ssl.h
Go to the documentation of this file.
1 /* ssl.h
2  *
3  * Copyright (C) 2006-2019 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
26 /* wolfSSL API */
27 
28 #ifndef WOLFSSL_SSL_H
29 #define WOLFSSL_SSL_H
30 
31 
32 /* for users not using preprocessor flags*/
33 #include <wolfssl/wolfcrypt/settings.h>
34 #include <wolfssl/version.h>
37 
38 #ifdef HAVE_WOLF_EVENT
39  #include <wolfssl/wolfcrypt/wolfevent.h>
40 #endif
41 
42 #ifndef NO_FILESYSTEM
43  #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
44  #if MQX_USE_IO_OLD
45  #include <fio.h>
46  #else
47  #include <nio.h>
48  #endif
49  #endif
50 #endif
51 
52 #ifdef WOLFSSL_PREFIX
53  #include "prefix_ssl.h"
54 #endif
55 
56 #ifdef LIBWOLFSSL_VERSION_STRING
57  #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
58 #endif
59 
60 #ifdef _WIN32
61  /* wincrypt.h clashes */
62  #undef OCSP_REQUEST
63  #undef OCSP_RESPONSE
64 #endif
65 
66 #ifdef OPENSSL_COEXIST
67  /* mode to allow wolfSSL and OpenSSL to exist together */
68  #ifdef TEST_OPENSSL_COEXIST
69  /*
70  ./configure --enable-opensslcoexist \
71  CFLAGS="-I/usr/local/opt/openssl/include -DTEST_OPENSSL_COEXIST" \
72  LDFLAGS="-L/usr/local/opt/openssl/lib -lcrypto"
73  */
74  #include <openssl/ssl.h>
75  #include <openssl/rand.h>
76  #include <openssl/err.h>
77  #include <openssl/ec.h>
78  #include <openssl/hmac.h>
79  #include <openssl/bn.h>
80  #endif
81 
82  /* make sure old names are disabled */
83  #ifndef NO_OLD_SSL_NAMES
84  #define NO_OLD_SSL_NAMES
85  #endif
86  #ifndef NO_OLD_WC_NAMES
87  #define NO_OLD_WC_NAMES
88  #endif
89 
90 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
91  #include <wolfssl/openssl/bn.h>
92  #include <wolfssl/openssl/hmac.h>
93 
94  /* We need the old SSL names */
95  #ifdef NO_OLD_SSL_NAMES
96  #undef NO_OLD_SSL_NAMES
97  #endif
98  #ifdef NO_OLD_WC_NAMES
99  #undef NO_OLD_WC_NAMES
100  #endif
101 #endif
102 
103 #ifdef __cplusplus
104  extern "C" {
105 #endif
106 
107 #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
108 #define WOLFSSL_WOLFSSL_TYPE_DEFINED
109 typedef struct WOLFSSL WOLFSSL;
110 #endif
111 typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
112 typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
113 #ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
114 #define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
115 typedef struct WOLFSSL_CTX WOLFSSL_CTX;
116 #endif
117 
118 typedef struct WOLFSSL_STACK WOLFSSL_STACK;
119 typedef struct WOLFSSL_X509 WOLFSSL_X509;
120 typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
123 typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12;
124 
126 typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
127 typedef struct WOLFSSL_CRL WOLFSSL_CRL;
128 
129 typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */
130 
131 /* redeclare guard */
132 #define WOLFSSL_TYPES_DEFINED
133 
134 #include <wolfssl/wolfio.h>
135 
136 
137 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
138 typedef struct WOLFSSL_RSA WOLFSSL_RSA;
139 #define WOLFSSL_RSA_TYPE_DEFINED
140 #endif
141 
142 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
143  typedef struct WC_RNG WC_RNG;
144  #define WC_RNG_TYPE_DEFINED
145 #endif
146 
147 #ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
148 typedef struct WOLFSSL_DSA WOLFSSL_DSA;
149 #define WOLFSSL_DSA_TYPE_DEFINED
150 #endif
151 
152 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
153 typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
154 typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
155 typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
156 #define WOLFSSL_EC_TYPE_DEFINED
157 #endif
158 
159 #ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */
160 typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG;
161 #define WOLFSSL_ECDSA_TYPE_DEFINED
162 #endif
163 
164 typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
167 typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL;
170 typedef struct WOLFSSL_BIO WOLFSSL_BIO;
172 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
173 typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME;
176 
178 typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
179 typedef struct WOLFSSL_DH WOLFSSL_DH;
181 
182 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
183 #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
184 
185 #define WOLFSSL_ASN1_INTEGER_MAX 20
187  /* size can be increased set at 20 for tag, length then to hold at least 16
188  * byte type */
189  unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX];
190  /* ASN_INTEGER | LENGTH | hex of number */
191  unsigned char negative; /* negative number flag */
192 
193  unsigned char* data;
194  unsigned int dataMax; /* max size of data buffer */
195  unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
196 };
197 
199  /* MAX_DATA_SIZE is 32 */
200  unsigned char data[32 + 2];
201  /* ASN_TIME | LENGTH | date bytes */
202 };
203 
205  int length;
206  int type; /* type of string i.e. CTC_UTF8 */
207  char* data;
208  long flags;
209 };
210 
211 #define WOLFSSL_MAX_SNAME 40
213  void* heap;
214  const unsigned char* obj;
215  /* sName is short name i.e sha256 rather than oid (null terminated) */
216  char sName[WOLFSSL_MAX_SNAME];
217  int type; /* oid */
218  int grp; /* type of OID, i.e. oidCertPolicyType */
219  int nid;
220  unsigned int objSz;
221  unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
222  #define WOLFSSL_ASN1_DYNAMIC 0x1
223  #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
224  struct d { /* derefrenced */
225  WOLFSSL_ASN1_STRING ia5_internal;
226  WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
227  WOLFSSL_ASN1_STRING* dNSName;
228  WOLFSSL_ASN1_STRING* iPAddress;
229  } d;
230 };
231 
233  void* heap;
234  int type; /* openssh dereference */
235  int save_type; /* openssh dereference */
236  int pkey_sz;
237  union {
238  char* ptr; /* der format of key / or raw for NTRU */
239  } pkey;
240  #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
241  #ifndef NO_RSA
242  WOLFSSL_RSA* rsa;
243  byte ownRsa; /* if struct owns RSA and should free it */
244  #endif
245  #ifdef HAVE_ECC
246  WOLFSSL_EC_KEY* ecc;
247  byte ownEcc; /* if struct owns ECC and should free it */
248  #endif
249  WC_RNG rng;
250  #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
251  #ifdef HAVE_ECC
252  int pkey_curve;
253  #endif
254 };
256 
257 #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
258 typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
259 typedef char WOLFSSL_EVP_MD;
260 #define WOLFSSL_EVP_TYPE_DEFINED
261 #endif
262 
263 #define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
264 
265 
266 enum BIO_TYPE {
267  WOLFSSL_BIO_BUFFER = 1,
268  WOLFSSL_BIO_SOCKET = 2,
269  WOLFSSL_BIO_SSL = 3,
270  WOLFSSL_BIO_MEMORY = 4,
271  WOLFSSL_BIO_BIO = 5,
272  WOLFSSL_BIO_FILE = 6,
273  WOLFSSL_BIO_BASE64 = 7
274 };
275 
276 enum BIO_FLAGS {
277  WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01,
278  WOLFSSL_BIO_FLAG_READ = 0x02,
279  WOLFSSL_BIO_FLAG_WRITE = 0x04,
280  WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08,
281  WOLFSSL_BIO_FLAG_RETRY = 0x10
282 };
283 
284 typedef struct WOLFSSL_BUF_MEM {
285  char* data; /* dereferenced */
286  size_t length; /* current length */
287  size_t max; /* maximum length */
289 
290 typedef struct WOLFSSL_COMP_METHOD {
291  int type; /* stunnel dereference */
293 
295  int type;
296 };
297 
299  WOLFSSL_X509_STORE *store;
300 };
301 
303  int cache; /* stunnel dereference */
305  WOLFSSL_X509_LOOKUP lookup;
306 #ifdef OPENSSL_EXTRA
307  int isDynamic;
308 #endif
309 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
310  WOLFSSL_X509_CRL *crl;
311 #endif
312 };
313 
314 #ifdef OPENSSL_EXTRA
315 #define WOLFSSL_USE_CHECK_TIME 0x2
316 #define WOLFSSL_NO_CHECK_TIME 0x200000
317 #define WOLFSSL_NO_WILDCARDS 0x4
319  time_t check_time;
320  unsigned long flags;
321 };
322 #endif
323 
324 typedef struct WOLFSSL_ALERT {
325  int code;
326  int level;
327 } WOLFSSL_ALERT;
328 
329 typedef struct WOLFSSL_ALERT_HISTORY {
330  WOLFSSL_ALERT last_rx;
331  WOLFSSL_ALERT last_tx;
333 
334 typedef struct WOLFSSL_X509_REVOKED {
335  WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
337 
338 
339 typedef struct WOLFSSL_X509_OBJECT {
340  union {
341  char* ptr;
342  WOLFSSL_X509 *x509;
343  WOLFSSL_X509_CRL* crl; /* stunnel dereference */
344  } data;
346 
347 typedef struct WOLFSSL_BUFFER_INFO {
348  unsigned char* buffer;
349  unsigned int length;
351 
352 typedef struct WOLFSSL_X509_STORE_CTX {
353  WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
354  WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */
355 #ifdef WOLFSSL_ASIO
356  WOLFSSL_X509* current_issuer; /* asio dereference */
357 #endif
358  WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
359  WOLFSSL_STACK* chain;
360 #ifdef OPENSSL_EXTRA
361  WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
362 #endif
363  char* domain; /* subject CN domain name */
364  void* ex_data; /* external data, for fortress build */
365  void* userCtx; /* user ctx */
366  int error; /* current error */
367  int error_depth; /* index of cert depth for this error */
368  int discardSessionCerts; /* so verify callback can flag for discard */
369  int totalCerts; /* number of peer cert buffers */
370  WOLFSSL_BUFFER_INFO* certs; /* peer certs */
371  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
373 
374 typedef char* WOLFSSL_STRING;
375 
376 /* Valid Alert types from page 16/17
377  * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
378  */
380  close_notify = 0,
381  unexpected_message = 10,
382  bad_record_mac = 20,
383  record_overflow = 22,
384  decompression_failure = 30,
385  handshake_failure = 40,
386  no_certificate = 41,
387  bad_certificate = 42,
388  unsupported_certificate = 43,
389  certificate_revoked = 44,
390  certificate_expired = 45,
391  certificate_unknown = 46,
392  illegal_parameter = 47,
393  unknown_ca = 48,
394  decode_error = 50,
395  decrypt_error = 51,
396  #ifdef WOLFSSL_MYSQL_COMPATIBLE
397  /* catch name conflict for enum protocol with MYSQL build */
398  wc_protocol_version = 70,
399  #else
400  protocol_version = 70,
401  #endif
402  no_renegotiation = 100,
407  no_application_protocol = 120
408 };
409 
410 
411 enum AlertLevel {
412  alert_warning = 1,
413  alert_fatal = 2
414 };
415 
416 /* Maximum master key length (SECRET_LEN) */
417 #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
418 /* Maximum number of groups that can be set */
419 #define WOLFSSL_MAX_GROUP_COUNT 10
420 
421 typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);
422 
423 /* CTX Method EX Constructor Functions */
424 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap);
425 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap);
426 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap);
427 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap);
428 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap);
429 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap);
430 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
431 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
432 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap);
433 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
434 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
435 #ifdef WOLFSSL_TLS13
436  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
437  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
438  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
439 #endif
440 
441 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap);
442 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
443 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
444 
445 #ifdef WOLFSSL_DTLS
446  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap);
447  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap);
448  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap);
449  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap);
450  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap);
451  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap);
452  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap);
453  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
454  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap);
455 #endif
456 
457 /* CTX Method Constructor Functions */
458 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
459 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
460 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
461 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void);
462 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
463 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
464 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
465 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
466 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
467 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
468 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
469 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
470 #ifdef WOLFSSL_TLS13
471  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
472  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
473 #endif
474 
475 #ifdef WOLFSSL_DTLS
476  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void);
477  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void);
478  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void);
479  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void);
480  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
481  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
482  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void);
483  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
484  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
485 #endif
486 
487 #ifdef HAVE_POLY1305
488  WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
489 #endif
490 
491 #ifdef WOLFSSL_SESSION_EXPORT
492 #ifdef WOLFSSL_DTLS
493 
494 #ifndef WOLFSSL_DTLS_EXPORT_TYPES
495 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
496  unsigned char* exportBuffer, unsigned int sz, void* userCtx);
497 #define WOLFSSL_DTLS_EXPORT_TYPES
498 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
499 
500 WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
501  unsigned int sz);
502 WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
503  wc_dtls_export func);
504 WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
505 WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
506  unsigned int* sz);
507 #endif /* WOLFSSL_DTLS */
508 #endif /* WOLFSSL_SESSION_EXPORT */
509 
510 #ifdef WOLFSSL_STATIC_MEMORY
511 #ifndef WOLFSSL_MEM_GUARD
512 #define WOLFSSL_MEM_GUARD
513  typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS;
515 #endif
516 WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
517  wolfSSL_method_func method,
518  unsigned char* buf, unsigned int sz,
519  int flag, int max);
520 WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
521  WOLFSSL_MEM_STATS* mem_stats);
522 WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
523  WOLFSSL_MEM_CONN_STATS* mem_stats);
524 #endif
525 
526 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
527 
528 WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
529 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
530 
531 #define WOLFSSL_LOAD_FLAG_NONE 0x00000000
532 #define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001
533 #define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
534 #define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004
535 WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
536  const char*, unsigned int);
537 WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
538  const char*);
539 #ifdef WOLFSSL_TRUST_PEER_CERT
540 WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int);
541 #endif
543  const char *file);
544 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
545  const char *file, int format);
546 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
547 
548 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
549 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
550 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
551 WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
552 WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int);
553 WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file);
554 WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*,
555  const char *file, int format);
556 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
557 
558 #ifdef WOLFSSL_DER_LOAD
560  const char*, int);
561 #endif
562 
563 #ifdef HAVE_NTRU
564  WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
565  /* load NTRU private key blob */
566 #endif
567 
568 #endif /* !NO_FILESYSTEM && !NO_CERTS */
569 
570 WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
572 WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
573 WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
574 WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
575 WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
576 WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
577 WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int);
578 WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int);
579 WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
580 WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority);
581 WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
582 WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
583 WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
584  const unsigned char);
585 WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
586  int len);
587 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
588 WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
589 /* please see note at top of README if you get an error from connect */
590 WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
591 WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
592 WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
593 WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
594 WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
595 #ifdef WOLFSSL_TLS13
596 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
597  const unsigned char* secret, unsigned int secretSz);
598 WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
599 WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
600 WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
601 WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
602 WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl);
603 WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
604 WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
605 WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl);
606 
607 WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl);
608 WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
609  int count);
610 WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
611 
612 WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
613 WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
614 
615 #ifdef WOLFSSL_EARLY_DATA
616 WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
617  unsigned int sz);
618 WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
619 WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
620 WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
621 #endif
622 #endif
623 WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
624 WOLFSSL_API void wolfSSL_free(WOLFSSL*);
625 WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
626 WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
627 WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
628 
629 WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
630 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
631 
632 WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
634 
635 WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*);
636 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long);
638 WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
639 WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
640 
641 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
642 WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
643  WOLFSSL_BIO**, size_t);
644 
645 WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**);
646 WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*,
647  int, const unsigned char*);
648 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*);
649 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**);
650 #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
651 
652 #ifdef SESSION_INDEX
653 WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
654 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
655 #endif /* SESSION_INDEX */
656 
657 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
658 WOLFSSL_API
660 #endif /* SESSION_INDEX && SESSION_CERTS */
661 
662 typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
663 #ifdef OPENSSL_EXTRA
664 typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
665 
666 typedef struct WOLFSSL_CRYPTO_EX_DATA {
667  WOLFSSL_STACK* data;
669 
670 typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr,
671  WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
672 typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out,
673  WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg);
674 typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr,
675  WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
676 
677 WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg,
678  WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
679  WOLFSSL_CRYPTO_EX_free* c);
680 #endif
681 
682 WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
683  VerifyCallback verify_callback);
684 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
685 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
686 
687 WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
688 
689 WOLFSSL_API void wolfSSL_load_error_strings(void);
690 WOLFSSL_API int wolfSSL_library_init(void);
691 WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long);
692 
693 #ifdef HAVE_SECRET_CALLBACK
694 typedef int (*SessionSecretCb)(WOLFSSL* ssl,
695  void* secret, int* secretSz, void* ctx);
696 WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*);
697 #endif /* HAVE_SECRET_CALLBACK */
698 
699 /* session cache persistence */
700 WOLFSSL_API int wolfSSL_save_session_cache(const char*);
701 WOLFSSL_API int wolfSSL_restore_session_cache(const char*);
702 WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int);
703 WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int);
704 WOLFSSL_API int wolfSSL_get_session_cache_memsize(void);
705 
706 /* certificate cache persistence, uses ctx since certs are per ctx */
707 WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
708 WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
709 WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
710 WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
712 
