wolf SSL
/
wolfSSL-TLS13-Beta
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl.h
00001 /* ssl.h 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 /* wolfSSL API */ 00025 00026 #ifndef WOLFSSL_SSL_H 00027 #define WOLFSSL_SSL_H 00028 00029 00030 /* for users not using preprocessor flags*/ 00031 #include <wolfssl/wolfcrypt/settings.h> 00032 #include <wolfssl/version.h> 00033 00034 #ifdef HAVE_WOLF_EVENT 00035 #include <wolfssl/wolfcrypt/wolfevent.h> 00036 #endif 00037 00038 #ifndef NO_FILESYSTEM 00039 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00040 #if MQX_USE_IO_OLD 00041 #include <fio.h> 00042 #else 00043 #include <nio.h> 00044 #endif 00045 #endif 00046 #endif 00047 00048 #ifdef WOLFSSL_PREFIX 00049 #include "prefix_ssl.h" 00050 #endif 00051 00052 #ifdef LIBWOLFSSL_VERSION_STRING 00053 #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING 00054 #endif 00055 00056 #ifdef _WIN32 00057 /* wincrypt.h clashes */ 00058 #undef OCSP_REQUEST 00059 #undef OCSP_RESPONSE 00060 #endif 00061 00062 #ifdef OPENSSL_EXTRA 00063 #include <wolfssl/openssl/bn.h> 00064 #include <wolfssl/openssl/hmac.h> 00065 #endif 00066 00067 #ifdef __cplusplus 00068 extern "C" { 00069 #endif 00070 00071 #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED 00072 #define WOLFSSL_WOLFSSL_TYPE_DEFINED 00073 typedef struct WOLFSSL WOLFSSL; 00074 #endif 00075 typedef struct WOLFSSL_SESSION WOLFSSL_SESSION; 00076 typedef struct WOLFSSL_METHOD WOLFSSL_METHOD; 00077 #ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED 00078 #define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED 00079 typedef struct WOLFSSL_CTX WOLFSSL_CTX; 00080 #endif 00081 00082 typedef struct WOLFSSL_STACK WOLFSSL_STACK; 00083 typedef struct WOLFSSL_X509 WOLFSSL_X509; 00084 typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; 00085 typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; 00086 typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; 00087 00088 typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; 00089 typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; 00090 typedef struct WOLFSSL_CRL WOLFSSL_CRL; 00091 00092 /* redeclare guard */ 00093 #define WOLFSSL_TYPES_DEFINED 00094 00095 #include <wolfssl/io.h> 00096 00097 00098 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ 00099 typedef struct WOLFSSL_RSA WOLFSSL_RSA; 00100 #define WOLFSSL_RSA_TYPE_DEFINED 00101 #endif 00102 00103 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ 00104 typedef struct WC_RNG WC_RNG; 00105 #define WC_RNG_TYPE_DEFINED 00106 #endif 00107 00108 #ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */ 00109 typedef struct WOLFSSL_DSA WOLFSSL_DSA; 00110 #define WOLFSSL_DSA_TYPE_DEFINED 00111 #endif 00112 00113 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */ 00114 typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; 00115 typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; 00116 typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; 00117 #define WOLFSSL_EC_TYPE_DEFINED 00118 #endif 00119 00120 #ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */ 00121 typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; 00122 #define WOLFSSL_ECDSA_TYPE_DEFINED 00123 #endif 00124 00125 typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; 00126 typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; 00127 typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; 00128 typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; 00129 typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; 00130 typedef struct WOLFSSL_BIO WOLFSSL_BIO; 00131 typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; 00132 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; 00133 typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; 00134 typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; 00135 typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; 00136 00137 typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; 00138 typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; 00139 typedef struct WOLFSSL_DH WOLFSSL_DH; 00140 typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; 00141 typedef unsigned char* WOLFSSL_BUF_MEM; 00142 00143 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME 00144 #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME 00145 00146 struct WOLFSSL_ASN1_INTEGER { 00147 /* size can be increased set at 20 for tag, length then to hold at least 16 00148 * byte type */ 00149 unsigned char data[20]; 00150 /* ASN_INTEGER | LENGTH | hex of number */ 00151 }; 00152 00153 struct WOLFSSL_ASN1_TIME { 00154 /* MAX_DATA_SIZE is 32 */ 00155 unsigned char data[32 + 2]; 00156 /* ASN_TIME | LENGTH | date bytes */ 00157 }; 00158 00159 #ifndef WOLFSSL_EVP_PKEY_TYPE_DEFINED /* guard on redeclaration */ 00160 typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; 00161 #define WOLFSSL_EVP_PKEY_TYPE_DEFINED 00162 #endif 00163 00164 typedef struct WOLFSSL_MD4_CTX { 00165 int buffer[32]; /* big enough to hold, check size in Init */ 00166 } WOLFSSL_MD4_CTX; 00167 00168 00169 typedef struct WOLFSSL_COMP_METHOD { 00170 int type; /* stunnel dereference */ 00171 } WOLFSSL_COMP_METHOD; 00172 00173 struct WOLFSSL_X509_LOOKUP_METHOD { 00174 int type; 00175 }; 00176 00177 struct WOLFSSL_X509_LOOKUP { 00178 WOLFSSL_X509_STORE *store; 00179 }; 00180 00181 struct WOLFSSL_X509_STORE { 00182 int cache; /* stunnel dereference */ 00183 WOLFSSL_CERT_MANAGER* cm; 00184 WOLFSSL_X509_LOOKUP lookup; 00185 #ifdef OPENSSL_EXTRA 00186 int isDynamic; 00187 #endif 00188 }; 00189 00190 typedef struct WOLFSSL_ALERT { 00191 int code; 00192 int level; 00193 } WOLFSSL_ALERT; 00194 00195 typedef struct WOLFSSL_ALERT_HISTORY { 00196 WOLFSSL_ALERT last_rx; 00197 WOLFSSL_ALERT last_tx; 00198 } WOLFSSL_ALERT_HISTORY; 00199 00200 typedef struct WOLFSSL_X509_REVOKED { 00201 WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ 00202 } WOLFSSL_X509_REVOKED; 00203 00204 00205 typedef struct WOLFSSL_X509_OBJECT { 00206 union { 00207 char* ptr; 00208 WOLFSSL_X509 *x509; 00209 WOLFSSL_X509_CRL* crl; /* stunnel dereference */ 00210 } data; 00211 } WOLFSSL_X509_OBJECT; 00212 00213 typedef struct WOLFSSL_BUFFER_INFO { 00214 unsigned char* buffer; 00215 unsigned int length; 00216 } WOLFSSL_BUFFER_INFO; 00217 00218 typedef struct WOLFSSL_X509_STORE_CTX { 00219 WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ 00220 WOLFSSL_X509* current_cert; /* stunnel dereference */ 00221 WOLFSSL_STACK* chain; 00222 char* domain; /* subject CN domain name */ 00223 void* ex_data; /* external data, for fortress build */ 00224 void* userCtx; /* user ctx */ 00225 int error; /* current error */ 00226 int error_depth; /* cert depth for this error */ 00227 int discardSessionCerts; /* so verify callback can flag for discard */ 00228 int totalCerts; /* number of peer cert buffers */ 00229 WOLFSSL_BUFFER_INFO* certs; /* peer certs */ 00230 } WOLFSSL_X509_STORE_CTX; 00231 00232 typedef char* WOLFSSL_STRING; 00233 00234 /* Valid Alert types from page 16/17 */ 00235 enum AlertDescription { 00236 close_notify = 0, 00237 unexpected_message = 10, 00238 bad_record_mac = 20, 00239 record_overflow = 22, 00240 decompression_failure = 30, 00241 handshake_failure = 40, 00242 no_certificate = 41, 00243 bad_certificate = 42, 00244 unsupported_certificate = 43, 00245 certificate_revoked = 44, 00246 certificate_expired = 45, 00247 certificate_unknown = 46, 00248 illegal_parameter = 47, 00249 decode_error = 50, 00250 decrypt_error = 51, 00251 #ifdef WOLFSSL_MYSQL_COMPATIBLE 00252 /* catch name conflict for enum protocol with MYSQL build */ 00253 wc_protocol_version = 70, 00254 #else 00255 protocol_version = 70, 00256 #endif 00257 no_renegotiation = 100, 00258 unrecognized_name = 112, /**< RFC 6066, section 3 */ 00259 bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ 00260 no_application_protocol = 120 00261 }; 00262 00263 00264 enum AlertLevel { 00265 alert_warning = 1, 00266 alert_fatal = 2 00267 }; 00268 00269 00270 typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); 00271 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); 00272 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); 00273 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); 00274 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); 00275 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); 00276 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); 00277 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); 00278 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); 00279 #ifdef WOLFSSL_TLS13 00280 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); 00281 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); 00282 #endif 00283 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); 00284 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); 00285 00286 #ifdef WOLFSSL_DTLS 00287 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); 00288 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); 00289 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); 00290 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); 00291 #endif 00292 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); 00293 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); 00294 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); 00295 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); 00296 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); 00297 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); 00298 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); 00299 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); 00300 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); 00301 #ifdef WOLFSSL_TLS13 00302 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); 00303 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); 00304 #endif 00305 00306 #ifdef WOLFSSL_DTLS 00307 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); 00308 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); 00309 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); 00310 WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); 00311 #endif 00312 00313 #ifdef HAVE_POLY1305 00314 WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); 00315 #endif 00316 00317 #ifdef WOLFSSL_SESSION_EXPORT 00318 #ifdef WOLFSSL_DTLS 00319 typedef int (*wc_dtls_export)(WOLFSSL* ssl, 00320 unsigned char* exportBuffer, unsigned int sz, void* userCtx); 00321 WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, 00322 unsigned int sz); 00323 WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, 00324 wc_dtls_export func); 00325 WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func); 00326 WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, 00327 unsigned int* sz); 00328 #endif /* WOLFSSL_DTLS */ 00329 #endif /* WOLFSSL_SESSION_EXPORT */ 00330 00331 #ifdef WOLFSSL_STATIC_MEMORY 00332 #ifndef WOLFSSL_MEM_GUARD 00333 #define WOLFSSL_MEM_GUARD 00334 typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS; 00335 typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS; 00336 #endif 00337 WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, 00338 wolfSSL_method_func method, 00339 unsigned char* buf, unsigned int sz, 00340 int flag, int max); 00341 WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, 00342 WOLFSSL_MEM_STATS* mem_stats); 00343 WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, 00344 WOLFSSL_MEM_CONN_STATS* mem_stats); 00345 #endif 00346 00347 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) 00348 00349 WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); 00350 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); 00351 WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, 00352 const char*); 00353 #ifdef WOLFSSL_TRUST_PEER_CERT 