Renesas
/
SecureDweet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl.h
00001 /* ssl.h 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 /* wolfSSL API */ 00025 00026 #ifndef WOLFSSL_SSL_H 00027 #define WOLFSSL_SSL_H 00028 00029 00030 /* for users not using preprocessor flags*/ 00031 #include <wolfssl/wolfcrypt/settings.h> 00032 #include <wolfssl/version.h> 00033 00034 #ifndef NO_FILESYSTEM 00035 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00036 #if MQX_USE_IO_OLD 00037 #include <fio.h> 00038 #else 00039 #include <nio.h> 00040 #endif 00041 #else 00042 #include <stdio.h> /* ERR_printf */ 00043 #endif 00044 #endif 00045 00046 #ifdef WOLFSSL_PREFIX 00047 #include "prefix_ssl.h" 00048 #endif 00049 00050 #ifdef LIBWOLFSSL_VERSION_STRING 00051 #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING 00052 #endif 00053 00054 #ifdef _WIN32 00055 /* wincrypt.h clashes */ 00056 #undef OCSP_REQUEST 00057 #undef OCSP_RESPONSE 00058 #endif 00059 00060 00061 00062 #ifdef __cplusplus 00063 extern "C" { 00064 #endif 00065 00066 typedef struct WOLFSSL WOLFSSL; 00067 typedef struct WOLFSSL_SESSION WOLFSSL_SESSION; 00068 typedef struct WOLFSSL_METHOD WOLFSSL_METHOD; 00069 typedef struct WOLFSSL_CTX WOLFSSL_CTX; 00070 00071 typedef struct WOLFSSL_X509 WOLFSSL_X509; 00072 typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; 00073 typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; 00074 00075 typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; 00076 typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; 00077 00078 /* redeclare guard */ 00079 #define WOLFSSL_TYPES_DEFINED 00080 00081 00082 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ 00083 typedef struct WOLFSSL_RSA WOLFSSL_RSA; 00084 #define WOLFSSL_RSA_TYPE_DEFINED 00085 #endif 00086 00087 typedef struct WOLFSSL_DSA WOLFSSL_DSA; 00088 typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; 00089 typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; 00090 typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; 00091 typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; 00092 typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; 00093 typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; 00094 typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; 00095 typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; 00096 typedef struct WOLFSSL_BIO WOLFSSL_BIO; 00097 typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; 00098 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; 00099 typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; 00100 typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; 00101 typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; 00102 00103 typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; 00104 typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; 00105 typedef struct WOLFSSL_DH WOLFSSL_DH; 00106 typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; 00107 00108 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME 00109 00110 typedef struct WOLFSSL_EVP_PKEY { 00111 int type; /* openssh dereference */ 00112 int save_type; /* openssh dereference */ 00113 int pkey_sz; 00114 union { 00115 char* ptr; 00116 } pkey; 00117 #ifdef HAVE_ECC 00118 int pkey_curve; 00119 #endif 00120 } WOLFSSL_EVP_PKEY; 00121 00122 typedef struct WOLFSSL_MD4_CTX { 00123 int buffer[32]; /* big enough to hold, check size in Init */ 00124 } WOLFSSL_MD4_CTX; 00125 00126 00127 typedef struct WOLFSSL_COMP_METHOD { 00128 int type; /* stunnel dereference */ 00129 } WOLFSSL_COMP_METHOD; 00130 00131 00132 typedef struct WOLFSSL_X509_STORE { 00133 int cache; /* stunnel dereference */ 00134 WOLFSSL_CERT_MANAGER* cm; 00135 } WOLFSSL_X509_STORE; 00136 00137 typedef struct WOLFSSL_ALERT { 00138 int code; 00139 int level; 00140 } WOLFSSL_ALERT; 00141 00142 typedef struct WOLFSSL_ALERT_HISTORY { 00143 WOLFSSL_ALERT last_rx; 00144 WOLFSSL_ALERT last_tx; 00145 } WOLFSSL_ALERT_HISTORY; 00146 00147 typedef struct WOLFSSL_X509_REVOKED { 00148 WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ 00149 } WOLFSSL_X509_REVOKED; 00150 00151 00152 typedef struct WOLFSSL_X509_OBJECT { 00153 union { 00154 char* ptr; 00155 WOLFSSL_X509 *x509; 00156 WOLFSSL_X509_CRL* crl; /* stunnel dereference */ 00157 } data; 00158 } WOLFSSL_X509_OBJECT; 00159 00160 typedef struct WOLFSSL_X509_STORE_CTX { 00161 WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ 00162 WOLFSSL_X509* current_cert; /* stunnel dereference */ 00163 char* domain; /* subject CN domain name */ 00164 void* ex_data; /* external data, for fortress build */ 00165 void* userCtx; /* user ctx */ 00166 int error; /* current error */ 00167 int error_depth; /* cert depth for this error */ 00168 int discardSessionCerts; /* so verify callback can flag for discard */ 00169 } WOLFSSL_X509_STORE_CTX; 00170 00171 00172 /* Valid Alert types from page 16/17 */ 00173 enum AlertDescription { 00174 close_notify = 0, 00175 unexpected_message = 10, 00176 bad_record_mac = 20, 00177 record_overflow = 22, 00178 decompression_failure = 30, 00179 handshake_failure = 40, 00180 no_certificate = 41, 00181 bad_certificate = 42, 00182 unsupported_certificate = 43, 00183 certificate_revoked = 44, 00184 certificate_expired = 45, 00185 certificate_unknown = 46, 00186 illegal_parameter = 47, 00187 decrypt_error = 51, 00188 #ifdef WOLFSSL_MYSQL_COMPATIBLE 00189 /* catch name conflict for enum protocol with MYSQL build */ 00190 wc_protocol_version = 70, 00191 #else 00192 protocol_version = 70, 00193 #endif 00194 no_renegotiation = 100, 00195 unrecognized_name = 112, /**< RFC 6066, section 3 */ 00196 bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ 00197 no_application_protocol = 120 00198 }; 00199 00200 00201 enum AlertLevel { 00202 alert_warning = 1, 00203 alert_fatal = 2 00204 }; 00205 00206 00207 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); 00208 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); 00209 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); 00210 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); 00211 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); 00212 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); 00213 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); 00214 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); 00215 00216 #ifdef WOLFSSL_DTLS 00217 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); 00218 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); 00219 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); 00220 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); 00221 #endif 00222 00223 #ifdef HAVE_POLY1305 00224 WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); 00225 #endif 00226 00227 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) 00228 00229 WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); 00230 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); 00231 WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, 00232 const char*); 00233 #ifdef WOLFSSL_TRUST_PEER_CERT 00234 WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); 00235 #endif 00236 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, 00237 const char *file); 00238 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); 00239 00240 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); 00241 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); 00242 WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); 00243 WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); 00244 WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); 00245 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); 00246 00247 #ifdef WOLFSSL_DER_LOAD 00248 WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*, 00249 const char*, int); 00250 #endif 00251 00252 #ifdef HAVE_NTRU 00253 WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*); 00254 /* load NTRU private key blob */ 00255 #endif 00256 00257 #ifndef WOLFSSL_PEMCERT_TODER_DEFINED 00258 WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int); 00259 #define WOLFSSL_PEMCERT_TODER_DEFINED 00260 #endif 00261 00262 #endif /* !NO_FILESYSTEM && !NO_CERTS */ 00263 00264 WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); 00265 WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); 00266 WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); 00267 WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); 00268 WOLFSSL_API int wolfSSL_get_ciphers(char*, int); 00269 WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); 