713 /* only supports full name from cipher_name[] delimited by : */
714 WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
715 WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*);
716 
717 /* Nonblocking DTLS helper functions */
718 WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
719 WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*);
720 #define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
721 #define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock
722  /* The old names are deprecated. */
723 WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
724 WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
725 WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
726 WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
727 WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL*);
728 WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
729 
730 WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
731 WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
732 
733 WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
734 WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*);
735 WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
736 WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
737 
738 WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL*,
739  unsigned int*, unsigned int*);
740 WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short);
741 WOLFSSL_API int wolfSSL_set_secret(WOLFSSL*, unsigned short,
742  const unsigned char*, unsigned int,
743  const unsigned char*, const unsigned char*,
744  const unsigned char*);
745 WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int);
746 WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int);
747 WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short);
748 WOLFSSL_API int wolfSSL_mcast_get_max_peers(void);
749 typedef int (*CallbackMcastHighwater)(unsigned short peerId,
750  unsigned int maxSeq,
751  unsigned int curSeq, void* ctx);
752 WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*,
753  unsigned int,
754  unsigned int,
755  unsigned int,
756  CallbackMcastHighwater);
757 WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*);
758 
759 WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
760 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
761 WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
762  unsigned long sz);
763 WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
764 
765 /* extras */
766 
767 #ifndef WOLF_STACK_OF
768  #define WOLF_STACK_OF(x) WOLFSSL_STACK
769 #endif
770 #ifndef DECLARE_STACK_OF
771  #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
772 #endif
773 
774 #if defined(HAVE_OCSP)
775 #include "wolfssl/ocsp.h"
776 #include "wolfssl/wolfcrypt/asn.h"
777 #endif
778 
779 WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
780  WOLFSSL_X509* x509);
781 WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
782 WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
783 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(
784  WOLFSSL_STACK* sk, int i);
785 WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
786 WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
787  void f (WOLFSSL_ASN1_OBJECT*));
788 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
789 WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
790 WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
791  WOLFSSL_ASN1_OBJECT* obj);
792 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
794 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
795 WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
796 
797 WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
798 WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
799 WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
800 WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
801 WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
802 WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
803  unsigned int);
804 WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
805 WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
806 WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
807 WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
808 WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
809 
810 WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
811 WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
813 WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
814 WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
815 WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
816 WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
817 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
818  /* what's ref count */
819 
820 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
821 
822 WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
823  char** path, int* ssl);
824 
825 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
826 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
827 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
828 
829 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
830 WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*);
831 WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*);
832 WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz);
833 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio);
834 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type);
835 WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
836 WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
837 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
838 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
839 WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*);
840 WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*);
841 
842 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
843 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
844 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
845 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag);
846 WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*);
847 
848 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
849 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
850 WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
851 
852 WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
853 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len);
854 
855 
856 WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
857 WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
858 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
859 
860 #ifndef NO_FILESYSTEM
861 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
862 #endif
863 
864 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
865 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
866 
867 WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
868 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
869 
870 WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
871 WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
873 WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
874 WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
875 WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
876 WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
877 
878 WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
879 WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
880 WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
881 WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
882 
883 WOLFSSL_API void wolfSSL_RAND_screen(void);
884 WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
885 WOLFSSL_API int wolfSSL_RAND_write_file(const char*);
886 WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long);
887 WOLFSSL_API int wolfSSL_RAND_egd(const char*);
888 WOLFSSL_API int wolfSSL_RAND_seed(const void*, int);
889 WOLFSSL_API void wolfSSL_RAND_Cleanup(void);
890 WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double);
891 WOLFSSL_API int wolfSSL_RAND_poll(void);
892 
893 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
894 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
895 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
896 
897 WOLFSSL_API unsigned long wolfSSL_thread_id(void);
898 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
899 WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
900  int));
901 WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
902  (const char*, int));
903 WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
904  WOLFSSL_dynlock_value*, const char*, int));
905 WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
906  (WOLFSSL_dynlock_value*, const char*, int));
907 WOLFSSL_API int wolfSSL_num_locks(void);
908 
909 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
911 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
912 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
913 
914 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
915  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
916 WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
917  unsigned char** out);
918 WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
919 WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);
922 WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
923 WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
924 WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
925 WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
926 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
927 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
928 WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
929  WOLFSSL_X509*, unsigned char*, int*);
930 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
931  WOLFSSL_X509*, unsigned char*, int*);
932 
933 WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
935 WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
936 
937 WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
938 WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
939  WOLFSSL_X509_NAME*, int, char*, int);
940 WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
941  WOLFSSL_X509_NAME*, int, int);
942 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
943 
944 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
945 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
946 WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
947 WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
948  const void* data, int dataSz);
949 WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
950 WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
951 WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
952 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
954 WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
955 
956 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
957 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
958  long);
959 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
960 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
961 
962 WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
964 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
965 WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
966 WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
970 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
971  unsigned long flag);
972 WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
973 WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
975 WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
976 WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
978 WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
979 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
980 
981 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
982 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
983 
984 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
985 WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
986 WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
987 WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
989 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
990  WOLFSSL_EVP_PKEY** out);
991 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
992  unsigned char** in, long inSz);
993 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
994  WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
995 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
996  unsigned char** in, long inSz);
997 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap);
998 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void);
999 WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
1000 WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
1001 #ifdef OPENSSL_EXTRA
1002 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
1003  unsigned long flags,
1004  time_t t);
1005 #endif
1006 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
1007 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
1008  WOLFSSL_X509_REVOKED*,int);
1009 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
1010 WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
1011 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
1012 
1013 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
1014 
1015 WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t,
1016  char* buf, int len);
1017 WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
1018  const WOLFSSL_ASN1_INTEGER*);
1019 WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
1020 
1021 #ifdef OPENSSL_EXTRA
1022 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
1023  WOLFSSL_BIGNUM *bn);
1024 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t,
1025  int, long);
1026 #endif
1027 
1028 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
1029 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list(
1030  const WOLFSSL_CTX *s);
1031 WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
1033 WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int);
1034 WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
1035 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
1036  WOLFSSL_X509_STORE_CTX* ctx, int er);
1037 WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
1038 
1039 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
1040  void* userdata);
1041 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*,
1042  pem_password_cb*);
1043 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
1045 
1046 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
1047  void (*)(const WOLFSSL* ssl, int type, int val));
1048 
1049 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
1050 WOLFSSL_API int wolfSSL_GET_REASON(int);
1051 
1052 WOLFSSL_API const char* wolfSSL_alert_type_string_long(int);
1053 WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int);
1054 WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
1055 
1056 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
1057  void(*)(int, int, void*), void*);
1058 WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r,
1059  const unsigned char **pp, long len);
1060 WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**,
1061  const unsigned char**, long);
1062 WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
1063 WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp);
1064 WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
1065  WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
1066 
1067 WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
1068 
1069 WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
1070 WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
1071 WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
1072 WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
1073 WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
1074 WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
1075 WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
1076 WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
1077 WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
1078 WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
1079 WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
1080 WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
1081 
1083 WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
1084 WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
1085 
1086 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*);
1087 WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*);
1088 WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v);
1089 WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg);
1091  WOLFSSL_CTX*, void* arg);
1092 WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
1093 WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
1094 WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
1095 
1096 WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
1097 WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
1098 WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
1099 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
1100 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
1101 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
1102 WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
1103 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
1104 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg);
1105 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg);
1106 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg);
1107 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp);
1108 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len);
1109 
1110 WOLFSSL_API void wolfSSL_CONF_modules_unload(int all);
1111 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
1112 WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
1113 
1114 #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
1115 
1116 enum {
1117  WOLFSSL_OCSP_URL_OVERRIDE = 1,
1118  WOLFSSL_OCSP_NO_NONCE = 2,
1119  WOLFSSL_OCSP_CHECKALL = 4,
1120 
1121  WOLFSSL_CRL_CHECKALL = 1,
1122  WOLFSSL_CRL_CHECK = 27,
1123 };
1124 
1125 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
1126 /* seperated out from other enums because of size */
1127 enum {
1128  SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
1129  SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
1130  SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
1131  SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
1132  SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
1133  SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
1134  SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
1135  SSL_OP_TLS_D5_BUG = 0x00000080,
1136  SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
1137  SSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
1138  SSL_OP_ALL = 0x00000400,
1139  SSL_OP_EPHEMERAL_RSA = 0x00000800,
1140  SSL_OP_NO_SSLv3 = 0x00001000,
1141  SSL_OP_NO_TLSv1 = 0x00002000,
1142  SSL_OP_PKCS1_CHECK_1 = 0x00004000,
1143  SSL_OP_PKCS1_CHECK_2 = 0x00008000,
1144  SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
1145  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
1146  SSL_OP_SINGLE_DH_USE = 0x00040000,
1147  SSL_OP_NO_TICKET = 0x00080000,
1148  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
1149  SSL_OP_NO_QUERY_MTU = 0x00200000,
1150  SSL_OP_COOKIE_EXCHANGE = 0x00400000,
1151  SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
1152  SSL_OP_SINGLE_ECDH_USE = 0x01000000,
1153  SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
1154  SSL_OP_NO_TLSv1_1 = 0x04000000,
1155  SSL_OP_NO_TLSv1_2 = 0x08000000,
1156  SSL_OP_NO_COMPRESSION = 0x10000000,
1157  SSL_OP_NO_TLSv1_3 = 0x20000000,
1158 };
1159 
1160 enum {
1161 #ifdef HAVE_OCSP
1162  /* OCSP Flags */
1163  OCSP_NOCERTS = 1,
1164  OCSP_NOINTERN = 2,
1165  OCSP_NOSIGS = 4,
1166  OCSP_NOCHAIN = 8,
1167  OCSP_NOVERIFY = 16,
1168  OCSP_NOEXPLICIT = 32,
1169  OCSP_NOCASIGN = 64,
1170  OCSP_NODELEGATED = 128,
1171  OCSP_NOCHECKS = 256,
1172  OCSP_TRUSTOTHER = 512,
1173  OCSP_RESPID_KEY = 1024,
1174  OCSP_NOTIME = 2048,
1175 
1176  /* OCSP Types */
1177  OCSP_CERTID = 2,
1178  OCSP_REQUEST = 4,
1179  OCSP_RESPONSE = 8,
1180  OCSP_BASICRESP = 16,
1181 #endif
1182 
1183  ASN1_GENERALIZEDTIME = 4,
1184  SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
1185 
1186  EVP_R_BAD_DECRYPT = 2,
1187 
1188  SSL_ST_CONNECT = 0x1000,
1189  SSL_ST_ACCEPT = 0x2000,
1190  SSL_ST_MASK = 0x0FFF,
1191 
1192  SSL_CB_LOOP = 0x01,
1193  SSL_CB_EXIT = 0x02,
1194  SSL_CB_READ = 0x04,
1195  SSL_CB_WRITE = 0x08,
1196  SSL_CB_HANDSHAKE_START = 0x10,
1197  SSL_CB_HANDSHAKE_DONE = 0x20,
1198  SSL_CB_ALERT = 0x4000,
1199  SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
1200  SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
1201  SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
1202  SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
1203  SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
1204  SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
1205  SSL_CB_MODE_READ = 1,
1206  SSL_CB_MODE_WRITE = 2,
1207 
1208  SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
1209 
1210  BIO_FLAGS_BASE64_NO_NL = 1,
1211  BIO_CLOSE = 1,
1212  BIO_NOCLOSE = 0,
1213 
1214  X509_FILETYPE_PEM = 8,
1215  X509_LU_X509 = 9,
1216  X509_LU_CRL = 12,
1217 
1218  X509_V_OK = 0,
1219  X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
1220  X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
1221  X509_V_ERR_CRL_HAS_EXPIRED = 15,
1222  X509_V_ERR_CERT_REVOKED = 16,
1223  X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
1224  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
1225  X509_V_ERR_CERT_NOT_YET_VALID = 19,
1226  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
1227  X509_V_ERR_CERT_HAS_EXPIRED = 21,
1228  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
1229  X509_V_ERR_CERT_REJECTED = 23,
1230  /* Required for Nginx */
1231  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24,
1232  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25,
1233  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26,
1234  X509_V_ERR_CERT_UNTRUSTED = 27,
1235  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28,
1236  X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29,
1237  /* additional X509_V_ERR_* enums not used in wolfSSL */
1238  X509_V_ERR_UNABLE_TO_GET_CRL,
1239  X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
1240  X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
1241  X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
1242  X509_V_ERR_CERT_SIGNATURE_FAILURE,
1243  X509_V_ERR_CRL_NOT_YET_VALID,
1244  X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
1245  X509_V_ERR_OUT_OF_MEM,
1246  X509_V_ERR_INVALID_CA,
1247  X509_V_ERR_PATH_LENGTH_EXCEEDED,
1248  X509_V_ERR_INVALID_PURPOSE,
1249  X509_V_ERR_AKID_SKID_MISMATCH,
1250  X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
1251  X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
1252  X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
1253  X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
1254  X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
