned char p[] = {...};
3 static unsigned char g[] = {...};
4 ...
5 wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
See also
SSL_accept
WOLFSSL_API int wolfSSL_SetTmpDH_buffer ( WOLFSSL *  ,
const unsigned char *  b,
long  sz,
int  format 
)

The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman parameters.

Returns
SSL_SUCCESS on successful execution.
SSL_BAD_FILETYPE if the file type is not PEM and is not ASN.1. It will also be returned if the wc_DhParamsLoad does not return normally.
SSL_NO_PEM_HEADER returns from PemToDer if there is not a PEM header.
SSL_BAD_FILE returned if there is a file error in PemToDer.
SSL_FATAL_ERROR returned from PemToDer if there was a copy error.
MEMORY_E - if there was a memory allocation error.
BAD_FUNC_ARG returned if the WOLFSSL struct is NULL or if there was otherwise a NULL argument passed to a subroutine.
DH_KEY_SIZE_E is returned if their is a key size error in wolfSSL_SetTmpDH() or in wolfSSL_CTX_SetTmpDH().
SIDE_ERROR returned if it is not the server side in wolfSSL_SetTmpDH.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
bufallocated buffer passed in from wolfSSL_SetTMpDH_file_wrapper.
sza long int that holds the size of the file (fname within wolfSSL_SetTmpDH_file_wrapper).
formatan integer type passed through from wolfSSL_SetTmpDH_file_wrapper() that is a representation of the certificate format.

Example

1 Static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
2 Const char* fname, int format);
3 long sz = 0;
4 byte* myBuffer = staticBuffer[FILE_BUFFER_SIZE];
5 …
6 if(ssl)
7 ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
See also
wolfSSL_SetTmpDH_buffer_wrapper
wc_DhParamsLoad
wolfSSL_SetTmpDH
PemToDer
wolfSSL_CTX_SetTmpDH
wolfSSL_CTX_SetTmpDH_file
WOLFSSL_API int wolfSSL_SetTmpDH_file ( WOLFSSL *  ,
const char *  f,
int  format 
)

This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters.

Returns
SSL_SUCCESS returned on successful completion of this function and its subroutines.
MEMORY_E returned if a memory allocation failed in this function or a subroutine.
SIDE_ERROR if the side member of the Options structure found in the WOLFSSL struct is not the server side.
SSL_BAD_FILETYPE returns if the certificate fails a set of checks.
DH_KEY_SIZE_E returned if the DH parameter's key size is less than the value of the minDhKeySz member in the WOLFSSL struct.
DH_KEY_SIZE_E returned if the DH parameter's key size is greater than the value of the maxDhKeySz member in the WOLFSSL struct.
BAD_FUNC_ARG returns if an argument value is NULL that is not permitted such as, the WOLFSSL structure.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
fnamea constant char pointer holding the certificate.
formatan integer type that holds the format of the certification.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 const char* dhParam;
3 …
4 AssertIntNE(SSL_SUCCESS,
5 wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM));
See also
wolfSSL_CTX_SetTmpDH_file
wolfSSL_SetTmpDH_file_wrapper
wolfSSL_SetTmpDH_buffer
wolfSSL_CTX_SetTmpDH_buffer
wolfSSL_SetTmpDH_buffer_wrapper
wolfSSL_SetTmpDH
wolfSSL_CTX_SetTmpDH
WOLFSSL_API int wolfSSL_UnloadCertsKeys ( WOLFSSL *  )

This function unloads any certificates or keys that SSL owns.

Returns
SSL_SUCCESS - returned if the function executed successfully.
BAD_FUNC_ARG - returned if the WOLFSSL object is NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 ...
3 int unloadKeys = wolfSSL_UnloadCertsKeys(ssl);
4 if(unloadKeys != SSL_SUCCESS){
5  // Failure case.
6 }
See also
wolfSSL_CTX_UnloadCAs
WOLFSSL_API int wolfSSL_use_certificate_buffer ( WOLFSSL *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
inbuffer containing certificate to load.
szsize of the certificate located in buffer.
formatformat of the certificate to be loaded. Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int buffSz;
2 int ret;
3 byte certBuff[...];
4 WOLFSSL* ssl = 0;
5 ...
6 
7 ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
8 if (ret != SSL_SUCCESS) {
9  // failed to load certificate from buffer
10 }
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer ( WOLFSSL *  ,
const unsigned char *  ,
long   
)

This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. The buffer must be in PEM format and start with the subject’s certificate, ending with the root certificate. Please see the examples for proper usage.

