|
My Project
|
|
My Project
|
Functions | |
| int | wolfSSL_BN_mod_exp (WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) |
| This function performs the following math “r = (a^p) % m”. More... | |
| const WOLFSSL_EVP_CIPHER * | wolfSSL_EVP_des_ede3_ecb (void) |
| Getter functions for the respective WOLFSSL_EVP_CIPHER pointers. wolfSSL_EVP_init() must be called once in the program first to populate these cipher strings. WOLFSSL_DES_ECB macro must be defined for wolfSSL_EVP_des_ede3_ecb(). More... | |
| const WOLFSSL_EVP_CIPHER * | wolfSSL_EVP_des_cbc (void) |
| Getter functions for the respective WOLFSSL_EVP_CIPHER pointers. wolfSSL_EVP_init() must be called once in the program first to populate these cipher strings. WOLFSSL_DES_ECB macro must be defined for wolfSSL_EVP_des_ecb(). More... | |
| int | wolfSSL_EVP_DigestInit_ex (WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type, WOLFSSL_ENGINE *impl) |
| Function for initializing WOLFSSL_EVP_MD_CTX. This function is a wrapper for wolfSSL_EVP_DigestInit() because wolfSSL does not use WOLFSSL_ENGINE. More... | |
| int | wolfSSL_EVP_CipherInit_ex (WOLFSSL_EVP_CIPHER_CTX *ctx, const WOLFSSL_EVP_CIPHER *type, WOLFSSL_ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) |
| Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE. More... | |
| int | wolfSSL_EVP_EncryptInit_ex (WOLFSSL_EVP_CIPHER_CTX *ctx, const WOLFSSL_EVP_CIPHER *type, WOLFSSL_ENGINE *impl, const unsigned char *key, const unsigned char *iv) |
| Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_EVP_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE. Sets encrypt flag to be encrypt. More... | |
| int | wolfSSL_EVP_DecryptInit_ex (WOLFSSL_EVP_CIPHER_CTX *ctx, const WOLFSSL_EVP_CIPHER *type, WOLFSSL_ENGINE *impl, const unsigned char *key, const unsigned char *iv) |
| Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_EVP_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE. Sets encrypt flag to be decrypt. More... | |
| int | wolfSSL_EVP_CipherUpdate (WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) |
| Function for encrypting/decrypting data. In buffer is added to be encrypted or decrypted and out buffer holds the results. outl will be the length of encrypted/decrypted information. More... | |
| int | wolfSSL_EVP_CipherFinal (WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| This function performs the final cipher operations adding in padding. If WOLFSSL_EVP_CIPH_NO_PADDING flag is set in WOLFSSL_EVP_CIPHER_CTX structure then 1 is returned and no encryption/decryption is done. If padding flag is seti padding is added and encrypted when ctx is set to encrypt, padding values are checked when set to decrypt. More... | |
| int | wolfSSL_EVP_CIPHER_CTX_set_key_length (WOLFSSL_EVP_CIPHER_CTX *ctx, int keylen) |
| Setter function for WOLFSSL_EVP_CIPHER_CTX structure key length. More... | |
| int | wolfSSL_EVP_CIPHER_CTX_block_size (const WOLFSSL_EVP_CIPHER_CTX *ctx) |
| This is a getter function for the ctx block size. More... | |
| int | wolfSSL_EVP_CIPHER_block_size (const WOLFSSL_EVP_CIPHER *cipher) |
| This is a getter function for the block size of cipher. More... | |
| void | wolfSSL_EVP_CIPHER_CTX_set_flags (WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) |
| Setter function for WOLFSSL_EVP_CIPHER_CTX structure. More... | |
| void | wolfSSL_EVP_CIPHER_CTX_clear_flags (WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) |
| Clearing function for WOLFSSL_EVP_CIPHER_CTX structure. More... | |
| int | wolfSSL_EVP_CIPHER_CTX_set_padding (WOLFSSL_EVP_CIPHER_CTX *c, int pad) |
| Setter function for WOLFSSL_EVP_CIPHER_CTX structure to use padding. More... | |
| unsigned long | wolfSSL_EVP_CIPHER_CTX_flags (const WOLFSSL_EVP_CIPHER_CTX *ctx) |
| Getter function for WOLFSSL_EVP_CIPHER_CTX structure. Deprecated v1.1.0. More... | |
| int | wolfSSL_PEM_write_bio_PrivateKey (WOLFSSL_BIO *bio, WOLFSSL_EVP_PKEY *key, const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int len, wc_pem_password_cb *cb, void *arg) |
| This function writes a key into a WOLFSSL_BIO structure in PEM format. More... | |
| int | wolfSSL_CTX_use_RSAPrivateKey_file (WOLFSSL_CTX *ctx, const char *file, int format) |
| This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format. More... | |
| int | wolfSSL_use_certificate_file (WOLFSSL *ssl, const char *file, int format) |
| This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file is provided by the file argument. The format argument specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More... | |