1255  X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1256  X509_V_ERR_INVALID_NON_CA,
1257  X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
1258  X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
1259  X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
1260  X509_V_ERR_INVALID_EXTENSION,
1261  X509_V_ERR_INVALID_POLICY_EXTENSION,
1262  X509_V_ERR_NO_EXPLICIT_POLICY,
1263  X509_V_ERR_UNNESTED_RESOURCE,
1264 
1265  X509_R_CERT_ALREADY_IN_HASH_TABLE,
1266 
1267  XN_FLAG_SPC_EQ = (1 << 23),
1268  XN_FLAG_ONELINE = 0,
1269  XN_FLAG_RFC2253 = 1,
1270 
1271  CRYPTO_LOCK = 1,
1272  CRYPTO_NUM_LOCKS = 10,
1273 
1274  ASN1_STRFLGS_ESC_MSB = 4
1275 };
1276 #endif
1277 
1278 /* extras end */
1279 
1280 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
1281 /* wolfSSL extension, provide last error from SSL_get_error
1282  since not using thread storage error queue */
1283 #include <stdio.h>
1284 WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err);
1285 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
1286 WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp);
1287 #endif
1288 #endif
1289 
1290 
1291 #ifndef NO_OLD_SSL_NAMES
1292  #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
1293  #define SSL_FAILURE WOLFSSL_FAILURE
1294  #define SSL_SUCCESS WOLFSSL_SUCCESS
1295  #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE
1296 
1297  #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
1298  #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE
1299  #define SSL_BAD_STAT WOLFSSL_BAD_STAT
1300  #define SSL_BAD_PATH WOLFSSL_BAD_PATH
1301  #define SSL_BAD_FILETYPE WOLFSSL_BAD_FILETYPE
1302  #define SSL_BAD_FILE WOLFSSL_BAD_FILE
1303  #define SSL_NOT_IMPLEMENTED WOLFSSL_NOT_IMPLEMENTED
1304  #define SSL_UNKNOWN WOLFSSL_UNKNOWN
1305  #define SSL_FATAL_ERROR WOLFSSL_FATAL_ERROR
1306 
1307  #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
1308  #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM
1309  #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
1310  #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW
1311 
1312  #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE
1313  #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
1314  #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT
1315  #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE
1316  #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK
1317 
1318  #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF
1319  #define SSL_SESS_CACHE_CLIENT WOLFSSL_SESS_CACHE_CLIENT
1320  #define SSL_SESS_CACHE_SERVER WOLFSSL_SESS_CACHE_SERVER
1321  #define SSL_SESS_CACHE_BOTH WOLFSSL_SESS_CACHE_BOTH
1322  #define SSL_SESS_CACHE_NO_AUTO_CLEAR WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR
1323  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP
1324  #define SSL_SESS_CACHE_NO_INTERNAL_STORE WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE
1325  #define SSL_SESS_CACHE_NO_INTERNAL WOLFSSL_SESS_CACHE_NO_INTERNAL
1326 
1327  #define SSL_ERROR_WANT_READ WOLFSSL_ERROR_WANT_READ
1328  #define SSL_ERROR_WANT_WRITE WOLFSSL_ERROR_WANT_WRITE
1329  #define SSL_ERROR_WANT_CONNECT WOLFSSL_ERROR_WANT_CONNECT
1330  #define SSL_ERROR_WANT_ACCEPT WOLFSSL_ERROR_WANT_ACCEPT
1331  #define SSL_ERROR_SYSCALL WOLFSSL_ERROR_SYSCALL
1332  #define SSL_ERROR_WANT_X509_LOOKUP WOLFSSL_ERROR_WANT_X509_LOOKUP
1333  #define SSL_ERROR_ZERO_RETURN WOLFSSL_ERROR_ZERO_RETURN
1334  #define SSL_ERROR_SSL WOLFSSL_ERROR_SSL
1335 
1336  #define SSL_SENT_SHUTDOWN WOLFSSL_SENT_SHUTDOWN
1337  #define SSL_RECEIVED_SHUTDOWN WOLFSSL_RECEIVED_SHUTDOWN
1338  #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
1339  #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
1340 
1341  #define SSL_R_SSL_HANDSHAKE_FAILURE WOLFSSL_R_SSL_HANDSHAKE_FAILURE
1342  #define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA
1343  #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
1344  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE
1345 
1346  #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
1347 #endif
1348 
1349 enum { /* ssl Constants */
1350  WOLFSSL_ERROR_NONE = 0, /* for most functions */
1351  WOLFSSL_FAILURE = 0, /* for some functions */
1352  WOLFSSL_SUCCESS = 1,
1353  WOLFSSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
1354 
1355  WOLFSSL_ALPN_NOT_FOUND = -9,
1356  WOLFSSL_BAD_CERTTYPE = -8,
1357  WOLFSSL_BAD_STAT = -7,
1358  WOLFSSL_BAD_PATH = -6,
1359  WOLFSSL_BAD_FILETYPE = -5,
1360  WOLFSSL_BAD_FILE = -4,
1361  WOLFSSL_NOT_IMPLEMENTED = -3,
1362  WOLFSSL_UNKNOWN = -2,
1363  WOLFSSL_FATAL_ERROR = -1,
1364 
1365  WOLFSSL_FILETYPE_ASN1 = 2,
1366  WOLFSSL_FILETYPE_PEM = 1,
1367  WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */
1368  WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
1369 
1370  WOLFSSL_VERIFY_NONE = 0,
1371  WOLFSSL_VERIFY_PEER = 1,
1372  WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
1373  WOLFSSL_VERIFY_CLIENT_ONCE = 4,
1374  WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 8,
1375 
1376  WOLFSSL_SESS_CACHE_OFF = 0x0000,
1377  WOLFSSL_SESS_CACHE_CLIENT = 0x0001,
1378  WOLFSSL_SESS_CACHE_SERVER = 0x0002,
1379  WOLFSSL_SESS_CACHE_BOTH = 0x0003,
1380  WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008,
1381  WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100,
1382  WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200,
1383  WOLFSSL_SESS_CACHE_NO_INTERNAL = 0x0300,
1384 
1385  WOLFSSL_ERROR_WANT_READ = 2,
1386  WOLFSSL_ERROR_WANT_WRITE = 3,
1387  WOLFSSL_ERROR_WANT_CONNECT = 7,
1388  WOLFSSL_ERROR_WANT_ACCEPT = 8,
1389  WOLFSSL_ERROR_SYSCALL = 5,
1390  WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
1391  WOLFSSL_ERROR_ZERO_RETURN = 6,
1392  WOLFSSL_ERROR_SSL = 85,
1393 
1394  WOLFSSL_SENT_SHUTDOWN = 1,
1395  WOLFSSL_RECEIVED_SHUTDOWN = 2,
1396  WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
1397  WOLFSSL_OP_NO_SSLv2 = 8,
1398 
1399  WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101,
1400  WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
1401  WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
1402  WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
1403 
1404  WOLF_PEM_BUFSIZE = 1024
1405 };
1406 
1407 #ifndef NO_PSK
1408  typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1409  unsigned int, unsigned char*, unsigned int);
1411  wc_psk_client_callback);
1412  WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
1413  wc_psk_client_callback);
1414 #ifdef WOLFSSL_TLS13
1415  typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1416  char*, unsigned int, unsigned char*, unsigned int, const char**);
1417  WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*,
1418  wc_psk_client_tls13_callback);
1419  WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*,
1420  wc_psk_client_tls13_callback);
1421 #endif
1422 
1423  WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
1424  WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
1425 
1426  WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
1427  WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
1428 
1429  typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1430  unsigned char*, unsigned int);
1432  wc_psk_server_callback);
1433  WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,
1434  wc_psk_server_callback);
1435 #ifdef WOLFSSL_TLS13
1436  typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1437  unsigned char*, unsigned int, const char**);
1438  WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*,
1439  wc_psk_server_tls13_callback);
1440  WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
1441  wc_psk_server_tls13_callback);
1442 #endif
1443 
1444  #define PSK_TYPES_DEFINED
1445 #endif /* NO_PSK */
1446 
1447 
1448 #ifdef HAVE_ANON
1449  WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
1450 #endif /* HAVE_ANON */
1451 
1452 
1453 /* extra begins */
1454 #ifdef OPENSSL_EXTRA
1455 enum { /* ERR Constants */
1456  ERR_TXT_STRING = 1
1457 };
1458 
1459 /* bio misc */
1460 enum {
1461  WOLFSSL_BIO_ERROR = -1,
1462  WOLFSSL_BIO_UNSET = -2,
1463  WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */
1464 };
1465 #endif
1466 
1467 WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err,
1468  const char* file, int line);
1469 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*);
1470 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
1471  const char**, int *);
1472 
1473 WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
1474 WOLFSSL_API void wolfSSL_ERR_clear_error(void);
1475 
1476 
1477 WOLFSSL_API int wolfSSL_RAND_status(void);
1478 WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num);
1479 WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
1480 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
1481 WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
1482 WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
1483 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
1484 
1485 #ifndef NO_CERTS
1486  WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
1487 #endif /* !NO_CERTS */
1488 
1489 WOLFSSL_API void wolfSSL_ERR_free_strings(void);
1490 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
1491 WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
1492 WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl);
1493 
1494 WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
1495 WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
1496 WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
1497 WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
1498 WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
1499 
1500 
1501 WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
1502 WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
1503  const unsigned char*, unsigned int);
1505 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
1506 
1507 WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
1508 WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
1509 
1510 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
1511 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
1512  const WOLFSSL_ASN1_UTCTIME*);
1513 WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*,
1514  const WOLFSSL_ASN1_GENERALIZEDTIME*);
1515 WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*);
1516 WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*);
1517 WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int);
1518 
1519 /* stunnel 4.28 needs */
1520 WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
1521 WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
1522 WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
1523  WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
1524 WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
1525  int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
1526 WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
1527  void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
1528 
1529 WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
1530 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
1531  const unsigned char**, long);
1532 
1533 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
1534 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
1535 WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
1536 
1537 /* extra ends */
1538 
1539 
1540 /* wolfSSL extensions */
1541 
1542 /* call before SSL_connect, if verifying will add name check to
1543  date check and signature check */
1544 WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
1545 
1546 /* need to call once to load library (session cache) */
1547 WOLFSSL_API int wolfSSL_Init(void);
1548 /* call when done to cleanup/free session cache mutex / resources */
1549 WOLFSSL_API int wolfSSL_Cleanup(void);
1550 
1551 /* which library version do we have */
1552 WOLFSSL_API const char* wolfSSL_lib_version(void);
1553 /* which library version do we have in hex */
1554 WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
1555 
1556 /* do accept or connect depedning on side */
1557 WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
1558 /* turn on wolfSSL data compression */
1559 WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
1560 
1561 WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
1562 WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
1563 
1564 /* get wolfSSL peer X509_CHAIN */
1566 #ifdef WOLFSSL_ALT_CERT_CHAINS
1567 WOLFSSL_API int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl);
1568 /* get wolfSSL alternate peer X509_CHAIN */
1569 WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl);
1570 #endif
1571 /* peer chain count */
1572 WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
1573 /* index cert length */
1574 WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
1575 /* index cert */
1576 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
1577 /* index cert in X509 */
1579 /* free X509 */
1580 #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
1581 WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
1582 /* get index cert in PEM */
1583 WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
1584  unsigned char* buf, int inLen, int* outLen);
1585 WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
1586 WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
1587 WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
1588 WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
1589 WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*);
1590 WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*);
1591 WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
1592 
1593 WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
1594 
1595 WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
1596 
1597 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
1598  const unsigned char** in, int len);
1599 WOLFSSL_API WOLFSSL_X509*
1600  wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
1601 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
1602 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
1603  const unsigned char *in, int len);
1604 #ifndef NO_FILESYSTEM
1605 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
1606 #endif
1607 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
1608 
1609 #ifndef NO_FILESYSTEM
1610  #ifndef NO_STDIO_FILESYSTEM
1611  WOLFSSL_API WOLFSSL_X509*
1612  wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
1613  #endif
1614 WOLFSSL_API WOLFSSL_X509*
1615  wolfSSL_X509_load_certificate_file(const char* fname, int format);
1616 #endif
1617 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
1618  const unsigned char* buf, int sz, int format);
1619 
1620 #ifdef WOLFSSL_SEP
1621  WOLFSSL_API unsigned char*
1622  wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
1623  WOLFSSL_API unsigned char*
1624  wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
1625  WOLFSSL_API unsigned char*
1626  wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
1627 #endif
1628 
1629 /* connect enough to get peer cert */
1630 WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
1631 
1632 
1633 
1634 /* PKCS12 compatibility */
1635 typedef struct WC_PKCS12 WC_PKCS12;
1636 WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
1637  WC_PKCS12** pkcs12);
1638 #ifndef NO_FILESYSTEM
1639 WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
1640  WOLFSSL_X509_PKCS12** pkcs12);
1641 #endif
1642 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
1643  WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
1644  WOLF_STACK_OF(WOLFSSL_X509)** ca);
1645 WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
1646  WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
1648  int keyNID, int certNID, int itt, int macItt, int keytype);
1649 WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
1650 
1651 
1652 
1653 #ifndef NO_DH
1654 /* server Diffie-Hellman parameters */
1655 WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
1656  const unsigned char* g, int gSz);
1657 WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
1658  int format);
1659 WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int);
1660 #ifndef NO_FILESYSTEM
1661  WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
1662 #endif
1663 
1664 /* server ctx Diffie-Hellman parameters */
1665 WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
1666  int pSz, const unsigned char* g, int gSz);
1667 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
1668  long sz, int format);
1669 
1670 #ifndef NO_FILESYSTEM
1671  WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
1672  int format);
1673 #endif
1674 
1675 WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, word16);
1676 WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, word16);
1677 WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, word16);
1678 WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, word16);
1679 WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
1680 #endif /* NO_DH */
1681 
1682 #ifndef NO_RSA
1683 WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short);
1684 WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short);
1685 #endif /* NO_RSA */
1686 
1687 #ifdef HAVE_ECC
1688 WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short);
1689 WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short);
1690 #endif /* NO_RSA */
1691 
1692 WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, word16);
1693 WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, word16);
1694 
1695 /* keyblock size in bytes or -1 */
1696 /* need to call wolfSSL_KeepArrays before handshake to save keys */
1697 WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
1698 WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
1699  unsigned char** sr, unsigned int* srLen,
1700  unsigned char** cr, unsigned int* crLen);
1701 
1702 /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
1703 WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
1704  const char* label);
1705 
1706 
1707 #ifndef _WIN32
1708  #ifndef NO_WRITEV
1709  #ifdef __PPU
1710  #include <sys/types.h>
1711  #include <sys/socket.h>
1712  #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
1713  !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
1714  !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
1715  !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
1716  !defined(WOLFSSL_ZEPHYR)
1717  #include <sys/uio.h>
1718  #endif
1719  /* allow writev style writing */
1720  WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
1721  int iovcnt);
1722  #endif
1723 #endif
1724 
1725 
1726 #ifndef NO_CERTS
1727  /* SSL_CTX versions */
1728  WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
1729 #ifdef WOLFSSL_TRUST_PEER_CERT
1730  WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
1731  WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
1732  const unsigned char*, long, int);
1733 #endif
1735  const unsigned char*, long, int);
1737  const unsigned char*, long, int);
1739  const unsigned char*, long, int);
1741  const unsigned char*, long, int);
1742  WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*,
1743  const unsigned char*, long, int, long);
1744  WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
1745  const unsigned char*, long, int);
1747  const unsigned char*, long);
1748 
1749  /* SSL versions */
1750  WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
1751  long, int);
1752  WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
1753  int derSz);
1754  WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
1755  long, int);
1756  WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*,
1757  long, int, long);
1758  WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
1759  const unsigned char*, long, int);
1761  const unsigned char*, long);
1762  WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
1763 
1764  #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
1765  WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
1766  #endif
1767 #endif
1768 
1770 WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
1771 
1772 
1773 #ifdef HAVE_FUZZER
1774 enum fuzzer_type {
1775  FUZZ_HMAC = 0,
1776  FUZZ_ENCRYPT = 1,
1777  FUZZ_SIGNATURE = 2,
1778  FUZZ_HASH = 3,
1779  FUZZ_HEAD = 4
1780 };
1781 
1782 typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
1783  int type, void* fuzzCtx);
1784 
1785 WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
1786 #endif
1787 
1788 
1789 WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*,
1790  const unsigned char*,
1791  unsigned int);
1792 
1793 
1794 /* I/O Callback default errors */
1795 enum IOerrors {
1796  WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
1797  WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
1798  WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
1799  WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
1800  WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */
1801  WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
1802  WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
1803 };
1804 
1805 
1806 /* CA cache callbacks */
1807 enum {
1808  WOLFSSL_SSLV3 = 0,
1809  WOLFSSL_TLSV1 = 1,
1810  WOLFSSL_TLSV1_1 = 2,
1811  WOLFSSL_TLSV1_2 = 3,
1812  WOLFSSL_TLSV1_3 = 4,
1813  WOLFSSL_USER_CA = 1, /* user added as trusted */
1814  WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
1815 };
1816 
1817 WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*);
1818 
1819 WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
1820 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
1821 WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
1822 WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
1823 WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
1824 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
1825 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
1826 WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
1827 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
1828 
1829 /* moved to asn.c, old names kept for backwards compatability */
1830 #define wolfSSL_KeyPemToDer wc_KeyPemToDer
1831 #define wolfSSL_CertPemToDer wc_CertPemToDer
1832 #define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
1833 #define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
1834 #define wolfSSL_PemCertToDer wc_PemCertToDer
1835 
1836 
1837 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
1838 typedef void (*CbMissingCRL)(const char* url);
1839 typedef int (*CbOCSPIO)(void*, const char*, int,
1840  unsigned char*, int, unsigned char**);
1841 typedef void (*CbOCSPRespFree)(void*,unsigned char*);
1842 
1843 #ifdef HAVE_CRL_IO
1844 typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
1845 #endif
1846 
1847 /* User Atomic Record Layer CallBacks */
1848 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
1849  const unsigned char* macIn, unsigned int macInSz, int macContent,
1850  int macVerify, unsigned char* encOut, const unsigned char* encIn,
1851  unsigned int encSz, void* ctx);
1852 WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
1853 WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
1854 WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