00270 WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); 00271 WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); 00272 WOLFSSL_API int wolfSSL_connect(WOLFSSL*); /* please see note at top of README 00273 if you get an error from connect */ 00274 WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); 00275 WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); 00276 WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); 00277 WOLFSSL_API int wolfSSL_accept(WOLFSSL*); 00278 WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); 00279 WOLFSSL_API void wolfSSL_free(WOLFSSL*); 00280 WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); 00281 WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); 00282 WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); 00283 00284 WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); 00285 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); 00286 00287 WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); 00288 WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); 00289 00290 WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); 00291 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); 00292 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); 00293 WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm); 00294 WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*, 00295 int, int); 00296 00297 #ifdef SESSION_INDEX 00298 WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); 00299 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); 00300 #endif /* SESSION_INDEX */ 00301 00302 #if defined(SESSION_INDEX) && defined(SESSION_CERTS) 00303 WOLFSSL_API 00304 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); 00305 #endif /* SESSION_INDEX && SESSION_CERTS */ 00306 00307 typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); 00308 typedef int (*pem_password_cb)(char*, int, int, void*); 00309 00310 WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, 00311 VerifyCallback verify_callback); 00312 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); 00313 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); 00314 00315 WOLFSSL_API int wolfSSL_pending(WOLFSSL*); 00316 00317 WOLFSSL_API void wolfSSL_load_error_strings(void); 00318 WOLFSSL_API int wolfSSL_library_init(void); 00319 WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long); 00320 00321 #ifdef HAVE_SECRET_CALLBACK 00322 typedef int (*SessionSecretCb)(WOLFSSL* ssl, 00323 void* secret, int* secretSz, void* ctx); 00324 WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*); 00325 #endif /* HAVE_SECRET_CALLBACK */ 00326 00327 /* session cache persistence */ 00328 WOLFSSL_API int wolfSSL_save_session_cache(const char*); 00329 WOLFSSL_API int wolfSSL_restore_session_cache(const char*); 00330 WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int); 00331 WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int); 00332 WOLFSSL_API int wolfSSL_get_session_cache_memsize(void); 00333 00334 /* certificate cache persistence, uses ctx since certs are per ctx */ 00335 WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*); 00336 WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*); 00337 WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*); 00338 WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int); 00339 WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*); 00340 00341 /* only supports full name from cipher_name[] delimited by : */ 00342 WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); 00343 WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); 00344 00345 /* Nonblocking DTLS helper functions */ 00346 WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); 00347 WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); 00348 WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); 00349 WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); 00350 WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); 00351 00352 WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); 00353 WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); 00354 00355 WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); 00356 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); 00357 WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, 00358 unsigned long sz); 00359 WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); 00360 00361 /* extras */ 00362 00363 #define STACK_OF(x) x 00364 00365 WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); 00366 WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); 00367 WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int); 00368 WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int); 00369 WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int); 00370 WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, 00371 unsigned int); 00372 WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); 00373 WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); 00374 WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); 00375 WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); 00376 WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); 00377 00378 WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); 00379 WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); 00380 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); 00381 WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int); 00382 WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); 00383 WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); 00384 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); 00385 /* what's ref count */ 00386 00387 WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); 00388 WOLFSSL_API void wolfSSL_OPENSSL_free(void*); 00389 00390 WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, 00391 char** path, int* ssl); 00392 00393 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); 00394 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); 00395 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); 00396 00397 WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*); 00398 WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long); 00399 WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*); 00400 00401 00402 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*); 00403 WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*); 00404 WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*); 00405 WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int); 00406 WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int); 00407 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append); 00408 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*); 00409 WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*); 00410 WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*); 00411 00412 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); 00413 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size); 00414 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); 00415 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); 00416 WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); 00417 00418 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); 00419 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); 00420 WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); 00421 00422 WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,const unsigned char** p); 00423 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); 00424 00425 00426 WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); 00427 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); 00428 00429 WOLFSSL_API int wolfSSL_add_all_algorithms(void); 00430 00431 WOLFSSL_API void wolfSSL_RAND_screen(void); 00432 WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); 00433 WOLFSSL_API int wolfSSL_RAND_write_file(const char*); 00434 WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); 00435 WOLFSSL_API int wolfSSL_RAND_egd(const char*); 00436 WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); 00437 WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); 00438 00439 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); 00440 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); 00441 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*); 00442 00443 WOLFSSL_API int wolfSSL_get_ex_new_index(long, void*, void*, void*, void*); 00444 00445 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); 00446 WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, 