Returns
SSL_SUCCES upon success.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
inbuffer containing certificate to load.
szsize of the certificate located in buffer.

Example

1 int buffSz;
2 int ret;
3 byte certChainBuff[...];
4 WOLFSSL* ssl = 0;
5 ...
6 ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
7 if (ret != SSL_SUCCESS) {
8  // failed to load certificate chain from buffer
9 }
See also
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_PrivateKey_buffer
WOLFSSL_API int wolfSSL_use_PrivateKey ( WOLFSSL *  ssl,
WOLFSSL_EVP_PKEY *  pkey 
)

This is used to set the private key for the WOLFSSL structure.

Returns
SSL_SUCCESS On successful setting argument.
SSL_FAILURE If a NULL ssl passed in. All error cases will be negative values.
Parameters
sslWOLFSSL structure to set argument in.
pkeyprivate key to use.

Example

1 WOLFSSL* ssl;
2 WOLFSSL_EVP_PKEY* pkey;
3 int ret;
4 // create ssl object and set up private key
5 ret = wolfSSL_use_PrivateKey(ssl, pkey);
6 // check ret value
See also
wolfSSL_new
wolfSSL_free
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1 ( int  pri,
WOLFSSL *  ssl,
unsigned char *  der,
long  derSz 
)

This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected.

Returns
SSL_SUCCESS On successful setting parsing and setting the private key.
SSL_FAILURE If an NULL ssl passed in. All error cases will be negative values.
Parameters
pritype of private key.
sslWOLFSSL structure to set argument in.
derbuffer holding DER key.
derSzsize of der buffer.

Example

1 WOLFSSL* ssl;
2 unsigned char* pkey;
3 long pkeySz;
4 int ret;
5 // create ssl object and set up private key
6 ret = wolfSSL_use_PrivateKey_ASN1(1, ssl, pkey, pkeySz);
7 // check ret value
See also
wolfSSL_new
wolfSSL_free
wolfSSL_use_PrivateKey
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer ( WOLFSSL *  ,
const unsigned char *  ,
long  ,
int   
)

This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in argument of size sz. format specifies the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the examples for proper usage.

Returns
SSL_SUCCESS upon success.
SSL_BAD_FILETYPE will be returned if the file is the wrong format.
SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be read, or is corrupted.
MEMORY_E will be returned if an out of memory condition occurs.
ASN_INPUT_E will be returned if Base16 decoding fails on the file.
NO_PASSWORD will be returned if the key file is encrypted but no password is provided.
Parameters
sslpointer to the SSL session, created with wolfSSL_new().
inbuffer containing private key to load.
szsize of the private key located in buffer.
formatformat of the private key to be loaded. Possible values are SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.

Example

1 int buffSz;
2 int ret;
3 byte keyBuff[...];
4 WOLFSSL* ssl = 0;
5 ...
6 ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
7 if (ret != SSL_SUCCESS) {
8  // failed to load private key from buffer
9 }
See also
wolfSSL_use_PrivateKey
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_certificate_buffer
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_use_psk_identity_hint ( WOLFSSL *  ,
const char *   
)

This function stores the hint argument in the server_hint member of the Arrays structure within the WOLFSSL structure.

Returns
SSL_SUCCESS returned if the hint was successfully stored in the WOLFSSL structure.
SSL_FAILURE returned if the WOLFSSL or Arrays structures are NULL.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().
hinta constant character pointer that holds the hint to be saved in memory.

