wolf SSL
/
CyaSSL-2.9.4
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl.h
00001 /* ssl.h 00002 * 00003 * Copyright (C) 2006-2013 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 00023 /* CyaSSL API */ 00024 00025 #ifndef CYASSL_SSL_H 00026 #define CYASSL_SSL_H 00027 00028 00029 /* for users not using preprocessor flags*/ 00030 #include <cyassl/ctaocrypt/settings.h> 00031 #include <cyassl/version.h> 00032 00033 00034 #ifndef NO_FILESYSTEM 00035 #ifdef FREESCALE_MQX 00036 #include <fio.h> 00037 #else 00038 #include <stdio.h> /* ERR_printf */ 00039 #endif 00040 #endif 00041 00042 #ifdef YASSL_PREFIX 00043 #include "prefix_ssl.h" 00044 #endif 00045 00046 #ifdef LIBCYASSL_VERSION_STRING 00047 #define CYASSL_VERSION LIBCYASSL_VERSION_STRING 00048 #endif 00049 00050 #ifdef _WIN32 00051 /* wincrypt.h clashes */ 00052 #undef OCSP_REQUEST 00053 #undef OCSP_RESPONSE 00054 #endif 00055 00056 00057 00058 #ifdef __cplusplus 00059 extern "C" { 00060 #endif 00061 00062 typedef struct CYASSL CYASSL; 00063 typedef struct CYASSL_SESSION CYASSL_SESSION; 00064 typedef struct CYASSL_METHOD CYASSL_METHOD; 00065 typedef struct CYASSL_CTX CYASSL_CTX; 00066 00067 typedef struct CYASSL_X509 CYASSL_X509; 00068 typedef struct CYASSL_X509_NAME CYASSL_X509_NAME; 00069 typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN; 00070 00071 typedef struct CYASSL_CERT_MANAGER CYASSL_CERT_MANAGER; 00072 typedef struct CYASSL_SOCKADDR CYASSL_SOCKADDR; 00073 00074 /* redeclare guard */ 00075 #define CYASSL_TYPES_DEFINED 00076 00077 00078 typedef struct CYASSL_RSA CYASSL_RSA; 00079 typedef struct CYASSL_DSA CYASSL_DSA; 00080 typedef struct CYASSL_CIPHER CYASSL_CIPHER; 00081 typedef struct CYASSL_X509_LOOKUP CYASSL_X509_LOOKUP; 00082 typedef struct CYASSL_X509_LOOKUP_METHOD CYASSL_X509_LOOKUP_METHOD; 00083 typedef struct CYASSL_X509_CRL CYASSL_X509_CRL; 00084 typedef struct CYASSL_BIO CYASSL_BIO; 00085 typedef struct CYASSL_BIO_METHOD CYASSL_BIO_METHOD; 00086 typedef struct CYASSL_X509_EXTENSION CYASSL_X509_EXTENSION; 00087 typedef struct CYASSL_ASN1_TIME CYASSL_ASN1_TIME; 00088 typedef struct CYASSL_ASN1_INTEGER CYASSL_ASN1_INTEGER; 00089 typedef struct CYASSL_ASN1_OBJECT CYASSL_ASN1_OBJECT; 00090 typedef struct CYASSL_ASN1_STRING CYASSL_ASN1_STRING; 00091 typedef struct CYASSL_dynlock_value CYASSL_dynlock_value; 00092 00093 #define CYASSL_ASN1_UTCTIME CYASSL_ASN1_TIME 00094 00095 typedef struct CYASSL_EVP_PKEY { 00096 int type; /* openssh dereference */ 00097 int save_type; /* openssh dereference */ 00098 int pkey_sz; 00099 union { 00100 char* ptr; 00101 } pkey; 00102 #ifdef HAVE_ECC 00103 int pkey_curve; 00104 #endif 00105 } CYASSL_EVP_PKEY; 00106 00107 typedef struct CYASSL_MD4_CTX { 00108 int buffer[32]; /* big enough to hold, check size in Init */ 00109 } CYASSL_MD4_CTX; 00110 00111 00112 typedef struct CYASSL_COMP_METHOD { 00113 int type; /* stunnel dereference */ 00114 } CYASSL_COMP_METHOD; 00115 00116 00117 typedef struct CYASSL_X509_STORE { 00118 int cache; /* stunnel dereference */ 00119 CYASSL_CERT_MANAGER* cm; 00120 } CYASSL_X509_STORE; 00121 00122 typedef struct CYASSL_ALERT { 00123 int code; 00124 int level; 00125 } CYASSL_ALERT; 00126 00127 typedef struct CYASSL_ALERT_HISTORY { 00128 CYASSL_ALERT last_rx; 00129 CYASSL_ALERT last_tx; 00130 } CYASSL_ALERT_HISTORY; 00131 00132 typedef struct CYASSL_X509_REVOKED { 00133 CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ 00134 } CYASSL_X509_REVOKED; 00135 00136 00137 typedef struct CYASSL_X509_OBJECT { 00138 union { 00139 char* ptr; 00140 CYASSL_X509_CRL* crl; /* stunnel dereference */ 00141 } data; 00142 } CYASSL_X509_OBJECT; 00143 00144 00145 typedef struct CYASSL_X509_STORE_CTX { 00146 CYASSL_X509_STORE* store; /* Store full of a CA cert chain */ 00147 CYASSL_X509* current_cert; /* stunnel dereference */ 00148 char* domain; /* subject CN domain name */ 00149 void* ex_data; /* external data, for fortress build */ 00150 void* userCtx; /* user ctx */ 00151 int error; /* current error */ 00152 int error_depth; /* cert depth for this error */ 00153 int discardSessionCerts; /* so verify callback can flag for discard */ 00154 } CYASSL_X509_STORE_CTX; 00155 00156 00157 /* Valid Alert types from page 16/17 */ 00158 enum AlertDescription { 00159 close_notify = 0, 00160 unexpected_message = 10, 00161 bad_record_mac = 20, 00162 decompression_failure = 30, 00163 handshake_failure = 40, 00164 no_certificate = 41, 00165 bad_certificate = 42, 00166 unsupported_certificate = 43, 00167 certificate_revoked = 44, 00168 certificate_expired = 45, 00169 certificate_unknown = 46, 00170 illegal_parameter = 47, 00171 decrypt_error = 51, 00172 protocol_version = 70, 00173 no_renegotiation = 100, 00174 unrecognized_name = 112 00175 }; 00176 00177 00178 enum AlertLevel { 00179 alert_warning = 1, 00180 alert_fatal = 2 00181 }; 00182 00183 00184 CYASSL_API CYASSL_METHOD *CyaSSLv3_server_method(void); 00185 CYASSL_API CYASSL_METHOD *CyaSSLv3_client_method(void); 00186 CYASSL_API CYASSL_METHOD *CyaTLSv1_server_method(void); 00187 CYASSL_API CYASSL_METHOD *CyaTLSv1_client_method(void); 00188 CYASSL_API CYASSL_METHOD *CyaTLSv1_1_server_method(void); 00189 CYASSL_API CYASSL_METHOD *CyaTLSv1_1_client_method(void); 00190 CYASSL_API CYASSL_METHOD *CyaTLSv1_2_server_method(void); 00191 CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void); 00192 00193 #ifdef CYASSL_DTLS 00194 CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void); 00195 CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void); 00196 CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void); 00197 CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void); 00198 #endif 00199 00200 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) 00201 00202 CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int); 00203 CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int); 00204 CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*, 00205 const char*); 00206 CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *, 00207 const char *file); 00208 CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int); 00209 00210 CYASSL_API int CyaSSL_use_certificate_file(CYASSL*, const char*, int); 00211 CYASSL_API int CyaSSL_use_PrivateKey_file(CYASSL*, const char*, int); 00212 CYASSL_API int CyaSSL_use_certificate_chain_file(CYASSL*, const char *file); 00213 CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int); 00214 00215 #ifdef CYASSL_DER_LOAD 00216 CYASSL_API int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX*, 00217 const char*, int); 