1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
|
/* ssl.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* wolfSSL API */
#ifndef WOLFSSL_SSL_H
#define WOLFSSL_SSL_H
/* for users not using preprocessor flags*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#ifndef NO_FILESYSTEM
#ifdef FREESCALE_MQX
#include <fio.h>
#else
#include <stdio.h> /* ERR_printf */
#endif
#endif
#ifdef WOLFSSL_PREFIX
#include "prefix_ssl.h"
#endif
#ifdef LIBWOLFSSL_VERSION_STRING
#define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
#endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL WOLFSSL;
typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
typedef struct WOLFSSL_X509 WOLFSSL_X509;
typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
/* redeclare guard */
#define WOLFSSL_TYPES_DEFINED
typedef struct WOLFSSL_RSA WOLFSSL_RSA;
typedef struct WOLFSSL_DSA WOLFSSL_DSA;
typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP;
typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL;
typedef struct WOLFSSL_BIO WOLFSSL_BIO;
typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME;
typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
typedef struct WOLFSSL_EVP_PKEY {
int type; /* openssh dereference */
int save_type; /* openssh dereference */
int pkey_sz;
union {
char* ptr;
} pkey;
#ifdef HAVE_ECC
int pkey_curve;
#endif
} WOLFSSL_EVP_PKEY;
typedef struct WOLFSSL_MD4_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} WOLFSSL_MD4_CTX;
typedef struct WOLFSSL_COMP_METHOD {
int type; /* stunnel dereference */
} WOLFSSL_COMP_METHOD;
typedef struct WOLFSSL_X509_STORE {
int cache; /* stunnel dereference */
WOLFSSL_CERT_MANAGER* cm;
} WOLFSSL_X509_STORE;
typedef struct WOLFSSL_ALERT {
int code;
int level;
} WOLFSSL_ALERT;
typedef struct WOLFSSL_ALERT_HISTORY {
WOLFSSL_ALERT last_rx;
WOLFSSL_ALERT last_tx;
} WOLFSSL_ALERT_HISTORY;
typedef struct WOLFSSL_X509_REVOKED {
WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
} WOLFSSL_X509_REVOKED;
typedef struct WOLFSSL_X509_OBJECT {
union {
char* ptr;
WOLFSSL_X509_CRL* crl; /* stunnel dereference */
} data;
} WOLFSSL_X509_OBJECT;
typedef struct WOLFSSL_X509_STORE_CTX {
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */
void* ex_data; /* external data, for fortress build */
void* userCtx; /* user ctx */
int error; /* current error */
int error_depth; /* cert depth for this error */
int discardSessionCerts; /* so verify callback can flag for discard */
} WOLFSSL_X509_STORE_CTX;
/* Valid Alert types from page 16/17 */
enum AlertDescription {
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
record_overflow = 22,
decompression_failure = 30,
handshake_failure = 40,
no_certificate = 41,
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
certificate_expired = 45,
certificate_unknown = 46,
illegal_parameter = 47,
decrypt_error = 51,
#ifdef WOLFSSL_MYSQL_COMPATIBLE
/* catch name conflict for enum protocol with MYSQL build */
wc_protocol_version = 70,
#else
protocol_version = 70,
#endif
no_renegotiation = 100,
unrecognized_name = 112
};
enum AlertLevel {
alert_warning = 1,
alert_fatal = 2
};
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
#ifdef WOLFSSL_DTLS
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
#endif
#ifdef HAVE_POLY1305
WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
const char*);
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *,
const char *file);
WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file);
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
#ifdef WOLFSSL_DER_LOAD
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
const char*, int);
#endif
#ifdef HAVE_NTRU
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
/* load NTRU private key blob */
#endif
#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int);
#define WOLFSSL_PEMCERT_TODER_DEFINED
#endif
#endif /* !NO_FILESYSTEM && !NO_CERTS */
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*);
WOLFSSL_API int wolfSSL_connect(WOLFSSL*); /* please see note at top of README
if you get an error from connect */
WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
WOLFSSL_API void wolfSSL_free(WOLFSSL*);
WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session);
WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm);
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*,
int, int);
#ifdef SESSION_INDEX
WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
#endif /* SESSION_INDEX */
#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
WOLFSSL_API
WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
#endif /* SESSION_INDEX && SESSION_CERTS */
typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);
WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
VerifyCallback verify_callback);
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
WOLFSSL_API void wolfSSL_load_error_strings(void);
WOLFSSL_API int wolfSSL_library_init(void);
WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long);
#ifdef HAVE_SECRET_CALLBACK
typedef int (*SessionSecretCb)(WOLFSSL* ssl,
void* secret, int* secretSz, void* ctx);
WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*);
#endif /* HAVE_SECRET_CALLBACK */
/* session cache persistence */
WOLFSSL_API int wolfSSL_save_session_cache(const char*);
WOLFSSL_API int wolfSSL_restore_session_cache(const char*);
WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int);
WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int);
WOLFSSL_API int wolfSSL_get_session_cache_memsize(void);
/* certificate cache persistence, uses ctx since certs are per ctx */
WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*);
/* only supports full name from cipher_name[] delimited by : */
WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*);
/* Nonblocking DTLS helper functions */
WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
WOLFSSL_API int wolfSSL_ERR_GET_REASON(int err);
WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
unsigned long sz);
WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
/* extras */
#define STACK_OF(x) x
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
unsigned int);
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int);
WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
/* what's ref count */
WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
char** path, int* ssl);
WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*);
WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long);
WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*);
WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*);
WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*);
WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag);
WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,const unsigned char** p);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len);
WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
WOLFSSL_API int wolfSSL_add_all_algorithms(void);
WOLFSSL_API void wolfSSL_RAND_screen(void);
WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
WOLFSSL_API int wolfSSL_RAND_write_file(const char*);
WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long);
WOLFSSL_API int wolfSSL_RAND_egd(const char*);
WOLFSSL_API int wolfSSL_RAND_seed(const void*, int);
WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double);
WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
WOLFSSL_API int wolfSSL_get_ex_new_index(long, void*, void*, void*, void*);
WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
int));
WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
(const char*, int));
WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
WOLFSSL_dynlock_value*, const char*, int));
WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
(WOLFSSL_dynlock_value*, const char*, int));
WOLFSSL_API int wolfSSL_num_locks(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
WOLFSSL_X509_NAME*, int, char*, int);
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
long);
WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
WOLFSSL_X509_LOOKUP_METHOD*);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
WOLFSSL_X509_STORE*, WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
WOLFSSL_X509_STORE*, WOLFSSL_X509*, STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX*,
int);
WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
WOLFSSL_X509_REVOKED*,int);
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
const WOLFSSL_ASN1_INTEGER*);
WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
STACK_OF(WOLFSSL_X509_NAME)*);
WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int);
WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
void* userdata);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb);
WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void));
WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
WOLFSSL_API int wolfSSL_GET_REASON(int);
WOLFSSL_API char* wolfSSL_alert_type_string_long(int);
WOLFSSL_API char* wolfSSL_alert_desc_string_long(int);
WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
void(*)(int, int, void*), void*);
WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*,
WOLFSSL_RSA*(*)(WOLFSSL*, int, int));
WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