00354 WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); 00355 #endif 00356 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, 00357 const char *file); 00358 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); 00359 00360 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); 00361 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); 00362 WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); 00363 WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); 00364 WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); 00365 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); 00366 00367 #ifdef WOLFSSL_DER_LOAD 00368 WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*, 00369 const char*, int); 00370 #endif 00371 00372 #ifdef HAVE_NTRU 00373 WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*); 00374 /* load NTRU private key blob */ 00375 #endif 00376 00377 #ifndef WOLFSSL_PEMCERT_TODER_DEFINED 00378 WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int); 00379 #define WOLFSSL_PEMCERT_TODER_DEFINED 00380 #endif 00381 00382 #endif /* !NO_FILESYSTEM && !NO_CERTS */ 00383 00384 WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); 00385 WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); 00386 WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); 00387 WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); 00388 WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int); 00389 WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int); 00390 WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); 00391 WOLFSSL_API int wolfSSL_get_ciphers(char*, int); 00392 WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); 00393 WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, 00394 int len); 00395 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); 00396 WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); 00397 WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); 00398 WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); 00399 /* please see note at top of README if you get an error from connect */ 00400 WOLFSSL_API int wolfSSL_connect(WOLFSSL*); 00401 #ifdef WOLFSSL_TLS13 00402 WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*); 00403 #endif 00404 WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); 00405 WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); 00406 WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); 00407 WOLFSSL_API int wolfSSL_accept(WOLFSSL*); 00408 #ifdef WOLFSSL_TLS13 00409 WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx); 00410 WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl); 00411 WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx); 00412 WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl); 00413 WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl); 00414 WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); 00415 #endif 00416 WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); 00417 WOLFSSL_API void wolfSSL_free(WOLFSSL*); 00418 WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); 00419 WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); 00420 WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); 00421 00422 WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); 00423 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); 00424 00425 WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); 00426 WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); 00427 00428 WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); 00429 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); 00430 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); 00431 WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm); 00432 WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*, 00433 int, int); 00434 00435 #ifdef SESSION_INDEX 00436 WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); 00437 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); 00438 #endif /* SESSION_INDEX */ 00439 00440 #if defined(SESSION_INDEX) && defined(SESSION_CERTS) 00441 WOLFSSL_API 00442 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); 00443 #endif /* SESSION_INDEX && SESSION_CERTS */ 00444 00445 typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); 00446 typedef int (pem_password_cb)(char*, int, int, void*); 00447 00448 WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, 00449 VerifyCallback verify_callback); 00450 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); 00451 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); 00452 00453 WOLFSSL_API int wolfSSL_pending(WOLFSSL*); 00454 00455 WOLFSSL_API void wolfSSL_load_error_strings(void); 00456 WOLFSSL_API int wolfSSL_library_init(void); 00457 WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long); 00458 00459 #ifdef HAVE_SECRET_CALLBACK 00460 typedef int (*SessionSecretCb)(WOLFSSL* ssl, 00461 void* secret, int* secretSz, void* ctx); 00462 WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*); 00463 #endif /* HAVE_SECRET_CALLBACK */ 00464 00465 /* session cache persistence */ 00466 WOLFSSL_API int wolfSSL_save_session_cache(const char*); 00467 WOLFSSL_API int wolfSSL_restore_session_cache(const char*); 00468 WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int); 00469 WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int); 00470 WOLFSSL_API int wolfSSL_get_session_cache_memsize(void); 00471 00472 /* certificate cache persistence, uses ctx since certs are per ctx */ 00473 WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*); 00474 WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*); 00475 WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*); 00476 WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int); 00477 WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*); 00478 00479 /* only supports full name from cipher_name[] delimited by : */ 00480 WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); 00481 WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); 00482 00483 /* Nonblocking DTLS helper functions */ 00484 WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); 00485 WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); 00486 WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); 00487 WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); 00488 WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); 00489 00490 WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); 00491 WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); 00492 00493 WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*); 00494 WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*); 00495 WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short); 00496 WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short); 00497 00498 WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); 00499 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); 00500 WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, 00501 unsigned long sz); 00502 WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); 00503 00504 /* extras */ 00505 00506 #define STACK_OF(x) WOLFSSL_STACK 00507 WOLFSSL_API int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, 00508 WOLFSSL_X509* x509); 00509 WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(STACK_OF(WOLFSSL_X509_NAME)* sk); 00510 WOLFSSL_API void wolfSSL_sk_X509_free(STACK_OF(WOLFSSL_X509_NAME)* sk); 00511 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); 00512 WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); 00513 WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, 00514 WOLFSSL_ASN1_OBJECT* obj); 00515 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( 00516 STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); 00517 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); 00518 WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); 00519 00520 WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); 00521 WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); 00522 WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int); 00523 WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int); 00524 WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int); 00525 WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, 00526 unsigned int); 00527 WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); 00528 WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); 00529 WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); 00530 WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); 00531 WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); 00532 00533 WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); 00534 WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); 00535 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); 00536 WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); 00537 WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); 00538 WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); 00539 WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); 00540 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); 00541 /* what's ref count */ 00542 00543 WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); 00544 WOLFSSL_API void wolfSSL_OPENSSL_free(void*); 00545 00546 WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, 00547 char** path, int* ssl); 00548 00549 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); 00550 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); 00551 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); 00552 00553 WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*); 00554 WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long); 00555 WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*); 00556 00557 00558 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*); 00559 WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*); 00560 WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*); 00561 WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int); 00562 WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int); 00563 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append); 00564 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*); 00565 WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*); 00566 WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*); 00567 00568 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); 00569 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size); 00570 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); 00571 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); 00572 WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); 00573 00574 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); 00575 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); 00576 WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); 00577 00578 WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p); 00579 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); 00580 00581 00582 WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); 00583 WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); 00584 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); 00585 WOLFSSL_API int wolfSSL_add_all_algorithms(void); 00586 00587 #ifndef NO_FILESYSTEM 00588 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); 00589 #endif 00590 00591 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); 00592 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); 00593 00594 WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); 00595 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); 00596 00597 WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); 00598 WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); 00599 WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); 