Example

1 WOLFSSL* ssl = wolfSSL_new(ctx);
2 const char* hint;
3 ...
4 if(wolfSSL_use_psk_identity_hint(ssl, hint) != SSL_SUCCESS){
5  // Handle failure case.
6 }
See also
wolfSSL_CTX_use_psk_identity_hint
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1 ( WOLFSSL *  ssl,
unsigned char *  der,
long  derSz 
)

This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expected.

Returns
SSL_SUCCESS On successful setting parsing and setting the private key.
SSL_FAILURE If an NULL ssl passed in. All error cases will be negative values.
Parameters
sslWOLFSSL structure to set argument in.
derbuffer holding DER key.
derSzsize of der buffer.

Example

1 WOLFSSL* ssl;
2 unsigned char* pkey;
3 long pkeySz;
4 int ret;
5 // create ssl object and set up RSA private key
6 ret = wolfSSL_use_RSAPrivateKey_ASN1(ssl, pkey, pkeySz);
7 // check ret value
See also
wolfSSL_new
wolfSSL_free
wolfSSL_use_PrivateKey
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i_fp ( WOLFSSL_X509 **  x509,
FILE *  file 
)

If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 structure and return a pointer to it.

Returns
*WOLFSSL_X509 WOLFSSL_X509 structure pointer is returned if the function executes successfully.
NULL if the call to XFTELL macro returns a negative value.
Parameters
x509a pointer to a WOLFSSL_X509 pointer.
filea defined type that is a pointer to a FILE.

Example

1 WOLFSSL_X509* x509a = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2 DYNAMIC_TYPE_X509);
3 WOLFSSL_X509** x509 = x509a;
4 XFILE file; (mapped to struct fs_file*)
5 ...
6 WOLFSSL_X509* newX509 = wolfSSL_X509_d2i_fp(x509, file);
7 if(newX509 == NULL){
8  // The function returned NULL
9 }
See also
wolfSSL_X509_d2i
XFTELL
XREWIND
XFSEEK
WOLFSSL_API int wolfSSL_X509_digest ( const WOLFSSL_X509 *  x509,
const WOLFSSL_EVP_MD *  digest,
unsigned char *  buf,
unsigned int *  len 
)

This function returns the hash of the DER certificate.

Returns
SSL_SUCCESS On successfully creating a hash.
SSL_FAILURE Returned on bad input or unsuccessful hash.
Parameters
x509certificate to get the hash of.
digestthe hash algorithm to use.
bufbuffer to hold hash.
lenlength of buffer.

Example

1 WOLFSSL_X509* x509;
2 unsigned char buffer[64];
3 unsigned int bufferSz;
4 int ret;
5 
6 ret = wolfSSL_X509_digest(x509, wolfSSL_EVP_sha256(), buffer, &bufferSz);
7 //check ret value
See also
none
WOLFSSL_API const unsigned char* wolfSSL_X509_get_der ( WOLFSSL_X509 *  ,
int *   
)

This function gets the DER encoded certificate in the WOLFSSL_X509 struct.

Returns
buffer This function returns the DerBuffer structure’s buffer member, which is of type byte.
NULL returned if the x509 or outSz parameter is NULL.
Parameters
x509a pointer to a WOLFSSL_X509 structure containing certificate information.
outSzlength of the derBuffer member of the WOLFSSL_X509 struct.

Example

1 WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 int* outSz; // initialize
4 ...
5 byte* x509Der = wolfSSL_X509_get_der(x509, outSz);
6 if(x509Der == NULL){
7  // Failure case one of the parameters was NULL
8 }
See also
wolfSSL_X509_version
wolfSSL_X509_Name_get_entry
wolfSSL_X509_get_next_altname
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_subject_name
WOLFSSL_API unsigned char* wolfSSL_X509_get_device_type ( WOLFSSL_X509 *  ,
unsigned char *  ,
int *   
)

This function copies the device type from the x509 structure to the buffer.