1855 
1856 typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
1857  unsigned char* decOut, const unsigned char* decIn,
1858  unsigned int decSz, int content, int verify, unsigned int* padSz,
1859  void* ctx);
1861  CallbackDecryptVerify);
1862 WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
1863 WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
1864 
1865 WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
1866 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
1867 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
1868 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
1869 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
1870 WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*);
1871 WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*);
1872 WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*);
1873 WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*);
1874 WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*);
1875 WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*);
1876 WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*);
1877 WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*);
1878 WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*);
1879 WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*);
1880 WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
1881  word32, int, int);
1882 
1883 /* Atomic User Needs */
1884 enum {
1885  WOLFSSL_SERVER_END = 0,
1886  WOLFSSL_CLIENT_END = 1,
1887  WOLFSSL_NEITHER_END = 3,
1888  WOLFSSL_BLOCK_TYPE = 2,
1889  WOLFSSL_STREAM_TYPE = 3,
1890  WOLFSSL_AEAD_TYPE = 4,
1891  WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
1892 };
1893 
1894 /* for GetBulkCipher and internal use */
1895 enum BulkCipherAlgorithm {
1896  wolfssl_cipher_null,
1897  wolfssl_rc4,
1898  wolfssl_rc2,
1899  wolfssl_des,
1900  wolfssl_triple_des, /* leading 3 (3des) not valid identifier */
1901  wolfssl_des40,
1902 #ifdef HAVE_IDEA
1903  wolfssl_idea,
1904 #endif
1905  wolfssl_aes,
1906  wolfssl_aes_gcm,
1907  wolfssl_aes_ccm,
1908  wolfssl_chacha,
1909  wolfssl_camellia,
1910  wolfssl_hc128, /* wolfSSL extensions */
1911  wolfssl_rabbit
1912 };
1913 
1914 
1915 /* for KDF TLS 1.2 mac types */
1916 enum KDF_MacAlgorithm {
1917  wolfssl_sha256 = 4, /* needs to match hash.h wc_MACAlgorithm */
1918  wolfssl_sha384,
1919  wolfssl_sha512
1920 };
1921 
1922 
1923 /* Public Key Callback support */
1924 #ifdef HAVE_PK_CALLBACKS
1925 #ifdef HAVE_ECC
1926 
1927 struct ecc_key;
1928 
1929 typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key,
1930  unsigned int keySz, int ecc_curve, void* ctx);
1931 WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen);
1932 WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx);
1933 WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl);
1934 
1935 typedef int (*CallbackEccSign)(WOLFSSL* ssl,
1936  const unsigned char* in, unsigned int inSz,
1937  unsigned char* out, unsigned int* outSz,
1938  const unsigned char* keyDer, unsigned int keySz,
1939  void* ctx);
1940 WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign);
1941 WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
1942 WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
1943 
1944 typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
1945  const unsigned char* sig, unsigned int sigSz,
1946  const unsigned char* hash, unsigned int hashSz,
1947  const unsigned char* keyDer, unsigned int keySz,
1948  int* result, void* ctx);
1949 WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
1950 WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
1951 WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
1952 
1953 typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
1954  unsigned char* pubKeyDer, unsigned int* pubKeySz,
1955  unsigned char* out, unsigned int* outlen,
1956  int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
1957 WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret);
1958 WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx);
1959 WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl);
1960 #endif
1961 
1962 #ifndef NO_DH
1963 /* Public DH Key Callback support */
1964 struct DhKey;
1965 typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
1966  const unsigned char* priv, unsigned int privSz,
1967  const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
1968  unsigned char* out, unsigned int* outlen,
1969  void* ctx);
1970 WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
1971 WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
1972 WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl);
1973 #endif /* !NO_DH */
1974 
1975 #ifdef HAVE_ED25519
1976 struct ed25519_key;
1977 typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl,
1978  const unsigned char* in, unsigned int inSz,
1979  unsigned char* out, unsigned int* outSz,
1980  const unsigned char* keyDer, unsigned int keySz,
1981  void* ctx);
1982 WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*,
1983  CallbackEd25519Sign);
1984 WOLFSSL_API void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx);
1985 WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl);
1986 
1987 typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl,
1988  const unsigned char* sig, unsigned int sigSz,
1989  const unsigned char* msg, unsigned int msgSz,
1990  const unsigned char* keyDer, unsigned int keySz,
1991  int* result, void* ctx);
1992 WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*,
1993  CallbackEd25519Verify);
1994 WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx);
1995 WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl);
1996 #endif
1997 
1998 #ifdef HAVE_CURVE25519
1999 struct curve25519_key;
2000 
2001 typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key,
2002  unsigned int keySz, void* ctx);
2003 WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen);
2004 WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx);
2005 WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl);
2006 
2007 typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl,
2008  struct curve25519_key* otherKey,
2009  unsigned char* pubKeyDer, unsigned int* pubKeySz,
2010  unsigned char* out, unsigned int* outlen,
2011  int side, void* ctx);
2012  /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
2013 WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*,
2014  CallbackX25519SharedSecret);
2015 WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx);
2016 WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl);
2017 #endif
2018 
2019 #ifndef NO_RSA
2020 typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
2021  const unsigned char* in, unsigned int inSz,
2022  unsigned char* out, unsigned int* outSz,
2023  const unsigned char* keyDer, unsigned int keySz,
2024  void* ctx);
2025 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
2026 WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
2027 WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
2028 
2029 typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
2030  unsigned char* sig, unsigned int sigSz,
2031  unsigned char** out,
2032  const unsigned char* keyDer, unsigned int keySz,
2033  void* ctx);
2034 WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
2035 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify);
2036 WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
2037 WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
2038 
2039 #ifdef WC_RSA_PSS
2040 typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl,
2041  const unsigned char* in, unsigned int inSz,
2042  unsigned char* out, unsigned int* outSz,
2043  int hash, int mgf,
2044  const unsigned char* keyDer, unsigned int keySz,
2045  void* ctx);
2046 WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign);
2047 WOLFSSL_API void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx);
2048 WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl);
2049 
2050 typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl,
2051  unsigned char* sig, unsigned int sigSz,
2052  unsigned char** out,
2053  int hash, int mgf,
2054  const unsigned char* keyDer, unsigned int keySz,
2055  void* ctx);
2056 WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*,
2057  CallbackRsaPssVerify);
2058 WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*,
2059  CallbackRsaPssVerify);
2060 WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx);
2061 WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
2062 #endif
2063 
2064 /* RSA Public Encrypt cb */
2065 typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
2066  const unsigned char* in, unsigned int inSz,
2067  unsigned char* out, unsigned int* outSz,
2068  const unsigned char* keyDer, unsigned int keySz,
2069  void* ctx);
2070 WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
2071 WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
2072 WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
2073 
2074 /* RSA Private Decrypt cb */
2075 typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
2076  unsigned char* in, unsigned int inSz,
2077  unsigned char** out,
2078  const unsigned char* keyDer, unsigned int keySz,
2079  void* ctx);
2080 WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
2081 WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
2082 WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
2083 #endif
2084 #endif /* HAVE_PK_CALLBACKS */
2085 
2086 #ifndef NO_CERTS
2087  WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
2088 
2089  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*);
2090 
2091  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
2092  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
2093  WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
2094 
2095  WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
2096  const char* d);
2098  const unsigned char* in, long sz, int format);
2100 #ifdef WOLFSSL_TRUST_PEER_CERT
2102 #endif
2103  WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
2104  int format);
2106  const unsigned char* buff, long sz, int format);
2108  unsigned char*, int sz);
2110  int options);
2113  const char*, int, int);
2115  const unsigned char*, long sz, int);
2117  CbMissingCRL);
2118  WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *);
2119 #ifdef HAVE_CRL_IO
2120  WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
2121  CbCrlIO);
2122 #endif
2123 #if defined(HAVE_OCSP)
2124  WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *,
2125  byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
2126  CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
2127 #endif
2129  unsigned char*, int sz);
2131  int options);
2134  const char*);
2136  CbOCSPIO, CbOCSPRespFree, void*);
2137 
2138  WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
2139  WOLFSSL_CERT_MANAGER* cm);
2140  WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
2141  WOLFSSL_CERT_MANAGER* cm);
2142 
2143  WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
2144  WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
2145  WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
2146  WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*,
2147  const unsigned char*, long sz, int);
2148  WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
2149 #ifdef HAVE_CRL_IO
2150  WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
2151 #endif
2152  WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
2153  WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
2154  WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
2155  WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
2156  WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*);
2157  WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*);
2158 
2159  WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
2160  WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
2161  WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
2162  WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*,
2163  const unsigned char*, long sz, int);
2164  WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
2165 #ifdef HAVE_CRL_IO
2166  WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
2167 #endif
2168 
2169  WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
2170  WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
2171  WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
2172  WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
2173  CbOCSPIO, CbOCSPRespFree, void*);
2174  WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
2175  WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
2176 #endif /* !NO_CERTS */
2177 
2178 
2179 #ifdef SINGLE_THREADED
2180  WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*);
2181 #endif
2182 
2183 /* end of handshake frees temporary arrays, if user needs for get_keys or
2184  psk hints, call KeepArrays before handshake and then FreeArrays when done
2185  if don't want to wait for object free */
2186 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
2187 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
2188 
2189 WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl);
2190 WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl);
2191 
2192 WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
2193 WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
2194 
2195 /* async additions */
2196 #define wolfSSL_UseAsync wolfSSL_SetDevId
2197 #define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId
2198 WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId);
2199 WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId);
2200 
2201 /* helpers to get device id and heap */
2202 WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
2203 WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
2204 
2205 /* TLS Extensions */
2206 
2207 /* Server Name Indication */
2208 #ifdef HAVE_SNI
2209 
2210 /* SNI types */
2211 enum {
2212  WOLFSSL_SNI_HOST_NAME = 0
2213 };
2214 
2215 WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
2216  const void* data, unsigned short size);
2217 WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
2218  const void* data, unsigned short size);
2219 
2220 #ifndef NO_WOLFSSL_SERVER
2221 
2222 /* SNI options */
2223 enum {
2224  /* Do not abort the handshake if the requested SNI didn't match. */
2225  WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
2226 
2227  /* Behave as if the requested SNI matched in a case of mismatch. */
2228  /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
2229  WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02,
2230 
2231  /* Abort the handshake if the client didn't send a SNI request. */
2232  WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04,
2233 };
2234 
2235 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
2236  unsigned char options);
2237 WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
2238  unsigned char type, unsigned char options);
2239 WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
2240  const unsigned char* clientHello, unsigned int helloSz,
2241  unsigned char type, unsigned char* sni, unsigned int* inOutSz);
2242 
2243 #endif /* NO_WOLFSSL_SERVER */
2244 
2245 /* SNI status */
2246 enum {
2247  WOLFSSL_SNI_NO_MATCH = 0,
2249  WOLFSSL_SNI_REAL_MATCH = 2,
2250  WOLFSSL_SNI_FORCE_KEEP = 3
2251 };
2252 
2253 WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
2254 
2255 WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
2256  unsigned char type, void** data);
2257 
2258 #endif /* HAVE_SNI */
2259 
2260 /* Trusted CA Key Indication - RFC 6066 (Section 6) */
2261 #ifdef HAVE_TRUSTED_CA
2262 
2263 /* TCA Identifier Type */
2264 enum {
2265  WOLFSSL_TRUSTED_CA_PRE_AGREED = 0,
2266  WOLFSSL_TRUSTED_CA_KEY_SHA1 = 1,
2267  WOLFSSL_TRUSTED_CA_X509_NAME = 2,
2268  WOLFSSL_TRUSTED_CA_CERT_SHA1 = 3
2269 };
2270 
2271 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type,
2272  const unsigned char* certId, unsigned int certIdSz);
2273 #endif /* HAVE_TRUSTED_CA */
2274 
2275 /* Application-Layer Protocol Negotiation */
2276 #ifdef HAVE_ALPN
2277 
2278 /* ALPN status code */
2279 enum {
2280  WOLFSSL_ALPN_NO_MATCH = 0,
2281  WOLFSSL_ALPN_MATCH = 1,
2282  WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
2283  WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
2284 };
2285 
2286 enum {
2287  WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255,
2288  WOLFSSL_MAX_ALPN_NUMBER = 257
2289 };
2290 
2291 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2292 typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
2293  unsigned char* outLen, const unsigned char* in, unsigned int inLen,
2294  void *arg);
2295 #endif
2296 
2297 WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
2298  unsigned int protocol_name_listSz,
2299  unsigned char options);
2300 
2301 WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
2302  unsigned short *size);
2303 
2304 WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
2305  unsigned short *listSz);
2306 WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list);
2307 #endif /* HAVE_ALPN */
2308 
2309 /* Maximum Fragment Length */
2310 #ifdef HAVE_MAX_FRAGMENT
2311 
2312 /* Fragment lengths */
2313 enum {
2314  WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
2315  WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
2316  WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
2317  WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
2318  WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
2319  WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */
2320  WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9,
2321  WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8,
2322 };
2323 
2324 #ifndef NO_WOLFSSL_CLIENT
2325 
2326 WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
2327 WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
2328 
2329 #endif
2330 #endif /* HAVE_MAX_FRAGMENT */
2331 
2332 /* Truncated HMAC */
2333 #ifdef HAVE_TRUNCATED_HMAC
2334 #ifndef NO_WOLFSSL_CLIENT
2335 
2336 WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
2337 WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
2338 
2339 #endif
2340 #endif
2341 
2342 /* Certificate Status Request */
2343 /* Certificate Status Type */
2344 enum {
2345  WOLFSSL_CSR_OCSP = 1
2346 };
2347 
2348 /* Certificate Status Options (flags) */
2349 enum {
2350  WOLFSSL_CSR_OCSP_USE_NONCE = 0x01
2351 };
2352 
2353 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2354 #ifndef NO_WOLFSSL_CLIENT
2355 
2356 WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
2357  unsigned char status_type, unsigned char options);
2358 
2359 WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
2360  unsigned char status_type, unsigned char options);
2361 
2362 #endif
2363 #endif
2364 
2365 /* Certificate Status Request v2 */
2366 /* Certificate Status Type */
2367 enum {
2368  WOLFSSL_CSR2_OCSP = 1,
2369  WOLFSSL_CSR2_OCSP_MULTI = 2
2370 };
2371 
2372 /* Certificate Status v2 Options (flags) */
2373 enum {
2374  WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01
2375 };
2376 
2377 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2378 #ifndef NO_WOLFSSL_CLIENT
2379 
2380 WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
2381  unsigned char status_type, unsigned char options);
2382 
2383 WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
2384  unsigned char status_type, unsigned char options);
2385 
2386 #endif
2387 #endif
2388 
2389 /* Named Groups */
2390 enum {
2391 #if 0 /* Not Supported */
2392  WOLFSSL_ECC_SECT163K1 = 1,
2393  WOLFSSL_ECC_SECT163R1 = 2,
2394  WOLFSSL_ECC_SECT163R2 = 3,
2395  WOLFSSL_ECC_SECT193R1 = 4,
2396  WOLFSSL_ECC_SECT193R2 = 5,
2397  WOLFSSL_ECC_SECT233K1 = 6,
2398  WOLFSSL_ECC_SECT233R1 = 7,
2399  WOLFSSL_ECC_SECT239K1 = 8,
2400  WOLFSSL_ECC_SECT283K1 = 9,
2401  WOLFSSL_ECC_SECT283R1 = 10,
2402  WOLFSSL_ECC_SECT409K1 = 11,
2403  WOLFSSL_ECC_SECT409R1 = 12,
2404  WOLFSSL_ECC_SECT571K1 = 13,
2405  WOLFSSL_ECC_SECT571R1 = 14,
2406 #endif
2407  WOLFSSL_ECC_SECP160K1 = 15,
2408  WOLFSSL_ECC_SECP160R1 = 16,
2409  WOLFSSL_ECC_SECP160R2 = 17,
2410  WOLFSSL_ECC_SECP192K1 = 18,
2411  WOLFSSL_ECC_SECP192R1 = 19,
2412  WOLFSSL_ECC_SECP224K1 = 20,
2413  WOLFSSL_ECC_SECP224R1 = 21,
2414  WOLFSSL_ECC_SECP256K1 = 22,
2415  WOLFSSL_ECC_SECP256R1 = 23,
2416  WOLFSSL_ECC_SECP384R1 = 24,
2417  WOLFSSL_ECC_SECP521R1 = 25,
2418  WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
2419  WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
2420  WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
2421  WOLFSSL_ECC_X25519 = 29,
2422  /* Not implemented. */
2423  WOLFSSL_ECC_X448 = 30,
2424 
2425  WOLFSSL_FFDHE_2048 = 256,
2426  WOLFSSL_FFDHE_3072 = 257,
2427  WOLFSSL_FFDHE_4096 = 258,
2428  WOLFSSL_FFDHE_6144 = 259,
2429  WOLFSSL_FFDHE_8192 = 260,
2430 };
2431 
2432 enum {
2433  WOLFSSL_EC_PF_UNCOMPRESSED = 0,
2434 #if 0 /* Not Supported */
2435  WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
2436  WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
2437 #endif
2438 };
2439 
2440 #ifdef HAVE_SUPPORTED_CURVES
2441 #ifndef NO_WOLFSSL_CLIENT
2442 
2443 WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
2444 WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
2445  word16 name);
2446 
2447 #endif
2448 #endif
2449 
2450 #ifdef WOLFSSL_TLS13
2451 WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
2452 WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
2453 #endif
2454 
2455 
2456 /* Secure Renegotiation */
2457 #ifdef HAVE_SECURE_RENEGOTIATION
2458 
2459 WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
2460 WOLFSSL_API int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume);
2461 WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
2462 WOLFSSL_API int wolfSSL_SecureResume(WOLFSSL* ssl);
2463 
2464 #endif
2465 
2466 /* Session Ticket */
2467 #ifdef HAVE_SESSION_TICKET
2468 
2469 #ifndef NO_WOLFSSL_CLIENT
2470 WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
2471 WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
2472 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, word32*);
2473 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, word32);
2474 typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
2475 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
2476  CallbackSessionTicket, void*);
2477 #endif /* NO_WOLFSSL_CLIENT */
2478 
2479 
2480 #define WOLFSSL_TICKET_NAME_SZ 16
2481 #define WOLFSSL_TICKET_IV_SZ 16
2482 #define WOLFSSL_TICKET_MAC_SZ 32
2483 
2484 enum TicketEncRet {
2485  WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */
2486  WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */
2487  WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */
2488  WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */
2489 };
2490 
2491 #ifndef NO_WOLFSSL_SERVER
2492 
2493 typedef int (*SessionTicketEncCb)(WOLFSSL*,
2494  unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
2495  unsigned char iv[WOLFSSL_TICKET_IV_SZ],
2496  unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
2497  int enc, unsigned char*, int, int*, void*);