| int | wolfSSL_use_PrivateKey_file (WOLFSSL *ssl, const char *file, int format) |
| This function loads a private key file into the SSL session (WOLFSSL structure). The key file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. More... | |
| int | wolfSSL_use_certificate_chain_file (WOLFSSL *ssl, const char *file) |
| This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate. More... | |
| int | wolfSSL_use_RSAPrivateKey_file (WOLFSSL *ssl, const char *file, int format) |
| This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL structure). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format. More... | |
| long | wolfSSL_set_tlsext_status_type (WOLFSSL *s, int type) |
| This function is called when the client application request that a server send back an OCSP status response (also known as OCSP stapling).Currently, the only supported type is TLSEXT_STATUSTYPE_ocsp. More... | |
| WOLFSSL_X509_CHAIN * | wolfSSL_get_peer_chain (WOLFSSL *ssl) |
| Retrieves the peer’s certificate chain. More... | |
| int | wolfSSL_get_chain_count (WOLFSSL_X509_CHAIN *chain) |
| Retrieve's the peers certificate chain count. More... | |
| int | wolfSSL_get_chain_length (WOLFSSL_X509_CHAIN *chain, int idx) |
| Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx). More... | |
| unsigned char * | wolfSSL_get_chain_cert (WOLFSSL_X509_CHAIN *chain, int idx) |
| Retrieves the peer’s ASN1.DER certificate at index (idx). More... | |
| int | wolfSSL_get_chain_cert_pem (WOLFSSL_X509_CHAIN *chain, int idx, unsigned char *buf, int inLen, int *outLen) |
| Retrieves the peer’s PEM certificate at index (idx). More... | |
| const unsigned char * | wolfSSL_get_sessionID (const WOLFSSL_SESSION *s) |
| Retrieves the session’s ID. The session ID is always 32 bytes long. More... | |
| int | wolfSSL_X509_get_serial_number (WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) |
| Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 bytes long and be provided as the *inOutSz argument as input. After calling the function *inOutSz will hold the actual length in bytes written to the in buffer. More... | |
| WC_PKCS12 * | wolfSSL_d2i_PKCS12_bio (WOLFSSL_BIO *bio, WC_PKCS12 **pkcs12) |
| wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the structure WC_PKCS12. The information is divided up in the structure as a list of Content Infos along with a structure to hold optional MAC information. After the information has been divided into chunks (but not decrypted) in the structure WC_PKCS12, it can then be parsed and decrypted by calling. More... | |
| WC_PKCS12 * | wolfSSL_i2d_PKCS12_bio (WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) |
| wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert information from the structure WC_PKCS12 to WOLFSSL_BIO. More... | |
| int | wolfSSL_PKCS12_parse (WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca) |
| PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple DES and RC4 for decryption so would recommend also enabling these features when enabling opensslextra (–enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so decryption with RC2 is currently not available. This may be noticeable with default encryption schemes used by OpenSSL command line to create .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this function does is check the MAC is correct if present. If the MAC fails then the function returns and does not try to decrypt any of the stored Content Infos. This function then parses through each Content Info looking for a bag type, if the bag type is known it is decrypted as needed and either stored in the list of certificates being built or as a key found. After parsing through all bags the key found is then compared with the certificate list until a matching pair is found. This matching pair is then returned as the key and certificate, optionally the certificate list found is returned as a STACK_OF certificates. At the moment a CRL, Secret or SafeContents bag will be skipped over and not parsed. It can be seen if these or other “Unknown” bags are skipped over by viewing the debug print out. Additional attributes such as friendly name are skipped over when parsing a PKCS12 file. More... | |
| int wolfSSL_BN_mod_exp | ( | WOLFSSL_BIGNUM * | r, |
| const WOLFSSL_BIGNUM * | a, | ||
| const WOLFSSL_BIGNUM * | p, | ||
| const WOLFSSL_BIGNUM * | m, | ||
| WOLFSSL_BN_CTX * | ctx | ||
| ) |
This function performs the following math “r = (a^p) % m”.