Returns
pointer returns a byte pointer holding the device type from the x509 structure.
NULL returned if the buffer size is NULL.
Parameters
x509pointer to a WOLFSSL_X509 structure, created with WOLFSSL_X509_new().
ina pointer to a byte type that will hold the device type (the buffer).
inOutSzthe minimum of either the parameter inOutSz or the deviceTypeSz member of the x509 structure.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
2 DYNAMIC_TYPE_X509);
3 byte* in;
4 int* inOutSz;
5 ...
6 byte* deviceType = wolfSSL_X509_get_device_type(x509, in, inOutSz);
7 
8 if(!deviceType){
9  // Failure case, NULL was returned.
10 }
See also
wolfSSL_X509_get_hw_type
wolfSSL_X509_get_hw_serial_number
wolfSSL_X509_d2i
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID ( const WOLFSSL_X509 *  x509,
int  nid,
int  lastPos 
)

This function looks for and returns the extension index matching the passed in NID value.

Returns
>= 0 If successful the extension index is returned.
-1 If extension is not found or error is encountered.
Parameters
x509certificate to get parse through for extension.
nidextension OID to be found.
lastPosstart search from extension after lastPos. Set to -1 initially.

Example

1 const WOLFSSL_X509* x509;
2 int lastPos = -1;
3 int idx;
4 
5 idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos);
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i ( const WOLFSSL_X509 *  x509,
int  nid,
int *  c,
int *  idx 
)

This function looks for and returns the extension matching the passed in NID value.

Returns
pointer If successful a STACK_OF(WOLFSSL_ASN1_OBJECT) pointer is returned.
NULL If extension is not found or error is encountered.
Parameters
x509certificate to get parse through for extension.
nidextension OID to be found.
cif not NULL is set to -2 for multiple extensions found -1 if not found, 0 if found and not critical and 1 if found and critical.
idxif NULL return first extension matched otherwise if not stored in x509 start at idx.

Example

1 const WOLFSSL_X509* x509;
2 int c;
3 int idx = 0;
4 STACK_OF(WOLFSSL_ASN1_OBJECT)* sk;
5 
6 sk = wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, &c, &idx);
7 //check sk for NULL and then use it. sk needs freed after done.
See also
wolfSSL_sk_ASN1_OBJECT_free
WOLFSSL_API unsigned char* wolfSSL_X509_get_hw_serial_number ( WOLFSSL_X509 *  ,
unsigned char *  ,
int *   
)

This function returns the hwSerialNum member of the x509 object.

Returns
pointer the function returns a byte pointer to the in buffer that will contain the serial number loaded from the x509 object.
Parameters
x509pointer to a WOLFSSL_X509 structure containing certificate information.
ina pointer to the buffer that will be copied to.
inOutSza pointer to the size of the buffer.

Example

1 char* serial;
2 byte* in;
3 int* inOutSz;
4 WOLFSSL_X509 x509;
5 ...
6 serial = wolfSSL_X509_get_hw_serial_number(x509, in, inOutSz);
7 
8 if(serial == NULL || serial <= 0){
9  // Failure case
10 }
See also
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_isCA
wolfSSL_get_peer_certificate
wolfSSL_X509_version
WOLFSSL_API unsigned char* wolfSSL_X509_get_hw_type ( WOLFSSL_X509 *  ,
unsigned char *  ,
int *   
)

The function copies the hwType member of the WOLFSSL_X509 structure to the buffer.

Returns
byte The function returns a byte type of the data previously held in the hwType member of the WOLFSSL_X509 structure.
NULL returned if inOutSz is NULL.
Parameters
x509a pointer to a WOLFSSL_X509 structure containing certificate information.
inpointer to type byte that represents the buffer.
inOutSzpointer to type int that represents the size of the buffer.

Example

1 WOLFSSL_X509* x509; // X509 certificate
2 byte* in; // initialize the buffer
3 int* inOutSz; // holds the size of the buffer
4 ...
5 byte* hwType = wolfSSL_X509_get_hw_type(x509, in, inOutSz);
6 
7 if(hwType == NULL){
8  // Failure case function returned NULL.
9 }
See also
wolfSSL_X509_get_hw_serial_number
wolfSSL_X509_get_device_type
WOLFSSL_API int wolfSSL_X509_get_isCA ( WOLFSSL_X509 *  )

Checks the isCa member of the WOLFSSL_X509 structure and returns the value.