2498 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
2499  SessionTicketEncCb);
2500 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
2501 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
2502 
2503 #endif /* NO_WOLFSSL_SERVER */
2504 
2505 #endif /* HAVE_SESSION_TICKET */
2506 
2507 #ifdef HAVE_QSH
2508 /* Quantum-safe Crypto Schemes */
2509 enum {
2510  WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */
2511  WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */
2512  WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
2513  WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */
2514  WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */
2515  WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */
2516 };
2517 
2518 
2519 /* test if the connection is using a QSH secure connection return 1 if so */
2520 WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
2521 WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
2522 #ifndef NO_WOLFSSL_CLIENT
2523  /* user control over sending client public key in hello
2524  when flag = 1 will send keys if flag is 0 or function is not called
2525  then will not send keys in the hello extension */
2526  WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
2527 #endif
2528 
2529 #endif /* QSH */
2530 
2531 /* TLS Extended Master Secret Extension */
2532 WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
2533 WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
2534 
2535 
2536 #define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
2537 #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
2538 
2539 
2540 /* notify user the handshake is done */
2541 typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
2542 WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
2543 
2544 
2545 WOLFSSL_API int wolfSSL_PrintSessionStats(void);
2546 WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
2547  unsigned int* total,
2548  unsigned int* peak,
2549  unsigned int* maxSessions);
2550 /* External facing KDF */
2551 WOLFSSL_API
2552 int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
2553  const unsigned char* pms, word32 pmsLen,
2554  const unsigned char* cr, const unsigned char* sr,
2555  int tls1_2, int hash_type);
2556 
2557 WOLFSSL_API
2558 int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, word32 msLen,
2559  const unsigned char* pms, word32 pmsLen,
2560  const unsigned char* sHash, word32 sHashLen,
2561  int tls1_2, int hash_type);
2562 
2563 WOLFSSL_API
2564 int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
2565  const unsigned char* ms, word32 msLen,
2566  const unsigned char* sr, const unsigned char* cr,
2567  int tls1_2, int hash_type);
2568 
2569 #ifdef WOLFSSL_CALLBACKS
2570 
2571 /* used internally by wolfSSL while OpenSSL types aren't */
2572 #include <wolfssl/callbacks.h>
2573 
2574 typedef int (*HandShakeCallBack)(HandShakeInfo*);
2575 typedef int (*TimeoutCallBack)(TimeoutInfo*);
2576 
2577 /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
2578  for diagnostics */
2579 WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
2580  Timeval);
2581 WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
2582  Timeval);
2583 
2584 #endif /* WOLFSSL_CALLBACKS */
2585 
2586 
2587 #ifdef WOLFSSL_HAVE_WOLFSCEP
2588  WOLFSSL_API void wolfSSL_wolfSCEP(void);
2589 #endif /* WOLFSSL_HAVE_WOLFSCEP */
2590 
2591 #ifdef WOLFSSL_HAVE_CERT_SERVICE
2592  WOLFSSL_API void wolfSSL_cert_service(void);
2593 #endif
2594 
2595 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
2596 /* Smaller subset of X509 compatibility functions. Avoid increasing the size of
2597  * this subset and its memory usage */
2598 
2599 #include <wolfssl/openssl/asn1.h>
2601  WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
2602  WOLFSSL_ASN1_STRING data;
2603  WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
2604  int nid; /* i.e. ASN_COMMON_NAME */
2605  int set;
2606  int size;
2607 };
2608 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
2609 
2610 
2611 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
2612 
2613 enum {
2614  WOLFSSL_SYS_ACCEPT = 0,
2615  WOLFSSL_SYS_BIND,
2616  WOLFSSL_SYS_CONNECT,
2617  WOLFSSL_SYS_FOPEN,
2618  WOLFSSL_SYS_FREAD,
2619  WOLFSSL_SYS_GETADDRINFO,
2620  WOLFSSL_SYS_GETSOCKOPT,
2621  WOLFSSL_SYS_GETSOCKNAME,
2622  WOLFSSL_SYS_GETHOSTBYNAME,
2623  WOLFSSL_SYS_GETNAMEINFO,
2624  WOLFSSL_SYS_GETSERVBYNAME,
2625  WOLFSSL_SYS_IOCTLSOCKET,
2626  WOLFSSL_SYS_LISTEN,
2627  WOLFSSL_SYS_OPENDIR,
2628  WOLFSSL_SYS_SETSOCKOPT,
2629  WOLFSSL_SYS_SOCKET
2630 };
2631 
2632 /* Object functions */
2633 WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n);
2634 WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
2635 WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
2636 
2637 WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
2638 WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn);
2639 
2640 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n);
2641 WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj);
2642 WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name);
2643 
2644 WOLFSSL_API void wolfSSL_OBJ_cleanup(void);
2645 /* end of object functions */
2646 
2647 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
2648 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
2649 WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
2650 
2651 #ifndef NO_CERTS
2652 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
2653  WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
2654  unsigned char* data, int dataSz);
2655 WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
2656  WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set);
2657 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
2658  const char *field, int type, const unsigned char *bytes, int len, int loc,
2659  int set);
2660 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
2661  const WOLFSSL_X509_NAME* y);
2662 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
2663 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
2664 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
2665  int nid, int* c, int* idx);
2666 WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
2667  const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
2668 WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
2669 WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
2670 WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
2671  unsigned char* der, long derSz);
2672 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
2673 #ifndef NO_RSA
2674 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
2675  long derSz);
2676 #endif
2677 #endif /* NO_CERTS */
2678 
2679 WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
2680 
2681 WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
2682  unsigned char* out, int outSz);
2683 WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
2684 
2685 WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
2686  WOLFSSL_X509_STORE* str);
2687 WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
2688 #if !defined(NO_FILESYSTEM)
2689 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
2690  WOLFSSL_X509** x509);
2691 #endif
2693  WOLFSSL_X509** x509);
2695 
2696 WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
2697 WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
2698 WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
2699  unsigned char *out, size_t outlen);
2700 WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
2701  unsigned char* out, size_t outSz);
2702 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
2703 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
2705  (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
2706 #ifndef NO_FILESYSTEM
2707 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp,
2708  WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
2709 #endif
2710 WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
2711  EncryptedInfo* cipher);
2712 WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
2713  unsigned char* data, long* len,
2714  pem_password_cb* callback, void* ctx);
2715 
2716 /*lighttp compatibility */
2717 
2719  int length;
2720  int type;
2721  char* data;
2722  long flags;
2723 };
2724 
2725 
2726 #if defined(OPENSSL_EXTRA) \
2727  || defined(OPENSSL_ALL) \
2728  || defined(HAVE_LIGHTY) \
2729  || defined(WOLFSSL_MYSQL_COMPATIBLE) \
2730  || defined(HAVE_STUNNEL) \
2731  || defined(WOLFSSL_NGINX) \
2732  || defined(WOLFSSL_HAPROXY)
2733 WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
2734 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
2735 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
2736 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
2737 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
2738 /* These are to be merged shortly */
2739 WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
2740 WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
2741 WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
2742 WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
2743 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
2744 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
2745 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
2746 WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
2747 WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
2748 WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
2749 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
2750 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );
2751 WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509);
2752 
2753 #ifndef NO_FILESYSTEM
2754 WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
2755 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
2756 #endif
2757 
2758 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
2759 
2760 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
2761 
2762 
2763 #if defined(OPENSSL_ALL) \
2764  || defined(HAVE_STUNNEL) \
2765  || defined(HAVE_LIGHTY) \
2766  || defined(WOLFSSL_MYSQL_COMPATIBLE) \
2767  || defined(WOLFSSL_HAPROXY) \
2768  || defined(OPENSSL_EXTRA)
2769 
2770 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
2771 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
2772 WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
2773  WOLFSSL_DH **x, pem_password_cb *cb, void *u);
2775  WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
2776 WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
2777 WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
2778 WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
2779 
2780 #endif /* HAVE_STUNNEL || HAVE_LIGHTY */
2781 
2782 #ifdef OPENSSL_ALL
2783 WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
2784 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
2785 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
2786 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
2787  const WOLFSSL_EVP_MD *md);
2788 WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
2789  WOLFSSL_X509_NAME *name);
2790 WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
2791  WOLFSSL_EVP_PKEY *pkey);
2792 #endif
2793 
2794 
2795 #if defined(OPENSSL_ALL) \
2796  || defined(HAVE_STUNNEL) \
2797  || defined(WOLFSSL_NGINX) \
2798  || defined(WOLFSSL_HAPROXY) \
2799  || defined(OPENSSL_EXTRA) \
2800  || defined(HAVE_LIGHTY)
2801 
2802 #include <wolfssl/openssl/crypto.h>
2803 
2804 /* SNI received callback type */
2805 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
2806 
2807 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
2808  void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
2809 
2810 WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
2811 
2812 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
2813 WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
2814  void (*callback) (int, int, void *), void *cb_arg);
2815 
2816 WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
2817  void (*callback) (int, int, void *));
2818 
2819 WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
2820 
2821 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
2822 
2823 WOLFSSL_API int wolfSSL_FIPS_mode(void);
2824 
2825 WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
2826 
2827 WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
2828 
2829 WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
2830 
2831 WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s);
2832 
2833 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void);
2834 WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s);
2835 
2836 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
2837  unsigned long);
2838 
2839 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
2840  const WOLFSSL_X509*);
2841 
2842 WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
2843 
2844 WOLFSSL_API int wolfSSL_version(WOLFSSL*);
2845 
2846 WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
2847 
2848 WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int);
2849 
2850 WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
2851 
2852 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
2853 
2854 WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
2855 
2856 WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
2857  CRYPTO_free_func*);
2858 
2859 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
2860 
2861 
2862 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
2863  unsigned int*);
2864 
2865 WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *);
2866 
2867 WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char);
2868 
2869 WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*);
2870 
2871 WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
2872 
2873 WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
2874 
2875 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
2876  CallbackSniRecv);
2877 WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
2878  CallbackSniRecv);
2879 
2880 WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
2881 
2882 WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
2883 
2884 /* support for depricated old name */
2885 #define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
2886 
2887 #ifndef NO_FILESYSTEM
2888 WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp);
2889 #endif
2890 
2891 WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
2892 
2893 WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
2894 
2895 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
2897 
2898 WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
2899 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
2900 
2901 #if defined(OPENSSL_ALL) || \
2902  defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
2903  defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2904 
2905 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
2906 
2907 #endif
2908 
2909 #ifdef WOLFSSL_JNI
2910 WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
2911 WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
2912 #endif /* WOLFSSL_JNI */
2913 
2914 
2915 #ifdef WOLFSSL_ASYNC_CRYPT
2916 WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
2917 WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
2918  WOLF_EVENT_FLAG flags, int* eventCount);
2919 #endif /* WOLFSSL_ASYNC_CRYPT */
2920 
2921 #ifdef OPENSSL_EXTRA
2922 WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names);
2923 
2924 typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
2925  const void *buf, size_t len, WOLFSSL *ssl, void *arg);
2926 
2927 WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
2928 WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
2929 WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
2930 WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
2931 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
2932  int *line, const char **data, int *flags);
2933 WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx,
2934  const unsigned char *protos, unsigned int protos_len);
2935 WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
2936  size_t siz, const char* file, int line);
2937 WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
2938 #endif
2939 
2940 #if defined(OPENSSL_ALL) \
2941  || defined(WOLFSSL_NGINX) \
2942  || defined(WOLFSSL_HAPROXY) \
2943  || defined(OPENSSL_EXTRA)
2944 WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
2945 #endif
2946 
2947 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2948 /* Not an OpenSSL API. */
2949 WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
2950 /* Not an OpenSSL API. */
2951 WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
2952 /* Not an OpenSSL API. */
2953 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
2954 #endif
2955 
2956 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
2957  || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
2958 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
2959 WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
2960  void *b, void *c);
2961 WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
2962 WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
2963  void *data);
2964 
2965 WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
2966  const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
2967 
2968 WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
2969 WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
2970  WOLFSSL_EC_KEY *ecdh);
2971 WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *,
2972  WOLFSSL_SESSION *c);
2973 
2974 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
2975 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
2976 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
2977 WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL *a); /* #define in OpenSSL */
2978 #ifndef NO_SESSION_CACHE
2979  WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
2980 #endif
2981 WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
2982  size_t chklen, unsigned int flags, char **peername);
2983 
2984 WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
2985  const WOLFSSL_ASN1_INTEGER *a);
2986 
2987 #ifdef HAVE_SESSION_TICKET
2988 WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
2989  WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
2990  WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
2991 #endif
2992 
2993 #if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
2994  defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2995 WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
2996  WOLF_STACK_OF(X509)** chain);
2997 WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
2998  int(*)(WOLFSSL*, void*));
2999 
3000 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
3002 
3003 WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
3004 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
3005 
3006 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
3007  WOLFSSL_X509 *subject);
3008 
3009 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x);
3010 
3011 WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
3012  WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
3013 #endif /* HAVE_OCSP */
3014 
3015 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
3016  WOLFSSL_X509 *cert);
3017 
3018 #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
3019  OPENSSL_EXTRA || HAVE_LIGHTY*/
3020 
3021 WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
3022  const unsigned char **data, unsigned int *len);
3023 WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
3024  unsigned char *outlen,
3025  const unsigned char *in, unsigned int inlen,
3026  const unsigned char *client,
3027  unsigned int client_len);
3028 WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
3029  int (*cb) (WOLFSSL *ssl,
3030  const unsigned char **out,
3031  unsigned char *outlen,
3032  const unsigned char *in,
3033  unsigned int inlen,
3034  void *arg), void *arg);
3035 WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
3036  int (*cb) (WOLFSSL *ssl,
3037  const unsigned char **out,
3038  unsigned int *outlen,
3039  void *arg), void *arg);
3040 WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
3041  int (*cb) (WOLFSSL *ssl,
3042  unsigned char **out,
3043  unsigned char *outlen,
3044  const unsigned char *in,
3045  unsigned int inlen,
3046  void *arg), void *arg);
3047 WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
3048  unsigned *len);
3049 
3050 
3051 #ifdef OPENSSL_EXTRA
3052 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3053 WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
3054  const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
3055 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
3056 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
3057 #endif
3058 
3059 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
3060 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
3061 WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
3062 WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor);
3063 WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
3064 WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
3065 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
3066 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
3067 WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
3068 WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
3069 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
3070 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
3071 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
3072 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
3073 WOLFSSL_API void ERR_load_SSL_strings(void);
3074 WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
3075 
3076 WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
3077 WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags);
3078 WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t);
3079 WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
3080 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
3081  WOLFSSL_ASN1_TIME **out);
3082 WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
3083 WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
3084 WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
3085 WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
3086 
3087 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
3088  WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
3089  int passwdSz, pem_password_cb* cb, void* ctx);
3090 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
3091  WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
3092 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
3093  WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
3094 
3095 #endif /* OPENSSL_EXTRA */
3096 
3097 #ifdef HAVE_PK_CALLBACKS
3098 WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx);
3099 #endif
3100 
3101 #ifdef __cplusplus
3102  } /* extern "C" */
3103 #endif
3104 
3105 
3106 #endif /* WOLFSSL_SSL_H */
WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL *)
This function allows the application to determine if wolfSSL is using non-blocking I/O with UDP...