| r | structure to hold result. |
| a | value to be raised by a power. |
| p | power to raise a by. |
| m | modulus to use. |
| ctx | currently not used with wolfSSL can be NULL. |
Example
| int wolfSSL_CTX_use_RSAPrivateKey_file | ( | WOLFSSL_CTX * | ctx, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_CTX_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format.
| ctx | a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new() |
| file | a pointer to the name of the file containing the RSA private key to be loaded into the wolfSSL SSL context, with format as specified by format. |
| format | the encoding type of the RSA private key specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. |
Example
| WC_PKCS12* wolfSSL_d2i_PKCS12_bio | ( | WOLFSSL_BIO * | bio, |
| WC_PKCS12 ** | pkcs12 | ||
| ) |
wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the structure WC_PKCS12. The information is divided up in the structure as a list of Content Infos along with a structure to hold optional MAC information. After the information has been divided into chunks (but not decrypted) in the structure WC_PKCS12, it can then be parsed and decrypted by calling.
| bio | WOLFSSL_BIO structure to read PKCS12 buffer from. |
| pkcs12 | WC_PKCS12 structure pointer for new PKCS12 structure created. Can be NULL |
Example
| int wolfSSL_EVP_CIPHER_block_size | ( | const WOLFSSL_EVP_CIPHER * | cipher | ) |
This is a getter function for the block size of cipher.
| cipher | cipher to get block size of. |
Example
| int wolfSSL_EVP_CIPHER_CTX_block_size | ( | const WOLFSSL_EVP_CIPHER_CTX * | ctx | ) |
This is a getter function for the ctx block size.
| ctx | the cipher ctx to get block size of. |
Example
| void wolfSSL_EVP_CIPHER_CTX_clear_flags | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| int | flags | ||
| ) |
Clearing function for WOLFSSL_EVP_CIPHER_CTX structure.
| ctx | structure to clear flag. |
| flag | flag value to clear in structure. |
Example
| unsigned long wolfSSL_EVP_CIPHER_CTX_flags | ( | const WOLFSSL_EVP_CIPHER_CTX * | ctx | ) |
Getter function for WOLFSSL_EVP_CIPHER_CTX structure. Deprecated v1.1.0.
| ctx | structure to get flag. |
Example
| void wolfSSL_EVP_CIPHER_CTX_set_flags | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| int | flags | ||
| ) |
Setter function for WOLFSSL_EVP_CIPHER_CTX structure.
| ctx | structure to set flag. |
| flag | flag to set in structure. |
Example
| int wolfSSL_EVP_CIPHER_CTX_set_key_length | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| int | keylen | ||
| ) |
Setter function for WOLFSSL_EVP_CIPHER_CTX structure key length.
| ctx | structure to set key length. |
| keylen | key length. |
Example
| int wolfSSL_EVP_CIPHER_CTX_set_padding | ( | WOLFSSL_EVP_CIPHER_CTX * | c, |
| int | pad | ||
| ) |
Setter function for WOLFSSL_EVP_CIPHER_CTX structure to use padding.