00600 WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); 00601 WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); 00602 WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); 00603 WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); 00604 00605 WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); 00606 WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); 00607 WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); 00608 WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); 00609 00610 WOLFSSL_API void wolfSSL_RAND_screen(void); 00611 WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); 00612 WOLFSSL_API int wolfSSL_RAND_write_file(const char*); 00613 WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); 00614 WOLFSSL_API int wolfSSL_RAND_egd(const char*); 00615 WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); 00616 WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); 00617 00618 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); 00619 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); 00620 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*); 00621 00622 WOLFSSL_API int wolfSSL_get_ex_new_index(long, void*, void*, void*, void*); 00623 00624 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); 00625 WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, 00626 int)); 00627 WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f) 00628 (const char*, int)); 00629 WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int, 00630 WOLFSSL_dynlock_value*, const char*, int)); 00631 WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f) 00632 (WOLFSSL_dynlock_value*, const char*, int)); 00633 WOLFSSL_API int wolfSSL_num_locks(void); 00634 00635 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( 00636 WOLFSSL_X509_STORE_CTX*); 00637 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*); 00638 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*); 00639 00640 WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); 00641 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); 00642 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); 00643 WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); 00644 WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); 00645 WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); 00646 WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*); 00647 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*); 00648 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*); 00649 WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( 00650 WOLFSSL_X509*, unsigned char*, int*); 00651 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( 00652 WOLFSSL_X509*, unsigned char*, int*); 00653 WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); 00654 WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( 00655 WOLFSSL_X509_NAME*, int, char*, int); 00656 WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( 00657 WOLFSSL_X509_NAME*, int, int); 00658 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); 00659 WOLFSSL_API char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*); 00660 WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*); 00661 WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); 00662 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); 00663 WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); 00664 WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*); 00665 00666 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long); 00667 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*, 00668 long); 00669 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void); 00670 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void); 00671 00672 WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*, 00673 WOLFSSL_X509_LOOKUP_METHOD*); 00674 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void); 00675 WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*); 00676 WOLFSSL_API int wolfSSL_X509_STORE_add_cert( 00677 WOLFSSL_X509_STORE*, WOLFSSL_X509*); 00678 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( 00679 WOLFSSL_X509_STORE_CTX* ctx); 00680 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, 00681 unsigned long flag); 00682 WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); 00683 WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*, 00684 int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*); 00685 WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); 00686 WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*, 00687 WOLFSSL_X509_STORE*, WOLFSSL_X509*, STACK_OF(WOLFSSL_X509)*); 00688 WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*); 00689 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); 00690 00691 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); 00692 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); 00693 00694 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); 00695 WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); 00696 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX*, 00697 int); 00698 WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); 00699 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, 00700 WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); 00701 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); 00702 WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); 00703 WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); 00704 WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); 00705 00706 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); 00707 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( 00708 WOLFSSL_X509_REVOKED*,int); 00709 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); 00710 00711 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); 00712 00713 WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, 00714 const WOLFSSL_ASN1_INTEGER*); 00715 WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); 00716 00717 #ifdef OPENSSL_EXTRA 00718 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, 00719 WOLFSSL_BIGNUM *bn); 00720 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); 00721 #endif 00722 00723 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( 00724 const WOLFSSL_CTX *s); 00725 WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, 00726 STACK_OF(WOLFSSL_X509_NAME)*); 00727 WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int); 00728 WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); 00729 WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); 00730 00731 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, 00732 void* userdata); 00733 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, 00734 pem_password_cb*); 00735 00736 00737 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, 00738 void (*)(const WOLFSSL* ssl, int type, int val)); 00739 00740 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); 00741 WOLFSSL_API int wolfSSL_GET_REASON(int); 00742 00743 WOLFSSL_API char* wolfSSL_alert_type_string_long(int); 00744 WOLFSSL_API char* wolfSSL_alert_desc_string_long(int); 00745 WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*); 00746 00747 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, 00748 void(*)(int, int, void*), void*); 00749 WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, 00750 WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); 00751 00752 WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); 00753 00754 WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*); 00755 WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*); 00756 WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*); 00757 WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*); 00758 WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*); 00759 WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*); 00760 WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*); 00761 WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*); 00762 WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); 00763 WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); 00764 WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); 00765 WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); 00766 00767 WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); 00768 WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); 00769 WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); 00770 00771 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); 00772 WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); 00773 WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); 00774 WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); 00775 WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( 00776 WOLFSSL_CTX*, void* arg); 00777 00778 WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); 00779 WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); 00780 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); 00781 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); 00782 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); 00783 WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); 00784 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); 00785 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); 00786 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); 00787 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); 00788 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); 00789 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); 00790 00791 WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); 00792 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); 00793 WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); 00794 00795 #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ 00796 #define WOLFSSL_RSA_F4 0x10001L 00797 00798 /* seperated out from other enums because of size */ 00799 enum { 00800 SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, 00801 SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, 00802 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004, 00803 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008, 00804 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010, 00805 SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020, 00806 SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040, 00807 SSL_OP_TLS_D5_BUG = 0x00000080, 00808 SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, 00809 SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, 00810 SSL_OP_ALL = 0x00000400, 00811 SSL_OP_EPHEMERAL_RSA = 0x00000800, 00812 SSL_OP_NO_SSLv3 = 0x00001000, 00813 SSL_OP_NO_TLSv1 = 0x00002000, 00814 SSL_OP_PKCS1_CHECK_1 = 0x00004000, 00815 SSL_OP_PKCS1_CHECK_2 = 0x00008000, 00816 SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, 00817 SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, 00818 SSL_OP_SINGLE_DH_USE = 0x00040000, 00819 SSL_OP_NO_TICKET = 0x00080000, 00820 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, 00821 SSL_OP_NO_QUERY_MTU = 0x00200000, 00822 SSL_OP_COOKIE_EXCHANGE = 0x00400000, 00823 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, 00824 SSL_OP_SINGLE_ECDH_USE = 0x01000000, 00825 SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, 00826 SSL_OP_NO_TLSv1_1 = 0x04000000, 00827 SSL_OP_NO_TLSv1_2 = 0x08000000, 00828 SSL_OP_NO_COMPRESSION = 0x10000000, 00829 }; 00830 00831 00832 enum { 00833 OCSP_NOCERTS = 1, 00834 OCSP_NOINTERN = 2, 00835 OCSP_NOSIGS = 4, 00836 OCSP_NOCHAIN = 8, 00837 OCSP_NOVERIFY = 16, 00838 OCSP_NOEXPLICIT = 32, 00839 OCSP_NOCASIGN = 64, 00840 OCSP_NODELEGATED = 128, 00841 OCSP_NOCHECKS = 256, 00842 OCSP_TRUSTOTHER = 512, 00843 OCSP_RESPID_KEY = 1024, 00844 OCSP_NOTIME = 2048, 00845 00846 OCSP_CERTID = 2, 00847 OCSP_REQUEST = 4, 00848 OCSP_RESPONSE = 8, 00849 OCSP_BASICRESP = 16, 00850 00851 WOLFSSL_OCSP_URL_OVERRIDE = 1, 00852 WOLFSSL_OCSP_NO_NONCE = 2, 00853 WOLFSSL_OCSP_CHECKALL = 4, 00854 00855 WOLFSSL_CRL_CHECKALL = 1, 00856 WOLFSSL_CRL_CHECK = 27, 00857 00858 ASN1_GENERALIZEDTIME = 4, 00859 SSL_MAX_SSL_SESSION_ID_LENGTH = 32, 00860 00861 EVP_R_BAD_DECRYPT = 2, 00862 00863 SSL_ST_CONNECT = 0x1000, 00864 SSL_ST_ACCEPT = 0x2000, 00865 00866 SSL_CB_LOOP = 0x01, 00867 SSL_CB_EXIT = 0x02, 00868 SSL_CB_READ = 0x04, 00869 SSL_CB_WRITE = 0x08, 00870 SSL_CB_HANDSHAKE_START = 0x10, 00871 SSL_CB_HANDSHAKE_DONE = 0x20, 00872 SSL_CB_ALERT = 0x4000, 00873 SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ), 00874 SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE), 00875 SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP), 00876 SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT), 00877 SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP), 00878 SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT), 00879 00880 SSL_MODE_ENABLE_PARTIAL_WRITE = 2, 00881 00882 BIO_FLAGS_BASE64_NO_NL = 1, 00883 BIO_CLOSE = 1, 00884 BIO_NOCLOSE = 0, 00885 00886 NID_undef = 0, 00887 00888 X509_FILETYPE_PEM = 8, 00889 X509_LU_X509 = 9, 00890 X509_LU_CRL = 12, 00891 00892 X509_V_OK = 0, 00893 X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, 00894 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, 00895 X509_V_ERR_CRL_HAS_EXPIRED = 15, 00896 X509_V_ERR_CERT_REVOKED = 16, 00897 X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, 00898 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, 00899 X509_V_ERR_CERT_NOT_YET_VALID = 19, 00900 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, 00901 X509_V_ERR_CERT_HAS_EXPIRED = 21, 00902 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, 00903 X509_V_ERR_CERT_REJECTED = 23, 00904 /* Required for Nginx */ 00905 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24, 00906 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25, 00907 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26, 00908 X509_V_ERR_CERT_UNTRUSTED = 27, 00909 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28, 00910 X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, 00911 /* additional X509_V_ERR_* enums not used in wolfSSL */ 00912 X509_V_ERR_UNABLE_TO_GET_CRL, 00913 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, 00914 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, 00915 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, 00916 X509_V_ERR_CERT_SIGNATURE_FAILURE, 00917 X509_V_ERR_CRL_NOT_YET_VALID, 00918 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, 00919 X509_V_ERR_OUT_OF_MEM, 00920 X509_V_ERR_INVALID_CA, 00921 X509_V_ERR_PATH_LENGTH_EXCEEDED, 00922 X509_V_ERR_INVALID_PURPOSE, 00923 X509_V_ERR_AKID_SKID_MISMATCH, 00924 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, 00925 X509_V_ERR_KEYUSAGE_NO_CERTSIGN, 00926 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, 00927 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, 00928 X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, 00929 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, 00930 X509_V_ERR_INVALID_NON_CA, 00931 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, 00932 X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, 00933 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, 00934 X509_V_ERR_INVALID_EXTENSION, 00935 X509_V_ERR_INVALID_POLICY_EXTENSION, 00936 X509_V_ERR_NO_EXPLICIT_POLICY, 00937 X509_V_ERR_UNNESTED_RESOURCE, 00938 00939 XN_FLAG_SPC_EQ = (1 << 23), 00940 XN_FLAG_ONELINE = 0, 00941 XN_FLAG_RFC2253 = 1, 00942 00943 CRYPTO_LOCK = 1, 00944 CRYPTO_NUM_LOCKS = 10, 00945 00946 ASN1_STRFLGS_ESC_MSB = 4 00947 }; 00948 00949 /* extras end */ 00950 00951 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) 00952 /* wolfSSL extension, provide last error from SSL_get_error 00953 since not using thread storage error queue */ 00954 #include <stdio.h> 00955 WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); 00956 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) 00957 WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); 00958 #endif 00959 #endif 00960 00961 enum { /* ssl Constants */ 00962 SSL_ERROR_NONE = 0, /* for most functions */ 00963 SSL_FAILURE = 0, /* for some functions */ 00964 SSL_SUCCESS = 1, 00965 SSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */ 00966 00967 SSL_ALPN_NOT_FOUND = -9, 00968 SSL_BAD_CERTTYPE = -8, 00969 SSL_BAD_STAT = -7, 00970 SSL_BAD_PATH = -6, 00971 SSL_BAD_FILETYPE = -5, 00972 SSL_BAD_FILE = -4, 00973 SSL_NOT_IMPLEMENTED = -3, 00974 SSL_UNKNOWN = -2, 00975 SSL_FATAL_ERROR = -1, 00976 00977 SSL_FILETYPE_ASN1 = 2, 00978 SSL_FILETYPE_PEM = 1, 00979 SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ 00980 SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ 00981 00982 SSL_VERIFY_NONE = 0, 00983 SSL_VERIFY_PEER = 1, 00984 SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, 00985 SSL_VERIFY_CLIENT_ONCE = 4, 00986 SSL_VERIFY_FAIL_EXCEPT_PSK = 8, 00987 00988 SSL_SESS_CACHE_OFF = 0x0000, 00989 SSL_SESS_CACHE_CLIENT = 0x0001, 00990 SSL_SESS_CACHE_SERVER = 0x0002, 00991 SSL_SESS_CACHE_BOTH = 0x0003, 00992 SSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008, 00993 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100, 00994 SSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200, 00995 SSL_SESS_CACHE_NO_INTERNAL = 0x0300, 00996 00997 SSL_ERROR_WANT_READ = 2, 00998 SSL_ERROR_WANT_WRITE = 3, 00999 SSL_ERROR_WANT_CONNECT = 7, 01000 SSL_ERROR_WANT_ACCEPT = 8, 01001 SSL_ERROR_SYSCALL = 5, 01002 SSL_ERROR_WANT_X509_LOOKUP = 83, 01003 SSL_ERROR_ZERO_RETURN = 6, 01004 SSL_ERROR_SSL = 85, 01005 01006 SSL_SENT_SHUTDOWN = 1, 01007 SSL_RECEIVED_SHUTDOWN = 2, 01008 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, 01009 SSL_OP_NO_SSLv2 = 8, 01010 01011 SSL_R_SSL_HANDSHAKE_FAILURE = 101, 01012 SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, 01013 SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, 01014 SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, 01015 01016 PEM_BUFSIZE = 1024 01017 }; 01018 01019 01020 #ifndef NO_PSK 01021 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 01022 unsigned int, unsigned char*, unsigned int); 01023 WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*, 01024 wc_psk_client_callback); 01025 WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, 01026 wc_psk_client_callback); 01027 01028 WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); 01029 WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*); 01030 01031 WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*); 01032 WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*); 01033 01034 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 01035 unsigned char*, unsigned int); 01036 WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*, 01037 wc_psk_server_callback); 01038 WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, 01039 wc_psk_server_callback); 01040 01041 #define PSK_TYPES_DEFINED 01042 #endif /* NO_PSK */ 01043 01044 01045 #ifdef HAVE_ANON 01046 WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); 01047 #endif /* HAVE_ANON */ 01048 01049 01050 /* extra begins */ 01051 01052 enum { /* ERR Constants */ 01053 ERR_TXT_STRING = 1 01054 }; 01055 01056 /* bio misc */ 01057 enum { 01058 WOLFSSL_BIO_ERROR = -1, 01059 WOLFSSL_BIO_UNSET = -2, 01060 WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ 01061 }; 01062 01063 01064 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*, 01065 const char**, int *); 01066 01067 WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void); 01068 WOLFSSL_API void wolfSSL_ERR_clear_error(void); 01069 01070 01071 WOLFSSL_API int wolfSSL_RAND_status(void); 01072 WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); 01073 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); 01074 WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); 01075 #ifndef NO_CERTS 01076 WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*); 01077 #endif /* !NO_CERTS */ 01078 01079 WOLFSSL_API void wolfSSL_ERR_free_strings(void); 01080 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); 01081 WOLFSSL_API void wolfSSL_EVP_cleanup(void); 01082 WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); 01083 WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); 01084 01085 WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); 01086 WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); 01087 WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); 01088 WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); 01089 WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); 01090 01091 01092 WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); 01093 WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, 01094 const unsigned char*, unsigned int); 01095 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); 01096 01097 WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); 01098 WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); 01099 01100 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...); 01101 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, 01102 const WOLFSSL_ASN1_UTCTIME*); 01103 WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, 01104 const WOLFSSL_ASN1_GENERALIZEDTIME*); 01105 WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*); 01106 WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int); 01107 01108 /* stunnel 4.28 needs */ 01109 WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); 01110 WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); 01111 WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*, 01112 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)); 01113 WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*, 01114 int (*f)(WOLFSSL*, WOLFSSL_SESSION*)); 01115 WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*, 01116 void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*)); 01117 01118 WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**); 01119 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, 01120 const unsigned char**, long); 01121 01122 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); 01123 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); 01124 WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); 01125 01126 /* extra ends */ 01127 01128 01129 /* wolfSSL extensions */ 01130 01131 /* call before SSL_connect, if verifying will add name check to 01132 date check and signature check */ 01133 WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); 01134 01135 /* need to call once to load library (session cache) */ 01136 WOLFSSL_API int wolfSSL_Init(void); 01137 /* call when done to cleanup/free session cache mutex / resources */ 01138 WOLFSSL_API int wolfSSL_Cleanup(void); 01139 01140 /* which library version do we have */ 01141 WOLFSSL_API const char* wolfSSL_lib_version(void); 01142 /* which library version do we have in hex */ 01143 WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void); 01144 01145 /* turn logging on, only if compiled in */ 01146 WOLFSSL_API int wolfSSL_Debugging_ON(void); 01147 /* turn logging off */ 01148 WOLFSSL_API void wolfSSL_Debugging_OFF(void); 01149 01150 /* do accept or connect depedning on side */ 01151 WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); 01152 /* turn on wolfSSL data compression */ 01153 WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); 01154 01155 WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); 01156 WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); 01157 01158 /* get wolfSSL peer X509_CHAIN */ 01159 WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl); 01160 /* peer chain count */ 01161 WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain); 01162 /* index cert length */ 01163 WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx); 01164 /* index cert */ 01165 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); 01166 /* index cert in X509 */ 01167 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); 01168 /* free X509 */ 01169 WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*); 01170 /* get index cert in PEM */ 01171 WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, 01172 unsigned char* buf, int inLen, int* outLen); 01173 WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); 01174 WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); 01175 WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); 01176 WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); 01177 WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*); 01178 WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*); 01179 WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); 01180 01181 WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); 01182 01183 WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); 01184 01185 WOLFSSL_API WOLFSSL_X509* 01186 wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); 01187 #ifndef NO_FILESYSTEM 01188 #ifndef NO_STDIO_FILESYSTEM 01189 WOLFSSL_API WOLFSSL_X509* 01190 wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); 01191 #endif 01192 WOLFSSL_API WOLFSSL_X509* 01193 wolfSSL_X509_load_certificate_file(const char* fname, int format); 01194 #endif 01195 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( 01196 const unsigned char* buf, int sz, int format); 01197 01198 #ifdef WOLFSSL_SEP 01199 WOLFSSL_API unsigned char* 01200 wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*); 01201 WOLFSSL_API unsigned char* 01202 wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*); 01203 WOLFSSL_API unsigned char* 01204 wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*); 01205 #endif 01206 01207 /* connect enough to get peer cert */ 01208 WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); 01209 01210 01211 01212 /* PKCS12 compatibility */ 01213 typedef struct WC_PKCS12 WC_PKCS12; 01214 WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, 01215 WC_PKCS12** pkcs12); 01216 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, 01217 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca); 01218 WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void); 01219 01220 01221 01222 #ifndef NO_DH 01223 /* server Diffie-Hellman parameters */ 01224 WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, 01225 const unsigned char* g, int gSz); 01226 WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, 01227 int format); 01228 #ifndef NO_FILESYSTEM 01229 WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); 01230 #endif 01231 01232 /* server ctx Diffie-Hellman parameters */ 01233 WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p, 01234 int pSz, const unsigned char* g, int gSz); 01235 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b, 01236 long sz, int format); 01237 01238 #ifndef NO_FILESYSTEM 01239 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f, 01240 int format); 01241 #endif 01242 01243 WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short); 01244 WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short); 01245 WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); 01246 #endif /* NO_DH */ 01247 01248 #ifndef NO_RSA 01249 WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short); 01250 WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short); 01251 #endif /* NO_RSA */ 01252 01253 #ifdef HAVE_ECC 01254 WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short); 01255 WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short); 01256 #endif /* NO_RSA */ 01257 01258 WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short); 01259 WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short); 01260 01261 /* keyblock size in bytes or -1 */ 01262 /* need to call wolfSSL_KeepArrays before handshake to save keys */ 01263 WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*); 01264 WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen, 01265 unsigned char** sr, unsigned int* srLen, 01266 unsigned char** cr, unsigned int* crLen); 01267 01268 /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ 01269 WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, 01270 const char* label); 01271 01272 01273 #ifndef _WIN32 01274 #ifndef NO_WRITEV 01275 #ifdef __PPU 01276 #include <sys/types.h> 01277 #include <sys/socket.h> 01278 #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ 01279 !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ 01280 !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) 01281 #include <sys/uio.h> 01282 #endif 01283 /* allow writev style writing */ 01284 WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, 01285 int iovcnt); 01286 #endif 01287 #endif 01288 01289 01290 #ifndef NO_CERTS 01291 /* SSL_CTX versions */ 01292 WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); 01293 #ifdef WOLFSSL_TRUST_PEER_CERT 01294 WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); 01295 WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*, 01296 const unsigned char*, long, int); 01297 #endif 01298 WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, 01299 const unsigned char*, long, int); 01300 WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, 01301 const unsigned char*, long, int); 01302 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, 01303 const unsigned char*, long, int); 01304 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*, 01305 const unsigned char*, long, int); 01306 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, 01307 const unsigned char*, long); 01308 01309 /* SSL versions */ 01310 WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, 01311 long, int); 01312 WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, 01313 long, int); 01314 WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, 01315 const unsigned char*, long, int); 01316 WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, 01317 const unsigned char*, long); 01318 WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); 01319 01320 #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) 01321 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl); 01322 #endif 01323 #endif 01324 01325 WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); 01326 WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*); 01327 01328 01329 #ifdef HAVE_FUZZER 01330 enum fuzzer_type { 01331 FUZZ_HMAC = 0, 01332 FUZZ_ENCRYPT = 1, 01333 FUZZ_SIGNATURE = 2, 01334 FUZZ_HASH = 3, 01335 FUZZ_HEAD = 4 01336 }; 01337 01338 typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, 01339 int type, void* fuzzCtx); 01340 01341 WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); 01342 #endif 01343 01344 01345 WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, 01346 const unsigned char*, 01347 unsigned int); 01348 01349 01350 /* I/O Callback default errors */ 01351 enum IOerrors { 01352 WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ 01353 WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ 01354 WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ 01355 WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ 01356 WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ 01357 WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ 01358 WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ 01359 }; 01360 01361 01362 /* CA cache callbacks */ 01363 enum { 01364 WOLFSSL_SSLV3 = 0, 01365 WOLFSSL_TLSV1 = 1, 01366 WOLFSSL_TLSV1_1 = 2, 01367 WOLFSSL_TLSV1_2 = 3, 01368 WOLFSSL_USER_CA = 1, /* user added as trusted */ 01369 WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ 01370 }; 01371 01372 WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); 01373 01374 WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); 01375 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); 01376 WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ 01377 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); 01378 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); 01379 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); 01380 WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, 01381 unsigned char*, int, const char*); 01382 WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, 01383 unsigned char*, int, int); 01384 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) 01385 #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED 01386 #ifndef NO_FILESYSTEM 01387 WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, 01388 unsigned char* derBuf, int derSz); 01389 #endif 01390 WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, 01391 unsigned char*, int); 01392 #define WOLFSSL_PEMPUBKEY_TODER_DEFINED 01393 #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ 01394 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER*/ 01395 01396 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); 01397 typedef void (*CbMissingCRL)(const char* url); 01398 typedef int (*CbOCSPIO)(void*, const char*, int, 01399 unsigned char*, int, unsigned char**); 01400 typedef void (*CbOCSPRespFree)(void*,unsigned char*); 01401 01402 #ifdef HAVE_CRL_IO 01403 typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz); 01404 #endif 01405 01406 /* User Atomic Record Layer CallBacks */ 01407 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, 01408 const unsigned char* macIn, unsigned int macInSz, int macContent, 01409 int macVerify, unsigned char* encOut, const unsigned char* encIn, 01410 unsigned int encSz, void* ctx); 01411 WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt); 01412 WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx); 01413 WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl); 01414 01415 typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl, 01416 unsigned char* decOut, const unsigned char* decIn, 01417 unsigned int decSz, int content, int verify, unsigned int* padSz, 01418 void* ctx); 01419 WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*, 01420 CallbackDecryptVerify); 01421 WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx); 01422 WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl); 01423 01424 WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); 01425 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); 01426 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); 01427 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); 01428 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); 01429 WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*); 01430 WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*); 01431 WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*); 01432 WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*); 01433 WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*); 01434 WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*); 01435 WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*); 01436 WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*); 01437 WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*); 01438 WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*); 01439 WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*, 01440 unsigned int, int, int); 01441 01442 /* Atomic User Needs */ 01443 enum { 01444 WOLFSSL_SERVER_END = 0, 01445 WOLFSSL_CLIENT_END = 1, 01446 WOLFSSL_NEITHER_END = 3, 01447 WOLFSSL_BLOCK_TYPE = 2, 01448 WOLFSSL_STREAM_TYPE = 3, 01449 WOLFSSL_AEAD_TYPE = 4, 01450 WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ 01451 }; 01452 01453 /* for GetBulkCipher and internal use */ 01454 enum BulkCipherAlgorithm { 01455 