00447 int)); 00448 WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f) 00449 (const char*, int)); 00450 WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int, 00451 WOLFSSL_dynlock_value*, const char*, int)); 00452 WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f) 00453 (WOLFSSL_dynlock_value*, const char*, int)); 00454 WOLFSSL_API int wolfSSL_num_locks(void); 00455 00456 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( 00457 WOLFSSL_X509_STORE_CTX*); 00458 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*); 00459 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*); 00460 00461 WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); 00462 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); 00463 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); 00464 WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); 00465 WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); 00466 WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); 00467 WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*); 00468 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*); 00469 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*); 00470 WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( 00471 WOLFSSL_X509*, unsigned char*, int*); 00472 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( 00473 WOLFSSL_X509*, unsigned char*, int*); 00474 WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); 00475 WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( 00476 WOLFSSL_X509_NAME*, int, char*, int); 00477 WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); 00478 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); 00479 WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); 00480 WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*); 00481 00482 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long); 00483 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*, 00484 long); 00485 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void); 00486 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void); 00487 00488 WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*, 00489 WOLFSSL_X509_LOOKUP_METHOD*); 00490 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void); 00491 WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*); 00492 WOLFSSL_API int wolfSSL_X509_STORE_add_cert( 00493 WOLFSSL_X509_STORE*, WOLFSSL_X509*); 00494 WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); 00495 WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*, 00496 int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*); 00497 WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); 00498 WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*, 00499 WOLFSSL_X509_STORE*, WOLFSSL_X509*, STACK_OF(WOLFSSL_X509)*); 00500 WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*); 00501 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); 00502 00503 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); 00504 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); 00505 00506 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); 00507 WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); 00508 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX*, 00509 int); 00510 WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); 00511 WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); 00512 WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); 00513 WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); 00514 00515 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); 00516 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( 00517 WOLFSSL_X509_REVOKED*,int); 00518 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); 00519 00520 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); 00521 00522 WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, 00523 const WOLFSSL_ASN1_INTEGER*); 00524 WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); 00525 00526 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); 00527 00528 WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, 00529 STACK_OF(WOLFSSL_X509_NAME)*); 00530 WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int); 00531 WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); 00532 WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); 00533 00534 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, 00535 void* userdata); 00536 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb); 00537 00538 00539 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, 00540 void (*)(const WOLFSSL* ssl, int type, int val)); 00541 00542 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); 00543 WOLFSSL_API int wolfSSL_GET_REASON(int); 00544 00545 WOLFSSL_API char* wolfSSL_alert_type_string_long(int); 00546 WOLFSSL_API char* wolfSSL_alert_desc_string_long(int); 00547 WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*); 00548 00549 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, 00550 void(*)(int, int, void*), void*); 00551 WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, 00552 WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); 00553 00554 WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); 00555 00556 WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*); 00557 WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*); 00558 WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*); 00559 WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*); 00560 WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*); 00561 WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*); 00562 WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*); 00563 WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*); 00564 WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); 00565 WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); 00566 WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); 00567 WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); 00568 WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); 00569 00570 #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ 00571 #define WOLFSSL_RSA_F4 0x10001L 00572 00573 enum { 00574 OCSP_NOCERTS = 1, 00575 OCSP_NOINTERN = 2, 00576 OCSP_NOSIGS = 4, 00577 OCSP_NOCHAIN = 8, 00578 OCSP_NOVERIFY = 16, 00579 OCSP_NOEXPLICIT = 32, 00580 OCSP_NOCASIGN = 64, 00581 OCSP_NODELEGATED = 128, 00582 OCSP_NOCHECKS = 256, 00583 OCSP_TRUSTOTHER = 512, 00584 OCSP_RESPID_KEY = 1024, 00585 OCSP_NOTIME = 2048, 00586 00587 OCSP_CERTID = 2, 00588 OCSP_REQUEST = 4, 00589 OCSP_RESPONSE = 8, 00590 OCSP_BASICRESP = 16, 00591 00592 WOLFSSL_OCSP_URL_OVERRIDE = 1, 00593 WOLFSSL_OCSP_NO_NONCE = 2, 00594 WOLFSSL_OCSP_CHECKALL = 4, 00595 00596 WOLFSSL_CRL_CHECKALL = 1, 00597 00598 ASN1_GENERALIZEDTIME = 4, 00599 00600 SSL_OP_MICROSOFT_SESS_ID_BUG = 1, 00601 SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, 00602 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, 00603 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, 00604 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, 00605 SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, 00606 SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, 00607 SSL_OP_TLS_D5_BUG = 8, 00608 SSL_OP_TLS_BLOCK_PADDING_BUG = 9, 00609 SSL_OP_TLS_ROLLBACK_BUG = 10, 00610 SSL_OP_ALL = 11, 00611 SSL_OP_EPHEMERAL_RSA = 12, 00612 SSL_OP_NO_SSLv3 = 13, 00613 SSL_OP_NO_TLSv1 = 14, 00614 SSL_OP_PKCS1_CHECK_1 = 15, 00615 SSL_OP_PKCS1_CHECK_2 = 16, 00616 SSL_OP_NETSCAPE_CA_DN_BUG = 17, 00617 SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, 00618 SSL_OP_SINGLE_DH_USE = 19, 00619 SSL_OP_NO_TICKET = 20, 00620 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, 00621 SSL_OP_NO_QUERY_MTU = 22, 00622 SSL_OP_COOKIE_EXCHANGE = 23, 00623 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, 00624 SSL_OP_SINGLE_ECDH_USE = 25, 00625 SSL_OP_CIPHER_SERVER_PREFERENCE = 26, 00626 00627 SSL_MAX_SSL_SESSION_ID_LENGTH = 32, 00628 00629 EVP_R_BAD_DECRYPT = 2, 00630 00631 SSL_CB_LOOP = 4, 00632 SSL_ST_CONNECT = 5, 00633 SSL_ST_ACCEPT = 6, 00634 SSL_CB_ALERT = 7, 00635 SSL_CB_READ = 8, 00636 SSL_CB_HANDSHAKE_DONE = 9, 00637 00638 SSL_MODE_ENABLE_PARTIAL_WRITE = 2, 00639 00640 BIO_FLAGS_BASE64_NO_NL = 1, 00641 BIO_CLOSE = 1, 00642 BIO_NOCLOSE = 0, 00643 00644 NID_undef = 0, 00645 00646 X509_FILETYPE_PEM = 8, 00647 X509_LU_X509 = 9, 00648 X509_LU_CRL = 12, 00649 00650 X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, 00651 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, 