ssl.h
Go to the documentation of this file.
1 /* ssl.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
26 /* wolfSSL API */
27 
28 #ifndef WOLFSSL_SSL_H
29 #define WOLFSSL_SSL_H
30 
31 
32 /* for users not using preprocessor flags*/
33 #include <wolfssl/wolfcrypt/settings.h>
34 #include <wolfssl/version.h>
35 #include <wolfssl/wolfcrypt/logging.h>
36 #include <wolfssl/wolfcrypt/asn_public.h>
37 #include <wolfssl/wolfcrypt/types.h>
38 
39 #ifdef HAVE_WOLF_EVENT
40  #include <wolfssl/wolfcrypt/wolfevent.h>
41 #endif
42 
43 /* used internally by wolfSSL while OpenSSL types aren't */
44 #include <wolfssl/callbacks.h>
45 
46 #ifdef WOLFSSL_PREFIX
47  #include "prefix_ssl.h"
48 #endif
49 
50 #ifdef LIBWOLFSSL_VERSION_STRING
51  #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
52 #endif
53 
54 #ifdef _WIN32
55  /* wincrypt.h clashes */
56  #undef OCSP_REQUEST
57  #undef OCSP_RESPONSE
58 #endif
59 
60 #ifdef OPENSSL_COEXIST
61  /* mode to allow wolfSSL and OpenSSL to exist together */
62  #ifdef TEST_OPENSSL_COEXIST
63  /*
64  ./configure --enable-opensslcoexist \
65  CFLAGS="-I/usr/local/opt/openssl/include -DTEST_OPENSSL_COEXIST" \
66  LDFLAGS="-L/usr/local/opt/openssl/lib -lcrypto"
67  */
68  #include <openssl/ssl.h>
69  #include <openssl/rand.h>
70  #include <openssl/err.h>
71  #include <openssl/ec.h>
72  #include <openssl/hmac.h>
73  #include <openssl/bn.h>
74  #endif
75 
76  /* make sure old names are disabled */
77  #ifndef NO_OLD_SSL_NAMES
78  #define NO_OLD_SSL_NAMES
79  #endif
80  #ifndef NO_OLD_WC_NAMES
81  #define NO_OLD_WC_NAMES
82  #endif
83 
84 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
85  #include <wolfssl/openssl/bn.h>
86  #include <wolfssl/openssl/hmac.h>
87 
88  /* We need the old SSL names */
89  #ifdef NO_OLD_SSL_NAMES
90  #undef NO_OLD_SSL_NAMES
91  #endif
92  #ifdef NO_OLD_WC_NAMES
93  #undef NO_OLD_WC_NAMES
94  #endif
95 #endif
96 
97 #ifdef __cplusplus
98  extern "C" {
99 #endif
100 
101 #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
102 #define WOLFSSL_WOLFSSL_TYPE_DEFINED
103 typedef struct WOLFSSL WOLFSSL;
104 #endif
105 typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
106 typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
107 #ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
108 #define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
109 typedef struct WOLFSSL_CTX WOLFSSL_CTX;
110 #endif
111 
112 typedef struct WOLFSSL_STACK WOLFSSL_STACK;
113 typedef struct WOLFSSL_X509 WOLFSSL_X509;
114 typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
115 typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY;
116 typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
117 typedef struct WOLFSSL_X509_ALGOR WOLFSSL_X509_ALGOR;
118 typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
119 typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12;
120 typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO;
121 
122 typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
123 typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
124 typedef struct WOLFSSL_CRL WOLFSSL_CRL;
125 typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
126 
127 typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
128 
129 /* redeclare guard */
130 #define WOLFSSL_TYPES_DEFINED
131 
132 #include <wolfssl/wolfio.h>
133 
134 
135 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
136 typedef struct WOLFSSL_RSA WOLFSSL_RSA;
137 #define WOLFSSL_RSA_TYPE_DEFINED
138 #endif
139 
140 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
141  typedef struct WC_RNG WC_RNG;
142  #define WC_RNG_TYPE_DEFINED
143 #endif
144 
145 #ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
146 typedef struct WOLFSSL_DSA WOLFSSL_DSA;
147 #define WOLFSSL_DSA_TYPE_DEFINED
148 #endif
149 
150 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
151 typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
152 typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
153 typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
154 typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
155 /* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
156 typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD;
157 #define WOLFSSL_EC_TYPE_DEFINED
158 #endif
159 
160 #ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */
161 typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG;
162 #define WOLFSSL_ECDSA_TYPE_DEFINED
163 #endif
164 
165 typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
166 typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP;
167 typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
168 typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL;
169 typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE;
170 typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
171 typedef struct WOLFSSL_BIO WOLFSSL_BIO;
172 typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
173 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
174 typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE;
175 typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
176 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
177 typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
178 typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method;
179 
180 typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
181 typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
182 #ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */
183 typedef struct WOLFSSL_DH WOLFSSL_DH;
184 #define WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */
185 #endif
186 typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
187 typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE;
188 
189 typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
190 typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
191 typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
192 typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
193 
194 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
195 
196 struct WOLFSSL_AUTHORITY_KEYID {
197  WOLFSSL_ASN1_STRING *keyid;
198  WOLFSSL_ASN1_OBJECT *issuer;
199  WOLFSSL_ASN1_INTEGER *serial;
200 };
201 
202 struct WOLFSSL_BASIC_CONSTRAINTS {
203  int ca;
204  WOLFSSL_ASN1_INTEGER *pathlen;
205 };
206 
207 #endif /* OPENSSL_ALL || OPENSSL_EXTRA*/
208 
209 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
210 #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
211 
212 struct WOLFSSL_ASN1_STRING {
213  char strData[CTC_NAME_SIZE];
214  int length;
215  int type; /* type of string i.e. CTC_UTF8 */
216  char* data;
217  long flags;
218  unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
219 };
220 
221 #define WOLFSSL_MAX_SNAME 40
222 
223 
224 #define WOLFSSL_ASN1_DYNAMIC 0x1
225 #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
226 
227 struct WOLFSSL_ASN1_OTHERNAME {
228  WOLFSSL_ASN1_OBJECT* type_id;
229  WOLFSSL_ASN1_TYPE* value;
230 };
231 
232 struct WOLFSSL_GENERAL_NAME {
233  int type;
234  union {
235  char* ptr;
236  WOLFSSL_ASN1_OTHERNAME* otherName;
237  WOLFSSL_ASN1_STRING* rfc822Name;
238  WOLFSSL_ASN1_STRING* dNSName;
239  WOLFSSL_ASN1_TYPE* x400Address;
240  WOLFSSL_X509_NAME* directoryName;
241  WOLFSSL_ASN1_STRING* uniformResourceIdentifier;
242  WOLFSSL_ASN1_STRING* iPAddress;
243  WOLFSSL_ASN1_OBJECT* registeredID;
244 
245  WOLFSSL_ASN1_STRING* ip;
246  WOLFSSL_X509_NAME* dirn;
247  WOLFSSL_ASN1_STRING* ia5;
248  WOLFSSL_ASN1_OBJECT* rid;
249  WOLFSSL_ASN1_TYPE* other;
250  } d; /* dereference */
251 };
252 
253 struct WOLFSSL_ACCESS_DESCRIPTION {
254  WOLFSSL_ASN1_OBJECT* method;
255  WOLFSSL_GENERAL_NAME* location;
256 };
257 
258 struct WOLFSSL_X509V3_CTX {
259  WOLFSSL_X509* x509;
260 };
261 
262 
263 
264 struct WOLFSSL_ASN1_OBJECT {
265  void* heap;
266  const unsigned char* obj;
267  /* sName is short name i.e sha256 rather than oid (null terminated) */
268  char sName[WOLFSSL_MAX_SNAME];
269  int type; /* oid */
270  int grp; /* type of OID, i.e. oidCertPolicyType */
271  int nid;
272  unsigned int objSz;
273 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_APACHE_HTTPD)
274  int ca;
275  WOLFSSL_ASN1_INTEGER *pathlen;
276 #endif
277  unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */
278 
279 #if defined(WOLFSSL_APACHE_HTTPD)
280  WOLFSSL_GENERAL_NAME* gn;
281 #endif
282 
283  struct d { /* derefrenced */
284  WOLFSSL_ASN1_STRING* dNSName;
285  WOLFSSL_ASN1_STRING ia5_internal;
286  WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
287 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
288  WOLFSSL_ASN1_STRING* uniformResourceIdentifier;
289  WOLFSSL_ASN1_STRING iPAddress_internal;
290  WOLFSSL_ASN1_OTHERNAME* otherName; /* added for Apache httpd */
291 #endif
292  WOLFSSL_ASN1_STRING* iPAddress; /* points to iPAddress_internal */
293  } d;
294 };
295 
296 /* wrap ASN1 types */
297 struct WOLFSSL_ASN1_TYPE {
298  int type;
299  union {
300  char *ptr;
301  WOLFSSL_ASN1_STRING* asn1_string;
302  WOLFSSL_ASN1_OBJECT* object;
303  WOLFSSL_ASN1_INTEGER* integer;
304  WOLFSSL_ASN1_BIT_STRING* bit_string;
305  WOLFSSL_ASN1_STRING* octet_string;
306  WOLFSSL_ASN1_STRING* printablestring;
307  WOLFSSL_ASN1_STRING* ia5string;
308  WOLFSSL_ASN1_UTCTIME* utctime;
309  WOLFSSL_ASN1_GENERALIZEDTIME* generalizedtime;
310  WOLFSSL_ASN1_STRING* utf8string;
311  WOLFSSL_ASN1_STRING* set;
312  WOLFSSL_ASN1_STRING* sequence;
313  } value;
314 };
315 
316 struct WOLFSSL_EVP_PKEY {
317  void* heap;
318  int type; /* openssh dereference */
319  int save_type; /* openssh dereference */
320  int pkey_sz;
321  int references; /*number of times free should be called for complete free*/
322  wolfSSL_Mutex refMutex; /* ref count mutex */
323 
324  union {
325  char* ptr; /* der format of key / or raw for NTRU */
326  } pkey;
327  #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
328  #ifndef NO_RSA
329  WOLFSSL_RSA* rsa;
330  byte ownRsa; /* if struct owns RSA and should free it */
331  #endif
332  #ifndef NO_DSA
333  WOLFSSL_DSA* dsa;
334  byte ownDsa; /* if struct owns DSA and should free it */
335  #endif
336  #ifdef HAVE_ECC
337  WOLFSSL_EC_KEY* ecc;
338  byte ownEcc; /* if struct owns ECC and should free it */
339  #endif
340  #ifndef NO_DH
341  WOLFSSL_DH* dh;
342  byte ownDh; /* if struct owns DH and should free it */
343  #endif
344  WC_RNG rng;
345  #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
346  #ifdef HAVE_ECC
347  int pkey_curve;
348  #endif
349 };
350 typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
351 #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
352 typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
353 typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
354 typedef char WOLFSSL_EVP_MD;
355 #define WOLFSSL_EVP_TYPE_DEFINED
356 #endif
357 
358 struct WOLFSSL_X509_PKEY {
359  WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */
360  void* heap;
361 };
362 typedef struct WOLFSSL_X509_PKEY WOLFSSL_X509_PKEY;
363 
364 struct WOLFSSL_X509_INFO {
365  WOLFSSL_X509 *x509;
366  WOLFSSL_X509_CRL *crl;
367  WOLFSSL_X509_PKEY *x_pkey; /* dereferenced by Apache */
368  EncryptedInfo enc_cipher;
369  int enc_len;
370  char *enc_data;
371  int num;
372 };
373 
374 #define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
375 
376 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
377  #define wolfSSL_SSL_MODE_RELEASE_BUFFERS 0x00000010U
378  #define wolfSSL_SSL_CTRL_SET_TMP_ECDH 4
379 #endif
380 
381 struct WOLFSSL_X509_ALGOR {
382  WOLFSSL_ASN1_OBJECT* algorithm;
383  WOLFSSL_ASN1_TYPE* parameter;
384 };
385 
386 struct WOLFSSL_X509_PUBKEY {
387  WOLFSSL_X509_ALGOR* algor;
388  WOLFSSL_EVP_PKEY* pkey;
389  int pubKeyOID;
390 };
391 
392 
393 enum BIO_TYPE {
394  WOLFSSL_BIO_BUFFER = 1,
395  WOLFSSL_BIO_SOCKET = 2,
396  WOLFSSL_BIO_SSL = 3,
397  WOLFSSL_BIO_MEMORY = 4,
398  WOLFSSL_BIO_BIO = 5,
399  WOLFSSL_BIO_FILE = 6,
400  WOLFSSL_BIO_BASE64 = 7,
401  WOLFSSL_BIO_MD = 8
402 };
403 
404 enum BIO_FLAGS {
405  WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01,
406  WOLFSSL_BIO_FLAG_READ = 0x02,
407  WOLFSSL_BIO_FLAG_WRITE = 0x04,
408  WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08,
409  WOLFSSL_BIO_FLAG_RETRY = 0x10
410 };
411 
412 enum BIO_CB_OPS {
413  WOLFSSL_BIO_CB_FREE = 0x01,
414  WOLFSSL_BIO_CB_READ = 0x02,
415  WOLFSSL_BIO_CB_WRITE = 0x03,
416  WOLFSSL_BIO_CB_PUTS = 0x04,
417  WOLFSSL_BIO_CB_GETS = 0x05,
418  WOLFSSL_BIO_CB_CTRL = 0x06,
419  WOLFSSL_BIO_CB_RETURN = 0x80
420 };
421 
422 typedef struct WOLFSSL_BUF_MEM {
423  char* data; /* dereferenced */
424  size_t length; /* current length */
425  size_t max; /* maximum length */
426 } WOLFSSL_BUF_MEM;
427 
428 /* custom method with user set callbacks */
429 typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int);
430 typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int);
431 typedef int (*wolfSSL_BIO_meth_puts_cb)(WOLFSSL_BIO*, const char*);
432 typedef int (*wolfSSL_BIO_meth_gets_cb)(WOLFSSL_BIO*, char*, int);
433 typedef long (*wolfSSL_BIO_meth_ctrl_get_cb)(WOLFSSL_BIO*, int, long, void*);
434 typedef int (*wolfSSL_BIO_meth_create_cb)(WOLFSSL_BIO*);
435 typedef int (*wolfSSL_BIO_meth_destroy_cb)(WOLFSSL_BIO*);
436 
437 typedef int wolfSSL_BIO_info_cb(WOLFSSL_BIO *, int, int);
438 typedef long (*wolfssl_BIO_meth_ctrl_info_cb)(WOLFSSL_BIO*, int, wolfSSL_BIO_info_cb*);
439 
440 /* wolfSSL BIO_METHOD type */
441 #ifndef MAX_BIO_METHOD_NAME
442 #define MAX_BIO_METHOD_NAME 256
443 #endif
444 struct WOLFSSL_BIO_METHOD {
445  byte type; /* method type */
446  char name[MAX_BIO_METHOD_NAME];
447  wolfSSL_BIO_meth_write_cb writeCb;
448  wolfSSL_BIO_meth_read_cb readCb;
449  wolfSSL_BIO_meth_puts_cb putsCb;
450  wolfSSL_BIO_meth_gets_cb getsCb;
451  wolfSSL_BIO_meth_ctrl_get_cb ctrlCb;
452  wolfSSL_BIO_meth_create_cb createCb;
453  wolfSSL_BIO_meth_destroy_cb freeCb;
454  wolfssl_BIO_meth_ctrl_info_cb ctrlInfoCb;
455 };
456 
457 /* wolfSSL BIO type */
458 typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg,
459  int iarg, long larg, long return_value);
460 
461 struct WOLFSSL_BIO {
462  WOLFSSL_BUF_MEM* mem_buf;
463  WOLFSSL_BIO_METHOD* method;
464  WOLFSSL_BIO* prev; /* previous in chain */
465  WOLFSSL_BIO* next; /* next in chain */
466  WOLFSSL_BIO* pair; /* BIO paired with */
467  void* heap; /* user heap hint */
468  void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */
469  void* usrCtx; /* user set pointer */
470  char* infoArg; /* BIO callback argument */
471  wolf_bio_info_cb infoCb; /* BIO callback */
472  int wrSz; /* write buffer size (mem) */
473  int wrIdx; /* current index for write buffer */
474  int rdIdx; /* current read index */
475  int readRq; /* read request */
476  int num; /* socket num or length */
477  int eof; /* eof flag */
478  int flags;
479  byte type; /* method type */
480  byte init:1; /* bio has been initialized */
481  byte shutdown:1; /* close flag */
482 #ifdef HAVE_EX_DATA
483  WOLFSSL_CRYPTO_EX_DATA ex_data;
484 #endif
485 };
486 
487 typedef struct WOLFSSL_COMP_METHOD {
488  int type; /* stunnel dereference */
489 } WOLFSSL_COMP_METHOD;
490 
491 typedef struct WOLFSSL_COMP {
492  int id;
493  const char *name;
494  WOLFSSL_COMP_METHOD *method;
495 } WOLFSSL_COMP;
496 
497 struct WOLFSSL_X509_LOOKUP_METHOD {
498  int type;
499 };
500 
501 struct WOLFSSL_X509_LOOKUP {
502  WOLFSSL_X509_STORE *store;
503 };
504 
505 struct WOLFSSL_X509_STORE {
506  int cache; /* stunnel dereference */
507  WOLFSSL_CERT_MANAGER* cm;
508  WOLFSSL_X509_LOOKUP lookup;
509 #ifdef OPENSSL_EXTRA
510  int isDynamic;
511  WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
512 #endif
513 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
514  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb;
515 #endif
516 #ifdef HAVE_EX_DATA
517  WOLFSSL_CRYPTO_EX_DATA ex_data;
518 #endif
519 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
520  WOLFSSL_X509_CRL *crl;
521 #endif
522 };
523 
524 #ifdef OPENSSL_EXTRA
525 #define WOLFSSL_USE_CHECK_TIME 0x2
526 #define WOLFSSL_NO_CHECK_TIME 0x200000
527 #define WOLFSSL_NO_WILDCARDS 0x4
528 #define WOLFSSL_HOST_NAME_MAX 256
529 #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
530 struct WOLFSSL_X509_VERIFY_PARAM {
531  time_t check_time;
532  unsigned long flags;
533  char hostName[WOLFSSL_HOST_NAME_MAX];
534  unsigned int hostFlags;
535  char ipasc[WOLFSSL_MAX_IPSTR];
536 };
537 #endif
538 
539 typedef struct WOLFSSL_ALERT {
540  int code;
541  int level;
542 } WOLFSSL_ALERT;
543 
544 typedef struct WOLFSSL_ALERT_HISTORY {
545  WOLFSSL_ALERT last_rx;
546  WOLFSSL_ALERT last_tx;
547 } WOLFSSL_ALERT_HISTORY;
548 
549 typedef struct WOLFSSL_X509_REVOKED {
550  WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
551 } WOLFSSL_X509_REVOKED;
552 
553 
554 typedef struct WOLFSSL_X509_OBJECT {
555  union {
556  char* ptr;
557  WOLFSSL_X509 *x509;
558  WOLFSSL_X509_CRL* crl; /* stunnel dereference */
559  } data;
560 } WOLFSSL_X509_OBJECT;
561 
562 #define WOLFSSL_ASN1_BOOLEAN int
563 
564 typedef struct WOLFSSL_BUFFER_INFO {
565  unsigned char* buffer;
566  unsigned int length;
567 } WOLFSSL_BUFFER_INFO;
568 
569 struct WOLFSSL_X509_STORE_CTX {
570  WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
571  WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */
572 #ifdef WOLFSSL_ASIO
573  WOLFSSL_X509* current_issuer; /* asio dereference */
574 #endif
575  WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
576  WOLFSSL_STACK* chain;
577 #ifdef OPENSSL_EXTRA
578  WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
579 #endif
580  char* domain; /* subject CN domain name */
581 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
582  WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
583 #endif
584 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
585  int depth; /* used in X509_STORE_CTX_*_depth */
586 #endif
587  void* userCtx; /* user ctx */
588  int error; /* current error */
589  int error_depth; /* index of cert depth for this error */
590  int discardSessionCerts; /* so verify callback can flag for discard */
591  int totalCerts; /* number of peer cert buffers */
592  WOLFSSL_BUFFER_INFO* certs; /* peer certs */
593  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
594 };
595 
596 typedef char* WOLFSSL_STRING;
597 
598 /* Valid Alert types from page 16/17
599  * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
600  */
601 enum AlertDescription {
602  close_notify = 0,
603  unexpected_message = 10,
604  bad_record_mac = 20,
605  record_overflow = 22,
606  decompression_failure = 30,
607  handshake_failure = 40,
608  no_certificate = 41,
609  bad_certificate = 42,
610  unsupported_certificate = 43,
611  certificate_revoked = 44,
612  certificate_expired = 45,
613  certificate_unknown = 46,
614  illegal_parameter = 47,
615  unknown_ca = 48,
616  decode_error = 50,
617  decrypt_error = 51,
618  #ifdef WOLFSSL_MYSQL_COMPATIBLE
619  /* catch name conflict for enum protocol with MYSQL build */
620  wc_protocol_version = 70,
621  #else
622  protocol_version = 70,
623  #endif
624  inappropriate_fallback = 86,
625  no_renegotiation = 100,
626  missing_extension = 109,
627  unsupported_extension = 110,
628  unrecognized_name = 112,
629  bad_certificate_status_response = 113,
630  unknown_psk_identity = 115,
631  certificate_required = 116,
632  no_application_protocol = 120
633 };
634 
635 
636 enum AlertLevel {
637  alert_warning = 1,
638  alert_fatal = 2
639 };
640 
641 /* Maximum master key length (SECRET_LEN) */
642 #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
643 /* Maximum number of groups that can be set */
644 #define WOLFSSL_MAX_GROUP_COUNT 10
645 
646 #if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
647 enum Tls13Secret {
648  CLIENT_EARLY_TRAFFIC_SECRET,
649  CLIENT_HANDSHAKE_TRAFFIC_SECRET,
650  SERVER_HANDSHAKE_TRAFFIC_SECRET,
651  CLIENT_TRAFFIC_SECRET,
652  SERVER_TRAFFIC_SECRET,
653  EARLY_EXPORTER_SECRET,
654  EXPORTER_SECRET
655 };
656 #endif
657 
658 
659 typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);
660 
661 /* CTX Method EX Constructor Functions */
662 WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap);
663 WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap);
664 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap);
665 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap);
666 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap);
667 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap);
668 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap);
669 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap);
670 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap);
671 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
672 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
673 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap);
674 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
675 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
676 #ifdef WOLFSSL_TLS13
677  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
678  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
679  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
680 #endif
681 
682 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap);
683 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
684 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
685 
686 #ifdef WOLFSSL_DTLS
687  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap);
688  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap);
689  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap);
690  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap);
691  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap);
692  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap);
693  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap);
694  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
695  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap);
696 #endif
697 
698 /* CTX Method Constructor Functions */
699 WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void);
700 WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void);
701 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void);
702 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
703 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
704 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
705 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void);
706 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
707 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
708 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
709 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
710 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
711 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
712 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
713 WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
714 #ifdef WOLFSSL_TLS13
715  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void);
716  WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
717  WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
718 #endif
719 
720 #ifdef WOLFSSL_DTLS
721  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void);
722  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void);
723  WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void);
724  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void);
725  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
726  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
727  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void);
728  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
729  WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
730 #endif
731 
732 #ifdef HAVE_POLY1305
733  WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
734 #endif
735 
736 #ifdef WOLFSSL_SESSION_EXPORT
737 #ifdef WOLFSSL_DTLS
738 
739 #ifndef WOLFSSL_DTLS_EXPORT_TYPES
740 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
741  unsigned char* exportBuffer, unsigned int sz, void* userCtx);
742 #define WOLFSSL_DTLS_EXPORT_TYPES
743 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
744 
745 WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
746  unsigned int sz);
747 WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
748  wc_dtls_export func);
749 WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
750 WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
751  unsigned int* sz);
752 WOLFSSL_API int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,
753  unsigned int* sz);
754 #endif /* WOLFSSL_DTLS */
755 #endif /* WOLFSSL_SESSION_EXPORT */
756 
757 #ifdef WOLFSSL_STATIC_MEMORY
758 #ifndef WOLFSSL_MEM_GUARD
759 #define WOLFSSL_MEM_GUARD
760  typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS;
761  typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS;
762 #endif
763 WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
764  wolfSSL_method_func method,
765  unsigned char* buf, unsigned int sz,
766  int flag, int max);
767 WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
768  WOLFSSL_MEM_STATS* mem_stats);
769 WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
770  WOLFSSL_MEM_CONN_STATS* mem_stats);
771 #endif
772 
773 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
774 
775 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*,
776  const char*, int);
777 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
778  const char*, int);
779 
780 #endif
781 
782 #ifndef NO_CERTS
783 #define WOLFSSL_LOAD_FLAG_NONE 0x00000000
784 #define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001
785 #define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
786 #define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004
787 
788 #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
789 #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
790 #endif
791 #endif /* !NO_CERTS */
792 
793 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
794 
795 WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
796  const char*, unsigned int);
797 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*,
798  const char*, const char*);
799 #ifdef WOLFSSL_TRUST_PEER_CERT
800 WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int);
801 #endif
802 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(
803  WOLFSSL_CTX*, const char*);
804 WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
805  const char *file, int format);
806 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
807 
808 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
809 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
810 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
811 WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*,
812  int);
813 WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*,
814  int);
815 WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*,
816  const char*);
817 WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*,
818  const char *file, int format);
819 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
820 
821 #ifdef WOLFSSL_DER_LOAD
822  WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
823  const char*, int);
824 #endif
825 
826 #ifdef HAVE_NTRU
827  WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
828  /* load NTRU private key blob */
829 #endif
830 
831 #endif /* !NO_FILESYSTEM && !NO_CERTS */
832 
833 WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
834 WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
835 #ifdef OPENSSL_EXTRA
836 WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*);
837 #endif
838 WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
839 WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
840 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
841 WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
842 WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
843 WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
844 WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int);
845 WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int);
846 WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
847 WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority);
848 WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
849 WOLFSSL_API int wolfSSL_get_ciphers_iana(char*, int);
850 WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
851 WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
852  const unsigned char);
853 WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite(
854  const unsigned char, const unsigned char);
855 WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
856  int len);
857 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
858 WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
859 /* please see note at top of README if you get an error from connect */
860 WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
861 WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
862 WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
863 WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
864 WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
865 WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
866 WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
867 #ifdef WOLFSSL_TLS13
868 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
869  const unsigned char* secret, unsigned int secretSz);
870 WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
871 WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
872 WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
873 WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
874 WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl);
875 WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
876 WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
877 WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl);
878 
879 WOLFSSL_API int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
880 WOLFSSL_API int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
881 
882 WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl);
883 WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
884  int count);
885 WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
886 
887 WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
888 WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
889 
890 #ifdef WOLFSSL_EARLY_DATA
891 WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
892  unsigned int sz);
893 WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
894 WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
895 WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
896 #endif
897 #endif
898 WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
899 WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
900 WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
901 WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
902 WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
903 
904 WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
905 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
906 
907 WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
908 WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
909 
910 WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*);
911 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long);
912 WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
913 WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
914 WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
915 
916 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
917  || defined(WOLFSSL_NGINX)
918 WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
919  WOLFSSL_BIO**, size_t);
920 
921 WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM,
922  const unsigned char *mHash,
923  const WOLFSSL_EVP_MD *Hash, int saltLen);
924 WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
925  const WOLFSSL_EVP_MD *hashAlg,
926  const unsigned char *EM, int saltLen);
927 WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**);
928 WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*,