#define WOLFSSL_RSA_F4 0x10001L
enum {
OCSP_NOCERTS = 1,
OCSP_NOINTERN = 2,
OCSP_NOSIGS = 4,
OCSP_NOCHAIN = 8,
OCSP_NOVERIFY = 16,
OCSP_NOEXPLICIT = 32,
OCSP_NOCASIGN = 64,
OCSP_NODELEGATED = 128,
OCSP_NOCHECKS = 256,
OCSP_TRUSTOTHER = 512,
OCSP_RESPID_KEY = 1024,
OCSP_NOTIME = 2048,
OCSP_CERTID = 2,
OCSP_REQUEST = 4,
OCSP_RESPONSE = 8,
OCSP_BASICRESP = 16,
WOLFSSL_OCSP_URL_OVERRIDE = 1,
WOLFSSL_OCSP_NO_NONCE = 2,
WOLFSSL_OCSP_CHECKALL = 4,
WOLFSSL_CRL_CHECKALL = 1,
ASN1_GENERALIZEDTIME = 4,
SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 6,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7,
SSL_OP_TLS_D5_BUG = 8,
SSL_OP_TLS_BLOCK_PADDING_BUG = 9,
SSL_OP_TLS_ROLLBACK_BUG = 10,
SSL_OP_ALL = 11,
SSL_OP_EPHEMERAL_RSA = 12,
SSL_OP_NO_SSLv3 = 13,
SSL_OP_NO_TLSv1 = 14,
SSL_OP_PKCS1_CHECK_1 = 15,
SSL_OP_PKCS1_CHECK_2 = 16,
SSL_OP_NETSCAPE_CA_DN_BUG = 17,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18,
SSL_OP_SINGLE_DH_USE = 19,
SSL_OP_NO_TICKET = 20,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21,
SSL_OP_NO_QUERY_MTU = 22,
SSL_OP_COOKIE_EXCHANGE = 23,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24,
SSL_OP_SINGLE_ECDH_USE = 25,
SSL_OP_CIPHER_SERVER_PREFERENCE = 26,
SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
EVP_R_BAD_DECRYPT = 2,
SSL_CB_LOOP = 4,
SSL_ST_CONNECT = 5,
SSL_ST_ACCEPT = 6,
SSL_CB_ALERT = 7,
SSL_CB_READ = 8,
SSL_CB_HANDSHAKE_DONE = 9,
SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
BIO_FLAGS_BASE64_NO_NL = 1,
BIO_CLOSE = 1,
BIO_NOCLOSE = 0,
NID_undef = 0,
X509_FILETYPE_PEM = 8,
X509_LU_X509 = 9,
X509_LU_CRL = 12,
X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
X509_V_ERR_CRL_HAS_EXPIRED = 15,
X509_V_ERR_CERT_REVOKED = 16,
X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
X509_V_ERR_CERT_NOT_YET_VALID = 19,
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
X509_V_ERR_CERT_HAS_EXPIRED = 21,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
X509_V_OK = 0,
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10
};
/* extras end */
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* wolfSSL extension, provide last error from SSL_get_error
since not using thread storage error queue */
WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err);
#endif
enum { /* ssl Constants */
SSL_ERROR_NONE = 0, /* for most functions */
SSL_FAILURE = 0, /* for some functions */
SSL_SUCCESS = 1,
SSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
SSL_BAD_CERTTYPE = -8,
SSL_BAD_STAT = -7,
SSL_BAD_PATH = -6,
SSL_BAD_FILETYPE = -5,
SSL_BAD_FILE = -4,
SSL_NOT_IMPLEMENTED = -3,
SSL_UNKNOWN = -2,
SSL_FATAL_ERROR = -1,
SSL_FILETYPE_ASN1 = 2,
SSL_FILETYPE_PEM = 1,
SSL_FILETYPE_DEFAULT = 2, /* ASN1 */
SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
SSL_VERIFY_NONE = 0,
SSL_VERIFY_PEER = 1,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
SSL_VERIFY_CLIENT_ONCE = 4,
SSL_SESS_CACHE_OFF = 30,
SSL_SESS_CACHE_CLIENT = 31,
SSL_SESS_CACHE_SERVER = 32,
SSL_SESS_CACHE_BOTH = 33,
SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
SSL_ERROR_WANT_READ = 2,
SSL_ERROR_WANT_WRITE = 3,
SSL_ERROR_WANT_CONNECT = 7,
SSL_ERROR_WANT_ACCEPT = 8,
SSL_ERROR_SYSCALL = 5,
SSL_ERROR_WANT_X509_LOOKUP = 83,
SSL_ERROR_ZERO_RETURN = 6,
SSL_ERROR_SSL = 85,
SSL_SENT_SHUTDOWN = 1,
SSL_RECEIVED_SHUTDOWN = 2,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
SSL_OP_NO_SSLv2 = 8,
SSL_R_SSL_HANDSHAKE_FAILURE = 101,
SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
PEM_BUFSIZE = 1024
};
#ifndef NO_PSK
typedef unsigned int (*psk_client_callback)(WOLFSSL*, const char*, char*,
unsigned int, unsigned char*, unsigned int);
WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*,
psk_client_callback);
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,psk_client_callback);
WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
typedef unsigned int (*psk_server_callback)(WOLFSSL*, const char*,
unsigned char*, unsigned int);
WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*,
psk_server_callback);
WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,psk_server_callback);
#define PSK_TYPES_DEFINED
#endif /* NO_PSK */
#ifdef HAVE_ANON
WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
#endif /* HAVE_ANON */
/* extra begins */
enum { /* ERR Constants */
ERR_TXT_STRING = 1
};
WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
const char**, int *);
WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
WOLFSSL_API void wolfSSL_ERR_clear_error(void);
WOLFSSL_API int wolfSSL_RAND_status(void);
WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
#ifndef NO_CERTS
WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*);
#endif /* !NO_CERTS */
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
WOLFSSL_API void wolfSSL_EVP_cleanup(void);
WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
const unsigned char*, unsigned int);
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
const WOLFSSL_ASN1_UTCTIME*);
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int);
/* stunnel 4.28 needs */
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
const unsigned char**, long);
WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
/* extra ends */
/* wolfSSL extensions */
/* call before SSL_connect, if verifying will add name check to
date check and signature check */
WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
/* need to call once to load library (session cache) */
WOLFSSL_API int wolfSSL_Init(void);
/* call when done to cleanup/free session cache mutex / resources */
WOLFSSL_API int wolfSSL_Cleanup(void);
/* which library version do we have */
WOLFSSL_API const char* wolfSSL_lib_version(void);
/* which library version do we have in hex */
WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void);
/* turn logging on, only if compiled in */
WOLFSSL_API int wolfSSL_Debugging_ON(void);
/* turn logging off */
WOLFSSL_API void wolfSSL_Debugging_OFF(void);
/* do accept or connect depedning on side */
WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
/* turn on wolfSSL data compression */
WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
/* get wolfSSL peer X509_CHAIN */
WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
/* peer chain count */
WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
/* index cert length */
WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
/* index cert */
WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
/* index cert in X509 */
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx);
/* free X509 */
WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*);
/* get index cert in PEM */
WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
unsigned char* buffer, int inLen, int* outLen);
WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*);
WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
#ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file);
#endif
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_load_certificate_file(const char* fname, int format);
#endif
#ifdef WOLFSSL_SEP
WOLFSSL_API unsigned char*
wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API unsigned char*
wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API unsigned char*
wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
#endif
/* connect enough to get peer cert */
WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
#ifndef NO_DH
/* server Diffie-Hellman parameters */
WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
const unsigned char* g, int gSz);
WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
int format);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
#endif
/* server ctx Diffie-Hellman parameters */
WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
int pSz, const unsigned char* g, int gSz);
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
long sz, int format);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
int format);
#endif
WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short);
WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
#endif /* NO_DH */
WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
/* keyblock size in bytes or -1 */
/* need to call wolfSSL_KeepArrays before handshake to save keys */
WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen);
/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
const char* label);
#ifndef _WIN32
#ifndef NO_WRITEV
#ifdef __PPU
#include <sys/types.h>
#include <sys/socket.h>
#elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_PICOTCP)
#include <sys/uio.h>
#endif
/* allow writev style writing */
WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
int iovcnt);
#endif
#endif
#ifndef NO_CERTS
/* SSL_CTX versions */
WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
const unsigned char*, long);
/* SSL versions */
WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
long, int);
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
long, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
const unsigned char*, long);
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
#endif
WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
/* I/O callbacks */
typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
#ifdef HAVE_FUZZER