00652 X509_V_ERR_CRL_HAS_EXPIRED = 15, 00653 X509_V_ERR_CERT_REVOKED = 16, 00654 X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, 00655 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, 00656 X509_V_ERR_CERT_NOT_YET_VALID = 19, 00657 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, 00658 X509_V_ERR_CERT_HAS_EXPIRED = 21, 00659 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, 00660 X509_V_ERR_CERT_REJECTED = 23, 00661 X509_V_OK = 0, 00662 00663 XN_FLAG_SPC_EQ = (1 << 23), 00664 XN_FLAG_ONELINE = 0, 00665 00666 CRYPTO_LOCK = 1, 00667 CRYPTO_NUM_LOCKS = 10, 00668 00669 ASN1_STRFLGS_ESC_MSB = 4 00670 }; 00671 00672 /* extras end */ 00673 00674 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) 00675 /* wolfSSL extension, provide last error from SSL_get_error 00676 since not using thread storage error queue */ 00677 WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); 00678 #endif 00679 00680 enum { /* ssl Constants */ 00681 SSL_ERROR_NONE = 0, /* for most functions */ 00682 SSL_FAILURE = 0, /* for some functions */ 00683 SSL_SUCCESS = 1, 00684 SSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */ 00685 00686 SSL_ALPN_NOT_FOUND = -9, 00687 SSL_BAD_CERTTYPE = -8, 00688 SSL_BAD_STAT = -7, 00689 SSL_BAD_PATH = -6, 00690 SSL_BAD_FILETYPE = -5, 00691 SSL_BAD_FILE = -4, 00692 SSL_NOT_IMPLEMENTED = -3, 00693 SSL_UNKNOWN = -2, 00694 SSL_FATAL_ERROR = -1, 00695 00696 SSL_FILETYPE_ASN1 = 2, 00697 SSL_FILETYPE_PEM = 1, 00698 SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ 00699 SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ 00700 00701 SSL_VERIFY_NONE = 0, 00702 SSL_VERIFY_PEER = 1, 00703 SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, 00704 SSL_VERIFY_CLIENT_ONCE = 4, 00705 SSL_VERIFY_FAIL_EXCEPT_PSK = 8, 00706 00707 SSL_SESS_CACHE_OFF = 30, 00708 SSL_SESS_CACHE_CLIENT = 31, 00709 SSL_SESS_CACHE_SERVER = 32, 00710 SSL_SESS_CACHE_BOTH = 33, 00711 SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, 00712 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, 00713 00714 SSL_ERROR_WANT_READ = 2, 00715 SSL_ERROR_WANT_WRITE = 3, 00716 SSL_ERROR_WANT_CONNECT = 7, 00717 SSL_ERROR_WANT_ACCEPT = 8, 00718 SSL_ERROR_SYSCALL = 5, 00719 SSL_ERROR_WANT_X509_LOOKUP = 83, 00720 SSL_ERROR_ZERO_RETURN = 6, 00721 SSL_ERROR_SSL = 85, 00722 00723 SSL_SENT_SHUTDOWN = 1, 00724 SSL_RECEIVED_SHUTDOWN = 2, 00725 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, 00726 SSL_OP_NO_SSLv2 = 8, 00727 00728 SSL_R_SSL_HANDSHAKE_FAILURE = 101, 00729 SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, 00730 SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, 00731 SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, 00732 00733 PEM_BUFSIZE = 1024 00734 }; 00735 00736 00737 #ifndef NO_PSK 00738 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 00739 unsigned int, unsigned char*, unsigned int); 00740 WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*, 00741 wc_psk_client_callback); 00742 WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, 00743 wc_psk_client_callback); 00744 00745 WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); 00746 WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*); 00747 00748 WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*); 00749 WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*); 00750 00751 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 00752 unsigned char*, unsigned int); 00753 WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*, 00754 wc_psk_server_callback); 00755 WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, 00756 wc_psk_server_callback); 00757 00758 #define PSK_TYPES_DEFINED 00759 #endif /* NO_PSK */ 00760 00761 00762 #ifdef HAVE_ANON 00763 WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); 00764 #endif /* HAVE_ANON */ 00765 00766 00767 /* extra begins */ 00768 00769 enum { /* ERR Constants */ 00770 ERR_TXT_STRING = 1 00771 }; 00772 00773 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*, 00774 const char**, int *); 00775 00776 WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void); 00777 WOLFSSL_API void wolfSSL_ERR_clear_error(void); 00778 00779 00780 WOLFSSL_API int wolfSSL_RAND_status(void); 00781 WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); 00782 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); 00783 WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); 00784 #ifndef NO_CERTS 00785 WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*); 00786 #endif /* !NO_CERTS */ 00787 00788 WOLFSSL_API void wolfSSL_ERR_free_strings(void); 00789 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); 00790 WOLFSSL_API void wolfSSL_EVP_cleanup(void); 00791 WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); 00792 00793 WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); 00794 WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); 00795 WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); 00796 WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); 00797 WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); 00798 00799 WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); 00800 00801 WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); 00802 WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, 00803 const unsigned char*, unsigned int); 00804 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); 00805 00806 WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); 00807 WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); 00808 00809 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...); 00810 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, 00811 const WOLFSSL_ASN1_UTCTIME*); 00812 WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*); 00813 WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int); 00814 00815 /* stunnel 4.28 needs */ 00816 WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); 00817 WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); 00818 WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*, 00819 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)); 00820 WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*, 00821 int (*f)(WOLFSSL*, WOLFSSL_SESSION*)); 00822 WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*, 00823 void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*)); 00824 00825 WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**); 00826 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, 00827 const unsigned char**, long); 00828 00829 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); 00830 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); 00831 WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); 00832 00833 /* extra ends */ 00834 00835 00836 /* wolfSSL extensions */ 00837 00838 /* call before SSL_connect, if verifying will add name check to 00839 date check and signature check */ 00840 WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); 00841 00842 /* need to call once to load library (session cache) */ 00843 WOLFSSL_API int wolfSSL_Init(void); 00844 /* call when done to cleanup/free session cache mutex / resources */ 00845 WOLFSSL_API int wolfSSL_Cleanup(void); 00846 00847 /* which library version do we have */ 00848 WOLFSSL_API const char* wolfSSL_lib_version(void); 00849 /* which library version do we have in hex */ 00850 WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void); 00851 00852 /* turn logging on, only if compiled in */ 00853 WOLFSSL_API int wolfSSL_Debugging_ON(void); 00854 /* turn logging off */ 00855 WOLFSSL_API void wolfSSL_Debugging_OFF(void); 00856 00857 /* do accept or connect depedning on side */ 00858 WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); 00859 /* turn on wolfSSL data compression */ 00860 WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); 00861 00862 WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); 00863 WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); 00864 00865 /* get wolfSSL peer X509_CHAIN */ 00866 WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl); 00867 /* peer chain count */ 00868 WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain); 00869 /* index cert length */ 00870 WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx); 00871 /* index cert */ 00872 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); 00873 /* index cert in X509 */ 00874 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); 00875 /* free X509 */ 00876 WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*); 00877 /* get index