929  int, const unsigned char*);
930 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*);
931 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**);
932 #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
933 
934 #ifdef SESSION_INDEX
935 WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
936 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
937 #endif /* SESSION_INDEX */
938 
939 #if defined(SESSION_CERTS)
940 WOLFSSL_API
941  WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
942 WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
943 #endif /* SESSION_INDEX && SESSION_CERTS */
944 
945 typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
946 typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
947 
948 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
949 typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr,
950  WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
951 typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out,
952  WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg);
953 typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr,
954  WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
955 
956 WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg,
957  WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
958  WOLFSSL_CRYPTO_EX_free* c);
959 #endif
960 
961 WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
962  VerifyCallback verify_callback);
963 
964 #ifdef OPENSSL_ALL
965 typedef int (*CertVerifyCallback)(WOLFSSL_X509_STORE_CTX* store, void* arg);
966 WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
967  CertVerifyCallback cb, void* arg);
968 #endif
969 
970 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
971 WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
972 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
973 
974 WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
975 
976 WOLFSSL_API void wolfSSL_load_error_strings(void);
977 WOLFSSL_API int wolfSSL_library_init(void);
978 WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*,
979  long);
980 
981 #ifdef HAVE_SECRET_CALLBACK
982 typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz,
983  void* ctx);
984 WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb,
985  void*);
986 #ifdef WOLFSSL_TLS13
987 typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret,
988  int secretSz, void* ctx);
989 WOLFSSL_API int wolfSSL_set_tls13_secret_cb(WOLFSSL*, Tls13SecretCb, void*);
990 #endif
991 #endif /* HAVE_SECRET_CALLBACK */
992 
993 /* session cache persistence */
994 WOLFSSL_API int wolfSSL_save_session_cache(const char*);
995 WOLFSSL_API int wolfSSL_restore_session_cache(const char*);
996 WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int);
997 WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int);
998 WOLFSSL_API int wolfSSL_get_session_cache_memsize(void);
999 
1000 /* certificate cache persistence, uses ctx since certs are per ctx */
1001 WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
1002 WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
1003 WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
1004 WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
1005 WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*);
1006 
1007 /* only supports full name from cipher_name[] delimited by : */
1008 WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
1009 WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*);
1010 
1011 /* Nonblocking DTLS helper functions */
1012 WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
1013 WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*);
1014 #define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
1015 #define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock
1016  /* The old names are deprecated. */
1017 WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
1018 WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl,
1019  WOLFSSL_TIMEVAL* timeleft);
1020 WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl,
1021  word32 duration_ms);
1022 WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl);
1023 
1024 WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
1025 WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
1026 WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
1027 WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL*);
1028 WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
1029 
1030 WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
1031 WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
1032 
1033 WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
1034 WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*);
1035 WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
1036 WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
1037 
1038 WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL*,
1039  unsigned int*, unsigned int*);
1040 WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short);
1041 WOLFSSL_API int wolfSSL_set_secret(WOLFSSL*, unsigned short,
1042  const unsigned char*, unsigned int,
1043  const unsigned char*, const unsigned char*,
1044  const unsigned char*);
1045 WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int);
1046 WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int);
1047 WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short);
1048 WOLFSSL_API int wolfSSL_mcast_get_max_peers(void);
1049 typedef int (*CallbackMcastHighwater)(unsigned short peerId,
1050  unsigned int maxSeq,
1051  unsigned int curSeq, void* ctx);
1052 WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*,
1053  unsigned int,
1054  unsigned int,
1055  unsigned int,
1056  CallbackMcastHighwater);
1057 WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*);
1058 
1059 WOLFSSL_API int wolfSSL_ERR_GET_LIB(unsigned long err);
1060 WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
1061 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
1062 WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
1063  unsigned long sz);
1064 WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
1065 
1066 /* extras */
1067 
1068 
1069 /* for now LHASH is not implemented */
1070 typedef int WOLFSSL_LHASH;
1071 #ifndef WOLF_LHASH_OF
1072  #define WOLF_LHASH_OF(x) WOLFSSL_LHASH
1073 #endif
1074 
1075 #ifndef WOLF_STACK_OF
1076  #define WOLF_STACK_OF(x) WOLFSSL_STACK
1077 #endif
1078 #ifndef DECLARE_STACK_OF
1079  #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
1080 #endif
1081 
1082 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
1083 WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
1084 WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
1085 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
1086 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
1087 WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
1088 
1089 #if defined(HAVE_OCSP)
1090 #include "wolfssl/ocsp.h"
1091 #include "wolfssl/wolfcrypt/asn.h"
1092 #endif
1093 
1094 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
1095 WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
1096  WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
1097  WOLFSSL_ACCESS_DESCRIPTION* access);
1098 #endif /* defined(OPENSSL_ALL) || defined(WOLFSSL_QT) */
1099 
1100 typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
1101 
1102 WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
1103  WOLFSSL_X509* x509);
1104 WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
1105 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk);
1106 WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
1107 WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
1108 WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
1109 WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk,
1110  WOLFSSL_GENERAL_NAME* gn);
1111 WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
1112  WOLFSSL_STACK* sk, int i);
1113 WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
1114 WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
1115  void (*f) (WOLFSSL_GENERAL_NAME*));
1116 WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk);
1117 WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name);
1118 WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk);
1119 WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free(
1120  WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk);
1121 WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value(
1122  WOLFSSL_STACK* sk, int idx);
1123 WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk);
1124 WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk,
1125  void (*f) (WOLFSSL_ACCESS_DESCRIPTION*));
1126 WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access);
1127 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
1128  WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
1129  void (*f) (WOLFSSL_X509_EXTENSION*));
1130 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
1131 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
1132 WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
1133 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
1134 WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
1135  WOLFSSL_ASN1_OBJECT* obj);
1136 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
1137  WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
1138 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
1139 WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
1140  WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
1141  void (*f)(WOLFSSL_ASN1_OBJECT*));
1142 WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
1143 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
1144 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
1145  WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
1146 WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
1147 WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
1148 WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
1149 WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
1150 WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
1151 WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
1152  unsigned int);
1153 WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
1154 WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
1155 WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
1156 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
1157 WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
1158 WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
1159 
1160 WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
1161 WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
1162 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
1163 WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
1164 WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
1165 WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
1166 WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
1167 WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
1168 WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
1169 WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
1170 WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
1171 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
1172  /* what's ref count */
1173 
1174 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
1175 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)
1176 WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
1177 WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
1178 WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey);
1179 #endif
1180 
1181 WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
1182  char** path, int* ssl);
1183 
1184 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
1185 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
1186 WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
1187 
1188 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
1189 WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*);
1190 WOLFSSL_API void wolfSSL_BIO_vfree(WOLFSSL_BIO*);
1191 WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*);
1192 WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz);
1193 WOLFSSL_API int wolfSSL_BIO_puts(WOLFSSL_BIO* bio, const char* buf);
1194 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio);
1195 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type);
1196 WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
1197 WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
1198 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
1199 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
1200 WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*);
1201 WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*);
1202 WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio,
1203  wolf_bio_info_cb callback_func);
1204 WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio);
1205 WOLFSSL_API void wolfSSL_BIO_set_callback_arg(WOLFSSL_BIO *bio, char *arg);
1206 WOLFSSL_API char* wolfSSL_BIO_get_callback_arg(const WOLFSSL_BIO *bio);
1207 
1208 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void);
1209 WOLFSSL_API int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio,
1210  WOLFSSL_EVP_MD_CTX **mdcp);
1211 
1212 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
1213 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
1214 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
1215 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag);
1216 WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*);
1217 
1218 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
1219 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
1220 WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
1221 WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags);
1222 WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data);
1223 WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx);
1224 WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long);
1225 
1226 WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
1227 
1228 WOLFSSL_API void wolfSSL_BIO_set_init(WOLFSSL_BIO*, int);
1229 WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO*, void*);
1230 WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO*);
1231 WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO*, int);
1232 WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO*);
1233 WOLFSSL_API void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*);
1234 WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio);
1235 
1236 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*);
1237 WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*);
1238 WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_write_cb);
1239 WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_read_cb);
1240 WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_puts_cb);
1241 WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_gets_cb);
1242 WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb);
1243 WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb);
1244 WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb);
1245 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len);
1246 
1247 WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
1248 #ifndef NO_FILESYSTEM
1249 WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
1250 #endif
1251 WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
1252 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
1253 
1254 #ifndef NO_FILESYSTEM
1255 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
1256 #endif
1257 
1258 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
1259 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
1260 
1261 WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
1262 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
1263 
1264 WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
1265 WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
1266 WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b);
1267 WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
1268 WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
1269 WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
1270 WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
1271 
1272 WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
1273 WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
1274 WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
1275 WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
1276 WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio);
1277 
1278 WOLFSSL_API void wolfSSL_RAND_screen(void);
1279 WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
1280 WOLFSSL_API int wolfSSL_RAND_write_file(const char*);
1281 WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long);
1282 WOLFSSL_API int wolfSSL_RAND_egd(const char*);
1283 WOLFSSL_API int wolfSSL_RAND_seed(const void*, int);
1284 WOLFSSL_API void wolfSSL_RAND_Cleanup(void);
1285 WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double);
1286 WOLFSSL_API int wolfSSL_RAND_poll(void);
1287 
1288 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
1289 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
1290 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
1291 
1292 WOLFSSL_API unsigned long wolfSSL_thread_id(void);
1293 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
1294 WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
1295  int));
1296 WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
1297  (const char*, int));
1298 WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
1299  WOLFSSL_dynlock_value*, const char*, int));
1300 WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
1301  (WOLFSSL_dynlock_value*, const char*, int));
1302 WOLFSSL_API int wolfSSL_num_locks(void);
1303 
1304 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
1305  WOLFSSL_X509_STORE_CTX*);
1306 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
1307 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
1308 
1309 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
1310  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
1311 WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
1312  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
1313 WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
1314  unsigned char** out);
1315 #ifndef NO_RSA
1316 WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
1317 #endif
1318 WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
1319  unsigned long nmflags, unsigned long cflag);
1320 WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
1321 WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*,
1322  char*, int);
1323 #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
1324 WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
1325 #endif
1326 WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
1327  WOLFSSL_X509*);
1328 WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
1329  WOLFSSL_X509*);
1330 WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
1331 WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
1332 WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
1333 WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
1334 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
1335 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
1336 WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
1337  WOLFSSL_X509*, unsigned char*, int*);
1338 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
1339  WOLFSSL_X509*, unsigned char*, int*);
1340 
1341 WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
1342 WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
1343  WOLFSSL_X509_NAME*);
1344 WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*,
1345  WOLFSSL_X509_NAME*);
1346 WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
1347 WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509,
1348  const WOLFSSL_ASN1_TIME* t);
1349 WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509,
1350  const WOLFSSL_ASN1_TIME* t);
1351 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509);
1352 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509);
1353 WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
1354  WOLFSSL_ASN1_INTEGER* s);
1355 WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
1356 WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
1357  const WOLFSSL_EVP_MD* md);
1358 
1359 
1360 WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
1361 WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
1362  WOLFSSL_X509_NAME*, int, char*, int);
1363 WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
1364  WOLFSSL_X509_NAME*, int, int);
1365 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
1366 
1367 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
1368 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
1369 WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
1370 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
1371 WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
1372 WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
1373  const void* data, int dataSz);
1374 WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
1375 WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
1376 WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
1377 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
1378 WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
1379 WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
1380 WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509*, unsigned char*,
1381  int*);
1382 WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
1383 
1384 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
1385 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
1386  long);
1387 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
1388 WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
1389 
1390 WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
1391  WOLFSSL_X509_LOOKUP_METHOD*);
1392 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
1393 WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
1394 WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
1395  WOLFSSL_X509_STORE*, WOLFSSL_X509*);
1396 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
1397  WOLFSSL_X509_STORE_CTX* ctx);
1398 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
1399  WOLFSSL_X509_STORE_CTX* ctx);
1400 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
1401  unsigned long flag);
1402 WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
1403 WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
1404  int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
1405 WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
1406 WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
1407  WOLFSSL_X509_STORE*, WOLFSSL_X509*, WOLF_STACK_OF(WOLFSSL_X509)*);
1408 WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
1409 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
1410 
1411 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
1412 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
1413 WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
1414 
1415 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
1416 WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
1417 WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
1418 WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
1419  WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
1420 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
1421  WOLFSSL_EVP_PKEY** out);
1422 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
1423  const unsigned char** in, long inSz);
1424 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
1425  WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
1426 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
1427  unsigned char** in, long inSz);
1428 WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key,
1429  unsigned char** der);
1430 WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
1431 #ifdef OPENSSL_EXTRA
1432 WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime,
1433  time_t *cmpTime);
1434 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime,
1435  int offset_day, long offset_sec, time_t *in_tm);
1436 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime,
1437  long offset_sec, time_t *in_tm);
1438 WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
1439 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
1440  unsigned long flags,
1441  time_t t);
1442 WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set_hostflags(
1443  WOLFSSL_X509_VERIFY_PARAM* param, unsigned int flags);
1444 WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
1445  const char* name,
1446  unsigned int nameSz);
1447 WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(
1448  WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc);
1449 #endif
1450 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
1451 WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
1452  WOLFSSL_X509_REVOKED*,int);
1453 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
1454 WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
1455 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
1456 WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(
1457  const WOLFSSL_ASN1_INTEGER* src);
1458 WOLFSSL_API int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v);
1459 
1460 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
1461 
1462 WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t,
1463  char* buf, int len);
1464 WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
1465  const WOLFSSL_ASN1_INTEGER*);
1466 WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
1467 
1468 #ifdef OPENSSL_EXTRA
1469 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
1470  WOLFSSL_BIGNUM *bn);
1471 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t,
1472  int, long);
1473 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void);
1474 WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t);
1475 #endif
1476 
1477 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
1478 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
1479  const WOLFSSL_CTX *s);
1480 /* deprecated function name */
1481 #define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
1482 
1483 WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
1484  WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
1485 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
1486  const WOLFSSL* ssl);
1487 
1488 typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509,
1489  WOLFSSL_EVP_PKEY **pkey);
1490 WOLFSSL_API void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb);
1491 
1492 WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
1493  WOLFSSL_X509_STORE_CTX* ctx, int idx);
1494 WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
1495  int idx, void *data);
1496 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
1497  int depth);
1498 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
1499  WOLFSSL_X509_STORE_CTX* ctx);
1500 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store(
1501  WOLFSSL_X509_STORE_CTX* ctx);
1502 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert(
1503  WOLFSSL_X509_STORE_CTX*);
1504 WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
1505 WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
1506  WOLFSSL_X509_STORE_CTX* ctx, int er);
1507 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
1508  int depth);
1509 WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
1510 
1511 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
1512  void* userdata);
1513 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*,
1514  pem_password_cb*);
1515 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
1516 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
1517 
1518 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
1519  void (*)(const WOLFSSL* ssl, int type, int val));
1520 
1521 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
1522 WOLFSSL_API int wolfSSL_GET_REASON(int);
1523 
1524 WOLFSSL_API const char* wolfSSL_alert_type_string_long(int);
1525 WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int);
1526 WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
1527 
1528 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
1529  void(*)(int, int, void*), void*);
1530 WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r,
1531  const unsigned char **pp, long len);
1532 WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**,
1533  const unsigned char**, long);
1534 WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
1535 WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp);
1536 WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
1537  WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
1538 
1539 WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
1540 
1541 WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
1542 WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
1543 WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
1544 WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
1545 WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
1546 WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
1547 WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
1548 WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
1549 WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
1550 WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
1551 WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
1552 WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
1553 
1554 WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*);
1555 WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
1556 WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
1557 
1558 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*);
1559 WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*);
1560 WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v);
1561 WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg);
1562 WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
1563  WOLFSSL_CTX*, void* arg);
1564 WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
1565 WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
1566 WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
1567 
1568 WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
1569 WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
1570 WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
1571 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
1572 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
1573 WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
1574 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
1575 WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
1576 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
1577 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg);
1578 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg);
1579 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg);
1580 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp);
1581 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len);
1582 
1583 WOLFSSL_API void wolfSSL_CONF_modules_unload(int all);
1584 WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void);
1585 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
1586 WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
1587 
1588 #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
1589 
1590 /* These are bit-masks */
1591 enum {
1592  WOLFSSL_OCSP_URL_OVERRIDE = 1,
1593  WOLFSSL_OCSP_NO_NONCE = 2,
1594  WOLFSSL_OCSP_CHECKALL = 4,
1595 
1596  WOLFSSL_CRL_CHECKALL = 1,
1597  WOLFSSL_CRL_CHECK = 2,
1598 };
1599 
1600 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
1601  defined(HAVE_WEBSERVER)
1602 /* Separated out from other enums because of size */
1603 enum {
1604  SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
1605  SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