Definition: ssl.c:8824
Definition: ssl.h:406
Definition: asn.h:1197
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX *, const unsigned char *b, long sz, int format)
A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper.
Definition: ssl.c:11385
WOLFSSL_API int wolfSSL_shutdown(WOLFSSL *)
This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will ...
Definition: ssl.c:2673
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER *cm)
This function turns on OCSP stapling if it is not turned on as well as set the options.
Definition: ssl.c:5609
Definition: ecdsa.h:41
WOLFSSL_API const char * wolfSSL_get_psk_identity(const WOLFSSL *)
The function returns a constant pointer to the client_identity member of the Arrays structure...
Definition: ssl.c:11126
WOLFSSL_API WOLFSSL_CIPHER * wolfSSL_get_current_cipher(WOLFSSL *)
This function returns a pointer to the current cipher in the ssl session.
Definition: ssl.c:16268
WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL *, CbMissingCRL)
Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:6354
WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER *, const char *f, int format)
Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILET...
Definition: ssl.c:6091
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_client_method(void)
The wolfSSLv3_client_method() function is used to indicate that the application is a client and will ...
Definition: ssl.c:9055
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_server_method(void)
The wolfSSLv3_server_method() function is used to indicate that the application is a server and will ...
Definition: ssl.c:9429
WOLFSSL_API const unsigned char * wolfSSL_GetMacSecret(WOLFSSL *, int)
Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies wh...
Definition: ssl.c:2912
WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
This is used to set and write to a file. WIll overwrite any data currently in the file and is set to ...
Definition: bio.c:1105
WOLFSSL_API int wolfSSL_negotiate(WOLFSSL *ssl)
Performs the actual connect or accept based on the side of the SSL method. If called from the client ...
Definition: ssl.c:1137
WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *, void *arg)
This function sets the options argument to use with OCSP.
Definition: ssl.c:21170
WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL *)
Allows retrieval of the key size from the handshake process.
Definition: ssl.c:3015
WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type, void **data)
This function is called on the server side to retrieve the Server Name Indication provided by the cli...
Definition: ssl.c:1937
WOLFSSL_API void * wolfSSL_GetMacEncryptCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously s...
Definition: ssl.c:2948
WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL *, const unsigned char *b, long sz, int format)
The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman paramet...
Definition: ssl.c:11374
WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL *, const char *, int, int)
A wrapper function that ends up calling LoadCRL to load the certificate for revocation checking...
Definition: ssl.c:6344
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-b...
Definition: ssl.c:11203
WOLFSSL_API void wolfSSL_load_error_strings(void)
This function is for OpenSSL compatibility (SSL_load_error_string) only and takes no action...
Definition: ssl.c:8273
WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL *ssl, int)
This function sets the maximum dtls timeout.
Definition: ssl.c:8900
WOLFSSL_API WOLFSSL_DSA * wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u)
This function get the DSA parameters from a PEM buffer in bio.
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_server_method(void)
The wolfSSLv23_server_method() function is used to indicate that the application is a server and will...
Definition: ssl.c:9448
WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX *)
This function returns the get read ahead flag from a WOLFSSL_CTX structure.
Definition: ssl.c:21216
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_load_certificate_file(const char *fname, int format)
The function loads the x509 certificate into memory.
Definition: ssl.c:15785
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX *, const char *, const char *, unsigned int flags)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”.
Definition: ssl.h:318
Definition: ssl.h:324
WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX *, long)
This function enables or disables SSL session caching. Behavior depends on the value used for mode...
Definition: ssl.c:8310
WOLFSSL_API const char * wolfSSL_get_cipher(WOLFSSL *)
This function matches the cipher suite in the SSL object with the available suites.
Definition: ssl.c:16310
WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION *session)
This function gets the session at specified index of the session cache and copies it into memory...
Definition: ssl.c:10551
WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL *, const char *, int)
This function loads a private key file into the SSL session (WOLFSSL structure). The key file is prov...
Definition: ssl.c:7619
WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX *ctx)
This function disables CRL verification in the CTX structure.
Definition: ssl.c:6384
Definition: asn.h:1175
WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX *ctx, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL sessions using Server...
Definition: ssl.c:1924
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL *)
This function returns the file descriptor (fd) used as the input/output facility for the SSL connecti...
Definition: ssl.c:736
WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL *ssl, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length in the SSL ob...
Definition: ssl.c:1999
WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX *, WOLFSSL_X509 *)
This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure...
Definition: ssl.c:21084
WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX *, CallbackMacEncrypt)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should retu...
Definition: ssl.c:2934
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered v...
Definition: ssl.c:11237
WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER *)
Disables OCSP certificate revocation.
Definition: ssl.c:5597
WOLFSSL_API const char * wolfSSL_lib_version(void)
This function returns the current library version.
Definition: ssl.c:16247
WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE *, int err)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX *ctx, int options)
Enables CRL certificate verification through the CTX.
Definition: ssl.c:6374
Definition: wolfevent.h:52
Definition: rsa.h:46
Definition: memory.h:142
WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER *, unsigned char *, int sz)
Check CRL if the option is enabled and compares the cert to the CRL list.
Definition: ssl.c:6242
WOLFSSL_API WOLFSSL * wolfSSL_new(WOLFSSL_CTX *)
This function creates a new SSL session, taking an already created SSL context as input...
Definition: ssl.c:369
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX *ctx, SessionTicketEncCb)
This function sets the session ticket key encrypt callback function for a server to support session t...
Definition: ssl.c:2478
WOLFSSL_API int wolfSSL_get_error(WOLFSSL *, int)
This function returns a unique error code describing why the previous API function call (wolfSSL_conn...
Definition: ssl.c:2748
WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL *ssl, unsigned char *buf, unsigned int sz)
The wolfSSL_dtls_import() function is used to parse in a serialized session state. This allows for picking up the connection after the handshake has been completed.
Definition: ssl.c:111
Definition: asn.h:1120
Definition: ssl.h:404
WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL *, int)
Returns the record layer size of the plaintext input. This is helpful when an application wants to kn...
Definition: ssl.c:1390
WOLFSSL_API WOLFSSL_SESSION * wolfSSL_get1_session(WOLFSSL *ssl)
This function returns the WOLFSSL_SESSION from the WOLFSSL structure.
Definition: ssl.c:17905
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL *, const unsigned char *, int, int)
This function associates the client session with the server id. If the newSession flag is on...
Definition: ssl.c:7957
WOLFSSL_API const unsigned char * wolfSSL_X509_notBefore(WOLFSSL_X509 *)
The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x...
Definition: ssl.c:15370
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteKey(WOLFSSL *)
Allows retrieval of the client write key from the handshake process.
Definition: ssl.c:2980
WOLFSSL_API WOLFSSL_SESSION * wolfSSL_get_session(WOLFSSL *)
This function returns a pointer to the current session (WOLFSSL_SESSION) used in ssl. The WOLFSSL_SESSION pointed to contains all the necessary information required to perform a session resumption and reestablish the connection without a new handshake. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default.
Definition: ssl.c:7932
Definition: internal.h:1950
WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX *)
This function is used to unload all previously loaded trusted peer certificates. Feature is enabled b...
Definition: ssl.c:11502
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_server_method(void)
The wolfTLSv1_server_method() function is used to indicate that the application is a server and will ...
Definition: tls.c:10808
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX *, const char *, int)
This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by th...
Definition: ssl.c:6449
Definition: ssl.h:232
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_client_method(void)
The wolfSSLv23_client_method() function is used to indicate that the application is a client and will...
Definition: ssl.c:9073
WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX **ctx, wolfSSL_method_func method, unsigned char *buf, unsigned int sz, int flag, int max)
This function is used to set aside static memory for a CTX. Memory set aside is then used for the CTX...
Definition: ssl.c:1255
WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:11394
Definition: internal.h:1873
WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX *, CallbackCACache)
This function registers a callback with the SSL context (WOLFSSL_CTX) to be called when a new CA cert...
Definition: ssl.c:7854
WOLFSSL_API word32 wolfSSL_lib_version_hex(void)
This function returns the current library version in hexadecimal notation.
Definition: ssl.c:16254
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME *, int, char *, int)
This function gets the text related to the passed in NID value.
Definition: ssl.c:16453
WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509 *, unsigned char *, int *)
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 ...
Definition: ssl.c:15332
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL *ssl, WOLFSSL_X509 *x509)
his is used to set the certificate for WOLFSSL structure to use during a handshake.
Definition: ssl.c:7569
WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
The function sets the status type and options for OCSP.
Definition: ssl.c:2088
WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL *, CallbackSessionTicket, void *)
This function sets the session ticket callback. The type CallbackSessionTicket is a function pointer ...
Definition: ssl.c:2583
WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *, int idx, unsigned char *buf, int inLen, int *outLen)
Retrieves the peer’s PEM certificate at index (idx).
bn.h for openssl
Definition: ssl.h:403
WOLFSSL_API const unsigned char * wolfSSL_get_sessionID(const WOLFSSL_SESSION *s)
Retrieves the session’s ID. The session ID is always 32 bytes long.
WOLFSSL_API void * wolfSSL_get_jobject(WOLFSSL *ssl)
This function returns the jObjectRef member of the WOLFSSL structure.
WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX *)
This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilat...
Definition: ssl.c:11172
WOLFSSL_API WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn)
This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.
Definition: ssl.c:24371
WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX *ctx, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension f...
Definition: ssl.c:2153
WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX *, const char *)
This function writes the cert cache from memory to file.
Definition: ssl.c:7866
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get_peer_cert_chain(const WOLFSSL *)
This function gets the peer’s certificate chain.
AlertDescription
Definition: ssl.h:379
WOLFSSL_API const unsigned char * wolfSSL_X509_notAfter(WOLFSSL_X509 *)
This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x...
Definition: ssl.c:15381
WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL *ssl, unsigned char *der, int derSz)
This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected.
Definition: ssl.c:7590
WOLFSSL_API int wolfSSL_save_session_cache(const char *)
This function persists the session cache to file. It doesn’t use memsave because of additional memor...
Definition: ssl.c:8130
WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX *, const char *, int)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
Definition: ssl.c:6077
WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
Stapling eliminates the need to contact the CA. Stapling lowers the cost of certificate revocation ch...
Definition: ssl.c:2064
WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX *, short)
Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structur...
Definition: ssl.c:1439
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX *, const char *, const char *)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”.
Definition: ssl.c:6063
WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX *ctx, wc_dtls_export func)
The wolfSSL_CTX_dtls_set_export() function is used to set the callback function for exporting a sessi...
Definition: ssl.c:126
WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX *, word16)
This function sets the minimum size of the Diffie Hellman key size by accessing the minDhKeySz member...
Definition: ssl.c:1633
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL *, void *, unsigned int)
This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz.
Definition: ssl.c:758
Definition: ssl.h:298
WOLFSSL_API int wolfSSL_dtls(WOLFSSL *ssl)
This function is used to determine if the SSL session has been configured to use DTLS.
Definition: ssl.c:748
WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL *ssl)
This function executes a secure renegotiation handshake; this is user forced as wolfSSL discourages t...
Definition: ssl.c:2374
WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL *, unsigned char *, word32 *)
This function copies the ticket member of the Session structure to the buffer.