Returns
isCA returns the value in the isCA member of the WOLFSSL_X509 structure is returned.
0 returned if there is not a valid x509 structure passed in.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL* ssl;
2 ...
3 WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
4 WOLFSSL* ssl = wolfSSL_new(ctx);
5 ...
6 if(wolfSSL_X509_get_isCA(ssl)){
7  // This is the CA
8 }else {
9  // Failure case
10 }
See also
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_isCA
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name ( WOLFSSL_X509 *  )

This function returns the name of the certificate issuer.

Returns
point a pointer to the WOLFSSL_X509 struct’s issuer member is returned.
NULL if the cert passed in is NULL.
Parameters
certa pointer to a WOLFSSL_X509 structure.

Example

1 WOLFSSL_X509* x509;
2 WOLFSSL_X509_NAME issuer;
3 ...
4 issuer = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
5 
6 if(!issuer){
7  // NULL was returned
8 } else {
9  // issuer hods the name of the certificate issuer.
10 }
See also
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_isCA
wolfSSL_get_peer_certificate
wolfSSL_X509_NAME_oneline
WOLFSSL_API char* wolfSSL_X509_get_next_altname ( WOLFSSL_X509 *  )

This function returns the next, if any, altname from the peer certificate.

Returns
NULL if there is not a next altname.
cert->altNamesNext->name from the WOLFSSL_X509 structure that is a string value from the altName list is returned if it exists.
Parameters
certa pointer to the wolfSSL_X509 structure.

Example

1 WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 …
4 int x509NextAltName = wolfSSL_X509_get_next_altname(x509);
5 if(x509NextAltName == NULL){
6  //There isn’t another alt name
7 }
See also
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_subject_name
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter ( WOLFSSL_X509 *  )

This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x509 struct.

Returns
pointer to struct with ASN1_TIME to the notAfter member of the x509 struct.
NULL returned if the x509 object is NULL.
Parameters
x509a pointer to the WOLFSSL_X509 struct.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
2 DYNAMIC_TYPE_X509) ;
3 ...
4 const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509);
5 if(notAfter == NULL){
6  // Failure case, the x509 object is null.
7 }
See also
wolfSSL_X509_get_notBefore
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore ( WOLFSSL_X509 *  )

The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x509 struct.

Returns
pointer to struct with ASN1_TIME to the notBefore member of the x509 struct.
NULL the function returns NULL if the x509 structure is NULL.
Parameters
x509a pointer to the WOLFSSL_X509 struct.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2 DYNAMIC_TYPE_X509) ;
3 …
4 const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509);
5 if(notAfter == NULL){
6  //The x509 object was NULL
7 }
See also
wolfSSL_X509_get_notAfter
WOLFSSL_API int wolfSSL_X509_get_signature ( WOLFSSL_X509 *  ,
unsigned char *  ,
int *   
)

Gets the X509 signature and stores it in the buffer.

Returns
SSL_SUCCESS returned if the function successfully executes. The signature is loaded into the buffer.
SSL_FATAL_ERRROR returns if the x509 struct or the bufSz member is NULL. There is also a check for the length member of the sig structure (sig is a member of x509).
Parameters
x509pointer to a WOLFSSL_X509 structure.
bufa char pointer to the buffer.
bufSzan integer pointer to the size of the buffer.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL,
2 DYNAMIC_TYPE_X509);
3 unsigned char* buf; // Initialize
4 int* bufSz = sizeof(buf)/sizeof(unsigned char);
5 ...
6 if(wolfSSL_X509_get_signature(x509, buf, bufSz) != SSL_SUCCESS){
7  // The function did not execute successfully.
8 } else{
9  // The buffer was written to correctly.
10 }
See also
wolfSSL_X509_get_serial_number
wolfSSL_X509_get_signature_type
wolfSSL_X509_get_device_type
WOLFSSL_API int wolfSSL_X509_get_signature_type ( WOLFSSL_X509 *  )

This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure.