1606  SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
1607  SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
1608  SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
1609  SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
1610  SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
1611  SSL_OP_TLS_D5_BUG = 0x00000080,
1612  SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
1613  SSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
1614  SSL_OP_EPHEMERAL_RSA = 0x00000800,
1615  WOLFSSL_OP_NO_SSLv3 = 0x00001000,
1616  WOLFSSL_OP_NO_TLSv1 = 0x00002000,
1617  SSL_OP_PKCS1_CHECK_1 = 0x00004000,
1618  SSL_OP_PKCS1_CHECK_2 = 0x00008000,
1619  SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
1620  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
1621  SSL_OP_SINGLE_DH_USE = 0x00040000,
1622  SSL_OP_NO_TICKET = 0x00080000,
1623  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
1624  SSL_OP_NO_QUERY_MTU = 0x00200000,
1625  SSL_OP_COOKIE_EXCHANGE = 0x00400000,
1626  SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
1627  SSL_OP_SINGLE_ECDH_USE = 0x01000000,
1628  SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
1629  WOLFSSL_OP_NO_TLSv1_1 = 0x04000000,
1630  WOLFSSL_OP_NO_TLSv1_2 = 0x08000000,
1631  SSL_OP_NO_COMPRESSION = 0x10000000,
1632  WOLFSSL_OP_NO_TLSv1_3 = 0x20000000,
1633  WOLFSSL_OP_NO_SSLv2 = 0x40000000,
1634  SSL_OP_ALL =
1635  (SSL_OP_MICROSOFT_SESS_ID_BUG
1636  | SSL_OP_NETSCAPE_CHALLENGE_BUG
1637  | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
1638  | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
1639  | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
1640  | SSL_OP_MSIE_SSLV2_RSA_PADDING
1641  | SSL_OP_SSLEAY_080_CLIENT_DH_BUG
1642  | SSL_OP_TLS_D5_BUG
1643  | SSL_OP_TLS_BLOCK_PADDING_BUG
1644  | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1645  | SSL_OP_TLS_ROLLBACK_BUG),
1646 };
1647 
1648 /* for compatibility these must be macros */
1649 #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
1650 #define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
1651 #define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1
1652 #define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1
1653 #define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2
1654 #if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) /* apache uses this to determine if TLS 1.3 is enabled */
1655 #define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
1656 #endif
1657 
1658 #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
1659  SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
1660 
1661 #define SSL_NOTHING 1
1662 #define SSL_WRITING 2
1663 #define SSL_READING 3
1664 
1665 enum {
1666 #ifdef HAVE_OCSP
1667  /* OCSP Flags */
1668  OCSP_NOCERTS = 1,
1669  OCSP_NOINTERN = 2,
1670  OCSP_NOSIGS = 4,
1671  OCSP_NOCHAIN = 8,
1672  OCSP_NOVERIFY = 16,
1673  OCSP_NOEXPLICIT = 32,
1674  OCSP_NOCASIGN = 64,
1675  OCSP_NODELEGATED = 128,
1676  OCSP_NOCHECKS = 256,
1677  OCSP_TRUSTOTHER = 512,
1678  OCSP_RESPID_KEY = 1024,
1679  OCSP_NOTIME = 2048,
1680 
1681  /* OCSP Types */
1682  OCSP_CERTID = 2,
1683  OCSP_REQUEST = 4,
1684  OCSP_RESPONSE = 8,
1685  OCSP_BASICRESP = 16,
1686 #endif
1687 
1688  ASN1_GENERALIZEDTIME = 4,
1689  SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
1690 
1691  SSL_ST_CONNECT = 0x1000,
1692  SSL_ST_ACCEPT = 0x2000,
1693  SSL_ST_MASK = 0x0FFF,
1694 
1695  SSL_CB_LOOP = 0x01,
1696  SSL_CB_EXIT = 0x02,
1697  SSL_CB_READ = 0x04,
1698  SSL_CB_WRITE = 0x08,
1699  SSL_CB_HANDSHAKE_START = 0x10,
1700  SSL_CB_HANDSHAKE_DONE = 0x20,
1701  SSL_CB_ALERT = 0x4000,
1702  SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
1703  SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
1704  SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
1705  SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
1706  SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
1707  SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
1708  SSL_CB_MODE_READ = 1,
1709  SSL_CB_MODE_WRITE = 2,
1710 
1711  SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
1712  SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io
1713  * and auto retry */
1714  SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
1715 
1716  BIO_FLAGS_BASE64_NO_NL = 1,
1717  BIO_CLOSE = 1,
1718  BIO_NOCLOSE = 0,
1719 
1720  X509_FILETYPE_PEM = 8,
1721  X509_LU_X509 = 9,
1722  X509_LU_CRL = 12,
1723 
1724  X509_V_OK = 0,
1725  X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
1726  X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
1727  X509_V_ERR_CRL_HAS_EXPIRED = 15,
1728  X509_V_ERR_CERT_REVOKED = 16,
1729  X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
1730  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
1731  X509_V_ERR_CERT_NOT_YET_VALID = 19,
1732  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
1733  X509_V_ERR_CERT_HAS_EXPIRED = 21,
1734  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
1735  X509_V_ERR_CERT_REJECTED = 23,
1736  /* Required for Nginx */
1737  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24,
1738  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25,
1739  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26,
1740  X509_V_ERR_CERT_UNTRUSTED = 27,
1741  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28,
1742  X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29,
1743  /* additional X509_V_ERR_* enums not used in wolfSSL */
1744  X509_V_ERR_UNABLE_TO_GET_CRL,
1745  X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
1746  X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
1747  X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
1748  X509_V_ERR_CERT_SIGNATURE_FAILURE,
1749  X509_V_ERR_CRL_NOT_YET_VALID,
1750  X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
1751  X509_V_ERR_OUT_OF_MEM,
1752  X509_V_ERR_INVALID_CA,
1753  X509_V_ERR_PATH_LENGTH_EXCEEDED,
1754  X509_V_ERR_INVALID_PURPOSE,
1755  X509_V_ERR_AKID_SKID_MISMATCH,
1756  X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
1757  X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
1758  X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
1759  X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
1760  X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
1761  X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1762  X509_V_ERR_INVALID_NON_CA,
1763  X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
1764  X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
1765  X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
1766  X509_V_ERR_INVALID_EXTENSION,
1767  X509_V_ERR_INVALID_POLICY_EXTENSION,
1768  X509_V_ERR_NO_EXPLICIT_POLICY,
1769  X509_V_ERR_UNNESTED_RESOURCE,
1770  X509_V_ERR_APPLICATION_VERIFICATION,
1771 
1772  X509_R_CERT_ALREADY_IN_HASH_TABLE,
1773 
1774  XN_FLAG_SPC_EQ = (1 << 23),
1775  XN_FLAG_SEP_CPLUS_SPC = (2 << 16),
1776  XN_FLAG_ONELINE = 0,
1777  XN_FLAG_RFC2253 = 1,
1778  XN_FLAG_DN_REV = (1 << 20),
1779 
1780  CRYPTO_LOCK = 1,
1781  CRYPTO_NUM_LOCKS = 10,
1782 
1783  ASN1_STRFLGS_ESC_MSB = 4
1784 };
1785 #endif
1786 
1787 /* extras end */
1788 
1789 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
1790 /* wolfSSL extension, provide last error from SSL_get_error
1791  since not using thread storage error queue */
1792 #include <stdio.h>
1793 WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err);
1794 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
1795 WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp);
1796 WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str,
1797  size_t len, void *u), void *u);
1798 #endif
1799 #endif
1800 WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
1801 
1802 
1803 #ifndef NO_OLD_SSL_NAMES
1804  #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
1805  #define SSL_FAILURE WOLFSSL_FAILURE
1806  #define SSL_SUCCESS WOLFSSL_SUCCESS
1807  #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE
1808 
1809  #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
1810  #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE
1811  #define SSL_BAD_STAT WOLFSSL_BAD_STAT
1812  #define SSL_BAD_PATH WOLFSSL_BAD_PATH
1813  #define SSL_BAD_FILETYPE WOLFSSL_BAD_FILETYPE
1814  #define SSL_BAD_FILE WOLFSSL_BAD_FILE
1815  #define SSL_NOT_IMPLEMENTED WOLFSSL_NOT_IMPLEMENTED
1816  #define SSL_UNKNOWN WOLFSSL_UNKNOWN
1817  #define SSL_FATAL_ERROR WOLFSSL_FATAL_ERROR
1818 
1819  #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
1820  #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM
1821  #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
1822  #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW
1823 
1824  #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE
1825  #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
1826  #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT
1827  #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE
1828  #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK
1829 
1830  #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF
1831  #define SSL_SESS_CACHE_CLIENT WOLFSSL_SESS_CACHE_CLIENT
1832  #define SSL_SESS_CACHE_SERVER WOLFSSL_SESS_CACHE_SERVER
1833  #define SSL_SESS_CACHE_BOTH WOLFSSL_SESS_CACHE_BOTH
1834  #define SSL_SESS_CACHE_NO_AUTO_CLEAR WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR
1835  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP
1836  #define SSL_SESS_CACHE_NO_INTERNAL_STORE WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE
1837  #define SSL_SESS_CACHE_NO_INTERNAL WOLFSSL_SESS_CACHE_NO_INTERNAL
1838 
1839  #define SSL_ERROR_WANT_READ WOLFSSL_ERROR_WANT_READ
1840  #define SSL_ERROR_WANT_WRITE WOLFSSL_ERROR_WANT_WRITE
1841  #define SSL_ERROR_WANT_CONNECT WOLFSSL_ERROR_WANT_CONNECT
1842  #define SSL_ERROR_WANT_ACCEPT WOLFSSL_ERROR_WANT_ACCEPT
1843  #define SSL_ERROR_SYSCALL WOLFSSL_ERROR_SYSCALL
1844  #define SSL_ERROR_WANT_X509_LOOKUP WOLFSSL_ERROR_WANT_X509_LOOKUP
1845  #define SSL_ERROR_ZERO_RETURN WOLFSSL_ERROR_ZERO_RETURN
1846  #define SSL_ERROR_SSL WOLFSSL_ERROR_SSL
1847 
1848  #define SSL_SENT_SHUTDOWN WOLFSSL_SENT_SHUTDOWN
1849  #define SSL_RECEIVED_SHUTDOWN WOLFSSL_RECEIVED_SHUTDOWN
1850  #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
1851 
1852  #define SSL_R_SSL_HANDSHAKE_FAILURE WOLFSSL_R_SSL_HANDSHAKE_FAILURE
1853  #define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA
1854  #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
1855  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE
1856 
1857  #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
1858 #endif
1859 
1860 enum { /* ssl Constants */
1861  WOLFSSL_ERROR_NONE = 0, /* for most functions */
1862  WOLFSSL_FAILURE = 0, /* for some functions */
1863  WOLFSSL_SUCCESS = 1,
1864  WOLFSSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
1865 
1866  WOLFSSL_ALPN_NOT_FOUND = -9,
1867  WOLFSSL_BAD_CERTTYPE = -8,
1868  WOLFSSL_BAD_STAT = -7,
1869  WOLFSSL_BAD_PATH = -6,
1870  WOLFSSL_BAD_FILETYPE = -5,
1871  WOLFSSL_BAD_FILE = -4,
1872  WOLFSSL_NOT_IMPLEMENTED = -3,
1873  WOLFSSL_UNKNOWN = -2,
1874  WOLFSSL_FATAL_ERROR = -1,
1875 
1876  WOLFSSL_FILETYPE_ASN1 = 2,
1877  WOLFSSL_FILETYPE_PEM = 1,
1878  WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */
1879  WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
1880 
1881  WOLFSSL_VERIFY_NONE = 0,
1882  WOLFSSL_VERIFY_PEER = 1,
1883  WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
1884  WOLFSSL_VERIFY_CLIENT_ONCE = 4,
1885  WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 8,
1886 
1887  WOLFSSL_SESS_CACHE_OFF = 0x0000,
1888  WOLFSSL_SESS_CACHE_CLIENT = 0x0001,
1889  WOLFSSL_SESS_CACHE_SERVER = 0x0002,
1890  WOLFSSL_SESS_CACHE_BOTH = 0x0003,
1891  WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008,
1892  WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100,
1893  WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200,
1894  WOLFSSL_SESS_CACHE_NO_INTERNAL = 0x0300,
1895 
1896  WOLFSSL_ERROR_WANT_READ = 2,
1897  WOLFSSL_ERROR_WANT_WRITE = 3,
1898  WOLFSSL_ERROR_WANT_CONNECT = 7,
1899  WOLFSSL_ERROR_WANT_ACCEPT = 8,
1900  WOLFSSL_ERROR_SYSCALL = 5,
1901  WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
1902  WOLFSSL_ERROR_ZERO_RETURN = 6,
1903  WOLFSSL_ERROR_SSL = 85,
1904 
1905  WOLFSSL_SENT_SHUTDOWN = 1,
1906  WOLFSSL_RECEIVED_SHUTDOWN = 2,
1907  WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
1908 
1909  WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101,
1910  WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
1911  WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
1912  WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
1913 
1914  WOLF_PEM_BUFSIZE = 1024
1915 };
1916 
1917 #ifndef NO_PSK
1918  typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1919  unsigned int, unsigned char*, unsigned int);
1920  WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*,
1921  wc_psk_client_callback);
1922  WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
1923  wc_psk_client_callback);
1924 #ifdef WOLFSSL_TLS13
1925  typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1926  char*, unsigned int, unsigned char*, unsigned int, const char**);
1927  WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*,
1928  wc_psk_client_tls13_callback);
1929  WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*,
1930  wc_psk_client_tls13_callback);
1931 #endif
1932 
1933  WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
1934  WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
1935 
1936  WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
1937  WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
1938 
1939  typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1940  unsigned char*, unsigned int);
1941  WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*,
1942  wc_psk_server_callback);
1943  WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,
1944  wc_psk_server_callback);
1945 #ifdef WOLFSSL_TLS13
1946  typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1947  unsigned char*, unsigned int, const char**);
1948  WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*,
1949  wc_psk_server_tls13_callback);
1950  WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
1951  wc_psk_server_tls13_callback);
1952 #endif
1953 
1954  #define PSK_TYPES_DEFINED
1955 #endif /* NO_PSK */
1956 
1957 
1958 #ifdef HAVE_ANON
1959  WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
1960 #endif /* HAVE_ANON */
1961 
1962 
1963 /* extra begins */
1964 #ifdef OPENSSL_EXTRA
1965 enum { /* ERR Constants */
1966  ERR_TXT_STRING = 1
1967 };
1968 
1969 /* bio misc */
1970 enum {
1971  WOLFSSL_BIO_ERROR = -1,
1972  WOLFSSL_BIO_UNSET = -2,
1973  WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */
1974 };
1975 #endif
1976 
1977 WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err,
1978  const char* file, int line);
1979 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*);
1980 WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
1981  const char**, int *);
1982 
1983 WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
1984 WOLFSSL_API void wolfSSL_ERR_clear_error(void);
1985 
1986 
1987 WOLFSSL_API int wolfSSL_RAND_status(void);
1988 WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num);
1989 WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
1990 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
1991 WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
1992 WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
1993 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
1994 
1995 #ifndef NO_CERTS
1996  WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
1997 #endif /* !NO_CERTS */
1998 
1999 WOLFSSL_API void wolfSSL_ERR_free_strings(void);
2000 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
2001 WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
2002 WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl);
2003 
2004 WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
2005 WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
2006 WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
2007 WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
2008 WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
2009 
2010 
2011 WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
2012 WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
2013  const unsigned char*, unsigned int);
2014 WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
2015 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
2016 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
2017 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
2018 #endif
2019 
2020 #ifdef OPENSSL_EXTRA
2021 WOLFSSL_API int wolfSSL_want(WOLFSSL*);
2022 #endif
2023 WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
2024 WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
2025 
2026 #if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA)
2027 #include <stdarg.h> /* var_arg */
2028 WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
2029  va_list args);
2030 #endif
2031 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
2032 WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int);
2033 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
2034  const WOLFSSL_ASN1_UTCTIME*);
2035 WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*,
2036  const WOLFSSL_ASN1_GENERALIZEDTIME*);
2037 WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*);
2038 WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*);
2039 WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
2040  const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
2041 #ifdef OPENSSL_EXTRA
2042 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
2043 #endif
2044 
2045 WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
2046 WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
2047 
2048 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
2049 WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
2050  int idx);
2051 WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
2052  void *data);
2053 #endif
2054 
2055 /* stunnel 4.28 needs */
2056 WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
2057 WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
2058 WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
2059  WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
2060 WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
2061  int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
2062 WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
2063  void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
2064 
2065 WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
2066 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
2067  const unsigned char**, long);
2068 
2069 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
2070 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
2071 WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
2072 
2073 
2074 /* extra ends */
2075 
2076 
2077 /* wolfSSL extensions */
2078 
2079 /* call before SSL_connect, if verifying will add name check to
2080  date check and signature check */
2081 WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*);
2082 
2083 /* need to call once to load library (session cache) */
2084 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
2085 /* call when done to cleanup/free session cache mutex / resources */
2086 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
2087 
2088 /* which library version do we have */
2089 WOLFSSL_API const char* wolfSSL_lib_version(void);
2090 /* which library version do we have in hex */
2091 WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
2092 
2093 /* do accept or connect depedning on side */
2094 WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
2095 /* turn on wolfSSL data compression */
2096 WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
2097 
2098 WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
2099 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
2100 WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx,
2101  void (*cb)(const WOLFSSL* ssl, WOLFSSL_TIMEVAL* out_clock));
2102 
2103 /* get wolfSSL peer X509_CHAIN */
2104 WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
2105 #ifdef WOLFSSL_ALT_CERT_CHAINS
2106 WOLFSSL_API int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl);
2107 /* get wolfSSL alternate peer X509_CHAIN */
2108 WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl);
2109 #endif
2110 /* peer chain count */
2111 WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
2112 /* index cert length */
2113 WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
2114 /* index cert */
2115 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
2116 /* index cert in X509 */
2117 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx);
2118 /* free X509 */
2119 #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
2120 WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
2121 /* get index cert in PEM */
2122 WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
2123  unsigned char* buf, int inLen, int* outLen);
2124 WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(
2125  const WOLFSSL_SESSION* s);
2126 WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
2127 WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
2128 WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
2129 WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*);
2130 WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509*);
2131 WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509*);
2132 WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
2133 
2134 WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
2135 
2136 WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
2137 WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
2138 
2139 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
2140  const unsigned char** in, int len);
2141 WOLFSSL_API WOLFSSL_X509*
2142  wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
2143 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
2144 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
2145  const unsigned char *in, int len);
2146 #ifndef NO_FILESYSTEM
2147 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
2148 #endif
2149 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
2150 
2151 #ifndef NO_FILESYSTEM
2152  #ifndef NO_STDIO_FILESYSTEM
2153  WOLFSSL_API WOLFSSL_X509*
2154  wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
2155  #endif
2156 WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
2157  wolfSSL_X509_load_certificate_file(const char* fname, int format);
2158 #endif
2159 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
2160  const unsigned char* buf, int sz, int format);
2161 
2162 #ifdef WOLFSSL_SEP
2163  WOLFSSL_API unsigned char*
2164  wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
2165  WOLFSSL_API unsigned char*
2166  wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
2167  WOLFSSL_API unsigned char*
2168  wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
2169 #endif
2170 
2171 /* connect enough to get peer cert */
2172 WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
2173 
2174 
2175 
2176 /* PKCS12 compatibility */
2177 typedef struct WC_PKCS12 WC_PKCS12;
2178 WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
2179  WC_PKCS12** pkcs12);
2180 WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
2181 #ifndef NO_FILESYSTEM
2182 WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
2183  WOLFSSL_X509_PKCS12** pkcs12);
2184 #endif
2185 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
2186  WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
2187  WOLF_STACK_OF(WOLFSSL_X509)** ca);
2188 WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
2189  WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
2190  WOLF_STACK_OF(WOLFSSL_X509)* ca,
2191  int keyNID, int certNID, int itt, int macItt, int keytype);
2192 WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
2193 
2194 
2195 
2196 #ifndef NO_DH
2197 /* server Diffie-Hellman parameters */
2198 WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
2199  const unsigned char* g, int gSz);
2200 WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
2201  int format);
2202 WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int);
2203 #ifndef NO_FILESYSTEM
2204  WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
2205 #endif
2206 
2207 /* server ctx Diffie-Hellman parameters */
2208 WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
2209  int pSz, const unsigned char* g, int gSz);
2210 WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
2211  long sz, int format);
2212 
2213 #ifndef NO_FILESYSTEM
2214  WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
2215  int format);
2216 #endif
2217 
2218 WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, word16);
2219 WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, word16);
2220 WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, word16);
2221 WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, word16);
2222 WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
2223 #endif /* NO_DH */
2224 
2225 #ifndef NO_RSA
2226 WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short);
2227 WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short);
2228 #endif /* NO_RSA */
2229 
2230 #ifdef HAVE_ECC
2231 WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short);
2232 WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short);
2233 #endif /* NO_RSA */
2234 
2235 WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, word16);
2236 WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, word16);
2237 
2238 /* keyblock size in bytes or -1 */
2239 /* need to call wolfSSL_KeepArrays before handshake to save keys */
2240 WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
2241 WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
2242  unsigned char** sr, unsigned int* srLen,
2243  unsigned char** cr, unsigned int* crLen);
2244 
2245 /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
2246 WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
2247  const char* label);
2248 
2249 
2250 #ifndef _WIN32
2251  #ifndef NO_WRITEV
2252  #ifdef __PPU
2253  #include <sys/types.h>
2254  #include <sys/socket.h>
2255  #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
2256  !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
2257  !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
2258  !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
2259  !defined(WOLFSSL_ZEPHYR)
2260  #include <sys/uio.h>
2261  #endif
2262  /* allow writev style writing */
2263  WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
2264  int iovcnt);
2265  #endif
2266 #endif
2267 
2268 
2269 #ifndef NO_CERTS
2270  /* SSL_CTX versions */
2271  WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
2272 #ifdef WOLFSSL_TRUST_PEER_CERT
2273  WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
2274  WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
2275  const unsigned char*, long, int);
2276 #endif
2277  WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*,
2278  const unsigned char*, long, int,
2279  int, word32);
2280  WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
2281  const unsigned char*, long, int);
2282  WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
2283  const unsigned char*, long, int);
2284  WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
2285  const unsigned char*, long, int);
2286  WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
2287  const unsigned char*, long, int);
2288  WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*,
2289  const unsigned char*, long, int, long);
2290  WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
2291  const unsigned char*, long, int);
2292  WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
2293  const unsigned char*, long);
2294 
2295  /* SSL versions */
2296  WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
2297  long, int);
2298  WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl,
2299  const unsigned char* der, int derSz);
2300  WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
2301  long, int);
2302  WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*,
2303  long, int, long);
2304  WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
2305  const unsigned char*, long, int);
2306  WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
2307  const unsigned char*, long);
2308  WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
2309 
2310  #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
2311  defined(KEEP_OUR_CERT)
2312  WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
2313  #endif
2314 #endif
2315 
2316 WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
2317 WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
2318 
2319 
2320 #ifdef HAVE_FUZZER
2321 enum fuzzer_type {
2322  FUZZ_HMAC = 0,
2323  FUZZ_ENCRYPT = 1,
2324  FUZZ_SIGNATURE = 2,
2325  FUZZ_HASH = 3,
2326  FUZZ_HEAD = 4
2327 };
2328 
2329 typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
2330  int type, void* fuzzCtx);
2331 
2332 WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
2333 #endif
2334 
2335 
2336 WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, const byte*, word32);
2337 
2338 
2339 /* I/O Callback default errors */
2340 enum IOerrors {
2341  WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
2342  WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
2343  WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
2344  WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
2345  WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */
2346  WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
2347  WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
2348 };
2349 
2350 
2351 /* CA cache callbacks */
2352 enum {
2353  WOLFSSL_SSLV3 = 0,
2354  WOLFSSL_TLSV1 = 1,
2355  WOLFSSL_TLSV1_1 = 2,
2356  WOLFSSL_TLSV1_2 = 3,
2357  WOLFSSL_TLSV1_3 = 4,
2358  WOLFSSL_USER_CA = 1, /* user added as trusted */
2359  WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
2360 };
2361 
2362 WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*);
2363 
2364 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX*, int);
2365 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL*, int);
2366 WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
2367 WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
2368 WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
2369 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
2370 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
2371 WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
2372 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
2373 
2374 /* moved to asn.c, old names kept for backwards compatibility */
2375 #define wolfSSL_KeyPemToDer wc_KeyPemToDer
2376 #define wolfSSL_CertPemToDer wc_CertPemToDer
2377 #define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
2378 #define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
2379 #define wolfSSL_PemCertToDer wc_PemCertToDer
2380 
2381 
2382 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
2383 typedef void (*CbMissingCRL)(const char* url);
2384 typedef int (*CbOCSPIO)(void*, const char*, int,
2385  unsigned char*, int, unsigned char**);
2386 typedef void (*CbOCSPRespFree)(void*,unsigned char*);
2387 
2388 #ifdef HAVE_CRL_IO
2389 typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
2390 #endif
2391 
2392 /* User Atomic Record Layer CallBacks */
2393 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
2394  const unsigned char* macIn, unsigned int macInSz, int macContent,
2395  int macVerify, unsigned char* encOut, const unsigned char* encIn,
2396  unsigned int encSz, void* ctx);
2397 WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
2398 WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
2399 WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
2400 
2401 typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