enum fuzzer_type {
FUZZ_HMAC = 0,
FUZZ_ENCRYPT = 1,
FUZZ_SIGNATURE = 2,
FUZZ_HASH = 3,
FUZZ_HEAD = 4
};
typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
int type, void* fuzzCtx);
WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
#endif
WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
#ifndef WOLFSSL_USER_IO
/* default IO callbacks */
WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
#ifdef HAVE_OCSP
WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
int, unsigned char**);
WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
#endif
#ifdef WOLFSSL_DTLS
WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
int sz, void*);
#endif /* WOLFSSL_DTLS */
#endif /* WOLFSSL_USER_IO */
#ifdef HAVE_NETX
WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
ULONG waitoption);
#endif
typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
/* I/O Callback default errors */
enum IOerrors {
WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */
WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
};
/* CA cache callbacks */
enum {
WOLFSSL_SSLV3 = 0,
WOLFSSL_TLSV1 = 1,
WOLFSSL_TLSV1_1 = 2,
WOLFSSL_TLSV1_2 = 3,
WOLFSSL_USER_CA = 1, /* user added as trusted */
WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
};
WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
int, const char*);
WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*,
int, int);
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url);
typedef int (*CbOCSPIO)(void*, const char*, int,
unsigned char*, int, unsigned char**);
typedef void (*CbOCSPRespFree)(void*,unsigned char*);
/* User Atomic Record Layer CallBacks */
typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
unsigned int encSz, void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int content, int verify, unsigned int* padSz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*,
CallbackDecryptVerify);
WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*);
WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*);
WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
unsigned int, int, int);
/* Atomic User Needs */
enum {
WOLFSSL_SERVER_END = 0,
WOLFSSL_CLIENT_END = 1,
WOLFSSL_BLOCK_TYPE = 2,
WOLFSSL_STREAM_TYPE = 3,
WOLFSSL_AEAD_TYPE = 4,
WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
};
/* for GetBulkCipher and internal use */
enum BulkCipherAlgorithm {
wolfssl_cipher_null,
wolfssl_rc4,
wolfssl_rc2,
wolfssl_des,
wolfssl_triple_des, /* leading 3 (3des) not valid identifier */
wolfssl_des40,
wolfssl_idea,
wolfssl_aes,
wolfssl_aes_gcm,
wolfssl_aes_ccm,
wolfssl_chacha,
wolfssl_camellia,
wolfssl_hc128, /* wolfSSL extensions */
wolfssl_rabbit
};
/* for KDF TLS 1.2 mac types */
enum KDF_MacAlgorithm {
wolfssl_sha256 = 4, /* needs to match internal MACAlgorithm */
wolfssl_sha384,
wolfssl_sha512
};
/* Public Key Callback support */
typedef int (*CallbackEccSign)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign);
WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
const unsigned char* sig, unsigned int sigSz,
const unsigned char* hash, unsigned int hashSz,
const unsigned char* keyDer, unsigned int keySz,
int* result, void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
/* RSA Public Encrypt cb */
typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
/* RSA Private Decrypt cb */
typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
unsigned char* in, unsigned int inSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
#ifndef NO_CERTS
WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
const char* d);
WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
int format);
WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
const unsigned char* buff, long sz, int format);
WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*,
unsigned char*, int sz);
WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*,
int options);
WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, const char*,
int, int);
WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
CbMissingCRL);
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
unsigned char*, int sz);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
int options);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*,
const char*);
WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*,
CbOCSPIO, CbOCSPRespFree, void*);
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
CbOCSPIO, CbOCSPRespFree, void*);
#endif /* !NO_CERTS */
/* end of handshake frees temporary arrays, if user needs for get_keys or
psk hints, call KeepArrays before handshake and then FreeArrays when done
if don't want to wait for object free */