| ctx | structure to set padding flag. |
| padding | 0 for not setting padding, 1 for setting padding. |
Example
| int wolfSSL_EVP_CipherFinal | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| unsigned char * | out, | ||
| int * | outl | ||
| ) |
This function performs the final cipher operations adding in padding. If WOLFSSL_EVP_CIPH_NO_PADDING flag is set in WOLFSSL_EVP_CIPHER_CTX structure then 1 is returned and no encryption/decryption is done. If padding flag is seti padding is added and encrypted when ctx is set to encrypt, padding values are checked when set to decrypt.
| ctx | structure to decrypt/encrypt with. |
| out | buffer for final decrypt/encrypt. |
| out1 | size of out buffer when data has been added by function. |
Example
| int wolfSSL_EVP_CipherInit_ex | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| const WOLFSSL_EVP_CIPHER * | type, | ||
| WOLFSSL_ENGINE * | impl, | ||
| const unsigned char * | key, | ||
| const unsigned char * | iv, | ||
| int | enc | ||
| ) |
Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE.
| ctx | structure to initialize. |
| type | type of encryption/decryption to do, for example AES. |
| impl | engine to use. N/A for wolfSSL, can be NULL. |
| key | key to set . |
| iv | iv if needed by algorithm. |
| enc | encryption (1) or decryption (0) flag. |
Example
| int wolfSSL_EVP_CipherUpdate | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| unsigned char * | out, | ||
| int * | outl, | ||
| const unsigned char * | in, | ||
| int | inl | ||
| ) |
Function for encrypting/decrypting data. In buffer is added to be encrypted or decrypted and out buffer holds the results. outl will be the length of encrypted/decrypted information.
| ctx | structure to get cipher type from. |
| out | buffer to hold output. |
| outl | adjusted to be size of output. |
| in | buffer to perform operation on. |
| inl | length of input buffer. |
Example
| int wolfSSL_EVP_DecryptInit_ex | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| const WOLFSSL_EVP_CIPHER * | type, | ||
| WOLFSSL_ENGINE * | impl, | ||
| const unsigned char * | key, | ||
| const unsigned char * | iv | ||
| ) |
Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_EVP_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE. Sets encrypt flag to be decrypt.
| ctx | structure to initialize. |
| type | type of encryption/decryption to do, for example AES. |
| impl | engine to use. N/A for wolfSSL, can be NULL. |
| key | key to set . |
| iv | iv if needed by algorithm. |
| enc | encryption (1) or decryption (0) flag. |
Example
| const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc | ( | void | ) |
Getter functions for the respective WOLFSSL_EVP_CIPHER pointers. wolfSSL_EVP_init() must be called once in the program first to populate these cipher strings. WOLFSSL_DES_ECB macro must be defined for wolfSSL_EVP_des_ecb().
| none | No parameters. |
Example
| const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb | ( | void | ) |
Getter functions for the respective WOLFSSL_EVP_CIPHER pointers. wolfSSL_EVP_init() must be called once in the program first to populate these cipher strings. WOLFSSL_DES_ECB macro must be defined for wolfSSL_EVP_des_ede3_ecb().
| none | No parameters. |
Example
| int wolfSSL_EVP_DigestInit_ex | ( | WOLFSSL_EVP_MD_CTX * | ctx, |
| const WOLFSSL_EVP_MD * | type, | ||
| WOLFSSL_ENGINE * | impl | ||
| ) |
Function for initializing WOLFSSL_EVP_MD_CTX. This function is a wrapper for wolfSSL_EVP_DigestInit() because wolfSSL does not use WOLFSSL_ENGINE.
| ctx | structure to initialize. |
| type | type of hash to do, for example SHA. |
| impl | engine to use. N/A for wolfSSL, can be NULL. |
Example
| int wolfSSL_EVP_EncryptInit_ex | ( | WOLFSSL_EVP_CIPHER_CTX * | ctx, |
| const WOLFSSL_EVP_CIPHER * | type, | ||
| WOLFSSL_ENGINE * | impl, | ||
| const unsigned char * | key, | ||
| const unsigned char * | iv | ||
| ) |
Function for initializing WOLFSSL_EVP_CIPHER_CTX. This function is a wrapper for wolfSSL_EVP_CipherInit() because wolfSSL does not use WOLFSSL_ENGINE. Sets encrypt flag to be encrypt.