2402  unsigned char* decOut, const unsigned char* decIn,
2403  unsigned int decSz, int content, int verify, unsigned int* padSz,
2404  void* ctx);
2405 WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*,
2406  CallbackDecryptVerify);
2407 WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
2408 WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
2409 
2410 typedef int (*CallbackEncryptMac)(WOLFSSL* ssl, unsigned char* macOut,
2411  int content, int macVerify, unsigned char* encOut,
2412  const unsigned char* encIn, unsigned int encSz, void* ctx);
2413 WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX*, CallbackEncryptMac);
2414 WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx);
2415 WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl);
2416 
2417 typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl,
2418  unsigned char* decOut, const unsigned char* decIn,
2419  unsigned int decSz, int content, int verify, unsigned int* padSz,
2420  void* ctx);
2421 WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX*,
2422  CallbackVerifyDecrypt);
2423 WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx);
2424 WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl);
2425 
2426 WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
2427 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
2428 WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
2429 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
2430 WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
2431 WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*);
2432 WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*);
2433 WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*);
2434 WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*);
2435 WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*);
2436 WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*);
2437 WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*);
2438 WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*);
2439 WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*);
2440 WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*);
2441 WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
2442  word32, int, int);
2443 
2444 /* Atomic User Needs */
2445 enum {
2446  WOLFSSL_SERVER_END = 0,
2447  WOLFSSL_CLIENT_END = 1,
2448  WOLFSSL_NEITHER_END = 3,
2449  WOLFSSL_BLOCK_TYPE = 2,
2450  WOLFSSL_STREAM_TYPE = 3,
2451  WOLFSSL_AEAD_TYPE = 4,
2452  WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
2453 };
2454 
2455 /* for GetBulkCipher and internal use */
2456 enum BulkCipherAlgorithm {
2457  wolfssl_cipher_null,
2458  wolfssl_rc4,
2459  wolfssl_rc2,
2460  wolfssl_des,
2461  wolfssl_triple_des, /* leading 3 (3des) not valid identifier */
2462  wolfssl_des40,
2463 #ifdef HAVE_IDEA
2464  wolfssl_idea,
2465 #endif
2466  wolfssl_aes,
2467  wolfssl_aes_gcm,
2468  wolfssl_aes_ccm,
2469  wolfssl_chacha,
2470  wolfssl_camellia,
2471  wolfssl_hc128, /* wolfSSL extensions */
2472  wolfssl_rabbit
2473 };
2474 
2475 
2476 /* for KDF TLS 1.2 mac types */
2477 enum KDF_MacAlgorithm {
2478  wolfssl_sha256 = 4, /* needs to match hash.h wc_MACAlgorithm */
2479  wolfssl_sha384,
2480  wolfssl_sha512
2481 };
2482 
2483 
2484 /* Public Key Callback support */
2485 #ifdef HAVE_PK_CALLBACKS
2486 #ifdef HAVE_ECC
2487 
2488 struct ecc_key;
2489 
2490 typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key,
2491  unsigned int keySz, int ecc_curve, void* ctx);
2492 WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen);
2493 WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx);
2494 WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl);
2495 
2496 typedef int (*CallbackEccSign)(WOLFSSL* ssl,
2497  const unsigned char* in, unsigned int inSz,
2498  unsigned char* out, word32* outSz,
2499  const unsigned char* keyDer, unsigned int keySz,
2500  void* ctx);
2501 WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*,
2502  CallbackEccSign);
2503 WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
2504 WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
2505 
2506 typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
2507  const unsigned char* sig, unsigned int sigSz,
2508  const unsigned char* hash, unsigned int hashSz,
2509  const unsigned char* keyDer, unsigned int keySz,
2510  int* result, void* ctx);
2511 WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
2512 WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
2513 WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
2514 
2515 typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
2516  unsigned char* pubKeyDer, word32* pubKeySz,
2517  unsigned char* out, word32* outlen,
2518  int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
2519 WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret);
2520 WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx);
2521 WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl);
2522 #endif
2523 
2524 #ifndef NO_DH
2525 /* Public DH Key Callback support */
2526 struct DhKey;
2527 typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
2528  const unsigned char* priv, unsigned int privSz,
2529  const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
2530  unsigned char* out, unsigned int* outlen,
2531  void* ctx);
2532 WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
2533 WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
2534 WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl);
2535 #endif /* !NO_DH */
2536 
2537 #ifdef HAVE_ED25519
2538 struct ed25519_key;
2539 typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl,
2540  const unsigned char* in, unsigned int inSz,
2541  unsigned char* out, unsigned int* outSz,
2542  const unsigned char* keyDer, unsigned int keySz,
2543  void* ctx);
2544 WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*,
2545  CallbackEd25519Sign);
2546 WOLFSSL_API void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx);
2547 WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl);
2548 
2549 typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl,
2550  const unsigned char* sig, unsigned int sigSz,
2551  const unsigned char* msg, unsigned int msgSz,
2552  const unsigned char* keyDer, unsigned int keySz,
2553  int* result, void* ctx);
2554 WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*,
2555  CallbackEd25519Verify);
2556 WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx);
2557 WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl);
2558 #endif
2559 
2560 #ifdef HAVE_CURVE25519
2561 struct curve25519_key;
2562 
2563 typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key,
2564  unsigned int keySz, void* ctx);
2565 WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen);
2566 WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx);
2567 WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl);
2568 
2569 typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl,
2570  struct curve25519_key* otherKey,
2571  unsigned char* pubKeyDer, unsigned int* pubKeySz,
2572  unsigned char* out, unsigned int* outlen,
2573  int side, void* ctx);
2574  /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
2575 WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*,
2576  CallbackX25519SharedSecret);
2577 WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx);
2578 WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl);
2579 #endif
2580 
2581 #ifdef HAVE_ED448
2582 struct ed448_key;
2583 typedef int (*CallbackEd448Sign)(WOLFSSL* ssl,
2584  const unsigned char* in, unsigned int inSz,
2585  unsigned char* out, unsigned int* outSz,
2586  const unsigned char* keyDer, unsigned int keySz,
2587  void* ctx);
2588 WOLFSSL_API void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX*,
2589  CallbackEd448Sign);
2590 WOLFSSL_API void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx);
2591 WOLFSSL_API void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl);
2592 
2593 typedef int (*CallbackEd448Verify)(WOLFSSL* ssl,
2594  const unsigned char* sig, unsigned int sigSz,
2595  const unsigned char* msg, unsigned int msgSz,
2596  const unsigned char* keyDer, unsigned int keySz,
2597  int* result, void* ctx);
2598 WOLFSSL_API void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX*,
2599  CallbackEd448Verify);
2600 WOLFSSL_API void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx);
2601 WOLFSSL_API void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl);
2602 #endif
2603 
2604 #ifdef HAVE_CURVE448
2605 struct curve448_key;
2606 
2607 typedef int (*CallbackX448KeyGen)(WOLFSSL* ssl, struct curve448_key* key,
2608  unsigned int keySz, void* ctx);
2609 WOLFSSL_API void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX*, CallbackX448KeyGen);
2610 WOLFSSL_API void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx);
2611 WOLFSSL_API void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl);
2612 
2613 typedef int (*CallbackX448SharedSecret)(WOLFSSL* ssl,
2614  struct curve448_key* otherKey,
2615  unsigned char* pubKeyDer, unsigned int* pubKeySz,
2616  unsigned char* out, unsigned int* outlen,
2617  int side, void* ctx);
2618  /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
2619 WOLFSSL_API void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX*,
2620  CallbackX448SharedSecret);
2621 WOLFSSL_API void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx);
2622 WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl);
2623 #endif
2624 
2625 #ifndef NO_RSA
2626 typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
2627  const unsigned char* in, unsigned int inSz,
2628  unsigned char* out, unsigned int* outSz,
2629  const unsigned char* keyDer, unsigned int keySz,
2630  void* ctx);
2631 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
2632 WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
2633 WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
2634 
2635 typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
2636  unsigned char* sig, unsigned int sigSz,
2637  unsigned char** out,
2638  const unsigned char* keyDer, unsigned int keySz,
2639  void* ctx);
2640 WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
2641 WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify);
2642 WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
2643 WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
2644 
2645 #ifdef WC_RSA_PSS
2646 typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl,
2647  const unsigned char* in, unsigned int inSz,
2648  unsigned char* out, unsigned int* outSz,
2649  int hash, int mgf,
2650  const unsigned char* keyDer, unsigned int keySz,
2651  void* ctx);
2652 WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign);
2653 WOLFSSL_API void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx);
2654 WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl);
2655 
2656 typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl,
2657  unsigned char* sig, unsigned int sigSz,
2658  unsigned char** out,
2659  int hash, int mgf,
2660  const unsigned char* keyDer, unsigned int keySz,
2661  void* ctx);
2662 WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*,
2663  CallbackRsaPssVerify);
2664 WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*,
2665  CallbackRsaPssVerify);
2666 WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx);
2667 WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
2668 #endif
2669 
2670 /* RSA Public Encrypt cb */
2671 typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
2672  const unsigned char* in, unsigned int inSz,
2673  unsigned char* out, unsigned int* outSz,
2674  const unsigned char* keyDer, unsigned int keySz,
2675  void* ctx);
2676 WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
2677 WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
2678 WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
2679 
2680 /* RSA Private Decrypt cb */
2681 typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
2682  unsigned char* in, unsigned int inSz,
2683  unsigned char** out,
2684  const unsigned char* keyDer, unsigned int keySz,
2685  void* ctx);
2686 WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
2687 WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
2688 WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
2689 #endif
2690 #endif /* HAVE_PK_CALLBACKS */
2691 
2692 #ifndef NO_CERTS
2693  WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
2694 
2695  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*);
2696 
2697  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
2698  WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
2699  WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
2700 
2701  WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
2702  const char* d);
2703  WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*,
2704  const unsigned char* in, long sz, int format);
2705  WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
2706 #ifdef WOLFSSL_TRUST_PEER_CERT
2707  WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
2708 #endif
2709  WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
2710  int format);
2711  WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
2712  const unsigned char* buff, long sz, int format);
2713  WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*,
2714  unsigned char*, int sz);
2715  WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*,
2716  int options);
2717  WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
2718  WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
2719  VerifyCallback vc);
2720  WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*,
2721  const char*, int, int);
2722  WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*,
2723  const unsigned char*, long sz, int);
2724  WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
2725  CbMissingCRL);
2726  WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *);
2727 #ifdef HAVE_CRL_IO
2728  WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
2729  CbCrlIO);
2730 #endif
2731 #if defined(HAVE_OCSP)
2732  WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *,
2733  byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
2734  CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
2735 #endif
2736  WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
2737  unsigned char*, int sz);
2738  WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
2739  int options);
2740  WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
2741  WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*,
2742  const char*);
2743  WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*,
2744  CbOCSPIO, CbOCSPRespFree, void*);
2745 
2746  WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
2747  WOLFSSL_CERT_MANAGER* cm);
2748  WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
2749  WOLFSSL_CERT_MANAGER* cm);
2750 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
2751 WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
2752 #endif
2753  WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
2754  WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
2755  WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
2756  WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*,
2757  const unsigned char*, long sz, int);
2758  WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
2759 #ifdef HAVE_CRL_IO
2760  WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
2761 #endif
2762  WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
2763  WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
2764  WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
2765  WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
2766  WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*);
2767  WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*);
2768 
2769  WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
2770  WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
2771  WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
2772  WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*,
2773  const unsigned char*, long sz, int);
2774  WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
2775 #ifdef HAVE_CRL_IO
2776  WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
2777 #endif
2778 
2779  WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
2780  WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
2781  WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
2782  WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
2783  CbOCSPIO, CbOCSPRespFree, void*);
2784  WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
2785  WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
2786 #endif /* !NO_CERTS */
2787 
2788 
2789 #ifdef SINGLE_THREADED
2790  WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*);
2791 #endif
2792 
2793 /* end of handshake frees temporary arrays, if user needs for get_keys or
2794  psk hints, call KeepArrays before handshake and then FreeArrays when done
2795  if don't want to wait for object free */
2796 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
2797 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
2798 
2799 WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl);
2800 WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl);
2801 
2802 WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
2803 WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
2804 
2805 /* async additions */
2806 #define wolfSSL_UseAsync wolfSSL_SetDevId
2807 #define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId
2808 WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId);
2809 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId);
2810 
2811 /* helpers to get device id and heap */
2812 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX*, WOLFSSL*);
2813 WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
2814 
2815 /* TLS Extensions */
2816 
2817 /* Server Name Indication */
2818 #ifdef HAVE_SNI
2819 
2820 /* SNI types */
2821 enum {
2822  WOLFSSL_SNI_HOST_NAME = 0
2823 };
2824 
2825 WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL*, unsigned char,
2826  const void*, unsigned short);
2827 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX*, unsigned char,
2828  const void*, unsigned short);
2829 
2830 #ifndef NO_WOLFSSL_SERVER
2831 
2832 /* SNI options */
2833 enum {
2834  /* Do not abort the handshake if the requested SNI didn't match. */
2835  WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
2836 
2837  /* Behave as if the requested SNI matched in a case of mismatch. */
2838  /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
2839  WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02,
2840 
2841  /* Abort the handshake if the client didn't send a SNI request. */
2842  WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04,
2843 };
2844 
2845 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
2846  unsigned char options);
2847 WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
2848  unsigned char type, unsigned char options);
2849 WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
2850  const unsigned char* clientHello, unsigned int helloSz,
2851  unsigned char type, unsigned char* sni, unsigned int* inOutSz);
2852 
2853 #endif /* NO_WOLFSSL_SERVER */
2854 
2855 /* SNI status */
2856 enum {
2857  WOLFSSL_SNI_NO_MATCH = 0,
2858  WOLFSSL_SNI_FAKE_MATCH = 1,
2859  WOLFSSL_SNI_REAL_MATCH = 2,
2860  WOLFSSL_SNI_FORCE_KEEP = 3
2861 };
2862 
2863 WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
2864 
2865 WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
2866  unsigned char type, void** data);
2867 
2868 #endif /* HAVE_SNI */
2869 
2870 /* Trusted CA Key Indication - RFC 6066 (Section 6) */
2871 #ifdef HAVE_TRUSTED_CA
2872 
2873 /* TCA Identifier Type */
2874 enum {
2875  WOLFSSL_TRUSTED_CA_PRE_AGREED = 0,
2876  WOLFSSL_TRUSTED_CA_KEY_SHA1 = 1,
2877  WOLFSSL_TRUSTED_CA_X509_NAME = 2,
2878  WOLFSSL_TRUSTED_CA_CERT_SHA1 = 3
2879 };
2880 
2881 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type,
2882  const unsigned char* certId, unsigned int certIdSz);
2883 #endif /* HAVE_TRUSTED_CA */
2884 
2885 /* Application-Layer Protocol Negotiation */
2886 #ifdef HAVE_ALPN
2887 
2888 /* ALPN status code */
2889 enum {
2890  WOLFSSL_ALPN_NO_MATCH = 0,
2891  WOLFSSL_ALPN_MATCH = 1,
2892  WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
2893  WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
2894 };
2895 
2896 enum {
2897  WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255,
2898  WOLFSSL_MAX_ALPN_NUMBER = 257
2899 };
2900 
2901 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2902 typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
2903  unsigned char* outLen, const unsigned char* in, unsigned int inLen,
2904  void *arg);
2905 #endif
2906 
2907 WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl,
2908  char *protocol_name_list,
2909  unsigned int protocol_name_listSz,
2910  unsigned char options);
2911 
2912 WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
2913  unsigned short *size);
2914 
2915 WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
2916  unsigned short *listSz);
2917 WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list);
2918 #endif /* HAVE_ALPN */
2919 
2920 /* Maximum Fragment Length */
2921 #ifdef HAVE_MAX_FRAGMENT
2922 
2923 /* Fragment lengths */
2924 enum {
2925  WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
2926  WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
2927  WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
2928  WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
2929  WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
2930  WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */
2931  WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9,
2932  WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8,
2933 };
2934 
2935 #ifndef NO_WOLFSSL_CLIENT
2936 
2937 WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
2938 WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
2939 
2940 #endif
2941 #endif /* HAVE_MAX_FRAGMENT */
2942 
2943 /* Truncated HMAC */
2944 #ifdef HAVE_TRUNCATED_HMAC
2945 #ifndef NO_WOLFSSL_CLIENT
2946 
2947 WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
2948 WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
2949 
2950 #endif
2951 #endif
2952 
2953 /* Certificate Status Request */
2954 /* Certificate Status Type */
2955 enum {
2956  WOLFSSL_CSR_OCSP = 1
2957 };
2958 
2959 /* Certificate Status Options (flags) */
2960 enum {
2961  WOLFSSL_CSR_OCSP_USE_NONCE = 0x01
2962 };
2963 
2964 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2965 #ifndef NO_WOLFSSL_CLIENT
2966 
2967 WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
2968  unsigned char status_type, unsigned char options);
2969 
2970 WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
2971  unsigned char status_type, unsigned char options);
2972 
2973 #endif
2974 #endif
2975 
2976 /* Certificate Status Request v2 */
2977 /* Certificate Status Type */
2978 enum {
2979  WOLFSSL_CSR2_OCSP = 1,
2980  WOLFSSL_CSR2_OCSP_MULTI = 2
2981 };
2982 
2983 /* Certificate Status v2 Options (flags) */
2984 enum {
2985  WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01
2986 };
2987 
2988 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2989 #ifndef NO_WOLFSSL_CLIENT
2990 
2991 WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
2992  unsigned char status_type, unsigned char options);
2993 
2994 WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
2995  unsigned char status_type, unsigned char options);
2996 
2997 #endif
2998 #endif
2999 
3000 /* Named Groups */
3001 enum {
3002 #if 0 /* Not Supported */
3003  WOLFSSL_ECC_SECT163K1 = 1,
3004  WOLFSSL_ECC_SECT163R1 = 2,
3005  WOLFSSL_ECC_SECT163R2 = 3,
3006  WOLFSSL_ECC_SECT193R1 = 4,
3007  WOLFSSL_ECC_SECT193R2 = 5,
3008  WOLFSSL_ECC_SECT233K1 = 6,
3009  WOLFSSL_ECC_SECT233R1 = 7,
3010  WOLFSSL_ECC_SECT239K1 = 8,
3011  WOLFSSL_ECC_SECT283K1 = 9,
3012  WOLFSSL_ECC_SECT283R1 = 10,
3013  WOLFSSL_ECC_SECT409K1 = 11,
3014  WOLFSSL_ECC_SECT409R1 = 12,
3015  WOLFSSL_ECC_SECT571K1 = 13,
3016  WOLFSSL_ECC_SECT571R1 = 14,
3017 #endif
3018  WOLFSSL_ECC_SECP160K1 = 15,
3019  WOLFSSL_ECC_SECP160R1 = 16,
3020  WOLFSSL_ECC_SECP160R2 = 17,
3021  WOLFSSL_ECC_SECP192K1 = 18,
3022  WOLFSSL_ECC_SECP192R1 = 19,
3023  WOLFSSL_ECC_SECP224K1 = 20,
3024  WOLFSSL_ECC_SECP224R1 = 21,
3025  WOLFSSL_ECC_SECP256K1 = 22,
3026  WOLFSSL_ECC_SECP256R1 = 23,
3027  WOLFSSL_ECC_SECP384R1 = 24,
3028  WOLFSSL_ECC_SECP521R1 = 25,
3029  WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
3030  WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
3031  WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
3032  WOLFSSL_ECC_X25519 = 29,
3033  WOLFSSL_ECC_X448 = 30,
3034 
3035  WOLFSSL_FFDHE_2048 = 256,
3036  WOLFSSL_FFDHE_3072 = 257,
3037  WOLFSSL_FFDHE_4096 = 258,
3038  WOLFSSL_FFDHE_6144 = 259,
3039  WOLFSSL_FFDHE_8192 = 260,
3040 };
3041 
3042 enum {
3043  WOLFSSL_EC_PF_UNCOMPRESSED = 0,
3044 #if 0 /* Not Supported */
3045  WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
3046  WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
3047 #endif
3048 };
3049 
3050 #ifdef HAVE_SUPPORTED_CURVES
3051 #ifndef NO_WOLFSSL_CLIENT
3052 
3053 WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
3054 WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
3055  word16 name);
3056 
3057 #endif
3058 #endif
3059 
3060 #ifdef WOLFSSL_TLS13
3061 WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
3062 WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
3063 #endif
3064 
3065 
3066 /* Secure Renegotiation */
3067 #ifdef HAVE_SECURE_RENEGOTIATION
3068 
3069 WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
3070 WOLFSSL_API int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx);
3071 WOLFSSL_API int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume);
3072 WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
3073 WOLFSSL_API int wolfSSL_SecureResume(WOLFSSL* ssl);
3074 WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl);
3075 
3076 #endif
3077 
3078 /* Session Ticket */
3079 #ifdef HAVE_SESSION_TICKET
3080 
3081 #ifndef NO_WOLFSSL_CLIENT
3082 WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
3083 WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
3084 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, word32*);
3085 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, word32);
3086 typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
3087 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
3088  CallbackSessionTicket, void*);
3089 #endif /* NO_WOLFSSL_CLIENT */
3090 
3091 
3092 #define WOLFSSL_TICKET_NAME_SZ 16
3093 #define WOLFSSL_TICKET_IV_SZ 16
3094 #define WOLFSSL_TICKET_MAC_SZ 32
3095 
3096 enum TicketEncRet {
3097  WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */
3098  WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */
3099  WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */
3100  WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */
3101 };
3102 
3103 #ifndef NO_WOLFSSL_SERVER
3104 
3105 typedef int (*SessionTicketEncCb)(WOLFSSL*,
3106  unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
3107  unsigned char iv[WOLFSSL_TICKET_IV_SZ],
3108  unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
3109  int enc, unsigned char*, int, int*, void*);
3110 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
3111  SessionTicketEncCb);
3112 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
3113 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
3114 
3115 #endif /* NO_WOLFSSL_SERVER */
3116 
3117 #endif /* HAVE_SESSION_TICKET */
3118 
3119 #ifdef HAVE_QSH
3120 /* Quantum-safe Crypto Schemes */
3121 enum {
3122  WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */
3123  WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */
3124  WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
3125  WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */
3126  WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */
3127  WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */
3128 };
3129 
3130 
3131 /* test if the connection is using a QSH secure connection return 1 if so */
3132 WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
3133 WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
3134 #ifndef NO_WOLFSSL_CLIENT
3135  /* user control over sending client public key in hello
3136  when flag = 1 will send keys if flag is 0 or function is not called
3137  then will not send keys in the hello extension */
3138  WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
3139 #endif
3140 
3141 #endif /* QSH */
3142 
3143 /* TLS Extended Master Secret Extension */
3144 WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
3145 WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
3146 
3147 
3148 #define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
3149 #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
3150 
3151 
3152 /* notify user the handshake is done */
3153 typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
3154 WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
3155 
3156 
3157 WOLFSSL_API int wolfSSL_PrintSessionStats(void);
3158 WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
3159  unsigned int* total,
3160  unsigned int* peak,
3161  unsigned int* maxSessions);
3162 /* External facing KDF */
3163 WOLFSSL_API
3164 int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
3165  const unsigned char* pms, word32 pmsLen,
3166  const unsigned char* cr, const unsigned char* sr,
3167  int tls1_2, int hash_type);
3168 
3169 WOLFSSL_API
3170 int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, word32 msLen,
3171  const unsigned char* pms, word32 pmsLen,
3172  const unsigned char* sHash, word32 sHashLen,
3173  int tls1_2, int hash_type);
3174 
3175 WOLFSSL_API
3176 int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
3177  const unsigned char* ms, word32 msLen,
3178  const unsigned char* sr, const unsigned char* cr,
3179  int tls1_2, int hash_type);
3180 
3181 #ifdef WOLFSSL_CALLBACKS
3182 
3183 typedef int (*HandShakeCallBack)(HandShakeInfo*);
3184 typedef int (*TimeoutCallBack)(TimeoutInfo*);
3185 
3186 /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
3187  for diagnostics */
3188 WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
3189  WOLFSSL_TIMEVAL);
3190 WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
3191  WOLFSSL_TIMEVAL);
3192 
3193 #endif /* WOLFSSL_CALLBACKS */
3194 
3195 
3196 #ifdef WOLFSSL_HAVE_WOLFSCEP
3197  WOLFSSL_API void wolfSSL_wolfSCEP(void);
3198 #endif /* WOLFSSL_HAVE_WOLFSCEP */
3199 
3200 #ifdef WOLFSSL_HAVE_CERT_SERVICE
3201  WOLFSSL_API void wolfSSL_cert_service(void);
3202 #endif
3203 
3204 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3205 /* Smaller subset of X509 compatibility functions. Avoid increasing the size of
3206  * this subset and its memory usage */
3207 
3208 #include <wolfssl/openssl/asn1.h>
3209 struct WOLFSSL_X509_NAME_ENTRY {
3210  WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
3211  WOLFSSL_ASN1_STRING data;
3212  WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
3213  int nid; /* i.e. ASN_COMMON_NAME */
3214  int set;
3215  int size;
3216 };
3217 
3218 WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
3219  const WOLFSSL_ASN1_OBJECT *obj,
3220  int idx);
3221 
3222 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3223 
3224 
3225 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
3226 
3227 enum {
3228  WOLFSSL_SYS_ACCEPT = 0,
3229  WOLFSSL_SYS_BIND,
3230  WOLFSSL_SYS_CONNECT,
3231  WOLFSSL_SYS_FOPEN,
3232  WOLFSSL_SYS_FREAD,
3233  WOLFSSL_SYS_GETADDRINFO,
3234  WOLFSSL_SYS_GETSOCKOPT,
3235  WOLFSSL_SYS_GETSOCKNAME,
3236  WOLFSSL_SYS_GETHOSTBYNAME,
3237  WOLFSSL_SYS_GETNAMEINFO,
3238  WOLFSSL_SYS_GETSERVBYNAME,
3239  WOLFSSL_SYS_IOCTLSOCKET,
3240  WOLFSSL_SYS_LISTEN,
3241  WOLFSSL_SYS_OPENDIR,
3242  WOLFSSL_SYS_SETSOCKOPT,
3243  WOLFSSL_SYS_SOCKET
3244 };
3245 
3246 /* Object functions */
3247 WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n);