wolfssl_cipher_null, 01456 wolfssl_rc4, 01457 wolfssl_rc2, 01458 wolfssl_des, 01459 wolfssl_triple_des, /* leading 3 (3des) not valid identifier */ 01460 wolfssl_des40, 01461 wolfssl_idea, 01462 wolfssl_aes, 01463 wolfssl_aes_gcm, 01464 wolfssl_aes_ccm, 01465 wolfssl_chacha, 01466 wolfssl_camellia, 01467 wolfssl_hc128, /* wolfSSL extensions */ 01468 wolfssl_rabbit 01469 }; 01470 01471 01472 /* for KDF TLS 1.2 mac types */ 01473 enum KDF_MacAlgorithm { 01474 wolfssl_sha256 = 4, /* needs to match internal MACAlgorithm */ 01475 wolfssl_sha384, 01476 wolfssl_sha512 01477 }; 01478 01479 01480 /* Public Key Callback support */ 01481 typedef int (*CallbackEccSign)(WOLFSSL* ssl, 01482 const unsigned char* in, unsigned int inSz, 01483 unsigned char* out, unsigned int* outSz, 01484 const unsigned char* keyDer, unsigned int keySz, 01485 void* ctx); 01486 WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign); 01487 WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); 01488 WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); 01489 01490 typedef int (*CallbackEccVerify)(WOLFSSL* ssl, 01491 const unsigned char* sig, unsigned int sigSz, 01492 const unsigned char* hash, unsigned int hashSz, 01493 const unsigned char* keyDer, unsigned int keySz, 01494 int* result, void* ctx); 01495 WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); 01496 WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); 01497 WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); 01498 01499 struct ecc_key; 01500 typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, 01501 unsigned char* pubKeyDer, unsigned int* pubKeySz, 01502 unsigned char* out, unsigned int* outlen, 01503 int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ 01504 WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret); 01505 WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx); 01506 WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl); 01507 01508 typedef int (*CallbackRsaSign)(WOLFSSL* ssl, 01509 const unsigned char* in, unsigned int inSz, 01510 unsigned char* out, unsigned int* outSz, 01511 const unsigned char* keyDer, unsigned int keySz, 01512 void* ctx); 01513 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); 01514 WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx); 01515 WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl); 01516 01517 typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, 01518 unsigned char* sig, unsigned int sigSz, 01519 unsigned char** out, 01520 const unsigned char* keyDer, unsigned int keySz, 01521 void* ctx); 01522 WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); 01523 WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); 01524 WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); 01525 01526 /* RSA Public Encrypt cb */ 01527 typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, 01528 const unsigned char* in, unsigned int inSz, 01529 unsigned char* out, unsigned int* outSz, 01530 const unsigned char* keyDer, unsigned int keySz, 01531 void* ctx); 01532 WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); 01533 WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx); 01534 WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl); 01535 01536 /* RSA Private Decrypt cb */ 01537 typedef int (*CallbackRsaDec)(WOLFSSL* ssl, 01538 unsigned char* in, unsigned int inSz, 01539 unsigned char** out, 01540 const unsigned char* keyDer, unsigned int keySz, 01541 void* ctx); 01542 WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec); 01543 WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); 01544 WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); 01545 01546 01547 #ifndef NO_CERTS 01548 WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); 01549 01550 WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); 01551 WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); 01552 WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); 01553 01554 WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f, 01555 const char* d); 01556 WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*, 01557 const unsigned char* in, long sz, int format); 01558 WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); 01559 #ifdef WOLFSSL_TRUST_PEER_CERT 01560 WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); 01561 #endif 01562 WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f, 01563 int format); 01564 WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, 01565 const unsigned char* buff, long sz, int format); 01566 WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*, 01567 unsigned char*, int sz); 01568 WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*, 01569 int options); 01570 WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); 01571 WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, 01572 const char*, int, int); 01573 WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*, 01574 const unsigned char*, long sz, int); 01575 WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*, 01576 CbMissingCRL); 01577 #ifdef HAVE_CRL_IO 01578 WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*, 01579 CbCrlIO); 01580 #endif 01581 WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*, 01582 unsigned char*, int sz); 01583 WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*, 01584 int options); 01585 WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); 01586 WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*, 01587 const char*); 01588 WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, 01589 CbOCSPIO, CbOCSPRespFree, void*); 01590 01591 WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( 01592 WOLFSSL_CERT_MANAGER* cm); 01593 01594 WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); 01595 WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); 01596 WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); 01597 WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*, 01598 const unsigned char*, long sz, int); 01599 WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL); 01600 #ifdef HAVE_CRL_IO 01601 WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb); 01602 #endif 01603 WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options); 01604 WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); 01605 WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); 01606 WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*); 01607 01608 WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); 01609 WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); 01610 WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int); 01611 WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*, 01612 const unsigned char*, long sz, int); 01613 WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL); 01614 #ifdef HAVE_CRL_IO 01615 WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO); 01616 #endif 01617 WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); 01618 WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); 01619 WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); 01620 WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, 01621 CbOCSPIO, CbOCSPRespFree, void*); 01622 01623 WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); 01624 #endif /* !NO_CERTS */ 01625 01626 01627 #ifdef SINGLE_THREADED 01628 WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*); 01629 #endif 01630 01631 /* end of handshake frees temporary arrays, if user needs for get_keys or 01632 psk hints, call KeepArrays before handshake and then FreeArrays when done 01633 if don't want to wait for object free */ 01634 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*); 01635 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*); 01636 01637 WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl); 01638 WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl); 01639 01640 WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx); 01641 WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); 01642 01643 /* async additions */ 01644 WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId); 01645 WOLFSSL_API int wolfSSL_CTX_UseAsync(WOLFSSL_CTX*, int devId); 01646 01647 /* TLS Extensions */ 01648 01649 /* Server Name Indication */ 01650 #ifdef HAVE_SNI 01651 01652 /* SNI types */ 01653 enum { 01654 WOLFSSL_SNI_HOST_NAME = 0 01655 }; 01656 01657 WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, 01658 const void* data, unsigned short size); 01659 WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, 01660 const void* data, unsigned short size); 01661 01662 #ifndef NO_WOLFSSL_SERVER 01663 01664 /* SNI options */ 01665 enum { 01666 /* Do not abort the handshake if the requested SNI didn't match. */ 01667 WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, 01668 01669 /* Behave as if the requested SNI matched in a case of mismatch. */ 01670 /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */ 01671 WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02, 01672 01673 /* Abort the handshake if the client didn't send a SNI request. */ 01674 WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04, 01675 }; 01676 01677 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type, 01678 unsigned char options); 01679 WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, 01680 unsigned char type, unsigned char options); 01681 01682 /* SNI status */ 01683 enum { 01684 WOLFSSL_SNI_NO_MATCH = 0, 01685 WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */ 01686 WOLFSSL_SNI_REAL_MATCH = 2, 01687 WOLFSSL_SNI_FORCE_KEEP = 3 /** Used with -DWOLFSSL_ALWAYS_KEEP_SNI */ 01688 }; 01689 01690 WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type); 01691 01692 WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, 01693 unsigned char type, void** data); 01694 WOLFSSL_API int wolfSSL_SNI_GetFromBuffer( 01695 const unsigned char* clientHello, unsigned int helloSz, 01696 unsigned char type, unsigned char* sni, unsigned int* inOutSz); 01697 01698 #endif 01699 #endif 01700 01701 /* Application-Layer Protocol Negotiation */ 01702 #ifdef HAVE_ALPN 01703 01704 /* ALPN status code */ 01705 enum { 01706 WOLFSSL_ALPN_NO_MATCH = 0, 01707 WOLFSSL_ALPN_MATCH = 1, 01708 WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2, 01709 WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4, 01710 }; 01711 01712 enum { 01713 WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255, 01714 WOLFSSL_MAX_ALPN_NUMBER = 257 01715 }; 01716 01717 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 01718 typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, 01719 unsigned char* outLen, const unsigned char* in, unsigned int inLen, 01720 void *arg); 01721 #endif 01722 01723 WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, 01724 unsigned int protocol_name_listSz, 01725 unsigned char options); 01726 01727 WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, 01728 unsigned short *size); 01729 01730 WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, 01731 unsigned short *listSz); 01732 WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list); 01733 #endif /* HAVE_ALPN */ 01734 01735 /* Maximum Fragment Length */ 01736 #ifdef HAVE_MAX_FRAGMENT 01737 01738 /* Fragment lengths */ 01739 enum { 01740 WOLFSSL_MFL_2_9 = 1, /* 512 bytes */ 01741 WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */ 01742 WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */ 01743 WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */ 01744 WOLFSSL_MFL_2_13 = 5 /* 8192 bytes *//* wolfSSL ONLY!!! */ 01745 }; 01746 01747 #ifndef NO_WOLFSSL_CLIENT 01748 01749 WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl); 01750 WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl); 01751 01752 #endif 01753 #endif 01754 01755 /* Truncated HMAC */ 01756 #ifdef