Definition: ssl.c:2530
WOLFSSL_API int wolfSSL_get_session_stats(unsigned int *active, unsigned int *total, unsigned int *peak, unsigned int *maxSessions)
This function gets the statistics for the session.
WOLFSSL_API int wolfSSL_set_session(WOLFSSL *, WOLFSSL_SESSION *)
This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS co...
Definition: ssl.c:7942
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION *ses)
This is used to get the master secret key length.
Definition: ssl.c:7756
WOLFSSL_API void * wolfSSL_GetDecryptVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previousl...
Definition: ssl.c:2971
WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509 *, unsigned char *, int *)
Gets the X509 signature and stores it in the buffer.
Definition: ssl.c:15314
WOLFSSL_API int wolfSSL_memsave_session_cache(void *, int)
This function persists session cache to memory.
Definition: ssl.c:8034
WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX *, CbMissingCRL)
This function will set the callback argument to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER s...
Definition: ssl.c:6405
WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL *)
Allows caller to determine the negotiated cipher block size from the handshake.
Definition: ssl.c:3058
WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL *ssl, char **list, unsigned short *listSz)
This function copies the alpn_client_list data from the SSL object to the buffer. ...
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *, long)
This function flushes session from the session cache which have expired. The time, tm, is used for the time comparison. Note that wolfSSL currently uses a static table for sessions, so no flushing is needed. As such, this function is currently just a stub. This function provides OpenSSL compatibility (SSL_flush_sessions) when wolfSSL is compiled with the OpenSSL compatibility layer.
Definition: ssl.c:9878
Definition: ssl.h:334
Definition: internal.h:3352
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_type(WOLFSSL_X509 *, unsigned char *, int *)
The function copies the hwType member of the WOLFSSL_X509 structure to the buffer.
Definition: ssl.c:15425
WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX *, int v)
This function sets the read ahead flag in the WOLFSSL_CTX structure.
Definition: ssl.c:21226
WOLFSSL_API const char * wolfSSL_get_cipher_name(WOLFSSL *ssl)
This function gets the cipher name in the format DHE-RSA by passing through argument to wolfSSL_get_c...
Definition: ssl.c:16317
WOLFSSL_API int wolfSSL_write(WOLFSSL *, const void *, int)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl. If necessary...
Definition: ssl.c:1684
WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX *, const char *)
This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure...
Definition: ssl.c:11137
Definition: ssl.h:290
WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void *arg)
This function sets associated callback context value in the ssl. The value is handed over to the call...
WOLFSSL_API int wolfSSL_restore_session_cache(const char *)
This function restores the persistent session cache from file. It does not use memstore because of ad...
Definition: ssl.c:8197
WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL *)
Returns the value of dhKeySz that is a member of the options structure. This value represents the Dif...
Definition: ssl.c:1673
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_server_method(void)
The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and wil...
Definition: tls.c:10848
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey)
This is used to set the private key for the WOLFSSL structure.
Definition: ssl.c:7532
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_client_method(void)
The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and wil...
Definition: tls.c:10530
Definition: internal.h:2494
WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX *ctx, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length for SSL objec...
Definition: ssl.c:2028
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_issuer_name(WOLFSSL_X509 *)
This function returns the name of the certificate issuer.
Definition: ssl.c:16413
WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL *)
Allows caller to determine the negotiated cipher type from the handshake.
Definition: ssl.c:3042
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX *, const unsigned char *, long)
This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buff...
Definition: ssl.c:11283
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected...
Definition: ssl.c:7544
WOLFSSL_API int wolfSSL_MakeTlsMasterSecret(unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *cr, const unsigned char *sr, int tls1_2, int hash_type)
This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) a...
Definition: tls.c:410
WOLFSSL_API int wolfSSL_peek(WOLFSSL *, void *, int)
This function copies sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
Definition: ssl.c:1812
WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL *, HandShakeCallBack, TimeoutCallBack, Timeval)
wolfSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful i...
Definition: ssl.c:11014
WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER *, const unsigned char *, long sz, int)
The function loads the CRL file by calling BufferLoadCRL.
Definition: ssl.c:5386
Definition: ec.h:95
WOLFSSL_API WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store(WOLFSSL_CTX *ctx)
This is a getter function for the WOLFSSL_X509_STORE structure in ctx.
Definition: ssl.c:12084
WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL *ssl, unsigned char type)
This function gets the status of an SNI object.
Definition: ssl.c:1931
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL *)
This function unloads any certificates or keys that SSL owns.
Definition: ssl.c:11454
Definition: evp.h:206
WOLFSSL_API int wolfSSL_accept(WOLFSSL *)
This function is called on the server side and waits for an SSL client to initiate the SSL/TLS handsh...
Definition: ssl.c:9485
WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN *, int idx)
Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx).
WOLFSSL_API WOLFSSL_X509 * wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u)
This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra informati...
Definition: callbacks.h:45
WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER *, CbMissingCRL)
This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL re...
Definition: ssl.c:6283
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_client_method(void)
The wolfTLSv1_client_method() function is used to indicate that the application is a client and will ...
Definition: tls.c:10513
Definition: ssl.h:212
WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX *, int options)
This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates. The override URL is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (–enable-ocsp, #define HAVE_OCSP).
Definition: ssl.c:5837
Definition: asn_public.h:178
WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL *ssl)
Force provided WOLFSSL structure to use session ticket. The constant HAVE_SESSION_TICKET should be de...
Definition: ssl.c:2514
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX *, WOLFSSL_DH *)
Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters.
WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback.
WOLFSSL_API int wolfSSL_GetSide(WOLFSSL *)
Allows retrieval of the side of this WOLFSSL connection.
Definition: ssl.c:3088
WOLFSSL_API char * wolfSSL_ERR_error_string(unsigned long, char *)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
Definition: ssl.c:2802
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL *ssl, int version)
This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using ...
Definition: ssl.c:3744
WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
This is used to get a buffer pointer for reading from. The internal read index is advanced by the num...
Definition: bio.c:901
Definition: ec.h:79
WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL *)
Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_A...
Definition: ssl.c:3067
WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL *)
Returns the maximum record layer size for plaintext data. This will correspond to either the maximum ...
Definition: ssl.c:1373
WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL *, CbOCSPIO, CbOCSPRespFree, void *)
This function sets the OCSP callback in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:5823
WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL *ssl)
This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user code needs to decide when to check for available recv data and how long it has been waiting. The value returned by this function indicates how long the application should wait.
Definition: ssl.c:8870
WOLFSSL_API int wolfSSL_DeriveTlsKeys(unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type)
An external facing wrapper to derive TLS Keys.
Definition: tls.c:322
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_peer_certificate(WOLFSSL *ssl)
This function gets the peer’s certificate.
Definition: ssl.c:15135
WOLFSSL_API void wolfSSL_free(WOLFSSL *)
This function frees an allocated wolfSSL object.
Definition: ssl.c:392
WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER *cm)
This function unloads the CA signer list.
Definition: ssl.c:3198
WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL *ssl, char **protocol_name, unsigned short *size)
This function gets the protocol name set by the server.
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:11402
WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
This is used to set the end of file value. Common value is -1 so as not to get confused with expected...
Definition: bio.c:1150
WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX *, void *arg)
This function sets the optional argument to be passed to the PRF callback.
Definition: ssl.c:21238
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL *, int, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
Definition: ssl.c:7816
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg)
This is used to set the debug argument passed around.
Definition: ssl.c:20630
WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER *)
Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manag...
Definition: ssl.c:5482
WOLFSSL_API int wolfSSL_Cleanup(void)
Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free ...
Definition: ssl.c:9816
WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL *, void *key, unsigned int len, const char *label)
This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret...
Definition: tls.c:554
WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL *ssl, unsigned char *buf, unsigned int *sz)
The wolfSSL_dtls_export() function is used to serialize a WOLFSSL session into the provided buffer...
Definition: ssl.c:170
WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX *, CbOCSPIO, CbOCSPRespFree, void *)
Sets the callback for the OCSP in the WOLFSSL_CTX structure.
Definition: ssl.c:5867
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL *, wc_psk_client_callback)
Sets the PSK client side callback.
Definition: ssl.c:11053
Definition: ssl.h:347
WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX *, const void *, int)
This function restores the certificate cache from memory.
Definition: ssl.c:7904
Definition: ssl.h:2718
WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX *)
This function disables OCSP certificate revocation checking by affecting the ocspEnabled member of th...
Definition: ssl.c:5847
Definition: client.py:1
WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER *, CbOCSPIO, CbOCSPRespFree, void *)
The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
Definition: ssl.c:5761
WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX *ctx, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
Definition: ssl.c:3691
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL *, void *)
This function stores user CTX object information for verify callback.
Definition: ssl.c:7845
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER *, const char *f, const char *d)
Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfi...
Definition: ssl.c:6145
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_client_method(void)
The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and wil...
Definition: tls.c:10548
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len)
This function returns the hash of the DER certificate.
Definition: ssl.c:7518
WOLFSSL_API char * wolfSSL_X509_get_subjectCN(WOLFSSL_X509 *)
Returns the common name of the subject from the certificate.
Definition: ssl.c:22196
WOLFSSL_API int wolfSSL_read(WOLFSSL *, void *, int)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
Definition: ssl.c:1820
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_server_method(void)
The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and wil...
Definition: tls.c:10827
WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL *, unsigned int)
This function sets the SSL session timeout value in seconds.
Definition: ssl.c:9887
WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx...
Definition: ssl.c:2941
WOLFSSL_API WC_PKCS12 * wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 **pkcs12)
wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the stru...
Definition: ssl.c:18368
WOLFSSL_API int wolfSSL_recv(WOLFSSL *, void *, int sz, int flags)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data usi...
Definition: ssl.c:2649
WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX *)
This function enables OCSP stapling by calling wolfSSL_CertManagerEnableOCSPStapling().
Definition: ssl.c:5880
WOLFSSL_API unsigned char * wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN *, int idx)
Retrieves the peer’s ASN1.DER certificate at index (idx).
WOLFSSL_API int wolfSSL_PrintSessionStats(void)
This function prints the statistics from the session.
Definition: ssl.c:10695
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX *ctx, void *)
This function sets the session ticket encrypt user context for the callback. For server side use...
Definition: ssl.c:2500
WOLFSSL_API WOLFSSL_X509_CHAIN * wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION *session)
Returns the peer certificate chain from the WOLFSSL_SESSION struct.
Definition: ssl.c:10582
Definition: callbacks.h:59
WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
This is used to get a buffer pointer for reading from. Unlike wolfSSL_BIO_nread the internal read ind...
Definition: bio.c:873
WOLFSSL_API WOLFSSL_DH * wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r)
This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure.
Definition: ssl.c:24403
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL *, void *, unsigned int *)
This function gets the sockaddr_in (of size peerSz) of the current DTLS peer. The function will compa...
Definition: ssl.c:786
Definition: ssl.h:302
WOLFSSL_X509 * wolfSSL_d2i_X509_bio(WOLFSSL_BIO *bio, WOLFSSL_X509 **x509)
This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure.
Definition: ssl.c:18333
Definition: dh.h:60
WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX *, int, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
Definition: ssl.c:7788
Definition: internal.h:3392
WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL *)
Disables the OCSP certificate revocation option.
Definition: ssl.c:5785
WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
Gets a pointer to the buffer for writing as many bytes as returned by the function. Writing more bytes to the pointer returned then the value returned can result in writing out of bounds.
Definition: bio.c:953
WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL *, unsigned char *, word32, int, int)
Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to in...
Definition: tls.c:711
WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX *, short)
Sets the minimum size in bytes for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER...
Definition: ssl.c:1410
WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL *, const char *file)
This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate.
Definition: ssl.c:7630
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca)
PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple D...
Definition: ssl.c:18527
WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER *, int options)
Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manage...
Definition: ssl.c:5442
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL *)
This function checks to see if the connection is established.
Definition: ssl.c:11985
WOLFSSL_API WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew(void)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
Definition: ssl.c:3157
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN *, int idx)
This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates...
WOLFSSL_API int wolfSSL_set_fd(WOLFSSL *, int)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection...
Definition: ssl.c:587
Definition: internal.h:2945
WOLFSSL_API int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE *, WOLFSSL_X509 *)
This function adds a certificate to the WOLFSSL_X509_STRE structure.
Definition: ssl.c:18895
Definition: ssl.h:352
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen)
This is used to get the random data sent by the server during the handshake.
Definition: ssl.c:12586
WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Sets the parameters for the server CTX Diffie-Hellman.
Definition: ssl.c:1568
WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX *, wc_psk_server_callback)
This function sets the psk callback for the server side in the WOLFSSL_CTX structure.
Definition: ssl.c:11079
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_client_method(void)
The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will...
Definition: tls.c:10622
WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
Definition: ssl.c:11216
Definition: ssl.h:204
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE *store, unsigned long flag)
This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in...
Definition: ssl.c:18977
WOLFSSL_API int wolfSSL_want_read(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_READ in return...
Definition: ssl.c:2781
WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL *, SessionSecretCb, void *)
This function sets the session secret callback function. The SessionSecretCb type has the signature: ...
Definition: ssl.c:8289
WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX *, const char *)
This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the defa...
Definition: ssl.c:8783
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL *)
This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the...
Definition: ssl.c:16144
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_method(void)
This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not dete...
Definition: ssl.c:9022
WOLFSSL_API const char * wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER *cipher)
This function matches the cipher suite in the SSL object with the available suites and returns the st...
Definition: ssl.c:16278
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_server_method(void)
The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will...
Definition: tls.c:10925
WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL *)
Allows caller to determine the negotiated bulk cipher algorithm from the handshake.
Definition: ssl.c:3033
Definition: ssl.h:198
WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL *ssl)
This function forces secure renegotiation for the supplied WOLFSSL structure. This is not recommended...
Definition: ssl.c:2355
WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL *)
Returns the iv_size member of the specs structure held in the WOLFSSL struct.
Definition: ssl.c:3024
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX *, const char *)
This function loads an NTRU private key file into the WOLFSSL Context. It behaves like the normal ver...
Definition: ssl.c:7767
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op)
This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
Definition: ssl.c:20489
WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
Resets bio to an initial state. As an example for type BIO_BIO this resets the read and write index...
Definition: bio.c:1024
WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL *, const char *f, int format)
This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters.
Definition: ssl.c:6603
WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX *, wc_psk_client_callback)
The function sets the client_psk_cb member of the WOLFSSL_CTX structure.
Definition: ssl.c:11040
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX *, const char *, int)
This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatte...
Definition: ssl.c:6432
WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL *)
This function is called on the client side and initiates an SSL/TLS handshake with a server...
Definition: tls13.c:7445
WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL *, const char *)
This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the lis...
Definition: ssl.c:8805
Definition: ssl.h:2248
WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX *, unsigned int)
This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context...
Definition: ssl.c:9901
WOLFSSL_API int wolfSSL_set_compression(WOLFSSL *ssl)
Turns on the ability to use compression for the SSL connection. Both sides must have compression turn...
Definition: ssl.c:10796
WOLFSSL_API int wolfSSL_state(WOLFSSL *ssl)
This is used to get the internal error state of the WOLFSSL structure.
Definition: ssl.c:2738
WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL *ssl, unsigned char flag)
If the flag is 1 keys will be sent in hello. If flag is 0 then the keys will not be sent during hello...
Definition: ssl.c:2233
WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b)
This is used to set the read request flag back to 0.
Definition: bio.c:858
Definition: memory.h:133
WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER *, int options)
Turns on OCSP if it’s turned off and if compiled with the set option available.
Definition: ssl.c:5551
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteKey(WOLFSSL *)
Allows retrieval of the server write key from the handshake process.