3248 WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
3249 WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o);
3250 WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
3251 
3252 WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n);
3253 WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln);
3254 WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a,
3255  const WOLFSSL_ASN1_OBJECT* b);
3256 WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn);
3257 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name);
3258 
3259 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n);
3260 WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj);
3261 WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name);
3262 
3263 WOLFSSL_API void wolfSSL_OBJ_cleanup(void);
3264 WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln);
3265 #ifdef HAVE_ECC
3266 WOLFSSL_LOCAL int NIDToEccEnum(int n);
3267 #endif
3268 /* end of object functions */
3269 
3270 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
3271 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
3272 WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
3273 WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void));
3274 WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx);
3275 
3276 #ifndef NO_CERTS
3277 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
3278  WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
3279  const unsigned char* data, int dataSz);
3280 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_txt(
3281  WOLFSSL_X509_NAME_ENTRY **neIn, const char *txt, int format,
3282  const unsigned char *data, int dataSz);
3283 WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
3284  WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set);
3285 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
3286  const char *field, int type, const unsigned char *bytes, int len, int loc,
3287  int set);
3288 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
3289  int type, const unsigned char *bytes,
3290  int len, int loc, int set);
3291 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
3292  const WOLFSSL_X509_NAME* y);
3293 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
3294 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
3295 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
3296 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
3297 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
3298  int nid, int* c, int* idx);
3299 WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
3300 WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
3301 WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
3302 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
3303  WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
3304  char* value);
3305 WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx,
3306  WOLFSSL_X509* issuer, WOLFSSL_X509* subject, WOLFSSL_X509* req,
3307  WOLFSSL_X509_CRL* crl, int flag);
3308 WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx);
3309 WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
3310  const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
3311 WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
3312 WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
3313 WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
3314  const unsigned char* der, long derSz);
3315 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
3316 #ifndef NO_RSA
3317 WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
3318  long derSz);
3319 #endif
3320 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
3321  unsigned char* der, long derSz);
3322 
3323 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
3324 WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
3325 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
3326 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
3327 WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
3328 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
3329 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
3330  WOLFSSL_X509_EXTENSION* ext);
3331 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
3332 WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
3333 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
3334 #endif
3335 
3336 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
3337 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
3338 #endif /* NO_CERTS */
3339 
3340 WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
3341 
3342 WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
3343  unsigned char* out, int outSz);
3344 WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
3345 
3346 WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
3347  WOLFSSL_X509_STORE* str);
3348 WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
3349 #if !defined(NO_FILESYSTEM)
3350 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
3351  WOLFSSL_X509** x509);
3352 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s);
3353 #endif
3354 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
3355  WOLFSSL_X509** x509);
3356 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
3357 
3358 WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
3359 WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
3360 
3361 WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
3362  unsigned char *out, size_t outlen);
3363 WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
3364 
3365 WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
3366 WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
3367 
3368 WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
3369  unsigned char* out, size_t outSz);
3370 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
3371 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
3372 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
3373  WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
3374 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
3375  (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
3376 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
3377  WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
3378  pem_password_cb* cb, void* u);
3379 #ifndef NO_FILESYSTEM
3380 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp,
3381  WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
3382 #endif
3383 WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
3384  EncryptedInfo* cipher);
3385 WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
3386  unsigned char* data, long* len,
3387  pem_password_cb* callback, void* ctx);
3388 
3389 /*lighttp compatibility */
3390 
3391 struct WOLFSSL_ASN1_BIT_STRING {
3392  int length;
3393  int type;
3394  byte* data;
3395  long flags;
3396 };
3397 
3398 
3399 #if defined(OPENSSL_EXTRA) \
3400  || defined(OPENSSL_ALL) \
3401  || defined(HAVE_LIGHTY) \
3402  || defined(WOLFSSL_MYSQL_COMPATIBLE) \
3403  || defined(HAVE_STUNNEL) \
3404  || defined(WOLFSSL_NGINX) \
3405  || defined(WOLFSSL_HAPROXY)
3406 WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
3407 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
3408 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
3409 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX*, WOLFSSL_X509*);
3410 WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*);
3411 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
3412 /* These are to be merged shortly */
3413 WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
3414 WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
3415 WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
3416 WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
3417 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
3418 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
3419 WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
3420 WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
3421 WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
3422 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
3423 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );
3424 WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509);
3425 
3426 #ifndef NO_FILESYSTEM
3427 WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
3428 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
3429 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
3430 #endif
3431 
3432 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
3433 
3434 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
3435 
3436 
3437 #if defined(OPENSSL_ALL) \
3438  || defined(HAVE_STUNNEL) \
3439  || defined(HAVE_LIGHTY) \
3440  || defined(WOLFSSL_MYSQL_COMPATIBLE) \
3441  || defined(WOLFSSL_HAPROXY) \
3442  || defined(OPENSSL_EXTRA)
3443 
3444 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
3445 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
3446 WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
3447  WOLFSSL_DH **x, pem_password_cb *cb, void *u);
3448 WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
3449  WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
3450 WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
3451 WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
3452 WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
3453 #endif /* HAVE_STUNNEL || HAVE_LIGHTY */
3454 
3455 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
3456  defined(WOLFSSL_CERT_REQ)
3457 WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
3458 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
3459 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
3460 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
3461  const WOLFSSL_EVP_MD *md);
3462 WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
3463  WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext);
3464 WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
3465  WOLFSSL_X509_NAME *name);
3466 WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
3467  WOLFSSL_EVP_PKEY *pkey);
3468 #endif
3469 
3470 
3471 #if defined(OPENSSL_ALL) \
3472  || defined(HAVE_STUNNEL) \
3473  || defined(WOLFSSL_NGINX) \
3474  || defined(WOLFSSL_HAPROXY) \
3475  || defined(OPENSSL_EXTRA) \
3476  || defined(HAVE_LIGHTY)
3477 
3478 #include <wolfssl/openssl/crypto.h>
3479 
3480 /* SNI received callback type */
3481 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
3482 
3483 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
3484  void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
3485 
3486 WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
3487 
3488 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
3489 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn);
3490 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
3491 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn);
3492 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn);
3493 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn);
3494 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn);
3495 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn);
3496 
3497 WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
3498  void (*callback) (int, int, void *), void *cb_arg);
3499 
3500 WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
3501  void (*callback) (int, int, void *));
3502 
3503 WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
3504 
3505 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
3506 
3507 WOLFSSL_API int wolfSSL_FIPS_mode(void);
3508 
3509 WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
3510 
3511 WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
3512 
3513 WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
3514 
3515 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void);
3516 WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s);
3517 
3518 WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void);
3519 WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info);
3520 
3521 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_INFO_new_null(void);
3522 WOLFSSL_API int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
3523 WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(
3524  const WOLF_STACK_OF(WOLFSSL_X509_INFO)*, int);
3525 WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
3526  WOLFSSL_X509_INFO*);
3527 WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
3528 WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
3529  void (*f) (WOLFSSL_X509_INFO*));
3530 WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
3531 
3532 typedef int (*wolf_sk_compare_cb)(const void* const *a,
3533  const void* const *b);
3534 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
3535  wolf_sk_compare_cb);
3536 WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
3537  WOLFSSL_X509_NAME*);
3538 WOLFSSL_API int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
3539  WOLFSSL_X509_NAME*);
3540 WOLFSSL_API int wolfSSL_sk_X509_NAME_set_cmp_func(
3541  WOLF_STACK_OF(WOLFSSL_X509_NAME)*, wolf_sk_compare_cb);
3542 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int);
3543 WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
3544 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
3545 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
3546  void (*f) (WOLFSSL_X509_NAME*));
3547 WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *);
3548 
3549 WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s);
3550 
3551 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
3552  unsigned long);
3553 
3554 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
3555 WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
3556 WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
3557  const WOLFSSL_X509*);
3558 WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
3559  const WOLFSSL_ASN1_BIT_STRING*, int);
3560 WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
3561  WOLFSSL_ASN1_BIT_STRING*, int, int);
3562 
3563 WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
3564 
3565 WOLFSSL_API int wolfSSL_version(WOLFSSL*);
3566 
3567 WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
3568 
3569 WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
3570 
3571 WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
3572 
3573 WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
3574 
3575 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
3576 
3577 WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
3578 
3579 WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
3580  CRYPTO_free_func*);
3581 
3582 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
3583 
3584 
3585 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
3586  unsigned int*);
3587 
3588 WOLFSSL_API int wolfSSL_SESSION_print(WOLFSSL_BIO*, const WOLFSSL_SESSION*);
3589 
3590 WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *);
3591 
3592 WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char);
3593 
3594 WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*);
3595 
3596 WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
3597 
3598 WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
3599 
3600 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
3601  CallbackSniRecv);
3602 WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
3603  CallbackSniRecv);
3604 
3605 WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
3606 
3607 WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
3608 
3609 /* support for deprecated old name */
3610 #define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
3611 
3612 #ifndef NO_FILESYSTEM
3613 WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp);
3614 #endif
3615 
3616 WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
3617 
3618 WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
3619 
3620 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
3621  WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
3622 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
3623  wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *);
3624 WOLFSSL_API WOLFSSL_X509_OBJECT*
3625  wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
3626 WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
3627 
3628 WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
3629 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
3630 
3631 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
3632 WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
3633 WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
3634 #endif /* OPENSSL_EXTRA && HAVE_ECC */
3635 
3636 #if defined(OPENSSL_ALL) || \
3637  defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
3638  defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3639 
3640 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
3641 
3642 #endif
3643 
3644 #ifdef WOLFSSL_JNI
3645 WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
3646 WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
3647 #endif /* WOLFSSL_JNI */
3648 
3649 
3650 #ifdef WOLFSSL_ASYNC_CRYPT
3651 WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
3652 WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
3653  WOLF_EVENT_FLAG flags, int* eventCount);
3654 #endif /* WOLFSSL_ASYNC_CRYPT */
3655 
3656 #ifdef OPENSSL_EXTRA
3657 typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
3658  const void *buf, size_t len, WOLFSSL *ssl, void *arg);
3659 
3660 WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
3661 WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
3662 WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
3663 WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
3664 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
3665  int *line, const char **data, int *flags);
3666 WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx,
3667  const unsigned char *protos, unsigned int protos_len);
3668 WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
3669  const unsigned char* protos, unsigned int protos_len);
3670 WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
3671  size_t siz, const char* file, int line);
3672 WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
3673 #endif
3674 
3675 #if defined(OPENSSL_ALL) \
3676  || defined(WOLFSSL_NGINX) \
3677  || defined(WOLFSSL_HAPROXY) \
3678  || defined(OPENSSL_EXTRA)
3679 WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
3680 #endif
3681 
3682 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3683 /* Not an OpenSSL API. */
3684 WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
3685 /* Not an OpenSSL API. */
3686 WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
3687 /* Not an OpenSSL API. */
3688 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
3689 #endif
3690 
3691 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
3692  || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
3693 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
3694 WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
3695  void *b, void *c);
3696 WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
3697 WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
3698  void *data);
3699 WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
3700  const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
3701 
3702 WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
3703 WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl);
3704 WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
3705  WOLFSSL_EC_KEY *ecdh);
3706 WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *,
3707  WOLFSSL_SESSION *c);
3708 
3709 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
3710 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
3711 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
3712 WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL*);
3713 WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
3714 
3715 #ifndef NO_SESSION_CACHE
3716  WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
3717 #endif
3718 WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
3719  size_t chklen, unsigned int flags, char **peername);
3720 
3721 WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
3722  const WOLFSSL_ASN1_INTEGER *a);
3723 
3724 #ifdef HAVE_SESSION_TICKET
3725 WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
3726  WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
3727  WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
3728 #endif
3729 
3730 #if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
3731  defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3732 WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
3733  WOLF_STACK_OF(X509)** chain);
3734 WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
3735  int(*)(WOLFSSL*, void*));
3736 
3737 WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
3738  WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x);
3739 
3740 WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
3741 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
3742 
3743 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
3744  WOLFSSL_X509 *subject);
3745 
3746 WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
3747  WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
3748 #endif /* HAVE_OCSP */
3749 
3750 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
3751  WOLFSSL_X509 *cert);
3752 
3753 #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
3754  OPENSSL_EXTRA || HAVE_LIGHTY*/
3755 
3756 WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
3757  const unsigned char **data, unsigned int *len);
3758 WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
3759  unsigned char *outlen,
3760  const unsigned char *in, unsigned int inlen,
3761  const unsigned char *client,
3762  unsigned int client_len);
3763 WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
3764  int (*cb) (WOLFSSL *ssl,
3765  const unsigned char **out,
3766  unsigned char *outlen,
3767  const unsigned char *in,
3768  unsigned int inlen,
3769  void *arg), void *arg);
3770 WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
3771  int (*cb) (WOLFSSL *ssl,
3772  const unsigned char **out,
3773  unsigned int *outlen,
3774  void *arg), void *arg);
3775 WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
3776  int (*cb) (WOLFSSL *ssl,
3777  unsigned char **out,
3778  unsigned char *outlen,
3779  const unsigned char *in,
3780  unsigned int inlen,
3781  void *arg), void *arg);
3782 WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
3783  unsigned *len);
3784 
3785 
3786 #ifdef OPENSSL_EXTRA
3787 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3788 WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
3789  const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
3790 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
3791 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
3792 #endif
3793 
3794 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
3795 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
3796 WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void);
3797 WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
3798 WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
3799 WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor);
3800 WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval);
3801 WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void);
3802 WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at);
3803 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void);
3804 WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x);
3805 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509);
3806 WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa, WOLFSSL_X509_PUBKEY *pub);
3807 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
3808 WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
3809 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
3810 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
3811 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
3812 WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
3813 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
3814 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
3815 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
3816 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
3817  WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind);
3818 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup(
3819  WOLF_STACK_OF(WOLFSSL_CIPHER)* in);
3820 WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
3821 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
3822 WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
3823 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
3824 WOLFSSL_API void ERR_load_SSL_strings(void);
3825 WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
3826 
3827 WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
3828 WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags);
3829 WOLFSSL_API int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str);
3830 WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t);
3831 WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
3832 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
3833  WOLFSSL_ASN1_TIME **out);
3834 WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
3835 WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
3836 WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
3837 WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
3838 
3839 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
3840  WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
3841  int passwdSz, pem_password_cb* cb, void* ctx);
3842 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
3843  WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
3844 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
3845  WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
3846 WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
3847 
3848 
3849 #endif /* OPENSSL_EXTRA */
3850 
3851 #ifdef HAVE_PK_CALLBACKS
3852 WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl);
3853 WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx);
3854 #endif
3855 
3856 #ifdef HAVE_ENCRYPT_THEN_MAC
3857 WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int);
3858 WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int);
3859 #endif
3860 
3861 #ifdef __cplusplus
3862  } /* extern "C" */
3863 #endif
3864 
3865 
3866 #endif /* WOLFSSL_SSL_H */
wolfSSL_dtls_get_using_nonblock
WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL *)
This function allows the application to determine if wolfSSL is using non-blocking I/O with UDP...
Definition: ssl.c:11068
wolfSSL_SetRsaVerifyCtx
WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Verification Callback Context to ctx.
Definition: ssl.c:35998
unknown_psk_identity
Definition: ssl.h:630
OcspEntry
Definition: asn.h:1361
wolfSSL_CTX_SetTmpDH_buffer
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX *, const unsigned char *b, long sz, int format)
A wrapper function that calls wolfSSL_SetTmpDH_buffer_wrapper.
Definition: ssl.c:13809
wolfSSL_shutdown
WOLFSSL_API int wolfSSL_shutdown(WOLFSSL *)
This function shuts down an active SSL/TLS connection using the SSL session, ssl. This function will ...
Definition: ssl.c:2970
wolfSSL_CertManagerEnableOCSPStapling
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER *cm)
This function turns on OCSP stapling if it is not turned on as well as set the options.
Definition: ssl.c:6180
WOLFSSL_ECDSA_SIG
Definition: ecdsa.h:42
wolfSSL_get_psk_identity
WOLFSSL_API const char * wolfSSL_get_psk_identity(const WOLFSSL *)
The function returns a constant pointer to the client_identity member of the Arrays structure...
Definition: ssl.c:13529
wolfSSL_get_current_cipher
WOLFSSL_API WOLFSSL_CIPHER * wolfSSL_get_current_cipher(WOLFSSL *)
This function returns a pointer to the current cipher in the ssl session.
Definition: ssl.c:19312
wolfSSL_SetCRL_Cb
WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL *, CbMissingCRL)
Sets the CRL callback in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:6958
wolfSSL_CertManagerVerify
WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER *, const char *f, int format)
Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILET...
Definition: ssl.c:6696
wolfSSLv3_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_client_method(void)
The wolfSSLv3_client_method() function is used to indicate that the application is a client and will ...
Definition: ssl.c:11347
wolfSSLv3_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv3_server_method(void)
The wolfSSLv3_server_method() function is used to indicate that the application is a server and will ...
Definition: ssl.c:11731
WOLFSSL_AUTHORITY_KEYID
Definition: ssl.h:196
wolfSSL_GetMacSecret
WOLFSSL_API const unsigned char * wolfSSL_GetMacSecret(WOLFSSL *, int)
Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies wh...
Definition: ssl.c:3231
wolfSSL_BIO_write_filename
WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
This is used to set and write to a file. WIll overwrite any data currently in the file and is set to ...
Definition: bio.c:1362
wolfSSL_negotiate
WOLFSSL_API int wolfSSL_negotiate(WOLFSSL *ssl)
Performs the actual connect or accept based on the side of the SSL method. If called from the client ...
Definition: ssl.c:1381
wolfSSL_CTX_set_tlsext_status_arg
WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *, void *arg)
This function sets the options argument to use with OCSP.
Definition: ssl.c:25697
wolfSSL_GetKeySize
WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL *)
Allows retrieval of the key size from the handshake process.
Definition: ssl.c:3414
wolfSSL_SNI_GetRequest
WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type, void **data)
This function is called on the server side to retrieve the Server Name Indication provided by the cli...
Definition: ssl.c:2196
wolfSSL_GetMacEncryptCtx
WOLFSSL_API void * wolfSSL_GetMacEncryptCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously s...
Definition: ssl.c:3267
wolfSSL_SetTmpDH_buffer
WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL *, const unsigned char *b, long sz, int format)
The function calls the wolfSSL_SetTMpDH_buffer_wrapper, which is a wrapper for Diffie-Hellman paramet...
Definition: ssl.c:13798
wolfSSL_X509_PUBKEY_free
WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x)
Definition: ssl.c:25051
wolfSSL_LoadCRL
WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL *, const char *, int, int)
A wrapper function that ends up calling LoadCRL to load the certificate for revocation checking...
Definition: ssl.c:6948
wolfSSL_CTX_load_verify_chain_buffer_format
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a CA certificate chain buffer into the WOLFSSL Context. It behaves like the non-b...
Definition: ssl.c:13627
wolfSSL_load_error_strings
WOLFSSL_API void wolfSSL_load_error_strings(void)
This function is for OpenSSL compatibility (SSL_load_error_string) only and takes no action...
Definition: ssl.c:10397
wolfSSL_dtls_set_timeout_max
WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL *ssl, int)
This function sets the maximum dtls timeout.
Definition: ssl.c:11170
wolfSSL_PEM_read_bio_DSAparams
WOLFSSL_API WOLFSSL_DSA * wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u)
This function get the DSA parameters from a PEM buffer in bio.
Definition: ssl.c:39314
wolfSSLv23_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_server_method(void)
The wolfSSLv23_server_method() function is used to indicate that the application is a server and will...
Definition: ssl.c:11750
ed448_key
Definition: ed448.h:77
wolfSSL_CTX_get_read_ahead
WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX *)
This function returns the get read ahead flag from a WOLFSSL_CTX structure.
Definition: ssl.c:25743
wolfSSL_X509_load_certificate_file
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_load_certificate_file(const char *fname, int format)
The function loads the x509 certificate into memory.