00218 #endif 00219 00220 #ifdef HAVE_NTRU 00221 CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX*, const char*); 00222 /* load NTRU private key blob */ 00223 #endif 00224 00225 CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int); 00226 00227 #endif /* !NO_FILESYSTEM && !NO_CERTS */ 00228 00229 CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*); 00230 CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*); 00231 CYASSL_API int CyaSSL_set_fd (CYASSL*, int); 00232 CYASSL_API int CyaSSL_get_fd(const CYASSL*); 00233 CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int); 00234 CYASSL_API int CyaSSL_get_using_nonblock(CYASSL*); 00235 CYASSL_API int CyaSSL_connect(CYASSL*); /* please see note at top of README 00236 if you get an error from connect */ 00237 CYASSL_API int CyaSSL_write(CYASSL*, const void*, int); 00238 CYASSL_API int CyaSSL_read(CYASSL*, void*, int); 00239 CYASSL_API int CyaSSL_peek(CYASSL*, void*, int); 00240 CYASSL_API int CyaSSL_accept(CYASSL*); 00241 CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*); 00242 CYASSL_API void CyaSSL_free(CYASSL*); 00243 CYASSL_API int CyaSSL_shutdown(CYASSL*); 00244 CYASSL_API int CyaSSL_send(CYASSL*, const void*, int sz, int flags); 00245 CYASSL_API int CyaSSL_recv(CYASSL*, void*, int sz, int flags); 00246 00247 CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int); 00248 CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int); 00249 00250 CYASSL_API int CyaSSL_get_error(CYASSL*, int); 00251 CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *); 00252 00253 CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session); 00254 CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl); 00255 CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm); 00256 CYASSL_API int CyaSSL_SetServerID(CYASSL* ssl, const unsigned char*, 00257 int, int); 00258 00259 #ifdef SESSION_INDEX 00260 CYASSL_API int CyaSSL_GetSessionIndex(CYASSL* ssl); 00261 CYASSL_API int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session); 00262 #endif /* SESSION_INDEX */ 00263 00264 #if defined(SESSION_INDEX) && defined(SESSION_CERTS) 00265 CYASSL_API 00266 CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session); 00267 #endif /* SESSION_INDEX && SESSION_CERTS */ 00268 00269 typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*); 00270 typedef int (*pem_password_cb)(char*, int, int, void*); 00271 00272 CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, 00273 VerifyCallback verify_callback); 00274 CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback); 00275 CYASSL_API void CyaSSL_SetCertCbCtx(CYASSL*, void*); 00276 00277 CYASSL_API int CyaSSL_pending(CYASSL*); 00278 00279 CYASSL_API void CyaSSL_load_error_strings(void); 00280 CYASSL_API int CyaSSL_library_init(void); 00281 CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long); 00282 00283 /* session cache persistence */ 00284 CYASSL_API int CyaSSL_save_session_cache(const char*); 00285 CYASSL_API int CyaSSL_restore_session_cache(const char*); 00286 CYASSL_API int CyaSSL_memsave_session_cache(void*, int); 00287 CYASSL_API int CyaSSL_memrestore_session_cache(const void*, int); 00288 CYASSL_API int CyaSSL_get_session_cache_memsize(void); 00289 00290 /* certificate cache persistence, uses ctx since certs are per ctx */ 00291 CYASSL_API int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*); 00292 CYASSL_API int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*); 00293 CYASSL_API int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*); 00294 CYASSL_API int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int); 00295 CYASSL_API int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*); 00296 00297 /* only supports full name from cipher_name[] delimited by : */ 00298 CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*); 00299 CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*); 00300 00301 /* Nonblocking DTLS helper functions */ 00302 CYASSL_API int CyaSSL_dtls_get_current_timeout(CYASSL* ssl); 00303 CYASSL_API int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int); 00304 CYASSL_API int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int); 00305 CYASSL_API int CyaSSL_dtls_got_timeout(CYASSL* ssl); 00306 CYASSL_API int CyaSSL_dtls(CYASSL* ssl); 00307 00308 CYASSL_API int CyaSSL_dtls_set_peer(CYASSL*, void*, unsigned int); 00309 CYASSL_API int CyaSSL_dtls_get_peer(CYASSL*, void*, unsigned int*); 00310 00311 CYASSL_API int CyaSSL_ERR_GET_REASON(int err); 00312 CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); 00313 CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, 00314 unsigned long sz); 00315 00316 /* extras */ 00317 00318 #define STACK_OF(x) x 00319 00320 CYASSL_API int CyaSSL_set_ex_data(CYASSL*, int, void*); 00321 CYASSL_API int CyaSSL_get_shutdown(const CYASSL*); 00322 CYASSL_API int CyaSSL_set_rfd(CYASSL*, int); 00323 CYASSL_API int CyaSSL_set_wfd(CYASSL*, int); 00324 CYASSL_API void CyaSSL_set_shutdown(CYASSL*, int); 00325 CYASSL_API int CyaSSL_set_session_id_context(CYASSL*, const unsigned char*, 00326 unsigned int); 00327 CYASSL_API void CyaSSL_set_connect_state(CYASSL*); 00328 CYASSL_API void CyaSSL_set_accept_state(CYASSL*); 00329 CYASSL_API int CyaSSL_session_reused(CYASSL*); 00330 CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session); 00331 CYASSL_API int CyaSSL_is_init_finished(CYASSL*); 00332 00333 CYASSL_API const char* CyaSSL_get_version(CYASSL*); 00334 CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl); 00335 CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*); 00336 CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int); 00337 CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher); 00338 CYASSL_API const char* CyaSSL_get_cipher(CYASSL*); 00339 CYASSL_API CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl); 00340 /* what's ref count */ 00341 00342 CYASSL_API void CyaSSL_X509_free(CYASSL_X509*); 00343 CYASSL_API void CyaSSL_OPENSSL_free(void*); 00344 00345 CYASSL_API int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, 00346 char** path, int* ssl); 00347 00348 CYASSL_API CYASSL_METHOD* CyaSSLv23_client_method(void); 00349 CYASSL_API CYASSL_METHOD* CyaSSLv2_client_method(void); 00350 CYASSL_API CYASSL_METHOD* CyaSSLv2_server_method(void); 00351 00352 CYASSL_API void CyaSSL_MD4_Init(CYASSL_MD4_CTX*); 00353 CYASSL_API void CyaSSL_MD4_Update(CYASSL_MD4_CTX*, const void*, unsigned long); 00354 CYASSL_API void CyaSSL_MD4_Final(unsigned char*, CYASSL_MD4_CTX*); 00355 00356 00357 CYASSL_API CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD*); 00358 CYASSL_API int CyaSSL_BIO_free(CYASSL_BIO*); 00359 CYASSL_API int CyaSSL_BIO_free_all(CYASSL_BIO*); 00360 CYASSL_API int CyaSSL_BIO_read(CYASSL_BIO*, void*, int); 00361 CYASSL_API int CyaSSL_BIO_write(CYASSL_BIO*, const void*, int); 00362 CYASSL_API CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO*, CYASSL_BIO* append); 00363 CYASSL_API CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO*); 00364 CYASSL_API int CyaSSL_BIO_flush(CYASSL_BIO*); 00365 CYASSL_API int CyaSSL_BIO_pending(CYASSL_BIO*); 00366 00367 CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void); 00368 CYASSL_API long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO*, long size); 00369 CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void); 00370 CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int flag); 00371 CYASSL_API int CyaSSL_BIO_eof(CYASSL_BIO*); 00372 00373 CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void); 00374 CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void); 00375 CYASSL_API void CyaSSL_BIO_set_flags(CYASSL_BIO*, int); 00376 00377 CYASSL_API int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio,const unsigned char** p); 00378 CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len); 00379 00380 00381 CYASSL_API long CyaSSL_BIO_set_ssl(CYASSL_BIO*, CYASSL*, int flag); 00382 CYASSL_API void CyaSSL_set_bio(CYASSL*, CYASSL_BIO* rd, CYASSL_BIO* wr); 00383 00384 CYASSL_API int CyaSSL_add_all_algorithms(void); 00385 00386 CYASSL_API void CyaSSL_RAND_screen(void); 00387 CYASSL_API const char* CyaSSL_RAND_file_name(char*, unsigned long); 00388 CYASSL_API int CyaSSL_RAND_write_file(const char*); 00389 CYASSL_API int CyaSSL_RAND_load_file(const char*, long); 00390 CYASSL_API int CyaSSL_RAND_egd(const char*); 00391 CYASSL_API int CyaSSL_RAND_seed(const void*, int); 00392 CYASSL_API void CyaSSL_RAND_add(const void*, int, double); 00393 00394 CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void); 00395 CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void); 00396 CYASSL_API int CyaSSL_COMP_add_compression_method(int, void*); 00397 00398 CYASSL_API int CyaSSL_get_ex_new_index(long, void*, void*, void*, void*); 00399 00400 CYASSL_API void CyaSSL_set_id_callback(unsigned long (*f)(void)); 00401 CYASSL_API void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, 00402 int)); 00403 CYASSL_API void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f) 00404 (const char*, int)); 00405 CYASSL_API void CyaSSL_set_dynlock_lock_callback(void (*f)(int, 00406 CYASSL_dynlock_value*, const char*, int)); 00407 CYASSL_API void CyaSSL_set_dynlock_destroy_callback(void (*f) 00408 (CYASSL_dynlock_value*, const char*, int)); 00409 CYASSL_API int CyaSSL_num_locks(void); 00410 00411 CYASSL_API CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert( 00412 CYASSL_X509_STORE_CTX*); 00413 CYASSL_API int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX*); 00414 CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*); 00415 00416 CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int); 00417 CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*); 00418 CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*); 00419 CYASSL_API int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509*, int); 00420 CYASSL_API int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509*, int); 00421 CYASSL_API int CyaSSL_X509_get_isCA(CYASSL_X509*); 00422 CYASSL_API int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509*); 00423 CYASSL_API unsigned int CyaSSL_X509_get_pathLength(CYASSL_X509*); 00424 CYASSL_API unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509*); 00425 CYASSL_API unsigned char* CyaSSL_X509_get_authorityKeyID( 00426 CYASSL_X509*, unsigned char*, int*); 00427 CYASSL_API unsigned char* CyaSSL_X509_get_subjectKeyID( 00428 CYASSL_X509*, unsigned char*, int*); 00429 CYASSL_API int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME*); 00430 CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID( 00431 CYASSL_X509_NAME*, int, char*, int); 00432 CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*); 00433 CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long); 00434 CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*); 00435 CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*); 00436 00437 CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long); 00438 CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*, 00439 long); 00440 CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void); 00441 CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void); 00442 00443 CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*, 00444 CYASSL_X509_LOOKUP_METHOD*); 00445 CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void); 00446 CYASSL_API void CyaSSL_X509_STORE_free(CYASSL_X509_STORE*); 00447 CYASSL_API int CyaSSL_X509_STORE_add_cert( 00448 CYASSL_X509_STORE*, CYASSL_X509*); 00449 CYASSL_API int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE*); 00450 CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*, 00451 int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*); 00452 CYASSL_API CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void); 00453 CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*, 00454 CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*); 00455 CYASSL_API void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX*); 00456 CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*); 00457 00458 CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*); 00459 CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL*); 00460 00461 CYASSL_API CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509*); 00462 CYASSL_API int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL*, CYASSL_EVP_PKEY*); 00463 CYASSL_API void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX*, 00464 int); 00465 CYASSL_API void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT*); 00466 CYASSL_API void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY*); 00467 CYASSL_API int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME*); 00468 CYASSL_API int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED*); 00469 00470 CYASSL_API CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL*); 00471 CYASSL_API CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value( 00472 CYASSL_X509_REVOKED*,int); 00473 CYASSL_API CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509*); 00474 00475 CYASSL_API int