HAVE_TRUNCATED_HMAC 01757 #ifndef NO_WOLFSSL_CLIENT 01758 01759 WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl); 01760 WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx); 01761 01762 #endif 01763 #endif 01764 01765 /* Certificate Status Request */ 01766 /* Certificate Status Type */ 01767 enum { 01768 WOLFSSL_CSR_OCSP = 1 01769 }; 01770 01771 /* Certificate Status Options (flags) */ 01772 enum { 01773 WOLFSSL_CSR_OCSP_USE_NONCE = 0x01 01774 }; 01775 01776 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 01777 #ifndef NO_WOLFSSL_CLIENT 01778 01779 WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, 01780 unsigned char status_type, unsigned char options); 01781 01782 WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, 01783 unsigned char status_type, unsigned char options); 01784 01785 #endif 01786 #endif 01787 01788 /* Certificate Status Request v2 */ 01789 /* Certificate Status Type */ 01790 enum { 01791 WOLFSSL_CSR2_OCSP = 1, 01792 WOLFSSL_CSR2_OCSP_MULTI = 2 01793 }; 01794 01795 /* Certificate Status v2 Options (flags) */ 01796 enum { 01797 WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 01798 }; 01799 01800 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 01801 #ifndef NO_WOLFSSL_CLIENT 01802 01803 WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, 01804 unsigned char status_type, unsigned char options); 01805 01806 WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, 01807 unsigned char status_type, unsigned char options); 01808 01809 #endif 01810 #endif 01811 01812 /* Named Groups */ 01813 enum { 01814 #if 0 /* Not Supported */ 01815 WOLFSSL_ECC_SECT163K1 = 1, 01816 WOLFSSL_ECC_SECT163R1 = 2, 01817 WOLFSSL_ECC_SECT163R2 = 3, 01818 WOLFSSL_ECC_SECT193R1 = 4, 01819 WOLFSSL_ECC_SECT193R2 = 5, 01820 WOLFSSL_ECC_SECT233K1 = 6, 01821 WOLFSSL_ECC_SECT233R1 = 7, 01822 WOLFSSL_ECC_SECT239K1 = 8, 01823 WOLFSSL_ECC_SECT283K1 = 9, 01824 WOLFSSL_ECC_SECT283R1 = 10, 01825 WOLFSSL_ECC_SECT409K1 = 11, 01826 WOLFSSL_ECC_SECT409R1 = 12, 01827 WOLFSSL_ECC_SECT571K1 = 13, 01828 WOLFSSL_ECC_SECT571R1 = 14, 01829 #endif 01830 WOLFSSL_ECC_SECP160K1 = 15, 01831 WOLFSSL_ECC_SECP160R1 = 16, 01832 WOLFSSL_ECC_SECP160R2 = 17, 01833 WOLFSSL_ECC_SECP192K1 = 18, 01834 WOLFSSL_ECC_SECP192R1 = 19, 01835 WOLFSSL_ECC_SECP224K1 = 20, 01836 WOLFSSL_ECC_SECP224R1 = 21, 01837 WOLFSSL_ECC_SECP256K1 = 22, 01838 WOLFSSL_ECC_SECP256R1 = 23, 01839 WOLFSSL_ECC_SECP384R1 = 24, 01840 WOLFSSL_ECC_SECP521R1 = 25, 01841 WOLFSSL_ECC_BRAINPOOLP256R1 = 26, 01842 WOLFSSL_ECC_BRAINPOOLP384R1 = 27, 01843 WOLFSSL_ECC_BRAINPOOLP512R1 = 28, 01844 #ifdef WOLFSSL_TLS13 01845 /* Not implemented. */ 01846 WOLFSSL_ECC_X25519 = 29, 01847 /* Not implemented. */ 01848 WOLFSSL_ECC_X448 = 30, 01849 01850 /* Not implemented. */ 01851 WOLFSSL_FFDHE_2048 = 256, 01852 WOLFSSL_FFDHE_3072 = 257, 01853 WOLFSSL_FFDHE_4096 = 258, 01854 WOLFSSL_FFDHE_6144 = 259, 01855 WOLFSSL_FFDHE_8192 = 260, 01856 #endif 01857 }; 01858 01859 #ifdef HAVE_SUPPORTED_CURVES 01860 #ifndef NO_WOLFSSL_CLIENT 01861 01862 WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, unsigned short name); 01863 WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, 01864 unsigned short name); 01865 01866 #endif 01867 #endif 01868 01869 #ifdef WOLFSSL_TLS13 01870 WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, unsigned short group); 01871 WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl); 01872 #endif 01873 01874 01875 /* Secure Renegotiation */ 01876 #ifdef HAVE_SECURE_RENEGOTIATION 01877 01878 WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl); 01879 WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl); 01880 01881 #endif 01882 01883 /* Session Ticket */ 01884 #ifdef HAVE_SESSION_TICKET 01885 01886 #ifndef NO_WOLFSSL_CLIENT 01887 WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl); 01888 WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); 01889 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*); 01890 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, unsigned int); 01891 typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*); 01892 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, 01893 CallbackSessionTicket, void*); 01894 #endif /* NO_WOLFSSL_CLIENT */ 01895 01896 #ifndef NO_WOLFSSL_SERVER 01897 01898 #define WOLFSSL_TICKET_NAME_SZ 16 01899 #define WOLFSSL_TICKET_IV_SZ 16 01900 #define WOLFSSL_TICKET_MAC_SZ 32 01901 01902 enum TicketEncRet { 01903 WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */ 01904 WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */ 01905 WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */ 01906 WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ 01907 }; 01908 01909 typedef int (*SessionTicketEncCb)(WOLFSSL*, 01910 unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], 01911 unsigned char iv[WOLFSSL_TICKET_IV_SZ], 01912 unsigned char mac[WOLFSSL_TICKET_MAC_SZ], 01913 int enc, unsigned char*, int, int*, void*); 01914 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, 01915 SessionTicketEncCb); 01916 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); 01917 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); 01918 01919 #endif /* NO_WOLFSSL_SERVER */ 01920 01921 #endif /* HAVE_SESSION_TICKET */ 01922 01923 #ifdef HAVE_QSH 01924 /* Quantum-safe Crypto Schemes */ 01925 enum { 01926 WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */ 01927 WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */ 01928 WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */ 01929 WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */ 01930 WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */ 01931 WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */ 01932 }; 01933 01934 01935 /* test if the connection is using a QSH secure connection return 1 if so */ 01936 WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl); 01937 WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name); 01938 #ifndef NO_WOLFSSL_CLIENT 01939 /* user control over sending client public key in hello 01940 when flag = 1 will send keys if flag is 0 or function is not called 01941 then will not send keys in the hello extension */ 01942 WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag); 01943 #endif 01944 01945 #endif /* QSH */ 01946 01947 /* TLS Extended Master Secret Extension */ 01948 WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl); 01949 WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); 01950 01951 01952 #define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */ 01953 #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */ 01954 01955 01956 /* notify user the handshake is done */ 01957 typedef int (*HandShakeDoneCb)(WOLFSSL*, void*); 01958 WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*); 01959 01960 01961 WOLFSSL_API int wolfSSL_PrintSessionStats(void); 01962 WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active, 01963 unsigned int* total, 01964 unsigned int* peak, 01965 unsigned int* maxSessions); 01966 /* External facing KDF */ 01967 WOLFSSL_API 01968 int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen, 01969 const unsigned char* pms, unsigned int pmsLen, 01970 const unsigned char* cr, const unsigned char* sr, 01971 int tls1_2, int hash_type); 01972 01973 WOLFSSL_API 01974 int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, unsigned int msLen, 01975 const unsigned char* pms, unsigned int pmsLen, 01976 const unsigned char* sHash, unsigned int sHashLen, 01977 int tls1_2, int hash_type); 01978 01979 WOLFSSL_API 01980 int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen, 01981 const unsigned char* ms, unsigned int msLen, 01982 const unsigned char* sr, const unsigned char* cr, 01983 int tls1_2, int hash_type); 01984 01985 #ifdef WOLFSSL_CALLBACKS 01986 01987 /* used internally by wolfSSL while OpenSSL types aren't */ 01988 #include <wolfssl/callbacks.h> 01989 01990 typedef int (*HandShakeCallBack)(HandShakeInfo*); 01991 typedef int (*TimeoutCallBack)(TimeoutInfo*); 01992 01993 /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack 01994 for diagnostics */ 01995 WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, 01996 Timeval); 01997 WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, 01998 Timeval); 01999 02000 #endif /* WOLFSSL_CALLBACKS */ 02001 02002 02003 #ifdef WOLFSSL_HAVE_WOLFSCEP 02004 WOLFSSL_API void wolfSSL_wolfSCEP(void); 02005 #endif /* WOLFSSL_HAVE_WOLFSCEP */ 02006 02007 #ifdef WOLFSSL_HAVE_CERT_SERVICE 02008 WOLFSSL_API void wolfSSL_cert_service(void); 02009 #endif 02010 02011 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 02012 WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, 02013 char* buf, int len); 02014 #endif /* WOLFSSL_MYSQL_COMPATIBLE */ 02015 02016 #ifdef OPENSSL_EXTRA 02017 02018 #ifndef NO_FILESYSTEM 02019 WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); 02020 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); 02021 #endif 02022 02023 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); 02024 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); 02025 WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); 02026 02027 #ifndef NO_CERTS 02028 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); 02029 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, 02030 int nid, int* c, int* idx); 02031 WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, 02032 const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); 02033 WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); 02034 WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, 02035 int derSz); 02036 WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); 02037 WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, 02038 unsigned char* der, long derSz); 02039 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl); 02040 #ifndef NO_RSA 02041 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, 02042 long derSz); 02043 #endif 02044 #endif /* NO_CERTS */ 02045 02046 WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); 02047 02048 WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, 02049 unsigned char* out, int outSz); 02050 WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); 02051 02052 WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, 02053 WOLFSSL_X509_STORE* str); 02054 WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); 02055 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); 02056 02057 WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); 02058 WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, 02059 unsigned char *out, size_t outlen); 02060 WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, 02061 unsigned char* out, size_t outSz); 02062 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); 02063 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); 02064 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); 02065 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); 02066 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX 02067 (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); 02068 02069 /*lighttp compatibility */ 02070 02071 #include <wolfssl/openssl/asn1.h> 02072 struct WOLFSSL_X509_NAME_ENTRY { 02073 WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ 02074 WOLFSSL_ASN1_STRING data; 02075 WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ 02076 int set; 02077 int size; 02078 }; 02079 02080 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ 02081 || defined(HAVE_STUNNEL) \ 02082 || defined(WOLFSSL_NGINX) \ 02083 || defined(WOLFSSL_HAPROXY) \ 02084 || defined(OPENSSL_EXTRA) 02085 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); 02086 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); 02087 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); 02088 /* These