Definition: ssl.c:18650
wolfSSL_CTX_load_verify_locations_ex
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX *, const char *, const char *, unsigned int flags)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory based on flags specified. This function expects PEM formatted CERT_TYPE files with header “--—BEGIN CERTIFICATE--—”.
WOLFSSL_X509_VERIFY_PARAM
Definition: ssl.h:530
WOLFSSL_ALERT
Definition: ssl.h:539
wolfSSL_CTX_set_session_cache_mode
WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX *, long)
This function enables or disables SSL session caching. Behavior depends on the value used for mode...
Definition: ssl.c:10435
wolfSSL_get_cipher
WOLFSSL_API const char * wolfSSL_get_cipher(WOLFSSL *)
This function matches the cipher suite in the SSL object with the available suites.
Definition: ssl.c:19371
wolfSSL_GetSessionAtIndex
WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION *session)
This function gets the session at specified index of the session cache and copies it into memory...
Definition: ssl.c:12927
wolfSSL_use_PrivateKey_file
WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL *, const char *, int)
This function loads a private key file into the SSL session (WOLFSSL structure). The key file is prov...
Definition: ssl.c:9694
wolfSSL_CTX_DisableCRL
WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX *ctx)
This function disables CRL verification in the CTX structure.
Definition: ssl.c:6988
OcspRequest
Definition: asn.h:1336
wolfSSL_CTX_SNI_SetOptions
WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX *ctx, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL sessions using Server...
Definition: ssl.c:2183
wolfSSL_get_fd
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL *)
This function returns the file descriptor (fd) used as the input/output facility for the SSL connecti...
Definition: ssl.c:937
wolfSSL_CTX_SetRsaDecCb
WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX *, CallbackRsaDec)
Allows caller to set the Public Key Callback for RSA Private Decrypt. The callback should return the ...
Definition: ssl.c:36072
wolfSSL_UseMaxFragment
WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL *ssl, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length in the SSL ob...
Definition: ssl.c:2258
wolfSSL_CTX_add_extra_chain_cert
WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX *, WOLFSSL_X509 *)
This function adds the certificate to the internal chain being built in the WOLFSSL_CTX structure...
Definition: ssl.c:25608
wolfSSL_CTX_SetMacEncryptCb
WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX *, CallbackMacEncrypt)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should retu...
Definition: ssl.c:3253
wolfSSL_CTX_use_certificate_buffer
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered v...
Definition: ssl.c:13658
wolfSSL_CertManagerDisableOCSP
WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER *)
Disables OCSP certificate revocation.
Definition: ssl.c:6168
WOLFSSL_EC_BUILTIN_CURVE
Definition: ec.h:118
wolfSSL_lib_version
WOLFSSL_API const char * wolfSSL_lib_version(void)
This function returns the current library version.
Definition: ssl.c:19291
wolfSSL_ERR_print_errors_fp
WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE *, int err)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
wolfSSL_CTX_EnableCRL
WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX *ctx, int options)
Enables CRL certificate verification through the CTX.
Definition: ssl.c:6978
WOLF_EVENT
Definition: wolfevent.h:52
WOLFSSL_RSA
Definition: rsa.h:66
WOLFSSL_MEM_STATS
Definition: memory.h:163
wolfSSL_CertManagerCheckCRL
WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER *, unsigned char *, int sz)
Check CRL if the option is enabled and compares the cert to the CRL list.
Definition: ssl.c:6848
wolfSSL_GetRsaSignCtx
WOLFSSL_API void * wolfSSL_GetRsaSignCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Signing Callback Context previously stored with wolfSSL_...
Definition: ssl.c:35984
wolfSSL_CertManagerSetVerify
WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER *cm, VerifyCallback vc)
The function sets the verifyCallback function in the Certificate Manager. If present, it will be called for each cert loaded. If there is a verification error, the verify callback can be used to over-ride the error.
Definition: ssl.c:6005
wolfSSL_new
WOLFSSL_API WOLFSSL * wolfSSL_new(WOLFSSL_CTX *)
This function creates a new SSL session, taking an already created SSL context as input...
Definition: ssl.c:533
wolfSSL_CTX_set_TicketEncCb
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX *ctx, SessionTicketEncCb)
This function sets the session ticket key encrypt callback function for a server to support session t...
Definition: ssl.c:2774
wolfSSL_get_error
WOLFSSL_API int wolfSSL_get_error(WOLFSSL *, int)
This function returns a unique error code describing why the previous API function call (wolfSSL_conn...
Definition: ssl.c:3053
wolfSSL_dtls_import
WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL *ssl, unsigned char *buf, unsigned int sz)
The wolfSSL_dtls_import() function is used to parse in a serialized session state. This allows for picking up the connection after the handshake has been completed.
Definition: ssl.c:192
CertStatus
Definition: asn.h:1279
unrecognized_name
Definition: ssl.h:628
WOLFSSL_COMP
Definition: ssl.h:491
wolfSSL_GetOutputSize
WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL *, int)
Returns the record layer size of the plaintext input. This is helpful when an application wants to kn...
Definition: ssl.c:1635
wolfSSL_get1_session
WOLFSSL_API WOLFSSL_SESSION * wolfSSL_get1_session(WOLFSSL *ssl)
This function returns the WOLFSSL_SESSION from the WOLFSSL structure.
Definition: ssl.c:21380
wolfSSL_SetServerID
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL *, const unsigned char *, int, int)
This function associates the client session with the server id. If the newSession flag is on...
Definition: ssl.c:10081
wolfSSL_GetClientWriteKey
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteKey(WOLFSSL *)
Allows retrieval of the client write key from the handshake process.
Definition: ssl.c:3379
wolfSSL_CTX_SetEncryptMacCb
WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX *, CallbackEncryptMac)
Definition: ssl.c:3305
wolfSSL_get_session
WOLFSSL_API WOLFSSL_SESSION * wolfSSL_get_session(WOLFSSL *)
This function returns a pointer to the current session (WOLFSSL_SESSION) used in ssl. The WOLFSSL_SESSION pointed to contains all the necessary information required to perform a session resumption and reestablish the connection without a new handshake. For session resumption, before calling wolfSSL_shutdown() with your session object, an application should save the session ID from the object with a call to wolfSSL_get_session(), which returns a pointer to the session. Later, the application should create a new WOLFSSL object and assign the saved session with wolfSSL_set_session(). At this point, the application may call wolfSSL_connect() and wolfSSL will try to resume the session. The wolfSSL server code allows session resumption by default.
Definition: ssl.c:10055
WOLFSSL_SOCKADDR
Definition: internal.h:2040
wolfSSL_CTX_Unload_trust_peers
WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX *)
This function is used to unload all previously loaded trusted peer certificates. Feature is enabled b...
Definition: ssl.c:13936
wolfSSL_GetRsaDecCtx
WOLFSSL_API void * wolfSSL_GetRsaDecCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Private Decrypt Callback Context previously stored with ...
Definition: ssl.c:36082
wolfTLSv1_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_server_method(void)
The wolfTLSv1_server_method() function is used to indicate that the application is a server and will ...
Definition: tls.c:11594
wolfSSL_SetVerifyDecryptCtx
WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL *ssl, void *ctx)
Definition: ssl.c:3356
WOLFSSL_GENERAL_NAME
Definition: ssl.h:232
wolfSSL_CTX_use_certificate_file
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX *, const char *, int)
This function loads a certificate file into the SSL context (WOLFSSL_CTX). The file is provided by th...
Definition: ssl.c:7056
WOLFSSL_EVP_PKEY
Definition: ssl.h:316
wolfSSLv23_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_client_method(void)
The wolfSSLv23_client_method() function is used to indicate that the application is a client and will...
Definition: ssl.c:11365
WOLFSSL_EVP_MD_CTX
Definition: evp.h:181
wolfSSL_CTX_load_static_memory
WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX **ctx, wolfSSL_method_func method, unsigned char *buf, unsigned int sz, int flag, int max)
This function is used to set aside static memory for a CTX. Memory set aside is then used for the CTX...
Definition: ssl.c:1500
wolfSSL_use_certificate_buffer
WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:13818
WOLFSSL_CRL
Definition: internal.h:1924
wolfSSL_CTX_SetCACb
WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX *, CallbackCACache)
This function registers a callback with the SSL context (WOLFSSL_CTX) to be called when a new CA cert...
Definition: ssl.c:9976
wolfSSL_lib_version_hex
WOLFSSL_API word32 wolfSSL_lib_version_hex(void)
This function returns the current library version in hexadecimal notation.
Definition: ssl.c:19298
wolfSSL_X509_NAME_get_text_by_NID
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME *, int, char *, int)
This function gets the text related to the passed in NID value.
Definition: ssl.c:19673
wolfSSL_X509_get_serial_number
WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509 *, unsigned char *, int *)
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 ...
Definition: ssl.c:17423
wolfSSL_use_certificate
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL *ssl, WOLFSSL_X509 *x509)
his is used to set the certificate for WOLFSSL structure to use during a handshake.
Definition: ssl.c:9634
wolfSSL_UseOCSPStaplingV2
WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
The function sets the status type and options for OCSP.
Definition: ssl.c:2347
wolfSSL_set_SessionTicket_cb
WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL *, CallbackSessionTicket, void *)
This function sets the session ticket callback. The type CallbackSessionTicket is a function pointer ...
Definition: ssl.c:2879
wolfSSL_get_chain_cert_pem
WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *, int idx, unsigned char *buf, int inLen, int *outLen)
Retrieves the peer’s PEM certificate at index (idx).
Definition: ssl.c:35642
bn.h
bn.h for openssl
unsupported_extension
Definition: ssl.h:627
wolfSSL_get_sessionID
WOLFSSL_API const unsigned char * wolfSSL_get_sessionID(const WOLFSSL_SESSION *s)
Retrieves the session’s ID. The session ID is always 32 bytes long.
Definition: ssl.c:35712
wolfSSL_get_jobject
WOLFSSL_API void * wolfSSL_get_jobject(WOLFSSL *ssl)
This function returns the jObjectRef member of the WOLFSSL structure.
Definition: ssl.c:42724
wolfSSL_CTX_allow_anon_cipher
WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX *)
This function enables the havAnon member of the CTX structure if HAVE_ANON is defined during compilat...
Definition: ssl.c:13579
wolfSSL_ASN1_INTEGER_to_BN
WOLFSSL_API WOLFSSL_BIGNUM * wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn)
This function is used to copy a WOLFSSL_ASN1_INTEGER value to a WOLFSSL_BIGNUM structure.
Definition: ssl.c:44324
wolfSSL_CTX_UseSupportedCurve
WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX *ctx, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension f...
Definition: ssl.c:2412
wolfSSL_CTX_save_cert_cache
WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX *, const char *)
This function writes the cert cache from memory to file.
Definition: ssl.c:9988
WOLF_STACK_OF
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get_peer_cert_chain(const WOLFSSL *)
This function gets the peer’s certificate chain.
Definition: ssl.c:16984
AlertDescription
AlertDescription
Definition: ssl.h:601
WOLFSSL_X509_INFO
Definition: ssl.h:364
wolfSSL_use_certificate_ASN1
WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL *ssl, unsigned char *der, int derSz)
This is used to set the certificate for WOLFSSL structure to use during a handshake. A DER formatted buffer is expected.
wolfSSL_save_session_cache
WOLFSSL_API int wolfSSL_save_session_cache(const char *)
This function persists the session cache to file. It doesn’t use memsave because of additional memor...
Definition: ssl.c:10254
wolfSSL_CTX_trust_peer_cert
WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX *, const char *, int)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
Definition: ssl.c:6681
wolfSSL_UseOCSPStapling
WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL *ssl, unsigned char status_type, unsigned char options)
Stapling eliminates the need to contact the CA. Stapling lowers the cost of certificate revocation ch...
Definition: ssl.c:2323
wolfSSL_CTX_SetMinRsaKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX *, short)
Sets the minimum RSA key size in both the WOLFSSL_CTX structure and the WOLFSSL_CERT_MANAGER structur...
Definition: ssl.c:1684
wolfSSL_CTX_load_verify_locations
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX *, const char *, const char *)
This function loads PEM-formatted CA certificate files into the SSL context (WOLFSSL_CTX). These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake. The root certificate file, provided by the file argument, may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order they are presented in the file. The path argument is a pointer to the name of a directory that contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not defined when building the library, wolfSSL will load all CA certificates located in the given directory. This function will attempt to load all files in the directory. This function expects PEM formatted CERT_TYPE file with header “--—BEGIN CERTIFICATE--—”.
Definition: ssl.c:6667
wolfSSL_CTX_dtls_set_export
WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX *ctx, wc_dtls_export func)
The wolfSSL_CTX_dtls_set_export() function is used to set the callback function for exporting a sessi...
Definition: ssl.c:207
conf
Definition: conf.py:1
wolfSSL_CTX_SetMinDhKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX *, word16)
This function sets the minimum size of the Diffie Hellman key size by accessing the minDhKeySz member...
Definition: ssl.c:1882
wolfSSL_dtls_set_peer
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL *, void *, unsigned int)
This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz.
Definition: ssl.c:1000
WOLFSSL_X509_LOOKUP
Definition: ssl.h:501
wolfSSL_dtls
WOLFSSL_API int wolfSSL_dtls(WOLFSSL *ssl)
This function is used to determine if the SSL session has been configured to use DTLS.
Definition: ssl.c:949
wolfSSL_Rehandshake
WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL *ssl)
This function executes a secure renegotiation handshake; this is user forced as wolfSSL discourages t...
Definition: ssl.c:2715
wolfSSL_get_SessionTicket
WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL *, unsigned char *, word32 *)
This function copies the ticket member of the Session structure to the buffer.
Definition: ssl.c:2826
wolfSSL_get_session_stats
WOLFSSL_API int wolfSSL_get_session_stats(unsigned int *active, unsigned int *total, unsigned int *peak, unsigned int *maxSessions)
This function gets the statistics for the session.
wolfSSL_set_session
WOLFSSL_API int wolfSSL_set_session(WOLFSSL *, WOLFSSL_SESSION *)
This function sets the session to be used when the SSL object, ssl, is used to establish a SSL/TLS co...
Definition: ssl.c:10066
wolfSSL_SESSION_get_master_key_length
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION *ses)
This is used to get the master secret key length.
Definition: ssl.c:9849
wolfSSL_GetDecryptVerifyCtx
WOLFSSL_API void * wolfSSL_GetDecryptVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previousl...
Definition: ssl.c:3290
wolfSSL_X509_get_signature
WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509 *, unsigned char *, int *)
Gets the X509 signature and stores it in the buffer.
Definition: ssl.c:17320
wolfSSL_memsave_session_cache
WOLFSSL_API int wolfSSL_memsave_session_cache(void *, int)
This function persists session cache to memory.
Definition: ssl.c:10158
wolfSSL_CTX_SetCRL_Cb
WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX *, CbMissingCRL)
This function will set the callback argument to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER s...
Definition: ssl.c:7009
wolfSSL_GetCipherBlockSize
WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL *)
Allows caller to determine the negotiated cipher block size from the handshake.
Definition: ssl.c:3459
wolfSSL_ALPN_GetPeerProtocol
WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL *ssl, char **list, unsigned short *listSz)
This function copies the alpn_client_list data from the SSL object to the buffer. ...
wolfSSL_flush_sessions
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *, long)
This function flushes session from the session cache which have expired. The time, tm, is used for the time comparison. Note that wolfSSL currently uses a static table for sessions, so no flushing is needed. As such, this function is currently just a stub. This function provides OpenSSL compatibility (SSL_flush_sessions) when wolfSSL is compiled with the OpenSSL compatibility layer.
Definition: ssl.c:12203
asn_public.h
WOLFSSL_X509_REVOKED
Definition: ssl.h:549
WOLFSSL_STACK
Definition: internal.h:3546
wolfSSL_X509_get_hw_type
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_type(WOLFSSL_X509 *, unsigned char *, int *)
The function copies the hwType member of the WOLFSSL_X509 structure to the buffer.
Definition: ssl.c:17573
wolfSSL_CTX_set_read_ahead
WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX *, int v)
This function sets the read ahead flag in the WOLFSSL_CTX structure.
Definition: ssl.c:25753
wolfSSL_get_cipher_name
WOLFSSL_API const char * wolfSSL_get_cipher_name(WOLFSSL *ssl)
This function gets the cipher name in the format DHE-RSA by passing through argument to wolfSSL_get_c...
Definition: ssl.c:19378
wolfSSL_write
WOLFSSL_API int wolfSSL_write(WOLFSSL *, const void *, int)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl. If necessary...
Definition: ssl.c:1934
wolfSSL_CTX_use_psk_identity_hint
WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX *, const char *)
This function stores the hint argument in the server_hint member of the WOLFSSL_CTX structure...
Definition: ssl.c:13540
WOLFSSL_COMP_METHOD
Definition: ssl.h:487
wolfSSL_set_msg_callback_arg
WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void *arg)
This function sets associated callback context value in the ssl. The value is handed over to the call...
Definition: ssl.c:43851
wolfSSL_restore_session_cache
WOLFSSL_API int wolfSSL_restore_session_cache(const char *)
This function restores the persistent session cache from file. It does not use memstore because of ad...
Definition: ssl.c:10321
wolfSSL_GetDhKey_Sz
WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL *)
Returns the value of dhKeySz that is a member of the options structure. This value represents the Dif...
Definition: ssl.c:1922
WOLFSSL_ASN1_OTHERNAME
Definition: ssl.h:227
wolfTLSv1_2_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_server_method(void)
The wolfTLSv1_2_server_method() function is used to indicate that the application is a server and wil...
Definition: tls.c:11634
wolfSSL_use_PrivateKey
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL *ssl, WOLFSSL_EVP_PKEY *pkey)
This is used to set the private key for the WOLFSSL structure.
Definition: ssl.c:9579
wolfTLSv1_1_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_client_method(void)
The wolfTLSv1_1_client_method() function is used to indicate that the application is a client and wil...
Definition: tls.c:11258
WOLFSSL_CTX
Definition: internal.h:2595
wolfSSL_CTX_UseMaxFragment
WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX *ctx, unsigned char mfl)
This function is called on the client side to enable the use of Maximum Fragment Length for SSL objec...
Definition: ssl.c:2287
wolfSSL_X509_get_issuer_name
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_issuer_name(WOLFSSL_X509 *)
This function returns the name of the certificate issuer.
Definition: ssl.c:19636
wolfSSL_GetCipherType
WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL *)
Allows caller to determine the negotiated cipher type from the handshake.
Definition: ssl.c:3441
wolfSSL_CTX_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX *, const unsigned char *, long)
This function loads a certificate chain buffer into the WOLFSSL Context. It behaves like the non-buff...
Definition: ssl.c:13707
wolfSSL_use_PrivateKey_ASN1
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted key buffer is expected...
wolfSSL_MakeTlsMasterSecret
WOLFSSL_API int wolfSSL_MakeTlsMasterSecret(unsigned char *ms, word32 msLen, const unsigned char *pms, word32 pmsLen, const unsigned char *cr, const unsigned char *sr, int tls1_2, int hash_type)
This function copies the values of cr and sr then passes through to wc_PRF (pseudo random function) a...
Definition: tls.c:446
wolfSSL_peek
WOLFSSL_API int wolfSSL_peek(WOLFSSL *, void *, int)
This function copies sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
Definition: ssl.c:2064
wolfSSL_CertManagerLoadCRLBuffer
WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER *, const unsigned char *, long sz, int)
The function loads the CRL file by calling BufferLoadCRL.
Definition: ssl.c:5897
WOLFSSL_EC_KEY
Definition: ec.h:106
wolfSSL_CTX_get_cert_store
WOLFSSL_API WOLFSSL_X509_STORE * wolfSSL_CTX_get_cert_store(WOLFSSL_CTX *ctx)
This is a getter function for the WOLFSSL_X509_STORE structure in ctx.
Definition: ssl.c:14617
wolfSSL_GetEncryptMacCtx
WOLFSSL_API void * wolfSSL_GetEncryptMacCtx(WOLFSSL *ssl)
Definition: ssl.c:3329
wolfSSL_SNI_Status
WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL *ssl, unsigned char type)
This function gets the status of an SNI object.
Definition: ssl.c:2190
wolfSSL_UnloadCertsKeys
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL *)
This function unloads any certificates or keys that SSL owns.
Definition: ssl.c:13888
WOLFSSL_EVP_CIPHER_CTX
Definition: evp.h:328
WOLFSSL_ASN1_TYPE
Definition: ssl.h:297
wolfSSL_accept
WOLFSSL_API int wolfSSL_accept(WOLFSSL *)
This function is called on the server side and waits for an SSL client to initiate the SSL/TLS handsh...
Definition: ssl.c:11787
wolfSSL_get_chain_length
WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN *, int idx)
Retrieves the peer’s ASN1.DER certificate length in bytes at index (idx).
Definition: ssl.c:35564
wolfSSL_PEM_read_bio_X509_AUX
WOLFSSL_API WOLFSSL_X509 * wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u)
This function behaves the same as wolfSSL_PEM_read_bio_X509. AUX signifies containing extra informati...
Definition: ssl.c:37489
handShakeInfo_st
Definition: callbacks.h:45
wolfSSL_CertManagerSetCRL_Cb
WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER *, CbMissingCRL)
This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL re...
Definition: ssl.c:6889
wolfTLSv1_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_client_method(void)
The wolfTLSv1_client_method() function is used to indicate that the application is a client and will ...
Definition: tls.c:11241
WOLFSSL_ASN1_OBJECT
Definition: ssl.h:264
wolfSSL_CTX_EnableOCSP
WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX *, int options)
This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates. The override URL is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (–enable-ocsp, #define HAVE_OCSP).
Definition: ssl.c:6398
wolfSSL_UseSessionTicket
WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL *ssl)
Force provided WOLFSSL structure to use session ticket. The constant HAVE_SESSION_TICKET should be de...
Definition: ssl.c:2810
EncryptedInfo
Definition: asn_public.h:195
WOLFSSL_BASIC_CONSTRAINTS
Definition: ssl.h:202
wolfSSL_ERR_print_errors_cb
WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int(*cb)(const char *str, size_t len, void *u), void *u)
This function uses the provided callback to handle error reporting. The callback function is executed...
Definition: ssl.c:3852
wolfSSL_CTX_set_tmp_dh
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX *, WOLFSSL_DH *)
Initializes the WOLFSSL_CTX structure’s dh member with the Diffie-Hellman parameters.
Definition: ssl.c:40177
wolfSSL_set_msg_callback
WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
This function sets a callback in the ssl. The callback is to observe handshake messages. NULL value of cb resets the callback.
Definition: ssl.c:43826
wolfSSL_GetSide
WOLFSSL_API int wolfSSL_GetSide(WOLFSSL *)
Allows retrieval of the side of this WOLFSSL connection.
Definition: ssl.c:3489
wolfSSL_ERR_error_string
WOLFSSL_API char * wolfSSL_ERR_error_string(unsigned long, char *)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
Definition: ssl.c:3121
wolfSSL_SetVersion
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL *ssl, int version)
This function sets the SSL/TLS protocol version for the specified SSL session (WOLFSSL object) using ...
Definition: ssl.c:4015
wolfSSL_BIO_nread
WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
This is used to get a buffer pointer for reading from. The internal read index is advanced by the num...