cert in PEM */ 00878 WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, 00879 unsigned char* buffer, int inLen, int* outLen); 00880 WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); 00881 WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); 00882 WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); 00883 WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); 00884 WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*); 00885 WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*); 00886 WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); 00887 00888 WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); 00889 00890 WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); 00891 00892 WOLFSSL_API WOLFSSL_X509* 00893 wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); 00894 #ifndef NO_FILESYSTEM 00895 #ifndef NO_STDIO_FILESYSTEM 00896 WOLFSSL_API WOLFSSL_X509* 00897 wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); 00898 #endif 00899 WOLFSSL_API WOLFSSL_X509* 00900 wolfSSL_X509_load_certificate_file(const char* fname, int format); 00901 #endif 00902 00903 #ifdef WOLFSSL_SEP 00904 WOLFSSL_API unsigned char* 00905 wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*); 00906 WOLFSSL_API unsigned char* 00907 wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*); 00908 WOLFSSL_API unsigned char* 00909 wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*); 00910 #endif 00911 00912 /* connect enough to get peer cert */ 00913 WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); 00914 00915 #ifndef NO_DH 00916 /* server Diffie-Hellman parameters */ 00917 WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, 00918 const unsigned char* g, int gSz); 00919 WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, 00920 int format); 00921 #ifndef NO_FILESYSTEM 00922 WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); 00923 #endif 00924 00925 /* server ctx Diffie-Hellman parameters */ 00926 WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p, 00927 int pSz, const unsigned char* g, int gSz); 00928 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b, 00929 long sz, int format); 00930 00931 #ifndef NO_FILESYSTEM 00932 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f, 00933 int format); 00934 #endif 00935 00936 WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short); 00937 WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short); 00938 WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); 00939 #endif /* NO_DH */ 00940 00941 WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short); 00942 WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short); 00943 00944 /* keyblock size in bytes or -1 */ 00945 /* need to call wolfSSL_KeepArrays before handshake to save keys */ 00946 WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*); 00947 WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen, 00948 unsigned char** sr, unsigned int* srLen, 00949 unsigned char** cr, unsigned int* crLen); 00950 00951 /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ 00952 WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, 00953 const char* label); 00954 00955 00956 #ifndef _WIN32 00957 #ifndef NO_WRITEV 00958 #ifdef __PPU 00959 #include <sys/types.h> 00960 #include <sys/socket.h> 00961 #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ 00962 !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) 00963 #include <sys/uio.h> 00964 #endif 00965 /* allow writev style writing */ 00966 WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, 00967 int iovcnt); 00968 #endif 00969 #endif 00970 00971 00972 #ifndef NO_CERTS 00973 /* SSL_CTX versions */ 00974 WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); 00975 #ifdef WOLFSSL_TRUST_PEER_CERT 00976 WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); 00977 WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*, 00978 const unsigned char*, long, int); 00979 #endif 00980 WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, 00981 const unsigned char*, long, int); 00982 WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, 00983 const unsigned char*, long, int); 00984 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, 00985 const unsigned char*, long, int); 00986 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, 00987 const unsigned char*, long); 00988 00989 /* SSL versions */ 00990 WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, 00991 long, int); 00992 WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, 00993 long, int); 00994 WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, 00995 const unsigned char*, long); 00996 WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); 00997 #endif 00998 00999 WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); 01000 WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*); 01001 01002 /* I/O callbacks */ 01003 typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx); 01004 typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx); 01005 01006 #ifdef HAVE_FUZZER 01007 enum fuzzer_type { 01008 FUZZ_HMAC = 0, 01009 FUZZ_ENCRYPT = 1, 01010 FUZZ_SIGNATURE = 2, 01011 FUZZ_HASH = 3, 01012 FUZZ_HEAD = 4 01013 }; 01014 01015 typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, 01016 int type, void* fuzzCtx); 01017 01018 WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); 01019 #endif 01020 01021 WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); 01022 WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); 01023 01024 WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx); 01025 WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx); 01026 01027 WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl); 01028 WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl); 01029 01030 WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags); 01031 WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); 01032 01033 01034 #ifndef WOLFSSL_USER_IO 01035 /* default IO callbacks */ 01036 WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); 01037 WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); 01038 01039 #ifdef HAVE_OCSP 01040 WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, 01041 int, unsigned char**); 01042 WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*); 01043 #endif 01044 01045 #ifdef WOLFSSL_DTLS 01046 WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); 01047 WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); 01048 WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, 01049 int sz, void*); 01050 #endif /* WOLFSSL_DTLS */ 01051 #endif /* WOLFSSL_USER_IO */ 01052 01053 01054 #ifdef HAVE_NETX 01055 WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket, 01056 ULONG waitoption); 01057 #endif 01058 01059 typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz, 01060 void* ctx); 01061 WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie); 01062 WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx); 01063 WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl); 01064 WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, 01065 const unsigned char*, 01066 unsigned int); 01067 01068 01069 /* I/O Callback default errors */ 01070 enum IOerrors { 01071 WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ 01072 WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ 01073 WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ 01074 WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ 01075 WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ 01076 WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ 01077 WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ 01078 }; 01079 01080 01081 /* CA cache callbacks */ 01082 enum { 01083 WOLFSSL_SSLV3 = 0, 01084 WOLFSSL_TLSV1 = 1, 01085 WOLFSSL_TLSV1_1 = 2, 01086 WOLFSSL_TLSV1_2 = 3, 01087 WOLFSSL_USER_CA = 1, /* user added as trusted */ 01088 WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ 01089 }; 01090 01091 WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); 01092 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); 01093 WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ 01094 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); 01095 WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, 01096 unsigned char*, int, const char*); 01097 WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, 01098 unsigned char*, int, int); 01099 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) 01100 #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED 01101 #ifndef