CyaSSL_ASN1_TIME_print(CYASSL_BIO*, const CYASSL_ASN1_TIME*); 00476 00477 CYASSL_API int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER*, 00478 const CYASSL_ASN1_INTEGER*); 00479 CYASSL_API long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER*); 00480 00481 CYASSL_API STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char*); 00482 00483 CYASSL_API void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX*, 00484 STACK_OF(CYASSL_X509_NAME)*); 00485 CYASSL_API void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX*, int); 00486 CYASSL_API int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void); 00487 CYASSL_API void* CyaSSL_get_ex_data(const CYASSL*, int); 00488 00489 CYASSL_API void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX*, 00490 void* userdata); 00491 CYASSL_API void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX*, pem_password_cb); 00492 00493 00494 CYASSL_API void CyaSSL_CTX_set_info_callback(CYASSL_CTX*, void (*)(void)); 00495 00496 CYASSL_API unsigned long CyaSSL_ERR_peek_error(void); 00497 CYASSL_API int CyaSSL_GET_REASON(int); 00498 00499 CYASSL_API char* CyaSSL_alert_type_string_long(int); 00500 CYASSL_API char* CyaSSL_alert_desc_string_long(int); 00501 CYASSL_API char* CyaSSL_state_string_long(CYASSL*); 00502 00503 CYASSL_API CYASSL_RSA* CyaSSL_RSA_generate_key(int, unsigned long, 00504 void(*)(int, int, void*), void*); 00505 CYASSL_API void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX*, 00506 CYASSL_RSA*(*)(CYASSL*, int, int)); 00507 00508 CYASSL_API int CyaSSL_PEM_def_callback(char*, int num, int w, void* key); 00509 00510 CYASSL_API long CyaSSL_CTX_sess_accept(CYASSL_CTX*); 00511 CYASSL_API long CyaSSL_CTX_sess_connect(CYASSL_CTX*); 00512 CYASSL_API long CyaSSL_CTX_sess_accept_good(CYASSL_CTX*); 00513 CYASSL_API long CyaSSL_CTX_sess_connect_good(CYASSL_CTX*); 00514 CYASSL_API long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX*); 00515 CYASSL_API long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX*); 00516 CYASSL_API long CyaSSL_CTX_sess_hits(CYASSL_CTX*); 00517 CYASSL_API long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX*); 00518 CYASSL_API long CyaSSL_CTX_sess_cache_full(CYASSL_CTX*); 00519 CYASSL_API long CyaSSL_CTX_sess_misses(CYASSL_CTX*); 00520 CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*); 00521 CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*); 00522 CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*); 00523 00524 #define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */ 00525 #define CYASSL_RSA_F4 0x10001L 00526 00527 enum { 00528 OCSP_NOCERTS = 1, 00529 OCSP_NOINTERN = 2, 00530 OCSP_NOSIGS = 4, 00531 OCSP_NOCHAIN = 8, 00532 OCSP_NOVERIFY = 16, 00533 OCSP_NOEXPLICIT = 32, 00534 OCSP_NOCASIGN = 64, 00535 OCSP_NODELEGATED = 128, 00536 OCSP_NOCHECKS = 256, 00537 OCSP_TRUSTOTHER = 512, 00538 OCSP_RESPID_KEY = 1024, 00539 OCSP_NOTIME = 2048, 00540 00541 OCSP_CERTID = 2, 00542 OCSP_REQUEST = 4, 00543 OCSP_RESPONSE = 8, 00544 OCSP_BASICRESP = 16, 00545 00546 CYASSL_OCSP_URL_OVERRIDE = 1, 00547 CYASSL_OCSP_NO_NONCE = 2, 00548 00549 CYASSL_CRL_CHECKALL = 1, 00550 00551 ASN1_GENERALIZEDTIME = 4, 00552 00553 SSL_OP_MICROSOFT_SESS_ID_BUG = 1, 00554 SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, 00555 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, 00556 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, 00557 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, 00558 SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, 00559 SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, 00560 SSL_OP_TLS_D5_BUG = 8, 00561 SSL_OP_TLS_BLOCK_PADDING_BUG = 9, 00562 SSL_OP_TLS_ROLLBACK_BUG = 10, 00563 SSL_OP_ALL = 11, 00564 SSL_OP_EPHEMERAL_RSA = 12, 00565 SSL_OP_NO_SSLv3 = 13, 00566 SSL_OP_NO_TLSv1 = 14, 00567 SSL_OP_PKCS1_CHECK_1 = 15, 00568 SSL_OP_PKCS1_CHECK_2 = 16, 00569 SSL_OP_NETSCAPE_CA_DN_BUG = 17, 00570 SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, 00571 SSL_OP_SINGLE_DH_USE = 19, 00572 SSL_OP_NO_TICKET = 20, 00573 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, 00574 SSL_OP_NO_QUERY_MTU = 22, 00575 SSL_OP_COOKIE_EXCHANGE = 23, 00576 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, 00577 SSL_OP_SINGLE_ECDH_USE = 25, 00578 SSL_OP_CIPHER_SERVER_PREFERENCE = 26, 00579 00580 SSL_MAX_SSL_SESSION_ID_LENGTH = 32, 00581 00582 EVP_R_BAD_DECRYPT = 2, 00583 00584 SSL_CB_LOOP = 4, 00585 SSL_ST_CONNECT = 5, 00586 SSL_ST_ACCEPT = 6, 00587 SSL_CB_ALERT = 7, 00588 SSL_CB_READ = 8, 00589 SSL_CB_HANDSHAKE_DONE = 9, 00590 00591 SSL_MODE_ENABLE_PARTIAL_WRITE = 2, 00592 00593 BIO_FLAGS_BASE64_NO_NL = 1, 00594 BIO_CLOSE = 1, 00595 BIO_NOCLOSE = 0, 00596 00597 NID_undef = 0, 00598 00599 X509_FILETYPE_PEM = 8, 00600 X509_LU_X509 = 9, 00601 X509_LU_CRL = 12, 00602 00603 X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, 00604 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, 00605 X509_V_ERR_CRL_HAS_EXPIRED = 15, 00606 X509_V_ERR_CERT_REVOKED = 16, 00607 X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, 00608 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, 00609 X509_V_ERR_CERT_NOT_YET_VALID = 19, 00610 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, 00611 X509_V_ERR_CERT_HAS_EXPIRED = 21, 00612 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, 00613 00614 X509_V_OK = 0, 00615 00616 CRYPTO_LOCK = 1, 00617 CRYPTO_NUM_LOCKS = 10 00618 }; 00619 00620 /* extras end */ 00621 00622 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) 00623 /* CyaSSL extension, provide last error from SSL_get_error 00624 since not using thread storage error queue */ 00625 CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err); 00626 #endif 00627 00628 enum { /* ssl Constants */ 00629 SSL_ERROR_NONE = 0, /* for most functions */ 00630 SSL_FAILURE = 0, /* for some functions */ 00631 SSL_SUCCESS = 1, 00632 00633 SSL_BAD_CERTTYPE = -8, 00634 SSL_BAD_STAT = -7, 00635 SSL_BAD_PATH = -6, 00636 SSL_BAD_FILETYPE = -5, 00637 SSL_BAD_FILE = -4, 00638 SSL_NOT_IMPLEMENTED = -3, 00639 SSL_UNKNOWN = -2, 00640 SSL_FATAL_ERROR = -1, 00641 00642 SSL_FILETYPE_ASN1 = 2, 00643 SSL_FILETYPE_PEM = 1, 00644 SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ 00645 SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ 00646 00647 SSL_VERIFY_NONE = 0, 00648 SSL_VERIFY_PEER = 1, 00649 SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, 00650 SSL_VERIFY_CLIENT_ONCE = 4, 00651 00652 SSL_SESS_CACHE_OFF = 30, 00653 SSL_SESS_CACHE_CLIENT = 31, 00654 SSL_SESS_CACHE_SERVER = 32, 00655 