Definition: bio.c:1147
WOLFSSL_EC_POINT
Definition: ec.h:90
wolfSSL_GetAeadMacSize
WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL *)
Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_A...
Definition: ssl.c:3468
wolfSSL_GetMaxOutputSize
WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL *)
Returns the maximum record layer size for plaintext data. This will correspond to either the maximum ...
Definition: ssl.c:1618
wolfSSL_SetOCSP_Cb
WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL *, CbOCSPIO, CbOCSPRespFree, void *)
This function sets the OCSP callback in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:6384
wolfSSL_dtls_get_current_timeout
WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL *ssl)
This function returns the current timeout value in seconds for the WOLFSSL object. When using non-blocking sockets, something in the user code needs to decide when to check for available recv data and how long it has been waiting. The value returned by this function indicates how long the application should wait.
Definition: ssl.c:11114
wolfSSL_DeriveTlsKeys
WOLFSSL_API int wolfSSL_DeriveTlsKeys(unsigned char *key_data, word32 keyLen, const unsigned char *ms, word32 msLen, const unsigned char *sr, const unsigned char *cr, int tls1_2, int hash_type)
An external facing wrapper to derive TLS Keys.
Definition: tls.c:349
WOLFSSL_X509_EXTENSION
Definition: x509v3.h:61
wolfSSL_get_peer_certificate
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_peer_certificate(WOLFSSL *ssl)
This function gets the peer’s certificate.
Definition: ssl.c:16929
wolfSSL_free
WOLFSSL_API void wolfSSL_free(WOLFSSL *)
This function frees an allocated wolfSSL object.
Definition: ssl.c:557
wolfSSL_CertManagerUnloadCAs
WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER *cm)
This function unloads the CA signer list.
Definition: ssl.c:3794
WOLFSSL_v3_ext_method
Definition: x509v3.h:51
wolfSSL_X509_ALGOR_set0
WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval)
Definition: ssl.c:24933
wolfSSL_ALPN_GetProtocol
WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL *ssl, char **protocol_name, unsigned short *size)
This function gets the protocol name set by the server.
wolfSSL_use_PrivateKey_buffer
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:13830
wolfSSL_BIO_set_mem_eof_return
WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
This is used to set the end of file value. Common value is -1 so as not to get confused with expected...
Definition: bio.c:1407
wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg
WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX *, void *arg)
This function sets the optional argument to be passed to the PRF callback.
Definition: ssl.c:25765
wolfSSL_set_verify
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL *, int, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
Definition: ssl.c:9924
wolfSSL_set_tlsext_debug_arg
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg)
This is used to set the debug argument passed around.
Definition: ssl.c:24742
wolfSSL_CertManagerDisableCRL
WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER *)
Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manag...
Definition: ssl.c:5993
wolfSSL_Cleanup
WOLFSSL_API int wolfSSL_Cleanup(void)
Un-initializes the wolfSSL library from further use. Doesn’t have to be called, though it will free ...
Definition: ssl.c:12129
wolfSSL_make_eap_keys
WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL *, void *key, unsigned int len, const char *label)
This function is used by EAP_TLS and EAP-TTLS to derive keying material from the master secret...
Definition: tls.c:600
wolfSSL_CTX_SetRsaVerifyCb
WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX *, CallbackRsaVerify)
Allows caller to set the Public Key Callback for RSA Verification. The callback should return the num...
Definition: ssl.c:35993
wolfSSL_dtls_export
WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL *ssl, unsigned char *buf, unsigned int *sz)
The wolfSSL_dtls_export() function is used to serialize a WOLFSSL session into the provided buffer...
Definition: ssl.c:251
wolfSSL_CTX_SetOCSP_Cb
WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX *, CbOCSPIO, CbOCSPRespFree, void *)
Sets the callback for the OCSP in the WOLFSSL_CTX structure.
Definition: ssl.c:6428
wolfSSL_set_psk_client_callback
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL *, wc_psk_client_callback)
Sets the PSK client side callback.
Definition: ssl.c:13456
wolfSSL_SetFuzzerCb
WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL *ssl, CallbackFuzzer cbf, void *fCtx)
This function sets the fuzzer callback.
Definition: ssl.c:35725
WOLFSSL_BUFFER_INFO
Definition: ssl.h:564
wolfSSL_CTX_memrestore_cert_cache
WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX *, const void *, int)
This function restores the certificate cache from memory.
Definition: ssl.c:10026
WOLFSSL_ASN1_BIT_STRING
Definition: ssl.h:3391
wolfSSL_CTX_DisableOCSP
WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX *)
This function disables OCSP certificate revocation checking by affecting the ocspEnabled member of th...
Definition: ssl.c:6408
client
Definition: client.py:1
wolfSSL_CertManagerSetOCSP_Cb
WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER *, CbOCSPIO, CbOCSPRespFree, void *)
The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
Definition: ssl.c:6322
wolfSSL_CTX_SetMinVersion
WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX *ctx, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
Definition: ssl.c:3962
wolfSSL_BIO_set_close
WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag)
Sets the close flag, used to indicate that the i/o stream should be closed when the BIO is freed...
Definition: ssl.c:14842
wolfSSL_SetCertCbCtx
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL *, void *)
This function stores user CTX object information for verify callback.
Definition: ssl.c:9967
wolfSSL_CertManagerLoadCA
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER *, const char *f, const char *d)
Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfi...
Definition: ssl.c:6750
wolfTLSv1_2_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_2_client_method(void)
The wolfTLSv1_2_client_method() function is used to indicate that the application is a client and wil...
Definition: tls.c:11277
wolfSSL_X509_digest
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509 *x509, const WOLFSSL_EVP_MD *digest, unsigned char *buf, unsigned int *len)
This function returns the hash of the DER certificate.
Definition: ssl.c:9555
wolfSSL_X509_get_subjectCN
WOLFSSL_API char * wolfSSL_X509_get_subjectCN(WOLFSSL_X509 *)
Returns the common name of the subject from the certificate.
Definition: ssl.c:27289
wolfSSL_read
WOLFSSL_API int wolfSSL_read(WOLFSSL *, void *, int)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data...
Definition: ssl.c:2073
wolfTLSv1_1_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfTLSv1_1_server_method(void)
The wolfTLSv1_1_server_method() function is used to indicate that the application is a server and wil...
Definition: tls.c:11613
wolfSSL_set_timeout
WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL *, unsigned int)
This function sets the SSL session timeout value in seconds.
Definition: ssl.c:12213
wolfSSL_SetMacEncryptCtx
WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx...
Definition: ssl.c:3260
wolfSSL_accept_ex
WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL *, HandShakeCallBack, TimeoutCallBack, WOLFSSL_TIMEVAL)
wolfSSL_accept_ex() is an extension that allows a HandShake Callback to be set. This can be useful in...
Definition: ssl.c:13429
wolfSSL_d2i_PKCS12_bio
WOLFSSL_API WC_PKCS12 * wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 **pkcs12)
wolfSSL_d2i_PKCS12_bio (d2i_PKCS12_bio) copies in the PKCS12 information from WOLFSSL_BIO to the stru...
Definition: ssl.c:21899
wolfSSL_recv
WOLFSSL_API int wolfSSL_recv(WOLFSSL *, void *, int sz, int flags)
This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data usi...
Definition: ssl.c:2945
wolfSSL_CTX_EnableOCSPStapling
WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX *)
This function enables OCSP stapling by calling wolfSSL_CertManagerEnableOCSPStapling().
Definition: ssl.c:6441
wolfSSL_get_chain_cert
WOLFSSL_API unsigned char * wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN *, int idx)
Retrieves the peer’s ASN1.DER certificate at index (idx).
Definition: ssl.c:35575
wolfSSL_PrintSessionStats
WOLFSSL_API int wolfSSL_PrintSessionStats(void)
This function prints the statistics from the session.
Definition: ssl.c:13097
wolfSSL_CTX_set_TicketEncCtx
WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX *ctx, void *)
This function sets the session ticket encrypt user context for the callback. For server side use...
Definition: ssl.c:2796
wolfSSL_SESSION_get_peer_chain
WOLFSSL_API WOLFSSL_X509_CHAIN * wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION *session)
Returns the peer certificate chain from the WOLFSSL_SESSION struct.
Definition: ssl.c:12958
wolfSSL_BIO_nread0
WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
This is used to get a buffer pointer for reading from. Unlike wolfSSL_BIO_nread the internal read ind...
Definition: bio.c:1119
wolfSSL_DSA_dup_DH
WOLFSSL_API WOLFSSL_DH * wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r)
This function duplicates the parameters in dsa to a newly created WOLFSSL_DH structure.
Definition: ssl.c:44366
wolfSSL_dtls_get_peer
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL *, void *, unsigned int *)
This function gets the sockaddr_in (of size peerSz) of the current DTLS peer. The function will compa...
Definition: ssl.c:1028
WOLFSSL_X509_STORE
Definition: ssl.h:505
wolfSSL_SetRsaDecCtx
WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Private Decrypt Callback Context to ctx.
Definition: ssl.c:36077
wolfSSL_d2i_X509_bio
WOLFSSL_X509 * wolfSSL_d2i_X509_bio(WOLFSSL_BIO *bio, WOLFSSL_X509 **x509)
This function get the DER buffer from bio and converts it to a WOLFSSL_X509 structure.
Definition: ssl.c:21864
WOLFSSL_X509_ALGOR
Definition: ssl.h:381
DhKey
Definition: dh.h:60
wolfSSL_CTX_set_verify
WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX *, int, VerifyCallback verify_callback)
This function sets the verification method for remote peers and also allows a verify callback to be r...
Definition: ssl.c:9882
WOLFSSL_X509
Definition: internal.h:3598
wolfSSL_DisableOCSP
WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL *)
Disables the OCSP certificate revocation option.
Definition: ssl.c:6346
wolfSSL_BIO_nwrite
WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
Gets a pointer to the buffer for writing as many bytes as returned by the function. Writing more bytes to the pointer returned then the value returned can result in writing out of bounds.
Definition: bio.c:1199
wolfSSL_SetTlsHmacInner
WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL *, unsigned char *, word32, int, int)
Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to in...
Definition: tls.c:757
wolfSSL_SetRsaEncCtx
WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Public Encrypt Callback Context to ctx.
Definition: ssl.c:36059
wolfSSL_CTX_SetMinEccKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX *, short)
Sets the minimum size in bytes for the ECC key in the WOLF_CTX structure and the WOLFSSL_CERT_MANAGER...
Definition: ssl.c:1655
wolfSSL_use_certificate_chain_file
WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL *, const char *file)
This function loads a chain of certificates into the SSL session (WOLFSSL structure). The file containing the certificate chain is provided by the file argument, and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject certificate.
Definition: ssl.c:9712
wolfSSL_PKCS12_parse
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca)
PKCS12 can be enabled with adding –enable-opensslextra to the configure command. It can use triple D...
Definition: ssl.c:22114
wolfSSL_CertManagerEnableCRL
WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER *, int options)
Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manage...
Definition: ssl.c:5953
wolfSSL_is_init_finished
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL *)
This function checks to see if the connection is established.
Definition: ssl.c:14520
wolfSSL_CertManagerNew
WOLFSSL_API WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew(void)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
Definition: ssl.c:3558
WOLFSSL_TIMEVAL
Definition: callbacks.h:59
wolfSSL_get_chain_X509
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN *, int idx)
This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates...
Definition: ssl.c:35586
wolfSSL_set_fd
WOLFSSL_API int wolfSSL_set_fd(WOLFSSL *, int)
This function assigns a file descriptor (fd) as the input/output facility for the SSL connection...
Definition: ssl.c:753
WOLFSSL_X509_CHAIN
Definition: internal.h:3102
wolfSSL_X509_STORE_add_cert
WOLFSSL_API int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE *, WOLFSSL_X509 *)
This function adds a certificate to the WOLFSSL_X509_STRE structure.
Definition: ssl.c:22566
wolfSSL_GetRsaVerifyCtx
WOLFSSL_API void * wolfSSL_GetRsaVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Verification Callback Context previously stored with wol...
Definition: ssl.c:36003
WOLFSSL_X509_STORE_CTX
Definition: ssl.h:569
wolfSSL_get_server_random
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen)
This is used to get the random data sent by the server during the handshake.
Definition: ssl.c:15177
wolfSSL_CTX_SetTmpDH
WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Sets the parameters for the server CTX Diffie-Hellman.
Definition: ssl.c:1817
wolfSSL_CTX_set_psk_server_callback
WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX *, wc_psk_server_callback)
This function sets the psk callback for the server side in the WOLFSSL_CTX structure.
Definition: ssl.c:13482
wolfDTLSv1_client_method
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_client_method(void)
The wolfDTLSv1_client_method() function is used to indicate that the application is a client and will...
Definition: tls.c:11352
wolfSSL_connect_ex
WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL *, HandShakeCallBack, TimeoutCallBack, WOLFSSL_TIMEVAL)
wolfSSL_connect_ex() is an extension that allows a HandShake Callback to be set. This can be useful i...
Definition: ssl.c:13417
wolfSSL_CTX_trust_peer_buffer
WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a certificate to use for verifying a peer when performing a TLS/SSL handshake...
Definition: ssl.c:13637
WOLFSSL_ASN1_STRING
Definition: ssl.h:212
wolfSSL_X509_STORE_set_flags
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE *store, unsigned long flag)
This function takes in a flag to change the behavior of the WOLFSSL_X509_STORE structure passed in...
Definition: ssl.c:22656
wolfSSL_CTX_AllowEncryptThenMac
WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int)
Definition: ssl.c:478
wolfSSL_want_read
WOLFSSL_API int wolfSSL_want_read(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_READ in return...
Definition: ssl.c:3100
wolfSSL_set_session_secret_cb
WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL *, SessionSecretCb, void *)
This function sets the session secret callback function. The SessionSecretCb type has the signature: ...
Definition: ssl.c:10413
wolfSSL_CTX_set_cipher_list
WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX *, const char *)
This function sets cipher suite list for a given WOLFSSL_CTX. This cipher suite list becomes the defa...
Definition: ssl.c:11019
wolfSSL_get_shutdown
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL *)
This function checks the shutdown conditions in closeNotify or connReset or sentNotify members of the...
Definition: ssl.c:19121
wolfSSLv23_method
WOLFSSL_API WOLFSSL_METHOD * wolfSSLv23_method(void)
This function returns a WOLFSSL_METHOD similar to wolfSSLv23_client_method except that it is not dete...
Definition: ssl.c:11292
wolfSSL_CIPHER_get_name
WOLFSSL_API const char * wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER *cipher)
This function matches the cipher suite in the SSL object with the available suites and returns the st...
Definition: ssl.c:19325
wolfDTLSv1_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_server_method(void)
The wolfDTLSv1_server_method() function is used to indicate that the application is a server and will...
Definition: tls.c:11711
wolfSSL_GetBulkCipher
WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL *)
Allows caller to determine the negotiated bulk cipher algorithm from the handshake.
Definition: ssl.c:3432
WOLFSSL_ASN1_TIME
Definition: asn_public.h:178
wolfSSL_UseSecureRenegotiation
WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL *ssl)
This function forces secure renegotiation for the supplied WOLFSSL structure. This is not recommended...
Definition: ssl.c:2615
wolfSSL_GetIVSize
WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL *)
Returns the iv_size member of the specs structure held in the WOLFSSL struct.
Definition: ssl.c:3423
wolfSSL_CTX_use_NTRUPrivateKey_file
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX *, const char *)
This function loads an NTRU private key file into the WOLFSSL Context. It behaves like the normal ver...
Definition: ssl.c:9860
wolfSSL_GetRsaEncCtx
WOLFSSL_API void * wolfSSL_GetRsaEncCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key RSA Public Encrypt Callback Context previously stored with w...
Definition: ssl.c:36064
wolfSSL_set_options
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op)
This function sets the options mask in the ssl. Some valid options are, SSL_OP_ALL, SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_COMPRESSION.
Definition: ssl.c:24581
wolfSSL_GetVerifyDecryptCtx
WOLFSSL_API void * wolfSSL_GetVerifyDecryptCtx(WOLFSSL *ssl)
Definition: ssl.c:3368
wolfSSL_BIO_reset
WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
Resets bio to an initial state. As an example for type BIO_BIO this resets the read and write index...
Definition: bio.c:1270
wolfSSL_SetTmpDH_file
WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL *, const char *f, int format)
This function calls wolfSSL_SetTmpDH_file_wrapper to set server Diffie-Hellman parameters.
Definition: ssl.c:7223
wolfSSL_CTX_set_psk_client_callback
WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX *, wc_psk_client_callback)
The function sets the client_psk_cb member of the WOLFSSL_CTX structure.
Definition: ssl.c:13443
wolfSSL_CTX_SetRsaEncCb
WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX *, CallbackRsaEnc)
Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for...
Definition: ssl.c:36054
wolfSSL_CTX_der_load_verify_locations
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX *, const char *, int)
This function is similar to wolfSSL_CTX_load_verify_locations, but allows the loading of DER-formatte...
Definition: ssl.c:7036
wolfSSL_connect_TLSv13
WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL *)
This function is called on the client side and initiates an SSL/TLS handshake with a server...
Definition: tls13.c:7866
wolfSSL_set_cipher_list
WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL *, const char *)
This function sets cipher suite list for a given WOLFSSL object (SSL session). The ciphers in the lis...
Definition: ssl.c:11045
WOLFSSL_SNI_FAKE_MATCH
Definition: ssl.h:2858
wolfSSL_CTX_set_timeout
WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX *, unsigned int)
This function sets the timeout value for SSL sessions, in seconds, for the specified SSL context...
Definition: ssl.c:12228
wolfSSL_set_compression
WOLFSSL_API int wolfSSL_set_compression(WOLFSSL *ssl)
Turns on the ability to use compression for the SSL connection. Both sides must have compression turn...
Definition: ssl.c:13199
wolfSSL_state
WOLFSSL_API int wolfSSL_state(WOLFSSL *ssl)
This is used to get the internal error state of the WOLFSSL structure.
Definition: ssl.c:3042
wolfSSL_UseClientQSHKeys
WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL *ssl, unsigned char flag)
If the flag is 1 keys will be sent in hello. If flag is 0 then the keys will not be sent during hello...
Definition: ssl.c:2492
wolfSSL_BIO_ctrl_reset_read_request
WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b)
This is used to set the read request flag back to 0.
Definition: bio.c:1104
WOLFSSL_MEM_CONN_STATS
Definition: memory.h:154
wolfSSL_CertManagerEnableOCSP
WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER *, int options)
Turns on OCSP if it’s turned off and if compiled with the set option available.
Definition: ssl.c:6122
wolfSSL_GetServerWriteKey
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteKey(WOLFSSL *)
Allows retrieval of the server write key from the handshake process.
Definition: ssl.c:3397
wolfSSL_SNI_SetOptions
WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL *ssl, unsigned char type, unsigned char options)
This function is called on the server side to configure the behavior of the SSL session using Server ...
Definition: ssl.c:2176
WOLFSSL_X509V3_CTX
Definition: ssl.h:258
wolfSSL_SetMinDhKey_Sz
WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL *, word16)
Sets the minimum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. ...
Definition: ssl.c:1892
wolfSSL_SetMinEccKey_Sz
WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL *, short)
Sets the value of the minEccKeySz member of the options structure. The options struct is a member of ...
Definition: ssl.c:1670
wolfSSL_GetServerWriteIV
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteIV(WOLFSSL *)
Allows retrieval of the server write IV (initialization vector) from the handshake process...
Definition: ssl.c:3406
wolfSSL_BIO_get_fp
WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE *fp)
This is used to get the internal file pointer for a BIO.
Definition: bio.c:1344
wolfSSL_CTX_free
WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX *)
This function frees an allocated WOLFSSL_CTX object. This function decrements the CTX reference count...
Definition: ssl.c:446
wolfSSL_SetDecryptVerifyCtx
WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx...
Definition: ssl.c:3283
wolfSSL_EnableCRL
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL *ssl, int options)
Enables CRL certificate revocation.
Definition: ssl.c:6929
wolfSSL_connect
int wolfSSL_connect(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server...
Definition: ssl.c:11419
wolfSSL_AllowEncryptThenMac
WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int)
Definition: ssl.c:492
wolfSSL_dtls_set_using_nonblock
WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL *, int)
This function informs the WOLFSSL DTLS object that the underlying UDP I/O is non-blocking. After an application creates a WOLFSSL object, if it will be used with a non-blocking UDP socket, call wolfSSL_dtls_set_using_nonblock() on it. This lets the WOLFSSL object know that receiving EWOULDBLOCK means that the recvfrom call would block rather than that it timed out.
Definition: ssl.c:11091
wolfSSL_KeepArrays
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. Calling this function befo...
Definition: ssl.c:3154
wolfSSL_X509_get_isCA
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509 *)
Checks the isCa member of the WOLFSSL_X509 structure and returns the value.
Definition: ssl.c:17306
wolfSSL_Init
WOLFSSL_API int wolfSSL_Init(void)
Initializes the wolfSSL library for use. Must be called once per application and before any other cal...
Definition: ssl.c:4736
wolfSSL_use_certificate_chain_buffer
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL *, const unsigned char *, long)
This function loads a certificate chain buffer into the WOLFSSL object. It behaves like the non-buffe...
Definition: ssl.c:13878
Hash
Definition: hmac.h:112
wolfSSL_CTX_LoadCRL
WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX *, const char *, int, int)
This function loads CRL into the WOLFSSL_CTX structure through wolfSSL_CertManagerLoadCRL().
Definition: ssl.c:6998
WOLFSSL_CIPHER
Definition: internal.h:1833
wolfSSL_isQSH
WOLFSSL_API int wolfSSL_isQSH(WOLFSSL *ssl)
Checks if QSH is used in the supplied SSL session.
Definition: ssl.c:2455
wolfSSL_CTX_restore_cert_cache
WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX *, const char *)
This function persistes certificate cache from a file.
Definition: ssl.c:10000
wolfSSL_EnableOCSP
WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL *, int options)
This function enables OCSP certificate verification.
Definition: ssl.c:6337
wolfSSL_CertManagerNew_ex
WOLFSSL_API WOLFSSL_CERT_MANAGER * wolfSSL_CertManagerNew_ex(void *heap)
Allocates and initializes a new Certificate Manager context. This context may be used independent of ...
Definition: ssl.c:3519
ecc_key
Definition: ecc.h:357
wolfSSL_CertManagerLoadCRL
WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER *, const char *, int, int)
Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation ch...
Definition: ssl.c:6912
WOLFSSL_X509_PKEY
Definition: ssl.h:358
wolfSSL_CTX_is_static_memory
WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX *ctx, WOLFSSL_MEM_STATS *mem_stats)
This function does not change any of the connections behavior and is used only for gathering informat...
Definition: ssl.c:1596
wolfSSL_GetEccSignCtx
WOLFSSL_API void * wolfSSL_GetEccSignCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key Ecc Signing Callback Context previously stored with wolfSSL_...
Definition: ssl.c:35767
WOLFSSL_X509_NAME_ENTRY
Definition: ssl.h:3209
wolfSSL_FreeArrays
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL *)
Normally, at the end of the SSL handshake, wolfSSL frees temporary arrays. If wolfSSL_KeepArrays() ha...