NO_FILESYSTEM 01102 WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, 01103 unsigned char* derBuf, int derSz); 01104 #endif 01105 WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, 01106 unsigned char*, int); 01107 #define WOLFSSL_PEMPUBKEY_TODER_DEFINED 01108 #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ 01109 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER*/ 01110 01111 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); 01112 typedef void (*CbMissingCRL)(const char* url); 01113 typedef int (*CbOCSPIO)(void*, const char*, int, 01114 unsigned char*, int, unsigned char**); 01115 typedef void (*CbOCSPRespFree)(void*,unsigned char*); 01116 01117 /* User Atomic Record Layer CallBacks */ 01118 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, 01119 const unsigned char* macIn, unsigned int macInSz, int macContent, 01120 int macVerify, unsigned char* encOut, const unsigned char* encIn, 01121 unsigned int encSz, void* ctx); 01122 WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt); 01123 WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx); 01124 WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl); 01125 01126 typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl, 01127 unsigned char* decOut, const unsigned char* decIn, 01128 unsigned int decSz, int content, int verify, unsigned int* padSz, 01129 void* ctx); 01130 WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*, 01131 CallbackDecryptVerify); 01132 WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx); 01133 WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl); 01134 01135 WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); 01136 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); 01137 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); 01138 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); 01139 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); 01140 WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*); 01141 WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*); 01142 WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*); 01143 WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*); 01144 WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*); 01145 WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*); 01146 WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*); 01147 WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*); 01148 WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*); 01149 WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*); 01150 WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*, 01151 unsigned int, int, int); 01152 01153 /* Atomic User Needs */ 01154 enum { 01155 WOLFSSL_SERVER_END = 0, 01156 WOLFSSL_CLIENT_END = 1, 01157 WOLFSSL_BLOCK_TYPE = 2, 01158 WOLFSSL_STREAM_TYPE = 3, 01159 WOLFSSL_AEAD_TYPE = 4, 01160 WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ 01161 }; 01162 01163 /* for GetBulkCipher and internal use */ 01164 enum BulkCipherAlgorithm { 01165 wolfssl_cipher_null, 01166 wolfssl_rc4, 01167 wolfssl_rc2, 01168 wolfssl_des, 01169 wolfssl_triple_des, /* leading 3 (3des) not valid identifier */ 01170 wolfssl_des40, 01171 wolfssl_idea, 01172 wolfssl_aes, 01173 wolfssl_aes_gcm, 01174 wolfssl_aes_ccm, 01175 wolfssl_chacha, 01176 wolfssl_camellia, 01177 wolfssl_hc128, /* wolfSSL extensions */ 01178 wolfssl_rabbit 01179 }; 01180 01181 01182 /* for KDF TLS 1.2 mac types */ 01183 enum KDF_MacAlgorithm { 01184 wolfssl_sha256 = 4, /* needs to match internal MACAlgorithm */ 01185 wolfssl_sha384, 01186 wolfssl_sha512 01187 }; 01188 01189 01190 /* Public Key Callback support */ 01191 typedef int (*CallbackEccSign)(WOLFSSL* ssl, 01192 const unsigned char* in, unsigned int inSz, 01193 unsigned char* out, unsigned int* outSz, 01194 const unsigned char* keyDer, unsigned int keySz, 01195 void* ctx); 01196 WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign); 01197 WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); 01198 WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); 01199 01200 typedef int (*CallbackEccVerify)(WOLFSSL* ssl, 01201 const unsigned char* sig, unsigned int sigSz, 01202 const unsigned char* hash, unsigned int hashSz, 01203 const unsigned char* keyDer, unsigned int keySz, 01204 int* result, void* ctx); 01205 WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); 01206 WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); 01207 WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); 01208 01209 typedef int (*CallbackRsaSign)(WOLFSSL* ssl, 01210 const unsigned char* in, unsigned int inSz, 01211 unsigned char* out, unsigned int* outSz, 01212 const unsigned char* keyDer, unsigned int keySz, 01213 void* ctx); 01214 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); 01215 WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx); 01216 WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl); 01217 01218 typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, 01219 unsigned char* sig, unsigned int sigSz, 01220 unsigned char** out, 01221 const unsigned char* keyDer, unsigned int keySz, 01222 void* ctx); 01223 WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); 01224 WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); 01225 WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); 01226 01227 /* RSA Public Encrypt cb */ 01228 typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, 01229 const unsigned char* in, unsigned int inSz, 01230 unsigned char* out, unsigned int* outSz, 01231 const unsigned char* keyDer, unsigned int keySz, 01232 void* ctx); 01233 WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); 01234 WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx); 01235 WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl); 01236 01237 /* RSA Private Decrypt cb */ 01238 typedef int (*CallbackRsaDec)(WOLFSSL* ssl, 01239 unsigned char* in, unsigned int inSz, 01240 unsigned char** out, 01241 const unsigned char* keyDer, unsigned int keySz, 01242 void* ctx); 01243 WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec); 01244 WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); 01245 WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); 01246 01247 01248 #ifndef NO_CERTS 01249 WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); 01250 01251 WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); 01252 WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); 01253 01254 WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f, 01255 const char* d); 01256 WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*, 01257 const unsigned char* in, long sz, int format); 01258 WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); 01259 #ifdef WOLFSSL_TRUST_PEER_CERT 01260 WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); 01261 #endif 01262 WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f, 01263 int format); 01264 WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, 01265 const unsigned char* buff, long sz, int format); 01266 WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*, 01267 unsigned char*, int sz); 01268 WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*, 01269 int options); 01270 WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); 01271 WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, 01272 const char*, int, int); 01273 WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*, 01274 const unsigned char*, long sz, int); 01275 WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*, 01276 CbMissingCRL); 01277 WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*, 01278 unsigned char*, int sz); 01279 WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*, 01280 int options); 01281 WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); 01282 WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*, 01283 const char*); 01284 WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, 01285 CbOCSPIO, CbOCSPRespFree, void*); 01286 01287 WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( 01288 WOLFSSL_CERT_MANAGER* cm); 01289 01290 WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); 01291 WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); 01292 WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); 01293 WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL); 01294 WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options); 01295 WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); 01296 WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); 01297 WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*); 01298 01299 WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); 01300 WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); 01301 WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int); 01302 WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL); 01303 WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); 01304 WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); 01305 WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); 01306 WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, 01307 CbOCSPIO, CbOCSPRespFree, void*); 01308 01309 WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); 01310 #endif /* !NO_CERTS */ 01311 01312 /* end of handshake frees temporary arrays, if user needs for get_keys or 01313 psk hints, call KeepArrays before handshake and then FreeArrays when done 01314 if don't want to wait for object free */ 01315 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*); 01316 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*); 01317 01318 01319 /* cavium additions */ 01320 WOLFSSL_API int wolfSSL_UseCavium(WOLFSSL*, int devId); 01321 WOLFSSL_API int wolfSSL_CTX_UseCavium(WOLFSSL_CTX*, int devId); 01322 01323 /* TLS Extensions */ 01324 01325 /* Server Name Indication */ 01326 #ifdef HAVE_SNI 01327 01328 /* SNI types */ 01329 enum { 01330 WOLFSSL_SNI_HOST_NAME = 0 01331 }; 01332 01333 WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, 01334 const void* data, unsigned short size); 01335 WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, 01336 const void* data, unsigned short size); 01337 01338 #ifndef NO_WOLFSSL_SERVER 01339 01340 /* SNI options */ 01341 enum { 01342 /* Do not abort the handshake if the requested SNI didn't match. */ 01343 WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, 01344 01345 /* Behave as if the requested SNI matched in a case of mismatch. */ 01346 /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */ 01347 WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02, 01348 01349 /* Abort the handshake if the client didn't send a SNI request. */ 01350 WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04, 01351 }; 01352 01353 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type, 01354 unsigned char options); 01355 WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, 01356 unsigned char type, unsigned char options); 01357 01358 /* SNI status */ 01359 enum { 01360 WOLFSSL_SNI_NO_MATCH = 0, 01361 WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */ 01362 WOLFSSL_SNI_REAL_MATCH = 2, 01363 WOLFSSL_SNI_FORCE_KEEP = 3 /** Used with -DWOLFSSL_ALWAYS_KEEP_SNI */ 01364 }; 01365 01366 WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type); 01367 01368 WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, 01369 unsigned char type, void** data); 01370 WOLFSSL_API int wolfSSL_SNI_GetFromBuffer( 01371 const unsigned char* clientHello, unsigned int helloSz, 01372 unsigned char type, unsigned char* sni, unsigned int* inOutSz); 01373 01374 #endif 01375 #endif 01376 01377 /* Application-Layer Protocol Negotiation */ 01378 #ifdef HAVE_ALPN 01379 01380 /* ALPN status code */ 01381 enum { 01382 WOLFSSL_ALPN_NO_MATCH = 0, 01383 WOLFSSL_ALPN_MATCH = 1, 01384 WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2, 01385 WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4, 01386 }; 01387 01388 enum { 01389 WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255, 01390 WOLFSSL_MAX_ALPN_NUMBER = 257 01391 }; 01392 01393 WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, 01394 unsigned int protocol_name_listSz, 01395 unsigned char options); 01396 01397 WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, 01398 unsigned short *size); 01399 01400 WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, 01401 unsigned short *listSz); 01402 #endif /* HAVE_ALPN */ 01403 01404 /* Maximum Fragment Length */ 01405 #ifdef HAVE_MAX_FRAGMENT 01406 01407 /* Fragment lengths */ 01408 enum { 01409 WOLFSSL_MFL_2_9 = 1, /* 512 bytes */ 01410 WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */ 01411 WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */ 01412 WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */ 01413 WOLFSSL_MFL_2_13 = 5 /* 8192 bytes *//* wolfSSL ONLY!!! */ 01414 }; 01415 01416 #ifndef NO_WOLFSSL_CLIENT 01417 01418 WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl); 01419 WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl); 01420 01421 #endif 01422 #endif 01423 01424 /* Truncated HMAC */ 01425 #ifdef HAVE_TRUNCATED_HMAC 01426 #ifndef NO_WOLFSSL_CLIENT 01427 01428 WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl); 01429 WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx); 01430 01431 #endif 01432 #endif 01433 01434 /* Certificate Status Request */ 01435 /* Certificate Status Type */ 01436 enum { 01437 WOLFSSL_CSR_OCSP = 1 01438 }; 01439 01440 /* Certificate Status Options (flags) */ 01441 enum { 01442 WOLFSSL_CSR_OCSP_USE_NONCE = 0x01 01443 }; 01444 01445 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 01446 #ifndef NO_WOLFSSL_CLIENT 01447 01448 WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, 01449 unsigned char status_type, unsigned char options); 01450 01451 WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, 01452 unsigned char status_type, unsigned char options); 01453 01454 #endif 01455 #endif 01456 01457 /* Certificate Status Request v2 */ 01458 /* Certificate Status Type */ 01459 enum { 01460 WOLFSSL_CSR2_OCSP = 1, 01461 WOLFSSL_CSR2_OCSP_MULTI = 2 01462 }; 01463 01464 /* Certificate Status v2 Options (flags) */ 01465 enum { 01466 WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 01467 }; 01468 01469 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 01470 #ifndef NO_WOLFSSL_CLIENT 01471 01472 WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, 01473 unsigned char status_type, unsigned char options); 01474 01475 WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, 01476 unsigned char status_type, unsigned char options); 01477 01478 #endif 01479 #endif 01480 01481 /* Elliptic Curves */ 01482 enum { 01483 WOLFSSL_ECC_SECP160R1 = 0x10, 01484 WOLFSSL_ECC_SECP192R1 = 0x13, 01485 WOLFSSL_ECC_SECP224R1 = 0x15, 01486 WOLFSSL_ECC_SECP256R1 = 0x17, 01487 WOLFSSL_ECC_SECP384R1 = 0x18, 01488 WOLFSSL_ECC_SECP521R1 = 0x19 01489 }; 01490 01491 #ifdef HAVE_SUPPORTED_CURVES 01492 #ifndef NO_WOLFSSL_CLIENT 01493 01494 WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, unsigned short name); 01495 WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, 01496 unsigned short name); 01497 01498 #endif 01499 #endif 01500 01501 01502 /* Secure Renegotiation */ 01503 #ifdef HAVE_SECURE_RENEGOTIATION 01504 01505 WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl); 01506 WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl); 01507 01508 #endif 01509 01510 /* Session Ticket */ 01511 #ifdef HAVE_SESSION_TICKET 01512 01513 #ifndef NO_WOLFSSL_CLIENT 01514 WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl); 01515 WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); 01516 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*); 01517 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int); 01518 typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*); 01519 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, 01520 CallbackSessionTicket, void*); 01521 #endif /* NO_WOLFSSL_CLIENT */ 01522 01523 #ifndef NO_WOLFSSL_SERVER 01524 01525 #define WOLFSSL_TICKET_NAME_SZ 16 01526 #define WOLFSSL_TICKET_IV_SZ 16 01527 #define WOLFSSL_TICKET_MAC_SZ 32 01528 01529 enum TicketEncRet { 01530 WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */ 01531 WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */ 01532 WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */ 01533 WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ 01534 }; 01535 01536 typedef int (*SessionTicketEncCb)(WOLFSSL*, 01537 unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], 01538 unsigned char iv[WOLFSSL_TICKET_IV_SZ], 01539 unsigned char mac[WOLFSSL_TICKET_MAC_SZ], 01540 int enc, unsigned char*, int, int*, void*); 01541 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, 01542 SessionTicketEncCb); 01543 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); 01544 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); 01545 01546 #endif /* NO_WOLFSSL_SERVER */ 01547 01548 #endif /* HAVE_SESSION_TICKET */ 01549 01550 #ifdef HAVE_QSH 01551 /* Quantum-safe Crypto Schemes */ 01552 enum { 01553 WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */ 01554 WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */ 01555 WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */ 01556 WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */ 01557 WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */ 01558 WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */ 01559 }; 01560 01561 01562 /* test if the connection is using a QSH secure connection return 1 if so */ 01563 WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl); 01564 WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name); 01565 #ifndef NO_WOLFSSL_CLIENT 01566 /* user control over sending client public key in hello 01567 when flag = 1 will send keys if flag is 0 or function is not called 01568 then will not send keys in the hello extension */ 01569 WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag); 01570 #endif 01571 #endif 01572 01573 #define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */ 01574 #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */ 01575 01576 01577 /* notify user the handshake is done */ 01578 typedef int (*HandShakeDoneCb)(WOLFSSL*, void*); 01579 WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*); 01580 01581 01582 WOLFSSL_API int wolfSSL_PrintSessionStats(void); 01583 WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active, 01584 unsigned int* total, 01585 unsigned int* peak, 01586 unsigned int* maxSessions); 01587 /* External facing KDF */ 01588 WOLFSSL_API 01589 int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen, 01590 const unsigned char* pms, unsigned int pmsLen, 01591 const unsigned char* cr, const unsigned char* sr, 01592 int tls1_2, int hash_type); 01593 01594 WOLFSSL_API 01595 int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen, 01596 const unsigned char* ms, unsigned int msLen, 01597 const unsigned char* sr, const unsigned char* cr, 01598 int tls1_2, int hash_type); 01599 01600 #ifdef WOLFSSL_CALLBACKS 01601 01602 /* used internally by wolfSSL while OpenSSL types aren't */ 01603 #include <wolfssl/callbacks.h> 01604 01605 typedef int (*HandShakeCallBack)(HandShakeInfo*); 01606 typedef int (*TimeoutCallBack)(TimeoutInfo*); 01607 01608 /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack 01609 for diagnostics */ 01610 WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, 01611 Timeval); 01612 WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, 01613 Timeval); 01614 01615 #endif /* WOLFSSL_CALLBACKS */ 01616 01617 01618 #ifdef WOLFSSL_HAVE_WOLFSCEP 01619 WOLFSSL_API void wolfSSL_wolfSCEP(void); 01620 #endif /* WOLFSSL_HAVE_WOLFSCEP */ 01621 01622 #ifdef WOLFSSL_HAVE_CERT_SERVICE 01623 WOLFSSL_API void wolfSSL_cert_service(void); 01624 #endif 01625 01626 01627 #ifdef OPENSSL_EXTRA /*lighttp compatibility */ 01628 #ifdef HAVE_LIGHTY 01629 01630 typedef struct WOLFSSL_X509_NAME_ENTRY { 01631 WOLFSSL_ASN1_OBJECT* object; 01632 WOLFSSL_ASN1_STRING* value; 01633 int set; 01634 int size; 01635 } WOLFSSL_X509_NAME_ENTRY; 01636 01637 01638 #include <wolfssl/openssl/dh.h> 01639 #include <wolfssl/openssl/asn1.h> 01640 01641 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); 01642 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); 01643 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); 01644 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); 01645 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); 01646 /* These are to be merged shortly */ 01647 WOLFSSL_API const char * wolf_OBJ_nid2sn(int n); 01648 WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); 01649 WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn); 01650 WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); 01651 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); 01652 WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); 01653 WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); 01654 WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); 01655 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); 01656 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); 01657 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); 01658 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); 01659 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ); 01660 01661 /* end lighttpd*/ 01662 #endif 01663 #endif 01664 01665 #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) 01666 01667 WOLFSSL_API char * wolf_OBJ_nid2ln(int n); 01668 WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); 01669 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); 01670 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); 01671 WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, 01672 WOLFSSL_DH **x, pem_password_cb *cb, void *u); 01673 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); 01674 01675 01676 #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ 01677 01678 01679 #ifdef HAVE_STUNNEL 01680 01681 #include <wolfssl/openssl/crypto.h> 01682 01683 /* SNI received callback type */ 01684 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); 01685 01686 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), 01687 void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); 01688 01689 WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, 01690 void (*callback) (int, int, void *), void *cb_arg); 01691 01692 WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, 01693 void (*callback) (int, int, void *)); 01694 01695 WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); 01696 01697 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); 01698 01699 WOLFSSL_API int wolfSSL_FIPS_mode(void); 01700 01701 WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); 01702 01703 WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); 01704 01705 WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); 01706 01707 WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s); 01708 01709 WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s); 01710 01711 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, 01712 unsigned long); 01713 01714 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( 01715 const WOLFSSL_X509*); 01716 01717 WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); 01718 01719 WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); 01720 01721 WOLFSSL_API int wolfSSL_version(WOLFSSL*); 01722 01723 WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); 01724 01725 WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int); 01726 01727 WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); 01728 01729 WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); 01730 01731 WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); 01732 01733 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); 01734 01735 WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); 01736 01737 WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, 01738 CRYPTO_free_func*); 01739 01740 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); 01741 01742 01743 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, 01744 unsigned int*); 01745 01746 WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *); 01747 01748 WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char); 01749 01750 WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); 01751 01752 WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); 01753 01754 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, 01755 CallbackSniRecv); 01756 01757 WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); 01758 01759 WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); 01760 01761 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); 01762 01763 WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); 01764 01765 WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); 01766 01767 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX*, 01768 WOLFSSL_X509_NAME*); 01769 01770 WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); 01771 #endif /* HAVE_STUNNEL */ 01772 01773 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) 01774 01775 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); 01776 01777 #endif 01778 01779 #ifdef WOLFSSL_JNI 01780 WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr); 01781 WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl); 01782 #endif /* WOLFSSL_JNI */ 01783 01784 #ifdef __cplusplus 01785 } /* extern "C" */ 01786 #endif 01787 01788 01789 #endif /* WOLFSSL_SSL_H */ 01790
Generated on Tue Jul 12 2022 15:55:22 by
1.7.2