Definition: ssl.c:2998
WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL *ssl, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL session using Server ...
Definition: ssl.c:1917
WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL *, word16)
Sets the minimum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. ...
Definition: ssl.c:1643
WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL *, short)
Sets the value of the minEccKeySz member of the options structure. The options struct is a member of ...
Definition: ssl.c:1425
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteIV(WOLFSSL *)
Allows retrieval of the server write IV (initialization vector) from the handshake process...
Definition: ssl.c:3007
WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE *fp)
This is used to get the internal file pointer for a BIO.
Definition: bio.c:1087
WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX *)
This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count...
Definition: ssl.c:313
WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx...
Definition: ssl.c:2964
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL *ssl, int options)
Enables CRL certificate revocation.
Definition: ssl.c:6324
int wolfSSL_connect(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server...
Definition: ssl.c:9126
WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL *, int)
This function informs the WOLFSSL DTLS object that the underlying UDP I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.
Definition: ssl.c:8847
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function befo...
Definition: ssl.c:2835
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509 *)
Checks the isCa member of the WOLFSSL_X509 structure and returns the value.
Definition: ssl.c:15300
WOLFSSL_API int wolfSSL_Init(void)
Initializes the wolfSSL library for use. Must be called once per application and before any other cal...
Definition: ssl.c:4421
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL *, const unsigned char *, long)
This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffe...
Definition: ssl.c:11444
WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX *, const char *, int, int)
This function loads CRL into the WOLFSSL_CTX structure through wolfSSL_CertManagerLoadCRL().
Definition: ssl.c:6394
Definition: internal.h:1791
WOLFSSL_API int wolfSSL_isQSH(WOLFSSL *ssl)
Checks if QSH is used in the supplied SSL session.
Definition: ssl.c:2196
WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX *, const char *)
This function persistes certificate cache from a file.
Definition: ssl.c:7878
WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL *, int options)
This function enables OCSP certificate verification.
Definition: ssl.c:5776
WOLFSSL_API WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew_ex(void *heap)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
Definition: ssl.c:3118
Definition: ecc.h:341
WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER *, const char *, int, int)
Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation ch...
Definition: ssl.c:6306
WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX *ctx, WOLFSSL_MEM_STATS *mem_stats)
This function does not change any of the connections behavior and is used only for gathering informat...
Definition: ssl.c:1351
Definition: ssl.h:2600
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() ha...
Definition: ssl.c:2843
WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX *, word16)
This function sets the maximum size of the Diffie Hellman key size by accessing the maxDhKeySz member...
Definition: ssl.c:1653
WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl)
This is used to get the results after trying to verify the peer&#39;s certificate.
Definition: ssl.c:20938
Definition: internal.h:1907
WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION *ses, unsigned char *out, int outSz)
This is used to get the master key after completing a handshake.
Definition: ssl.c:7731
WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX *)
This function unloads the CA signer list and frees the whole signer table.
Definition: ssl.c:11490
WOLFSSL_API unsigned char * wolfSSL_X509_get_device_type(WOLFSSL_X509 *, unsigned char *, int *)
This function copies the device type from the x509 structure to the buffer.
Definition: ssl.c:15397
Definition: internal.h:3366
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL *ssl)
Disables CRL certificate revocation.
Definition: ssl.c:6334
WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format)
Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SS...
Definition: ssl.c:5493
WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER *, const unsigned char *in, long sz, int format)
Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a tempo...
Definition: ssl.c:5352
WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER *, const char *)
The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure...
Definition: ssl.c:5737
WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX *, CallbackDecryptVerify)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should r...
Definition: ssl.c:2957
WOLFSSL_API const unsigned char * wolfSSL_X509_get_der(WOLFSSL_X509 *, int *)
This function gets the DER encoded certificate in the WOLFSSL_X509 struct.
Definition: ssl.c:15347
Definition: random.h:153
WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER *cm)
The function will free the Trusted Peer linked list and unlocks the trusted peer list.
Definition: ssl.c:3218
WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL *ssl, unsigned short name)
This function sets the ssl session to use supported QSH provided by name.
WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL *)
Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOL...
Definition: ssl.c:3097
Definition: ssl.h:294
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_client_method_ex(void *heap)
This function initializes the DTLS v1.2 client method.
Definition: tls.c:10644
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b)
Gets the number of pending bytes to read. If BIO type is BIO_BIO then is the number to read from pair...
Definition: bio.c:717
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER *, unsigned char *, int sz)
The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check o...
Definition: ssl.c:5679
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str)
This is a setter function for the WOLFSSL_X509_STORE structure in ctx.
Definition: ssl.c:12094
WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX *)
This function turns on grouping of handshake messages where possible.
Definition: ssl.c:3602
WOLFSSL_API int wolfSSL_get_ciphers(char *, int)
This function gets the ciphers enabled in wolfSSL.
Definition: ssl.c:694
WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL *ssl)
This function gets the session index of the WOLFSSL structure.
Definition: ssl.c:10543
WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL *ssl)
This function is called on the client side to enable the use of Truncated HMAC in the SSL object pass...
Definition: ssl.c:2042
WOLFSSL_API int wolfSSL_send(WOLFSSL *, const void *, int sz, int flags)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl, using the specified ...
Definition: ssl.c:2627
WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL *ssl, void *objPtr)
This function sets the jObjectRef member of the WOLFSSL structure.
Definition: callbacks.h:75
WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX *ctx)
This function is called on the client side to enable the use of Truncated HMAC for SSL objects create...
Definition: ssl.c:2051
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL *ssl)
Returns the current cipher suit an ssl session is using.
Definition: ssl.c:16260
Definition: internal.h:1571
WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL *, HandShakeDoneCb, void *)
This function sets the handshake done callback. The hsDoneCb and hsDoneCtx members of the WOLFSSL str...
Definition: ssl.c:9800
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL *ssl)
This function checks that the private key is a match with the certificate being used.
Definition: ssl.c:7073
WOLFSSL_API int wolfSSL_pending(WOLFSSL *)
This function returns the number of bytes which are buffered and available in the SSL object to be re...
Definition: ssl.c:3593
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char *buf, unsigned long sz)
This function is a version of wolfSSL_ERR_error_string() where len specifies the maximum number of ch...
Definition: ssl.c:2816
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL *, WOLFSSL_ALERT_HISTORY *)
This function gets the alert history.
Definition: ssl.c:2771
WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX *ctx)
This function gets the certificate chaining depth using the CTX structure.
Definition: ssl.c:6505
WOLFSSL_API WOLFSSL_BIO_METHOD * wolfSSL_BIO_s_socket(void)
This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
Definition: ssl.c:12204
WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL *ssl, int)
This function sets the dtls timeout.
Definition: ssl.c:8882
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz)
This is used to get the random data sent by the client during the handshake.
Definition: ssl.c:12626
Definition: ssl.h:284
WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL *)
Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOL...
Definition: tls.c:666
WOLFSSL_API char * wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME *, char *, int)
This function copies the name of the x509 into a buffer.
Definition: ssl.c:15186
WOLFSSL_API const char * wolfSSL_get_psk_identity_hint(const WOLFSSL *)
This function returns the psk identity hint.
Definition: ssl.c:11115
WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
This function adjusts the file pointer to the offset given. This is the offset from the head of the f...
Definition: bio.c:1131
WOLFSSL_API int wolfSSL_get_session_cache_memsize(void)
This function returns how large the session cache save buffer should be.
Definition: ssl.c:8021
Definition: internal.h:1596
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffere...
Definition: ssl.c:11191
WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL *, wc_psk_server_callback)
Sets the psk callback for the server side by setting the WOLFSSL structure options members...
Definition: ssl.c:11090
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL *, const unsigned char *, word32)
This function sets the ticket member of the WOLFSSL_SESSION structure within the WOLFSSL struct...
Definition: ssl.c:2546
WOLFSSL_API pem_password_cb * wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx)
This is a getter function for the password callback set in ctx.
Definition: ssl.c:12436
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509 *)
This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure.
Definition: ssl.c:16422
WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be ...
Definition: ssl.c:1466
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER *)
Frees all resources associated with the Certificate Manager context. Call this when you no longer nee...
Definition: ssl.c:3163
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_d2i_fp(WOLFSSL_X509 **x509, FILE *file)
If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 ...
WOLFSSL_API WOLFSSL_STACK * wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX *ctx)
This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
Definition: ssl.c:18818
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_subject_name(WOLFSSL_X509 *)
This function returns the subject member of the WOLFSSL_X509 structure.
Definition: ssl.c:16403
WOLFSSL_API WOLFSSL_CTX * wolfSSL_CTX_new(WOLFSSL_METHOD *)
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input...
Definition: ssl.c:302
WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
Creates and initializes the certificate status request for OCSP Stapling.
Definition: ssl.c:2098
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a private key buffer into the SSL Context. It behaves like the non-buffered versi...
Definition: ssl.c:11245
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL *, const char *, int)
This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL stru...
Definition: ssl.c:7713
WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL *)
This function turns on grouping of handshake messages where possible.
Definition: ssl.c:3634
WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL *, int)
Since there is some differences between the first release and newer versions of chacha-poly AEAD cons...
Definition: ssl.c:570
Definition: ec.h:89
Definition: ed25519.h:72
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m)
This is a getter function for WOLFSSL_BIO memory pointer.
Definition: bio.c:750
WOLFSSL_API int wolfSSL_writev(WOLFSSL *ssl, const struct iovec *iov, int iovcnt)
Simulates writev semantics but doesn’t actually do block at a time because of SSL_write() behavior a...
Definition: ssl.c:10814
WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL *ssl, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension i...
Definition: ssl.c:2114
WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
This is used to set the internal file pointer for a BIO.
Definition: bio.c:1067
WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server only long...
Definition: ssl.c:3616
Definition: ssl.h:405
WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL *ssl)
When using non-blocking sockets with DTLS, this function should be called on the WOLFSSL object when ...
Definition: ssl.c:8916
WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL *ssl, const char *dn)
wolfSSL by default checks the peer certificate for a valid date range and a verified signature...
Definition: ssl.c:10764
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void)
This function returns the absolute value of the last error from WOLFSSL_ERROR encountered.
Definition: ssl.h:339
WOLFSSL_API int wolfSSL_memrestore_session_cache(const void *, int)
This function restores the persistent session cache from memory.
Definition: ssl.c:8079
WOLFSSL_API char * wolfSSL_X509_get_next_altname(WOLFSSL_X509 *)
This function returns the next, if any, altname from the peer certificate.
Definition: ssl.c:15280
WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
This function requests the certificate status during the handshake.
Definition: ssl.c:2074
WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO *b, int fd, int flag)
Sets the file descriptor for bio to use.
Definition: ssl.c:12253
Definition: internal.h:2952
WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL *ssl, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
Definition: ssl.c:3705
WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX *)
Returns the size the certificate cache save buffer needs to be.
Definition: ssl.c:7916
WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN *chain)
Retrieve&#39;s the peers certificate chain count.
Definition: ssl.h:329
WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509 *)
This function retrieves the version of the X509 certificate.
Definition: ssl.c:15359
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_server_method(void)
This function creates and initializes a WOLFSSL_METHOD for the server side.
Definition: tls.c:10945
WOLFSSL_API void * wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx)
This is a getter function for the password callback user data set in ctx.
Definition: ssl.c:12446
WOLFSSL_API const char * wolfSSL_get_version(WOLFSSL *)
Returns the SSL version being used as a string.
Definition: ssl.c:16189
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
This function is called when the client application request that a server send back an OCSP status re...
Definition: ssl.c:20661
WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO *bio, void *p)
This is used to set a byte pointer to the start of the internal memory buffer.
Definition: ssl.c:12291
Definition: ssl.h:666
WOLFSSL_API int wolfSSL_library_init(void)
This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_In...
Definition: ssl.c:8277
WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL *ssl)
This function returns the maximum chain depth allowed, which is 9 by default, for a valid session i...
Definition: ssl.c:6491
WOLFSSL_API void * wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509 *x509, int nid, int *c, int *idx)
This function looks for and returns the extension matching the passed in NID value.
Definition: ssl.c:7122
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expe...
Definition: ssl.c:7558
WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL *, const char *, int)
This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file...
Definition: ssl.c:7608
WOLFSSL_API int wolfSSL_GetObjectSize(void)
This function returns the size of the WOLFSSL object and will be dependent on build options and setti...
Definition: ssl.c:1184
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509 *, unsigned char *, int *)
This function returns the hwSerialNum member of the x509 object.
Definition: ssl.c:15453
WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size)
This is used to set the size of write buffer for a WOLFSSL_BIO. If write buffer has been previously s...
Definition: bio.c:779
WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
This is used to pair two bios together. A pair of bios acts similar to a two way pipe writing to one ...
Definition: bio.c:824
WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL *, short)
Sets the minimum allowable key size in bytes for RSA located in the WOLFSSL structure.
Definition: ssl.c:1452
WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX *, const char *)
This function manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the i...
Definition: ssl.c:5857
WOLFSSL_API char * wolfSSL_get_cipher_list(int priority)
Get the name of cipher at priority level passed in.
Definition: ssl.c:655
WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL *, HandShakeCallBack, TimeoutCallBack, Timeval)
wolfSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in...
Definition: ssl.c:11026
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteIV(WOLFSSL *)
Allows retrieval of the client write IV (initialization vector) from the handshake process...
Definition: ssl.c:2989
Definition: curve25519.h:64
WOLFSSL_API char * wolfSSL_get_cipher_list_ex(WOLFSSL *ssl, int priority)
Definition: ssl.c:670
WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL *ssl, wc_dtls_export func)
The wolfSSL_dtls_set_export() function is used to set the callback function for exporting a session...
Definition: ssl.c:144
WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX *, const char *, int)
This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX)...
Definition: ssl.c:7704
WOLFSSL_API int wolfSSL_want_write(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_WRITE in return...
Definition: ssl.c:2792
WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX *ctx)
This function sets wolfSSL context to use a session ticket.
Definition: ssl.c:2522
Definition: dsa.h:41
WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL *)
Allows caller to determine if the negotiated protocol version is at least TLS version 1...
Definition: ssl.c:3076
Definition: ssl.h:224
WOLFSSL_API WOLFSSL_X509_CHAIN * wolfSSL_get_peer_chain(WOLFSSL *ssl)
Retrieves the peer’s certificate chain.
WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options)
Setup ALPN use for a wolfSSL session.
Definition: internal.h:3622
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s)
This function returns the current options mask.
Definition: ssl.c:20549
WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX *ctx, int)
This function sets the session ticket hint relayed to the client. For server side use...
Definition: ssl.c:2489
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX *, long)
This function resets option bits of WOLFSSL_CTX object.
Definition: ssl.c:12050
Definition: internal.h:1565
WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL *, const char *)
This function sets the ocspOverrideURL member in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:5813
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL *)
This function returns the resuming member of the options struct. The flag indicates whether or not to...
Definition: ssl.c:16160
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX *, const char *f, int format)
The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters...
Definition: ssl.c:6613
WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL *ssl, WOLFSSL_MEM_CONN_STATS *mem_stats)
wolfSSL_is_static_memory is used to gather information about a SSL’s static memory usage...
Definition: ssl.c:1331
WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL *, const char *)
This function stores the hint argument in the server_hint member of the Arrays structure within the W...
Definition: ssl.c:11150
Definition: hmac.h:53
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file)
This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing t...
Definition: ssl.c:6518
WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL *, word16)
Sets the maximum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. ...
Definition: ssl.c:1663
WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX *, void *, int, int *)
This function persists the certificate cache to memory.
Definition: ssl.c:7891
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX *, const char *, int)
This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by th...
Definition: ssl.c:6460
Definition: ssl.h:186