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
/* cavium additions */
WOLFSSL_API int wolfSSL_UseCavium(WOLFSSL*, int devId);
WOLFSSL_API int wolfSSL_CTX_UseCavium(WOLFSSL_CTX*, int devId);
/* TLS Extensions */
/* Server Name Indication */
#ifdef HAVE_SNI
/* SNI types */
enum {
WOLFSSL_SNI_HOST_NAME = 0
};
WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, const void* data,
unsigned short size);
WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
const void* data, unsigned short size);
#ifndef NO_WOLFSSL_SERVER
/* SNI options */
enum {
WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */
WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */
};
WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
unsigned char options);
WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, unsigned char type,
unsigned char options);
/* SNI status */
enum {
WOLFSSL_SNI_NO_MATCH = 0,
WOLFSSL_SNI_FAKE_MATCH = 1, /* if WOLFSSL_SNI_ANSWER_ON_MISMATCH is enabled */
WOLFSSL_SNI_REAL_MATCH = 2
};
WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type,
void** data);
WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
const unsigned char* clientHello, unsigned int helloSz,
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
#endif
#endif
/* Maximum Fragment Length */
#ifdef HAVE_MAX_FRAGMENT
/* Fragment lengths */
enum {
WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
WOLFSSL_MFL_2_13 = 5 /* 8192 bytes *//* wolfSSL ONLY!!! */
};
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
#endif
#endif
/* Truncated HMAC */
#ifdef HAVE_TRUNCATED_HMAC
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
#endif
#endif
/* Elliptic Curves */
enum {
WOLFSSL_ECC_SECP160R1 = 0x10,
WOLFSSL_ECC_SECP192R1 = 0x13,
WOLFSSL_ECC_SECP224R1 = 0x15,
WOLFSSL_ECC_SECP256R1 = 0x17,
WOLFSSL_ECC_SECP384R1 = 0x18,
WOLFSSL_ECC_SECP521R1 = 0x19
};
#ifdef HAVE_SUPPORTED_CURVES
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, unsigned short name);
WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
unsigned short name);
#endif
#endif
/* Secure Renegotiation */
#ifdef HAVE_SECURE_RENEGOTIATION
WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
#endif
/* Session Ticket */
#ifdef HAVE_SESSION_TICKET
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*);
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int);
typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
CallbackSessionTicket, void*);
#endif /* NO_WOLFSSL_CLIENT */
#ifndef NO_WOLFSSL_SERVER
#define WOLFSSL_TICKET_NAME_SZ 16
#define WOLFSSL_TICKET_IV_SZ 16
#define WOLFSSL_TICKET_MAC_SZ 32
enum TicketEncRet {
WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */
WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */
WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */
WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */
};
typedef int (*SessionTicketEncCb)(WOLFSSL*,
unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
unsigned char iv[WOLFSSL_TICKET_IV_SZ],
unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
int enc, unsigned char*, int, int*, void*);
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
SessionTicketEncCb);
WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
#endif /* NO_WOLFSSL_SERVER */
#endif /* HAVE_SESSION_TICKET */
#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
/* notify user the hanshake is done */
typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
WOLFSSL_API int wolfSSL_PrintSessionStats(void);
WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
unsigned int* total,
unsigned int* peak,
unsigned int* maxSessions);
/* External facing KDF */
WOLFSSL_API
int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,
const unsigned char* pms, unsigned int pmsLen,
const unsigned char* cr, const unsigned char* sr,
int tls1_2, int hash_type);
WOLFSSL_API
int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen,
const unsigned char* ms, unsigned int msLen,
const unsigned char* sr, const unsigned char* cr,
int tls1_2, int hash_type);
#ifdef WOLFSSL_CALLBACKS
/* used internally by wolfSSL while OpenSSL types aren't */
#include <wolfssl/callbacks.h>
typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);
/* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
for diagnostics */
WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
#endif /* WOLFSSL_CALLBACKS */
#ifdef WOLFSSL_HAVE_WOLFSCEP
WOLFSSL_API void wolfSSL_wolfSCEP(void);
#endif /* WOLFSSL_HAVE_WOLFSCEP */
#ifdef WOLFSSL_HAVE_CERT_SERVICE
WOLFSSL_API void wolfSSL_cert_service(void);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_SSL_H */
|