Returns
0 returned if the WOLFSSL_X509 structure is NULL.
int an integer value is returned which was retrieved from the x509 object.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 ...
4 int x509SigType = wolfSSL_X509_get_signature_type(x509);
5 
6 if(x509SigType != EXPECTED){
7 // Deal with an unexpected value
8 }
See also
wolfSSL_X509_get_signature
wolfSSL_X509_version
wolfSSL_X509_get_der
wolfSSL_X509_get_serial_number
wolfSSL_X509_notBefore
wolfSSL_X509_notAfter
wolfSSL_X509_free
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name ( WOLFSSL_X509 *  )

This function returns the subject member of the WOLFSSL_X509 structure.

Returns
pointer a pointer to the WOLFSSL_X509_NAME structure. The pointer may be NULL if the WOLFSSL_X509 struct is NULL or if the subject member of the structure is NULL.
Parameters
certa pointer to a WOLFSSL_X509 structure.

Example

1 WOLFSSL_X509* cert;
2 WOLFSSL_X509_NAME name;
3 …
4 name = wolfSSL_X509_get_subject_name(cert);
5 if(name == NULL){
6  // Deal with the NULL cacse
7 }
See also
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_isCA
wolfSSL_get_peer_certificate
WOLFSSL_API char* wolfSSL_X509_get_subjectCN ( WOLFSSL_X509 *  )

Returns the common name of the subject from the certificate.

Returns
NULL returned if the x509 structure is null
string a string representation of the subject's common name is returned upon success
Parameters
x509a pointer to a WOLFSSL_X509 structure containing certificate information.

Example

1 WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 ...
4 int x509Cn = wolfSSL_X509_get_subjectCN(x509);
5 if(x509Cn == NULL){
6  // Deal with NULL case
7 } else {
8  // x509Cn contains the common name
9 }
See also
wolfSSL_X509_Name_get_entry
wolfSSL_X509_get_next_altname
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_subject_name
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file ( const char *  fname,
int  format 
)

The function loads the x509 certificate into memory.

Returns
pointer a successful execution returns pointer to a WOLFSSL_X509 structure.
NULL returned if the certificate was not able to be written.
Parameters
fnamethe certificate file to be loaded.
formatthe format of the certificate.

Example

1 #define cliCert “certs/client-cert.pem”
2 …
3 X509* x509;
4 …
5 x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
6 AssertNotNull(x509);
See also
InitDecodedCert
PemToDer
wolfSSL_get_certificate
AssertNotNull
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID ( WOLFSSL_X509_NAME *  ,
int  ,
char *  ,
int   
)

This function gets the text related to the passed in NID value.

Returns
int returns the size of the text buffer.
Parameters
nameWOLFSSL_X509_NAME to search for text.
nidNID to search for.
bufbuffer to hold text when found.
lenlength of buffer.

Example

1 WOLFSSL_X509_NAME* name;
2 char buffer[100];
3 int bufferSz;
4 int ret;
5 // get WOLFSSL_X509_NAME
6 ret = wolfSSL_X509_NAME_get_text_by_NID(name, NID_commonName,
7 buffer, bufferSz);
8 
9 //check ret value
See also
none
WOLFSSL_API char* wolfSSL_X509_NAME_oneline ( WOLFSSL_X509_NAME *  ,
char *  ,
int   
)

This function copies the name of the x509 into a buffer.

Returns
A char pointer to the buffer with the WOLFSSL_X509_NAME structures name member’s data is returned if the function executed normally.
Parameters
namea pointer to a WOLFSSL_X509 structure.
ina buffer to hold the name copied from the WOLFSSL_X509_NAME structure.
szthe maximum size of the buffer.

Example

1 WOLFSSL_X509 x509;
2 char* name;
3 ...
4 name = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0);
5 
6 if(name <= 0){
7  // There’s nothing in the buffer.
8 }
See also
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_isCA
wolfSSL_get_peer_certificate
wolfSSL_X509_version
WOLFSSL_API const byte* wolfSSL_X509_notAfter ( WOLFSSL_X509 *  x509)

This function the certificate "not after" validity encoded as a byte array.