| ctx | structure to initialize. |
| type | type of encryption to do, for example AES. |
| impl | engine to use. N/A for wolfSSL, can be NULL. |
| key | key to use. |
| iv | iv to use. |
Example
| unsigned char* wolfSSL_get_chain_cert | ( | WOLFSSL_X509_CHAIN * | chain, |
| int | idx | ||
| ) |
Retrieves the peer’s ASN1.DER certificate at index (idx).
| chain | pointer to a valid WOLFSSL_X509_CHAIN structure. |
| idx | index to start of chain. |
Example
| int wolfSSL_get_chain_cert_pem | ( | WOLFSSL_X509_CHAIN * | chain, |
| int | idx, | ||
| unsigned char * | buf, | ||
| int | inLen, | ||
| int * | outLen | ||
| ) |
Retrieves the peer’s PEM certificate at index (idx).
| chain | pointer to a valid WOLFSSL_X509_CHAIN structure. |
| idx | indexto start of chain. |
Example
| int wolfSSL_get_chain_count | ( | WOLFSSL_X509_CHAIN * | chain | ) |
Retrieve's the peers certificate chain count.
| chain | pointer to a valid WOLFSSL_X509_CHAIN structure. |
Example
| int wolfSSL_get_chain_length | ( | WOLFSSL_X509_CHAIN * | chain, |
| int | idx | ||
| ) |
Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx).
| chain | pointer to a valid WOLFSSL_X509_CHAIN structure. |
| idx | index to start of chain. |
Example
| WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain | ( | WOLFSSL * | ssl | ) |
Retrieves the peer’s certificate chain.
| ssl | pointer to a valid WOLFSSL structure. |
Example
| const unsigned char* wolfSSL_get_sessionID | ( | const WOLFSSL_SESSION * | s | ) |
Retrieves the session’s ID. The session ID is always 32 bytes long.
| session | pointer to a valid wolfssl session. |
Example
| WC_PKCS12* wolfSSL_i2d_PKCS12_bio | ( | WOLFSSL_BIO * | bio, |
| WC_PKCS12 * | pkcs12 | ||
| ) |
wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert information from the structure WC_PKCS12 to WOLFSSL_BIO.
| bio | WOLFSSL_BIO structure to write PKCS12 buffer to. |
| pkcs12 | WC_PKCS12 structure for PKCS12 structure as input. |
Example
| int wolfSSL_PEM_write_bio_PrivateKey | ( | WOLFSSL_BIO * | bio, |
| WOLFSSL_EVP_PKEY * | key, | ||
| const WOLFSSL_EVP_CIPHER * | cipher, | ||
| unsigned char * | passwd, | ||
| int | len, | ||
| wc_pem_password_cb * | cb, | ||
| void * | arg | ||
| ) |
This function writes a key into a WOLFSSL_BIO structure in PEM format.
| bio | WOLFSSL_BIO structure to get PEM buffer from. |
| key | key to convert to PEM format. |
| cipher | EVP cipher structure. |
| passwd | password. |
| len | length of password. |
| cb | password callback. |
| arg | optional argument. |
Example
| int wolfSSL_PKCS12_parse | ( | WC_PKCS12 * | pkcs12, |
| const char * | psw, | ||
| WOLFSSL_EVP_PKEY ** | pkey, | ||
| WOLFSSL_X509 ** | cert, | ||
| WOLF_STACK_OF(WOLFSSL_X509) ** | ca | ||
| ) |
PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple DES and RC4 for decryption so would recommend also enabling these features when enabling opensslextra (–enable-des3 –enable-arc4). wolfSSL does not currently support RC2 so decryption with RC2 is currently not available. This may be noticeable with default encryption schemes used by OpenSSL command line to create .p12 files. wolfSSL_PKCS12_parse (PKCS12_parse). The first thing this function does is check the MAC is correct if present. If the MAC fails then the function returns and does not try to decrypt any of the stored Content Infos. This function then parses through each Content Info looking for a bag type, if the bag type is known it is decrypted as needed and either stored in the list of certificates being built or as a key found. After parsing through all bags the key found is then compared with the certificate list until a matching pair is found. This matching pair is then returned as the key and certificate, optionally the certificate list found is returned as a STACK_OF certificates. At the moment a CRL, Secret or SafeContents bag will be skipped over and not parsed. It can be seen if these or other “Unknown” bags are skipped over by viewing the debug print out. Additional attributes such as friendly name are skipped over when parsing a PKCS12 file.