are to be merged shortly */ 02089 WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); 02090 WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); 02091 WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); 02092 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); 02093 WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); 02094 WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); 02095 WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); 02096 WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); 02097 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); 02098 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); 02099 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); 02100 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); 02101 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ); 02102 02103 /* end lighttpd*/ 02104 #endif 02105 #endif 02106 02107 #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ 02108 || defined(WOLFSSL_MYSQL_COMPATIBLE) \ 02109 || defined(WOLFSSL_HAPROXY) \ 02110 || defined(OPENSSL_EXTRA) 02111 02112 WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); 02113 WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); 02114 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); 02115 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); 02116 WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, 02117 WOLFSSL_DH **x, pem_password_cb *cb, void *u); 02118 WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, 02119 WOLFSSL_DSA **x, pem_password_cb *cb, void *u); 02120 WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); 02121 WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); 02122 02123 02124 02125 #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ 02126 02127 02128 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 02129 02130 #include <wolfssl/openssl/crypto.h> 02131 02132 /* SNI received callback type */ 02133 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); 02134 02135 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), 02136 void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); 02137 02138 WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, 02139 void (*callback) (int, int, void *), void *cb_arg); 02140 02141 WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, 02142 void (*callback) (int, int, void *)); 02143 02144 WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); 02145 02146 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); 02147 02148 WOLFSSL_API int wolfSSL_FIPS_mode(void); 02149 02150 WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); 02151 02152 WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); 02153 02154 WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); 02155 02156 WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s); 02157 02158 WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s); 02159 02160 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, 02161 unsigned long); 02162 02163 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( 02164 const WOLFSSL_X509*); 02165 02166 WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); 02167 02168 WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); 02169 02170 WOLFSSL_API int wolfSSL_version(WOLFSSL*); 02171 02172 WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); 02173 02174 WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)*, int); 02175 02176 WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); 02177 02178 WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); 02179 02180 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); 02181 02182 WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); 02183 02184 WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, 02185 CRYPTO_free_func*); 02186 02187 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); 02188 02189 02190 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, 02191 unsigned int*); 02192 02193 WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *); 02194 02195 WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char); 02196 02197 WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); 02198 02199 WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); 02200 02201 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, 02202 CallbackSniRecv); 02203 WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, 02204 CallbackSniRecv); 02205 02206 WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); 02207 02208 WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); 02209 02210 #ifndef NO_FILESYSTEM 02211 WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); 02212 #endif 02213 02214 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); 02215 02216 WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); 02217 02218 WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); 02219 02220 WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( 02221 WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); 02222 02223 WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); 02224 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ 02225 02226 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ 02227 || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 02228 02229 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); 02230 02231 #endif 02232 02233 #ifdef WOLFSSL_JNI 02234 WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr); 02235 WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl); 02236 #endif /* WOLFSSL_JNI */ 02237 02238 02239 #ifdef WOLFSSL_ASYNC_CRYPT 02240 WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags); 02241 WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents, 02242 WOLF_EVENT_FLAG flags, int* eventCount); 02243 #endif /* WOLFSSL_ASYNC_CRYPT */ 02244 02245 #ifdef OPENSSL_EXTRA 02246 typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, 02247 const void *buf, size_t len, WOLFSSL *ssl, void *arg); 02248 02249 WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb); 02250 WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb); 02251 WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg); 02252 WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); 02253 #endif 02254 02255 #ifdef OPENSSL_EXTRA 02256 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, 02257 int *line, const char **data, int *flags); 02258 #endif 02259 02260 #if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY 02261 /* Not an OpenSSL API. */ 02262 WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); 02263 /* Not an OpenSSL API. */ 02264 WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); 02265 /* Not an OpenSSL API. */ 02266 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); 02267 02268 WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); 02269 WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); 02270 WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, 02271 void *b, void *c); 02272 WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); 02273 WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, 02274 void *data); 02275 02276 WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, 02277 const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); 02278 02279 WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx); 02280 WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, 02281 WOLFSSL_EC_KEY *ecdh); 02282 WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *, 02283 WOLFSSL_SESSION *c); 02284 02285 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s); 02286 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s); 02287 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s); 02288 WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL *a); /* #define in OpenSSL */ 02289 WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); 02290 WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, 02291 size_t chklen, unsigned int flags, char **peername); 02292 02293 WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, 02294 const WOLFSSL_ASN1_INTEGER *a); 02295 02296 #ifdef HAVE_SESSION_TICKET 02297 WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( 02298 WOLFSSL *ssl, unsigned char *name, unsigned char *iv, 02299 WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); 02300 #endif 02301 02302 #ifdef HAVE_OCSP 02303 WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, 02304 STACK_OF(X509)** chain); 02305 WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, 02306 int(*)(WOLFSSL*, void*)); 02307 02308 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, 02309 WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x); 02310 02311 WOLFSSL_API void wolfSSL_X509_email_free(STACK_OF(WOLFSSL_STRING) *sk); 02312 WOLFSSL_API STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x); 02313 02314 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, 02315 WOLFSSL_X509 *subject); 02316 02317 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x); 02318 02319 WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( 02320 STACK_OF(WOLFSSL_STRING)* strings, int idx); 02321 #endif /* HAVE_OCSP */ 02322 02323 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, 02324 WOLFSSL_X509 *cert); 02325 #endif /* WOLFSSL_NGINX */ 02326 02327 WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, 02328 const unsigned char **data, unsigned int *len); 02329 WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out, 02330 unsigned char *outlen, 02331 const unsigned char *in, unsigned int inlen, 02332 const unsigned char *client, 02333 unsigned int client_len); 02334 WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, 02335 int (*cb) (WOLFSSL *ssl, 02336 const unsigned char **out, 02337 unsigned char *outlen, 02338 const unsigned char *in, 02339 unsigned int inlen, 02340 void *arg), void *arg); 02341 WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, 02342 int (*cb) (WOLFSSL *ssl, 02343 const unsigned char **out, 02344 unsigned int *outlen, 02345 void *arg), void *arg); 02346 WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, 02347 int (*cb) (WOLFSSL *ssl, 02348 unsigned char **out, 02349 unsigned char *outlen, 02350 const unsigned char *in, 02351 unsigned int inlen, 02352 void *arg), void *arg); 02353 WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, 02354 unsigned *len); 02355 02356 02357 #ifdef WOLFSSL_HAPROXY 02358 WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( 02359 const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); 02360 #endif 02361 02362 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); 02363 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); 02364 WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); 02365 WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); 02366 WOLFSSL_API void *X509_get_X509_PUBKEY(void * x); 02367 WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); 02368 WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); 02369 WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); 02370 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); 02371 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); 02372 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); 02373 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); 02374 WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 02375 WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); 02376 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); 02377 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); 02378 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); 02379 WOLFSSL_API void ERR_load_SSL_strings(void); 02380 02381 #ifdef __cplusplus 02382 } /* extern "C" */ 02383 #endif 02384 02385 02386 #endif /* WOLFSSL_SSL_H */ 02387
Generated on Tue Jul 12 2022 23:31:01 by
1.7.2