Returns
NULL returned if the WOLFSSL_X509 structure is NULL.
byte is returned that contains the notAfterData.
Parameters
x509pointer to a WOLFSSL_X509 structure.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 ...
4 byte* notAfterData = wolfSSL_X509_notAfter(x509);
See also
wolfSSL_X509_get_signature
wolfSSL_X509_version
wolfSSL_X509_get_der
wolfSSL_X509_get_serial_number
wolfSSL_X509_notBefore
wolfSSL_X509_free
WOLFSSL_API const byte* wolfSSL_X509_notBefore ( WOLFSSL_X509 *  x509)

This function the certificate "not before" validity encoded as a byte array.

Returns
NULL returned if the WOLFSSL_X509 structure is NULL.
byte is returned that contains the notBeforeData.
Parameters
x509pointer to a WOLFSSL_X509 structure.

Example

1 WOLFSSL_X509* x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
2  DYNAMIC_TYPE_X509);
3 ...
4 byte* notBeforeData = wolfSSL_X509_notBefore(x509);
See also
wolfSSL_X509_get_signature
wolfSSL_X509_version
wolfSSL_X509_get_der
wolfSSL_X509_get_serial_number
wolfSSL_X509_notAfter
wolfSSL_X509_free
WOLFSSL_API int wolfSSL_X509_STORE_add_cert ( WOLFSSL_X509_STORE *  ,
WOLFSSL_X509 *   
)

This function adds a certificate to the WOLFSSL_X509_STRE structure.

Returns
SSL_SUCCESS If certificate is added successfully.
SSL_FATAL_ERROR: If certificate is not added successfully.
Parameters
strcertificate store to add the certificate to.
x509certificate to add.

Example

1 WOLFSSL_X509_STORE* str;
2 WOLFSSL_X509* x509;
3 int ret;
4 ret = wolfSSL_X509_STORE_add_cert(str, x509);
5 //check ret value
See also
wolfSSL_X509_free
WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain ( WOLFSSL_X509_STORE_CTX *  ctx)

This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.

Returns
pointer if successful returns WOLFSSL_STACK (same as STACK_OF(WOLFSSL_X509)) pointer
Null upon failure
Parameters
ctxcertificate store ctx to get parse chain from.

Example

1 WOLFSSL_STACK* sk;
2 WOLFSSL_X509_STORE_CTX* ctx;
3 sk = wolfSSL_X509_STORE_CTX_get_chain(ctx);
4 //check sk for NULL and then use it. sk needs freed after done.
See also
wolfSSL_sk_X509_free
WOLFSSL_API int wolfSSL_X509_STORE_set_flags ( WOLFSSL_X509_STORE *  store,
unsigned long  flag 
)

This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in. An example of a flag used is WOLFSSL_CRL_CHECK.

Returns
SSL_SUCCESS If no errors were encountered when setting the flag.
<0 a negative value will be returned upon failure.
Parameters
strcertificate store to set flag in.
flagflag for behavior.

Example

1 WOLFSSL_X509_STORE* str;
2 int ret;
3 // create and set up str
4 ret = wolfSSL_X509_STORE_set_flags(str, WOLFSSL_CRL_CHECKALL);
5 If (ret != SSL_SUCCESS) {
6  //check ret value and handle error case
7 }
See also
wolfSSL_X509_STORE_new
wolfSSL_X509_STORE_free
WOLFSSL_API int wolfSSL_X509_version ( WOLFSSL_X509 *  )

This function retrieves the version of the X509 certificate.

Returns
0 returned if the x509 structure is NULL.
version the version stored in the x509 structure will be returned.
Parameters
ssla pointer to a WOLFSSL structure, created using wolfSSL_new().

Example

1 WOLFSSL_X509* x509;
2 int version;
3 ...
4 version = wolfSSL_X509_version(x509);
5 if(!version){
6  // The function returned 0, failure case.
7 }
See also
wolfSSL_X509_get_subject_name
wolfSSL_X509_get_issuer_name
wolfSSL_X509_get_isCA
wolfSSL_get_peer_certificate