SSL_SESS_CACHE_BOTH = 33, 00656 SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, 00657 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, 00658 00659 SSL_ERROR_WANT_READ = 2, 00660 SSL_ERROR_WANT_WRITE = 3, 00661 SSL_ERROR_WANT_CONNECT = 7, 00662 SSL_ERROR_WANT_ACCEPT = 8, 00663 SSL_ERROR_SYSCALL = 5, 00664 SSL_ERROR_WANT_X509_LOOKUP = 83, 00665 SSL_ERROR_ZERO_RETURN = 6, 00666 SSL_ERROR_SSL = 85, 00667 00668 SSL_SENT_SHUTDOWN = 1, 00669 SSL_RECEIVED_SHUTDOWN = 2, 00670 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, 00671 SSL_OP_NO_SSLv2 = 8, 00672 00673 SSL_R_SSL_HANDSHAKE_FAILURE = 101, 00674 SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, 00675 SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, 00676 SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, 00677 00678 PEM_BUFSIZE = 1024 00679 }; 00680 00681 00682 #ifndef NO_PSK 00683 typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, 00684 unsigned int, unsigned char*, unsigned int); 00685 CYASSL_API void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX*, 00686 psk_client_callback); 00687 CYASSL_API void CyaSSL_set_psk_client_callback(CYASSL*,psk_client_callback); 00688 00689 CYASSL_API const char* CyaSSL_get_psk_identity_hint(const CYASSL*); 00690 CYASSL_API const char* CyaSSL_get_psk_identity(const CYASSL*); 00691 00692 CYASSL_API int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX*, const char*); 00693 CYASSL_API int CyaSSL_use_psk_identity_hint(CYASSL*, const char*); 00694 00695 typedef unsigned int (*psk_server_callback)(CYASSL*, const char*, 00696 unsigned char*, unsigned int); 00697 CYASSL_API void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX*, 00698 psk_server_callback); 00699 CYASSL_API void CyaSSL_set_psk_server_callback(CYASSL*,psk_server_callback); 00700 00701 #define PSK_TYPES_DEFINED 00702 #endif /* NO_PSK */ 00703 00704 00705 /* extra begins */ 00706 00707 enum { /* ERR Constants */ 00708 ERR_TXT_STRING = 1 00709 }; 00710 00711 CYASSL_API unsigned long CyaSSL_ERR_get_error_line_data(const char**, int*, 00712 const char**, int *); 00713 00714 CYASSL_API unsigned long CyaSSL_ERR_get_error(void); 00715 CYASSL_API void CyaSSL_ERR_clear_error(void); 00716 00717 00718 CYASSL_API int CyaSSL_RAND_status(void); 00719 CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num); 00720 CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void); 00721 CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long); 00722 #ifndef NO_CERTS 00723 CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*); 00724 #endif /* !NO_CERTS */ 00725 00726 CYASSL_API void CyaSSL_ERR_free_strings(void); 00727 CYASSL_API void CyaSSL_ERR_remove_state(unsigned long); 00728 CYASSL_API void CyaSSL_EVP_cleanup(void); 00729 00730 CYASSL_API void CyaSSL_cleanup_all_ex_data(void); 00731 CYASSL_API long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode); 00732 CYASSL_API long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx); 00733 CYASSL_API void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m); 00734 00735 CYASSL_API long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX*, long); 00736 00737 CYASSL_API int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX*); 00738 CYASSL_API int CyaSSL_CTX_set_session_id_context(CYASSL_CTX*, 00739 const unsigned char*, unsigned int); 00740 CYASSL_API CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl); 00741 00742 CYASSL_API int CyaSSL_want_read(CYASSL*); 00743 CYASSL_API int CyaSSL_want_write(CYASSL*); 00744 00745 CYASSL_API int CyaSSL_BIO_printf(CYASSL_BIO*, const char*, ...); 00746 CYASSL_API int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO*, 00747 const CYASSL_ASN1_UTCTIME*); 00748 CYASSL_API int CyaSSL_sk_num(CYASSL_X509_REVOKED*); 00749 CYASSL_API void* CyaSSL_sk_value(CYASSL_X509_REVOKED*, int); 00750 00751 /* stunnel 4.28 needs */ 00752 CYASSL_API void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX*, int); 00753 CYASSL_API int CyaSSL_CTX_set_ex_data(CYASSL_CTX*, int, void*); 00754 CYASSL_API void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX*, 00755 CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*)); 00756 CYASSL_API void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX*, 00757 int (*f)(CYASSL*, CYASSL_SESSION*)); 00758 CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*, 00759 void (*f)(CYASSL_CTX*, CYASSL_SESSION*)); 00760 00761 CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**); 00762 CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**, 00763 const unsigned char**, long); 00764 00765 CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*); 00766 CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*); 00767 CYASSL_API int CyaSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); 00768 00769 /* extra ends */ 00770 00771 00772 /* CyaSSL extensions */ 00773 00774 /* call before SSL_connect, if verifying will add name check to 00775 date check and signature check */ 00776 CYASSL_API int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn); 00777 00778 /* need to call once to load library (session cache) */ 00779 CYASSL_API int CyaSSL_Init(void); 00780 /* call when done to cleanup/free session cache mutex / resources */ 00781 CYASSL_API int CyaSSL_Cleanup(void); 00782 00783 /* turn logging on, only if compiled in */ 00784 CYASSL_API int CyaSSL_Debugging_ON(void); 00785 /* turn logging off */ 00786 CYASSL_API void CyaSSL_Debugging_OFF(void); 00787 00788 /* do accept or connect depedning on side */ 00789 CYASSL_API int CyaSSL_negotiate(CYASSL* ssl); 00790 /* turn on CyaSSL data compression */ 00791 CYASSL_API int CyaSSL_set_compression(CYASSL* ssl); 00792 00793 CYASSL_API int CyaSSL_set_timeout(CYASSL*, unsigned int); 00794 CYASSL_API int CyaSSL_CTX_set_timeout(CYASSL_CTX*, unsigned int); 00795 00796 /* get CyaSSL peer X509_CHAIN */ 00797 CYASSL_API CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl); 00798 /* peer chain count */ 00799 CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain); 00800 /* index cert length */ 00801 CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx); 00802 /* index cert */ 00803 CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx); 00804 /* index cert in X509 */ 00805 CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx); 00806 /* free X509 */ 00807 CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*); 00808 /* get index cert in PEM */ 00809 CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx, 00810 unsigned char* buffer, int inLen, int* outLen); 00811 CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s); 00812 CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*); 00813 CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*); 00814 CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*); 00815 CYASSL_API const unsigned char* CyaSSL_X509_notBefore(CYASSL_X509*); 00816 CYASSL_API const unsigned char* CyaSSL_X509_notAfter(CYASSL_X509*); 00817 CYASSL_API int CyaSSL_X509_version(CYASSL_X509*); 00818 CYASSL_API 00819 00820 CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*); 00821 00822 CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*); 00823 00824 CYASSL_API CYASSL_X509* 00825 CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len); 00826 #ifndef NO_FILESYSTEM 00827 #ifndef NO_STDIO_FILESYSTEM 00828 CYASSL_API CYASSL_X509* 00829 CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file); 00830 #endif 00831 CYASSL_API CYASSL_X509* 00832 CyaSSL_X509_load_certificate_file(const char* fname, int format); 00833 #endif 00834 00835 #ifdef CYASSL_SEP 00836 CYASSL_API unsigned char* 00837 CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*); 00838 CYASSL_API unsigned char* 00839 CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*); 00840 CYASSL_API unsigned char* 00841 CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*); 00842 #endif 00843 00844 /* connect enough to get peer cert */ 00845 CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); 00846 00847 /* XXX This should be #ifndef NO_DH */ 00848 #ifndef NO_CERTS 00849 /* server Diffie-Hellman parameters */ 00850 CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz, 00851 const unsigned char* g, int gSz); 00852 CYASSL_API int CyaSSL_SetTmpDH_buffer(CYASSL*, const unsigned char* b, long sz, 00853 int format); 00854 CYASSL_API int CyaSSL_SetTmpEC_DHE_Sz(CYASSL*, unsigned short); 00855 #ifndef NO_FILESYSTEM 00856 CYASSL_API int CyaSSL_SetTmpDH_file(CYASSL*, const char* f, int format); 00857 #endif 00858 00859 /* server ctx Diffie-Hellman parameters */ 00860 CYASSL_API int CyaSSL_CTX_SetTmpDH(CYASSL_CTX*, const unsigned char* p, 00861 int pSz, const unsigned char* g, int gSz); 00862 CYASSL_API int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX*, const unsigned char* b, 00863 long sz, int format); 00864 CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short); 00865 00866 #ifndef NO_FILESYSTEM 00867 CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f, 00868 int format); 00869 #endif 00870 #endif 00871 00872 /* keyblock size in bytes or -1 */ 00873 /* need to call CyaSSL_KeepArrays before handshake to save keys */ 00874 CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*); 00875 CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen, 00876 unsigned char** sr, unsigned int* srLen, 00877 unsigned char** cr, unsigned int* crLen); 00878 00879 /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ 00880 CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len, 00881 const char* label); 00882 00883 00884 #ifndef _WIN32 00885 #ifndef NO_WRITEV 00886 #ifdef __PPU 00887 #include <sys/types.h> 00888 #include <sys/socket.h> 00889 #elif !defined(CYASSL_MDK_ARM) 00890 #include <sys/uio.h> 00891 #endif 00892 /* allow writev style writing */ 00893 CYASSL_API int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, 00894 int iovcnt); 00895 #endif 00896 #endif 00897 00898 00899 #ifndef NO_CERTS 00900 /* SSL_CTX versions */ 00901 CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*); 00902 CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, 00903 const unsigned char*, long, int); 00904 CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*, 00905 const unsigned char*, long, int); 00906 CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*, 00907 const unsigned char*, long, int); 00908 CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, 00909 const unsigned char*, long); 00910 00911 /* SSL versions */ 00912 CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*, 00913 long, int); 00914 CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, 00915 long, int); 00916 CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, 00917 const unsigned char*, long); 00918 CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*); 00919 #endif 00920 00921 CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*); 00922 CYASSL_API int CyaSSL_set_group_messages(CYASSL*); 00923 00924 /* I/O callbacks */ 00925 typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx); 00926 typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx); 00927 00928 CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv); 00929 CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend); 00930 00931 CYASSL_API void CyaSSL_SetIOReadCtx( CYASSL* ssl, void *ctx); 00932 CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx); 00933 00934 CYASSL_API void* CyaSSL_GetIOReadCtx( CYASSL* ssl); 00935 CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl); 00936 00937 CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags); 00938 CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags); 00939 00940 #ifdef HAVE_NETX 00941 CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket, 00942 ULONG waitoption); 00943 #endif 00944 00945 typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz, 00946 void* ctx); 00947 CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie); 00948 CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx); 00949 CYASSL_API void* CyaSSL_GetCookieCtx(CYASSL* ssl); 00950 00951 00952 /* I/O Callback default errors */ 00953 enum IOerrors { 00954 CYASSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ 00955 CYASSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ 00956 CYASSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ 00957 CYASSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ 00958 CYASSL_CBIO_ERR_ISR = -4, /* interrupt */ 00959 CYASSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ 00960 CYASSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ 00961 }; 00962 00963 00964 /* CA cache callbacks */ 00965 enum { 00966 CYASSL_SSLV3 = 0, 00967 CYASSL_TLSV1 = 1, 00968 CYASSL_TLSV1_1 = 2, 00969 CYASSL_TLSV1_2 = 3, 00970 CYASSL_USER_CA = 1, /* user added as trusted */ 00971 CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */ 00972 }; 00973 00974 CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */ 00975 CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version); 00976 CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, 00977 int, const char*); 00978 CYASSL_API int CyaSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*, 00979 int, int); 00980 00981 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); 00982 typedef void (*CbMissingCRL)(const char* url); 00983 typedef int (*CbOCSPIO)(void*, const char*, int, 00984 unsigned char*, int, unsigned char**); 00985 typedef void (*CbOCSPRespFree)(void*,unsigned char*); 00986 00987 /* User Atomic Record Layer CallBacks */ 00988 typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut, 00989 const unsigned char* macIn, unsigned int macInSz, int macContent, 00990 int macVerify, unsigned char* encOut, const unsigned char* encIn, 00991 unsigned int encSz, void* ctx); 00992 CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt); 00993 CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx); 00994 CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl); 00995 00996 typedef int (*CallbackDecryptVerify)(CYASSL* ssl, 00997 unsigned char* decOut, const unsigned char* decIn, 00998 unsigned int decSz, int content, int verify, unsigned int* padSz, 00999 void* ctx); 01000 CYASSL_API void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX*, 01001 CallbackDecryptVerify); 01002 CYASSL_API void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx); 01003 CYASSL_API void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl); 01004 01005 CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int); 01006 CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*); 01007 CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*); 01008 CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*); 01009 CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*); 01010 CYASSL_API int CyaSSL_GetKeySize(CYASSL*); 01011 CYASSL_API int CyaSSL_GetIVSize(CYASSL*); 01012 CYASSL_API int CyaSSL_GetSide(CYASSL*); 01013 CYASSL_API int CyaSSL_IsTLSv1_1(CYASSL*); 01014 CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*); 01015 CYASSL_API int CyaSSL_GetCipherBlockSize(CYASSL*); 01016 CYASSL_API int CyaSSL_GetAeadMacSize(CYASSL*); 01017 CYASSL_API int CyaSSL_GetHmacSize(CYASSL*); 01018 CYASSL_API int CyaSSL_GetHmacType(CYASSL*); 01019 CYASSL_API int CyaSSL_GetCipherType(CYASSL*); 01020 CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*, 01021 unsigned int, int, int); 01022 01023 /* Atomic User Needs */ 01024 enum { 01025 CYASSL_SERVER_END = 0, 01026 CYASSL_CLIENT_END = 1, 01027 CYASSL_BLOCK_TYPE = 2, 01028 CYASSL_STREAM_TYPE = 3, 01029 CYASSL_AEAD_TYPE = 4, 01030 CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ 01031 }; 01032 01033 /* for GetBulkCipher and internal use */ 01034 enum BulkCipherAlgorithm { 01035 cyassl_cipher_null, 01036 cyassl_rc4, 01037 cyassl_rc2, 01038 cyassl_des, 01039 cyassl_triple_des, /* leading 3 (3des) not valid identifier */ 01040 cyassl_des40, 01041 cyassl_idea, 01042 cyassl_aes, 01043 cyassl_aes_gcm, 01044 cyassl_aes_ccm, 01045 cyassl_camellia, 01046 cyassl_hc128, /* CyaSSL extensions */ 01047 cyassl_rabbit 01048 }; 01049 01050 01051 /* Public Key Callback support */ 01052 typedef int (*CallbackEccSign)(CYASSL* ssl, 01053 const unsigned char* in, unsigned int inSz, 01054 unsigned char* out, unsigned int* outSz, 01055 const unsigned char* keyDer, unsigned int keySz, 01056 void* ctx); 01057 CYASSL_API void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX*, CallbackEccSign); 01058 CYASSL_API void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx); 01059 CYASSL_API void* CyaSSL_GetEccSignCtx(CYASSL* ssl); 01060 01061 typedef int (*CallbackEccVerify)(CYASSL* ssl, 01062 const unsigned char* sig, unsigned int sigSz, 01063 const unsigned char* hash, unsigned int hashSz, 01064 const unsigned char* keyDer, unsigned int keySz, 01065 int* result, void* ctx); 01066 CYASSL_API void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX*, CallbackEccVerify); 01067 CYASSL_API void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx); 01068 CYASSL_API void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl); 01069 01070 typedef int (*CallbackRsaSign)(CYASSL* ssl, 01071 const unsigned char* in, unsigned int inSz, 01072 unsigned char* out, unsigned int* outSz, 01073 const unsigned char* keyDer, unsigned int keySz, 01074 void* ctx); 01075 CYASSL_API void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX*, CallbackRsaSign); 01076 CYASSL_API void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx); 01077 CYASSL_API void* CyaSSL_GetRsaSignCtx(CYASSL* ssl); 01078 01079 typedef int (*CallbackRsaVerify)(CYASSL* ssl, 01080 unsigned char* sig, unsigned int sigSz, 01081 unsigned char** out, 01082 const unsigned char* keyDer, unsigned int keySz, 01083 void* ctx); 01084 CYASSL_API void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX*, CallbackRsaVerify); 01085 CYASSL_API void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx); 01086 CYASSL_API void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl); 01087 01088 /* RSA Public Encrypt cb */ 01089 typedef int (*CallbackRsaEnc)(CYASSL* ssl, 01090 const unsigned char* in, unsigned int inSz, 01091 unsigned char* out, unsigned int* outSz, 01092 const unsigned char* keyDer, unsigned int keySz, 01093 void* ctx); 01094 CYASSL_API void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX*, CallbackRsaEnc); 01095 CYASSL_API void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx); 01096 CYASSL_API void* CyaSSL_GetRsaEncCtx(CYASSL* ssl); 01097 01098 /* RSA Private Decrypt cb */ 01099 typedef int (*CallbackRsaDec)(CYASSL* ssl, 01100 unsigned char* in, unsigned int inSz, 01101 unsigned char** out, 01102 const unsigned char* keyDer, unsigned int keySz, 01103 void* ctx); 01104 CYASSL_API void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX*, CallbackRsaDec); 01105 CYASSL_API void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx); 01106 CYASSL_API void* CyaSSL_GetRsaDecCtx(CYASSL* ssl); 01107 01108 01109 #ifndef NO_CERTS 01110 CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache); 01111 01112 CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void); 01113 CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*); 01114 01115 CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f, 01116 const char* d); 01117 CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm); 01118 CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, 01119 int format); 01120 CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, 01121 const unsigned char* buff, long sz, int format); 01122 CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, 01123 unsigned char*, int sz); 01124 CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, 01125 int options); 01126 CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*); 01127 CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, 01128 int, int); 01129 CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, 01130 CbMissingCRL); 01131 CYASSL_API int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER*, 01132 unsigned char*, int sz); 01133 CYASSL_API int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER*, 01134 int options); 01135 CYASSL_API int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER*); 01136 CYASSL_API int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER*, 01137 const char*); 01138 CYASSL_API int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER*, 01139 CbOCSPIO, CbOCSPRespFree, void*); 01140 01141 CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); 01142 CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); 01143 CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int); 01144 CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); 01145 CYASSL_API int CyaSSL_EnableOCSP(CYASSL*, int options); 01146 CYASSL_API int CyaSSL_DisableOCSP(CYASSL*); 01147 CYASSL_API int CyaSSL_SetOCSP_OverrideURL(CYASSL*, const char*); 01148 CYASSL_API int CyaSSL_SetOCSP_Cb(CYASSL*, CbOCSPIO, CbOCSPRespFree, void*); 01149 01150 CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); 01151 CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); 01152 CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int); 01153 CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); 01154 CYASSL_API int CyaSSL_CTX_EnableOCSP(CYASSL_CTX*, int options); 01155 CYASSL_API int CyaSSL_CTX_DisableOCSP(CYASSL_CTX*); 01156 CYASSL_API int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX*, const char*); 01157 CYASSL_API int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX*, 01158 CbOCSPIO, CbOCSPRespFree, void*); 01159 #endif /* !NO_CERTS */ 01160 01161 /* end of handshake frees temporary arrays, if user needs for get_keys or 01162 psk hints, call KeepArrays before handshake and then FreeArrays when done 01163 if don't want to wait for object free */ 01164 CYASSL_API void CyaSSL_KeepArrays(CYASSL*); 01165 CYASSL_API void CyaSSL_FreeArrays(CYASSL*); 01166 01167 01168 /* cavium additions */ 01169 CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId); 01170 CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId); 01171 01172 /* TLS Extensions */ 01173 01174 /* Server Name Indication */ 01175 #ifdef HAVE_SNI 01176 /* SNI types */ 01177 enum { 01178 CYASSL_SNI_HOST_NAME = 0 01179 }; 01180 01181 CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data, 01182 unsigned short size); 01183 CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, 01184 const void* data, unsigned short size); 01185 01186 #ifndef NO_CYASSL_SERVER 01187 /* SNI options */ 01188 enum { 01189 CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */ 01190 CYASSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */ 01191 }; 01192 01193 CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type, 01194 unsigned char options); 01195 CYASSL_API void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, unsigned char type, 01196 unsigned char options); 01197 01198 /* SNI status */ 01199 enum { 01200 CYASSL_SNI_NO_MATCH = 0, 01201 CYASSL_SNI_FAKE_MATCH = 1, /* if CYASSL_SNI_ANSWER_ON_MISMATCH is enabled */ 01202 CYASSL_SNI_REAL_MATCH = 2 01203 }; 01204 01205 CYASSL_API unsigned char CyaSSL_SNI_Status(CYASSL* ssl, unsigned char type); 01206 01207 CYASSL_API unsigned short CyaSSL_SNI_GetRequest(CYASSL *ssl, unsigned char type, 01208 void** data); 01209 01210 CYASSL_API int CyaSSL_SNI_GetFromBuffer( 01211 const unsigned char* clientHello, unsigned int helloSz, 01212 unsigned char type, unsigned char* sni, unsigned int* inOutSz); 01213 01214 #endif /* NO_CYASSL_SERVER */ 01215 #endif /* HAVE_SNI */ 01216 01217 /* Maximum Fragment Length */ 01218 #ifdef HAVE_MAX_FRAGMENT 01219 /* Fragment lengths */ 01220 enum { 01221 CYASSL_MFL_2_9 = 1, /* 512 bytes */ 01222 CYASSL_MFL_2_10 = 2, /* 1024 bytes */ 01223 CYASSL_MFL_2_11 = 3, /* 2048 bytes */ 01224 CYASSL_MFL_2_12 = 4, /* 4096 bytes */ 01225 CYASSL_MFL_2_13 = 5 /* 8192 bytes *//* CyaSSL ONLY!!! */ 01226 }; 01227 01228 #ifndef NO_CYASSL_CLIENT 01229 01230 CYASSL_API int CyaSSL_UseMaxFragment(CYASSL* ssl, unsigned char mfl); 01231 CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl); 01232 01233 #endif /* NO_CYASSL_CLIENT */ 01234 #endif /* HAVE_MAX_FRAGMENT */ 01235 01236 /* Truncated HMAC */ 01237 #ifdef HAVE_TRUNCATED_HMAC 01238 #ifndef NO_CYASSL_CLIENT 01239 01240 CYASSL_API int CyaSSL_UseTruncatedHMAC(CYASSL* ssl); 01241 CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx); 01242 01243 #endif /* NO_CYASSL_CLIENT */ 01244 #endif /* HAVE_TRUNCATED_HMAC */ 01245 01246 /* Elliptic Curves */ 01247 #ifdef HAVE_SUPPORTED_CURVES 01248 01249 enum { 01250 CYASSL_ECC_SECP160R1 = 0x10, 01251 CYASSL_ECC_SECP192R1 = 0x13, 01252 CYASSL_ECC_SECP224R1 = 0x15, 01253 CYASSL_ECC_SECP256R1 = 0x17, 01254 CYASSL_ECC_SECP384R1 = 0x18, 01255 CYASSL_ECC_SECP521R1 = 0x19 01256 }; 01257 01258 #ifndef NO_CYASSL_CLIENT 01259 01260 CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name); 01261 CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, 01262 unsigned short name); 01263 01264 #endif /* NO_CYASSL_CLIENT */ 01265 #endif /* HAVE_SUPPORTED_CURVES */ 01266 01267 01268 #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ 01269 #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ 01270 01271 #ifdef CYASSL_CALLBACKS 01272 01273 /* used internally by CyaSSL while OpenSSL types aren't */ 01274 #include <cyassl/callbacks.h> 01275 01276 typedef int (*HandShakeCallBack)(HandShakeInfo*); 01277 typedef int (*TimeoutCallBack)(TimeoutInfo*); 01278 01279 /* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack 01280 for diagnostics */ 01281 CYASSL_API int CyaSSL_connect_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, 01282 Timeval); 01283 CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack, 01284 Timeval); 01285 01286 #endif /* CYASSL_CALLBACKS */ 01287 01288 01289 #ifdef CYASSL_HAVE_WOLFSCEP 01290 CYASSL_API void CyaSSL_wolfSCEP(void); 01291 #endif /* CYASSL_HAVE_WOLFSCEP */ 01292 01293 #ifdef CYASSL_HAVE_CERT_SERVICE 01294 CYASSL_API void CyaSSL_cert_service(void); 01295 #endif 01296 01297 01298 #ifdef __cplusplus 01299 } /* extern "C" */ 01300 #endif 01301 01302 01303 #endif /* CYASSL_SSL_H */ 01304
Generated on Tue Jul 12 2022 20:12:52 by
1.7.2