Definition: ssl.c:3162
wolfSSL_CTX_SetMaxDhKey_Sz
WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX *, word16)
This function sets the maximum size of the Diffie Hellman key size by accessing the maxDhKeySz member...
Definition: ssl.c:1902
wolfSSL_get_verify_result
WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl)
This is used to get the results after trying to verify the peer&#39;s certificate.
Definition: ssl.c:25460
WOLFSSL_CERT_MANAGER
Definition: internal.h:1958
wolfSSL_SESSION_get_master_key
WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION *ses, unsigned char *out, int outSz)
This is used to get the master key after completing a handshake.
Definition: ssl.c:9824
wolfSSL_CTX_UnloadCAs
WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX *)
This function unloads the CA signer list and frees the whole signer table.
Definition: ssl.c:13924
wolfSSL_X509_get_device_type
WOLFSSL_API unsigned char * wolfSSL_X509_get_device_type(WOLFSSL_X509 *, unsigned char *, int *)
This function copies the device type from the x509 structure to the buffer.
Definition: ssl.c:17545
WOLFSSL_X509_NAME
Definition: internal.h:3572
wolfSSL_DisableCRL
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL *ssl)
Disables CRL certificate revocation.
Definition: ssl.c:6939
wolfSSL_ASN1_TYPE_new
WOLFSSL_API WOLFSSL_ASN1_TYPE * wolfSSL_ASN1_TYPE_new(void)
Definition: ssl.c:24988
wolfSSL_CertManagerVerifyBuffer
WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format)
Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SS...
Definition: ssl.c:6116
wolfSSL_CertManagerLoadCABuffer
WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER *, const unsigned char *in, long sz, int format)
Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a tempo...
Definition: ssl.c:5863
wolfSSL_CertManagerSetOCSPOverrideURL
WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER *, const char *)
The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure...
Definition: ssl.c:6298
WOLFSSL_ACCESS_DESCRIPTION
Definition: ssl.h:253
wolfSSL_CTX_SetDecryptVerifyCb
WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX *, CallbackDecryptVerify)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should r...
Definition: ssl.c:3276
wolfSSL_X509_get_der
WOLFSSL_API const unsigned char * wolfSSL_X509_get_der(WOLFSSL_X509 *, int *)
This function gets the DER encoded certificate in the WOLFSSL_X509 struct.
Definition: ssl.c:17438
WC_RNG
Definition: random.h:153
wolfSSL_CertManagerUnload_trust_peers
WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER *cm)
The function will free the Trusted Peer linked list and unlocks the trusted peer list.
Definition: ssl.c:3814
wolfSSL_X509_get_notAfter
WOLFSSL_API WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notAfter(WOLFSSL_X509 *)
This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x...
wolfSSL_UseSupportedQSH
WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL *ssl, unsigned short name)
This function sets the ssl session to use supported QSH provided by name.
wolfSSL_GetHmacSize
WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL *)
Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOL...
Definition: ssl.c:3498
WOLFSSL_X509_LOOKUP_METHOD
Definition: ssl.h:497
wolfDTLSv1_2_client_method_ex
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_client_method_ex(void *heap)
This function initializes the DTLS v1.2 client method.
Definition: tls.c:11374
wolfSSL_BIO_ctrl_pending
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b)
Gets the number of pending bytes to read. If BIO type is BIO_BIO then is the number to read from pair...
Definition: bio.c:938
wolfSSL_CertManagerCheckOCSP
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER *, unsigned char *, int sz)
The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check o...
Definition: ssl.c:6240
wolfSSL_CTX_set_cert_store
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX *ctx, WOLFSSL_X509_STORE *str)
This is a setter function for the WOLFSSL_X509_STORE structure in ctx.
Definition: ssl.c:14626
wolfSSL_SetEccSignCtx
WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key Ecc Signing Callback Context to ctx.
Definition: ssl.c:35762
wolfSSL_CTX_set_group_messages
WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX *)
This function turns on grouping of handshake messages where possible.
Definition: ssl.c:3870
wolfSSL_get_ciphers
WOLFSSL_API int wolfSSL_get_ciphers(char *, int)
This function gets the ciphers enabled in wolfSSL.
Definition: ssl.c:860
wolfSSL_GetSessionIndex
WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL *ssl)
This function gets the session index of the WOLFSSL structure.
Definition: ssl.c:12919
wolfSSL_UseTruncatedHMAC
WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL *ssl)
This function is called on the client side to enable the use of Truncated HMAC in the SSL object pass...
Definition: ssl.c:2301
wolfSSL_send
WOLFSSL_API int wolfSSL_send(WOLFSSL *, const void *, int sz, int flags)
This function writes sz bytes from the buffer, data, to the SSL connection, ssl, using the specified ...
Definition: ssl.c:2923
wolfSSL_CTX_SetEccVerifyCb
WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX *, CallbackEccVerify)
Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for s...
Definition: ssl.c:35775
wolfSSL_set_jobject
WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL *ssl, void *objPtr)
This function sets the jObjectRef member of the WOLFSSL structure.
Definition: ssl.c:42713
timeoutInfo_st
Definition: callbacks.h:77
wolfSSL_CTX_UseTruncatedHMAC
WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX *ctx)
This function is called on the client side to enable the use of Truncated HMAC for SSL objects create...
Definition: ssl.c:2310
certificate_required
Definition: ssl.h:631
wolfSSL_get_current_cipher_suite
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL *ssl)
Returns the current cipher suit an ssl session is using.
Definition: ssl.c:19304
WOLFSSL_BIO
Definition: ssl.h:461
wolfSSL_SetHsDoneCb
WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL *, HandShakeDoneCb, void *)
This function sets the handshake done callback. The hsDoneCb and hsDoneCtx members of the WOLFSSL str...
Definition: ssl.c:12112
wolfSSL_SetEccVerifyCtx
WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key Ecc Verification Callback Context to ctx.
Definition: ssl.c:35780
wolfSSL_check_private_key
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL *ssl)
This function checks that the private key is a match with the certificate being used.
Definition: ssl.c:7718
wolfSSL_pending
WOLFSSL_API int wolfSSL_pending(WOLFSSL *)
This function returns the number of bytes which are buffered and available in the SSL object to be re...
Definition: ssl.c:3861
wolfSSL_ERR_error_string_n
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char *buf, unsigned long sz)
This function is a version of wolfSSL_ERR_error_string() where len specifies the maximum number of ch...
Definition: ssl.c:3135
wolfSSL_get_alert_history
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL *, WOLFSSL_ALERT_HISTORY *)
This function gets the alert history.
Definition: ssl.c:3076
wolfSSL_CTX_get_verify_depth
WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX *ctx)
This function gets the certificate chaining depth using the CTX structure.
Definition: ssl.c:7118
wolfSSL_BIO_s_socket
WOLFSSL_API WOLFSSL_BIO_METHOD * wolfSSL_BIO_s_socket(void)
This is used to get a BIO_SOCKET type WOLFSSL_BIO_METHOD.
Definition: ssl.c:14779
wolfSSL_dtls_set_timeout_init
WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL *ssl, int)
This function sets the dtls timeout.
Definition: ssl.c:11152
wolfSSL_get_client_random
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz)
This is used to get the random data sent by the client during the handshake.
Definition: ssl.c:15335
WOLFSSL_BUF_MEM
Definition: ssl.h:422
wolfSSL_GetHmacType
WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL *)
Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOL...
Definition: tls.c:712
wolfSSL_X509_NAME_oneline
WOLFSSL_API char * wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME *, char *, int)
This function copies the name of the x509 into a buffer.
Definition: ssl.c:17076
wolfSSL_get_psk_identity_hint
WOLFSSL_API const char * wolfSSL_get_psk_identity_hint(const WOLFSSL *)
This function returns the psk identity hint.
Definition: ssl.c:13518
wolfSSL_BIO_seek
WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
This function adjusts the file pointer to the offset given. This is the offset from the head of the f...
Definition: bio.c:1388
wolfSSL_get_session_cache_memsize
WOLFSSL_API int wolfSSL_get_session_cache_memsize(void)
This function returns how large the session cache save buffer should be.
Definition: ssl.c:10145
WOLFSSL_METHOD
Definition: internal.h:1628
wolfSSL_CTX_load_verify_buffer
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffere...
Definition: ssl.c:13619
wolfSSL_set_psk_server_callback
WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL *, wc_psk_server_callback)
Sets the psk callback for the server side by setting the WOLFSSL structure options members...
Definition: ssl.c:13493
wolfSSL_set_SessionTicket
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL *, const unsigned char *, word32)
This function sets the ticket member of the WOLFSSL_SESSION structure within the WOLFSSL struct...
Definition: ssl.c:2842
wolfSSL_CTX_get_default_passwd_cb
WOLFSSL_API pem_password_cb * wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx)
This is a getter function for the password callback set in ctx.
Definition: ssl.c:15053
wolfSSL_X509_get_signature_type
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509 *)
This function returns the value stored in the sigOID member of the WOLFSSL_X509 structure.
Definition: ssl.c:19645
wolfSSL_SetTmpDH
WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be ...
Definition: ssl.c:1711
wolfSSL_CertManagerFree
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER *)
Frees all resources associated with the Certificate Manager context. Call this when you no longer nee...
Definition: ssl.c:3564
wolfSSL_X509_d2i_fp
WOLFSSL_API WOLFSSL_X509 * wolfSSL_X509_d2i_fp(WOLFSSL_X509 **x509, FILE *file)
If NO_STDIO_FILESYSTEM is defined this function will allocate heap memory, initialize a WOLFSSL_X509 ...
wolfSSL_X509_STORE_CTX_get_chain
WOLFSSL_API WOLFSSL_STACK * wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX *ctx)
This function is a getter function for chain variable in WOLFSSL_X509_STORE_CTX structure. Currently chain is not populated.
Definition: ssl.c:22405
wolfSSL_X509_get_subject_name
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_subject_name(WOLFSSL_X509 *)
This function returns the subject member of the WOLFSSL_X509 structure.
Definition: ssl.c:19584
wolfSSL_CTX_new
WOLFSSL_API WOLFSSL_CTX * wolfSSL_CTX_new(WOLFSSL_METHOD *)
This function creates a new SSL context, taking a desired SSL/TLS protocol method for input...
Definition: ssl.c:426
WOLFSSL_DH
Definition: dh.h:41
wolfSSL_CTX_UseOCSPStaplingV2
WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
Creates and initializes the certificate status request for OCSP Stapling.
Definition: ssl.c:2357
wolfSSL_CTX_use_PrivateKey_buffer
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a private key buffer into the SSL Context. It behaves like the non-buffered versi...
Definition: ssl.c:13667
wolfSSL_use_RSAPrivateKey_file
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL *, const char *, int)
This function loads the private RSA key used in the SSL connection into the SSL session (WOLFSSL stru...
Definition: ssl.c:9806
wolfSSL_set_group_messages
WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL *)
This function turns on grouping of handshake messages where possible.
Definition: ssl.c:3902
wolfSSL_use_old_poly
WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL *, int)
Since there is some differences between the first release and newer versions of chacha-poly AEAD cons...
Definition: ssl.c:735
WOLFSSL_EC_GROUP
Definition: ec.h:100
ed25519_key
Definition: ed25519.h:78
wolfSSL_BIO_get_mem_ptr
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m)
This is a getter function for WOLFSSL_BIO memory pointer.
Definition: bio.c:982
wolfSSL_writev
WOLFSSL_API int wolfSSL_writev(WOLFSSL *ssl, const struct iovec *iov, int iovcnt)
Simulates writev semantics but doesn’t actually do block at a time because of SSL_write() behavior a...
Definition: ssl.c:13217
wolfSSL_UseSupportedCurve
WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL *ssl, word16 name)
This function is called on the client side to enable the use of Supported Elliptic Curves Extension i...
Definition: ssl.c:2372
wolfSSL_BIO_set_fp
WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
This is used to set the internal file pointer for a BIO.
Definition: bio.c:1324
wolfSSL_connect_cert
WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL *ssl)
This function is called on the client side and initiates an SSL/TLS handshake with a server only long...
Definition: ssl.c:3884
bad_certificate_status_response
Definition: ssl.h:629
wolfSSL_dtls_got_timeout
WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL *ssl)
When using non-blocking sockets with DTLS, this function should be called on the WOLFSSL object when ...
Definition: ssl.c:11186
wolfSSL_check_domain_name
WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL *ssl, const char *dn)
wolfSSL by default checks the peer certificate for a valid date range and a verified signature...
Definition: ssl.c:13167
wolfSSL_ERR_peek_last_error
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void)
This function returns the absolute value of the last error from WOLFSSL_ERROR encountered.
Definition: ssl.c:41793
wolfSSL_SetEncryptMacCtx
WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL *ssl, void *ctx)
Definition: ssl.c:3317
wolfSSL_CTX_SetRsaSignCb
WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX *, CallbackRsaSign)
Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for succes...
Definition: ssl.c:35969
WOLFSSL_X509_OBJECT
Definition: ssl.h:554
wolfSSL_memrestore_session_cache
WOLFSSL_API int wolfSSL_memrestore_session_cache(const void *, int)
This function restores the persistent session cache from memory.
Definition: ssl.c:10203
wolfSSL_X509_get_next_altname
WOLFSSL_API char * wolfSSL_X509_get_next_altname(WOLFSSL_X509 *)
This function returns the next, if any, altname from the peer certificate.
Definition: ssl.c:17287
wolfSSL_CTX_UseOCSPStapling
WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX *ctx, unsigned char status_type, unsigned char options)
This function requests the certificate status during the handshake.
Definition: ssl.c:2333
wolfSSL_BIO_set_fd
WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO *b, int fd, int flag)
Sets the file descriptor for bio to use.
Definition: ssl.c:14828
WOLFSSL_SESSION
Definition: internal.h:3109
wolfSSL_SetMinVersion
WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL *ssl, int version)
This function sets the minimum downgrade version allowed. Applicable only when the connection allows ...
Definition: ssl.c:3976
wolfSSL_CTX_get_cert_cache_memsize
WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX *)
Returns the size the certificate cache save buffer needs to be.
Definition: ssl.c:10038
wolfSSL_get_chain_count
WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN *chain)
Retrieve&#39;s the peers certificate chain count.
Definition: ssl.c:35553
WOLFSSL_ALERT_HISTORY
Definition: ssl.h:544
wolfSSL_X509_version
WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509 *)
This function retrieves the version of the X509 certificate.
Definition: ssl.c:17530
wolfDTLSv1_2_server_method
WOLFSSL_API WOLFSSL_METHOD * wolfDTLSv1_2_server_method(void)
This function creates and initializes a WOLFSSL_METHOD for the server side.
Definition: tls.c:11731
wolfSSL_CTX_get_default_passwd_cb_userdata
WOLFSSL_API void * wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx)
This is a getter function for the password callback user data set in ctx.
Definition: ssl.c:15063
wolfSSL_get_version
WOLFSSL_API const char * wolfSSL_get_version(WOLFSSL *)
Returns the SSL version being used as a string.
Definition: ssl.c:19279
wolfSSL_set_tlsext_status_type
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
This function is called when the client application request that a server send back an OCSP status re...
Definition: ssl.c:24773
wolfSSL_BIO_get_mem_data
WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO *bio, void *p)
This is used to set a byte pointer to the start of the internal memory buffer.
Definition: bio.c:1678
wolfSSL_library_init
WOLFSSL_API int wolfSSL_library_init(void)
This function is called internally in wolfSSL_CTX_new(). This function is a wrapper around wolfSSL_In...
Definition: ssl.c:10401
wolfSSL_SetRsaSignCtx
WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Public Key RSA Signing Callback Context to ctx.
Definition: ssl.c:35979
wolfSSL_X509_get_notBefore
WOLFSSL_API WOLFSSL_ASN1_TIME * wolfSSL_X509_get_notBefore(WOLFSSL_X509 *)
The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x...
wolfSSL_get_verify_depth
WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL *ssl)
This function returns the maximum chain depth allowed, which is 9 by default, for a valid session i...
Definition: ssl.c:7104
wolfSSL_X509_get_ext_d2i
WOLFSSL_API void * wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509 *x509, int nid, int *c, int *idx)
This function looks for and returns the extension matching the passed in NID value.
Definition: ssl.c:9054
wolfSSL_use_RSAPrivateKey_ASN1
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL *ssl, unsigned char *der, long derSz)
This is used to set the private key for the WOLFSSL structure. A DER formatted RSA key buffer is expe...
Definition: ssl.c:9623
wolfSSL_use_certificate_file
WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL *, const char *, int)
This function loads a certificate file into the SSL session (WOLFSSL structure). The certificate file...
Definition: ssl.c:9676
wolfSSL_GetObjectSize
WOLFSSL_API int wolfSSL_GetObjectSize(void)
This function returns the size of the WOLFSSL object and will be dependent on build options and setti...
Definition: ssl.c:1429
wolfSSL_X509_get_hw_serial_number
WOLFSSL_API unsigned char * wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509 *, unsigned char *, int *)
This function returns the hwSerialNum member of the x509 object.
Definition: ssl.c:17601
wolfSSL_BIO_set_write_buf_size
WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size)
This is used to set the size of write buffer for a WOLFSSL_BIO. If write buffer has been previously s...
Definition: bio.c:1025
wolfSSL_GetEccVerifyCtx
WOLFSSL_API void * wolfSSL_GetEccVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Public Key Ecc Verification Callback Context previously stored with wol...
Definition: ssl.c:35785
wolfSSL_BIO_make_bio_pair
WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
This is used to pair two bios together. A pair of bios acts similar to a two way pipe writing to one ...
Definition: bio.c:1070
wolfSSL_CTX_SetVerifyDecryptCb
WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX *, CallbackVerifyDecrypt)
Definition: ssl.c:3344
wolfSSL_X509_get_ext_by_NID
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x509, int nid, int lastPos)
This function looks for and returns the extension index matching the passed in NID value...
Definition: ssl.c:8903
wolfSSL_SetMinRsaKey_Sz
WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL *, short)
Sets the minimum allowable key size in bytes for RSA located in the WOLFSSL structure.
Definition: ssl.c:1697
wolfSSL_CTX_SetOCSP_OverrideURL
WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX *, const char *)
This function manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the i...
Definition: ssl.c:6418
wolfSSL_X509_PUBKEY_new
WOLFSSL_API WOLFSSL_X509_PUBKEY * wolfSSL_X509_PUBKEY_new(void)
Definition: ssl.c:25029
wolfSSL_get_cipher_list
WOLFSSL_API char * wolfSSL_get_cipher_list(int priority)
Get the name of cipher at priority level passed in.
Definition: ssl.c:821
wolfSSL_GetClientWriteIV
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteIV(WOLFSSL *)
Allows retrieval of the client write IV (initialization vector) from the handshake process...
Definition: ssl.c:3388
curve25519_key
Definition: curve25519.h:70
wolfSSL_get_cipher_list_ex
WOLFSSL_API char * wolfSSL_get_cipher_list_ex(WOLFSSL *ssl, int priority)
Definition: ssl.c:836
wolfSSL_dtls_set_export
WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL *ssl, wc_dtls_export func)
The wolfSSL_dtls_set_export() function is used to set the callback function for exporting a session...
Definition: ssl.c:225
wolfSSL_CTX_use_RSAPrivateKey_file
WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX *, const char *, int)
This function loads the private RSA key used in the SSL connection into the SSL context (WOLFSSL_CTX)...
Definition: ssl.c:9797
wolfSSL_ASN1_TYPE_free
WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE *at)
Definition: ssl.c:25003
wolfSSL_want_write
WOLFSSL_API int wolfSSL_want_write(WOLFSSL *)
This function is similar to calling wolfSSL_get_error() and getting SSL_ERROR_WANT_WRITE in return...
Definition: ssl.c:3111
wolfSSL_CTX_SetEccSignCb
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX *, CallbackEccSign)
Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for succes...
Definition: ssl.c:35757
wolfSSL_CTX_UseSessionTicket
WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX *ctx)
This function sets wolfSSL context to use a session ticket.
Definition: ssl.c:2818
WOLFSSL_DSA
Definition: dsa.h:46
WOLFSSL_X509_PUBKEY
Definition: ssl.h:386
wolfSSL_IsTLSv1_1
WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL *)
Allows caller to determine if the negotiated protocol version is at least TLS version 1...
Definition: ssl.c:3477
WOLFSSL_ASN1_OBJECT::d
Definition: ssl.h:283
wolfSSL_get_peer_chain
WOLFSSL_API WOLFSSL_X509_CHAIN * wolfSSL_get_peer_chain(WOLFSSL *ssl)
Retrieves the peer’s certificate chain.
Definition: ssl.c:35542
wolfSSL_UseALPN
WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL *ssl, char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options)
Setup ALPN use for a wolfSSL session.
WOLFSSL
Definition: internal.h:3849
wolfSSL_get_options
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s)
This function returns the current options mask.
Definition: ssl.c:24643
wolfSSL_CTX_set_TicketHint
WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX *ctx, int)
This function sets the session ticket hint relayed to the client. For server side use...
Definition: ssl.c:2785
wolfSSL_CTX_clear_options
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX *, long)
This function resets option bits of WOLFSSL_CTX object.
Definition: ssl.c:14585
WOLFSSL_BIO_METHOD
Definition: ssl.h:444
wolfSSL_SetOCSP_OverrideURL
WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL *, const char *)
This function sets the ocspOverrideURL member in the WOLFSSL_CERT_MANAGER structure.
Definition: ssl.c:6374
wolfSSL_session_reused
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL *)
This function returns the resuming member of the options struct. The flag indicates whether or not to...
Definition: ssl.c:19137
wolfSSL_CTX_SetTmpDH_file
WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX *, const char *f, int format)
The function calls wolfSSL_SetTmpDH_file_wrapper to set the server Diffie-Hellman parameters...
Definition: ssl.c:7233
wolfSSL_is_static_memory
WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL *ssl, WOLFSSL_MEM_CONN_STATS *mem_stats)
wolfSSL_is_static_memory is used to gather information about a SSL’s static memory usage...
Definition: ssl.c:1576
wolfSSL_use_psk_identity_hint
WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL *, const char *)
This function stores the hint argument in the server_hint member of the Arrays structure within the W...
Definition: ssl.c:13557
WOLFSSL_HMAC_CTX
Definition: hmac.h:53
wolfSSL_CTX_use_certificate_chain_file
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file)
This function loads a chain of certificates into the SSL context (WOLFSSL_CTX). The file containing t...
Definition: ssl.c:7132
wolfSSL_SetMaxDhKey_Sz
WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL *, word16)
Sets the maximum size for a Diffie-Hellman key in the WOLFSSL structure in bytes. ...
Definition: ssl.c:1912
wolfSSL_CTX_memsave_cert_cache
WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX *, void *, int, int *)
This function persists the certificate cache to memory.
Definition: ssl.c:10013
wolfSSL_i2d_PKCS12_bio
WOLFSSL_API WC_PKCS12 * wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
wolfSSL_i2d_PKCS12_bio (i2d_PKCS12_bio) copies in the cert information from the structure WC_PKCS12 t...
Definition: ssl.c:21954
wolfSSL_CTX_use_PrivateKey_file
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX *, const char *, int)
This function loads a private key file into the SSL context (WOLFSSL_CTX). The file is provided by th...
Definition: ssl.c:7071
WOLFSSL_ASN1_INTEGER
Definition: asn_public.h:213