| pkcs12 | WC_PKCS12 structure to parse. |
| paswd | password for decrypting PKCS12. |
| pkey | structure to hold private key decoded from PKCS12. |
| cert | structure to hold certificate decoded from PKCS12. |
| stack | optional stack of extra certificates. |
Example
| long wolfSSL_set_tlsext_status_type | ( | WOLFSSL * | s, |
| int | type | ||
| ) |
This function is called when the client application request that a server send back an OCSP status response (also known as OCSP stapling).Currently, the only supported type is TLSEXT_STATUSTYPE_ocsp.
| s | pointer to WOLFSSL struct which is created by SSL_new() function |
| type | ssl extension type which TLSEXT_STATUSTYPE_ocsp is only supported. |
Example
| int wolfSSL_use_certificate_chain_file | ( | WOLFSSL * | ssl, |
| const char * | file | ||
| ) |
This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new() |
| file | a pointer to the name of the file containing the chain of certificates to be loaded into the wolfSSL SSL session. Certificates must be in PEM format. |
Example
| int wolfSSL_use_certificate_file | ( | WOLFSSL * | ssl, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file is provided by the file argument. The format argument specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
| ssl | a pointer to a WOLFSSL structure, created with wolfSSL_new(). |
| file | a pointer to the name of the file containing the certificate to be loaded into the wolfSSL SSL session, with format as specified by format. |
| format | the encoding type of the certificate specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. |
Example
| int wolfSSL_use_PrivateKey_file | ( | WOLFSSL * | ssl, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads a private key file into the SSL session (WOLFSSL structure). The key file is provided by the file argument. The format argument specifies the format type of the file - SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
If using an external key store and do not have the private key you can instead provide the public key and register the crypro callback to handle the signing. For this you can build with either build with crypto callbacks or PK callbacks. To enable crypto callbacks use –enable-cryptocb or WOLF_CRYPTO_CB and register a crypto callback using wc_CryptoCb_RegisterDevice and set the associated devId using wolfSSL_SetDevId.
| ssl | a pointer to a WOLFSSL structure, created with wolfSSL_new(). |
| file | a pointer to the name of the file containing the key file to be loaded into the wolfSSL SSL session, with format as specified by format. |
| format | the encoding type of the key specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. |
Example
| int wolfSSL_use_RSAPrivateKey_file | ( | WOLFSSL * | ssl, |
| const char * | file, | ||
| int | format | ||
| ) |
This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL structure). This function is only available when wolfSSL has been compiled with the OpenSSL compatibility layer enabled (–enable-opensslExtra, #define OPENSSL_EXTRA), and is identical to the more-typically used wolfSSL_use_PrivateKey_file() function. The file argument contains a pointer to the RSA private key file, in the format specified by format.
| ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new() |
| file | a pointer to the name of the file containing the RSA private key to be loaded into the wolfSSL SSL session, with format as specified by format. |
| format | the encoding type of the RSA private key specified by file. Possible values include SSL_FILETYPE_PEM and SSL_FILETYPE_ASN1. |
Example
| int wolfSSL_X509_get_serial_number | ( | WOLFSSL_X509 * | x509, |
| unsigned char * | in, | ||
| int * | inOutSz | ||
| ) |
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 bytes long and be provided as the *inOutSz argument as input. After calling the function *inOutSz will hold the actual length in bytes written to the in buffer.
| in | The serial number buffer and should be at least 32 bytes long |
| inOutSz | will hold the actual length in bytes written to the in buffer. |
Example
1.9.1